====== ExcaliDash ======
[[https://github.com/ZimengXiong/ExcaliDash|ExcaliDash]] is a deploy of Excalidraw (the web based drawing board) wrapped around a server dashboard. Excalidraw is a client-side thing that will use local storage on you client web browser and has no support for server side storage, which means you cannot create and edit drawings and find them on a different device, when using basic Excalidraw. ExcaliDash fixes this problem.
===== Installation =====
As usual, you need to create the **excalidash** user:
useradd -d /data/daemons/excalidash -m excalidash
mkdir /data/excalidash
chown excalidash:excalidash /data/excalidash
Then, as user **excalidash**, create the following docker compose yaml (see [[https://raw.githubusercontent.com/ZimengXiong/ExcaliDash/main/docker-compose.prod.yml|this compose file here]]):
services:
backend:
image: zimengxiong/excalidash-backend:latest
container_name: excalidash-backend
environment:
- DATABASE_URL=file:/app/prisma/dev.db
- FRONTEND_URL=https://draw.mydomain.com
- PORT=8000
- NODE_ENV=production
- AUTH_MODE=${AUTH_MODE:-local}
# Keep disabled by default; only enable when a trusted proxy sanitizes forwarded headers.
- TRUST_PROXY=false
# Optional for single-instance deployments:
# if unset, backend auto-generates and persists one in the volume.
# Recommended to set explicitly for portability and multi-instance setups.
- JWT_SECRET=xxxxxxxxxxxxxxx
- CSRF_SECRET=xxxxxxxxxxxxxx
# Optional OIDC settings (required for AUTH_MODE=hybrid or oidc_enforced)
# - OIDC_PROVIDER_NAME=Authentik
# - OIDC_ISSUER_URL=https://auth.example.com/application/o/excalidash/
# - OIDC_CLIENT_ID=your-client-id
# - OIDC_CLIENT_SECRET=your-client-secret
# - OIDC_REDIRECT_URI=https://excalidash.example.com/api/auth/oidc/callback
volumes:
- /data/excalidash:/app/prisma
networks:
- excalidash-network
frontend:
image: zimengxiong/excalidash-frontend:latest
container_name: excalidash-frontend
ports:
- "5747:80"
depends_on:
- backend
networks:
- excalidash-network
networks:
excalidash-network: {}
Note that the two secrets above must be more than 32 char long.
Set a proper port (5747)for your needs, one that is free from all your other services.
And then pull the images:
su - excalidash
podman compose pull
===== Reverse Proxy =====
This is my recomended one for NGINX:
server {
server_name draw.mydomain.com;
listen 8443 ssl;
listen 443 ssl;
access_log /var/log/nginx/draw.mydomain.com_access_log main;
error_log /var/log/nginx/draw.mydomain.com_error_log info;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:5747;
proxy_redirect http:// https://;
}
include com.mydomain/certbot.conf;
}
===== Autostart =====
To start it, and set it up on boot, as usual follow my indications [[gentoo:containers|Using Containers on Gentoo]], so link the **user-containers** init script:
ln -s /etc/init.d/user-containers /etc/init.d/user-containers.excalidash
and create the following config file:
USER=excalidash
DESCRIPTION="The excalidash server"
Add the service to the default runlevel and start it now:
rc-update add user-containers.excalidash default
rc-service user-containers.excalidash start
===== Upgrade =====
Since it's using pdoman, stop the service then, as user **audiobookshelf**, run:
podman compose pull
and restart the service.