End-to-End Encrypted Storage with Hoodik

NATVPS.id – Hoodik is cloud storage open source which prioritizes encryption end to end. Hoodik can be self-hosted on servers itself, with the aim of providing cloud storage which is safe, private and fast.

This article discusses the steps for installing Hoodik on a NAT VPS using Docker Compose, along with NGINX configuration for reverse proxy. This article uses Ubuntu 22.04 as a reference, but you can use other distributions such as Debian and CentOS.

Port Forwarding Configuration

Considering we are using NAT, we need to add 2 port forwarding configurations on the Virtualizor panel (or other VPS panel according to provider), ie HTTP and HTTPS port forwarding for the Hoodik domain.

For example, this article will use domains hdk.tutorial.mdinata.my.id to access Hoodik. You are free to change the domain according to your choice. Note this domain, because we will use it again in the installation process.

Don’t forget to add a DNS record that goes to your VPS’ NAT public IP, like this:

If you are confused, please read our article regarding domain forwarding on: Explanation of Domain Forwarding in NAT VPS.

Install Docker

We will use Docker and Docker Compose for spread Hoodik.

First, Install curly using the command:

apt update && apt install curl -y

Then, run it script automatic installation of Docker by entering:

curl -fsSL get.docker.com | sh

Wait until the installation process is complete.

Install Hoodik

First, create a new directory for Hoodik:

mkdir /opt/hoodik
cd /opt/hoodik

Then, create a Docker Compose file:

apt install nano -y # Jika belum
nano docker-compose.yml

Fill in the following configuration:

# 

services:
  postgres:
    image: bitnami/postgresql:latest
    restart: always
    hostname: postgres
    container_name: postgres
    environment:
      - POSTGRESQL_USERNAME=postgres
      - POSTGRESQL_PASSWORD=postgres
      - POSTGRESQL_DATABASE=hoodik
      - POSTGRESQL_WAL_LEVEL=logical
  hoodik:
    environment:
      - DATA_DIR=/data
      - APP_URL=
      - SSL_CERT_FILE=/data/my-cert-file.crt.pem
      - SSL_KEY_FILE=/data/my-key-file.key.pem
      - DATABASE_URL=postgres://postgres:postgres@postgres:5432/hoodik
    volumes:
      - ./data:/data
    ports:
      - 4554:5443
    image: hudik/hoodik:latest

Change hdk.tutorial.mdinata.my.id with your Hoodik domain.

Save the file with Ctrl-X, yThen Enter.

Finally, run Hoodik:

docker compose up -d
sleep 15 # Tunggu hingga PostgresSQL berjalan
docker compose restart hoodik # Restart Hoodik

Wait for the process spread finished. The first deployment may take a few minutes due to downloading picture Hoodik, as well as configuring it from the beginning. Additionally, Hoodik may be able to run too early before database initialized, therefore we need to wait for PostgresSQL to run, then commit restart towards Hoodik.

NGINX (Reverse Proxy) Configuration

Hoodik requires an encrypted connection using HTTPS for security password which is saved. So that we can access URLs with HTTPS via domains such as https://hdk.tutorial.mdinata.my.idwe can use reverse proxy like NGINX.

First, install NGINX via command:

# Hapus Apache2 dan pendukungnya (biasanya terpasang secara bawaan di VPS OpenVZ)
apt purge apache2* -y

# Install NGINX
apt install nginx -y

Create a new host configuration specifically for Hoodik:

nano /etc/nginx/sites-available/hoodik

Then paste the following configuration:

# 
server {
    listen 80;
    server_name hdk.tutorial.mdinata.my.id;

    location / {
        proxy_pass 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_redirect off;
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }
}

Change password.tutorial.mdinata.my.id with your domain.

Activate the configuration by:

ln -sf /etc/nginx/sites-available/hoodik /etc/nginx/sites-enabled/

# Restart NGINX
systemctl restart nginx

Generate SSL Certificate (Let’s Encrypt)

In order for our domain to be accessible via HTTPS, we need to create an SSL certificate. We can use a free SSL certificate from Let’s Encrypt via Certbot.

Install Certbot and its NGINX plugin use the command:

apt install python3-certbot python3-certbot-nginx

So, produce certificate via Certbot with command

certbot --nginx -d hdk.tutorial.mdinata.my.id

Change hdk.tutorial.mdinata.my.id with your domain.

Happy! Hoodik is currently accessible via a secure HTTPS connection.

Access Hoodik

Hoodik can be accessed through your previous domain. Example: https://hdk.tutorial.mdinata.my.id.

Click Create an accountthen enter your account information as usual.

You will be given private key your encryption. Save this, because you will need it next time.

If so, you will go to dashboard.

Cover

That’s it for this article about the steps to install Hoodik on a NAT VPS.

If you are confused or in doubt, don’t hesitate to ask in the Telegram group @IPv6Indonesia. Thank You!