私密剪切板服务:PrivateBin

PrivateBin是一个基于PHP的,功能齐全的开源私密剪切板程序。这里我写两个安装方法,一个基于Debian9,一个基于Docker。

添加测试源:

echo "deb http://deb.debian.org/debian testing main" > /etc/apt/sources.list.d/testing.list
echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/testing.list
apt -y update

安装PHP7.3

apt -y install php7.3 php7.3-cli php7.3-common php7.3-cgi \
php7.3-fpm php7.3-gd php7.3-mysql php7.3-sqlite3 php7.3-pgsql \
php7.3-opcache php7.3-mbstring php7.3-curl php7.3-xml php7.3-xmlrpc \
php7.3-zip php7.3-intl php7.3-json php7.3-bz2 php7.3-dev

安装libsodium:

apt -y install libsodium-dev

安装libsodium的PHP扩展:

pecl install libsodium

配置扩展:

echo "extension=sodium.so" > /etc/php/7.3/mods-available/libsodium.ini

下载源码包解压:

cd /opt
wget https://github.com/PrivateBin/PrivateBin/archive/1.2.1.tar.gz
tar -xzvf 1.2.1.tar.gz
mv PrivateBin-1.2.1 privatebin

复制一份配置文件并给与正确的权限:

cp privatebin/cfg/conf.sample.php privatebin/cfg/conf.php
chown -R www-data:www-data /opt/privatebin

安装Nginx(可选):

apt -y install nginx

如果你选择使用Nginx作为WEB服务器,那么新建站点配置文件:

nano /etc/nginx/conf.d/privatebin.conf

写入如下配置:

server {
    listen       80;
    server_name  privatebin.koko.cat;
    root /opt/privatebin;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        fastcgi_pass   unix:/run/php/php7.3-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

}

启动Nginx:

systemctl restart nginx
systemctl enable nginx

安装Caddy(可选):

Nginx和Caddy二选一即可,我这边推荐使用Caddy,因为可以很方便的配置SSL,安装Caddy:

curl https://getcaddy.com | bash -s personal

新建Caddy所需的目录和配置文件:

mkdir -p /etc/caddy && mkdir -p /etc/ssl/caddy
nano /etc/caddy/Caddyfile

写入如下配置:

privatebin.koko.cat {

    log stdout
    root /opt/privatebin
    gzip
    tls example@qq.com

    fastcgi / /run/php/php7.3-fpm.sock php {
        index index.php
    }
    
    rewrite {
        to {path} {path}/ /index.php?{query}
    }

}

创建Systemd服务:

nano /etc/systemd/system/caddy.service

写入:

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-abnormal
User=root
Group=root
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile
ExecReload=/bin/kill -USR1 \$MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s

[Install]
WantedBy=multi-user.target

启动Caddy

systemctl start caddy
systemctl enable caddy

(可选)安装MySQL作为PrivateBin的数据存储。PrivateBin支持MySQL/SQLite/文件存储,默认的配置是文件存储,但如果你是对外提供服务,为了性能考虑还是建议使用MySQL作为数据存储服务。如果不需要MySQL的话,完成上面的配置就可以拿来用了。

安装:

apt -y install mariadb-server

启动:

systemctl restart mariadb.service
systemctl enable mariadb.service

初始化数据库:

mysql_secure_installation

应答流程:

Enter current password for root (enter for none):回车
Set root password? [Y/n] Y
New password: 设置你的Mariadb数据库root密码
Re-enter new password: 重复输入一次密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

进入到MySQL的shell:

mysql -u root -p

创建数据库和用户:

CREATE DATABASE privatebin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'privatebin'@'localhost' IDENTIFIED BY '设置一个你的数据库密码';
GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
FLUSH PRIVILEGES;
quit

编辑配置文件:

nano /opt/privatebin/cfg/conf.php

默认的配置:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"    ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true   ; PDO::ATTR_PERSISTENT

改为:

;[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
;class = Filesystem
;[model_options]
;dir = PATH "data"

[model]
; example of DB configuration for MySQL
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_"    ; table prefix
usr = "privatebin"
pwd = "Z3r0P4ss"
opt[12] = true   ; PDO::ATTR_PERSISTENT

我先是这样部署了一遍发现一个挺简单的程序这样搞太复杂,所以就自己写了个Dockerfile。。其实官方也有Docker镜像,但是我不怎么喜欢。。我这个Dockerfile里面的环境是PHP7.2+Caddy,默认使用文件存储,配置简单方便。

安装Docker并启动:

curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker

新建一个目录用来存放各种各样的配置文件:

mkdir -p /opt/docker-privatebin && cd /opt/docker-privatebin

新建一个Dockerfile:

FROM alpine:3.9.4

LABEL blog="lala.im"

ARG PRIVATEBIN_VERSION=1.2.1

RUN apk add --no-cache wget \
        caddy \
        php7 \
        php7-gd \
        php7-opcache \
        php7-mcrypt \
        php7-json \
        php7-xml \
        php7-fpm \
        supervisor \
        && mkdir -p /etc/supervisor.d \
        && wget https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VERSION}.tar.gz \
        && tar -xzvf ${PRIVATEBIN_VERSION}.tar.gz \
        && mv PrivateBin-${PRIVATEBIN_VERSION} /opt/privatebin \
        && cp /opt/privatebin/cfg/conf.sample.php /opt/privatebin/cfg/conf.php \
        && chown -R root:root /opt/privatebin \
        && sed -i 's/user = nobody/user = root/g' /etc/php7/php-fpm.d/www.conf \
        && sed -i 's/group = nobody/group = root/g' /etc/php7/php-fpm.d/www.conf \
        && rm -rf ${PRIVATEBIN_VERSION}.tar.gz \
        && rm -rf PrivateBin-${PRIVATEBIN_VERSION}

COPY caddy.conf /etc/caddy/caddy.conf
COPY privatebin.ini /etc/supervisor.d/

EXPOSE 80 443

VOLUME /opt/privatebin/data

CMD supervisord -c /etc/supervisor.d/privatebin.ini

新建一个Caddy配置文件:

nano Caddyfile

写入如下配置:

privatebin.koko.cat {

    log stdout
    root /opt/privatebin
    gzip
    tls example@qq.com

    fastcgi / 127.0.0.1:9000 php
    
    rewrite {
        to {path} {path}/ /index.php?{query}
    }

}

新建一个supervisor配置文件:

nanao privatebin.ini

写入:

[supervisord]
nodaemon=true

[program:php-fpm]
priority=1
command=/usr/sbin/php-fpm7 -R
autorestart=true

[program:caddy]
priority=2
command=/usr/sbin/caddy -agree=true -conf=/etc/caddy/caddy.conf
autorestart=true

构建image:

docker build -t privatebin .

完成之后启动容器:

docker run -d -p 80:80 -p 443:443 \
-v /opt/privatebin:/opt/privatebin/data \
--restart=always --name privatebin privatebin:latest

如果Caddy的配置文件将tls设置为off,那么映射2015端口启动容器:

docker run -d -p 80:2015 \
-v /opt/privatebin:/opt/privatebin/data \
--restart=always --name privatebin privatebin:latest

只是自己搭建着玩玩,推荐直接用Docker,不会对系统本身的环境造成破坏,不想玩了直接删除容器即可。

点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注