Skip to main content

Self-hosting with Docker


These instructions make the following assumptions:

  • The machine you will be running the infrastructure on has at least 2GB of memory.
  • You've just finished setting up a Linux server (say, Ubuntu 20.04 64-bit) and have installed Docker and Docker Compose on it.
  • Due to mounted volumes we recommend running the setup as a root user. If you wish to run it as non-root user please remember about the post-installation steps for Linux.
  • You've configured your security groups to allow for incoming SSH connections from your local IP.
  • You've configured your security groups to allow for incoming TCP connections on port 80 and 443 from at least your local IP.
  • You've configured a domain name (or subdomain) to point to your server's IP address.

Getting started#

Note If you are a user with an already existing legacy database of the Syncing Server, we've prepared a Migrating from Legacy guide.

SSH into your server and follow the steps below:

  1. Make sure you are in your home directory and clone the Standard Notes Standalone Infrastructure project:

    $ cd ~
    $ git clone --single-branch --branch main
    $ cd standalone
  2. Initialize default configuration files by typing:

    $ ./ setup
  3. Customize your configuration

    There are 4 environment variables that need to be filled in with generated secret keys:

    • AUTH_JWT_SECRET in the .env file
    • JWT_SECRET, LEGACY_JWT_SECRET and ENCRYPTION_SERVER_KEY in the docker/auth.env file

    You can generate values for them by using:

    $ openssl rand -hex 32

    Note Environment variables cannot be changed with effect to take place while the docker containers are running. To change them, server needs to be restarted.

  4. (Optional) Customize the port

    By default the syncing server will run on port 3000. If it is the case that you have a different service running on that port you can customize the port on which you want to run the infrastructure on. To do that, edit the EXPOSED_PORT variable in the .env file.

  5. Simply run:

    $ ./ start

    This should load all the microservices that the infrastructure consists of.

    Note First run might take a while since there are Docker images to be pulled and built and migrations initializing the database to be run.

  6. Wait for the infrastructure to bootstrap

    It takes a moment for the infrastructure to bootstrap and all the microservices to start. You can observe the process by typing:

    $ ./ logs

    Note You can safely escape from logs with CTRL+C

    Note Microservices depend on each other and because of that they are starting sequentially in our setup. In the logs you will most probably observe that one service is waiting for another to start with lines like: "XYZ is unavailable yet - waiting for it to start" where XYZ is the dependent service name. This is expected.

    Everything should be up and running once you observe that the API Gateway service has started by seeing the following line as one of the last ones in logs:

    api-gateway_1 | {"message":"Server started on port 3000","level":"info"}

    You can also check the state in which all the services are by typing:

    $ ./ status

    All of the services should be in Up state at this stage.

  7. Test your access to the server locally:

    You should be able now to check that the syncing server is running by checking http://localhost:3000/healthcheck:

    $ curl http://localhost:3000/healthcheck

    Note If you changed the EXPOSED_PORT variable you will have to check http://localhost:{EXPOSED_PORT}/healthcheck.

  8. You're done!

Securing Your Server#

In order to start using your new server with the Standard Notes app at you will have to configure an HTTPS reverse proxy.

Unless you already have an HTTP/HTTPS server running that will serve as a reverse proxy to the standalone infrastructure, head over to Securing HTTP traffic of your Sync server.

Using your new server#

In the account menu, choose Advanced Options and enter the address of your new server in Sync Server Domain.

Then, register for a new account or log into an existing account and begin using your private new secure Standard Notes server!

Last updated on