Miroir du dépôt Etherpad-lite. https://etherpad.org/
Find a file
muxator a817acbbcc security: when served over https, set the "secure" flag for "express_sid" and "language" cookie
The mechanism used for determining if the application is being served over SSL
is wrapped by the "express-session" library for "express_sid", and manual for
the "language" cookie, but it's very similar in both cases.

The "secure" flag is set if one of these is true:

1. we are directly serving Etherpad over SSL using the native nodejs
   functionality, via the "ssl" options in settings.json

2. Etherpad is being served in plaintext by nodejs, but we are using a reverse
   proxy for terminating the SSL for us;
   In this case, the user has to be instructed to properly set trustProxy: true
   in settings.json, and the information wheter the application is over SSL or
   not will be extracted from the X-Forwarded-Proto HTTP header.

Please note that this will not be compatible with applications being served over
http and https at the same time.

The change on webaccess.js amends 009b61b338, which did not work when the SSL
termination was performed by a reverse proxy.

Reference for automatic "express_sid" configuration:
https://github.com/expressjs/session/blob/v1.17.0/README.md#cookiesecure

Closes #3561.
2019-12-07 04:36:01 +01:00
bin startup scripts: get rid of $* and replace it with properly quoted "$@" 2019-12-01 01:52:32 +01:00
doc security: when served over https, set the "secure" flag for "express_sid" and "language" cookie 2019-12-07 04:36:01 +01:00
src security: when served over https, set the "secure" flag for "express_sid" and "language" cookie 2019-12-07 04:36:01 +01:00
tests formatting: bulk remove trailing whitespaces 2019-10-20 02:09:22 +02:00
var Minify and compress JS & CSS before sending it 2011-05-28 18:09:17 +01:00
.dockerignore docker: build from the local working directory 2019-11-08 22:56:30 +01:00
.gitignore docker: enable environment variables settings by default 2019-10-19 02:39:20 +02:00
.travis.yml updated nodejs version for travisci 2018-08-27 10:52:22 +02:00
CHANGELOG.md security: when served over https, set the "secure" flag for "express_sid" and "language" cookie 2019-12-07 04:36:01 +01:00
CONTRIBUTING.md formatting: bulk remove trailing whitespaces 2019-10-20 02:09:22 +02:00
Dockerfile docker: Set the home directory for the user 2019-12-02 22:14:11 +01:00
LICENSE Update LICENSE 2013-06-26 23:34:35 +01:00
Makefile Typos and minor fixes in bin, doc, and root 2017-09-14 13:33:27 +02:00
README.md Adds a badge/ link to the dockerhub path where this image is published 2019-12-05 21:09:37 +01:00
settings.json.docker security: when served over https, set the "secure" flag for "express_sid" and "language" cookie 2019-12-07 04:36:01 +01:00
settings.json.template security: when served over https, set the "secure" flag for "express_sid" and "language" cookie 2019-12-07 04:36:01 +01:00
start.bat formatting: normalized line termination of start.bat 2019-10-20 02:59:48 +02:00

A real-time collaborative editor for the web

Docker Pulls Demo Etherpad Animated Jif

About

Etherpad is a real-time collaborative editor scalable to thousands of simultaneous real time users. It provides full data export capabilities, and runs on your server, under your control.

Try it out

Installation

Requirements

  • nodejs >= 8.9.0 (preferred: nodejs >= 10.13.0). Please note that starting Jan 1st, 2020, nodejs 8.x is deprecated.

GNU/Linux and other UNIX-like systems

Quick install on Debian/Ubuntu

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt install -y nodejs
git clone --branch master https://github.com/ether/etherpad-lite.git && cd etherpad-lite && bin/run.sh

Manual install

You'll need git and node.js installed (minimum required Node version: 8.9.0, preferred: >= 10.13.0).

As any user (we recommend creating a separate user called etherpad):

  1. Move to a folder where you want to install Etherpad. Clone the git repository: git clone --branch master git://github.com/ether/etherpad-lite.git
  2. Change into the new directory containing the cloned source code: cd etherpad-lite
  3. run bin/run.sh and open http://127.0.0.1:9001 in your browser.

To update to the latest released version, execute git pull origin. The next start with bin/run.sh will update the dependencies.

Next steps.

Windows

Prebuilt Windows package

This package runs on any Windows machine, but for development purposes, please do a manual install.

  1. Download the latest Windows package
  2. Extract the folder

Run start.bat and open http://localhost:9001 in your browser. You like it? Next steps.

Manually install on Windows

You'll need node.js and (optionally, though recommended) git.

  1. Grab the source, either
  1. start bin\installOnWindows.bat

Now, run start.bat and open http://localhost:9001 in your browser.

Update to the latest version with git pull origin, then run bin\installOnWindows.bat, again.

If cloning to a subdirectory within another project, you may need to do the following:

  1. Start the server manually (e.g. node/node_modules/ep_etherpad-lite/node/server.js)
  2. Edit the db filename in settings.json to the relative directory with the file (e.g. application/lib/etherpad-lite/var/dirty.db)
  3. Add auto-generated files to the main project .gitignore

Docker container

Find here information on running Etherpad in a container.

Next Steps

Tweak the settings

You can modify the settings in settings.json. If you need to handle multiple settings files, you can pass the path to a settings file to bin/run.sh using the -s|--settings option: this allows you to run multiple Etherpad instances from the same installation. Similarly, --credentials can be used to give a settings override file, --apikey to give a different APIKEY.txt file and --sessionkey to give a non-default SESSIONKEY.txt. Each configuration parameter can also be set via an environment variable, using the syntax "${ENV_VAR}" or "${ENV_VAR:default_value}". For details, refer to settings.json.template. Once you have access to your /admin section settings can be modified through the web browser.

If you are planning to use Etherpad in a production environment, you should use a dedicated database such as mysql, since the dirtyDB database driver is only for testing and/or development purposes.

Secure your installation

If you have enabled authentication in users section in settings.json, it is a good security practice to store hashes instead of plain text passwords in that file. This is especially advised if you are running a production installation.

Please install ep_hash_auth plugin and configure it. If you prefer, ep_hash_auth also gives you the option of storing the users in a custom directory in the file system, without having to edit settings.json and restart Etherpad each time.

Plugins and themes

Etherpad is very customizable through plugins. Instructions for installing themes and plugins can be found in the plugin wiki article.

Helpful resources

The wiki is your one-stop resource for Tutorials and How-to's.

Documentation can be found in doc/.

Development

Things you should know

You can debug Etherpad using bin/debugRun.sh.

If you want to find out how Etherpad's Easysync works (the library that makes it really realtime), start with this PDF (complex, but worth reading).

Contributing

Read our Developer Guidelines

Get in touch

The official channel for contacting the development team is via the Github issues.

For responsible disclosure of vulnerabilities, please write a mail to the maintainer (a.mux@inwind.it).

HTTP API

Etherpad is designed to be easily embeddable and provides a HTTP API that allows your web application to manage pads, users and groups. It is recommended to use the available client implementations in order to interact with this API.

jQuery plugin

There is a jQuery plugin that helps you to embed Pads into your website.

Plugin Framework

Etherpad offers a plugin framework, allowing you to easily add your own features. By default your Etherpad is extremely light-weight and it's up to you to customize your experience. Once you have Etherpad installed you should visit the plugin page and take control.

Translations / Localizations (i18n / l10n)

Etherpad comes with translations into all languages thanks to the team at TranslateWiki.

FAQ

Visit the FAQ.

License

Apache License v2