[5 Mins Docker] Useful and Powerful Paste Board or File Share Tool - MicroBin - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, July 21, 2023

[5 Mins Docker] Useful and Powerful Paste Board or File Share Tool - MicroBin

Sometimes you may want to paste text from one computer to another, or you just want to share a picture or several files with your friends, but it is too troublesome to log in, upload, share, and download with other online file sharing services, such as Baidu Netdisk, Dropbox, https://mega.io/, or https://www.box.com/.

At this time, you may want to build a network disk, such as Nextcloud , or a list program, such as alist , but they are relatively "heavy" and have too many functions;

Of course, if you just simply share some text, you may think that you can choose the official one provided by ubuntu: https://paste.ubuntu.com/ or discontinued Firefox Send project . But it is too simple, and you must log in to use it, which is too much troubles for my little share task.

Today we will introduce a light web application that supports building with docker—microbin, which can perfectly realize the functions mentioned above. Compared with the network disk services, it is light enough; compared with https://paste.ubuntu.com/, it has several very useful little feature.

MicroBin is a super tiny, feature rich, configurable, self-contained and self-hosted paste bin web application. It is very easy to set up and use, and will only require a few megabytes of memory and disk storage. It takes only a couple minutes to set it up. 



Related post: 

  • https://blog.51sec.org/2024/04/5-mins-docker-your-paste-file-share.html

Project Introduction

Sites:

Demo: https://pub.microbin.eu/
Homepage:https://microbin.eu/docs/intro
GitHub:https://github.com/szabodanika/microbin
Docker:https://hub.docker.com/r/danielszabo99/microbin
Report Issue:https://github.com/szabodanika/microbin/issues

Features:

  • very small
  • Supports file uploads (eg: server.com/file/pig-dog-cat)
  • A text service that supports raw (for example, server.com/raw/pig-dog-cat)
  • Can be used for URL shortening and redirection
  • Support QR code
  • Very simple database (JSON + files), highly portable, easy to backup and consolidate
  • Support for listing used
  • Support private links and public links, editable, you can set the validity of the link
  • Support code syntax highlighting
  • Automatic dark mode and custom styling with minimal CSS and vanilla JS (see water.css)
  • Ends with the name of the animal by default (can be modified to random characters)

Screenshots

Main Interface:


Without header:

3398741c330b31d727ebece5cc443f44.png

You can define how long the files can exist:

b80c50914625c4e9871fabbe324184f0.png

It supports multiple program languages:

7ac5120f437e799292b80104aa263764.png

Support highlighted program language grammer:

d6f3e4b57e6a85616371c3d13e025054.png


Self Hosted Docker Installation Pre-requirements

Free resources you might need to complete this docker project:


Pre-installed services:

  • Docker, 
    • apt update
    • apt install docker.io
    • apt install docker-compose
    • apt upgrade docker.io
    • mkdir /root/data/docker_data/<docker_name>
  • Docker-Compose (Using Ubuntu OS for the commands)
    • Docker-compose down
    • Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
      • cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
    • docker-compose pull
    • docker-compose up -d
    • docker image prune
  • Portainer (Optional)
    • docker volume create portainer_data
    • docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
  • Install some applications: apt install wget curl sudo vim git (Optional)
  • aapanel with Nginx (Optional)
  • Nginx Proxy Manager (Optional)
  • Install screen (Optional)
    • Install screen (Depends on the Linux Distribution if it came pre installed or not) : yum install screen
    • Initiate a Screen : screen or  screen -S <screen name> <command to execute>
    • Detach from the screen : "CTRL+A,D" not "CTRL+A+D"
    • List all the screen currently working : screen -ls
    • Reattach to a screen : screen  -r  <session number> or screen -r <screen name>
    • Kill specific screen: screen -X -S <screen name> quit
    • Kill all screens : pkill screen




Docker Update or Delete


Commands to update your docker:


  • Docker-compose down
  • Optional command : use following command to backup your Docker data. You might need to change your folder name based on your docker configuraiton
    • cp -r /root/data/docker_data/<docker_name> /root/data/docker_data_backup/<docker_name>
  • docker-compose pull
  • docker-compose up -d
  • docker image prune

Commands to Delete your docker:

  • cd /root/data/docker_data/<docker_name>
  • docker-compose down
  • cd ..
  • rm -rf /root/data/docker_data/<docker_name>

One Command Installation


From Github website:  https://github.com/szabodanika/microbin

bash <(curl -s https://microbin.eu/docker.sh)

It might has some problem on some docker versions:

  • unknown flag: --env-file

If you had this issue on your docker, you might want to try following method to deploy it. 

Using Docker-Compose to Customize and Install


1 Install system

2 Configure your system

SWAP:

Enable BBR:

Enable Password Login For sshd:

Note: 

  • Another script to give you a menu to select other scripts to run
  • wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && ./box.sh

3 Install Docker , Docker-Compose

  • apt update
  • apt install docker.io
  • apt install docker-compose
  • apt upgrade docker.io

Configure Docker Logs Limitation, in case logs take all space

cat > /etc/docker/daemon.json <<EOF
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "20m",
        "max-file": "3"
    }
}
EOF

  • systemctl restart docker


Configure IPv6 (Optional)

cat > /etc/docker/daemon.json <<EOF
{

    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
    "experimental":true,
    "ip6tables":true
}
EOF
  • systemctl restart docker

4 Install NPM (Optional)

From this guide: Nginx Proxy Manager


5 Open Firewall Port

Either from a or b, the rule will work.

  • a. from NSG, which applies to all VNICs in the network security group
  • b. Security List for Subnet



6 Docker-compose up -d

My docker-compose.yml
version: '3.5'
services:
  microbin:
    image: danielszabo99/microbin:latest
    container_name: microbin
    restart: unless-stopped
    environment:
      - TZ=America/Toronto
      - MICROBIN_ADMIN_USERNAME=admin
      - MICROBIN_ADMIN_PASSWORD=m1cr0b1n
      - MICROBIN_EDITABLE=true
      - MICROBIN_HIDE_HEADER=false
      - MICROBIN_HIGHLIGHTSYNTAX=true
      - MICROBIN_HASH_IDS=true
      - MICROBIN_PRIVATE=false
      - MICROBIN_HIDE_FOOTER=false
      - MICROBIN_HELP=true
      - MICROBIN_FOOTER_TEXT=51sec.org Site. 2023
      - MICROBIN_HIDE_LOGO=false
      - MICROBIN_NO_ETERNAL_PASTA=true
      - MICROBIN_NO_FILE_UPLOAD=false
      - MICROBIN_NO_LISTING=false
      - MICROBIN_THREADS=2
      - MICROBIN_TITLE=51Sec free-bin
      - MICROBIN_PUBLIC_PATH=https://paste.51sec.org/    # Your Own Sub-Domain
      - MICROBIN_QR=true
      - MICROBIN_DEFAULT_EXPIRY=24hour
      - MICROBIN_MICROBIN_GC_DAYS=30
      - MICROBIN_ENABLE_BURN_AFTER=true
    ports:
      - 8080:8080    # Left one is the public port. Right one is docker internal port
    volumes:
      - ./microbin-data:/app/pasta_data     # left one is the your own host path


To bring down this docker, just enter:

  • docker-compose down


7 NPM Configuration (Optional)



Videos

 


Related video for Linx-Server in blog post: https://blog.51sec.org/2024/04/5-mins-docker-your-paste-file-share.html




Appendix

 

Original .env file and complose.yml file from Github:


.env
# Require username for HTTP Basic Authentication when
# visiting the service. If basic auth username is set but
# basic auth password is not, just leave the password field
# empty when logging in. You can also just go to
# https://username:[email protected] or
# https://[email protected] if password is not set
# instead of typing into the password
# Default value: unset
# export MICROBIN_BASIC_AUTH_USERNAME=
# Require password for HTTP Basic Authentication when
# visiting the service. Will not have any affect unless
# basic auth username is also set. If basic auth username is
# set but basic auth password is not, just leave the
# password field empty when logging in. You can also just go
# to https://username:[email protected] or
# https://[email protected] if password is not set
# instead of typing into the password prompt.
# Default value: unset
# export MICROBIN_BASIC_AUTH_PASSWORD=
# Enables administrator interface at yourserver.com/admin/
# if set, disables it if unset. If admin username is set but
# admin password is not, just leave the password field empty
# when logging in. 
# Default value: admin
export MICROBIN_ADMIN_USERNAME=admin
# Enables administrator interface at yourserver.com/admin/
# if set, disables it if unset. Will not have any affect
# unless admin username is also set. If admin username is
# set but admin password is not, just leave the password
# field empty when logging in. 
# Default value: m1cr0b1n
export MICROBIN_ADMIN_PASSWORD=m1cr0b1n
# Enables editable pastas. You will still be able to make
# finalised pastas but there will be an extra checkbox to
# make your new pasta editable from the pasta list or the
# pasta view page.
# Default value: 8080 
export MICROBIN_EDITABLE=true
# Replaces the default footer text with your own. If you
# want to hide the footer, use the hide footer option instead.
# Note that you can also embed HTML here, so you may want to escape 
# '<', '>' and so on.
# export MICROBIN_FOOTER_TEXT=
# Hides the navigation bar on every page.
# Default value: 8080 
export MICROBIN_HIDE_HEADER=false
# Hides the footer on every page.
# Default value: 8080 
export MICROBIN_HIDE_FOOTER=false
# Hides the MicroBin logo from the navigation bar on every
# page.
# Default value: 8080 
export MICROBIN_HIDE_LOGO=false
# Disables the /pastalist endpoint, essentially making all
# pastas private.
# Default value: 8080 
export MICROBIN_NO_LISTING=false
# Enables syntax highlighting support. When creating a new
# pasta, a new dropdown selector will be added where you can
# select your pasta's syntax, or just leave it empty for no
# highlighting.
export MICROBIN_HIGHLIGHTSYNTAX=true
# Sets the port for the server will be listening on.
# Default value: 8080
export MICROBIN_PORT=8080
# Sets the bind address for the server will be listening on.
# Both ipv4 and ipv6 are supported. Default value: "0.0.0.0".
# Example value: "myserver.net", "127.0.0.1". 
export MICROBIN_BIND="0.0.0.0"
# Enables private pastas. Adds a new checkbox to make your
# pasta private, which then won't show up on the pastalist
# page. With the URL to your pasta, it will still be
# accessible.
# Default value: false
export MICROBIN_PRIVATE=true
# DEPRECATED: Will be removed soon. If you want to change styling (incl. removal), use custom CSS variable instead.
# Disables main CSS styling, just uses a few in-line
# stylings for the layout. With this option you will lose
# dark-mode support. 
export MICROBIN_PURE_HTML=false
# Sets the name of the directory where MicroBin creates 
# its database and stores attachments.
# Default value: microbin_data
export MICROBIN_DATA_DIR="microbin_data"
# Enables storing pasta data (not attachments and files) in
# a JSON file instead of the SQLite database. 
# Default value: false
export MICROBIN_JSON_DB=false
# Add the given public path prefix to all urls. This allows
# you to host MicroBin behind a reverse proxy on a subpath.
# Note that MicroBin itself still expects all routes to be
# as without this option, and thus is unsuited if you are
# running MicroBin directly. Default value: unset. Example
# values: https://myserver.com/ or https://192.168.0.10:8080/ 
# export MICROBIN_PUBLIC_PATH=
# Sets a shortened path to use when the user copies URL from
# the application. This will also use shorter endpoints,
# such as /p/ instead if /pasta/. Default value:
# unset.Example value: https://b.in/ export
# MICROBIN_SHORT_PATH=
# The password required for uploading, if read-only mode is enabled
# Default value: unset
# export MICROBIN_UPLOADER_PASSWORD=
# If set to true, authentication required for uploading
# Default value: false
export MICROBIN_READONLY=false
# Enables showing read count on pasta pages.
# Default value: false
export MICROBIN_SHOW_READ_STATS=true
# Adds your title of choice to the
# navigation bar. 
# Default value: unset
# export MICROBIN_TITLE=
# Number of workers MicroBin is allowed to have. Increase
# this to the number of CPU cores you have if you want to go
# beast mode, but for personal use one worker is enough.
# Default value: 1.
export MICROBIN_THREADS=1
# Sets the garbage collector time limit. Pastas not accessed
# for N days are removed even if they are set to never
# expire. 
# Default value: 90. 
# To turn off GC: 0.
export MICROBIN_GC_DAYS=90
# Enables or disables the "Burn after" function
# Default value: false
export MICROBIN_ENABLE_BURN_AFTER=true
# Sets the default burn after setting on the main screen.
# Default value: 0. Available expiration options: 1, 10,
# 100, 1000, 10000, 0 (= no limit)
export MICROBIN_DEFAULT_BURN_AFTER=0
# Changes the maximum width of the UI from 720 pixels to
# 1080 pixels.
# Default value: false
export MICROBIN_WIDE=false
# Enables generating QR codes for pastas. Requires
# the public path to also be set.
# Default value: false
export MICROBIN_QR=true
# Toggles "Never" expiry settings for pastas. Default
# value: false
export MICROBIN_ETERNAL_PASTA=false
# Enables "Read-only" uploads. These are unlisted and
# unencrypted, but can be viewed without password if you
# have the URL. Editing and removing requires password.
# Default value: true
export MICROBIN_ENABLE_READONLY=true
# Sets the default expiry time setting on the main screen.
# Default value: 24hour Available expiration options: 1min,
# 10min, 1hour, 24hour, 1week, never
export MICROBIN_DEFAULT_EXPIRY=24hour
# Disables and hides the file upload option in the UI.
# Default value: false
export MICROBIN_NO_FILE_UPLOAD=false
# Replaced the built-in water.css stylesheet with the URL
# you provide. Default value: unset. Example value:
# https://myserver.net/public/mystyle.css 
# export MICROBIN_CUSTOM_CSS=
# Use short hash strings in the URLs instead of animal names
# to make URLs shorter. Does not change the underlying data
# stored, just how pastas are recalled.
# Default value: false
export MICROBIN_HASH_IDS=false
# Enables server-side encryption. This will add private
# privacy level, where the user sends plain unencrypted data
# (still secure, because you use HTTPS, right?), but the
# server sees everything that the user submits, therefore
# the user does not have complete and absolute protection.
# Default value: false
export MICROBIN_ENCRYPTION_CLIENT_SIDE=true
# Enables client-side encryption. This will add the secret
# privacy level where the user's browser encrypts all data
# with JavaScript before sending it over to MicroBin, which
# encrypt the data once again on server side.
# Default value: false
export MICROBIN_ENCRYPTION_SERVER_SIDE=true
# Limit the maximum file size users can upload without
# encryption. Default value: 256.
export MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB=256
# Limit the maximum file size users can upload with
# encryption (more strain on your server than without
# encryption, so the limit should be lower. Secrets tend to
# be tiny files usually anyways.) Default value: 2048.
export MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB=2048
# Disables the feature that checks for available updates
#  when opening the admin screen.
# Default value: false
export MICROBIN_DISABLE_UPDATE_CHECKING=false
# Disables telemetry if set to true.
# Telemetry includes your configuration and helps development. 
# It does not include any sensitive data.
# Default value: false
export MICROBIN_DISABLE_TELEMETRY=false
# Enables listing your server in the public MicroBin server list.
# Default value: false
export MICROBIN_LIST_SERVER=false



compose.yml

services:
  microbin:
    image: danielszabo99/microbin:latest
    restart: always
    ports:
     - "${MICROBIN_PORT}:8080"
    volumes:
     - ./microbin-data:/app/microbin_data
    environment:
      MICROBIN_BASIC_AUTH_USERNAME: ${MICROBIN_BASIC_AUTH_USERNAME}
      MICROBIN_BASIC_AUTH_PASSWORD: ${MICROBIN_BASIC_AUTH_PASSWORD}
      MICROBIN_ADMIN_USERNAME: ${MICROBIN_ADMIN_USERNAME}
      MICROBIN_ADMIN_PASSWORD: ${MICROBIN_ADMIN_PASSWORD}
      MICROBIN_EDITABLE: ${MICROBIN_EDITABLE}
      MICROBIN_FOOTER_TEXT: ${MICROBIN_FOOTER_TEXT}
      MICROBIN_HIDE_FOOTER: ${MICROBIN_HIDE_FOOTER}
      MICROBIN_HIDE_HEADER: ${MICROBIN_HIDE_HEADER}
      MICROBIN_HIDE_LOGO: ${MICROBIN_HIDE_LOGO}
      MICROBIN_NO_LISTING: ${MICROBIN_NO_LISTING}
      MICROBIN_HIGHLIGHTSYNTAX: ${MICROBIN_HIGHLIGHTSYNTAX}
      MICROBIN_BIND: ${MICROBIN_BIND}
      MICROBIN_PRIVATE: ${MICROBIN_PRIVATE}
      MICROBIN_PURE_HTML: ${MICROBIN_PURE_HTML}
      MICROBIN_DATA_DIR: ${MICROBIN_DATA_DIR}
      MICROBIN_JSON_DB: ${MICROBIN_JSON_DB}
      MICROBIN_PUBLIC_PATH: ${MICROBIN_PUBLIC_PATH}
      MICROBIN_SHORT_PATH: ${MICROBIN_SHORT_PATH}
      MICROBIN_READONLY: ${MICROBIN_READONLY}
      MICROBIN_SHOW_READ_STATS: ${MICROBIN_SHOW_READ_STATS}
      MICROBIN_TITLE: ${MICROBIN_TITLE}
      MICROBIN_THREADS: ${MICROBIN_THREADS}
      MICROBIN_GC_DAYS: ${MICROBIN_GC_DAYS}
      MICROBIN_ENABLE_BURN_AFTER: ${MICROBIN_ENABLE_BURN_AFTER}
      MICROBIN_DEFAULT_BURN_AFTER: ${MICROBIN_DEFAULT_BURN_AFTER}
      MICROBIN_WIDE: ${MICROBIN_WIDE}
      MICROBIN_QR: ${MICROBIN_QR}
      MICROBIN_ETERNAL_PASTA: ${MICROBIN_ETERNAL_PASTA}
      MICROBIN_ENABLE_READONLY: ${MICROBIN_ENABLE_READONLY}
      MICROBIN_DEFAULT_EXPIRY: ${MICROBIN_DEFAULT_EXPIRY}
      MICROBIN_NO_FILE_UPLOAD: ${MICROBIN_NO_FILE_UPLOAD}
      MICROBIN_CUSTOM_CSS: ${MICROBIN_CUSTOM_CSS}
      MICROBIN_HASH_IDS: ${MICROBIN_HASH_IDS}
      MICROBIN_ENCRYPTION_CLIENT_SIDE: ${MICROBIN_ENCRYPTION_CLIENT_SIDE}
      MICROBIN_ENCRYPTION_SERVER_SIDE: ${MICROBIN_ENCRYPTION_SERVER_SIDE}
      MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB}
      MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB}



Similar Online Services

 

  • TeraTransfer from TeraBox
    • Use without having to log in
    • Transfer files without having to log in
    • Transfer up to 5GB at one time
    • Link expires in 24 hours










No comments:

Post a Comment