How to Create Your Own Self-Hosted Office 365 with Cryptpad

A person typing on a laptop keyboard.

Cryptpad is an open-source office suite program that you can self host on your server. It is similar to Office 365 that allows you to access an office suite right from the browser. The main difference is that Cryptpad focuses on user privacy and allows you to create and share documents without the risk of leaking any personal information.

This tutorial shows how to install Cryptpad on your server, how Cryptpad works and how you can create your first user account.

What Is Cryptpad and Why Should You Use It?

Cryptpad is an online office suite that provides you with a privacy-oriented alternative for collaborative document editing. Similar to online suites, such as Office 365 and Google Docs, it allows you to create and share documents with other people over the Internet.

A basic Cryptpad Wordpad session.

One of the biggest advantages of Cryptpad over Office 365 is that it is fully end-to-end encrypted. Only you and your collaborators can access the document that you are editing, which could be useful when sharing documents that contain sensitive information with other people.

Cryptpad also excels over Office 365 in that you can fully self-host it on your own hardware. This is especially helpful if you are concerned about storing your information on a third-party provider.

Do you know: uou can easily share a Google Docs document over email.


Before you can install Cryptpad, you need to make sure that you have the following resources ready:

  • Machine that is accessible from an outside network
  • At least 2GB of RAM and 20GB of storage
  • Domain name (and a sub-domain name) pointing to your server’s IP address

Note: this tutorial was created on an Ubuntu VPS from Digitalocean.

A window showing the Digitalocean droplet's information.

Tip: while Cryptpad will work from a stock VPS, its developers highly recommend that you also secure your Linux server before installing the program.

Installing Cryptpad

  1. Install the dependencies of Cryptpad:
sudo gpasswd -a www-data ramces
sudo apt install git nodejs npm nginx certbot python3-certbot-nginx
A terminal window showing the dependencies of Cryptpad.
  1. Clone the program’s source code from its repository:
git clone cryptpad
A terminal window showing a git clone.
  1. Go inside the repository and switch to the latest branch:
cd cryptpad
git checkout -b 5.2.1
A terminal window showing a git branch switch.
  1. Use npm to install Bower, a package manager that helps install some of the libraries that Cryptpad needs.
sudo npm install -g bower
A terminal window showing the bower install process.
  1. Install the Cryptpad binary by running both npm and bower inside the repository.
npm install
bower install
A terminal window showing the Cryptpad install process.

Good to know: you don’t need Microsoft Office to open and view a docx file. learn about other ways to open the docx file you have.

Configuring the SSL Certificate

Once Cryptpad is in your machine, you can run Certbot to create the certificate for your instance:

sudo certbot certonly --standalone

This will bring up a prompt that asks for your email address.

A terminal window showing certbot asking for an email address.

The Certbot utility will ask for the domains that you want to link to your certificate. Enter both the root and subdomain.

A section of a terminal window that shows certbot asking for the domain names.

Create a Diffie-Hellman parameter file for your instance. This is a security measure that the developers require to ensure that your instance is secure.

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

Good to know: you can learn more about OpenSSL and TLS by creating your own self-signed certificate.

Configuring Nginx

To configure Nginx to serve Cryptpad to your domain, you can make use of the example config file provided by the developers.

sudo cp /home/$USER/cryptpad/docs/example.nginx.conf /etc/nginx/conf.d/cryptpad.conf
A terminal window showing the template copy command.

Modify your new configuration file with a text editor.

sudo nano /etc/nginx/conf.d/cryptpad.conf

Change some variables to make this file work. First, comment the include letsencrypt-webroot; line.

A section of a terminal window showing the webroot line disabled.

Next, modify both the $main_domain and $sandbox_domain variables. The former should contain your root domain, while the latter should contain your subdomain.

A section of a terminal window that shows the domain variables.

Also modify $api_domain and $files_domain. Unlike the ones above, you only need to change them to your machine’s root domain.

A section of a terminal window that shows another set of domain variables.

Change the server_name variable to both your root and subdomain.

A section of a terminal window that shows the server name variable.

Change ssl_certificate and ssl_certificate_key to the location of your SSL certificate.

A section of a terminal window that shows the SSL path variables.

Lastly, replace the value of the root variable with the location of your Cryptpad repository.

A section of a terminal window that shows the instance's root variable.

Configuring Cryptpad

Use the example config file provided by the developers by running:

cp /home/$USER/cryptpad/config/config.example.js /home/$USER/cryptpad/config/config.js

Open it with a text editor and change the httpUnsafeOrigin: variable to your root domain.

A section of a terminal window that shows the root domain.

Change the httpSafeOrigin: variable to your subdomain.

A section of a terminal window that shows the subdomain.

Add the following line of code immediately after the httpSafeOrigin: variable.

adminEmail: '',
A section of a terminal window that shows the admin email.

Creating the SystemD Service

It is also possible to link Cryptpad to a SystemD service to allow you to launch it during the system startup by running the following:

nano /home/$USER/cryptpad/docs/cryptpad.service

The code block below is a version that I have modified to work with my machine.

Description=Cryptpad Service
# Replace the username values with your own username.
ExecStart=/bin/node /home/ramces/cryptpad/server.js
A terminal window showing a systemd service template.

Save and exit this file, then copy it to the SystemD service folder:

sudo cp /home/$USER/cryptpad/docs/cryptpad.service /etc/systemd/system/cryptpad.service

Reload SystemD to enable your service file:

sudo systemctl daemon-reload
sudo systemctl enable cryptpad
sudo systemctl start cryptpad
sudo systemctl reload nginx

Running Cryptpad

If everything is done correctly, you should be able to access Cryptpad through your root domain.

A window showing a working cryptpad install.

Creating Your Admin Account in Cryptpad

While you can use Cryptpad without an account, it is good practice to create an Admin user to allow you to manage your instance through its web interface.

  1. Press “Sign Up” on Cryptpad’s home page.
Install Cryptpad Linux 32 Sign Up Button Link
  1. Enter your username and password to create a new account.
A page showing the basic user creation process.
  1. Once you are logged in, click the “User Menu” button on the page’s upper-right corner.
A page showing the basic Cryptpad interface.
  1. Click “Settings.”
A section of a page that shows the Cryptpad user menu.
  1. Copy the contents of the “Public Signing Key” text box.
A section of a page that shows the public key for my user account.
  1. Go back to your repository folder and open your configuration file:
nano /home/$USER/cryptpad/config/config.js

Look for the adminKeys: variable and paste your signing key in between the square brackets:

Install Cryptpad Linux 37 Config File Admin Key
  1. Reload your Cryptpad instance through SystemD:
sudo systemctl restart cryptpad
A page that shows the basic Cryptpad admin screen.

Frequently Asked Questions

Why am I getting a blank page when I try to connect to Cryptpad?

This issue is most likely due to your machine’s DNS record still not propagating across major DNS servers. You can fix this by reducing the TTL value in your domain’s DNS record page to 3600.

How do I update Cryptpad after I have installed it?

You can update Cryptpad by going to your repository and running git pull. This will download all the latest source files for Cryptpad. After that, you also need to run npm update && bower update to update your binary files.

Image credit: Unsplash. All alterations and screenshots by Ramces Red.

Ramces Red
Ramces Red

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox