-
Notifications
You must be signed in to change notification settings - Fork 823
Docker
Docker is one of multiple methods to containerize Linux applications. Linux containers combine an application and its dependencies into a package format that can easily be deployed onto native Linux environments or Linux VMs running on MacOS or Windows. Containers are especially valuable in making complex application stacks (like the Linux/Webserver/PHP one that PrivateBin requires) really easy to deploy and maintain.
For Kubernetes deployments we also offer a Helm chart that deploys the official docker image.
PrivateBin instance (privatebin/nginx-fpm-alpine)
This container images provides a secured, preconfigured nginx and php-fpm based PrivateBin installation of the latest stable release. It is based on the Alpine image and it's packaged PHP and nginx versions.
You can fetch and run the image from the docker hub like this:
docker run -d --restart="always" --read-only -p 8080:8080 -v privatebin-data:/srv/data privatebin/nginx-fpm-alpine:1.3.5
The parameters in detail:
-
-v privatebin-data:/srv/data
- replaceprivatebin-data
with the path to the folder on your system, where the pastes and other service data should be persisted. This guarantees that your pastes aren't lost after you stop and restart the image or when you replace it. May be skipped if you just want to test the image. -
-p 8080:8080
- The Nginx webserver inside the container listens on port 8080, this parameter exposes it on your system on port 8080. Be sure to use a reverse proxy for HTTPS termination in front of it for production environments. -
--read-only
- This image supports running in read-only mode. Using this reduces the attack surface slightly, since an exploit in one of the images services can't overwrite arbitrary files in the container. Only /tmp, /var/tmp, /var/run & /srv/data may be written into. -
-d
- launches the container in the background. You can usedocker ps
anddocker logs
to check if the container is alive and well. -
--restart="always"
- restart the container if it crashes, mainly useful for production setups
In case you want to use a customized conf.php file, for example one that has file uploads enabled or that uses a different template, add the file as a second volume:
docker run -d --restart="always" --read-only -p 8080:8080 -v conf.php:/srv/cfg/conf.php:ro -v privatebin-data:/srv/data privatebin/nginx-fpm-alpine:1.3.5
Note: The Filesystem
data storage is supported out of the box. The image includes PDO modules for MySQL and SQLite, required for the Database
one, but you still need to keep the /srv/data persisted for the server salt and the traffic limiter.
Unit Test suite (privatebin/unit-testing)
Since it is non-trivial to setup all dependencies for our unit testing suite, we provide this image that bundles all of them into one container, both phpunit for PHP and mocha for JS.
You can fetch and run the image from the docker hub like this:
docker run --rm --read-only -v ~/PrivateBin:/srv:ro privatebin/unit-testing
The parameters in detail:
-
-v ~/PrivateBin:/srv:ro
- Replace~/PrivateBin
with the location of the checked out PrivateBin repository on your machine. It is recommended to mount it read-only, which guarantees that your repository isn't damaged by a accidentally destructive test case in it. -
--read-only
- This image supports running in read-only mode. Only /tmp may be written into. -
-rm
- Remove the container after the run. This saves you doing a cleanup on your docker environment, if you run the image frequently.
Note: Inside the container, the first thing that will be done is to copy your repository into /tmp/repo. The unit tests are then run in this copy. While this slows things done a bit, it further ensures, that a test script inside your repository can't accidentally delete objects in it.
You can also run just the php and javascript test suites instead of both:
docker run --rm --read-only -v ~/PrivateBin:/srv:ro privatebin/unit-testing phpunit
docker run --rm --read-only -v ~/PrivateBin:/srv:ro privatebin/unit-testing mocha
If you want to add your own PrivateBin image, please feel free to add it to the list. We will occasionally check these if they got updated after releases or PHP security fixes and may remove them if we get the impression they are not maintained any more. It would be nice to have different options to choose from like Apache with mod-php, Debian Slim or CentOS based images.
You can find many more PrivateBin images in the docker hub.
Jeroen Geusebroek's PrivateBin (jgeusebroek/privatebin)
A very small (22 MiB) image, based on Alpine and it's packaged PHP and nginx versions.
Copyright 2021 wiki contributors. Licensed under CC BY 4.0. The PrivateBin software itself is licensed differently.