My version of HedgeDoc is: HedgeDoc 1.7.0
What I expected to happen:
I’m running HedgeDoc behind Apache SSL on an AWS EC2 Instance running Ubuntu 20.04.3 LTS. A proxy to the localhost provides the service. The setup works well when I start HedgeDoc from the command line.
NODE_ENV=production yarn start --production
What I expected was that I could create an systemd service to run HedgeDoc whenever the server is running. I created the following service and executed the following commands.
- cd /etc/systemd/system
- sudo nano hedgedoc.service
Input the following in the new file and saved:
---------------------- File Start --------------
[Unit]
Description=HedgeDoc - The best platform to write and share markdown.
Documentation=https://docs.hedgedoc.org/
After=network.target
# Uncomment if you use MariaDB/MySQL
# After=mysql.service
# Uncomment if you use PostgreSQL
# After=postgresql.service
[Service]
Type=exec
Environment=NODE_ENV=production
Restart=always
RestartSec=2s
ExecStart=/usr/bin/yarn start --production
CapabilityBoundingSet=
NoNewPrivileges=true
PrivateDevices=true
RemoveIPC=true
LockPersonality=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectClock=true
ProtectHostname=true
ProtectProc=noaccess
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
# You may have to adjust these settings
User=ubuntu
Group=ubuntu
WorkingDirectory=/var/www/hedgedoc
# Example: local storage for uploads and SQLite
ReadWritePaths=/var/www/hedgedoc/public/uploads /var/www/hedgedoc/db
[Install]
WantedBy=multi-user.target
------------------------------------- End of file ---------
After creating the service file I executed the following commands:
- sudo systemctl daemon-reload
- sudo systemctl start hedgedoc.service
Both execute with no error message.
When I expected at this point for the service to be available the same way that it is available when executing the
When I run the following from the command line.
NODE_ENV=production yarn start --production
- What actually happened:
The service is unavailable.
When I run
sudo systemctl status hedgedoc.service
I get the following:
hedgedoc.service - HedgeDoc - The best platform to write and share markdown.
Loaded: loaded (/etc/systemd/system/hedgedoc.service; disabled; vendor pre>
Active: activating (auto-restart) (Result: exit-code) since Fri 2021-11-05>
Docs: https://docs.hedgedoc.org/
Process: 25313 ExecStart=/usr/local/bin/yarn start --production (code=exite>
Main PID: 25313 (code=exited, status=1/FAILURE)
When I run
journalctl -u hedgedoc.service -f
I get the following:
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: Error: EACCES: permission denied, open '/root/.config/yarn/config'
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at Object.openSync (fs.js:497:3)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at readFileSync (fs.js:393:35)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at /usr/share/yarn/lib/cli.js:101468:58
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at Array.map (<anonymous>)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at parseRcPaths (/usr/share/yarn/lib/cli.js:101466:78)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at Object.findRc (/usr/share/yarn/lib/cli.js:101480:10)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at getRcConfigForCwd (/usr/share/yarn/lib/cli.js:56959:74)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at /usr/share/yarn/lib/cli.js:92829:56
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at Generator.next (<anonymous>)
Nov 13 15:28:55 ip-172-31-1-204 yarn[2774332]: at step (/usr/share/yarn/lib/cli.js:310:30)
Nov 13 15:28:55 ip-172-31-1-204 systemd[1]: hedgedoc.service: Main process exited, code=exited, status=1/FAILURE
I already tried:
I don’t understand the permissions error. I’m executing the service with sudo. I also, as test, I changed the service user and group parameters to root and got the same error message. Also the working directory has the following permissions and ownership.
-rw-r--r-- 1 ubuntu ubuntu 6839 Sep 13 20:24 AUTHORS
-rw-r--r-- 1 ubuntu ubuntu 224 Sep 13 20:24 CHANGELOG.md
-rw-r--r-- 1 ubuntu ubuntu 1988 Sep 13 20:24 CODE-OF-CONDUCT.md
-rw-r--r-- 1 ubuntu ubuntu 3913 Sep 13 20:24 CONTRIBUTING.md
-rw-r--r-- 1 ubuntu ubuntu 34743 Sep 13 20:24 LICENSE
-rw-r--r-- 1 ubuntu ubuntu 6048 Sep 13 20:24 README.md
-rw-r--r-- 1 ubuntu ubuntu 1457 Sep 13 20:24 SECURITY.md
-rw-r--r-- 1 ubuntu ubuntu 11113 Sep 13 20:24 app.js
-rw-r--r-- 1 ubuntu ubuntu 5339 Sep 13 20:24 app.json
drwxr-xr-x 2 ubuntu ubuntu 4096 Sep 13 20:24 bin
-rw-rw-r-- 1 ubuntu ubuntu 284 Nov 5 16:33 config.json
-rw-r--r-- 1 ubuntu ubuntu 4583 Sep 13 20:24 config.json.example
-rw-r--r-- 1 ubuntu ubuntu 4583 Oct 30 17:38 config.json.old
drwxrwxr-x 2 ubuntu ubuntu 4096 Nov 12 21:35 db
drwxr-xr-x 3 ubuntu ubuntu 4096 Sep 13 20:24 docs
drwxr-xr-x 8 ubuntu ubuntu 4096 Sep 13 20:24 lib
drwxr-xr-x 2 ubuntu ubuntu 4096 Sep 13 20:24 locales
drwxrwxr-x 482 ubuntu ubuntu 20480 Oct 30 17:38 node_modules
-rw-r--r-- 1 ubuntu ubuntu 6670 Sep 13 20:24 package.json
drwxr-xr-x 12 ubuntu ubuntu 4096 Sep 13 20:24 public
-rw-r--r-- 1 ubuntu ubuntu 249 Sep 13 20:24 renovate.json
drwxr-xr-x 2 ubuntu ubuntu 4096 Sep 13 20:24 test
-rw-r--r-- 1 ubuntu ubuntu 13343 Sep 13 20:24 webpack.common.js
-rw-r--r-- 1 ubuntu ubuntu 366 Sep 13 20:24 webpack.dev.js
-rw-r--r-- 1 ubuntu ubuntu 947 Sep 13 20:24 webpack.htmlexport.js
-rw-r--r-- 1 ubuntu ubuntu 993 Sep 13 20:24 webpack.prod.js
-rw-r--r-- 1 ubuntu ubuntu 498526 Sep 13 20:24 yarn.lock
I’ve been stuck on this for a few days now. I’m guessing it is some small configuation issue, but I haven’t been able to figure it out. Thanks in advance. I hope that the question is appropriate for this forum.