PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Fedora 29 system.
Prerequisites
- A Fedora 29 system obviously.
- Root access to your server (via the root user or a user with
sudo
privileges.) - A web server with PHP (Instructions below.)
- A MySQL database (Instructions below.)
Preparations
If you’re not logged in as the root user, execute sudo -i
to obtain a temporary root shell.
Update your system and install required software.
dnf update
dnf install -y git
Git will be used to download PrivateBin from its github repository.
Installing a web server stack:
We will be using Apache and PHP. Execute the following to install the required packages:
dnf install -y httpd php php-common php-xml php-mbstring \
php-mysqlnd php-pdo php-mcrypt php-json
Make sure Apache is enabled and running:
systemctl enable --now httpd.service
Configuring Apache
Using a text editor of your choice, create a new configuration file for Apache. For instance:
vim /etc/httpd/conf.d/privatebin.conf
Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName
):
<VirtualHost *:80>
ServerName YOUR_SERVER_IP
DocumentRoot /var/www/html/PrivateBin/
ErrorLog /var/log/httpd/privatebin-error.log
CustomLog /var/log/httpd/privatebin-access.log combined
<Directory /var/www/html/PrivateBin>
AllowOverride All
</Directory>
</VirtualHost>
Save and exit.
Reload the configuration:
systemctl reload httpd.service
Installing PrivateBin
Since PrivateBin is hosted on github, we’ll clone the repository locally:
cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git
And give the Apache user ownership of the PrivateBin directory:
chown -R apache:apache PrivateBin/
Configure firewalld to allow HTTP traffic:
firewall-cmd --add-service http --permanent
firewall-cmd --reload
You should now be able to access PrivateBin on http://YOUR_SERVER_IP
. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.
If you encounter server-side errors during PrivateBin usage, SELinux is the likely culprit. To disable it, open /etc/sysconfig/selinux
with a text editor of your choice, and replace SELINUX=enforcing
with SELINUX=disabled
. You should now either reboot, or execute setenforce 0
to disable SELinux immediately.
Optional
PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.
Installing MariaDB
dnf install -y mariadb-server mariadb
systemctl enable --now mariadb.service
Secure your MySQL installation with this command:
mysql_secure_installation
Answer the questions as follows:
Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Make sure you use a strong password.
Configuring MariaDB
Create a database and user for PrivateBin:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;
Make sure you replace newpassword
with a secure password. It should be different from the password you chose for the MariaDB root user.
Changing Storage Mode
First, copy the default configuration file for editing:
cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php
Using a text editor of your choice, open the file conf.php
. Find the following segment:
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
And replace it with:
; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"
[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true ; PDO::ATTR_PERSISTENT
Again, make sure you replace newpassword
with the password chosen during user creation in the MySQL console, then save and exit.
Restart apache:
systemctl restart httpd.service
PrivateBin will now store pasted data in its MySQL database.