The www/purritobin port
purritobin-0.6.7p4 – minimalistic command line pastebin (cvsweb github mirror)
Description
Purrito Bin is an ultra fast, minimalistic, encrypted command line paste-bin server written in C++ for handling large number of requests. It is very easy to integrate with any standard http server such as httpd(8), apache or nginx and follows the KISS principle towards handling pastes. It supports pledge(2) and unveil(2) in OpenBSD to be secure to outside script attacks.WWW: https://bsd.ac/
Readme
+------------------------------------------------------------------------------- | Running PurritoBin on OpenBSD +------------------------------------------------------------------------------- Set proper daemon flags ======================= You need to set at least the following option for PurritoBin -d# e.g. https://bsd.ac/ # needs to include the trailing slash rcctl set purritobin flags -d To take a quick look at all the possible options and descriptions purrito -h For an in-depth explanation man purrito Exposing a webserver ==================== PurritoBin saves all the pastes to a single folder. By default it is the folder ${LOCALSTATEDIR}/www/purritobin. So it is possible to just expose the folder via httpd(8) sample httpd(8) configuration ----------------------------- http_port=80 https_port=443 ext_if=egress # so that non suffixed paste files are recognized as # plain text files default type text/plain server "bsd.ac" { alias "www.bsd.ac" listen on $ext_if port $http_port location "/.well-known/acme-challenge/*" { root { "/acme" } request strip 2 } location "/*" { block return 301 "https://$HTTP_HOST$REQUEST_URI" } } server "bsd.ac" { alias "www.bsd.ac" listen on $ext_if tls port $https_port tls { certificate "/etc/ssl/bsd.ac.crt" key "/etc/ssl/private/bsd.ac.key" } root "/purritobin" directory index "index.html" } sample nginx(8) configuration ----------------------------- user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type text/plain; charset utf-8; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; server { listen 80 default_server; location / { return 301 https://$host$request_uri; } location /.well-known/acme-challenge/ { alias /var/www/acme-challenge/; } } server { listen 443 ssl; server_name bsd.ac www.bsd.ac; ssl_certificate /etc/ssl/bsd.ac.crt; ssl_certificate_key /etc/ssl/private/bsd.ac.key; # to allow online paste submission add_header 'Access-Control-Allow-Origin' 'https://bsd.ac:42069'; root /var/www/purritobin; location /.well-known/acme-challenge/ { alias /var/www/acme-challenge/; } } } Encrypted pastes ================ The default clients of PurritoBin are installed to ${PREFIX}/share/PurritoBin/POSIX_shell_client.sh To enable server side support for these pastes make sure that paste.html file located at ${PREFIX}/share/PurritoBin/paste.html is available for viewing, typically possible by just dumping the file into ${LOCALSTATEDIR}/www/purritobin Online pasting through web-portal ================================= To paste using the javascript form, the CORS header from both the paste server and the http server need to allow each other in the "Access-Control-Allow-Origin" HTTP header. An example for setting the CORS header in purrito(1) is available in the man page. As httpd(8) does not allow setting HTTP headers, relayd(8) can be used as a workaround, or the above nginx(8) example can be used. PF bruteforce blocking ====================== PurritoBin exposes ports using -p (by default: 42069) for clients to post their pastes. PurritoBin does not enforce any rate limiting for number of pastes at a time as this can be done much better using pf(4) sample pf.conf for rate limiting -------------------------------- table persist purritobin_port=42069 set skip on lo block return # block stateless traffic pass # establish keep-state block quick from # no more than 1 connection every 3 seconds pass in on egress proto tcp from any to any port $purritobin_port \ flags S/SA keep state \ (max-src-conn-rate 1/3, \ overload flush global) # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 # Port build user does not need network block return out log proto {tcp udp} user _pbuild
Maintainer
Aisha Tammy
Only for arches
aarch64 alpha amd64 arm hppa i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64
Categories
Library dependencies
Build dependencies
Files
- /etc/rc.d/purritobin
- /usr/local/bin/purrito
- /usr/local/man/man1/purrito.1
- /usr/local/share/PurritoBin/
- /usr/local/share/PurritoBin/POSIX_shell_client.sh
- /usr/local/share/PurritoBin/about.html
- /usr/local/share/PurritoBin/index.html
- /usr/local/share/PurritoBin/paste.html
- /usr/local/share/doc/pkg-readmes/purritobin
- /var/db/purritobin/
- /var/www/purritobin/
- /var/www/purritobin/about.html
- /var/www/purritobin/index.html
- /var/www/purritobin/paste.html
- @newgroup _purritobin:858
- @newuser _purritobin:858:858::PurritoBin Daemon:/nonexistent:/sbin/nologin