PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Debian 9 system.
Prerequisites
- A Debian 9 server.
- Root access to your server (via the root user or a user with
sudoprivileges.) - A web server with PHP (Instructions below.)
- A MySQL database (Instructions below.)
Preparations
If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.
Update your system and install required software.
apt update
apt upgrade -y
apt install -y git
Git will be used to download PrivateBin from its github repository.
Installing a web server stack:
We will be using Apache and PHP. Execute the following to install the required packages:
apt update
apt install -y apache2 php php-xml php-mbstring php-mysql php-json php-pdo
Make sure Apache is enabled and running:
systemctl enable --now apache2.service
Configuring Apache
Using a text editor of your choice, create a new configuration file for Apache. For instance:
vim /etc/apache2/sites-available/privatebin.conf
Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):
<VirtualHost *:80>
ServerName YOUR_SERVER_IP
DocumentRoot /var/www/html/PrivateBin/
ErrorLog ${APACHE_LOG_DIR}/privatebin-error.log
CustomLog ${APACHE_LOG_DIR}/privatebin-access.log combined
<Directory /var/www/html/PrivateBin>
AllowOverride All
</Directory>
</VirtualHost>
Save, exit, and enable this virtual host:
a2ensite privatebin.conf
Reload the configuration:
systemctl reload apache2.service
Installing PrivateBin
Since PrivateBin is hosted on github, we’ll clone the repository locally:
cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git
And give the Apache user ownership of the PrivateBin directory:
chown -R www-data:www-data PrivateBin/
You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.
Optional
PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.
Installing MariaDB
apt install -y mariadb-server mariadb-client
systemctl enable --now mariadb.service
Secure your MySQL installation with this command:
mysql_secure_installation
Answer the questions as follows:
Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Make sure you use a strong password.
Configuring MariaDB
Create a database and user for PrivateBin:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;
Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.
Changing Storage Mode
First, copy the default configuration file for editing:
cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php
Using a text editor of your choice, open the file conf.php. Find the following segment:
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
And replace it with:
; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"
[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true ; PDO::ATTR_PERSISTENT
Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.
Restart apache:
systemctl restart apache2.service
And done.
Implementing HTTPS is recommended but beyond the scope of this article. You can obtain and install a certificate, for free, using certbot.
It isn’t too private if it does not use at least SSL
Thanks for your feedback. This article only covers the installation of PrivateBin and not HTTPS config. I’ve edited my post to reflect that.
Thank you for this. I have use your example in my wiki : https://wiki.visionduweb.fr/index.php?title=Exporter_un_fichier_texte_vers_un_service_en_ligne_de_type_pastebin
For SSL, you can use Let’s Encrypt : https://wiki.visionduweb.fr/index.php/Certificats_SSL_TLS_Letsencrypt
How to for use PrivateBin with cli, for send a log file ?
Hi, thx for the setup desc, by any chance do u have a guide in setting up privatebin with https? I still have a LE domain and wildcard cert which I wanted to use as well for privatebin. Any help you could provide? Thx, br, Mike