Black Bear Information Security
Information Technology Security
penetrationtesting.jpg

Blog

Run your own Standard Notes Syncing Server

alt text
Stanard Notes is an open source notes app that offers E2E encryption, syncing notes between devices with support for clients on almost any platform, and, most importantly, you can run your own syncing server. Standard Notes backend server is called Standard File and Standard Notes makes it super easy to deploy a server in AWS which can be done either manually, or through a provided preconfigured image. The documentation provided is great and makes it really simple to deploy a server quickly, but I don't use AWS. So here are a set of instructions for if you want to self host the server at another provider (DigitalOcean, Vultr, OVH, etc) or on your own hardware using Ubuntu 16.04. First things first, you need a server. I am using the cheapest of the cheap available from DigitalOcean. This gives me 1GB of RAM and 25GB of storage for 5 bucks a month.
alt text

Some DigitalOcean Specifics:

If you deciede to follow these steps to the letter. You will need to create a swap file or Standard File will never start.

Create a swap file

    sudo fallocate -l 1G /mnt/swap
    sudo mkswap /mnt/swap
    sudo chmod 0600 /mnt/swap
    sudo swapon /mnt/swap

Add the following line to the end of your /etc/fstab to make is persistent across reboots.

    /mnt/swap none swap sw 0 0

With the swap situation sorted we can start on the actual install by getting some dependencies installed. This included grabbing rvm which we will use to install the latest version of Ruby.

    sudo apt install mysql-server rubygems libcurl4-openssl-dev gnupg2 git
    gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
    curl -sSL https://get.rvm.io | bash -s stable

Once everything is installed we need to add rvm to our path and then install ruby

    source /etc/profile.d/rvm.sh
    rvm install ruby
    rvm use ruby

Ruby -v should show something similar

    ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]

Standard File requries bundler so we'll install that now

    gem install bundler --no-ri --no-rdoc

Next we need to create a database for Standard File to use. First start the service

    sudo service mysql start

Then use mysql_secure_installation to configure the service. You can accept the defaults for most of the prompts with the exeception of the three listed below.

sudo mysql_secure_installation
    remove anonymous users (Y)
    disallow root login remotely (Y)
    remove test database and access to it (Y)

Now login to mysql and create the standard file database

    mysql -u root -p
     > create database standard_file;
     > quit;

Standard File uses Nginx via Passenger to run so we will need to install Passenger first

    gem install rubygems-update --no-rdoc --no-ri
    update_rubygems
    gem install passenger --no-rdoc --no-ri

Next we'll use Passenger to install Nginx.

First allow others to execute from your home folder sudo chmod o+x "/home/$user" Then use Passenger to install Nginx with the following settings

    rvmsudo passenger-install-nginx-module
        Select Ruby
        Select  1. Yes: download, compile and install Nginx for me. (recommended)
        Install to /opt/nginx

Validate that everything installed correctly

    rvmsudo passenger-config validate-install
        Select Passendger itself

If everything looks good then you should see the following:

    Everything looks good. :-)

Next we'll setup a TLS certificate with Let's Encrypt.
First get Let's Encrypt and put in /opt

    sudo chown $user /opt
    cd /opt
    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt

Then run Let's Encrypt to get a cert but not install it. If you try to let it install the cert, it will install in the wrong location.

    ./letsencrypt-auto certonly --standalone --debug

Note the location of the certificates, typically

    /etc/letsencrypt/live/$domain.com/fullchain.pem

Replace $domain with the name or IP address you used to create the certificate

Nginx now needs configured to use the certificate.

    sudo nano /opt/nginx/conf/nginx.conf

Add this to the bottom of the file, inside the last curly brace:

     server {
         listen 443 ssl default_server;
         ssl_certificate /etc/letsencrypt/live/$domain.com/fullchain.pem;
         ssl_certificate_key /etc/letsencrypt/live/$domain.com/privkey.pem;
         server_name domain.com;
         passenger_enabled on;
         passenger_app_env production;
         root /home/$user/ruby-server/public;
       }

Now that we have all the backend work complete, we can actually setup the Standard File server.
Grab the source from Github and put it in your home folder

    cd ~
    git clone https://github.com/standardfile/ruby-server.git

Enter the folder and install the Ruby dependencies cd ruby-server bundle install bower install rails assets:precompile

We need to create a .env file for the Rails app to load that tells it to use the database we setup earleir.

    RAILS_ENV=production
    SECRET_KEY_BASE=use "bundle exec rake secret"

    DB_HOST=localhost
    DB_PORT=3306
    DB_DATABASE=standard_file
    DB_USERNAME=root
    DB_PASSWORD=

    SALT_PSEUDO_NONCE=use "bundle exec rake secret"

Initialize the database

    rails db:migrate

And finally start Nginx

    sudo /opt/nginx/sbin/nginx

And that is it! You now have a Standard File server.

Tim Kusajtys