Fresh installation support (Joplin server / Portainer / Docker)

Hi,

I've tried to explain my installation.

I want to try Joplin and Joplin Server to replace my Evernote usage since more than 10y... (when Ever was a startup !).

My physical installation is :

  • a "server" with lot of VM ; one on Debian10 + Docker + Portainer including yml for db/joplin server
  • a NAS where a /Notes is share with a "joplin" user. The aim of this storage is to have a reliable directory where DB & notes are stored (synchronized with an another NAS outside and an encrypted harddrive in parallel).

So, i've installed my VM based on Debian10 ; in proxmox.
Please note that i have a separated VM apache where all my vhost are configured (see after).

Just for the directory mount on the VM, my fstab is:

//NASIP/Notes /mnt/QNAP cifs user=joplin,pass=password,dir_mode=0755,file_mode=0755,uid=1000,gid=1000  0 0

After docker installation, portainer is launched.
I added a stack:

version: '2'

services:
    db:
        image: postgres:13
        volumes:
            - /mnt/QNAP:/var/lib/postgresql/data
        ports:
            - "5432:5432"
        restart: unless-stopped
        environment:
            - POSTGRES_PASSWORD=db_password_stupid
            - POSTGRES_USER=db_admin
            - POSTGRES_DB=db_joplin
    app:
        image: joplin/server:latest
        depends_on:
            - db
        ports:
            - "22300:22300"
        restart: unless-stopped
        environment:
            - APP_PORT=22300
            - APP_BASE_URL=http://192.168.2.81:22300
            - DB_CLIENT=pg
            - POSTGRES_PASSWORD=db_password_stupid
            - POSTGRES_DATABASE=db_joplin
            - POSTGRES_USER=db_admin
            - POSTGRES_PORT=5432
            - POSTGRES_HOST=db

After, i've access in my local network to
http://192.168.2.81:22300/login
Seems to be good :smiley: ... No.

In the log for postgre db:

The files belonging to this database system will be owned by user "postgres".,
This user must also own the server process.,
,
The database cluster will be initialized with locale "en_US.utf8".,
The default database encoding has accordingly been set to "UTF8".,
The default text search configuration will be set to "english".,
,
Data page checksums are disabled.,
,
fixing permissions on existing directory /var/lib/postgresql/data ... ok,
creating subdirectories ... ok,
selecting dynamic shared memory implementation ... posix,
selecting default max_connections ... 100,
selecting default shared_buffers ... 128MB,
selecting default time zone ... Etc/UTC,
creating configuration files ... ok,
running bootstrap script ... ok,
performing post-bootstrap initialization ... ok,
syncing data to disk ... ok,
,
initdb: warning: enabling "trust" authentication for local connections,
You can change this by editing pg_hba.conf or using the option -A, or,
--auth-local and --auth-host, the next time you run initdb.,
,
Success. You can now start the database server using:,
,
    pg_ctl -D /var/lib/postgresql/data -l logfile start,
,
waiting for server to start....2022-05-08 16:44:13.175 UTC [48] LOG:  starting PostgreSQL 13.6 (Debian 13.6-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit,
2022-05-08 16:44:13.179 UTC [48] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432",
2022-05-08 16:44:13.191 UTC [49] LOG:  database system was shut down at 2022-05-08 16:44:12 UTC,
2022-05-08 16:44:13.197 UTC [48] LOG:  database system is ready to accept connections,
 done,
server started,
CREATE DATABASE,
,
,
/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*,
,
2022-05-08 16:44:13.621 UTC [48] LOG:  received fast shutdown request,
waiting for server to shut down....2022-05-08 16:44:13.625 UTC [48] LOG:  aborting any active transactions,
2022-05-08 16:44:13.627 UTC [48] LOG:  background worker "logical replication launcher" (PID 55) exited with exit code 1,
2022-05-08 16:44:13.629 UTC [50] LOG:  shutting down,
2022-05-08 16:44:13.651 UTC [48] LOG:  database system is shut down,
 done,
server stopped,
,
PostgreSQL init process complete; ready for start up.,
,
2022-05-08 16:44:13.746 UTC [1] LOG:  starting PostgreSQL 13.6 (Debian 13.6-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit,
2022-05-08 16:44:13.746 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432,
2022-05-08 16:44:13.746 UTC [1] LOG:  listening on IPv6 address "::", port 5432,
2022-05-08 16:44:13.752 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432",
2022-05-08 16:44:13.764 UTC [62] LOG:  database system was shut down at 2022-05-08 16:44:13 UTC,
2022-05-08 16:44:13.772 UTC [1] LOG:  database system is ready to accept connections,
2022-05-08 16:44:18.070 UTC [69] ERROR:  relation "knex_migrations" does not exist at character 20,
2022-05-08 16:44:18.070 UTC [69] STATEMENT:  select "name" from "knex_migrations" order by "id" desc limit $1,

Is it normal to see ????

2022-05-08 16:44:13.772 UTC [1] LOG:  database system is ready to accept connections,
2022-05-08 16:44:18.070 UTC [69] ERROR:  relation "knex_migrations" does not exist at character 20,
2022-05-08 16:44:18.070 UTC [69] STATEMENT:  select "name" from "knex_migrations" order by "id" desc limit $1,

Maybe, i'm not sure, but i can't access with my sudo user on the VM to /mnt/QNAP where are stored the DB. Docker user is 998 (guid) ; my user is 1000 (gid). Is it okay ?

On my NAS, i don't see the files in the mounted directory (mount is okay without error)...

Another problem, maybe due to i'm not an expert on vhost.
My router maps the 22300 to 22300 / IP - VM (where joplin server & db).
I'm not sure if i do correctly.

I want to expose only SSL/HTTPS on the web to access & sync outside my notes.

My conf is not working. I have an error message (i've tried https, http etc)

2022-05-08 17:06:22: [error] App: 404: GET /login: ::ffff:IPIP: Invalid origin: https://subdomain.domain.ovh:22300

joplin-ssl.conf (with a2ensite ; reload):

<IfModule mod_ssl.c>
<VirtualHost *:443>

       ProxyPreserveHost On
       ServerName subdom.dom.ovh

       ProxyRequests     Off
       ProxyPreserveHost On
       ProxyPass  / http://192.168.2.81:22300/ keepalive=On retry=5
       ProxyPassReverse / http://192.168.2.81:22300/

       ErrorLog /var/log/apache2/joplin_error.log
       CustomLog /var/log/apache2/joplin_access.log combined

       Include /etc/letsencrypt/options-ssl-apache.conf
       RewriteEngine on
       SSLEngine on

<IfModule mod_headers.c>
        <FilesMatch "\.(css|js|png|jpeg|jpg|ttf|woff)$">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
        <FilesMatch ".*(getResources.php)">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
        <FilesMatch ".*(getJS.php)">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
</IfModule>

              SSLCertificateFile /etc/letsencrypt/live/subdom.dom.ovh-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdom.dom.ovh-0001/privkey.pem
</VirtualHost>
</IfModule>

Last questions, how i can add:

  • a 2nd authentification factor like authenticator ?
  • an email server configuration (to send email) ?
  • is it possible to send email directly to joplin (like evernote) ?

Thanks for your help :slight_smile: !!!!!

I don't know what could cause the problems, but if you don't see the files on the NAS, try to create the whole database within a local folder first to see if everything works. If so, then the cifs mount is somehow related to the problem and we have to investigate further.


The APP_BASE_URL in the stack has to be the one used to access the system from the outside, so in your case just https://subdom.dom.ovh.


Currently not supported.

See this thread: Jopling Server 2.7.4 - Email Configuration

No, it is not supported.

1 Like

Hi, I succeded with a combination of :

And it works :slight_smile:

But ok, it a bit "tiré par les cheveux" as we say in French

Good luck

Bruno

2 Likes

Thanks to all, i will try this week to change some points and update my configuration.
Keep U in touch.

I've tried to setup my env file with your recommandations and a fresh installation.

When i'm writing:

            - APP_PORT=22300
            - APP_BASE_URL=https://sub.domain.ovh

And if i'm trying to connect on my local network:

  • on the http://192.168.2.81:22300 (which is the local IP) i've on navigator:
    Invalid origin: http://192.168.2.81:22300

  • when i'm writing https:// or http://sub.domain.ovh (same as env file)
    i will be sent on my router page. Same thing if i'm outside my local network.

Maybe i'll do something wrong.

My conf apache ssl file is given on the first topic (with http://192.168.2.81:22300).
My router has 22300 port routing from outside to the joplin ip.

What is not corrected ?

I will try email when i can connect to joplin server :D.
I have done a fresh installation WITHOUT nas connection for files (cifs). I will mounted after.

Please take a look at my guide for setting up Joplin Server. It is for arm, but the general things will work for you, too.

You can't connect from your local network and the internet at the same time, because then the URL doesn't match with the set Base URL in the config in one of the cases (exect you set up a local DNS, but that's an other topic).

In your Router you have to forward Port 80 and/or 443. You connect over regular http(s) to your server, which internally routes the traffic to port 22300.

Yes, i follow it expect apache part.
Do i need to install apache on my Joplin server ? even if i have a dedicated apache server on a VM ?

As i explained before, i have set only an ssl https conf file on my dedicated apache joplin but i have replaced only the pass/passreserve part ; due to sub.dom.ovh instead of domain.ovh/sub on your:

ProxyPreserveHost On
ProxyPass "/joplin" http://localhost:22300
ProxyPassReverse "/joplin" http://localhost:22300
....

Mine:


<IfModule mod_ssl.c>
<VirtualHost *:443>

       ProxyPreserveHost On
       ServerName joplin.xxxxxx.ovh

       ProxyRequests     Off
       ProxyPreserveHost On
       ProxyPass  / http://192.168.2.81:22300/ keepalive=On retry=5
       ProxyPassReverse / http://192.168.2.81:22300/

       ErrorLog /var/log/apache2/joplin_error.log
       CustomLog /var/log/apache2/joplin_access.log combined

       Include /etc/letsencrypt/options-ssl-apache.conf
       RewriteEngine on
       SSLEngine on

<IfModule mod_headers.c>
        <FilesMatch "\.(css|js|png|jpeg|jpg|ttf|woff)$">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
        <FilesMatch ".*(getResources.php)">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
        <FilesMatch ".*(getJS.php)">
                Header set Cache-Control "max-age=7200"
        </FilesMatch>
</IfModule>

              SSLCertificateFile /etc/letsencrypt/live/sub.XXXXX.ovh-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sub.XXXXXX.ovh-0001/privkey.pem
</VirtualHost>
</IfModule>

Anytime, i just want to thank you for your time.
On my router, 80 and 443 are redirected since few years on my apache VM.

Okay, I have a little trouble following you...

You have port 80 and 443 forwarded to the Apache VM, but get to the router page if you connect to your domain?! Then there's a mistake at the router, as at least something apache related should show up...like a 404 or a 500 error if the ReverseProxy config isn't quite right...

No. But then the machine with Joplin Server must have port 22300 open to the local network.

Yes, 80 & 443 are redirected to APACHE VM (2.96)

All my redirections working correctly as:
qnap.dom.ovh => ip of my nas and http connexion page
router.dom.ovh => ip of my router and http connexion page
jeedom.dom.ovh => ip of my domotic portal and http connexion page
etc.

But yes, if I tried to redirect only a port to a subdomain as joplin, it is not working.

Just to be sure, your ServerName matches with your APP_BASE_URL (just with https:// in front of it), right?
Any errors in the apache logs? Can you confirm with the access logs if the connection gets through to the Apache VM and is routed from there to the router, or if the request hangs at the router?

Hi,
On stack:

            - APP_BASE_URL=https://joplin.DOMAIN.ovh

On apache conf (SSL one) (without https right ?)
2.81 is the IP of the VM where docker is working with 22300 port routing (in the env ports: - "22300:22300". My conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>

       ProxyPreserveHost On
       ServerName joplin.DOMAIN.ovh

       ProxyRequests     Off
       ProxyPreserveHost On
       ProxyPass  / http://192.168.2.81:22300 keepalive=On retry=5
       ProxyPassReverse / http://192.168.2.81:22300

After this I don't have ideas anymore...the configs look ok, if your router really forwards correctly and the vm with joplin cloud has port 22300 opened to the network, I don't see the problem

I've found !
I have modified:
SSL conf with http://localip:22300/ both lines (proxypass & reverse).
And now i can access outside and inside to https://subdom.dom.ovh

Last point. If i want to change email on admin account, i received an error email because system want to send email to admin@localhost. Bullshit...
Do I need to create another account and keeping admin with this email ?

You can view all sent emails under the Admin tab to the right of the Logs tab...there you are also able to change the admin (or every other) email without confirmation mail.