Trying to install on VPS

Hi, I’m a total beginner to this, my knowledge is practically zero, but I want to learn. I would love to be able to install SilverBullet onto a VPS so that I can access on my Chromebook/phone.

But I need help. I don’t know if anyone is willing to walk a newbie through this process? If so, here’s my progress so far:

  1. I’ve purchased a VPS.
  2. I’ve installed docker on it.
  3. I’ve installed Silverbullet with docker.

All good. But when I input my server’s IP address with port 3000, it doesn’t work. It “took too long to respond.”

Please can anyone help??

Have you exposed SilverBullet to the Internet and configured TLS/HTTPS? I use Nginx Proxy Manager, but the documentation includes a guide for Caddy. If you’re open to other, non-Docker options, @edison23 also wrote a guide to setting up SilverBullet with Apache and Certbot.

No, I haven’t. I could try the Caddy route. But I don’t know how install caddy on my VPS. And in the instructions, what is “yourdomain.com”? I have no domain.

sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443

It might be easiest to get a domain name. You can get a domain name in the .xyz top-level domain of six to nine digits (e.g., 123456789.xyz) for about a dollar per year. I’ve used Porkbun as my domain name registrar for several years.

Alternatively, I’d also consider using YunoHost. It’s how I got started with self-hosting a few years ago, and @fflorent has packaged SilverBullet for YunoHost. You can set up YunoHost with a free subdomain, and it’ll largely handle DNS and HTTPS for you.

1 Like

OK. So I do actually have a domain, which I’m using for a blog. Do I have to alter any of the DNS settings, or can I run this command regardless? (sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443)

(I’ve now installed caddy on my VPS.)

If SilverBullet and Caddy are on the same network, you might actually be able to configure it to use self-signed certificates on localhost. I haven’t used Caddy before so I can’t provide specific recommendations.

Thanks. But I’m totally lost.

Hi @dmsrev, I would like to explain a bit about the problem.

You have a VPS which has a public ip address. This means it is potentially accessible to everyone, this is kind of dangerous to expose directly, therefore most of the vps provider would impose an additional control interface to firewall your ports (3000 in your case). One reason you can’t access the port directly could be this firewall.

But generally you shouldn’t open the port without a proper reverse proxy like Caddy or nginx. Accessing such port is very dangerous since it is not protected by ssl encrption. Therefore you should following the example to 1) point your domain (or most frequently subdomain) to your current instance (ip address) and then 2) setup caddy for the reverse proxy.

Also note that docker is containerizing all the services, therefore if you didn’t bind your silverbullet container with your host port. You can’t access them via localhost:3000. The practice to use sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443 is also wrong, since this domain points to your service only after you have caddy setup properly, but when you were setting the caddy, you should use either 1) localhost:<port> if you have bind your container’s port 3000 with your host or 2) container_ip:<port> if you didn’t.

I would suggest newbie starting with binding the ip then learn how to connect to container ip. But note that this assumes your caddy is not running inside another container, in which case caddy can’t access host’s ip address via localhost.

Also if any of the previous explaination is too confusing to you, consider to turn to ChatGPT for background explaination for the knowledge. It would be very intemidating if you don’t have a mental model on how network of server/docker/etc works, but should be straight forward once you established such model.

Thank you for this.

What I have done up to now is as follows:

  1. I used chatgpt to bind my domain name (I bought a new one) to my VPS
  2. I installed nginx
  3. I installed docker followed by SilverBullet
  4. I’m now trying to run the caddy reverse-proxy command, but at the end of the long error message I get: “Bind: address already in use”

You should be clear on the following things:

  1. nginx is of the same function with caddy, you should choose one instead of both. I recommand caddy since it handles ssl certificate for you and the syntax of Caddyfile is more simple.
  2. You should know the difference between binding and listening. Binding is when container want to post something via this port, listening is when the app want to hear what is posted at this port. In this case, caddy shouldn’t bind the 3000 port rather only listening.
  3. You should be clear on if you are running caddy in a container or directly on the host.

OK, thank you. So, step by step, what do I need to do? (thank you!!)

I don’t have full info on what you have done. But I would start from:

  1. disable the nginx
  2. check if you are running caddy using docker. If not, you can assume connecting to your silver bullet via localhost, if not, try to understand the following example configuration for caddy. Find where your Caddyfile is and adapt the following example based on your need.
homepage.domain.de {
    reverse_proxy http://<silverbullet_ip>:3000
}

OK. I have done as you said. I found my Caddyfile and I adapted your example to my own details.

And… I think we’ve done it. I can now see SilverBullet on my domain, with https…!

Is this too good to be true???

2 Likes

It’s definitely working. Thank you so much.

These $1 .xyz domains are pretty nice for the SB use case. Let me post that more publicly.

2 Likes

Grats! It is impressive that you learnt so fast. I still need to remind you that you don’t need to open firewall for silverbullet if you configured it properly.

To briefly explain that, your caddy is a reverse proxy mapping the domain requests to different services on your VPS, and all the https requests are coming from port 443, meaning that caddy will pass all the requests of your silverbullet domains to 3000 and this can be done internally since the traffic happens in one machine.

Therefore I recommand you to close your 3000 firewall port and enjoy your Silverbullet journey!

1 Like

So you’re telling me to take off port 3000 from the firewall policy? Why? Was it only necessary to access it for installation?

Yes, you should close the 3000 port firewall on your VPS’s providers interface.

No, it is not even necessary for installation. The reason in detail was explained on last reply. But the gist would be: when using https, it is accessing your silver bullet via port 443, caddy should automatically route it to your port 3000, but since this traffic happens internally, there is no reason to expose your port 3000, which could expose more vulnerabilities.

1 Like