软件介绍

本站已部署公开可用项目:

send项目:https://send.apoptoxin4869.com

privatebin项目:https://privatebin.apoptoxin4869.com

文件

文件传输方面选择使用的是Mozilla Firefox开源的send项目,原项目已停止维护,目前由timvisee维护timvisee/send并保持开源;值得一提的是timvisee维护的send目前尚未支持arm芯片的处理器,xavion-lux打包了xavion-lux/send制作成docker镜像并且支持arm芯片

文本

文本传输方面选择使用的是privatebin,这是ZeroBin的一个分支,最初由Sébastien Sauvage开发。PrivateBin进行了重构,该程序支持普通文本、代码、markdown语法的文本形式分享,支持小容量附件

Send部署

选择比较方便的docker-compose方式进行部署,编辑docker-compose文件

# 以下参数有备注的地方是可以自行修改的,没有备注的保持默认即可
services:
  send:
    # timvisee维护的docker镜像是[registry.gitlab.com/timvisee/send:latest],下方本站是使用了其他作者打包的支持arm芯片的镜像,根据自己的处理器调整即可
    image: ghcr.io/xavion-lux/send:latest
    restart: always
    ports:
      - '11443:1443'
    volumes:
      # 设置文件上传后的存放文件夹,
      - ./uploads:/uploads
      # 自定义网站左上角logo需要映射的文件夹
      - ./custom_assets:/app/dist/custom_assets
    environment:
      # 填写send项目的域名,不要带https,这里以本站部署的项目为例,请自行修改
      - VIRTUAL_HOST=send.apoptoxin4869.com
      - VIRTUAL_PORT=1443
      - DHPARAM_GENERATION=false
      # 以下两行设置是自动获取证书的设置,如果您不希望访问send的时候需要带上端口号访问,那么默认即可
      - LETSENCRYPT_HOST
      - LETSENCRYPT_EMAIL
      - NODE_ENV=production
      # 设置send的完整域名,请自行修改
      - BASE_URL=https://send.apoptoxin4869.com
      - PORT=1443
      # 以下两行是redis的设置,填入访问地址,如果有密码则填写第二行,没有密码则删除第二行
      - REDIS_HOST=127.0.0.1
      - REDIS_PASSWORD=jugiosk
      - FILE_DIR=/uploads
      # 上传文件过期时间设置,单位是秒,可自行设置多个选项,按照格式分隔开即可
      - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000
      - DEFAULT_EXPIRE_SECONDS=3600
      # 最大的文件过期时间
      - MAX_EXPIRE_SECONDS=31536000
      # 上传文件最大下载次数设置,单位是次,根据自己需要自行设置修改
      - DOWNLOAD_COUNTS=1,2,5,10,15,25,50,100,1000
      # 最大的文件下载次数限制
      - MAX_DOWNLOADS=1000
      # 最大的文件上传大小,单位是字节,这里设置的10GB限制
      - MAX_FILE_SIZE=10737418240
      # 网站左上角logo设置,若不需要自定义可以删除下面这行,使用默认的logo
      - UI_CUSTOM_ASSETS_ICON=custom_assets/logo.webp
      # 左下角页脚文字设置,若不需要自定义可以删除下面这行
      - CUSTOM_FOOTER_TEXT=The send service on this page is provided by Orange.
      # 左下角页脚文字的链接,若不需要自定义可以删除下面这行
      - CUSTOM_FOOTER_URL=https://apoptoxin4869.com
      # 网站浮动颜色,若不需要自定义可以删除下面这行
      - UI_COLOR_ACCENT=#ffa500
      # DMCA跳转URL,建议设置[mailto:邮箱]这样的唤醒邮件客户端的连接,这是给send涉及侵权资源时用户举报的入口
      - SEND_FOOTER_DMCA_URL=mailto:orange@apoptoxin4869.com

version: "3"

编辑好配置文件后直接使用docker-compose up -d启动项目,设置网站反代

若是发现前端页面上传文件卡住最后报错,请把映射的uploads文件夹设置权限为777

演示

send接收到文件后的处理方式,前端网页上传一个245.3MB容量的文件

send前端文件上传

后台的上传文件夹中将会出现一个等同容量且加密的文件,不可通过后台访问

完成文件上传后,前端页面将会展示您上传的文件将在*次下载或*小时/天之后过期,您可以在设置的有效期内分享下载链接,一旦文件过期,分享链接将不再可访问,且后台的加密文件也会被自动删除

PrivateBin部署

您可以在https://github.com/PrivateBin/PrivateBin/releases下载最新的privatebin项目并且解压,创建一个网站,将运行目录绑定到解压后的文件夹,前端访问改网站即可完成最简部署,您也可以参考官方文档进行更多的定制化内容修改https://github.com/PrivateBin/PrivateBin/blob/master/doc/Installation.md#installation,以下将会介绍一些常用的定制化功能

强化网页安全性

官方建议将【bin, cfg, doc, data, lib, tpl, tst and vendor】转移到其他文件中存放,例如解压后的privatebin网页文件存放在/opt/1panel/apps/openresty/openresty/www/sites/PrivateBin-1.6.0路径,那么您可以将【bin, cfg, doc, data, lib, tpl, tst and vendor】转移到/opt/1panel/apps/openresty/openresty/www/sites/PrivateBin-private 中,而后编辑PrivateBin-1.6.0/index.php文件,修改PATH路径,将/www/sites/PrivateBin-private/添加到PATH的值,注意不要遗漏末尾的/

<?php
/**
 * PrivateBin
 *
 * a zero-knowledge paste bin
 *
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
 * @version   1.6.0
 */

// change this, if your php files and data is outside of your webservers document root
define('PATH', '/www/sites/PrivateBin-private/');  //此处修改PATH值

define('PUBLIC_PATH', __DIR__);
require PATH . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
new PrivateBin\Controller;

高级功能定制

通过编辑cfg/conf.php文件设置高级功能,复制cfg/conf.sample.php文件改名为conf.php 注意您需要修改的字段前方的; 符号,想要使更改生效,您需要删除对应字段的符号;以下部分参数带有中文注释,这是目前本站部署项目所用到的参数,更多的参数信息请访问官方文档说明:https://github.com/PrivateBin/PrivateBin/wiki/Configuration您可以点击下方代码右上角收缩按钮展开和收起代码

;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.

[main]
; (optional) set a project name to be displayed on the website
name = "PrivateBin" # 自定义网页标题名称

; The full URL, with the domain name and directories that point to the
; PrivateBin files, including an ending slash (/). This URL is essential to
; allow Opengraph images to be displayed on social networks.
; basepath = "https://privatebin.example.com/"

; enable or disable the discussion feature, defaults to true
discussion = true  # 讨论功能开关

; preselect the discussion feature, defaults to false
opendiscussion = false

; enable or disable the password feature, defaults to true
password = true  # 加密分享开关

; enable or disable the file upload feature, defaults to false
fileupload = true  # 附件上传开关

; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = false

; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"

; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"

; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760  # 附件大小限制,单位为字节,默认10MB

; template to include, default is "bootstrap" (tpl/bootstrap.php)
template = "bootstrap"

; (optional) info text to display
; use single, instead of double quotes for HTML attributes
;info = "More information on the <a href='https://privatebin.info/'>project page</a>."

; (optional) notice to display
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."  # 网站公告信息设置

; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = false

; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"

; (optional) URL shortener address to offer after a new paste is created.
; It is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key.
; urlshortener = "https://shortener.example.com/api?link="

; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; qrcode = true

; (optional) Let users send an email sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; email = true

; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might get
; used to get the IP of a comment poster if the server salt is leaked and a
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values:
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
; icon = "none"

; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use a bootstrap theme, you can remove the allow-popups from the
;   sandbox restrictions.
; - By default this disallows to load images from third-party servers, e.g. when
;   they are embedded in pastes. If you wish to allow that, you can adjust the
;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
;   for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
;   async functions and display an error if not and for Chrome to enable
;   webassembly support (used for zlib compression). You can remove it if Chrome
;   doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"

; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false

; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
; httpwarning = true

; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
; compression = "zlib"

[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "1week"

[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0

[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"

[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = 10

; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"

; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"

; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
; header = "X_FORWARDED_FOR"

[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = 300

; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of a Google Cloud Storage configuration
;class = GoogleCloudStorage
;[model_options]
;bucket = "my-private-bin"
;prefix = "pastes"
;uniformacl = false

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"	; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true	  ; PDO::ATTR_PERSISTENT

;[model]
; example of DB configuration for SQLite
;class = Database
;[model_options]
;dsn = "sqlite:" PATH "data/db.sq3"
;usr = null
;pwd = null
;opt[12] = true	; PDO::ATTR_PERSISTENT

;[model]
; example of DB configuration for PostgreSQL
;class = Database
;[model_options]
;dsn = "pgsql:host=localhost;dbname=privatebin"
;tbl = "privatebin_"     ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true    ; PDO::ATTR_PERSISTENT

;[model]
; example of S3 configuration for Rados gateway / CEPH
;class = S3Storage
;[model_options]
;region = ""
;version = "2006-03-01"
;endpoint = "https://s3.my-ceph.invalid"
;use_path_style_endpoint = true
;bucket = "my-bucket"
;accesskey = "my-rados-user"
;secretkey = "my-rados-pass"

;[model]
; example of S3 configuration for AWS
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
;accesskey = "access key id"
;secretkey = "secret access key"

;[model]
; example of S3 configuration for AWS using its SDK default credential provider chain
; if relying on environment variables, the AWS SDK will look for the following:
; - AWS_ACCESS_KEY_ID
; - AWS_SECRET_ACCESS_KEY
; - AWS_SESSION_TOKEN (if needed)
; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain 
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"

[yourls]
; When using YOURLS as a "urlshortener" config item:
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
;   credentials, and will be visible in public on the PrivateBin web page.
;   Only use this if you allow short URL creation without credentials.
; - Alternatively, using the parameters in this section ("signature" and
;   "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
;   instance with "shortenviayourls?link=" appended. For example:
;   urlshortener = "${basepath}shortenviayourls?link="
;   This URL will in turn call YOURLS on the server side, using the URL from
;   "apiurl" and the "access signature" from the "signature" parameters below.

; (optional) the "signature" (access key) issued by YOURLS for the using account
; signature = ""
; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
; apiurl = "https://yourls.example.com/yourls-api.php"

演示

privatebin分享内容的处理方式,随意编辑一段文字,添加一个附件,发送之后在data文件夹下将会随机生成一个目录,里面存放一个随机名称的php文件,该文件只能通过接收方打开链接由浏览器进行解密才可获得真实内容;超过有效期限之后将会自动删除相应文件

写在最后

这两个项目是目前能找到最方便且性能很棒的具备:文本、文件分享功能,拥有:端对端加密、匿名的高级安全特性,若您对部署服务有任何疑问欢迎评论区交流,若是有其他优质的类似项目欢迎交流