Setting up siyuan with docker and exposing it with cloudflare

Hi all!

I'm new to everything siyuan and docker related and struggling to understand how to set it up so my workspace can be accessible from any computer browser with any network. I've tried the docker image for siyuan but keep running into the issue of permission denied when trying to run the container. If someone can help me step by step, or even images or a quick video would be extremely helpful. My OS is windows 10 Home (or 11 if need a more recent one)

Thank you in advance! ☺️☺️❤️

Edit: change title regarding vpn to cloudflare. I read that cloudflare would be a much easier way to expose the container rather than using a vpn, if anyone has advice or tips - please feel free to share

    1 Operate
    vivien updated this article at 2024-09-26 01:58:51

    Welcome to here!

    Here we can learn from each other how to use SiYuan, give feedback and suggestions, and build SiYuan together.

    Signup About
    Please input reply content ...
    • vivien
      PRO Author

      Nice to see another fellow starter to siyuan!

    • MiscReply
    • glaucon1984
      VIP Warrior

      If you want to access a machine in your home network from public internet you need a couple of things:

      • NAT, or more specifically, PAT (Port Address Translation). This has to be configured in your router and it will map the internal IP and port of the service you want published to the internet to a port on your public IP address. You must check your router manual to find out how to do this.
      • If your IP address is not static (most consumer-grade Internet services use a dynamic IP address) you probably will want to use a dynamic DNS service. Duck DNS is free and there are numerous solutions that will automate the process of updating your public IP address and map it to a domain name.

      With this you will expose SiYuan on public internet, for anybody to try and break the SiYuan password. So set a strong one. I personally put my infrastructure behind Authelia, which adds another layer of authentication, requiring me to grant access from an app in my smartphone (Duo).

      On top of that, all the traffic between any browser and SiYuan won't be encrypted, this means, HTTP instead of HTTPS, so the traffic can be inspected in transit. I personally use a reverse proxy, NGINX, to make the traffic secure with the use of signed certificates.

      As I told Eric, these are very advanced topics which are probably beyond the scope of this forum, but you have some key words to google about if you want to learn more about these topics.

    • glaucon1984
      VIP Warrior

      Usually the UID 1000 is assigned to the first user created, that's the user without privileges that "uses" the system (as you shouldn't be interacting with the system as root unless necessary).

      So the default "1000:1000" suggested is intended for your regular user being the one running docker. If you created a dedicated user for this purpose, that UID and GID should match the one of that user (maybe 1001?).

      You can list the UID of your users with:

      cut -d: -f1,3 /etc/passwd
      

      This is not a speciffic topic for SiYuan, it's a Docker topic and maybe the best forum to address docker permission issues spining containers is the source of the guide you used to install docker in your machine.

    • vivien
      PRO Author

      I did set it up that way initially and ot was quite simple but figured an exposed docker with a secure method would be the main way to go since my main case use is accessing and editing my notes outside my own devices and network (e.g. a library computer and network). If it can still be done via the settings method, please tell!

      I know exposing it to other networks might be less secure and siyuan is a privacy first app...but my notes are just housing my uni notes about anatomy so I'm not too fussed about security. If my notes are a bit less protected but easily accessible and my IP addresses and etc are secure then I'm perfectly content

      1 Reply
    • Visit all replies