Set up SilverBullet on Apache server with reverse proxy

Guides
1

This is a guide on setting up SilverBullet on a classic LAMP server (Linux, Apache, MySQL, PHP). This guide is tested on a server that is accessible via SSH, runs Ubuntu server 20.04, and a domain (mydomain.org for the purposes of this guide) points to it (using DNS records provider).

The goal of this guide is to:

  • have SilverBullet (SB) accssible from anywhere on the Internet using the domain name you have binded to the server without employing any 3rd-party tunneling service like ngrok,
  • connect to SB securely, so TLS (HTTPS) is a must, and
  • restrict the SB instance only to authenticated people (--user switch).

SilverBullet doesn’t support URL paths, so it’s not possible to run the instance in a subdirectory under your domain root, e.g., https://mydomain.org/notes/SB. I assume you use your domain also for services other than SB so we’ll run SB under a subdomain: e.g., https://silverbul.mydomain.org.

Basic setup

  1. Create a directory for the subdomain under your server root, e.g. /var/www/silverbul.mydomainOrg
    The name doesn’t need to directly match the domain.
  2. Install and run SilverBullet there in a standard way.
  3. Run SilverBullet using silverbullet /var/www/silverbul.mydomainOrg .
    I suggest using screen so that you can leave it running in the background.
    I also suggest cd /var/www/silverbul.mydomainOrg and run silverbullet . (with . as in the current directory) .
  4. Create an Apache site config in /etc/apache2/sites-available/silverbul.mydomainOrg.conf with this content (adjust the paths, names):
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/silverbul.mydomainOrg
    ServerName silverbul.mydomain.org
    AllowEncodedSlashes On
    ProxyPreserveHost On
    ProxyPass "/"  "http://localhost:3000/"
    ErrorLog ${APACHE_LOG_DIR}/error_silverbul.mydomainOrg.log
    CustomLog ${APACHE_LOG_DIR}/access_silverbul.mydomainOrg.log combined
</VirtualHost>
  1. Reload the Apache service: sudo systemctl reload apache2.service
    Depends on your OS, this is for Ubuntu Linux and similar.
  2. Test the insecure access to SB via http://silverbul.mydomain.org.
    If it works, continue. If not, search for errors, ask the Internets, …

Secure connection

  1. Create a valid SSL certificate for the subdomain using certbot (https://certbot.eff.org): sudo certbot -d silverbul.mydomain.org.
    You can, of course, use other means to get a valid certificate. In my opinion, this is the easiest one by far.
  2. Certbot is a very comfy tool and if your subdomain site is accessible via HTTP, it should reconfigure the Apache site settings for the subdomain automatically (it did for me).
  3. Test the secure access to your SB instance via https://silverbul.mydomain.org.

Authentication

  1. Kill SilverBullet on your server (ctrl+C) and re-run it with a username and password: silverbullet --user pete:1234 /var/www/silverbul.mydomainOrg
    Use long and secure password of course, like Broadness=Sensitive=Stipend=Coronary=Stapling=Boil192.
    Avoid spaces in the user name and password. If you need them, use single quotes, e.g. --user 'pete:1234 abcd'.
  2. Go to https://silverbul.mydomain.org, reload the page and login with the usr:psw you set in the previous step.

That’s it. I hope you can now effortlessly and securely enjoy your self-hosted SilverBullet.

I hereby thank @TheNomad11 , @zef , and @i_am_dangry for helping me achieve this setup in the original support thread [SOLVED] How to set up SilverBullet on Apache server (reverse proxy) - Troubleshooting - SilverBullet Community. Without their help, I’d hardly have a functional SB instance securely running now.

I also encourage anyone with ideas to improve or extend this guide to share their vision in comments here.

5 Likes
2

This guide is really good, thank you very much!

Two possible improvements:
In the first step, one should create a webroot for silverbullet. But when I installed silverbullet with deno, it still installed silverbullet into my home. I thought I didnt need the webroot folder in /var/www then, but remembered that it is needed for the certificate.
Maybe you could add a half sentence of explanation like this?
“1. Create a directory for the subdomain under your server root, e.g. /var/www/silverbul.mydomainOrg
This will be used for the SSL certificate, the name doesn’t need to directly match the domain.”

In Step 10, when the password contains spaces, one needs to wrap it and the username into single quotes. Maybe add that?
“Kill SilverBullet on your server (ctrl+C) and re-run it with a username and password:
silverbullet --user 'pete:1234 5678' (Single quotes needed for spaces)
Use a long and secure password of course, like Broadness=Sensitive=Stipend=Coronary=Stapling=Boil192”

3

Thanks for your comments and review!

  1. SilverBullet always installs into ~/.deno/bin, that doesn’t have anything to do with where you have the actual SB data files. You need the subfolder in /var/www for both the SSL certificate AND for the SB data files, ie. the instance of SB. You can run many instannces of SB on one system. I hope it’s clear now, but let me know if you’d like to see any additional clarification in the guide. I didn’t change anything there.
  2. Thanks for this point, it didn’t even occur to me one would put spaces to user names or passwords xD I added a note with your example. Thanks for figuring out how to solve this use case.
4

Oh, yes that makes sense now!
Would one need to specify the path to the folder in /var/www at some point of the silverbullet configuration?

If not, I think the guide to be perfect :slight_smile:

Would it make sense to remove my comment in order to make the guide stand out more?

5

You mean a way to specify where to put the files of the actual instance of Silverbullet? That’s specified in the silverbullet command - the dot . there in the step 2 says “current directory”.

If you’re in /home/username, for instance, and you want to run SB in /var/www/sb.mydomOrg, then the command would be silverbullet /var/www/sb.mydomOrg. Of course, the 2nd place to adjust the path to the instance is in the Apache config file (step 3).

As for removing your comments - no, I don’t think that’s a good practice. A/ it’d force me to remove my comments, B/ there was this discussion, let’s not deny it. What do you think, @zef ?

6

Oh, sorry, that was my fault, I didnt notice the silverbullet .

I would like to suggest changing 2. a bit:
“Install and run SilverBullet into this directory in a standard way. (After installation, run it using silverbullet . inside the directory)”
Or something like that, to ensure that the silverbullet .doesnt get lost at the end of a sentence.

And I agree, deleting comments wouldnt be a good practice, I just thought for a moment that it would be cleaner.

7

Thanks for the feedback. I adjusted the guide, hope it’s bullet-proof now (pun intended xD)