Skip to content
Klutch.sh Docs

Deploying Paaster

Introduction

Paaster is a secure, end-to-end encrypted pastebin application that prioritizes privacy. Unlike traditional pastebins where server administrators can read uploaded content, Paaster encrypts all data client-side before transmission, ensuring that only people with the unique link can decrypt and view the content.

Built with a modern stack featuring a Python FastAPI backend and a Svelte frontend, Paaster provides a clean, fast interface for sharing code snippets, configuration files, logs, and any text content securely. The server never sees plaintext data, making it ideal for sharing sensitive information.

Key highlights of Paaster:

  • End-to-End Encryption: Content is encrypted in the browser before upload; server never sees plaintext
  • Zero Knowledge: Server operators cannot read paste contents
  • Syntax Highlighting: Support for numerous programming languages with automatic detection
  • Expiration Options: Set pastes to expire after a specified time
  • Burn After Reading: Option to delete paste after first view
  • No Account Required: Create and share pastes without registration
  • API Access: Programmatic paste creation through REST API
  • Self-Hostable: Full control over your data and infrastructure
  • Modern Interface: Clean, responsive design with dark mode support
  • Open Source: MIT licensed with transparent codebase

This guide walks through deploying Paaster on Klutch.sh using Docker, configuring the application for secure paste sharing, and customizing the deployment for your needs.

Why Deploy Paaster on Klutch.sh

Deploying Paaster on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds Paaster without complex configuration. Push to GitHub, and your pastebin deploys automatically.

Persistent Storage: Attach persistent volumes for the database, ensuring pastes survive container restarts until their expiration.

HTTPS by Default: Klutch.sh provides automatic SSL certificates, essential for secure end-to-end encryption and protecting the encryption keys in URLs.

GitHub Integration: Connect your configuration repository directly from GitHub for version-controlled deployments.

Scalable Resources: Allocate CPU and memory based on expected usage and traffic.

Environment Variable Management: Securely configure database settings and application options through Klutch.sh’s environment variable system.

Custom Domains: Assign a custom domain for a branded, professional pastebin experience.

Always-On Availability: Your secure pastebin remains accessible 24/7 for instant sharing.

Prerequisites

Before deploying Paaster on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your Paaster configuration
  • Basic familiarity with Docker and containerization concepts
  • (Optional) A custom domain for your pastebin instance

Understanding Paaster Architecture

Paaster uses a simple but secure architecture:

Frontend (Svelte): The client-side application handles encryption/decryption using the Web Crypto API. Encryption keys are stored in the URL fragment (after #), which is never sent to the server.

Backend (FastAPI): The Python backend handles storing and retrieving encrypted blobs, managing expiration, and providing the API. It never processes plaintext paste content.

Database: Stores encrypted paste data, metadata, and expiration information. Supports SQLite for simple deployments or PostgreSQL for production scale.

Encryption Flow: Content is encrypted with AES-GCM using a randomly generated key. The key is appended to the URL fragment. Recipients decrypt content locally in their browser.

Preparing Your Repository

To deploy Paaster on Klutch.sh, create a GitHub repository with your Dockerfile.

Repository Structure

paaster-deploy/
├── Dockerfile
├── README.md
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM wardpearce/paaster:latest


# Set environment variables
ENV PAASTER_BACKEND__URL=${PAASTER_BACKEND__URL}
ENV PAASTER_BACKEND__PROXY_URLS=${PAASTER_BACKEND__PROXY_URLS:-false}
ENV PAASTER_BACKEND__MAX_PASTE_SIZE=${PAASTER_BACKEND__MAX_PASTE_SIZE:-1048576}
ENV PAASTER_DB__TYPE=${PAASTER_DB__TYPE:-sqlite}
ENV PAASTER_DB__PATH=${PAASTER_DB__PATH:-/data/paaster.db}


# Create data directory
RUN mkdir -p /data


# Expose port
EXPOSE 8080


# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:8080/api/health || exit 1

Creating the .dockerignore File

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env

Environment Variables Reference

VariableRequiredDefaultDescription
PAASTER_BACKEND__URLYes-Public URL of your Paaster instance
PAASTER_BACKEND__PROXY_URLSNofalseEnable if behind reverse proxy
PAASTER_BACKEND__MAX_PASTE_SIZENo1048576Maximum paste size in bytes (1MB default)
PAASTER_DB__TYPENosqliteDatabase type (sqlite or postgresql)
PAASTER_DB__PATHNo/data/paaster.dbSQLite database path
PAASTER_DB__URLNo-PostgreSQL connection URL

Deploying Paaster on Klutch.sh

    Push Your Repository to GitHub

    Initialize your repository and push to GitHub:

    Terminal window
    git init
    git add Dockerfile .dockerignore README.md
    git commit -m "Initial Paaster deployment configuration"
    git remote add origin https://github.com/yourusername/paaster-deploy.git
    git push -u origin main

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “paaster” or “secure-paste”.

    Create a New App

    Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your Paaster Dockerfile.

    Configure HTTP Traffic

    In the deployment settings:

    • Select HTTP as the traffic type
    • Set the internal port to 8080

    Set Environment Variables

    In the environment variables section, add:

    VariableValue
    PAASTER_BACKEND__URLhttps://your-app-name.klutch.sh
    PAASTER_BACKEND__PROXY_URLStrue
    PAASTER_BACKEND__MAX_PASTE_SIZE5242880 (5MB)
    PAASTER_DB__TYPEsqlite
    PAASTER_DB__PATH/data/paaster.db

    Attach Persistent Volumes

    Add the following volume:

    Mount PathRecommended SizePurpose
    /data5 GBSQLite database for encrypted pastes

    Deploy Your Application

    Click Deploy to start the build process. Klutch.sh will build and deploy your Paaster instance.

    Access Paaster

    Once deployment completes, access your secure pastebin at https://your-app-name.klutch.sh.

Using Paaster

Creating a Paste

  1. Navigate to your Paaster instance
  2. Enter or paste your content in the text area
  3. Optionally select syntax highlighting language
  4. Choose expiration time (if desired)
  5. Enable “Burn after reading” for one-time viewing
  6. Click Create Paste
  7. Copy and share the generated URL

Understanding the URL Structure

Paaster URLs contain the encryption key in the fragment:

https://your-paaster.klutch.sh/paste/abc123#encryptionkey

The portion after # is the decryption key and is never sent to the server. Only share the complete URL with intended recipients.

API Usage

Create pastes programmatically:

Terminal window
curl -X POST https://your-paaster.klutch.sh/api/paste \
  -H "Content-Type: application/json" \
  -d '{"content": "encrypted_content_here"}'

Note: For API usage, you’ll need to handle encryption client-side.

Security Considerations

End-to-End Encryption

  • Encryption happens entirely in the browser using AES-GCM
  • The server only stores encrypted blobs
  • Decryption keys exist only in URLs (fragments)
  • Server administrators cannot read paste contents

Best Practices

  • Always share links through secure channels
  • Use expiration for sensitive content
  • Enable “Burn after reading” for highly sensitive data
  • Use HTTPS (provided automatically by Klutch.sh)

Troubleshooting Common Issues

Pastes Not Loading

  • Verify the complete URL including the fragment was copied
  • Check that the paste hasn’t expired
  • Ensure the paste wasn’t set to “Burn after reading” and already viewed

Database Errors

  • Verify volume is properly mounted
  • Check disk space availability
  • Ensure database file permissions are correct

Large Paste Failures

  • Increase PAASTER_BACKEND__MAX_PASTE_SIZE for larger pastes
  • Consider content compression for very large files

Additional Resources

Conclusion

Deploying Paaster on Klutch.sh provides a secure, privacy-respecting pastebin that you fully control. The end-to-end encryption ensures that sensitive code snippets, configuration files, and text can be shared without exposing content to server administrators or potential attackers.

Whether you need to share credentials with team members, exchange configuration files, or simply want a private alternative to public pastebins, Paaster on Klutch.sh delivers secure sharing with minimal setup.