From aac13497239630e1efcc725c4ee1399e95e781f9 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 4 Oct 2017 19:49:14 +0200 Subject: [PATCH] resordering installation documentation structure to focus more on the hardening of the setup --- Installation.md | 73 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/Installation.md b/Installation.md index 41b090e..a59321a 100644 --- a/Installation.md +++ b/Installation.md @@ -1,14 +1,13 @@ **TL;DR:** Download the [latest release archive](https://github.com/PrivateBin/PrivateBin/releases/latest) and extract it in your web hosts folder where you want to install your PrivateBin -instance. We try to provide a safe default configuration, but we advise you to -check the options and adjust them as you see fit. +instance. We try to provide a mostly safe default configuration, but we urge you to +check the [security section](#hardening-and-security) below and the [configuration +options](#configuration) to adjust as you see fit. **NOTE:** See [our FAQ](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-securely-clonedownload-your-project) for information how to securely download the PrivateBin release files. -## Basic installation - -### Requirements +### Minimal requirements - PHP version 5.4 or above - _one_ of the following sources of cryptographically safe randomness is required: @@ -20,37 +19,11 @@ check the options and adjust them as you see fit. Mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file. - GD extension -- some disk space or (optional) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php) -- ability to create files and folders in the installation directory and the PATH +- some disk space or (optionally) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php) +- ability to create files and folders in the installation directory and the PATH defined in index.php - A web browser with javascript support -### Configuration - -In the file `cfg/conf.ini` you can configure PrivateBin. A `cfg/conf.ini.sample` -is provided containing all options and default values. You can copy it to -`cfg/conf.ini` and adapt it as needed. The config file is divided into multiple -sections, which are enclosed in square brackets. - -In the `[main]` section you can enable or disable the discussion feature, set -the limit of stored pastes and comments in bytes. The `[traffic]` section lets -you set a time limit in seconds. Users may not post more often then this limit -to your PrivateBin installation. - -More details can be found in the -[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). - -## Further configuration - -After (or before) setting up PrivateBin, also set up HTTPS, as without HTTPS -PrivateBin is not secure. ( -[More information](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https)) - -If you want to use PrivateBin behind Cloudflare, make sure you disabled Rocket -loader and unchecked "Javascript" for Auto Minify, found in your domain settings, -under "Speed". (More information -[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection)) - -## Advanced installation +## Hardening and security ### Changing the path @@ -75,6 +48,29 @@ process (see also > PrivateBin will look for your includes / data here: > /home/example.com/secret/privatebin +### Transport security + +When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS +PrivateBin is not secure, as the javascript files could be manipulated during transmission. +For more information on this, see our [FAQ entry on HTTPS setup](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-should-i-setup-https). + +## Configuration + +In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php` +is provided containing all options and default values. You can copy it to +`cfg/conf.php` and adapt it as needed. The config file is divided into multiple +sections, which are enclosed in square brackets. + +In the `[main]` section you can enable or disable the discussion feature, set +the limit of stored pastes and comments in bytes. The `[traffic]` section lets +you set a time limit in seconds. Users may not post more often then this limit +to your PrivateBin installation. + +More details can be found in the +[configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration). + +## Advanced installation + ### Web server configuration A `robots.txt` file is provided in the root dir of PrivateBin. It disallows all @@ -88,6 +84,13 @@ some known robots and link-scanning bots. If you use Apache, you can rename the file to `.htaccess` to enable this feature. If you use another webserver, you have to configure it manually to do the same. +### On using Cloudflare + +If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket +loader and unchecked "Javascript" for Auto Minify, found in your domain settings, +under "Speed". (More information +[in this FAQ entry](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection)) + ### Using a database instead of flat files In the configuration file the `[model]` and `[model_options]` sections let you @@ -150,4 +153,4 @@ CREATE TABLE prefix_config ( INSERT INTO prefix_config VALUES('VERSION', '1.1'); ``` -In PostgreSQL the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB. \ No newline at end of file +In PostgreSQL, the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB. \ No newline at end of file