Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to self-host padloc 3

I couldn't wait until the official guide on how to do this is released, so I tried to figure it out and this is how I got it working.

The .env file for docker-compose

PL_SUPPORT_EMAIL=support@example.com
PL_SERVER_PORT=3000
PL_SERVER_URL=https://example.com/api
PL_PWA_PORT=8080
PL_PWA_URL=https://example.com
PL_EMAIL_USER=mail@example.com
PL_EMAIL_SERVER=mail.example.com
PL_EMAIL_PORT=587
PL_EMAIL_PASSWORD=strong-password
PL_DB_PATH=/data
PL_REPORT=true
PL_BILLING_ENABLED=false
PL_BILLING_DISABLE_PAYMENT=true
PL_BILLING_STRIPE_PUBLIC_KEY=

The docker-compose.yml

version: "3.7"
services:
    server:
        build:
            context: .
            dockerfile: Dockerfile-server
        environment:
            - PL_PWA_URL
            - PL_EMAIL_USER
            - PL_EMAIL_SERVER
            - PL_EMAIL_PORT
            - PL_EMAIL_PASSWORD
            - PL_EMAIL_FROM
            - PL_REPORT_ERRORS
            - PL_BILLING_ENABLED
            - PL_BILLING_STRIPE_SECRET
            - PL_BILLING_STRIPE_PUBLIC_KEY
            - PL_MFA
            - PL_REPL_PORT
        ports:
            - "${PL_SERVER_PORT:-3000}:3000"
            - "${PL_BILLING_PORT:-4000}:4000"
        volumes:
            - db-vol-1:/data
            - docs-vol-1:/docs
            - logs-vol-1:/logs
        networks:
          internal:
            aliases:
              - server
    pwa:
        build:
            context: .
            dockerfile: Dockerfile-pwa
        environment:
            - PL_SUPPORT_EMAIL
            - PL_SERVER_URL
            - PL_PWA_URL
            - PL_BILLING_ENABLED
            - PL_BILLING_STRIPE_PUBLIC_KEY
        ports:
            - "${PL_PWA_PORT:-8080}:8080"
        volumes:
            - pwa-vol-1:/pwa
        networks:
          internal:
            aliases:
              - pwa
        command: ["build_and_start"]

networks:
  internal:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-padloc

volumes:
  logs-vol-1:
  db-vol-1:
  pwa-vol-1:
  docs-vol-1:

Building the client

Before building make the following changes in packages/electron/package.json

diff --git a/packages/electron/package.json b/packages/electron/package.json
index dc374260..37903fae 100644
--- a/packages/electron/package.json
+++ b/packages/electron/package.json
@@ -25,7 +25,6 @@
     "css-loader": "^3.0.0",
     "electron": "^6.0.7",
     "electron-builder": "^21.2.0",
-    "electron-notarize": "^0.2.0",
     "file-loader": "^4.0.0",
     "html-webpack-plugin": "^3.2.0",
     "style-loader": "^0.23.1",
@@ -60,7 +59,6 @@
       "schemes": [
         "padloc"
       ]
-    },
-    "afterSign": "scripts/notarize.js"
+    }
   }
 }

Then execute

PL_SUPPORT_EMAIL=support@example.com \
PL_SERVER_URL=https://example.com/api \
npm run build

The nginx config

upstream padloc-pwa {
    server padloc_pwa_1:8080;
}
upstream padloc-server {
    server padloc_server_1:3000;
}

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443;
	server_name example.com;
	ssl_certificate /etc/nginx/ssl/example.com/cert.pem;
	ssl_certificate_key /etc/nginx/ssl/example.com/key.pem;
	include /etc/nginx/includes/ssl.conf;

	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;
	add_header X-Frame-Options "DENY" always;
	add_header Referrer-Policy "strict-origin" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	server_tokens off;

	include /etc/nginx/includes/gzip.conf;

  location ^~ /api {
      proxy_pass http://padloc-server/;
		  proxy_set_header  Host              $http_host;   # required for docker client's sake
      proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
		  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
		  proxy_set_header  X-Forwarded-Proto $scheme;
		  proxy_read_timeout                  900;
  }

	location / {
      proxy_pass http://padloc-pwa/;
		  proxy_set_header  Host              $http_host;   # required for docker client's sake
		  proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
		  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
		  proxy_set_header  X-Forwarded-Proto $scheme;
		  proxy_read_timeout                  900;
  }

	location ~ /.well-known/acme-challenge/ {
      allow all;
	    root /var/www/html;
	}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.