Cryptpad: Is this a bug or must I configure something?

Hey all who have tried cryptpad on NixOS/with nix!

I tried it out today, and neither the nixos module, the module with the pkg from nixos-unstable, nor a manual start with the default config worked. It showed only a 404 error page, containing the cryptpad logo, so fetching this stuff works.

Disabling most of the security stuff and enabling verbose silly logging does not help and also provides no helpful information:

You can configure the administrator email (adminEmail) in your config/config.js file
FRESH MODE ENABLED

    m     m   mm   mmmmm  mm   m mmmmm  mm   m   mmm    m
    #  #  #   ##   #   "# #"m  #   #    #"m  # m"   "   #
    " #"# #  #  #  #mmmm" # #m #   #    # #m # #   mm   #
     ## ##"  #mm#  #   "m #  # #   #    #  # # #    #
     #   #  #    # #    " #   ## mm#mm  #   ##  "mmm"   #


No 'httpSafeOrigin' provided.
Your configuration probably isn't taking advantage of all of CryptPad's security features!
This is acceptable for development, otherwise your users may be at risk.

Serving sandboxed content via port 3001.
This is probably not what you want for a production instance!

Cryptpad is customizable, see customize.dist/readme.md for details
[2020-09-22T13:44:21.646Z] server available http://[::]:3000
["SILLY","2020-09-22T13:44:21.712Z","HK_LOADING","LOADING HISTORY_KEEPER MODULE"]
["VERBOSE","2020-09-22T13:44:21.713Z","HK_ID","History keeper ID: fea9bfabfd9d9d21"]

Running strace cryptpad, the only possibly interesting lines similar to

accept4(18, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
…
futex(0x7ffda497e438, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=17563, tv_nsec=405242000}, FUTEX_BITSET_MATCH_ANY) = -1 EAGAIN (Resource temporarily unavailable)

Does anyone have a suggestion what could be the problem? I didn’t file a bug report immediately, because according to the relevant issues/prs, cryptpad on NixOS was tested. Am I only missing something out?

https://github.com/NixOS/nixpkgs/pull/89384#issuecomment-644990994

I that can help, there is a working cryptad configuration using NixOS here: jormungand\machines - asmadeus/nixos-config.git - nixos config for my systems

To complete a bit the config is split in these three files:

http://cgit.notk.org/asmadeus/nixos-config.git/tree/machines/jormungand/nginx.nix
http://cgit.notk.org/asmadeus/nixos-config.git/tree/machines/jormungand/cryptpad.nix
http://cgit.notk.org/asmadeus/nixos-config.git/tree/machines/jormungand/cryptpad.config.js

in config.js the most important things are the domain urls.
in nginx.nix I took a shot at adapting the upstream nginx config example, because as you noticed with a simple reverse proxy (or directly accessing the node.js process port) you’d get a 404 on the index for some reason.

Some of the things don’t work with just a reverse proxy because cryptpad isn’t expecting the data to be split like we do (e.g. it’d like to find some stuff in its /nix/store directory as that’s the home for cryptpad…) and using nginx works around these glitches (definitely bugs, but upstream hasn’t been very reactive to github issues I opened last month so I didn’t report that yet)

Anyway, it works with the proper nginx config so it does work, the module could use some helper to generate the nginx vhost configs though…

1 Like