oskar/homelab-codex-ws
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
homelab-codex-ws/docs/joplin-server.md

3.6 KiB
Raw Blame History

Joplin Server

Description

This page documents the current Joplin Server state received from the Hetzner VPS Codex handoff.

Joplin Server has been created on disk but is not running yet.

Current configuration

  • Compose path: /home/dockeruser/docker/joplin-server
  • Files:
    • /home/dockeruser/docker/joplin-server/docker-compose.yml
    • /home/dockeruser/docker/joplin-server/.env
    • /home/dockeruser/docker/joplin-server/README.md
  • Current runtime state: not running
  • docker compose ps in /home/dockeruser/docker/joplin-server shows no running services.
  • Intended public URL: https://joplin.okit.pl

Current DNS issue:

  • joplin.okit.pl did not resolve from user test.
  • DNS needs to be created or fixed before public HTTPS works.

Known facts

Joplin Compose design:

  • app
    • image: joplin/server:latest
    • container_name: joplin-server
    • restart: unless-stopped
    • env_file: .env
    • Binds only to localhost:
      • 127.0.0.1:22300:22300
    • Depends on db with condition service_healthy
    • Network: joplin-net
  • db
    • image: postgres:18
    • container_name: joplin-db
    • restart: unless-stopped
    • No exposed ports
    • Network: joplin-net
    • Volume:
      • postgres_data:/var/lib/postgresql/data
    • Healthcheck:
      • pg_isready using POSTGRES_USER and POSTGRES_DB
  • Named volume:
    • joplin_postgres_data
  • Named network:
    • joplin-net

Joplin .env:

POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD
POSTGRES_USER=joplin
POSTGRES_DB=joplin
APP_PORT=22300
APP_BASE_URL=https://joplin.okit.pl
DB_CLIENT=pg
POSTGRES_HOST=db
POSTGRES_PORT=5432

Important notes from handoff:

  • POSTGRES_PASSWORD must be changed before first production start.
  • Joplin is intentionally localhost-only.
  • External access must go through Nginx Proxy Manager.
  • Because Nginx Proxy Manager uses host networking, Nginx Proxy Manager should forward to 127.0.0.1:22300.
  • PostgreSQL is internal-only and should not be exposed publicly.

Required Nginx Proxy Manager proxy host for Joplin:

  • Domain Names: joplin.okit.pl
  • Scheme: http
  • Forward Hostname / IP: 127.0.0.1
  • Forward Port: 22300
  • Websockets Support: enabled
  • Block Common Exploits: enabled
  • SSL:
    • Request Let's Encrypt certificate
    • Force SSL enabled
    • HTTP/2 enabled

DNS plan from handoff:

  • Create A record:
    • joplin.okit.pl -> 135.181.153.108
  • Optional AAAA record:
    • joplin.okit.pl -> 2a01:4f9:c014:98f0::1
  • For normal Let's Encrypt through Nginx Proxy Manager, ports 80 and 443 must reach this VPS publicly.
  • Public DNS should not point to the Tailscale IP if using standard Let's Encrypt HTTP validation.

Commands provided in handoff to start Joplin:

cd /home/dockeruser/docker/joplin-server
nano .env
# replace POSTGRES_PASSWORD
docker compose up -d
docker compose ps
docker compose logs -f app

Local tests on VPS after Joplin start:

curl -I http://127.0.0.1:22300
curl -I http://127.0.0.1:81
curl -I http://127.0.0.1:80

Public tests after DNS and Nginx Proxy Manager config:

dig joplin.okit.pl
curl -I https://joplin.okit.pl

Unknown / needs clarification

  • Whether POSTGRES_PASSWORD has been changed from CHANGE_ME_STRONG_PASSWORD.
  • Whether docker compose up -d has been run for Joplin.
  • Whether joplin_postgres_data has been created.
  • Whether joplin-net has been created.
  • Whether joplin.okit.pl DNS has been created or fixed.
  • Whether the optional AAAA record is intended.
  • Whether the Nginx Proxy Manager proxy host for joplin.okit.pl has been created.
  • Whether Let's Encrypt certificate issuance has succeeded.
  • Whether ports 80 and 443 reach the Hetzner VPS publicly.