Setting Up PrivateBin with Docker Compose
Introduction to PrivateBin
PrivateBin is a secure, minimalist, open-source online pastebin where the server has zero knowledge of pasted data. It allows you to share sensitive information securely and anonymously.
Note
PrivateBin must run via HTTPS
Docker Compose Configuration for PrivateBin
This Docker Compose setup deploys PrivateBin using the privatebin/nginx-fpm-alpine
image in a Docker container, ensuring a secure environment for sharing texts and files.
Docker Compose File (docker-compose.yml)¶
version: '3.8'
services:
privatebin:
image: privatebin/nginx-fpm-alpine
restart: always
read_only: true
user: "1000:1000" # Run the container with the UID:GID of your Docker user
ports:
- "8082:8080"
volumes:
- ./privatebin-data:/srv/data
Key Components of the Configuration
Service: PrivateBin
Image:
privatebin/nginx-fpm-alpine
is the Docker image used for PrivateBin.
Restart Policy:
always
ensures that the PrivateBin service restarts automatically after a crash or reboot.
Read Only:
read_only: true
enhances security by making the root filesystem read-only.
User:
user: "1000:1000"
specifies the UID and GID for running the container, enhancing security by avoiding running as root.
Ports:
8082:8080
maps port 8082 on the host to port 8080 in the container, where PrivateBin's web interface is accessible.
Volumes:
./privatebin-data:/srv/data
provides persistent storage for PrivateBin's data.
Deploying PrivateBin
-
Create a Directory for PrivateBin Data:
It's important to manually create a directory for your PrivateBin data before running the Docker Compose command. If you allow Docker to create the directory automatically, it might be created with root ownership, leading to permission issues, especially if Docker is not being run as root. This can cause PrivateBin to not function correctly due to insufficient permissions.
mkdir -p ./privatebin-data
Note
Ensure the directory has the correct permissions by setting the user ID (UID) and group ID (GID) to match the service's configured
user: "1000:1000"
setting. -
Save Docker Compose Configuration:
Save the Docker Compose configuration in a
docker-compose.yml
file within your project directory. -
Start PrivateBin:
Run
docker compose up -d
to start PrivateBin in detached mode. -
Access PrivateBin:
Access PrivateBin by navigating to
http://
.:8082
By following these steps and ensuring the data directory has the correct permissions, you can avoid potential issues and ensure PrivateBin functions correctly.
Understanding the PrivateBin Data Directory
After setting up PrivateBin, various files and directories within the privatebin-data
directory play crucial roles in the application's functionality and security. Here's a breakdown of these components:
salt.php
-
Purpose: Contains the server salt used by PrivateBin.
-
Functionality: A salt is a random piece of data used as an additional input to a one-way function that hashes data, passwords, or passphrases. In the context of PrivateBin, it enhances security by ensuring that encrypted data stored on the server cannot be decrypted without the correct salt, which is known only to the client.
traffic_limiter.php
and purge_limiter.php
-
Purpose: These files are instrumental in limiting the rate of traffic and purging operations to the server.
-
Functionality:
traffic_limiter.php
: Contains data or logic to track and limit the amount of data traffic (e.g., paste creation and retrieval) to avoid denial of service attacks or excessive load.purge_limiter.php
: Tracks the purge operations to prevent mass deletion of data, which could also impact server performance.
d7
(directory)
-
Purpose: Part of the storage structure used by PrivateBin to organize encrypted paste files.
-
Functionality: PrivateBin typically stores pastes as files on the server, organizing them into directories like
d7
to optimize file system performance and management.
Managing the PrivateBin Data Directory
It's important to regularly back up and monitor the contents of the privatebin-data
directory to ensure data integrity and application security. Proper management of this directory supports the overall health of your PrivateBin deployment.
Configuring and Using PrivateBin
After deployment, PrivateBin is ready to use with minimal configuration required. Access the web interface to start sharing texts and files securely.