Does anyone know how to configure hedgedoc?

peterlustig · September 26, 2023, 3:08pm

Hello, I am trying to enable hedgedoc for my server, but I am getting an error after rebuilding and looking at the logs via journalctl -u hedgedoc.service. It looks like this:

Sep 24 19:35:13 server systemd[1]: /etc/systemd/system/hedgedoc.service:18: StateDirectory= path is absolute, ignoring: /var/lib/hedgedoc
Sep 24 19:35:13 server systemd[1]: /etc/systemd/system/hedgedoc.service:19: StateDirectory= path is absolute, ignoring: /var/lib/hedgedoc/uploads
Sep 24 19:35:14 server systemd[1]: Starting HedgeDoc Service...
Sep 24 19:35:14 server systemd[1]: Started HedgeDoc Service.
Sep 24 19:35:14 server hedgedoc[767854]: 2023-09-24T17:35:14.917Z warn:         Overriding protocolUseSSL to 'true' as useSSL is enabled.
Sep 24 19:35:14 server hedgedoc[767854]: 2023-09-24T17:35:14.920Z warn:         Session secret not set. Using random generated one. Please set `sessionSecret`>
Sep 24 19:35:15 server hedgedoc[767854]: 2023-09-24T17:35:15.236Z error:         uncaughtException: EISDIR: illegal operation on a directory, read
Sep 24 19:35:15 server hedgedoc[767854]: Error: EISDIR: illegal operation on a directory, read
Sep 24 19:35:15 server hedgedoc[767854]:     at Object.readSync (node:fs:751:3)
Sep 24 19:35:15 server hedgedoc[767854]:     at tryReadSync (node:fs:451:20)
Sep 24 19:35:15 server hedgedoc[767854]:     at Object.readFileSync (node:fs:497:19)
Sep 24 19:35:15 server hedgedoc[767854]:     at Object.<anonymous> (/nix/store/5rlm0m4vwk9g06jm2b7lwwqx3jf8q1zj-hedgedoc-1.9.9/app.js:47:13)
Sep 24 19:35:15 server hedgedoc[767854]:     at Module._compile (node:internal/modules/cjs/loader:1256:14)
Sep 24 19:35:15 server hedgedoc[767854]:     at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
Sep 24 19:35:15 server hedgedoc[767854]:     at Module.load (node:internal/modules/cjs/loader:1119:32)
Sep 24 19:35:15 server hedgedoc[767854]:     at Module._load (node:internal/modules/cjs/loader:960:12)
Sep 24 19:35:15 server hedgedoc[767854]:     at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
Sep 24 19:35:15 server hedgedoc[767854]:     at node:internal/main/run_main_module:23

And this is my nix configuration for the service:

hedgedoc = {
      enable = true;
      settings = {
        port = 3300;
        domain = "cloud.peter.com";
        useSSL = true;
        db = {
          dialect = "postgres";
          host = "/run/postgresql";
          database = "hedgedoc";
        };
      };
    };
    postgresql = {
      enable = true;
      package = pkgs.postgresql_15;
      ensureDatabases = [ "hedgedoc" ];

I already talked to one of the core maintainers of hedgedoc in the matrix chat, and now I quote what he mentions the issue most likely is:

As far as I understand you have some directory in the HedgeDoc folder structure that has the same name as a file HedgeDoc tries to read. Not sure what exactly as that seems to not be specified (at least I don’t see it)

I think you configured a folder instead of a file path for some ssl variable. HedgeDoc assumes you specify a file and then the node.js process throws an error.

Unfortunately he does not know much about nix, so he is not able to help me adjust my current configuration to make it work.
Does anyone have an idea how I can modify my existing nix code to make this thing work out?

I already searched on google how to setup hedgedoc properly with Nix, but nothing can be found there unfortunately. I also went through others configurations on GitHub, but many people have something very similar if not the same as mine.

Thank you very much in advance.

badcold · September 26, 2023, 4:04pm

I’ve (somehow) managed to configure it, mostly by following the official manual. I don’t remember the details

I don’t have the same hash as you but line 47 of app.js for the 1.9.9 seems to be looking for config.sslCertPath. I suspect without ssl it would work for you.

I recall some struggle with ssl. This is how my configuration looks like now:

nginx = {
      enable = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;

      virtualHosts."hedgedoc.redacted.com" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:3333";
        locations."/socket.io/" = {
          proxyPass = "http://localhost:3333";
          proxyWebsockets = true;
          extraConfig = 
            "proxy_ssl_server_name on;"
            ;
        };
      };
     };

    hedgedoc = {
      enable = true;
      settings = {
        db = {
          dialect = "sqlite";
          storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
        };
        domain = "hedgedoc.redacted.com";
        port = 3333;
        useSSL = false;
        protocolUseSSL = true;
      };
    };

peterlustig · September 26, 2023, 6:22pm

Hey, thank you. That really helped me

Could you explain to me in an easy way why we need that proxy_ssl_server_name on?

badcold · September 27, 2023, 6:53pm

You’re welcome. Unfortunately I don’t recall much and it’s very unlikely that I fully understood what I was doing back then .

I’m not finding any mention of proxy_ssl_server_name on in the example config (Reverse Proxy - HedgeDoc) so maybe it is not needed… What happens if you don’t include it?

I have other virtualHosts also using ssl in my nginx configuration, maybe that’s why I had this. I can’t try without the extraConfig at this moment but I will next time I make changes to my server.

Sandro · September 27, 2023, 8:04pm

This is only required if the backend server uses TLS with SNI.