A Parsec-compatible distribution of CryptPad for self-hosted (on-premise) deployments.
This repository packages a specific version of CryptPad together with the customizations required for integration with Parsec, and provides two installation methods: direct install (Node.js) and Docker.
We recommend that you install CryptPad using Docker
docker pull ghcr.io/scille/cryptpad-server/cryptpad:latest-
Download our built server from the latest release:
Download the asset
cryptpad-server.zipfrom the release:You can use GitHub CLI to download the archive from the latest release:
gh release download --pattern cryptpad-server.zip
Once the archive obtained, extract it:
unzip -d cryptpad cryptpad-server.zip
-
Start the container with:
docker run -d \ --name cryptpad-server \ --restart unless-stopped \ -p 3000:3000 -p 3003:3003 \ -v cryptpad_data:/app/cryptpad/data \ -v cryptpad_datastore:/app/cryptpad/datastore \ -v cryptpad_blob:/app/cryptpad/blob \ -v cryptpad_block:/app/cryptpad/block \ -v cryptpad_customize:/app/cryptpad/customize \ --env-file .env \ ghcr.io/scille/cryptpad-server/cryptpad:latest
Note
The command configures some paths that need to be persisted
-
We provide a minimal
docker-composestack here: docker-compose.yml.docker compose -f ./docker-compose.yml up
The stack will expose the service through the port
3000(main) and3003(websocket) by default.[!NOTE] The stack will automatically create volume for the data that need to be made persistent
-
Go into the
cryptpaddirectorycd cryptpad[!NOTE] You obtained the
cryptpaddirectory after following the instructions to install CryptPad without Docker. -
Start the server:
You can either:
-
Do it with
npm:npm run start
-
Or directly with
nodejs:node server.js
-
For a more permanent solution, you can use PM2 to manage the process:
npm install -g pm2
# Start
pm2 start cryptpad/server.js --name cryptpad
# Make it restart automatically on system boot
pm2 startup # follow the printed instruction (one sudo command)
pm2 save
# Useful commands
pm2 status # check running processes
pm2 logs cryptpad # follow logs
pm2 restart cryptpad
pm2 stop cryptpadWe also provide a systemd unit file as an example that can be found here: scripts/cryptpad-server.service.
-
Node.js v22
-
npm v10+
-
Git
-
Linux/macOS:
rsync,unzip,rdfindIf you're on a Linux disto similar to Debian/Ubuntu, we provide an Aptfile with the dependencies
sudo apt-get install -y $(cat Aptfile) -
For OnlyOffice support:
unzip
-
Ensure you fill the build's prerequisites
-
Clone this repository
git clone https://github.com/Scille/cryptpad-server.git cd cryptpad-server -
Build
npm run build
The build script will:
- Clone the CryptPad source at the pinned commit
- Install Node.js dependencies
- Build frontend assets
- Install OnlyOffice (unless skipped)
- Copy the Parsec customizations from
./resources/into the CryptPad directory (./cryptpad)
- Git
- Docker
Build the Docker image from sources:
-
Clone this repository:
git clone https://github.com/Scille/cryptpad-server.git
-
Build using Docker:
docker build -t cryptpad-server .[!NOTE] We build the image and assign it the tag
cryptpad-server, feel free to change it and/or add tags.
CryptPad needs some env variables to be able to work correctly and to customize it.
We provide an example env file which provide a start point:
cp .env.example .envBut you need to edit that file to set at least
CRYPTPAD_HTTP_UNSAFE_ORIGINCRYPTPAD_HTTP_SAFE_ORIGIN
All variables are optional. Defaults are suited for local development (localhost:3000).
| Variable | Default | Description |
|---|---|---|
PORT |
3000 |
Port the server will listen to |
WEBSOCKET_PORT |
3003 |
The port the server uses to listen to websocket |
CRYPTPAD_HTTP_UNSAFE_ORIGIN |
http://localhost:3000 |
Main URL clients use to reach CryptPad |
CRYPTPAD_HTTP_SAFE_ORIGIN |
http://safe.localhost:3000 |
Sandbox URL (must be a different domain/subdomain in production) |
CRYPTPAD_HTTP_ADDRESS |
localhost |
Address the Node.js server binds to (0.0.0.0 to accept external connections) |
CRYPTPAD_CUSTOM_PROTOCOL |
parsec-desktop: |
Custom protocol for Parsec CSP integration |
CRYPTPAD_MAX_WORKERS |
(all cores) | Maximum number of worker processes |
CRYPTPAD_DATASTORE_PATH |
./datastore |
Folder where cryptpad will store document |
CRYPTPAD_DATA_PATH |
./data |
Folder where CryptPad will store its data |
CRYPTPAD_BLOCK_PATH |
./block |
Folder where will reside users' authenticated blocks |
CRYPTPAD_BLOB_PATH |
./blob |
Folder where are stored encrypted blob |
CRYPTPAD_LOG_PATH |
{{ CRYPTPAD_DATA_PATH }}/logs |
Folder where log files are located |
Important
CRYPTPAD_HTTP_SAFE_ORIGIN must point to a different domain or subdomain than CRYPTPAD_HTTP_UNSAFE_ORIGIN.
Using the same domain will break the CryptPad sandboxing model.
The following paths need to be persisted across restarts:
| Path | Content |
|---|---|
CRYPTPAD_DATA_PATH |
Server state (user accounts, quota, etc.) |
CRYPTPAD_DATASTORE_PATH |
Encrypted document storage |
CRYPTPAD_BLOB_PATH |
Binary files |
CRYPTPAD_BLOCK_PATH |
Login blocks |
./customize (relative to cryptpad folder) |
Runtime customizations |
resources/
config/config.js # CryptPad server configuration (env-var driven)
customize/ # UI overrides (theme, branding, Parsec integration)
www/frame.js # Parsec iframe integration layer
www/frame.html # Host page for the iframe integration
lib/ # Server-side helpers
scripts/
build.sh # Entry point — detects OS and delegates
build_unix.sh # Linux/macOS build
build_darwin.sh # macOS build
build_windows.sh # Windows (Git Bash) build
clone_cryptpad.sh # Clones CryptPad at the pinned commit
dev_start.sh # Convenience script for local development
cryptpad-server.service # systemd unit file for production
nginx.example.conf # nginx reverse proxy example config