A self-hosted pastebin powered by Git. Try it here.
- Create public or unlisted snippets
- Clone / Pull / Push snippets via Git over HTTP or SSH
- Revisions history
- Syntax highlighting ; markdown & CSV support
- Like / Fork snippets
- Search for all snippets or for certain users snippets
- Editor with indentation mode & size ; drag and drop files
- Download raw files or as a ZIP archive
- OAuth2 login with GitHub and Gitea
- Avatars
- Responsive UI
- Enable or disable signups
- Restrict or unrestrict snippets visibility to anonymous users
- Admin panel : delete users/gists; clean database/filesystem by syncing gists
- SQLite database
- Logging
- Docker support
- Light mode
- Tests
- Search for snippets
- Embed snippets
- Filesystem/Redis support for user sessions
- Have a cool logo
A Docker image, available for each release, can be pulled
docker pull ghcr.io/thomiceli/opengist:1
It can be used in a docker-compose.yml
file :
- Create a
docker-compose.yml
file with the following content - Run
docker compose up -d
- Opengist is now running on port 6157, you can browse https://localhost:6157
version: "3"
services:
opengist:
image: ghcr.io/thomiceli/opengist:1
container_name: opengist
restart: unless-stopped
ports:
- "6157:6157" # HTTP port
- "2222:2222" # SSH port, can be removed if you don't use SSH
volumes:
- "$HOME/.opengist:/root/.opengist"
environment:
CONFIG: |
log-level: info
Requirements : Git (2.20+), Go (1.19+), Node.js (16+)
git clone https://github.com/thomiceli/opengist
cd opengist
make
./opengist
Opengist is now running on port 6157, you can browse https://localhost:6157
Opengist can be configured using YAML. The full configuration file is config.yml, each default key/value pair can be overridden.
Add a CONFIG
environment variable in the docker-compose.yml
file to the opengist
service :
environment:
CONFIG: |
log-level: info
ssh.git-enabled: false
disable-signup: true
# ...
Create a config.yml
file (you can reuse this one) and run Opengist binary with the --config
flag :
./opengist --config /path/to/config.yml
Configure Nginx to proxy requests to Opengist. Here is an example configuration file :
server {
listen 80;
server_name opengist.example.com;
location / {
proxy_pass https://127.0.0.1:6157;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Then run :
service nginx restart
Fail2ban can be used to ban IPs that try to bruteforce the login page.
Log level must be set at least to warn
.
Add this filter in etc/fail2ban/filter.d/opengist.conf
:
[Definition]
failregex = Invalid .* authentication attempt from <HOST>
ignoreregex =
Add this jail in etc/fail2ban/jail.d/opengist.conf
:
[opengist]
enabled = true
filter = opengist
logpath = /home/*/.opengist/log/opengist.log
maxretry = 10
findtime = 3600
bantime = 600
banaction = iptables-allports
port = anyport
Then run
service fail2ban restart
Opengist can be configured to use OAuth to authenticate users, with GitHub or Gitea.
Integrate Github
- Add a new OAuth app in your Github account settings
- Set 'Authorization callback URL' to
https://opengist.domain/oauth/github/callback
- Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
github.client-key: <key> github.secret: <secret>
Integrate Gitea
- Add a new OAuth app in Application settings from the Gitea instance
- Set 'Redirect URI' to
https://opengist.domain/oauth/gitea/callback
- Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
gitea.client-key: <key> gitea.secret: <secret> # URL of the Gitea instance. Default: https://gitea.com/ gitea.url: https://localhost:3000
Opengist is licensed under the AGPL-3.0 license.