Cryptpad Docker

Alternatives To Cryptpad Docker
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Traefik42,26418a day ago160September 16, 2022606mitGo
The Cloud Native Application Proxy
Awesome Compose22,256
2 days ago7April 23, 202199cc0-1.0HTML
Awesome Docker Compose samples
Nginx Proxy16,901
3 days ago448mitPython
Automated nginx proxy for Docker containers using docker-gen
16 hours ago655apache-2.0Lua
The Cloud-Native API Gateway
Telepresence5,692412 hours ago355September 23, 2022403otherGo
Local development against a remote Kubernetes or OpenShift cluster
a month ago33mitPython
An Efficient ProxyPool with Getter, Tester and Server
Netflix Proxy3,430
4 months ago5mitPython
Smart DNS proxy to watch Netflix
a day ago51April 25, 2021125mitGo
VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
8 days ago3Python
⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/远程桌面/自动化辅助框架,你的工作从未如此简单快捷。
Proxy.py2,3647915 hours ago37June 28, 202270bsd-3-clausePython
⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework
Alternatives To Cryptpad Docker
Select To Compare

Alternative Project Comparisons

CryptPad docker

This repository has been created as part of an ongoing effort to separate docker from the CryptPad platform repo.

The officially recommended deployment method is to use the example.nginx.conf file provided by the core repo and to manage updates directly on the host system using git, npm (as provided by nvm) and bower.


The Docker images here and their supporting configuration files are provided as is, without warranty, as a community effort. Support is provided by the community and CryptPad developers on a best-effort basis. Please keep in mind, that the core team neither uses nor tests these Docker images, so your results may vary.


Please see the migration guide for further information on switching to this repository.

General notices

  • Important: New images tagged nginx and nginx-alpine have been added to this repository. The docker-compose.yml and traefik2.yml examples files have been modified to use the nginx image because the legacy versions didn't provide Content-Security-Policy headers which is a requirement to properly expose CryptPad to the internet.
    It is recommended to use the promasu/cryptpad:nginx image (see CryptPad proxied by Nginx).

  • Mounted files and folders for CryptPad have to be owned by userid 4001. It is possible you have to run sudo chown -R 4001:4001 filename. If your container engine uses namespacing to shift uids and gids in the containers, you need correct the uid and gid or to run the command from within the container.

Standalone CryptPad

Tags: latest and alpine
Files: Dockerfile and Dockerfile-alpine

This image provides CryptPad served by Node without certs or CSP. It is up to you to deploy it behind a reverse proxy as per CryptPad's devs recommendations (see Opening CryptPad to the Internet).
It is kept in order to avoid breaking existing deployment. If you already have a reverse proxy with CSP properly configured, you can keep using this image.
Otherwise you should use the nginx or nginx-alpine versions.


docker run -d -p 3000:3000 -p 3001:3001 promasu/cryptpad
Run with customizations:
docker run -d -p 3000:3000 -p 3001:3001 -v ${PWD}/customize:/cryptpad/customize promasu/cryptpad
Run with configuration:
docker run -d -p 3000:3000 -p 3001:3001 -v ${PWD}/config.js:/cryptpad/config/config.js promasu/cryptpad
Run with persistent data:
docker run -d -p 3000:3000 -p 3001:3001 -v ${PWD}/data/blob:/cryptpad/blob \
-v ${PWD}/data/block:/cryptpad/block -v ${PWD}/customize:/cryptpad/customize \
-v ${PWD}/data/data:/cryptpad/data -v ${PWD}/data/files:/cryptpad/datastore promasu/cryptpad

CryptPad proxied by Nginx

Tags: nginx and nginx-alpine
Files: Dockerfile-nginx and Dockerfile-nginx-alpine

This image provides CryptPad proxied by Nginx. It offers more configuration options than the standalone version (but will not run if the bare minimum options aren't set) and lets Nginx handle the different HTTP headers like CSP.
The script copies Nginx configuration from the example provided in CryptPad repository (see file example.nginx.conf) and substitutes the deployment environment variables.

  • With minimum settings, Nginx will listen for unencrypted HTTP2 requests on port 80. Most browsers won't be able to connect without a reverse proxy to upgrade the connection (also if you use Traefik, see this).
    To disable HTTP2 set the environment variable CPAD_HTTP2_DISABLE to true.

  • If you'd prefer Nginx to terminate TLS connections, provide a fullchain certificate and a key and set CPAD_TLS_CERT and CPAD_TLS_KEY. Both variables MUST be set for the entrypoint script to set paths in config. You can also provide Diffie-Hellman parameters with CPAD_TLS_DHPARAM. If no dhparam.pem file is provided, it will be generated upon container start. Beware that this is a time consuming step.

Environment variables

Variables Description Required Default
CPAD_MAIN_DOMAIN CryptPad main domain FQDN Yes None
CPAD_SANDBOX_DOMAIN CryptPad sandbox subdomain FQDN Yes None
CPAD_TRUSTED_PROXY Trusted proxy address or CIDR No None
CPAD_REALIP_HEADER Header to get client IP from (X-Real-IP or X-Forwarded-For) No X-Real-IP
CPAD_REALIP_RECURSIVE Instruct Nginx to perform a recursive search to find client's real IP (on/off) (see ngx_http_realip_module) No off
CPAD_TLS_CERT Path to TLS certificate file No None
CPAD_TLS_KEY Path to TLS private key file No None
CPAD_TLS_DHPARAM Path to Diffie-Hellman parameters file No /etc/nginx/dhparam.pem


Run with minimal settings:
docker run -d -e "" -e "" -p 80:80 promasu/cryptpad:nginx
Run with configuration:
docker run -d -e "" -e "" \
-v ${PWD}/config.js:/cryptpad/config/config.js -p 80:80 promasu/cryptpad:nginx
Run with TLS:
docker run -d -e "" -e "" \
-e "CPAD_TLS_CERT=/path/to/cert.pem" -e "CPAD_TLS_KEY=/path/to/key.pem" \
-e "CPAD_TLS_DHPARAM=/path/to/dhparam.pem" -v ${PWD}/cert.pem:/path/to/cert.pem \
-v ${PWD}/key.pem:/path/to/key.pem -v ${PWD}/dhparam.pem:/path/to/dhparam.pem \
-p 443:443 promasu/cryptpad:nginx
Run behind a reverse proxy
docker run -d -e "" -e "" \
-e "CPAD_REALIP_RECURSIVE=on" -p 80:80 promasu/cryptpad:nginx
Run with customizations:
docker run -d -e "" -e "" \
-v ${PWD}/customize:/cryptpad/customize -p 80:80 promasu/cryptpad:nginx
Run with persistent data:
docker run -d -e "" -e "" \
-v ${PWD}/data/blob:/cryptpad/blob -v ${PWD}/data/block:/cryptpad/block \
-v ${PWD}/customize:/cryptpad/customize -v ${PWD}/data/data:/cryptpad/data \
-v ${PWD}/data/files:/cryptpad/datastore -p 80:80 promasu/cryptpad:nginx



docker-compose up

Run with traefik2 labels:

docker-compose -f docker-compose.yml -f traefik2.yml up

Know bugs

Use the Nginx version with Traefik

If Traefik is used as reverse proxy (e.g. to handle SSL certs) the CryptPad WebSocket is unreachable if Nginx listens with HTTP2.
A workaround is to disable HTTP2 by setting the CPAD_HTTP2_DISABLE environment variable.

Nginx version not working with some browser configurations

See []


AGPL logo

This software is and will always be available under the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Popular Docker Projects
Popular Proxy Projects
Popular Virtualization Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Reverse Proxy