In today’s collaborative digital landscape, having a reliable and efficient text editor is essential for teams to work seamlessly together. Etherpad, a free and open-source alternative to services like Google Docs and Zoho Writer, is a web-based text editor that allows real-time collaboration and version control. In this guide, we will walk you through the step-by-step process of installing Etherpad on a Debian 12 server, ensuring a secure and optimized setup.

Prerequisites

To successfully install Etherpad on your Debian 12 server, you will need the following:

1. A Debian 12 server with a non-root user that has administrator privileges.
2. A domain name pointed to your server’s IP address.

Installing Dependencies

Before we proceed with the installation of Etherpad, we need to install several dependencies on our Debian 12 server. These dependencies include Node.js, Npm, MariaDB Server, and Nginx. We will also secure Etherpad with UFW (Uncomplicated Firewall) and SSL using Certbot and Let’s Encrypt.

To begin, update and refresh your Debian package index by running the following command:

sudo apt update

Once the update is complete, install the necessary package dependencies using the following command:

sudo apt install mariadb-server nginx ufw nodejs npm gzip git curl python3 libssl-dev

After the dependencies are installed, verify the Node.js version by running the following command:

nodejs --version

Ensure that Node.js 18 is installed successfully.

Next, check the status of the MariaDB service using the following commands:

sudo systemctl is-enabled mariadb
sudo systemctl status mariadb

Make sure that the MariaDB service is enabled and running.

Similarly, check the status of the Nginx service using the following commands:

sudo systemctl is-enabled nginx
sudo systemctl status nginx

Ensure that the Nginx service is enabled and running.

Configuring UFW (Uncomplicated Firewall)

Now that we have installed the necessary dependencies, let’s configure UFW to secure our Etherpad installation. UFW (Uncomplicated Firewall) is a user-friendly frontend for managing firewall rules on Linux.

To begin, enable the OpenSSH profile and allow SSH connections by running the following command:

sudo ufw allow OpenSSH

Next, start and enable UFW by running the following command:

sudo ufw enable

When prompted, enter ‘y’ to confirm the action.

To open both HTTP and HTTPS ports, run the following command:

sudo ufw allow "Nginx Full"

Finally, reload UFW to apply the changes and verify the enabled rules and profiles by running the following commands:

sudo ufw reload
sudo ufw status

You should see that UFW is active with the OpenSSH and Nginx Full profiles enabled.

Configuring MariaDB Database Server

In this section, we will secure the MariaDB server and create a new database and user for Etherpad to use.

To secure the MariaDB server, run the following command:

sudo mariadb-secure-installation

This command will guide you through the process of securing your MariaDB server by setting up the root password and applying basic security settings. Follow the prompts and make the necessary changes.

Once the MariaDB server is secured, log in to the MariaDB server with the following command:

sudo mariadb -u root -p

Enter the password for your MariaDB root user when prompted.

After logging in, execute the following queries to create a new database and user for Etherpad:

CREATE DATABASE etherpad_lite_db;
CREATE USER etherpaduser@localhost IDENTIFIED BY 'StrongPasswordEtherpadDB';
GRANT CREATE,ALTER,SELECT,INSERT,UPDATE,DELETE on etherpad_lite_db.* to etherpaduser@localhost;
FLUSH PRIVILEGES;

Verify that the user etherpaduser can access the etherpad_lite_db database by running the following query:

SHOW GRANTS FOR etherpaduser@localhost;

You should see the privileges granted to the user etherpaduser for the etherpad_lite_db database.

Type quit to exit from the MariaDB server.

Downloading and Configuring Etherpad

Now, let’s download the Etherpad source code and configure it to run on our Debian 12 server.

First, add a new system user named etherpad with the default home directory /opt/etherpad-lite by running the following command:

sudo adduser --system --no-create-home --home=/opt/etherpad-lite --group etherpad

Next, navigate to the /opt directory and clone the Etherpad source code repository using Git:

cd /opt && git clone --branch master https://github.com/ether/etherpad-lite.git

Change the ownership of the /opt/etherpad-lite directory to the etherpad user and group:

sudo chown -R etherpad:etherpad /opt/etherpad-lite

Now, move to the /opt/etherpad-lite directory and run the following command to prepare the system environment for Etherpad installation:

cd /opt/etherpad-lite
sudo su -s /bin/bash -c"./bin/run.sh" etherpad

This command will install the required dependencies for Etherpad and run it with the default configuration.

After the installation is complete, press Ctrl+C to terminate the Etherpad process.

Next, open the settings.json file using the nano editor:

nano settings.json

In this file, you can modify various settings for your Etherpad installation. For example, you can change the default title of your Etherpad installation by modifying the "title" field.

To run Etherpad on localhost only, change the "ip" field to "127.0.0.1".

By default, Etherpad uses a “dirty” database configuration. To use MariaDB as the database for Etherpad, comment out the "dbType" and "dbSettings" fields and add a new configuration block for MySQL:

/*
*"dbType": "dirty",
*"dbSettings": {
*  "filename": "var/dirty.db"
*},
*/

 "dbType" : "mysql",
 "dbSettings" : {
 "user":     "etherpaduser",
 "host":     "127.0.0.1",
 "port":     3306,
 "password": "StrongPasswordEtherpadDB",
 "database": "etherpad_lite_db",
 "charset":  "utf8mb4"
 },

Save the changes and exit the editor.

Running Etherpad as a Systemd Service

To ensure that Etherpad runs in the background as a service and starts automatically upon system boot, we will create a new systemd service file for Etherpad.

Create a new service file named etherpad.service in the  /etc/systemd/system directory using the nano editor:

sudo nano /etc/systemd/system/etherpad.service

Add the following configuration to the file:

[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target network.target mariadb.service

[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/opt/etherpad-lite
Environment=NODE_ENV=production
ExecStart=/usr/bin/node --experimental-worker /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
# use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.
Restart=always

[Install]
WantedBy=multi-user.target

Save the file and exit the editor.

Reload the systemd manager to apply the new service:

sudo systemctl daemon-reload

Start and enable the Etherpad service:

sudo systemctl start etherpad
sudo systemctl enable etherpad

Verify that the Etherpad service is running:

sudo systemctl status etherpad

You should see that the Etherpad service is active and running on localhost with port 9001.

To ensure that the Node.js application is using port 9001, run the following command:

ss -tulpn | grep9001

If the port is being used by the Node.js application, you will see the relevant output.

At this point, Etherpad is successfully installed on your Debian 12 server and running as a systemd service.

Configuring Nginx as a Reverse Proxy

To access Etherpad securely over HTTPS and benefit from Nginx’s reverse proxy capabilities, we will configure Nginx as a reverse proxy for Etherpad.

Before we proceed, ensure that your domain name is correctly pointed to your Debian server’s IP address.

Create a new Nginx server block configuration file named etherpad.conf using the nano editor:

sudo nano /etc/nginx/sites-available/etherpad.conf

Add the following configuration to the file, replacing etherpad.example.io with your Etherpad domain name:

server {
    listen       80;
    server_name  etherpad.example.io;

    access_log  /var/log/nginx/eplite.access.log;
    error_log   /var/log/nginx/eplite.error.log;

    location / {
        proxy_pass         http://127.0.0.1:9001;
        proxy_buffering    off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
        proxy_set_header   Host $host;
        proxy_pass_header  Server;

        # Note you might want to pass these headers etc too.
        proxy_set_header    X-Real-IP $remote_addr; # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
        proxy_set_header    X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
        proxy_set_header    X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
        proxy_http_version  1.1; # recommended with keepalive connections

        # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html
        proxy_set_header  Upgrade $http_upgrade;
        proxy_set_header  Connection $connection_upgrade;
    }
}

Save the file and exit the editor.

Activate the server block by creating a symbolic link:

sudo ln -s /etc/nginx/sites-available/etherpad.conf /etc/nginx/sites-enabled/

Verify the overall Nginx configurations:

sudo nginx -t

If the configurations are correct, you should see the message “syntax is ok” and “test is successful”.

Restart Nginx to apply the changes:

sudo systemctl restart nginx

To verify that your Nginx configuration is successful, visit your Etherpad domain name (e.g., http://etherpad.example.io/) using your preferred web browser. If everything is set up correctly, you should see the Etherpad screen.

Securing Etherpad with SSL/TLS Certificates

To ensure secure communication between clients and your Etherpad instance, we will secure Etherpad with SSL/TLS certificates generated by Certbot and Let’s Encrypt. We will also configure automatic redirection from HTTP to HTTPS within Etherpad.

First, install Certbot and the Certbot Nginx plugin by running the following command:

sudo apt install certbot python3-certbot-nginx

Once the installation is complete, generate SSL/TLS certificates for your Etherpad domain name by running the following command:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --emailtest@example.io -d etherpad.example.io

Replace test@example/io with your email address and etherpad.example.io with your Etherpad domain name.

After the process is complete, the SSL certificates will be available in the /etc/letsencrypt/live/example.com directory. The Nginx server block configuration for Etherpad will automatically be updated to use HTTPS.

To verify the setup, visit your Etherpad domain name using your web browser. You should be automatically redirected to the secure HTTPS connection.

Conclusion

Congratulations! You have successfully installed Etherpad on your Debian 12 server and secured it with SSL/TLS certificates. With Etherpad, you can now collaborate with your team in real-time, ensuring efficient document editing and version control.

Remember, Etherpad offers a wide range of plugins and add-ons that you can install to enhance its functionality and tailor it to your specific needs.

At Shape.host, we provide reliable and scalable cloud hosting solutions, including Linux SSD VPS, to empower businesses with efficient and secure hosting environments. Whether you’re looking for reliable hosting for Etherpad or any other application, we have you covered.

Feel free to explore our hosting services and get in touch with our team to discuss your hosting needs.