Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-12-24 00:59:55 +01:00
Code Issues Packages Projects Releases Activity

chore(edit-docs): move Markdown documentation outside src for now

Browse Source
This commit is contained in:
Elian Doran
2025-03-11 16:11:16 +02:00
parent 971b388d1a
commit f67e2ebcd5
292 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Docker Server Installation.md Normal file
View File

@@ -0,0 +1,119 @@
# Docker Server Installation
Official docker images are published on docker hub for **AMD64**, **ARMv7** and **ARM64/v8**: [https://hub.docker.com/r/triliumnext/notes/](https://hub.docker.com/r/triliumnext/notes/)
## Prerequisites
Ensure Docker is installed on your system.
If you need help installing Docker, reference the [Docker Installation Docs](https://docs.docker.com/engine/install/)
**Note:** Trilium's Docker container requires root privileges to operate correctly.
> \[!WARNING\] If you're using a SMB/CIFS share or folder as your Trilium data directory, [you'll need](https://github.com/TriliumNext/Notes/issues/415#issuecomment-2344824400) to add the mount options of `nobrl` and `noperm` when mounting your SMB share.
## Running with Docker Compose
### Grab the latest docker-compose.yml:
```
wget https://raw.githubusercontent.com/TriliumNext/Notes/master/docker-compose.yml
```
Optionally, edit the `docker-compose.yml` file to configure the container settings prior to starting it. Unless configured otherwise, the data directory will be `~/trilium-data` and the container will be accessible at port 8080.
### Start the container:
Run the following command to start the container in the background:
```
docker compose up -d
```
## Running without Docker Compose / Further Configuration
### Pulling the Docker Image
To pull the image, use the following command, replacing `[VERSION]` with the desired version or tag, such as `v0.91.6` or just `latest`. (See published tag names at [https://hub.docker.com/r/triliumnext/notes/tags](https://hub.docker.com/r/triliumnext/notes/tags).):
```
docker pull triliumnext/notes:v0.91.6
```
**Warning:** Avoid using the "latest" tag, as it may automatically upgrade your instance to a new minor version, potentially disrupting sync setups or causing other issues.
### Preparing the Data Directory
Trilium requires a directory on the host system to store its data. This directory must be mounted into the Docker container with write permissions.
### Running the Docker Container
#### Local Access Only
Run the container to make it accessible only from the localhost. This setup is suitable for testing or when using a proxy server like Nginx or Apache.
```
sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]
```
1. Verify the container is running using `docker ps`.
2. Access Trilium via a web browser at `127.0.0.1:8080`.
#### Local Network Access
To make the container accessible only on your local network, first create a new Docker network:
```
docker network create -d macvlan -o parent=eth0 --subnet 192.168.2.0/24 --gateway 192.168.2.254 --ip-range 192.168.2.252/27 mynet
```
Then, run the container with the network settings:
```
docker run --net=mynet -d -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:-latest
```
To set a different user ID (UID) and group ID (GID) for the saved data, use the `USER_UID` and `USER_GID` environment variables:
```
docker run --net=mynet -d -p 127.0.0.1:8080:8080 -e "USER_UID=1001" -e "USER_GID=1001" -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:-latest
```
Find the local IP address using `docker inspect [container_name]` and access the service from devices on the local network.
```
docker ps
docker inspect [container_name]
```
#### Global Access
To allow access from any IP address, run the container as follows:
```
docker run -d -p 0.0.0.0:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]
```
Stop the container with `docker stop <CONTAINER ID>`, where the container ID is obtained from `docker ps`.
### Custom Data Directory
For a custom data directory, use:
```
-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/notes:[VERSION]
```
If you want to run your instance in a non-default way, please use the volume switch as follows: `-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/notes:<VERSION>`. It is important to be aware of how Docker works for volumes, with the first path being your own and the second the one to virtually bind to. [https://docs.docker.com/storage/volumes/](https://docs.docker.com/storage/volumes/) The path before the colon is the host directory, and the path after the colon is the container's path. More details can be found in the [Docker Volumes Documentation](https://docs.docker.com/storage/volumes/).
## Reverse Proxy
1. [Nginx](../2.%20Reverse%20proxy/Nginx.md)
2. [Apache](../2.%20Reverse%20proxy/Apache.md)
### Note on --user Directive
The `--user` directive is unsupported. Instead, use the `USER_UID` and `USER_GID` environment variables to set the appropriate user and group IDs.
### Note on timezones
If you are having timezone issues and you are not using docker-compose, you may need to add a `TZ` environment variable with the [TZ identifier](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) of your local timezone.

36
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Kubernetes server installation.md Normal file
View File

@@ -0,0 +1,36 @@
# Kubernetes server installation
As Trilium can be run in Docker it also can be deployed in Kubernetes. You can either use our Helm chart, a community Helm chart, or roll your own Kubernetes deployment.
The recommended way is to use a Helm chart.
## Root privileges
> \[!NOTE\]
> The Trilium container at this time needs to be run with root privileges. It will swap to UID and GID `1000:1000` to run the `node` process after execution though, so the main process doesn't run with root privileges.
The Trilium docker container needs to be run with root privileges. The node process inside the container will be started with reduced privileges (uid:gid 1000:1000) after some initialization logic. Please make sure that you don't use a security context (PodSecurityContext) which changes the user ID. To use a different uid:gid for file storage and the application, please use the `USER_UID` & `USER_GID` environment variables.
The docker image will also fix the permissions of `/home/node` so you don't have to use an init container.
## Helm Charts
[Official Helm chart](https://github.com/TriliumNext/helm-charts) from TriliumNext Unofficial helm chart by [ohdearaugustin](https://github.com/ohdearaugustin): [https://github.com/ohdearaugustin/charts](https://github.com/ohdearaugustin/charts)
## Adding a Helm repository
Below is an example of how
```
helm repo add trilium https://triliumnext.github.io/helm-charts
"trilium" has been added to your repositories
```
## How to install a chart
After reviewing the [`values.yaml`](https://github.com/TriliumNext/helm-charts/blob/main/charts/trilium/values.yaml) from the Helm chart, modifying as required and then creating your own:
```
helm install --create-namespace --namespace trilium trilium trilium/trilium -f values.yaml
```
For more information on using Helm, please refer to the Helm documentation, or create a Discussion in the TriliumNext GitHub Organization.

62
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Manual server installation.md Normal file
View File

@@ -0,0 +1,62 @@
# Manual server installation
This page describes manually installing Trilium on your server. **Note that this is a not well supported way to install Trilium, problems may appear, information laid out here is quite out of date. It is recommended to use either Docker or packaged build installation.**
## Requirements
Trilium is a node.js application. Supported (tested) version of node.js is latest 14.X.X and 16.X.X. Trilium might work with older versions as well.
You can check your node version with this command (node.js needs to be installed):
```
node --version
```
If your Linux distribution has only an outdated version of node.js, you can take a look at the installation instruction on node.js website, which covers most popular distributions.
### Dependencies
There are some dependencies required. You can see command for Debian and its derivatives (like Ubuntu) below:
```
sudo apt install libpng16-16 libpng-dev pkg-config autoconf libtool build-essential nasm libx11-dev libxkbfile-dev
```
## Installation
### Download
You can either download source code zip/tar from [https://github.com/TriliumNext/Notes/releases/latest\]\]](https://github.com/TriliumNext/Notes/releases/latest%5D%5D) %%{WARNING}%%or clone git repository **from stable branch** with
```
git clone -b stable https://github.com/triliumnext/notes.git %%{WARNING}%%
```
## Installation
```
cd trilium
# download all node dependencies
npm install
# make sure the better-sqlite3 binary is there
npm rebuild
# bundles & minifies frontend JavaScript
npm run webpack
```
## Run
```
cd trilium
# using nohup to make sure trilium keeps running after user logs out
nohup TRILIUM_ENV=dev node src/www &
```
The application by default starts up on port 8080, so you can open your browser and navigate to [http://localhost:8080](http://localhost:8080) to access Trilium (replace "localhost" with your hostname).
## TLS
Don't forget to [configure TLS](../TLS%20Configuration.md) which is required for secure usage!

25
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/NixOS server installation.md Normal file
View File

@@ -0,0 +1,25 @@
# NixOS server installation
This page describes configuring the Trilium module included in NixOS.
## Requirements
[NixOS](https://nixos.org/) installation.
## Configuration
Add this to your `configuration.nix`:
```
services.trilium-server.enable = true;
# default data directory: /var/lib/trilium
#services.trilium-server.dataDir = "/var/lib/trilium-sync-server";
# default bind address: 127.0.0.1, port 8080
#services.trilium-server.host = "0.0.0.0";
#services.trilium-server.port = 12783;
```
Uncomment any option you would like to change.
See the [NixOS options list](https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=trilium-server) for more options (including nginx reverse proxy configuration).

79
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Packaged server installation.md Normal file
View File

@@ -0,0 +1,79 @@
# Packaged server installation
This is essentially Trilium sources + node modules + node.js runtime packaged into one 7z file.
## Steps
* ssh into your server
* use `wget` (or `curl` or whatever) to download latest [trilium-linux-x64-server-\[VERSION\].xz](https://github.com/TriliumNext/Notes/releases/latest)%%{WARNING}%% (notice -server suffix) on your server
* unpack the archive, e.g. using `tar -xf -d trilium-linux-x64-server-[VERSION].tar.xz`
* `cd trilium-linux-x64-server`
* `./trilium.sh`
* you can open the browser and open http://\[your-server-hostname\]:8080 and you should see Trilium initialization page
The problem with above steps is that once you close the SSH connection, the Trilium process is terminated. To avoid that, you have two options:
* Kill it (with e.g. `CTRL-C`) and run again like this: `nohup ./trilium &`.
* Configure systemd to automatically run Trilium in the background on every boot
## Configure Trilium to auto-run on boot with systemd
* After downloading, extract and move Trilium:
```
tar -xvf trilium-linux-x64-server-[VERSION].tar.xz
sudo mv trilium-linux-x64-server /opt/trilium
```
* Create the service:
```
sudo nano /etc/systemd/system/trilium.service
```
* Paste this into the file (replace the user and group as needed):
```
[Unit]
Description=Trilium Daemon
After=syslog.target network.target
[Service]
User=xxx
Group=xxx
Type=simple
ExecStart=/opt/trilium/trilium.sh
WorkingDirectory=/opt/trilium/
TimeoutStopSec=20
# KillMode=process leads to error, according to https://www.freedesktop.org/software/systemd/man/systemd.kill.html
Restart=always
[Install]
WantedBy=multi-user.target
```
* Save the file (CTRL-S) and exit (CTRL-X)
* Enable and launch the service:
```
sudo systemctl enable --now -q trilium
```
* You can now open a browser to http://\[your-server-hostname\]:8080 and you should see the Trilium initialization page.
## Common issues
### Outdated glibc
```
Error: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /var/www/virtual/.../node_modules/@mlink/scrypt/build/Release/scrypt.node)
at Object.Module._extensions..node (module.js:681:18)
at Module.load (module.js:565:32)
at tryModuleLoad (module.js:505:12)
```
If you get an error like this, you need to either upgrade your glibc (typically by upgrading to up-to-date distribution version) or use some other [server installation](../../Server%20Installation.md) method.
## TLS
Don't forget to [configure TLS](../TLS%20Configuration.md), which is required for secure usage!

84
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Apache.md Normal file
View File

@@ -0,0 +1,84 @@
# Apache
I've assumed you have created a DNS A record for `trilium.yourdomain.com` that you want to use for your Trilium server.
1. Download docker image and create container
```
docker pull triliumnext/notes:[VERSION]
docker create --name trilium -t -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]
```
2. Configure Apache proxy and websocket proxy
1. Enable apache proxy modules
```
a2enmod ssl
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel
```
2. Create a new let's encrypt certificate
```
sudo certbot certonly -d trilium.mydomain.com
```
Choose standalone (2) and note the location of the created certificates (typically /etc/letsencrypt/live/...)
3. Create a new virtual host file for apache (you may want to use `apachectl -S` to determine the server root location, mine is /etc/apache2)
```
sudo nano /etc/apache2/sites-available/trilium.yourdomain.com.conf
```
Paste (and customize) the following text into the configuration file
```
ServerName http://trilium.yourdomain.com
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ServerName https://trilium.yourdomain.com
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
SSLCertificateFile /etc/letsencrypt/live/trilium.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/trilium.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
```
4. Enable the virtual host with `sudo a2ensite trilium.yourdomain.com.conf`
5. Reload apache2 with `sudo systemctl reload apache2`
3. Create and enable a systemd service to start the docker container on boot
1. Create a new empty file called `/lib/systemd/system/trilium.service` with the contents
```
[Unit]
Description=Trilium Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a trilium
ExecStop=/usr/bin/docker stop -t 2 trilium
[Install]
WantedBy=local.target
```
2. Install, enable and start service
```
sudo systemctl daemon-reload
sudo systemctl enable trilium.service
sudo systemctl start trilium.service
```

51
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.md Normal file
View File

@@ -0,0 +1,51 @@
# Nginx
Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
1. Download Nginx and remove Apache2
```sh
sudo apt-get install nginx
sudo apt-get remove apache2
```
2. Create configure file
```sh
cd /etc/nginx/conf.d
vim default.conf
```
3. Fill the file with the context shown below, part of the setting show be changed. Then you can enjoy your web with HTTPS forced and proxy.
```conf
# This part is for proxy and HTTPS configure
server {
listen 443 ssl;
server_name trilium.example.net; #change trilium.example.net to your domain without HTTPS or HTTP.
ssl_certificate /etc/ssl/note/example.crt; #change /etc/ssl/note/example.crt to your path of crt file.
ssl_certificate_key /etc/ssl/note/example.net.key; #change /etc/ssl/note/example.net.key to your path of key file.
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log; #check the path of access.log, if it doesn't fit your file, change it
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
}
}
# This part is for HTTPS forced
server {
listen 80;
server_name trilium.example.net; # change to your domain
return 301 https://$server_name$request_uri;
}
```

86
docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md Normal file
View File

@@ -0,0 +1,86 @@
# Multi-Factor Authentication
**Note: This feature has not been merged yet, so it is not available.**
Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or account. This adds an extra layer of protection beyond just using a password.
By requiring more than one verification method, MFA helps reduce the risk of unauthorized access, even if someone has obtained your password. Its highly recommended for securing sensitive information stored in your notes.
Warning! OpenID and TOTP cannot be both used at the same time!
## Log in with your Google Account with OpenID!
OpenID is a standardized way to let you log into websites using an account from another service, like Google, to verify your identity.
## Why Time-based One Time Passwords?
TOTP (Time-Based One-Time Password) is a security feature that generates a unique, temporary code on your device, like a smartphone, which changes every 30 seconds. You use this code, along with your password, to log into your account, making it much harder for anyone else to access them.
## Setup
### TOTP
1. Start Trilium Notes normally.
2. Go to "Menu" -> "Options" -> "MFA"
3. Click the "Generate TOTP Secret" button
4. Copy the generated secret to your authentication app/extension
5. Set an environment variable "TOTP\_SECRET" as the generated secret. Environment variables can be set with a .env file in the root directory, by defining them in the command line, or with a docker container.
```
# .env in the project root directory
TOTP_ENABLED="true"
TOTP_SECRET="secret"
```
```
# Terminal/CLI
export TOTP_ENABLED="true"
export TOTP_SECRET="secret"
```
```
# Docker
docker run -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e TOTP_ENABLED="true" -e TOTP_SECRET="secret" triliumnext/notes:[VERSION]
```
6. Restart Trilium
7. Go to "Options" -> "MFA"
8. Click the "Generate Recovery Codes" button
9. Save the recovery codes. Recovery codes can be used once in place of the TOTP if you loose access to your authenticator. After a rerecovery code is used, it will show the unix timestamp when it was used in the MFA options tab.
10. Load the secret into an authentication app like google authenticator
### OpenID
_Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added._
In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
Set an environment variable "SSO\_ENABLED" to true and add the client ID and secret you obtained from google. Environment variables can be set with a .env file in the root directory, by defining them in the command line, or with a docker container.
#### .env File
```
# .env in the project root directory
SSO_ENABLED="true"
BASE_URL="http://localhost:8080"
CLIENT_ID=
SECRET=
```
#### Environment variable (linux)
```
export SSO_ENABLED="true"
export BASE_URL="http://localhost:8080"
export CLIENT_ID=
export SECRET=
```
#### Docker
```
docker run -d -p 8080:8080 -v ~/trilium-data:/home/node/trilium-data -e SSO_ENABLED="true" -e BASE_URL="http://localhost:8080" -e CLIENT_ID= -e SECRET= triliumnext/notes:[VERSION]
```
After you restart Trilium Notes, you will be redirected to Google's account selection page. Login to an account and Trilium Next will bind to that account, allowing you to login with it.
You can now login using your google account.

0
docs/User Guide/User Guide/Installation & Setup/Server Installation/Reverse proxy setup.md Normal file
View File

47
docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md Normal file
View File

@@ -0,0 +1,47 @@
# TLS Configuration
Configuring TLS is essential for [server installation](../Server%20Installation.md) in Trilium. This guide details the steps to set up TLS within Trilium itself.
For a more robust solution, consider using TLS termination with a reverse proxy (recommended, e.g., Nginx). You can follow a [guide like this](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04) for such setups.
## Obtaining a TLS Certificate
You have two options for obtaining a TLS certificate:
* **Recommended**: Obtain a TLS certificate signed by a root certificate authority. For personal use, [Let's Encrypt](https://letsencrypt.org) is an excellent choice. It is free, automated, and straightforward. Certbot can facilitate automatic TLS setup.
* Generate a self-signed certificate. This option is not recommended due to the additional complexity of importing the certificate into all machines connecting to the server.
## Modifying `config.ini`
Once you have your certificate, modify the `config.ini` file in the [data directory](../Data%20directory.md) to configure Trilium to use it:
```
[Network]
port=8080
# Set to true for TLS/SSL/HTTPS (secure), false for HTTP (insecure).
https=true
# Path to the certificate (run "bash bin/generate-cert.sh" to generate a self-signed certificate).
# Relevant only if https=true
certPath=/[username]/.acme.sh/[hostname]/fullchain.cer
keyPath=/[username]/.acme.sh/[hostname]/example.com.key
```
You can also review the [configuration](../../Advanced%20Usage/Configuration%20\(config.ini%20or%20e.md) file to provide all `config.ini` values as environment variables instead.
The above example shows how this is set up in an environment where the certificate was generated using Let's Encrypt's ACME utility. Your paths may differ. For Docker installations, ensure these paths are within a volume or another directory accessible by the Docker container, such as `/home/node/trilium-data/[DIR IN DATA DIRECTORY]`.
After configuring `config.ini`, restart Trilium and access the hostname using "https".
## Self-Signed Certificate
If you opt to use a self-signed certificate for your server instance, note that the desktop instance will not trust it by default.
To bypass this, disable certificate validation by setting the following environment variable (for Linux):
```
export NODE_TLS_REJECT_UNAUTHORIZED=0
trilium
```
Trilium provides scripts to start in this mode, such as `trilium-no-cert-check.bat` for Windows.
**Warning**: Disabling TLS certificate validation is insecure. Proceed only if you fully understand the implications.