In 2020, Google and I broke up. DuckDuckGo has long been my search engine of choice, but this year I replaced Gmail with ProtonMail, Google Music died, and I found Cryptpad, a “Zero Knowledge realtime collaborative editor” which provides everything I need from Google Docs (except a backup strategy). With this free, open-source software deployed, I can log current events without fear of surveillance.

Though the project does not officially support Apache, nginx lacks features I require, so I still took the road less traveled. A sample Apache proxy config was simple to find; I was particularly grateful for the hot tip regarding WebSocket traffic:

<VirtualHost *:80>
    Servername cryptpad.your-domain.tld
    ServerAlias www.cryptpad.your-domain.tld

    ProxyPass /cryptpad_websocket ws://127.0.0.1:3000/cryptpad_websocket
    ProxyPassReverse /cryptpad_websocket ws://127.0.0.1:3000/cryptpad_websocket

    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>

Though I didn’t explore the alternatives thoroughly, hosting the service in a separate vhost seems much simpler than hosting in a subdirectory. The modules that service these proxy rules weren’t all enabled by default; running sudo a2enmod proxy && sudo a2enmod proxy_http && sudo a2enmod proxy_wstunnel brought up the requisite bits of code. A systemd service descriptor which launches Cryptpad on boot is available in the source tree.