PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Debian 9 system.
Prerequisites
- A Debian 9 server.
- Root access to your server (via the root user or a user with
sudo
privileges.) - A web server with PHP (Instructions below.)
- A MySQL database (Instructions below.)
Preparations
If you’re not logged in as the root user, execute sudo -i
to obtain a temporary root shell.
Update your system and install required software.
apt update
apt upgrade -y
apt install -y git
Git will be used to download PrivateBin from its github repository.
Installing a web server stack:
We will be using Apache and PHP. Execute the following to install the required packages:
apt update
apt install -y apache2 php php-xml php-mbstring php-mysql php-json php-pdo
Make sure Apache is enabled and running:
systemctl enable --now apache2.service
Configuring Apache
Using a text editor of your choice, create a new configuration file for Apache. For instance:
vim /etc/apache2/sites-available/privatebin.conf
Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName
):
<VirtualHost *:80>
ServerName YOUR_SERVER_IP
DocumentRoot /var/www/html/PrivateBin/
ErrorLog ${APACHE_LOG_DIR}/privatebin-error.log
CustomLog ${APACHE_LOG_DIR}/privatebin-access.log combined
<Directory /var/www/html/PrivateBin>
AllowOverride All
</Directory>
</VirtualHost>
Save, exit, and enable this virtual host:
a2ensite privatebin.conf
Reload the configuration:
systemctl reload apache2.service
Installing PrivateBin
Since PrivateBin is hosted on github, we’ll clone the repository locally:
cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git
And give the Apache user ownership of the PrivateBin directory:
chown -R www-data:www-data PrivateBin/
You should now be able to access PrivateBin on http://YOUR_SERVER_IP
. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.
Optional
PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.
Installing MariaDB
apt install -y mariadb-server mariadb-client
systemctl enable --now mariadb.service
Secure your MySQL installation with this command:
mysql_secure_installation
Answer the questions as follows:
Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Make sure you use a strong password.
Configuring MariaDB
Create a database and user for PrivateBin:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;
Make sure you replace newpassword
with a secure password. It should be different from the password you chose for the MariaDB root user.
Changing Storage Mode
First, copy the default configuration file for editing:
cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php
Using a text editor of your choice, open the file conf.php
. Find the following segment:
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
And replace it with:
; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"
[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true ; PDO::ATTR_PERSISTENT
Again, make sure you replace newpassword
with the password chosen during user creation in the MySQL console, then save and exit.
Restart apache:
systemctl restart apache2.service
And done.
Implementing HTTPS is recommended but beyond the scope of this article. You can obtain and install a certificate, for free, using certbot.