# Joplin Server ## Description This page documents the current Joplin Server state received from the Hetzner VPS Codex handoff. Joplin Server has been created on disk but is not running yet. ## Current configuration - Compose path: `/home/dockeruser/docker/joplin-server` - Files: - `/home/dockeruser/docker/joplin-server/docker-compose.yml` - `/home/dockeruser/docker/joplin-server/.env` - `/home/dockeruser/docker/joplin-server/README.md` - Current runtime state: not running - `docker compose ps` in `/home/dockeruser/docker/joplin-server` shows no running services. - Intended public URL: `https://joplin.okit.pl` Current DNS issue: - `joplin.okit.pl` did not resolve from user test. - DNS needs to be created or fixed before public HTTPS works. ## Known facts Joplin Compose design: - `app` - `image: joplin/server:latest` - `container_name: joplin-server` - `restart: unless-stopped` - `env_file: .env` - Binds only to localhost: - `127.0.0.1:22300:22300` - Depends on `db` with condition `service_healthy` - Network: `joplin-net` - `db` - `image: postgres:18` - `container_name: joplin-db` - `restart: unless-stopped` - No exposed ports - Network: `joplin-net` - Volume: - `postgres_data:/var/lib/postgresql/data` - Healthcheck: - `pg_isready` using `POSTGRES_USER` and `POSTGRES_DB` - Named volume: - `joplin_postgres_data` - Named network: - `joplin-net` Joplin `.env`: ```env POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD POSTGRES_USER=joplin POSTGRES_DB=joplin APP_PORT=22300 APP_BASE_URL=https://joplin.okit.pl DB_CLIENT=pg POSTGRES_HOST=db POSTGRES_PORT=5432 ``` Important notes from handoff: - `POSTGRES_PASSWORD` must be changed before first production start. - Joplin is intentionally localhost-only. - External access must go through Nginx Proxy Manager. - Because Nginx Proxy Manager uses host networking, Nginx Proxy Manager should forward to `127.0.0.1:22300`. - PostgreSQL is internal-only and should not be exposed publicly. Required Nginx Proxy Manager proxy host for Joplin: - Domain Names: `joplin.okit.pl` - Scheme: `http` - Forward Hostname / IP: `127.0.0.1` - Forward Port: `22300` - Websockets Support: enabled - Block Common Exploits: enabled - SSL: - Request Let's Encrypt certificate - Force SSL enabled - HTTP/2 enabled DNS plan from handoff: - Create A record: - `joplin.okit.pl -> 135.181.153.108` - Optional AAAA record: - `joplin.okit.pl -> 2a01:4f9:c014:98f0::1` - For normal Let's Encrypt through Nginx Proxy Manager, ports `80` and `443` must reach this VPS publicly. - Public DNS should not point to the Tailscale IP if using standard Let's Encrypt HTTP validation. Commands provided in handoff to start Joplin: ```sh cd /home/dockeruser/docker/joplin-server nano .env # replace POSTGRES_PASSWORD docker compose up -d docker compose ps docker compose logs -f app ``` Local tests on VPS after Joplin start: ```sh curl -I http://127.0.0.1:22300 curl -I http://127.0.0.1:81 curl -I http://127.0.0.1:80 ``` Public tests after DNS and Nginx Proxy Manager config: ```sh dig joplin.okit.pl curl -I https://joplin.okit.pl ``` ## Unknown / needs clarification - Whether `POSTGRES_PASSWORD` has been changed from `CHANGE_ME_STRONG_PASSWORD`. - Whether `docker compose up -d` has been run for Joplin. - Whether `joplin_postgres_data` has been created. - Whether `joplin-net` has been created. - Whether `joplin.okit.pl` DNS has been created or fixed. - Whether the optional AAAA record is intended. - Whether the Nginx Proxy Manager proxy host for `joplin.okit.pl` has been created. - Whether Let's Encrypt certificate issuance has succeeded. - Whether ports `80` and `443` reach the Hetzner VPS publicly.