If your team needs a self-hosted, real-time collaborative document editor that respects your data privacy, Etherpad is one of the best tools available. It is free, open-source, and built entirely on Node.js, which makes it lightweight enough to run on a modest Linux server. This guide walks you through every step to install Etherpad on Fedora 43, from system preparation all the way to a production-ready setup with Nginx and SSL. By the end, you will have a fully working Etherpad instance secured with HTTPS and running as a managed systemd service.

Fedora 43, released in October 2025, ships with DNF 5, GCC 15, and improved SELinux policies. These updates make it an excellent platform for self-hosted applications like Etherpad. All commands in this guide are tested on a clean Fedora 43 server installation.

What Is Etherpad and Why Should You Self-Host It?

Etherpad is an open-source, web-based text editor that allows multiple users to edit the same document at the same time. Every participant gets a unique color, so you can see who typed what, live, without refreshing the page.

Unlike Google Docs or Notion, a self-hosted Etherpad instance puts you in complete control. Your documents never leave your server, and there are no per-user licensing fees. You also get full access to a plugin ecosystem for features like Markdown editing, export to PDF, and admin dashboards.

Here is why teams and developers prefer self-hosting:

• Full data ownership: Documents stay on your own infrastructure
• No usage limits: Create unlimited pads and users
• Plugin support: Extend Etherpad functionality via the /admin panel
• Cost-effective: Free to run, no SaaS subscription required

Etherpad runs on Node.js and uses a flat-file or relational database backend. For production setups, SQLite or MariaDB is recommended over the default dirty database, which is designed for quick local testing only.

Prerequisites

Before you begin the Etherpad on Fedora 43 setup, make sure the following conditions are in place:

• A server or workstation running Fedora 43 (fresh install recommended)
• A user account with sudo privileges (do not run as root)
• A domain name pointed to your server IP address (required for SSL)
• Minimum 1 GB RAM and 10 GB disk space (2 GB RAM recommended for production)
• Basic comfort with the Linux terminal and text editors like nano or vim
• An active internet connection for downloading packages and cloning from GitHub
• Estimated completion time: 30 to 45 minutes

Step 1: Update Your Fedora 43 System

Starting with a fully updated system prevents dependency conflicts and ensures you have the latest security patches in place.

Run the following command using DNF 5, which is the default package manager on Fedora 43:

sudo dnf update -y

The -y flag automatically confirms all prompts, which is safe for a fresh server. Once the update finishes, reboot the system if a new kernel was installed:

sudo reboot

After the reboot, confirm you are running Fedora 43:

cat /etc/fedora-release

Expected output:

Fedora release 43 (Forty Three)

DNF 5 in Fedora 43 resolves dependencies faster than its predecessor, so the update process should complete quickly even on a minimal install.

Step 2: Install Required Dependencies

Etherpad needs several build tools and development libraries before it can be compiled and started. Skipping this step is the most common reason Etherpad installations fail on RPM-based systems.

Install all required packages in a single command:

sudo dnf install -y git curl gzip python3 openssl-devel gcc

Then install the Development Tools group, which includes make, gcc-c++, and other build essentials needed by Node.js native modules:

sudo dnf groupinstall -y "Development Tools"

Here is what each package does:

• git: Clones the Etherpad source code from GitHub
• curl: Downloads external scripts and resources
• gzip: Handles compressed archive files
• python3: Required by some Node.js native add-on build processes
• openssl-devel: Provides SSL/TLS cryptographic headers and libraries
• gcc + Development Tools: Compiles native Node.js modules from source

Verify that Git installed correctly before moving on:

git --version

Expected output:

git version 2.47.x

Step 3: Install Node.js on Fedora 43

Etherpad 2.x requires Node.js 18.x or 20.x LTS. The version in Fedora’s default repositories may be outdated, so install Node.js 20.x from the NodeSource repository for guaranteed compatibility.

Add the NodeSource repository and install Node.js:

curl -fsSL https://rpm.nodesource.com/setup_20.x | sudo bash -
sudo dnf install -y nodejs

If you prefer to use the Fedora repository directly (acceptable as a fallback), run:

sudo dnf install -y nodejs npm

After installation, verify both the Node.js runtime and npm package manager:

node --version
npm --version

Expected output:

v20.x.x
10.x.x

Node.js 20.x is the current Long Term Support release, which means it receives security updates well into 2026 and beyond. Using an unsupported Node.js version is the second most common cause of broken Etherpad installations.

Note: Etherpad 2.x uses pnpm internally. You do not need to install pnpm manually. The installDeps.sh script in Step 6 handles this automatically.

Step 4: Create a Dedicated System User for Etherpad

Running Etherpad as the root user is a serious security risk. A dedicated unprivileged system user contains the application within its own permission boundary, limiting the damage if something goes wrong.

Create the etherpad system user with a locked login shell and a dedicated home directory:

sudo useradd -r -m -d /opt/etherpad -s /sbin/nologin etherpad

Here is what each flag does:

• -r: Creates a system account (lower UID range, no cron or mail)
• -m: Creates the home directory if it does not already exist
• -d /opt/etherpad: Sets /opt/etherpad as the user home directory
• -s /sbin/nologin: Prevents this account from being used for interactive shell login

Confirm the user was created successfully:

id etherpad

Expected output:

uid=990(etherpad) gid=990(etherpad) groups=990(etherpad)

All Etherpad files will live inside /opt/etherpad, and only the etherpad user will own them. This is a standard production security practice for any Node.js web application.

Step 5: Download and Install Etherpad

Clone the Etherpad Repository

Switch to the etherpad user context and clone the official Etherpad repository directly into the home directory:

sudo -u etherpad bash -c "git clone --branch master https://github.com/ether/etherpad-lite.git /opt/etherpad"

The --branch master flag targets the stable production branch. Always clone from github.com/ether/etherpad-lite to avoid modified or potentially malicious forks.

Confirm the clone succeeded:

ls /opt/etherpad

You should see key directories and files including bin/, src/, settings.json.template, and package.json.

Run the Dependency Installer

Switch to the etherpad user and run the built-in dependency installer script:

sudo -u etherpad bash -c "cd /opt/etherpad && ./bin/installDeps.sh"

This script does three things automatically:

1. Detects your Node.js version and checks compatibility
2. Installs pnpm if it is not already present
3. Pulls all required npm packages listed in package.json

This step can take a few minutes depending on your internet speed and CPU. Wait for the final output line confirming that dependencies are ready before continuing.

Common errors during this step:

• EACCES permission error: You are not running as the etherpad user. Rerun using sudo -u etherpad
• node-gyp build failure: The Development Tools group from Step 2 is missing. Install it and retry

Step 6: Configure Etherpad (settings.json)

Create the Settings File

Etherpad ships with a configuration template. Copy it to create your active settings file:

sudo -u etherpad cp /opt/etherpad/settings.json.template /opt/etherpad/settings.json

Open the file for editing:

sudo -u etherpad nano /opt/etherpad/settings.json

Key Settings to Modify

Work through the following settings in order. Each one has a direct impact on security and functionality.

Set the application title:

"title": "My Team Pad",

Set the IP binding to localhost (required when running behind Nginx):

"ip": "127.0.0.1",
"port": 9001,

Disable the dirty database and switch to SQLite for production. Find and comment out the existing dbType block:

/*
"dbType": "dirty",
"dbSettings": {
  "filename": "var/dirty.db"
},
*/

Add the SQLite configuration below it:

"dbType": "sqlite",
"dbSettings": {
  "filename": "/opt/etherpad/var/etherpad.db"
},

The dirty database writes to a flat file and will corrupt under concurrent writes. SQLite handles multi-user load much better on a single server.

Set the admin password for the /admin panel:

"users": {
  "admin": {
    "password": "YourStrongAdminPassword",
    "is_admin": true
  }
},

Generate a unique session key using OpenSSL and paste the output into the sessionKey field:

openssl rand -hex 32

"sessionKey": "paste-your-generated-key-here",

Save the file with Ctrl+O and exit with Ctrl+X.

Step 7: Create a Systemd Service for Etherpad

A systemd service ensures Etherpad starts automatically on every boot and restarts itself if the process crashes. This is essential for any production Linux server tutorial.

Create the service unit file:

sudo nano /etc/systemd/system/etherpad.service

Paste the following configuration:

[Unit]
Description=Etherpad Collaborative Web Editor
After=network.target

[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/opt/etherpad
ExecStart=/usr/bin/node /opt/etherpad/src/node/server.js
Restart=always
RestartSec=5
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target

Save and exit. Then reload systemd and start the service:

sudo systemctl daemon-reload
sudo systemctl enable --now etherpad

Verify that Etherpad is running:

sudo systemctl status etherpad

Expected output (key lines):

Active: active (running) since ...

Confirm Etherpad is listening on port 9001:

ss -tulpn | grep 9001

If the service fails, read the live logs to find the exact error:

sudo journalctl -u etherpad -f

Step 8: Install and Configure Nginx as a Reverse Proxy

Running Etherpad directly on port 9001 is fine for local testing, but it is not suitable for production. Nginx handles HTTPS termination, WebSocket upgrades, and request routing on behalf of Etherpad.

Install Nginx and start it:

sudo dnf install -y nginx
sudo systemctl enable --now nginx

Create a new virtual host configuration file for Etherpad:

sudo nano /etc/nginx/conf.d/etherpad.conf

Paste the following configuration. Replace pad.yourdomain.com with your actual domain:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    server_name pad.yourdomain.com;

    access_log  /var/log/nginx/etherpad.access.log;
    error_log   /var/log/nginx/etherpad.error.log;

    location / {
        proxy_pass          http://127.0.0.1:9001;
        proxy_buffering     off;
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $remote_addr;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_http_version  1.1;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection $connection_upgrade;
    }
}

The Upgrade and Connection headers are critical. Without them, Etherpad’s WebSocket connections will fail, and users will see blank documents or connection errors in the browser.

Test the Nginx configuration and restart:

sudo nginx -t
sudo systemctl restart nginx

Expected output from nginx -t:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 9: Secure Etherpad with SSL Using Certbot

HTTPS is not optional for a production server handling team documents. Certbot automates the entire SSL certificate process using Let’s Encrypt.

Install Certbot and its Nginx plugin:

sudo dnf install -y certbot python3-certbot-nginx

Request and install an SSL certificate for your domain:

sudo certbot --nginx -d pad.yourdomain.com

During the process, Certbot will ask you to:

1. Enter an email address for renewal notices
2. Agree to the Let’s Encrypt Terms of Service
3. Choose whether to redirect HTTP to HTTPS (select Option 2 to force HTTPS)

Certbot automatically edits your Nginx config to add listen 443 ssl and the certificate file paths. After it finishes, visit https://pad.yourdomain.com in a browser to confirm the padlock icon appears.

Verify that the automatic renewal timer is active:

sudo systemctl status certbot-renew.timer

Test a dry-run renewal to confirm the process works:

sudo certbot renew --dry-run

Step 10: Open Firewall Ports with firewalld

Fedora 43 runs firewalld by default. You need to explicitly open HTTP and HTTPS ports for external traffic to reach Nginx.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify the rules are active:

sudo firewall-cmd --list-all

You should see http and https listed under services:.

Do not open port 9001 to the public. Nginx handles all incoming traffic and forwards requests to Etherpad internally on localhost. Exposing 9001 directly would bypass your SSL and Nginx security layer.

If your server is hosted on a cloud platform (AWS, DigitalOcean, Hetzner), also open ports 80 and 443 at the cloud provider firewall or security group level.

Step 11: Verify Your Etherpad Installation

Open a browser and go to https://pad.yourdomain.com. You should see the Etherpad home screen with a “New Pad” button and a text field for entering a pad name.

To confirm real-time collaboration works:

1. Create a new pad and note the URL
2. Open the same URL in a second browser tab or a different browser
3. Type something in one window and confirm it appears instantly in the other

Access the admin dashboard at https://pad.yourdomain.com/admin using the adminPassword you set in settings.json. From the admin panel you can install plugins, monitor active pads, and manage users.

Troubleshooting Common Etherpad Issues on Fedora 43

Even on a clean install, a few issues come up regularly. Here are the most common ones with direct solutions.

1. Etherpad service fails to start

Check the service logs immediately:

sudo journalctl -u etherpad -f

The most common cause is a malformed settings.json. Validate the JSON syntax:

python3 -m json.tool /opt/etherpad/settings.json

Any output other than the formatted JSON indicates a syntax error on a specific line.

2. Blank white page or no response at port 9001

This almost always means an incompatible Node.js version. Check with:

node --version

If the version is below 18.x, reinstall using the NodeSource repository as described in Step 3.

3. Nginx returns a 502 Bad Gateway

This means Nginx is running but Etherpad is not. Start the service:

sudo systemctl start etherpad
sudo systemctl status etherpad

4. WebSocket connection errors in the browser console

If you see WebSocket connection failed in your browser’s developer tools, the Upgrade and Connection headers are missing from your Nginx config. Revisit Step 8 and confirm both headers are present.

5. Permission denied errors on /opt/etherpad

If file ownership changed for any reason, reset it:

sudo chown -R etherpad:etherpad /opt/etherpad

Then restart the Etherpad service:

sudo systemctl restart etherpad

Congratulations! You have successfully installed Etherpad. Thanks for using this tutorial for installing Etherpad on your Fedora 43 Linux system. For additional or useful information, we recommend you check the official Etherpad website.