How to host a pastebin service using PrivateBin on Debian Buster
Table of Contents
Note: pastebin.com is blocked for some people and has a history of annoying issues (javascript, adverts, poor formatting, etc). Do not use it.
Got it. PrivateBin is an open-source lightweight alternative. And since it is written in PHP, our chroot from previous posts can finally come to practice. 😉
Prerequisites
Install PHP GD extension:
apt install php-gd
Quick start
Download and extract the latest release archive.
curl -L https://github.com/PrivateBin/PrivateBin/archive/1.3.4.tar.gz | tar -C $JAIL/var/www -xz
mv PrivateBin-1.3.4 privatebin
chown -R root:www-data privatebin
Configure webserver
Append the recommended configuration to $JAIL/etc/nginx/sites-available/privatebin.
server {
listen 443 ssl http2;
server_name paste.example.com;
# certificate information goes here
# ssl_certificate ...
# ssl_certificate_key ...
root /var/www/privatebin;
index index.php;
# browser cache for static files
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
# deny access to sensitive files
location ~ ^/(data|cfg|tmp) {
deny all;
}
# ... and configurations
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
# ... and hidden files
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Configure PrivateBin
export PRIVATEBIN=$JAIL/var/www/privatebin
cp $PRIVATEBIN/cfg/conf.sample.php $PRIVATEBIN/cfg/conf.php
Edit conf.php according to personal preferences. Full details are available here.
Security enhancements
find $PRIVATEBIN -type d -print | xargs chmod 0550
find $PRIVATEBIN -type f -print | xargs chmod 0640
chown -R www-data:root $PRIVATEBIN/data
find $PRIVATEBIN/data -type d -print | xargs chmod 0750
Read other posts