Securing HTTP traffic of your server

Introduction

These instructions will enable you to secure HTTP traffic of your self-hosted infrastructure, using a reverse proxy with Nginx.

Pre-requisites

  • Your self-hosted infrastructure is running on our docker setup
  • You've installed nginx in your server.
  • You've configured a domain name (or subdomain) to point to your server's IP address.

Getting started

Setting up Nginx

  1. Create a new file named standardnotes.conf within /etc/nginx/sites-available:
server {
  listen 80;
  listen [::]:80;
  server_name yourdomain.com;

  access_log /var/log/nginx/standardnotes-access.log;
  error_log /var/log/nginx/standardnotes-error.log;

  client_max_body_size 50M;

  location / {
    proxy_pass http://127.0.0.1:3000;
  }
}

Note Replace yourdomain.com with your actual domain and 3000 with the port you have specified in your docker compose file if you have changed it.

  1. Create a new file named files-standardnotes.conf within /etc/nginx/sites-available:
server {
  listen 80;
  listen [::]:80;
  server_name your-files-domain.com;

  access_log /var/log/nginx/standardnotes-files-access.log;
  error_log /var/log/nginx/standardnotes-files-error.log;

  client_max_body_size 50M;

  location / {
    proxy_pass http://127.0.0.1:3125;
  }
}

Note Replace your-files-domain.com with your actual domain and 3125 with the port you have specified in your docker compose file if you have changed it.

  1. Enable your new sites:
ln -s /etc/nginx/sites-available/standardnotes.conf /etc/nginx/sites-enabled/standardnotes.conf
ln -s /etc/nginx/sites-available/files-standardnotes.conf /etc/nginx/sites-enabled/files-standardnotes.conf
  1. Restart Nginx to apply changes

There may be different ways to restart Nginx. If you installed Nginx from Ubuntu's default repository just type:

$ sudo service nginx restart
  1. Test your Nginx configuration with:
$ nginx -t

You can also check if your sites have been properly added to Nginx configuration:

$ nginx -T
  1. Setting up Certbot for HTTPS configuration

Go to certbot to get and install your HTTPS certificates for both the sites.

Certbot should automatically update your Nginx configuration and create SSL certificates for you.

After completing the above instructions, your Sync server should be HTTPS enabled!

Using your secured server

In the account menu, choose Advanced Options and enter the address of your new server in Sync Server Domain.

Then, register for a new account or log into an existing account and begin using your private new secure Standard Notes server!

Other ways to get help

Browse or post to the forum
Recommended for non-account related issues.
Join the Standard Notes Discord group
Recommended for small talk.
Send an email to [email protected]
Recommended for account related issues.