Etherpad is an open-source online editor providing collaborative editing in real-time in the browser. It is written in Node.js and can be self-hosted to work with various platforms like WordPress, Drupal, Odoo, Discourse, Joomla, etc.
In this tutorial, we will install Etherpad on a Rocky Linux 8 server, using the MariaDB database to store our data. We will also use Nginx as a reverse proxy for the application and install an SSL certificate using Let's Encrypt to enable HTTPS connections to our Etherpad instance.
Prerequisites
-
A system running Rocky Linux 8.
-
A non-root user with sudo privileges.
-
A domain name pointed to the server.
-
Nodejs installed. Follow our guide on installing Nodejs on Rocky Linux 8 server. Use any of the two methods specified.
-
Make sure everything is updated.
$ sudo dnf update
Step 1 - Configure Firewall
Rocky Linux uses Firewalld Firewall. Check the firewall's status.
$ sudo firewall-cmd --state running
This indicates it is up and running successfully.
The firewall works with different zones and the public zone is the default one, which we will use. List all the services and ports active on the firewall.
$ sudo firewall-cmd --permanent --list-services
It should show the following output.
cockpit dhcpv6-client ssh
Allow HTTP and HTTPS ports.
$ sudo firewall-cmd --permanent --add-service=http $ sudo firewall-cmd --permanent --add-service=https
Open the 9001 port used by the Etherpad application.
$ sudo firewall-cmd --permanent --add-port=9001/tcp
Recheck the status of the firewall.
$ sudo firewall-cmd --permanent --list-services
You should see a similar output.
cockpit dhcpv6-client http https ssh
Reload the firewall to enable the changes.
$ sudo firewall-cmd --reload
Step 2 - Install Git
Before installing Etherpad, we need to install Git. Run the following command to install Git.
$ sudo dnf install git
Verify the installation.
$ git --version git version 2.27.0
Add initial configuration.
$ git config --global user.name "YourName" $ git config --global user.email "name@example.com"
List the configuration you just set.
$ git config --list user.name=YourName user.email=name@example.com
Step 3 - Install MariaDB
Since we will use the MariaDB database to store Etherpad's data, we need to install and configure it first.
Rocky Linux AppStream repository comes with MariaDB. To list all the available versions of MariaDB installed, run the following command.
$ sudo dnf module list mariadb Last metadata expiration check: 1:15:26 ago on Thu 21 Oct 2021 10:20:01 AM UTC. Rocky Linux 8 - AppStream Name Stream Profiles Summary mariadb 10.3 [d] client, galera, server [d] MariaDB Module mariadb 10.5 client, galera, server [d] MariaDB Module Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
The default version is set to 10.3. You can however install the latest version using the following command.
$ sudo dnf module enable mariadb:10.5
Install MariaDB.
$ sudo dnf install mariadb-server
Enable and Start the MariaDB service.
$ sudo systemctl enable mariadb --now
Check the status of the service.
$ sudo systemctl status mariadb
Secure the MariaDB server.
$ sudo mysql_secure_installation
You will face various prompts. Answer them as follows.
Enter current password for root (enter for none): Press Enter Switch to unix_socket authentication [Y/n] Type y Change the root password? [Y/n] Type n Remove anonymous users? [Y/n] Type y Disallow root login remotely? [Y/n] Type y Remove test database and access to it? [Y/n] Type y Reload privilege tables now? [Y/n] Type y
You can now connect to the MariaDB server using the following command.
$ sudo mysql
Step 4 - Configure MariaDB
Login to the MariaDB shell.
$ sudo mysql
Create a new database for Etherpad.
$ create database `etherpad_lite_db`;
Create a new database user.
$ CREATE USER 'etherpaduser'@'localhost' identified by 'password';
Use a strong password.
Grant permissions on the database to the user.
$ grant CREATE,ALTER,SELECT,INSERT,UPDATE,DELETE on `etherpad_lite_db`.* to '<etherpaduser>'@'localhost';
Exit the MySQL shell.
$ exit
Step 5 - Download and Install Etherpad
To install Etherpad, we will download its source code and build it.
The first step is to create a new etherpad user using the following command.
$ sudo adduser --system --home /opt/etherpad --create-home --user-group etherpad
This command creates a --system user, which means it can't log in and has no password. We also give it a home directory /opt/etherpad which is where we'll download Etherpad. The --create-home flag creates the home directory with the correct permissions. The --user-group flag creates a group with the same name as the username.
Switch to the etherpad user to download and install the application.
$ sudo -u etherpad bash
Switch to the /opt/etherpad directory.
[etherpad@etherpad user] cd /opt/etherpad
Clone the Etherpad repository into the /opt/etherpad directory.
[etherpad@etherpad ~]$ git clone --branch master git://github.com/ether/etherpad-lite.git
Switch to the newly downloaded directory.
[etherpad@etherpad ~]$ cd etherpad-lite
Run the Etherpad's run.sh script to set up and install dependencies.
[etherpad@etherpad etherpad-lite]$ src/bin/run.sh
You can launch the URL http://YOURSERVERIP:9001 in the browser to launch Etherpad. You will get the following screen.
There is an issue with the above installation. It requires you to keep the current shell open with Node running in the foreground. To make it a persistent installation, we need to run Etherpad as a service. Press Ctrl + C on your terminal to stop Etherpad from running.
Step 6 - Configure Etherpad
Before proceeding ahead, we need to set some settings and configure our installation according to our needs. Etherpad stores its settings in the settings.json file in the installation directory.
Open the file for editing.
[etherpad@etherpad etherpad-lite]$ nano settings.json
The settings file is formatted as JSON. The first thing you need to configure is the database settings.
Find the following code and comment it out by putting // in front of it.
// "dbType": "dirty",
// "dbSettings": {
// "filename": "var/dirty.db"
// },
Then, find the following code and change its values as follows. Make sure to remove /* and */ at the beginning and the end.
"dbType" : "mysql",
"dbSettings" : {
"user": "etherpaduser",
"host": "localhost",
"port": 3306,
"password": "password",
"database": "etherpad_lite_db",
"charset": "utf8mb4"
},
Finally, scroll down a little to find the trustProxy setting and change its value from false to true.
"trustProxy": true,
This setting is needed to make Etherpad work along with Nginx.
Save the file by pressing Ctrl + X and entering Y when prompted once finished.
Exit the Etherpad user shell.
[etherpad@etherpad etherpad-lite]$ exit
Step 7 - Create Etherpad Service
To start Etherpad on boot and to manage the process using systemctl, we need to create a service file.
Create and open the service file.
$ sudo nano /etc/systemd/system/etherpad.service
Paste the following code in it.
[Unit] Description=Etherpad, a collaborative web editor. After=syslog.target network.target [Service] Type=simple User=etherpad Group=etherpad WorkingDirectory=/opt/etherpad Environment=NODE_ENV=production ExecStart=/usr/bin/node --experimental-worker /opt/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js Restart=always [Install] WantedBy=multi-user.target
Save the file by pressing Ctrl + X and entering Y when prompted once finished.
Reload the service daemon to pull in the new configuration.
$ sudo systemctl daemon-reload
Enable Start the Etherpad service.
$ sudo systemctl enable etherpad --now
Check the status of the service.
$ sudo systemctl status etherpad
? etherpad.service - Etherpad, a collaborative web editor.
Loaded: loaded (/etc/systemd/system/etherpad.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-10-21 15:06:53 UTC; 6s ago
Main PID: 47228 (node)
Tasks: 13 (limit: 11411)
Memory: 102.8M
CGroup: /system.slice/etherpad.service
??47228 /usr/bin/node --experimental-worker /opt/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
.......
Step 8 - Install SSL using Let's Encrypt
To install an SSL certificate using Let's Encrypt, we need to install the Certbot tool.
Firstly, you need to download and install the EPEL repository.
$ sudo dnf install epel-release
Run the following commands to install Certbot.
$ sudo dnf install certbot
Generate the SSL certificate.
$ sudo certbot certonly --standalone --agree-tos --preferred-challenges http -m name@example.com -d example.com
The above command will download a certificate to the /etc/letsencrypt/live/etherpad.example.com directory on your server.
Generate a Diffie-Hellman group certificate.
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Create a challenge webroot directory for Let's Encrypt auto-renewal.
$ sudo mkdir -p /var/lib/letsencrypt
Create a Cron Job to renew the SSL. It will run every day to check the certificate and renew if needed. For that, first, create the file /etc/cron.daily/certbot-renew and open it for editing.
$ sudo nano /etc/cron.daily/certbot-renew
Paste the following code.
#!/bin/sh certbot renew --cert-name etherpad.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
Save the file by pressing Ctrl + X and entering Y when prompted.
Change the permissions on the task file to make it executable.
$ sudo chmod +x /etc/cron.daily/certbot-renew
Step 9 - Install and Configure Nginx
Rocky Linux ships with an older version of Nginx. To install the latest version, you need to add the Nginx repository.
Create and open the file /etc/yum.repos.d/nginx.repo for editing.
$ sudo nano /etc/yum.repos.d/nginx.repo
Paste the following code in it.
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
Save the file by pressing Ctrl + X and entering Y when prompted once finished.
Install Nginx.
$ sudo dnf install nginx
Enable the Nginx service.
$ sudo systemctl enable nginx
Next, create and open the /etc/nginx/conf.d/etherpad.conf for editing.
$ sudo nano /etc/nginx/conf.d/etherpad.conf
Paste the following code in it.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name etherpad.example.com;
access_log /var/log/nginx/etherpad.access.log;
error_log /var/log/nginx/etherpad.error.log;
ssl_certificate /etc/letsencrypt/live/etherpad.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/etherpad.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/etherpad.example.com/chain.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
rewrite ^/$ / break;
rewrite ^/locales/(.*) /locales/$1 break;
rewrite ^/locales.json /locales.json break;
rewrite ^/admin(.*) /admin/$1 break;
rewrite ^/p/(.*) /p/$1 break;
rewrite ^/static/(.*) /static/$1 break;
rewrite ^/pluginfw/(.*) /pluginfw/$1 break;
rewrite ^/javascripts/(.*) /javascripts/$1 break;
rewrite ^/socket.io/(.*) /socket.io/$1 break;
rewrite ^/ep/(.*) /ep/$1 break;
rewrite ^/minified/(.*) /minified/$1 break;
rewrite ^/api/(.*) /api/$1 break;
rewrite ^/ro/(.*) /ro/$1 break;
rewrite ^/error/(.*) /error/$1 break;
rewrite ^/jserror(.*) /jserror$1 break;
rewrite ^/redirect(.*) /redirect$1 break;
rewrite /favicon.ico /favicon.ico break;
rewrite /robots.txt /robots.txt break;
rewrite /(.*) /p/$1;
proxy_pass http://127.0.0.1:9001;
proxy_buffering off;
proxy_set_header Host $host;
proxy_pass_header Server;
# proxy headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
# websocket proxying
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
# we're in the http context here
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# enforce HTTPS
server {
listen 80;
listen [::]:80;
server_name etherpad.example.com;
return 301 https://$host$request_uri;
}
Save the file by pressing Ctrl + X and entering Y when prompted once finished.
Verify the Nginx configuration file syntax.
$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
If you get the following error, you will need to edit the file /etc/nginx/nginx.conf to add/adjust the size of the variable server_names_hash_bucket_size.
nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size
Open the file /etc/nginx/nginx.conf for editing.
$ sudo nano /etc/nginx/nginx.conf
Add the following line before the line include /etc/nginx/conf.d/*.conf;.
server_names_hash_bucket_size 64;
Save the file by pressing Ctrl + X and entering Y when prompted. Validate Nginx again.
Finally, start the Nginx service to enable the new configuration.
$ sudo systemctl start nginx
Launch the URL https://etherpad.example.com in your browser and Etherpad home will open. You can now use it to edit documents and invite collaborators.
Updating Etherpad
Updating Etherpad is easy. The first step is to switch to the Etherpad user shell.
$ sudo -u etherpad bash
Switch to the /opt/etherpad/etherpad-lite directory.
[etherpad@etherpad user] cd /opt/etherpad/etherpad-lite
Pull the latest Etherpad repository into the /opt/etherpad/etherpad-lite directory.
[etherpad@etherpad ~]$ git pull origin
Run the Etherpad's run.sh script to set up the latest version of Etherpad.
[etherpad@etherpad etherpad-lite]$ src/bin/run.sh
Conclusion
In this tutorial, we set up Etherpad Collaborative Editor with Nginx server and secured using Let's Encrypt SSL certificates. Your Etherpad installation is ready to use which you can extend with more features including authenticated users, plugins and user interface customizations.
If you have any questions, post them in the comments below.