Previous Page

nihilist - 23 / 10 / 2020

PrivateBin (pastebin)

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

You can use DuckDNS to get a free domain name:

[ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Nextcloud/blog/Conf]
→ ssh root@ech4.duckdns.org
The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@debian-s-1vcpu-1gb-lon1-01:~#

Initial Setup:

First install the dependencies:

apt update -y && apt upgrade -y
apt install curl socat git php8.2 php8.2-{fpm,xml,gd,mbstring,mysql,common} mariadb-server nginx  -y

#for arch users:
pacman -S nginx php7-fpm
#systemctl enable --now php-fpm7 mysql

Enable nginx:

apt remove apache2 -y
apt purge apache2 -y

systemctl enable --now nginx mysql
wget https://blog.nihilism.network/servers/privatebin/privatebin.conf -O /etc/nginx/sites-available/privatebin.conf
ln -s /etc/nginx/sites-available/privatebin.conf /etc/nginx/sites-enabled/privatebin.conf
rm /etc/nginx/sites-available/default
rm /etc/nginx/sites-enabled/default

#for arch users:
mariadb-install-db --user=root --basedir=/usr --datadir=/var/lib/mysql
chown -R mysql:mysql /var/lib/mysql
systemctl enable --now mariadb

[ 127.0.0.1/8 ] [ /dev/pts/6 ] [/srv]
→ cat /etc/php7/php-fpm.d/www.conf | grep fpm.sock
listen = /run/php-fpm7/php-fpm.sock #put this path in the nginx config for arch servers

#and then make sure nginx can read that sock file:

Install acme.sh and get your free letsencrypt certificate:

wget -O -  https://get.acme.sh | sh
source ~/.bashrc
systemctl stop nginx 
acme.sh --issue --standalone -d ech4.duckdns.org -k 4096
nginx -t

Then edit the nginx config:

/etc/nginx/conf.d/privatebin.conf

Then install Privatebin:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git
chown -R www-data:www-data PrivateBin/
mysql_secure_installation

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: P@SSW0RD
Re-enter new password: P@SSW0RD
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

mysql -u root -p
CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'P@SSW0RD';
GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
exit;

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php
wget https://blog.nihilism.network/servers/privatebin/conf.php -O conf.php
nano conf.php 

You can edit the config if you want, the important part being the following:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "P@SSW0RD"
opt[12] = true ; PDO::ATTR_PERSISTENT

add timezones to both php.inis

cd /etc/php/8.2/

echo 'date.timezone = Europe/Paris' >> fpm/php.ini
echo 'date.timezone = Europe/Paris' >> cli/php.ini

Restart services

systemctl restart php8.2-fpm nginx

Testing

Next just browse to your website:

Here we can see that our https config is correct, we're using TLS1.3, which means our pastebins cannot be transmitted over the network as a plaintext field, it is encrypted it can only be read by you and the server in theory:

To create a private paste just write your text, give it an expiry date, and a password:

after clicking "send" just give the link to someone else to open it:

Enter the P@SSW0RD and there you have it: