From bb65abd75bfa9ab8df211784006f42032c86ebdc Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:03:01 +0100 Subject: [PATCH 01/12] Ignore my tmpfiles --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp From cd827a0d5f67dc026676fae6a397dfe1a8d4a046 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:03:15 +0100 Subject: [PATCH 02/12] Makefile for easier docker builds --- Makefile | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9086a36 --- /dev/null +++ b/Makefile @@ -0,0 +1,74 @@ +CONTAINER := paste.se +HUB_USER := ${USER} +TAG := v0.1 +IMAGE_NAME := ${CONTAINER}:${TAG} +PORT := 8800 +VOLUME := data +BASE_DOMAIN := localhost + +build: + docker \ + build \ + --tag=${CONTAINER} \ + . + +run: + docker \ + run \ + --detach \ + --interactive \ + --tty \ + --hostname=${CONTAINER} \ + --name=${CONTAINER} \ + -e BASE_DOMAIN=${BASE_DOMAIN} \ + -p ${PORT}:8800 \ + -v ${VOLUME}:/data \ + ${CONTAINER} + +shell: + docker \ + run \ + --rm \ + --interactive \ + --tty \ + --hostname=${CONTAINER} \ + --name=${CONTAINER} \ + -e BASE_DOMAIN=${BASE_DOMAIN} \ + -v ${VOLUME}:/data \ + ${CONTAINER} \ + /bin/bash + +exec: + docker exec \ + --interactive \ + --tty \ + ${CONTAINER} \ + /bin/sh + +stop: + docker \ + kill ${CONTAINER} + +rm: + docker \ + rm ${CONTAINER} + +history: + docker \ + history ${CONTAINER} + +clean: + -docker \ + rm ${CONTAINER} + -docker \ + rmi ${CONTAINER} + +commit: + docker commit -m "Built version ${TAG}" -a "${USER}" ${CONTAINER} ${HUB_USER}/${CONTAINER}:${TAG} + +push: + docker tag ${CONTAINER} ${HUB_USER}/${CONTAINER}:${TAG} + docker tag ${CONTAINER} ${HUB_USER}/${CONTAINER}:latest + docker push ${HUB_USER}/${CONTAINER}:latest + +restart: stop clean run From 57de2701ca106470c7b63c16b03170ae5c0cff5f Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:03:37 +0100 Subject: [PATCH 03/12] Use ENV data instead of the pasteconfig --- server.py | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/server.py b/server.py index ee52ca3..9bdd63b 100755 --- a/server.py +++ b/server.py @@ -36,8 +36,14 @@ import pygments.lexers from pygments.formatters import HtmlFormatter, ImageFormatter, TerminalFormatter -import pasteconfig - +import os +DB_FILE = os.getenv('DB_FILE', 'paste.se') +BASE_DOMAIN = os.getenv('BASE_DOMAIN', 'dev.paste.se') +ALT_DOMAINS = os.getenv('ALT_DOMAINS', []) +CONFIGURABLE_INDEX = os.getenv('CONFIGURABLE_INDEX', True) +REDIRECT_SCHEME = os.getenv('REDIRECT_SCHEME', 'http') +DEFAULT_LANG = os.getenv('DEFAULT_LANG', "text") +TORNADOARGS = os.getenv('TORNADOARGS', dict(debug=True)) OK_LANGS = [x[2][0] for x in pygments.lexers.LEXERS.values()] OK_LANGS.sort(key=lambda x: x.lower()) @@ -83,7 +89,7 @@ class PasteBaseHandler(tornado.web.RequestHandler): def _get_paste(self, fields, key=None): if key is None: key = self.request.host.split(".")[0] - db = sqlite3.connect(pasteconfig.DB_FILE) + db = sqlite3.connect(DB_FILE) c = db.cursor() try: c.execute("SELECT "+(",".join(fields))+" FROM paste WHERE hash=?", (str(key),)) @@ -116,8 +122,8 @@ def get(self): class MainHandler(PasteBaseHandler): def get(self): - if (self.request.host.split(":")[0] == pasteconfig.BASE_DOMAIN or - self.request.host.split(":")[0] in pasteconfig.ALT_DOMAINS or + if (self.request.host.split(":")[0] == BASE_DOMAIN or + self.request.host.split(":")[0] in ALT_DOMAINS or self.request.host.split(".")[0] == "new"): try: uname = tornado.escape.url_unescape(self.get_cookie("username", "")) @@ -125,8 +131,8 @@ def get(self): uname = "" self.render("templates/main.html", username=uname, - default_lang=pasteconfig.DEFAULT_LANG, - configurable_index=pasteconfig.CONFIGURABLE_INDEX, + default_lang=DEFAULT_LANG, + configurable_index=CONFIGURABLE_INDEX, langs=OK_LANGS) return @@ -141,7 +147,7 @@ def get(self): self.render("templates/404.html", key=self.request.host.split(".")[0], host=self.request.host, - base=pasteconfig.BASE_DOMAIN) + base=BASE_DOMAIN) return lexer = pygments.lexers.get_lexer_by_name(lang) @@ -149,7 +155,7 @@ def get(self): paste = stripctlchars(highlight(paste, lexer, formatter)) css = formatter.get_style_defs(arg='') - self.render("templates/paste.html", css=css, user=user, desc=desc, paste=paste, basedomain=pasteconfig.BASE_DOMAIN) + self.render("templates/paste.html", css=css, user=user, desc=desc, paste=paste, basedomain=BASE_DOMAIN) class TermHandler(PasteBaseHandler): @@ -219,7 +225,7 @@ def post(self): desc.encode("utf-8") + paste.encode("utf-8")).hexdigest()[:16] - db = sqlite3.connect(pasteconfig.DB_FILE) + db = sqlite3.connect(DB_FILE) c = db.cursor() c.execute("REPLACE into paste (hash, user, description, lang, paste, may_index) VALUES (?, ?, ?, ?, ?, ?)", (key, user, desc, lang, paste, int(index))) @@ -227,7 +233,7 @@ def post(self): db.close() self.set_cookie("username", tornado.escape.url_escape(user), - domain=pasteconfig.BASE_DOMAIN, + domain=BASE_DOMAIN, path='/', expires_days=30) @@ -236,7 +242,7 @@ def post(self): else: base_host = self.request.host - self.redirect("{}://{}.{}/".format(pasteconfig.REDIRECT_SCHEME, key, base_host)) + self.redirect("{}://{}.{}/".format(REDIRECT_SCHEME, key, base_host)) routes = [ (r"/robots.txt", RobotsTxtHandler), @@ -250,7 +256,7 @@ def post(self): def create_db_if_not_exists(): - db = sqlite3.connect(pasteconfig.DB_FILE) + db = sqlite3.connect(DB_FILE) c = db.cursor() c.execute("""CREATE TABLE IF NOT EXISTS paste ( hash PRIMARY KEY, @@ -264,7 +270,7 @@ def create_db_if_not_exists(): application = tornado.web.Application(routes, - **pasteconfig.TORNADOARGS) + TORNADOARGS) if __name__ == "__main__": create_db_if_not_exists() From 44e1612ca252cc36e5a1cf23d9a705875be55875 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:04:24 +0100 Subject: [PATCH 04/12] pasteconfig.py removed since we use ENV overrides --- pasteconfig.py | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 pasteconfig.py diff --git a/pasteconfig.py b/pasteconfig.py deleted file mode 100644 index 62614ab..0000000 --- a/pasteconfig.py +++ /dev/null @@ -1,12 +0,0 @@ - -DB_FILE = 'paste.db' -BASE_DOMAIN = 'dev.paste.se' -ALT_DOMAINS = [] - -CONFIGURABLE_INDEX = True - -REDIRECT_SCHEME = 'http' - -DEFAULT_LANG="text" - -TORNADOARGS=dict(debug=True) From af323bd9c36669763b26c2ac3d016e07973fa30d Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:04:44 +0100 Subject: [PATCH 05/12] Replace Dockerfile data with ENV --- Dockerfile | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0e1716d..06cb08f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,22 +2,16 @@ FROM python:2.7-alpine RUN pip install tornado pygments -ARG domain=dev.paste.se -ARG deflang=text -ARG configurable_index=True -ARG altdomains=[] - ADD server.py favicon.ico /paste/ ADD templates/*.html /paste/templates/ -RUN \ - echo "DB_FILE = '/data/paste.db'" >/paste/pasteconfig.py; \ - echo "REDIRECT_SCHEME = 'http'" >>/paste/pasteconfig.py; \ - echo "BASE_DOMAIN = '${domain}'" >>/paste/pasteconfig.py; \ - echo "ALT_DOMAINS = ${altdomains}" >>/paste/pasteconfig.py; \ - echo "DEFAULT_LANG = '${deflang}'" >>/paste/pasteconfig.py; \ - echo "CONFIGURABLE_INDEX = ${configurable_index}" >>/paste/pasteconfig.py; \ - echo "TORNADOARGS=dict(debug=True)" >>/paste/pasteconfig.py; +ENV DB_FILE 'paste.se' +ENV BASE_DOMAIN 'dev.paste.se' +ENV ALT_DOMAINS "[]" +ENV CONFIGURABLE_INDEX True +ENV REDIRECT_SCHEME http +ENV DEFAULT_LANG "text" +ENV TORNADOARGS dict(debug=True) WORKDIR /paste From 7988110ec25c1c6965cc65670609648e4f0736f3 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:12:30 +0100 Subject: [PATCH 06/12] Create README.md --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..dfbb301 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# paste.se + +Self-hosted pastebin-like services, written in Python/Tornado/SQLite. + +You will need a wildcard DNS record to the paste server since it uses a [bfe0c9274d1deea6.paste.se](https://bfe0c9274d1deea6.paste.se/) hash format to generate a link to the paste. + +To make paste data persistent, just map /data to some persistent dir on your server. + +The default port is 8800, change that in the `-p :8800` part of the command.. + +Parameters can be overwritten by setting them directly in the docker Environment, Here they are: +``` +ENV DB_FILE 'paste.se' +ENV BASE_DOMAIN 'dev.paste.se' +ENV ALT_DOMAINS "[]" +ENV CONFIGURABLE_INDEX True +ENV REDIRECT_SCHEME http +ENV DEFAULT_LANG "text" +ENV TORNADOARGS dict(debug=True) +``` + +Start the docker like so: +```docker +docker \ + run \ + --detach \ + --name=paste.se \ + -e BASE_DOMAIN=localhost \ + -p 8800:8800 \ + -v /srv/someplace:/data \ + paste.se +``` From 386cdb99116cfcabd2c5c7d5736368fb1fdc28c1 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 21 Dec 2018 15:12:49 +0100 Subject: [PATCH 07/12] Remove old options --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index 9086a36..4d56169 100644 --- a/Makefile +++ b/Makefile @@ -16,8 +16,6 @@ run: docker \ run \ --detach \ - --interactive \ - --tty \ --hostname=${CONTAINER} \ --name=${CONTAINER} \ -e BASE_DOMAIN=${BASE_DOMAIN} \ From bdd3c393d100dbd022ada7314b8b13e86016d02a Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 3 Jan 2020 11:51:01 +0100 Subject: [PATCH 08/12] add nginx conf --- README.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/README.md b/README.md index dfbb301..414c41d 100644 --- a/README.md +++ b/README.md @@ -30,3 +30,42 @@ docker \ -v /srv/someplace:/data \ paste.se ``` + +## nginx + +If you run paste.se behind a nginx proxy, you can use this config as a template. Replace $BASE_DOMAIN and localhost in the `proxy_pass` section to your setup. + +```nginx + +server { + listen 80; + listen 443 ssl http2; + server_name . + + if ($scheme = http) { + return 301 https://$server_name$request_uri; + } + + include snippets/ssl-params.conf; + + ssl_certificate /etc/ssl/vault/paste.int.flattr.net.pem; + ssl_certificate_key /etc/ssl/vault/paste.int.flattr.net.pem; + + include snippets/nginx-sso_auth.conf; + + location / { + auth_request /sso-auth; + auth_request_set $x_username $upstream_http_x_username; + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + + proxy_pass http://localhost:8800; + proxy_set_header Host $host; + proxy_read_timeout 7200; + proxy_send_timeout 7200; + } + + +} #end server stansa +``` + From 75a7f2307bc8e55af6b93494fec7170d673a7228 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 3 Jan 2020 11:51:36 +0100 Subject: [PATCH 09/12] use smaller and newer alpine base --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 06cb08f..621073c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:2.7-alpine +FROM jfloff/alpine-python:2.7-slim RUN pip install tornado pygments From 7b85b351d33a3b26f6c283f8ae33c38cb217a596 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 3 Jan 2020 11:51:43 +0100 Subject: [PATCH 10/12] bump to v0.2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4d56169..e7b913f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ CONTAINER := paste.se HUB_USER := ${USER} -TAG := v0.1 +TAG := v0.2 IMAGE_NAME := ${CONTAINER}:${TAG} PORT := 8800 VOLUME := data From b4d5403f4250e6f7da4e0dcd9659596481187405 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 3 Jan 2020 11:53:30 +0100 Subject: [PATCH 11/12] Remove local nginx values and ssl --- README.md | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/README.md b/README.md index 414c41d..21bb392 100644 --- a/README.md +++ b/README.md @@ -39,26 +39,13 @@ If you run paste.se behind a nginx proxy, you can use this config as a template. server { listen 80; - listen 443 ssl http2; server_name . if ($scheme = http) { return 301 https://$server_name$request_uri; } - include snippets/ssl-params.conf; - - ssl_certificate /etc/ssl/vault/paste.int.flattr.net.pem; - ssl_certificate_key /etc/ssl/vault/paste.int.flattr.net.pem; - - include snippets/nginx-sso_auth.conf; - location / { - auth_request /sso-auth; - auth_request_set $x_username $upstream_http_x_username; - auth_request_set $cookie $upstream_http_set_cookie; - add_header Set-Cookie $cookie; - proxy_pass http://localhost:8800; proxy_set_header Host $host; proxy_read_timeout 7200; From 836f1d2dba16f5e0f3f1d6b59b0f2c2b7847fda9 Mon Sep 17 00:00:00 2001 From: Fredrik Lundhag Date: Fri, 3 Jan 2020 11:55:28 +0100 Subject: [PATCH 12/12] remove https redirect --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 21bb392..4a8b9ea 100644 --- a/README.md +++ b/README.md @@ -41,10 +41,6 @@ server { listen 80; server_name . - if ($scheme = http) { - return 301 https://$server_name$request_uri; - } - location / { proxy_pass http://localhost:8800; proxy_set_header Host $host;