Radet Hannibal-5

Dead Simple Deployment: NoteDiscovery

Recently I've been quite excited by a new open source note taking application called NoteDiscovery. It has a ton of features already and seems to be growing daily at this point thanks to the dedication of its developer Guillermo Villar. The application is self-hosted and super easy to deploy thanks to the excellent docker setup and documentation.

Follow along with my tutorial here to get up and running in just a few minutes!

[WIP TUTORIAL]

Stack Overview
Server Ubuntu 24.04
Proxy Server Caddy
Hosting Digitalocean

For this tutorial I'm going to assume you've got a fairly fresh Ubuntu 24.04 installation running. You're free to use any hosting you like; I went with digitalcoean simply because I'm already familiar with their services and their droplets are cheap and easy to spin up. You can also just run the docker container on your local machine, but I wanted to be able to access my notes on-the-go. If you want the same you're in the right place!

Caddy reverse proxy

I went with Caddy as my reverse proxy server because it does everything I need and is very easy to set up. It even handles setting up your SSL certificates automatically! Nginx and even Apache are also options, but require quite a bit more configuration to get up and running safely.

Install caddy

sudo apt install caddy

Configure the proxy by editing /etc/caddy/Caddyfile. replace [exernal url] with either a domain/subdomain pointed to your server or your server's ip public address. By default NoteDiscovery runs on port 8000, so replace [internal port] with that.

[external url] {
        reverse_proxy localhost:[internal port]
}

In my case I pointed my subdomain notediscovery on radet5.com at my server so my config looks like this

notediscovery.radet5.com {
        reverse_proxy localhost:8000
}

Then just restart the caddy service

systemctl restart caddy

Also wouldn't hurt to double check its status to make sure it is running successfully and is enabled

systemctl status caddy

TODO: BASIC AUTH CONFIGURATION AND BCRYPT

If that looks good, you're all set with a SSL secured reverse proxy!

Creating a user

I've created a dedicated user named notediscovery on my server for running the NoteDiscovery docker container in order to isolate it from other services I'm hosting. You can use any user you like, but do not use the root account to run the docker container.

Set this variable to just copy/paste the following commands

user='notediscovery'

Add user

adduser $user

Add to sudoers

usermod -aG sudo $user

then log in as your user

Installing and Preparing Rootless Docker

There are two recommended ways of installing Docker on Ubuntu 24.04, either view the Ubuntu maintained package docker.io or the docker maintained package docker-ce. Each package handles the docker installation a bit differently. I decided to stick with the Ubuntu approach.

In order to avoid running the Docker container with root privileges I've also configured the system to support running Docker with user level privileges in the interest of security.

Install the docker.io base package

sudo apt install docker.io

uidmap is required for the user ID mapping used for rootless Docker

sudo apt install uidmap

Before we can run the docker-rootless installation script Ubuntu requires a little extra configuration. The following adds a rule to the /etc/apparmor.d/ directory as specified on the Ubuntu Blog in order to allow just our unprivileged rootlesskit process the limited kernel access it needs to run the docker deamon.

Be sure you are logged in as the user who will be running the docker container (or replace all instances of $user with that user's name).

user=$(whoami)
cat <<EOT | sudo tee "/etc/apparmor.d/home.$user.bin.rootlesskit"
# ref: https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
abi <abi/4.0>,
include <tunables/global>

/home/$user/bin/rootlesskit flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/home.$user.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service

With that done we can download and run docker rootless install script

curl -fsSL https://get.docker.com/rootless | sh

I found that in order to run docker compose properly I needed docker v2 this will download it and install it where it needs to be

mkdir -p .docker/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.40.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x ./.docker/cli-plugins/docker-compose

And finally enable the user level docker service and allow it to continue running after the user has logged out. This way the service will stay up!

systemctl --user enable docker
sudo loginctl enable-linger $(whoami)

NoteDiscovery install & config

From here you can follow any of the setup instructions, but I'll go over the easiest one here: using the pre-built GHCR image.

First we create the required directories. Your markdown notes will be stored in the data directory.

mkdir -p data plugins themes

Next we download the default config file along with two of the themes (there are several others you're encouraged to grab from the repo! I'm a fan of Monokai personally)

curl -O https://raw.githubusercontent.com/gamosoft/notediscovery/main/config.yaml
curl -o themes/light.css https://raw.githubusercontent.com/gamosoft/notediscovery/main/themes/light.css
curl -o themes/dark.css https://raw.githubusercontent.com/gamosoft/notediscovery/main/themes/dark.css

Finally, we'll need the container image itself

curl -O https://raw.githubusercontent.com/gamosoft/notediscovery/main/docker-compose.ghcr.yml

MORE COMING SOON

...read more
Written Sun Nov 30 2025
Updated Sun Nov 30 2025
Δ
decorative element
decorative element