Deploying PrivateBin

Introduction

PrivateBin is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser using 256-bit AES encryption in Galois Counter mode. This means the server never sees the plaintext content, providing true end-to-end encryption for shared text and files.

PrivateBin is a fork of ZeroBin, adding many improvements including a responsive design, additional paste formats, file attachments, and QR code generation. It’s perfect for securely sharing sensitive information like passwords, code snippets, or confidential notes.

Key highlights of PrivateBin:

• Zero Knowledge: The server never sees your unencrypted data
• End-to-End Encryption: AES-256-GCM encryption in the browser
• Self-Destructing Pastes: Set expiration times from 5 minutes to never
• Password Protection: Add an extra layer of security with passwords
• Burn After Reading: Pastes that delete after first view
• File Attachments: Share encrypted files along with text
• Discussion System: Enable encrypted discussions on pastes
• QR Code Generation: Easily share paste URLs via QR codes
• No Registration: Use instantly without creating accounts
• Open Source: Licensed under zlib/libpng license

This guide walks through deploying PrivateBin on Klutch.sh using Docker.

Why Deploy PrivateBin on Klutch.sh

Deploying PrivateBin on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds PrivateBin without complex configuration.

Persistent Storage: Attach persistent volumes for paste storage.

HTTPS by Default: Klutch.sh provides automatic SSL certificates, essential for secure paste sharing.

GitHub Integration: Connect your repository directly from GitHub for automatic deployments.

Custom Domains: Assign a custom domain for your PrivateBin instance.

Always-On Availability: Your paste service remains accessible 24/7.

Prerequisites

Before deploying PrivateBin on Klutch.sh, ensure you have:

• A Klutch.sh account
• A GitHub account with a repository for your PrivateBin configuration
• Basic familiarity with Docker and containerization concepts
• (Optional) A custom domain for your PrivateBin instance

Understanding PrivateBin Security

PrivateBin’s security model ensures true privacy:

Client-Side Encryption: All encryption and decryption happens in the browser. The server only receives and stores encrypted data.

Key in URL Fragment: The decryption key is in the URL fragment (after #), which is never sent to the server.

No Logging: The server cannot log the content of pastes because it only sees encrypted data.

Optional Password: Adds another encryption layer on top of the URL-based key.

Preparing Your Repository

Create a GitHub repository containing your Dockerfile and configuration.

Repository Structure

privatebin-deploy/
├── Dockerfile
├── conf.php
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM privatebin/nginx-fpm-alpine:latest

# Copy custom configuration
COPY conf.php /srv/cfg/conf.php

# Create data directory
RUN mkdir -p /srv/data && \
    chown -R nobody:nobody /srv/data

# Expose the web interface port
EXPOSE 8080

# Use the built-in entrypoint

Creating conf.php Configuration

Create a conf.php file with your PrivateBin configuration:

;<?php http_response_code(403); /*
[main]
; Enable discussions on pastes
discussion = true

; Require password for all pastes
requirepassword = false

; Show paste expiration options
expireoptions = true

; Default expiration time
expire_default = "1week"

; Available expiration times
expire_options = {"5min": 300, "10min": 600, "1hour": 3600, "1day": 86400, "1week": 604800, "1month": 2592000, "1year": 31536000, "never": 0}

; Default burn after reading
burnafterreadingdefault = false

; Default syntax highlighting
defaultformatter = "plaintext"

; Syntax highlighting options
formattersoptions = {"plaintext": "Plain Text", "syntaxhighlighting": "Source Code", "markdown": "Markdown"}

; Size limit for pastes (2MB)
sizelimit = 2097152

; Template theme
template = "bootstrap-dark"

; Language
languageselection = true

; Language default
languagedefault = "en"

; URL shortener (optional)
urlshortener = ""

; QR code generation
qrcode = true

; Email button
email = true

; Icon for browser tab
icon = "identicon"

; Compression (none, gzip, zlib)
compression = "zlib"

[expire]
; Expire settings are defined in expireoptions above

[traffic]
; Rate limit: minimum seconds between posts from same IP
limit = 10

; Exempt IP addresses from rate limiting
exempted = ""

[purge]
; Minimum time before purging old pastes (seconds)
limit = 300

; Maximum number of pastes to purge per batch
batchsize = 10

[model]
; Storage class
class = Filesystem

[model_options]
dir = PATH "data"
*/

Creating the .dockerignore File

Create a .dockerignore file:

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store

Deploying PrivateBin on Klutch.sh

Push Your Repository to GitHub

Initialize your repository and push to GitHub:

git init
git add Dockerfile conf.php .dockerignore
git commit -m "Initial PrivateBin deployment configuration"
git remote add origin https://github.com/yourusername/privatebin-deploy.git
git push -u origin main

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “privatebin” or “secure-paste”.

Create a New App

Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your PrivateBin Dockerfile.

Configure HTTP Traffic

In the deployment settings:

• Select HTTP as the traffic type
• Set the internal port to 8080

Attach Persistent Volumes

Add the following volumes:

Mount Path	Recommended Size	Purpose
/srv/data	10 GB	Encrypted paste storage

Deploy Your Application

Click Deploy to start the build process. Klutch.sh will:

• Detect your Dockerfile automatically
• Build the container image
• Attach the persistent volumes
• Start the PrivateBin container
• Provision an HTTPS certificate

Access PrivateBin

Once deployment completes, access your PrivateBin instance at https://your-app-name.klutch.sh. Start creating and sharing encrypted pastes.

Using PrivateBin

Creating a Paste

1. Navigate to your PrivateBin instance
2. Enter or paste your text content
3. (Optional) Select syntax highlighting format
4. Choose expiration time
5. (Optional) Enable burn after reading
6. (Optional) Set a password
7. Click “Send”
8. Share the generated URL with recipients

Understanding the URL

The paste URL contains two parts:

• Base URL: Points to your PrivateBin server
• Fragment (after #): Contains the encryption key (never sent to server)

Example: https://paste.example.com/?abc123#defghijklmnop

Sharing Securely

• Share the complete URL including the fragment
• Use secure channels for sharing sensitive pastes
• Consider using password protection for extra security
• Use burn after reading for one-time secrets

Configuration Options

Available Themes

Theme	Description
bootstrap	Light Bootstrap theme
bootstrap-dark	Dark Bootstrap theme
bootstrap-compact	Compact Bootstrap theme
page	Simple page theme

Storage Backends

PrivateBin supports multiple storage backends:

Backend	Use Case
Filesystem	Default, stores pastes as files
Database	PostgreSQL, MySQL, or SQLite
GoogleCloudStorage	Google Cloud Storage buckets
S3Storage	AWS S3 or compatible storage

Customization

Custom Branding

Modify the template files to add custom branding:

1. Fork the PrivateBin repository
2. Modify templates in the /tpl directory
3. Update CSS in the /css directory
4. Build and deploy your customized version

Rate Limiting

Adjust rate limiting in conf.php:

[traffic]
; Minimum seconds between posts from same IP
limit = 10

Troubleshooting Common Issues

Paste Not Loading

Solutions:

• Ensure the complete URL including fragment is being used
• Check that JavaScript is enabled in the browser
• Verify no browser extensions are blocking the site

Disk Space Issues

Solutions:

• Increase persistent volume size
• Reduce default expiration times
• Increase purge frequency in configuration

Upload Fails

Solutions:

• Check file size against sizelimit in configuration
• Verify paste content isn’t exceeding limits
• Review server error logs

Additional Resources

• PrivateBin Website
• PrivateBin GitHub Repository
• PrivateBin Wiki
• Klutch.sh Persistent Volumes
• Klutch.sh Deployments

Conclusion

Deploying PrivateBin on Klutch.sh gives you a secure, zero-knowledge paste service for sharing sensitive information. With client-side encryption, the server never sees your data, providing true end-to-end security for your shared content.

Whether you’re sharing passwords with colleagues, code snippets with developers, or confidential notes with clients, PrivateBin ensures that only the intended recipients can read your pastes.