A self-hosted pastebin powered by Git. Try it here.
- Create public, unlisted or private snippets
- Clone / Pull / Push snippets via Git over HTTP or SSH
- Revisions history
- Syntax highlighting ; markdown & CSV support
- Like / Fork snippets
- Search for snippets ; browse users snippets, likes and forks
- Editor with indentation mode & size ; drag and drop files
- Download raw files or as a ZIP archive
- OAuth2 login with GitHub, Gitea, and OpenID Connect
- Avatars via Gravatar or OAuth2 providers
- Light/Dark mode
- Responsive UI
- Enable or disable signups
- Restrict or unrestrict snippets visibility to anonymous users
- Admin panel : delete users/gists; clean database/filesystem by syncing gists
- SQLite database
- Logging
- Docker support
- Translation
- Code/text search
- Embed snippets
- Tests
- Filesystem/Redis support for user sessions
- Have a cool logo
Docker images are available for each release :
docker pull ghcr.io/thomiceli/opengist:1.4It can be used in a docker-compose.yml file :
- Create a
docker-compose.ymlfile with the following content - Run
docker compose up -d - Opengist is now running on port 6157, you can browse https://localhost:6157
version: "3"
services:
opengist:
image: ghcr.io/thomiceli/opengist:1.4
container_name: opengist
restart: unless-stopped
ports:
- "6157:6157" # HTTP port
- "2222:2222" # SSH port, can be removed if you don't use SSH
volumes:
- "$HOME/.opengist:/opengist"You can define which user/group should run the container and own the files by setting the UID and GID environment variables :
services:
opengist:
# ...
environment:
UID: 1001
GID: 1001Requirements : Git (2.20+), Go (1.20+), Node.js (16+)
git clone https://github.com/thomiceli/opengist
cd opengist
make
./opengistOpengist is now running on port 6157, you can browse https://localhost:6157
Opengist provides flexible configuration options through either a YAML file and/or environment variables. You would only need to specify the configuration options you want to change — for any config option left untouched, Opengist will simply apply the default values.
Configuration option list
| YAML Config Key | Environment Variable | Default value | Description |
|---|---|---|---|
| log-level | OG_LOG_LEVEL | warn |
Set the log level to one of the following: trace, debug, info, warn, error, fatal, panic. |
| external-url | OG_EXTERNAL_URL | none | Public URL for the Git HTTP/SSH connection. If not set, uses the URL from the request. |
| opengist-home | OG_OPENGIST_HOME | home directory | Path to the directory where Opengist stores its data. |
| db-filename | OG_DB_FILENAME | opengist.db |
Name of the SQLite database file. |
| sqlite.journal-mode | OG_SQLITE_JOURNAL_MODE | WAL |
Set the journal mode for SQLite. More info here |
| http.host | OG_HTTP_HOST | 0.0.0.0 |
The host on which the HTTP server should bind. |
| http.port | OG_HTTP_PORT | 6157 |
The port on which the HTTP server should listen. |
| http.git-enabled | OG_HTTP_GIT_ENABLED | true |
Enable or disable git operations (clone, pull, push) via HTTP. (true or false) |
| ssh.git-enabled | OG_SSH_GIT_ENABLED | true |
Enable or disable git operations (clone, pull, push) via SSH. (true or false) |
| ssh.host | OG_SSH_HOST | 0.0.0.0 |
The host on which the SSH server should bind. |
| ssh.port | OG_SSH_PORT | 2222 |
The port on which the SSH server should listen. |
| ssh.external-domain | OG_SSH_EXTERNAL_DOMAIN | none | Public domain for the Git SSH connection, if it has to be different from the HTTP one. If not set, uses the URL from the request. |
| ssh.keygen-executable | OG_SSH_KEYGEN_EXECUTABLE | ssh-keygen |
Path to the SSH key generation executable. |
| github.client-key | OG_GITHUB_CLIENT_KEY | none | The client key for the GitHub OAuth application. |
| github.secret | OG_GITHUB_SECRET | none | The secret for the GitHub OAuth application. |
| gitea.client-key | OG_GITEA_CLIENT_KEY | none | The client key for the Gitea OAuth application. |
| gitea.secret | OG_GITEA_SECRET | none | The secret for the Gitea OAuth application. |
| gitea.url | OG_GITEA_URL | https://gitea.com/ |
The URL of the Gitea instance. |
| oidc.client-key | OG_OIDC_CLIENT_KEY | none | The client key for the OpenID application. |
| oidc.secret | OG_OIDC_SECRET | none | The secret for the OpenID application. |
| oidc.discovery-url | OG_OIDC_DISCOVERY_URL | none | Discovery endpoint of the OpenID provider. |
The configuration file must be specified when launching the application, using the --config flag followed by the path to your YAML file.
./opengist --config /path/to/config.ymlYou can start by copying and/or modifying the provided config.yml file.
Usage with Docker Compose :
services:
opengist:
# ...
environment:
OG_LOG_LEVEL: "info"
# etc.Usage via command line :
OG_LOG_LEVEL=info ./opengistConfigure Nginx to proxy requests to Opengist. Here is an example configuration file :
server {
listen 80;
server_name opengist.example.com;
location / {
proxy_pass https://127.0.0.1:6157;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Then run :
service nginx restartFail2ban can be used to ban IPs that try to bruteforce the login page.
Log level must be set at least to warn.
Add this filter in etc/fail2ban/filter.d/opengist.conf :
[Definition]
failregex = Invalid .* authentication attempt from <HOST>
ignoreregex =Add this jail in etc/fail2ban/jail.d/opengist.conf :
[opengist]
enabled = true
filter = opengist
logpath = /home/*/.opengist/log/opengist.log
maxretry = 10
findtime = 3600
bantime = 600
banaction = iptables-allports
port = anyportThen run
service fail2ban restartOpengist can be configured to use OAuth to authenticate users, with GitHub, Gitea, or OpenID Connect.
Integrate Github
- Add a new OAuth app in your Github account settings
- Set 'Authorization callback URL' to
https://opengist.domain/oauth/github/callback - Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
github.client-key: <key> github.secret: <secret>
Integrate Gitea
- Add a new OAuth app in Application settings from the Gitea instance
- Set 'Redirect URI' to
https://opengist.domain/oauth/gitea/callback - Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
gitea.client-key: <key> gitea.secret: <secret> # URL of the Gitea instance. Default: https://gitea.com/ gitea.url: https://localhost:3000
Integrate OpenID
- Add a new OAuth app in Application settings of your OIDC provider
- Set 'Redirect URI' to
https://opengist.domain/oauth/openid-connect/callback - Copy the 'Client ID', 'Client Secret', and the discovery endpoint, and add them to the configuration :
oidc.client-key: <key> oidc.secret: <secret> # Discovery endpoint of the OpenID provider oidc.discovery-url: https://auth.example.com/.well-known/openid-configuration
Opengist is licensed under the AGPL-3.0 license.