Setting up siyuan with docker and exposing it with cloudflare

Hi all!

I'm new to everything siyuan and docker related and struggling to understand how to set it up so my workspace can be accessible from any computer browser with any network. I've tried the docker image for siyuan but keep running into the issue of permission denied when trying to run the container. If someone can help me step by step, or even images or a quick video would be extremely helpful. My OS is windows 10 Home (or 11 if need a more recent one)

Thank you in advance! ☺️☺️❤️

Edit: change title regarding vpn to cloudflare. I read that cloudflare would be a much easier way to expose the container rather than using a vpn, if anyone has advice or tips - please feel free to share

    1 Operate
    vivien updated this article at 2024-09-26 01:58:51

    Welcome to here!

    Here we can learn from each other how to use SiYuan, give feedback and suggestions, and build SiYuan together.

    Signup About
    Please input reply content ...
    • Eric

      Thanks for your help too. But I'm stuck...

      I successfully created a group siyuan with a gid 1000, but a user with uid 1000 already exists. I thought I might just use that user, added it to the group 1000. I also created the default folder /siyuan/workspace/ and changed ownership of both (siyuan and siyuan/workspace) folders to 1000:1000.

      Docker-compose file is pretty much the same, I only added 6808:6808 to ports, so I can publish notes without edition rights. After doing docker compose up I get the following message in a loop:

      main-1  | E 2024/09/24 10:20:05 working.go:282: create os tmp dir [/siyuan/workspace/temp/os] failed: mkdir /siyuan/workspace/temp: permission denied
      

      Did I forgot to do something? Or did something wrong?

      My rig is Raspberry Pi with Ubuntu 22.04.5 LTS.

      1 Reply
    • MiscReply
    • glaucon1984
      VIP Warrior

      If you want to access a machine in your home network from public internet you need a couple of things:

      • NAT, or more specifically, PAT (Port Address Translation). This has to be configured in your router and it will map the internal IP and port of the service you want published to the internet to a port on your public IP address. You must check your router manual to find out how to do this.
      • If your IP address is not static (most consumer-grade Internet services use a dynamic IP address) you probably will want to use a dynamic DNS service. Duck DNS is free and there are numerous solutions that will automate the process of updating your public IP address and map it to a domain name.

      With this you will expose SiYuan on public internet, for anybody to try and break the SiYuan password. So set a strong one. I personally put my infrastructure behind Authelia, which adds another layer of authentication, requiring me to grant access from an app in my smartphone (Duo).

      On top of that, all the traffic between any browser and SiYuan won't be encrypted, this means, HTTP instead of HTTPS, so the traffic can be inspected in transit. I personally use a reverse proxy, NGINX, to make the traffic secure with the use of signed certificates.

      As I told Eric, these are very advanced topics which are probably beyond the scope of this forum, but you have some key words to google about if you want to learn more about these topics.

    • vivien
      PRO Author

      Thanks for your help!

      It turns out I've made a very stupid mistake from the beginning by trying to run the commands via powershell not knowing they were actually linux 🤦🏻‍♀️. I've installed Ubuntu and did the whole process again and it runs beautifully now. Only issue is that I'm trying to expose it to other networks securely but it might turn out my little surface go isn't powerful enough for that so I'll have to wait until my new laptop comes. Thanks again!

    • glaucon1984 1
      VIP Warrior

      You should give more details about your setup, what Linux distro, how did you install docker, what docker-compose.yml did you use to deploy the container, at what stage do you get that "permission denied" error, spinning up the container or while trying to access from the browser.

      If you are using the default Docker Compose suggested in GitHub, make sure the directory

      /siyuan/workspace
      

      exists, and that the permissions on that directory match the UID/GUID 1000:1000 specified. Or change accordingly.

      This is an example for the default values on the Docker Compose from GitHub:

      mkdir -p /siyuan/workspace
      chmod 1000:1000 /siyuan/workspace
      

      You might want to run chmod with "-R" for the parent directory /siyuan. It's hard to guess your problem with the little information you have provided.

      1 Reply
    • Visit all replies