HedgeDoc

This repository contains HedgeDoc – a real-time collaborative markdown editor.

Setup instructions

1. Copy .env.example to .env and fill in the values:

   cp .env.example .env
   

   Generate the session secret with openssl rand -hex 32 and set CMD_DOMAIN.

2. Start the stack:

   docker compose up -d
   

Setup a host in Caddy pointing to port 3000.

# EXTERNAL SERVICE WITH CLOUDFLARE PROXY #

https://pad.example.com {

    # import logging
    import cloudflare
    import tls
    import compression
    import header

    handle @cloudflare {
        reverse_proxy hedgedoc-app-1:3000
    }
    respond 403
}

Login via Pocket ID (OIDC)

HedgeDoc 1.x has no native OIDC discovery, but Pocket ID can be connected through the generic OAuth2 provider (endpoints are set manually in .env).

1. In Pocket ID, create an OIDC client with the callback URL:

   https://<CMD_DOMAIN>/auth/oauth2/callback
   

2. Copy the generated client ID/secret into CMD_OAUTH2_CLIENT_ID / CMD_OAUTH2_CLIENT_SECRET and set the *_URL variables to your Pocket ID domain (see .env.example).

All other OAuth2 settings (scope, attribute mappings, provider name) are fixed in docker-compose.yml.

Backups

The PostgreSQL database is dumped daily at 01:00 via Ofelia (pg_dumpall to /var/lib/postgresql/backup.sql inside the db_data volume).