nur Bahnhof

Joplin-Server in a container

I host my own server to synchronize notes I take in joplin with others.

As it does not support OAuth or mTLS I decided to go the security-by-obscurity approach and hide the access inside a random subfolder.

This is what I use in a docker-compose file:

 1    joplin-server:
 2        image: joplin/server:3.4.3@sha256:95b67dc6a4e77a974ac2bcc86818cbbfe5495e7b62d06a66f848a877878dce53
 3        container_name: joplin-server
 4        ports:
 5            - "8111:8111"
 6        volumes:
 7            - /srv/joplin/data:/srv/joplin/data
 8            - /srv/joplin/db:/srv/joplin/db
 9        restart: unless-stopped
10        environment:
11            - APP_PORT=8111
12            - APP_BASE_URL=https://randomdomain.example.com/randomstring
13            - STORAGE_DRIVER=Type=Filesystem; Path=/srv/joplin/data
14            - SQLITE_DATABASE=/srv/joplin/db/db-prod.sqlite
15            - MAILER_ENABLED=1
16            - MAILER_HOST=smtp.xxx
17            - MAILER_PORT=465
18            - MAILER_SECURE=1
19            - MAILER_AUTH_USER=xxx
20            - MAILER_AUTH_PASSWORD=xxx
21            - MAILER_NOREPLY_NAME=Joplin
22            - MAILER_NOREPLY_EMAIL=
23            #- TRANSCRIBE_API_KEY=${TRANSCRIBE_API_KEY}
24            #- TRANSCRIBE_BASE_URL=http://transcribe:4567
25            #- TRANSCRIBE_ENABLED=${TRANSCRIBE_ENABLED}

And as HTTP proxy for TLS I use caddy with this config:

1randomdomain.example.com {
2    handle_path /randomstring {
3        reverse_proxy dockerhost:8111
4    }
5    handle_path /randomstring/* {
6        reverse_proxy dockerhost:8111
7    }
8}

Comments

#selfhosting #container #notes #howto

Reply to this post by email ↪