TriliumNext · eliandoran · Mar 9, 2025 · Jul 8, 2024 · Jul 8, 2024 · Jul 8, 2024
diff --git a/Wiki/docker-server-installation.md b/Wiki/docker-server-installation.md
@@ -13,7 +13,23 @@ If you need help installing Docker, reference the [Docker Installation Docs](htt
 > [!WARNING]
 > If you're using a SMB/CIFS share or folder as your Trilium data directory, [you'll need](https://github.com/TriliumNext/Notes/issues/415#issuecomment-2344824400) to add the mount options of `nobrl` and `noperm` when mounting your SMB share. 
 
-## Pulling the Docker Image
+## Running with Docker Compose
+
+### Grab the latest docker-compose.yml:
+```sh
+wget https://raw.githubusercontent.com/TriliumNext/Notes/master/docker-compose.yml
+```
+
+Optionally, edit the `docker-compose.yml` file to configure the container settings prior to starting it. Unless configured otherwise, the data directory will be `~/trilium-data` and the container will be accessible at port 8080.
+
+### Start the container:
+Run the following command to start the container in the background:
+```sh
+docker compose up -d
+```
+
+## Running without Docker Compose / Further Configuration
+### Pulling the Docker Image
 
 To pull the image, use the following command, replacing `[VERSION]` with the desired version or tag, such as `v0.91.6` or just `latest`. (See published tag names at https://hub.docker.com/r/triliumnext/notes/tags.):
 
@@ -23,13 +39,13 @@ docker pull triliumnext/notes:v0.91.6
 
 **Warning:** Avoid using the "latest" tag, as it may automatically upgrade your instance to a new minor version, potentially disrupting sync setups or causing other issues.
 
-## Preparing the Data Directory
+### Preparing the Data Directory
 
 Trilium requires a directory on the host system to store its data. This directory must be mounted into the Docker container with write permissions.
 
-## Running the Docker Container
+### Running the Docker Container
 
-### Local Access Only
+#### Local Access Only
 
 Run the container to make it accessible only from the localhost. This setup is suitable for testing or when using a proxy server like Nginx or Apache.
 
@@ -40,7 +56,7 @@ sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/triliu
 1. Verify the container is running using `docker ps`.
 2. Access Trilium via a web browser at `127.0.0.1:8080`.
 
-### Local Network Access
+#### Local Network Access
 
 To make the container accessible only on your local network, first create a new Docker network:
 
@@ -66,13 +82,7 @@ Find the local IP address using `docker inspect [container_name]` and access the
 docker ps
 docker inspect [container_name]
 ```
-
-#### Reverse Proxy
-
-1. [Nginx](nginx-proxy-setup.md)
-2. [Apache](apache-proxy-setup.md)
-
-### Global Access
+#### Global Access
 
 To allow access from any IP address, run the container as follows:
 
@@ -93,10 +103,16 @@ For a custom data directory, use:
 If you want to run your instance in a non-default way, please use the volume switch as follows: `-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/notes:<VERSION>`. It is important to be aware of how Docker works for volumes, with the first path being your own and the second the one to virtually bind to. [https://docs.docker.com/storage/volumes/](https://docs.docker.com/storage/volumes/)
 The path before the colon is the host directory, and the path after the colon is the container's path. More details can be found in the [Docker Volumes Documentation](https://docs.docker.com/storage/volumes/).
 
+## Reverse Proxy
+
+1. [Nginx](nginx-proxy-setup.md)
+2. [Apache](apache-proxy-setup.md)
+
 ### Note on --user Directive
 
 The `--user` directive is unsupported. Instead, use the `USER_UID` and `USER_GID` environment variables to set the appropriate user and group IDs.
 
 ### Note on timezones
 
 If you are having timezone issues and you are not using docker-compose, you may need to add a `TZ` environment variable with the [TZ identifier](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) of your local timezone. 
+
diff --git a/Wiki/protected-notes.md b/Wiki/protected-notes.md
@@ -1,57 +1,52 @@
-# Protected-notes
-Trilium is meant to store all kinds of data - including potentially sensitive data like journals or credentials etc.
+# Protected Notes
 
-For such sensitive data Trilium can protect these notes which essentially means:
+Trilium is designed to store a wide variety of data, including sensitive information such as personal journals, credentials, or confidential documents. To safeguard this type of content, Trilium offers the option to protect notes, which involves the following measures:
 
-*   encrypting the note with encryption key based on your password.
-    *   This means that without your password, protected notes are not decipherable so even if somebody managed to steal your Trilium [database](database.md), your protected notes could not be read.
-*   time-limited access to protected notes
-    *   To first access protected notes you need to enter your password which will decrypt the note and allow you to read / write them. But after certain time period (by default 10 minutes) this decrypted note is unloaded from memory and to read it again you need to enter your password again.
-        *   This time limit counts from the last interaction with protected session - so e.g. if you continuously write into a protected note, session is getting extended automatically, and you are not kicked out. Once you change to an unprotected note, expiration starts counting and session ends in 10 minutes (unless you again interact with protected notes).
-    *   This protects against a possible scenario where you leave your computer unlocked for a long time and somebody can access your Trilium application.
-*   protected notes protect only confidentiality and partially integrity of the notes. User outside the protected sessions can still e.g. delete the protected notes or move them to a new location.
+- **Encryption:** Protected notes are encrypted using a key derived from your password. This ensures that without the correct password, protected notes remain indecipherable. Even if someone gains access to your Trilium [database](database.md), they won't be able to read your encrypted notes.
+
+- **Time-limited access:** To access protected notes, you must first enter your password, which decrypts the note for reading and writing. However, after a specified period of inactivity (10 minutes by default), the note is unloaded from memory, requiring you to re-enter your password to access it again.
+  - The session timeout is extended automatically while you're interacting with the protected note, so if you're actively editing, the session remains open. However, if you switch to an unprotected note, the session timer starts, and the session expires after 10 minutes of inactivity unless you return to the protected notes.
 
-How to use protected notes
---------------------------
+- **Protection scope:** Protected notes ensure the confidentiality of their content and partially their integrity. While unauthorized users cannot read or edit protected notes, they can still delete or move them outside of the protected session.
 
-Notes are by default unprotected. If you want your note to be protected, click on shield icon next to the note title as seen here:
+## Using Protected Notes
 
-![](images/protecting-note.gif)
+By default, notes are unprotected. To protect a note, simply click on the shield icon next to the note's title, as shown here:
 
-What is encrypted
------------------
+![example animation of unlocking protected notes](images/protecting-note.gif)
 
-In principle Trilium encrypts data, but doesn't encrypt metadata. This specifically means:
+## What is Encrypted?
 
-Encrypted:
+Trilium encrypts the data within protected notes but not their metadata. Specifically:
 
-*   note title
-*   note content
-*   images
-*   file attachments
+**Encrypted:**
 
-Not encrypted:
+- Note title
+- Note content
+- Images
+- File attachments
 
-*   structure of the notes - i.e. you can still see that there are protected notes.
-*   various metadata - e.g. date of last modification
-*   [attributes](attributes.md)
+**Not encrypted:**
 
-Encryption details
-------------------
+- Note structure (i.e., it remains visible that there are protected notes)
+- Metadata, such as the last modified date
+- [Attributes](attributes.md)
 
-... how we get from password to decrypted note:
+## Encryption Details
 
-1.  User enters password
-2.  Password is put into [scrypt](https://en.wikipedia.org/wiki/Scrypt) algorithm together with "password verification" [salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) to verify that password is correct
-3.  Password is put into scrypt algorithm together with "encryption" salt which produces a hash
-    *   here we use scrypt for [key stretching](https://en.wikipedia.org/wiki/Key_stretching)
-4.  Hash produced in the last step is used to decrypt actual _data encryption key_
-    *   data encryption key is encrypted with [AES-128](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) with random [IV](https://en.wikipedia.org/wiki/Initialization_vector)
-    *   data encryption key is random key generated at the time of [database](database.md) initialization and is constant over the lifetime of the document. If we change password, we re-encrypt only this key.
-5.  We use data encryption key to decrypt actual data - note title and content.
-    *   encryption used is again AES-128 with [CBC chaining](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation). Unique IV is generated with every encryption operation and stored together with the cipher text.
+The following steps outline how encryption and decryption work in Trilium:
 
-Sharing
--------
+1. The user enters a password.
+2. The password is passed through the [scrypt](https://en.wikipedia.org/wiki/Scrypt) algorithm along with a "password verification" [salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) to confirm that the password is correct.
+3. The password is then processed again through scrypt with an "encryption" salt, which generates a hash.
+    - Scrypt is used for [key stretching](https://en.wikipedia.org/wiki/Key_stretching) to make the password harder to guess.
+4. The generated hash is used to decrypt the actual _data encryption key_.
+    - The data encryption key is encrypted using [AES-128](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) with a random [IV](https://en.wikipedia.org/wiki/Initialization_vector).
+    - The data encryption key is randomly generated during the [database](database.md) initialization and remains constant throughout the document’s lifetime. When the password is changed, only this key is re-encrypted.
+5. The data encryption key is then used to decrypt the actual content of the note, including its title and body.
+    - The encryption algorithm used is AES-128 with [CBC mode](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation), where a unique IV is generated for each encryption operation and stored with the cipher text.
+
+## Sharing Protected Notes
+
+Protected notes cannot be shared in the same way as regular notes. Their encryption ensures that only authorized users with the correct password can access them.
 
-Please note that protected notes cannot be shared like regular notes.
diff --git a/Wiki/script-api.md b/Wiki/script-api.md
@@ -1,10 +1,8 @@
 # Script API
-For [Scripts](scripts.md) to do anything useful, Trilium publishes "Script API". Actually there are two such APIs:
 
-*   [Frontend API](https://triliumnext.github.io/Notes/frontend_api/FrontendScriptApi.html)
-*   [Backend API](https://triliumnext.github.io/Notes/backend_api/BackendScriptApi.html)
+Trilium offers a "Script API" that enables scripts to perform various useful functions. There are two main APIs available:
 
-Backwards compatibility
------------------------
+- [Frontend API](https://triliumnext.github.io/Notes/frontend_api/FrontendScriptApi.html)
+- [Backend API](https://triliumnext.github.io/Notes/backend_api/BackendScriptApi.html)
 
-Note that Script API is now experimental and subject to change in the future.
+Please note that the Script API is currently experimental and may undergo changes in future updates.
diff --git a/Wiki/server-installation.md b/Wiki/server-installation.md
@@ -1,49 +1,54 @@
 # Server Installation
-This pages describes installing Trilium on your own server. You might want to do this in case you want to set up [sync](synchronization.md) or you want to use it as online version of Trilium accessible from anywhere. The server installation is a fully functioning instance i.e. "web editor".
 
-There are several options how to do this, each one with some advantage:
+This guide outlines the steps to install Trilium on your own server. You might consider this option if you want to set up [synchronization](synchronization.md) or use Trilium in a browser - accessible from anywhere.
 
-*   Recommended: [Docker](docker-server-installation.md) - images for **AMD64** and **ARM**
-*   [Packaged server installation](packaged-server-installation.md)
-*   [PikaPods managed hosting](https://www.pikapods.com/pods?run=trilium-next)
-*   [Manual installation](manual-server-installation.md)
-*   [Kubernetes](kubernetes-server-installation.md)
-*   [Cloudron](https://www.cloudron.io/store/com.github.trilium.cloudronapp.html)
-*   [HomelabOS](https://homelabos.com/docs/software/trilium/)
-*   [NixOS module](nixos-server-installation.md)
+## Installation Options
 
-Server installation has both web and [mobile frontend](mobile-frontend.md).
+There are several ways to install Trilium on a server, each with its own advantages:
 
-Configuration
--------------
+- **Recommended**: [Docker Installation](docker-server-installation.md) - Available for **AMD64** and **ARM** architectures.
+- [Packaged Server Installation](packaged-server-installation.md)
+- [PikaPods managed hosting](https://www.pikapods.com/pods?run=trilium-next)
+- [Manual Installation](manual-server-installation.md)
+- [Kubernetes](kubernetes-server-installation.md)
+- [Cloudron](https://www.cloudron.io/store/com.github.trilium.cloudronapp.html)
+- [HomelabOS](https://homelabos.com/docs/software/trilium/)
+- [NixOS Module](nixos-server-installation.md)
 
-For server installations, you might want to configure e.g. port or [TLS](tls-configuration.md). This is done in the Trilium config file, by default it's in `config.ini` in the [data directory](data-directory.md). You can start creating your configuration by copying the provided `config-sample.ini` with default values to `config.ini`.
+The server installation includes both web and [mobile frontends](mobile-frontend.md).
 
-### Config location
+## Configuration
 
-`config.ini`, [database](database.md) and some other important Trilium data files are by default persisted in the [data directory](data-directory.md). You can also review the [configuration](configuration.md) file to provide all `config.ini` values as environment variables instead. 
+After setting up your server installation, you may want to configure settings such as the port or enable [TLS](tls-configuration.md). Configuration is managed via the Trilium `config.ini` file, which is located in the [data directory](data-directory.md) by default. To begin customizing your setup, copy the provided `config-sample.ini` file with default values to `config.ini`.
 
-If this is not desired, you may change it via `TRILIUM_DATA_DIR` environment variable to some other location, e.g.:
+You can also review the [configuration](configuration.md) file to provide all `config.ini` values as environment variables instead.
 
-```text-plain
+### Config Location
+
+By default, `config.ini`, the [database](database.md), and other important Trilium data files are stored in the [data directory](data-directory.md). If you prefer a different location, you can change it by setting the `TRILIUM_DATA_DIR` environment variable:
+
+```sh
 export TRILIUM_DATA_DIR=/home/myuser/data/my-trilium-data
 ```
 
-### Disable authentication
+### Disabling Authentication
 
-Among others, you can also disable authentication (in case you run on localhost only or authentication is handled by another component) by adding the following to `config.ini`:
+If you are running Trilium on localhost only or if authentication is handled by another component, you can disable Trilium’s authentication by adding the following to `config.ini`:
 
-```text-plain
+```ini
 [General]
 noAuthentication=true
 ```
 
-Reverse proxy setup
--------------------
+## Reverse Proxy Setup
+
+To configure a reverse proxy for Trilium, you can use either **nginx** or **Apache**.
 
 ### nginx
 
-```text-plain
+Add the following configuration to your `nginx` setup to proxy requests to Trilium:
+
+```nginx
 location /trilium/ {
     proxy_pass http://127.0.0.1:8080/;
     proxy_http_version 1.1;
@@ -54,13 +59,13 @@ location /trilium/ {
 }
 ```
 
-It's also advised to add following to `server {}` block to not limit size of payloads:
+To avoid limiting the size of payloads, include this in the `server {}` block:
 
-```text-plain
-# set to 0 for unlimited. Default is 1M.
+```nginx
+# Set to 0 for unlimited. Default is 1M.
 client_max_body_size 0;
 ```
 
 ### Apache
 
-See [Apache proxy setup](apache-proxy-setup.md).
+For an Apache setup, refer to the [Apache proxy setup](apache-proxy-setup.md) guide.