Hi, I’m a total beginner to this, my knowledge is practically zero, but I want to learn. I would love to be able to install SilverBullet onto a VPS so that I can access on my Chromebook/phone.
But I need help. I don’t know if anyone is willing to walk a newbie through this process? If so, here’s my progress so far:
I’ve purchased a VPS.
I’ve installed docker on it.
I’ve installed Silverbullet with docker.
All good. But when I input my server’s IP address with port 3000, it doesn’t work. It “took too long to respond.”
Have you exposed SilverBullet to the Internet and configured TLS/HTTPS? I use Nginx Proxy Manager, but the documentation includes a guide for Caddy. If you’re open to other, non-Docker options, @edison23 also wrote a guide to setting up SilverBullet with Apache and Certbot.
No, I haven’t. I could try the Caddy route. But I don’t know how install caddy on my VPS. And in the instructions, what is “yourdomain.com”? I have no domain.
OK. So I do actually have a domain, which I’m using for a blog. Do I have to alter any of the DNS settings, or can I run this command regardless? (sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443)
If SilverBullet and Caddy are on the same network, you might actually be able to configure it to use self-signed certificates on localhost. I haven’t used Caddy before so I can’t provide specific recommendations.
Hi @dmsrev, I would like to explain a bit about the problem.
You have a VPS which has a public ip address. This means it is potentially accessible to everyone, this is kind of dangerous to expose directly, therefore most of the vps provider would impose an additional control interface to firewall your ports (3000 in your case). One reason you can’t access the port directly could be this firewall.
But generally you shouldn’t open the port without a proper reverse proxy like Caddy or nginx. Accessing such port is very dangerous since it is not protected by ssl encrption. Therefore you should following the example to 1) point your domain (or most frequently subdomain) to your current instance (ip address) and then 2) setup caddy for the reverse proxy.
Also note that docker is containerizing all the services, therefore if you didn’t bind your silverbullet container with your host port. You can’t access them via localhost:3000. The practice to use sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443 is also wrong, since this domain points to your service only after you have caddy setup properly, but when you were setting the caddy, you should use either 1) localhost:<port> if you have bind your container’s port 3000 with your host or 2) container_ip:<port> if you didn’t.
I would suggest newbie starting with binding the ip then learn how to connect to container ip. But note that this assumes your caddy is not running inside another container, in which case caddy can’t access host’s ip address via localhost.
Also if any of the previous explaination is too confusing to you, consider to turn to ChatGPT for background explaination for the knowledge. It would be very intemidating if you don’t have a mental model on how network of server/docker/etc works, but should be straight forward once you established such model.
nginx is of the same function with caddy, you should choose one instead of both. I recommand caddy since it handles ssl certificate for you and the syntax of Caddyfile is more simple.
You should know the difference between binding and listening. Binding is when container want to post something via this port, listening is when the app want to hear what is posted at this port. In this case, caddy shouldn’t bind the 3000 port rather only listening.
You should be clear on if you are running caddy in a container or directly on the host.
I don’t have full info on what you have done. But I would start from:
disable the nginx
check if you are running caddy using docker. If not, you can assume connecting to your silver bullet via localhost, if not, try to understand the following example configuration for caddy. Find where your Caddyfile is and adapt the following example based on your need.
Grats! It is impressive that you learnt so fast. I still need to remind you that you don’t need to open firewall for silverbullet if you configured it properly.
To briefly explain that, your caddy is a reverse proxy mapping the domain requests to different services on your VPS, and all the https requests are coming from port 443, meaning that caddy will pass all the requests of your silverbullet domains to 3000 and this can be done internally since the traffic happens in one machine.
Therefore I recommand you to close your 3000 firewall port and enjoy your Silverbullet journey!
Yes, you should close the 3000 port firewall on your VPS’s providers interface.
No, it is not even necessary for installation. The reason in detail was explained on last reply. But the gist would be: when using https, it is accessing your silver bullet via port 443, caddy should automatically route it to your port 3000, but since this traffic happens internally, there is no reason to expose your port 3000, which could expose more vulnerabilities.
Let me just say that I find the tone and attitude on this forum exceptionally friendly and supportive. At the moment I am mostly reading and learning, and I am benefitting immensely from instructions like these.
Thank you all!