Silverbullet is an amazing and powerfull note taking app. It's actually incredibly more than that.
As usual you need a dedicated user:
useradd -d /data/daemons/silverbullet -m silverbullet -g users
Note that i am adding it to the users group because i want to share the notes (which are plain md files) via Syncthing later on.
Set umask to 0002 in bashrc, so that any md files created by Silverbullet will also be accessible to all users in users group:
echo "umask 0002" >> /data/saemons/silverbullet/.bashrc
Now, just download the latest release from Github releases page and unzip it:
su - silverbullet wget 'https://github.com/silverbulletmd/silverbullet/releases/download/ [[[X.Y.Z]]] /silverbullet-server-linux-x86_64.zip' unzip silverbullet-server-linux-x86_64.zip
And you are all set! You will need to define a folder to store the notes, i will assume it's /home/notes, but you can pick your path, and a port, i assume will be 8001, for the reverse proxy.
Silverbullet requires a dedicated subdomain, it will not work on subpath. I will assume it's notes.mydomain.com. Also, since Silverbullet do not manage authentication, i will show you how to use proxy authentication. Please refer to The Reverse Proxy concept for more details, specially on how to setup dual access: without authentication from inside your home, and authenticated from outside.
Here is the NGINX configuration file:
access_log /var/log/nginx/notes.mydomain.com_access_log main;
error_log /var/log/nginx/notes.mydomain.com_error_log info;
# login protected access from outside
server {
server_name notes.mydomain.com;
listen 8443 ssl;
http2 on;
include "com.mydomain/authelia_location.conf";
location / {
include "com.mydomain/authelia_proxy.conf";
include "com.mydomain/authelia_authrequest.conf";
if ($http_origin = ''){
set $http_origin "*";
}
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin $http_origin;
client_max_body_size 512M;
proxy_pass http://127.0.0.1:8001$uri;
}
}
# Manage direct request inside home network
# It's identical to the remote one, but it has no authentication
# HTTPS on port 443 for direct local connections
server {
server_name notes.mydomain.com;
listen 443 ssl;
http2 on;
location / {
if ($http_origin = ''){
set $http_origin "*";
}
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin $http_origin;
client_max_body_size 512M;
proxy_pass http://127.0.0.1:8001$uri;
}
}
Note: do not just copy and paste this file, you need to understand it and adapt where needed.
Since i use OpenRC, to start silverbullet simply create the following script under /etc/init.d:
#!/sbin/openrc-run
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
description="Silverbullet.md - personal note taking app"
pidfile="/run/silverbullet.pid"
command_background=true
command="/data/daemons/silverbullet/silverbullet"
command_args="/home/notes/ --hostname 127.0.0.1 --port 8001"
command_user="silverbullet:users"
depend() {
need net
}
Make it executable and add the service to the default runlevel:
chmod +x /etc/init.d/silverbullet rc-update add silverbullet default
Download new binary (see link above) and simply replace old one and restart service.