TL;DR: Download the latest release archive and extract it in your web hosts folder where you want to install your PrivateBin instance. We try to provide a mostly safe default configuration, but we urge you to check the security section below and the configuration options to adjust as you see fit.
NOTE: See our FAQ for information how to securely download the PrivateBin release files.
PHP version 5.5 or above
one of the following sources of cryptographically safe randomness is required:
- PHP 7 or higher
- Libsodium and it's PHP extension
- open_basedir access to
- mcrypt extension
- com_dotnet extension
Mcrypt needs to be able to access
/dev/urandom. This means if
open_basediris set, it must include this file.
some disk space or (optionally) a database supported by PDO
ability to create files and folders in the installation directory and the PATH defined in index.php
Hardening and security
Changing the path
In the index.php you can define a different
PATH. This is useful to secure your
installation. You can move the configuration, data files, templates and PHP
libraries (directories cfg, doc, data, lib, tpl, tst and vendor) outside of your
document root. This new location must still be accessible to your webserver / PHP
process (see also
Your PrivateBin installation lives in a subfolder called "paste" inside of your document root. The URL looks like this: http://example.com/paste/
The full path of PrivateBin on your webserver is: /home/example.com/htdocs/paste
When setting the path like this: define('PATH', '../../secret/privatebin/');
PrivateBin will look for your includes / data here: /home/example.com/secret/privatebin
Changing the config path only
In situations where you want to keep the PrivateBin static files separate from the
rest of your data, or you want to reuse the installation files on multiple vhosts,
you may only want to change the
conf.php. In this instance, you can set the
CONFIG_PATH environment variable to the absolute path to the
This can be done in your web server's virtual host config, the PHP config, or in
the index.php if you choose to customize it.
Note that your PHP process will need read access to the config wherever it may be.
Setting the value in an Apache Vhost: SetEnv CONFIG_PATH /var/lib/privatebin/conf.php
In a php-fpm pool config: env[CONFIG_PATH] = /var/lib/privatebin/conf.php
In the index.php, near the top: putenv('CONFIG_PATH=/var/lib/privatebin/conf.php');
After completing the installation, you should make sure, other users on the system cannot read the config file or the
data/ directory, as – depending on your configuration – potential secret information are saved there.
See this FAQ item for a detailed guide on how to "harden" the permissions of files and folders.
In the file
cfg/conf.php you can configure PrivateBin. A
is provided containing all options and default values. You can copy it to
cfg/conf.php and adapt it as needed. Alternatively you can copy it anywhere and
CONFIG_PATH environment variable (see above notes). The config file is
divided into multiple sections, which are enclosed in square brackets.
[main] section you can enable or disable the discussion feature, set
the limit of stored pastes and comments in bytes. The
[traffic] section lets
you set a time limit in seconds. Users may not post more often then this limit
to your PrivateBin installation.
More details can be found in the configuration documentation.
Web server configuration
robots.txt file is provided in the root dir of PrivateBin. It disallows all
robots from accessing your pastes. It is recommend to place it into the root of
your web directory if you have installed PrivateBin in a subdirectory. Make sure
to adjust it, so that the file paths match your installation. Of course also
adjust the file if you already use a
.htaccess.disabled file is provided in the root dir of PrivateBin. It blocks
some known robots and link-scanning bots. If you use Apache, you can rename the
.htaccess to enable this feature. If you use another webserver, you
have to configure it manually to do the same.
When using Cloudflare
Using a database instead of flat files
In the configuration file the
[model_options] sections let you
configure your favourite way of storing the pastes and discussions on your
Filesystem is the default model, which stores everything in files in the
data folder. This is the recommended setup for most sites.
Under high load, in distributed setups or if you are not allowed to store files
locally, you might want to switch to the
Database model. This lets you
store your data in a database. Basically all databases that are supported by
PDO may be used. Automatic table
creation is provided for
pdo_sqlite. You may want to provide a table prefix,
if you have to share the PrivateBin database with another application or you want
to use a prefix for
The table prefix option is called
Databasemodel has only been tested with SQLite, MySQL and PostgreSQL, although it would not be recommended to use SQLite in a production environment. If you gain any experience running PrivateBin on other RDBMS, please let us know.
The following GRANTs (privileges) are required for the PrivateBin user in MySQL. In normal operation:
- INSERT, SELECT, DELETE on the paste and comment tables
- SELECT on the config table
If you want PrivateBin to handle table creation (when you create the first paste) and updates (after you update PrivateBin to a new release), you need to give the user these additional privileges:
- CREATE, INDEX and ALTER on the database
- INSERT and UPDATE on the config table
For reference or if you want to create the table schema for yourself to avoid having to give PrivateBin too many permissions (replace
prefix_ with your own table prefix and create the table schema with your favourite MySQL console):
CREATE TABLE prefix_paste ( dataid CHAR(16) NOT NULL, data MEDIUMBLOB, postdate INT, expiredate INT, opendiscussion INT, burnafterreading INT, meta TEXT, attachment MEDIUMBLOB, attachmentname BLOB, PRIMARY KEY (dataid) ); CREATE TABLE prefix_comment ( dataid CHAR(16), pasteid CHAR(16), parentid CHAR(16), data BLOB, nickname BLOB, vizhash BLOB, postdate INT, PRIMARY KEY (dataid) ); CREATE INDEX parent ON prefix_comment(pasteid); CREATE TABLE prefix_config ( id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id) ); INSERT INTO prefix_config VALUES('VERSION', '1.3.4');
In PostgreSQL, the data, attachment, nickname and vizhash columns needs to be TEXT and not BLOB or MEDIUMBLOB.