arno/privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Page: Docker
Pages
API Configuration Development Docker Encryption format FAQ Home Installation on Red Hat with SELinux Installation PrivateBin Directory Release Checklist Templates Third party clients Translation Upgrading from ZeroBin 0.19 Alpha
1 Docker
El RIDO edited this page 2018-06-16 12:29:06 +02:00
Table of Contents

Docker

Docker is one of multiple methods to containerize Linux applications. Linux containers combine an application and its dependencies into a package format that can easily be deployed onto native Linux environments or Linux VMs running on MacOS or Windows. Containers are especially valuable in making complex application stacks (like the Linux/Webserver/PHP one that PrivateBin requires) really easy to deploy and maintain.

Docker combines a format for distributing container images, a public image registry to distribute these and the command line tools to download, deploy, run and manage these images on Linux, MacOS and Windows (in the latter two cases it will handle a Linux VM to run the containers in it for you).

Official PrivateBin maintained Docker images

PrivateBin instance (privatebin/nginx-fpm-alpine)

This container images provides a secured, preconfigured nginx and php-fpm based PrivateBin installation of the latest stable release. It is based on the php/fpm-alpine image, using the latest stable PHP release.

You can fetch and run the image from the docker hub like this:

docker run -d --restart="always" --read-only -p 8080:80 -v privatebin-data:/srv/data privatebin/nginx-fpm-alpine:1.1.1

The parameters in detail:

  • -v privatebin-data:/srv/data - replace privatebin-data with the path to the folder on your system, where the pastes and other service data should be persisted. This guarantees that your pastes aren't lost after you stop and restart the image or when you replace it. May be skipped if you just want to test the image.
  • -p 8080:80 - The Nginx webserver inside the container listens on port 80, this parameter exposes it on your system on port 8080. Be sure to use a reverse proxy for HTTPS termination in front of it for production environments.
  • --read-only - This image supports running in read-only mode. Using this reduces the attack surface slightly, since an exploit in one of the images services can't overwrite arbitrary files in the container. Only /tmp, /var/tmp, /var/run & /srv/data may be written into.
  • -d - launches the container in the background. You can use docker ps and docker logs to check if the container is alive and well.
  • --restart="always" - restart the container if it crashes, mainly useful for production setups

In case you want to use a customized conf.php file, for example one that has file uploads enabled or that uses a different template, add the file as a second volume:

docker run -d --restart="always" --read-only -p 8080:80 -v conf.php:/srv/cfg/conf.php:ro -v privatebin-data:/srv/data privatebin/nginx-fpm-alpine:1.1.1

Note: The Filesystem data storage is supported out of the box. The image includes PDO modules for MySQL and SQLite, required for the Database one, but you still need to keep the /srv/data persisted for the server salt and the traffic limiter.

Unit Test suite (privatebin/unit-testing)

Since it is non-trivial to setup all dependencies for our unit testing suite, we provide this image that bundles all of them into one container, both phpunit for PHP and mocha for JS.

You can fetch and run the image from the docker hub like this:

docker run --rm --read-only -v ~/PrivateBin:/srv:ro privatebin/unit-testing

The parameters in detail:

  • -v ~/PrivateBin:/srv:ro - Replace ~/PrivateBin with the location of the checked out PrivateBin repository on your machine. It is recommended to mount it read-only, which guarantees that your repository isn't damaged by a accidentally destructive test case in it.
  • --read-only - This image supports running in read-only mode. Only /tmp may be written into.
  • -rm - Remove the container after the run. This saves you doing a cleanup on your docker environment, if you run the image frequently.

Note: Inside the container, the first thing that will be done is to copy your repository into /tmp/repo. The unit tests are then run in this copy. While this slows things done a bit, it further ensures, that a test script inside your repository can't accidentally delete objects in it.

Janitor image with Cloud9 and Theia WebIDE (janitortechnology/privatebin)

Janitor offers a range of container images that let you easily start developing in a project. If you already have a Janitor account, you will now find the image in the project and can start it on the website and access the Cloud9 IDE. Check the menu "Run", "Run configurations" for important tasks like updating the checked out git repo, launching the unit tests (phpunit, mocha or all at once) and submit a merge request when done.

You can also launch the container locally without needing any account at Janitor. You can fetch and run the image from the docker hub like this:

docker run -d -p 127.0.0.1:8080:80 -p 127.0.0.1:8089:8089 -p 127.0.0.1:8090:8090 janitortechnology/privatebin /usr/bin/supervisord

The parameters in detail:

  • -p 127.0.0.1:8080:80 - This exposes the nginx webserver. You can access a live preview of your changes using any browser by accessing http://localhost:8080/
  • -p 127.0.0.1:8089:8089 - This exposes the Cloud9 WebIDE. You can access the Cloud9 WebIDE to do your changes using any browser by accessing http://localhost:8089/
  • -p 127.0.0.1:8090:8090 - This exposes the Theia WebIDE. You can access a live preview of your changes using any browser by accessing http://localhost:8090/
  • -d - Launch the image in the background. Use docker ps to list the image's name and docker stop [insert name here] to stop the container when done.

Third-Party maintained Docker images

If you want to add your own PrivateBin image, please feel free to add it to the list. We will occasionally check these if they got updated after releases or PHP security fixes and may remove them if we get the impression they are not maintained any more.

You can find many more PrivateBin images in the docker hub.