Table of Contents

Note: is blocked for some people and has a history of annoying issues (javascript, adverts, poor formatting, etc). Do not use it.

Got it. PrivateBin is an open-source lightweight alternative. And since it is written in PHP, our chroot from previous posts can finally come to practice. 😉

screenshot of privatebin


Install PHP GD extension:

apt install php-gd

Quick start

Download and extract the latest release archive.

curl -L | tar -C $JAIL/var/www -xz
mv PrivateBin-1.3.4 privatebin
chown -R root:www-data privatebin

Configure webserver

Append the recommended configuration to $JAIL/etc/nginx/sites-available/privatebin.

server {
    listen 443 ssl http2;

    # certificate information goes here
    # ssl_certificate ...
    # ssl_certificate_key ...

    root /var/www/privatebin;
    index index.php;

    # browser cache for static files
    location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
        expires 30d;
        access_log off;

    # deny access to sensitive files
    location ~ ^/(data|cfg|tmp) {
        deny all;

    # ... and configurations
    location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
        deny all;

    # ... and hidden files
    location ~ /\. {
        deny all;

    location / {
        try_files $uri $uri/ /index.php;

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Configure PrivateBin

export PRIVATEBIN=$JAIL/var/www/privatebin
cp $PRIVATEBIN/cfg/conf.sample.php $PRIVATEBIN/cfg/conf.php

Edit conf.php according to personal preferences. Full details are available here.

Security enhancements

Restrict file permissions:

find $PRIVATEBIN -type d -print | xargs chmod 0550
find $PRIVATEBIN -type f -print | xargs chmod 0640
chown -R www-data:root $PRIVATEBIN/data
find $PRIVATEBIN/data -type d -print | xargs chmod 0750