selfhosting-blogposts/privatebin/index.md

---
search:
  exclude: true
---
# PrivateBin (pastebin) 

![](logo.png)

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server. 

You can use DuckDNS to get a free domain name:

![](1.png)
    
    
    [ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Nextcloud/blog/Conf]
    → ssh root@ech4.duckdns.org
    The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
    ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
    Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64
    
    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    root@debian-s-1vcpu-1gb-lon1-01:~#
    
    

## **Initial Setup:**

First install the dependencies:
    
    
    apt update -y && apt upgrade -y
    apt install curl socat git php8.2 php8.2-{fpm,xml,gd,mbstring,mysql,common} mariadb-server nginx  -y
    
    #for arch users:
    pacman -S nginx php7-fpm
    #systemctl enable --now php-fpm7 mysql
    
    

Enable nginx:
    
    
    apt remove apache2 -y
    apt purge apache2 -y
    
    systemctl enable --now nginx mysql
    wget https://blog.nowhere.moe/servers/privatebin/privatebin.conf -O /etc/nginx/sites-available/privatebin.conf
    ln -s /etc/nginx/sites-available/privatebin.conf /etc/nginx/sites-enabled/privatebin.conf
    rm /etc/nginx/sites-available/default
    rm /etc/nginx/sites-enabled/default
    
    #for arch users:
    mariadb-install-db --user=root --basedir=/usr --datadir=/var/lib/mysql
    chown -R mysql:mysql /var/lib/mysql
    systemctl enable --now mariadb
    
    [ 127.0.0.1/8 ] [ /dev/pts/6 ] [/srv]
    → cat /etc/php7/php-fpm.d/www.conf | grep fpm.sock
    listen = /run/php-fpm7/php-fpm.sock #put this path in the nginx config for arch servers
    
    #and then make sure nginx can read that sock file:
    
    
    

Install acme.sh and get your free letsencrypt certificate:
    
    
    wget -O -  https://get.acme.sh | sh
    source ~/.bashrc
    systemctl stop nginx 
    acme.sh --issue --standalone -d ech4.duckdns.org -k 4096
    nginx -t
    

![](2.png)

Then edit the nginx config:
    
    
    /etc/nginx/conf.d/privatebin.conf
    
    

![](3.png)

Then install Privatebin:
    
    
    cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git
    chown -R www-data:www-data PrivateBin/
    mysql_secure_installation
    
    Enter current password for root (enter for none): Enter
    Set root password? [Y/n]: Y
    New password: P@SSW0RD
    Re-enter new password: P@SSW0RD
    Remove anonymous users? [Y/n]: Y
    Disallow root login remotely? [Y/n]: Y
    Remove test database and access to it? [Y/n]: Y
    Reload privilege tables now? [Y/n]: Y
    
    
    
    
    mysql -u root -p
    CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'P@SSW0RD';
    GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
    exit;
    
    
    
    
    cd /var/www/html/PrivateBin/cfg
    cp conf.sample.php conf.php
    wget https://blog.nowhere.moe/servers/privatebin/conf.php -O conf.php
    nano conf.php 
    
    

You can edit the config if you want, the important part being the following:
    
    
    ; [model]
    ; name of data model class to load and directory for storage
    ; the default model "Filesystem" stores everything in the filesystem
    ; class = Filesystem
    ; [model_options]
    ; dir = PATH "data"
    
    [model]
    class = Database
    [model_options]
    dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
    tbl = "privatebin_" ; table prefix
    usr = "privatebin"
    pwd = "P@SSW0RD"
    opt[12] = true ; PDO::ATTR_PERSISTENT
    
    

add timezones to both php.inis
    
    
    cd /etc/php/8.2/
    
    echo 'date.timezone = Europe/Paris' >> fpm/php.ini
    echo 'date.timezone = Europe/Paris' >> cli/php.ini
    
    

Restart services
    
    
    systemctl restart php8.2-fpm nginx
    
    

## **Testing**

Next just browse to your website:

![](5.png)

Here we can see that our https config is correct, we're using TLS1.3, which means our pastebins cannot be transmitted over the network as a plaintext field, it is encrypted it can only be read by you and the server in theory:

![](4.png)

To create a private paste just write your text, give it an expiry date, and a password:

![](6.png)

after clicking "send" just give the link to someone else to open it:

![](7.png) ![](8.png)

Enter the P@SSW0RD and there you have it:

![](9.png)