Contents
Preface
We often need to send texts, links or files to friends on WeChat, QQ or other similar chat tools, but you should know that in the current severe environment (and it will become more and more severe in the future), everything you send will be recorded and will be kept for 3-5 years. Although we are all law-abiding citizens, we are not afraid of shadows. But it is always very unpleasant to let others read what you send at will. At this time, self-destructing messages are a good solution (you can generate a one-time link or QR code, and the link or QR code will become invalid after you click it once). Unfortunately, in my country, services such as self-destructing messages are taboo. You know the reason, so if you want to use such services, the best way is to use those provided by others or build them yourself.
As someone who believes in "self-reliance" and has a large-scale "home data center", I definitely chose to build it myself, so I naturally faced the problem of choice. After all, there are still many choices:
1. PasteMe
Actually, this project is good, but unfortunately, after being interviewed once, it has not been updated for more than 2 years. The original functions were very powerful:
It can be seen that the power of PasteMe lies mainly in the sharing of texts, and the ability to cooperate with curl and wget to obtain codes. However, due to the water meter inspection, the new version of PasteMe can only be read once when not logged in, or it will expire after 5 minutes, and cannot be read multiple times. The most critical user system has not yet been started~~~~~so its usage is extremely limited and it can only be used simply as a read and burn function, which is a pity.
2. NaiveBoom
This is really too simple. There are no options. You can only paste the text content and generate a one-time link. I guess minimalists like it. It is similar to the disabled PasetMe:
3. Privatebin
This function is much more powerful:
You can choose "validity period" (up to 1 hour), "burn after reading" (check it to read once, uncheck it to read unlimited times), "password", "attachment", and "format" (plain text, source code, markdown). In general, the functions provided are powerful enough and fully usable, so it is one of the options.
4. Cryptgeon
The functions are similar to Privatebin, but there are some minor differences:
1. Number of reads:
For example, cryptgeon can set the number of readings, up to a maximum of 100 times; Privatebin can only choose to be read once or exist forever, and when it exists forever, it can also allow open discussion.
2. Validity period:
The maximum validity period of a cryptgeon can be set to 6 hours; the maximum validity period of a Privatebin can be set to 1 hour.
3. Password:
In addition to manually setting the password of crptgeon, it can also be automatically generated (Privatebin can only be set manually).
After comparison, both 3 and 4 meet my requirements in terms of functionality, and 3 is even better in terms of customizability:
Privatebin has more customizable options and can be used with mariadb or mysql. If you want to store text data for a long time, Privatebin is the winner, because the content of cryptgeon can only be stored in memory, and everything will be lost after a restart. Logically, I should choose Privatebin. But the problem is that it is placed on the Internet. Why was PasteMe investigated? It is because it can be stored permanently and then used by others to spread things. If it supports registration, I am not afraid, but key 3 and 4 do not support it. So after thinking about it, I still chose cryptgeon because it cannot achieve permanent storage: either 100 reads or 6 hours.
Deploy cryptgeon
Because redis acceleration is needed, it is necessary to create an additional bridge connecting redis and cryptgeon: "public-net".
Create a public-net network
docker network create public-netDeploy redis
Create a directory on the host that needs to be mounted inside the container
mkdir -p /docker/redis/dataDeploy redis
The docker run command format is as follows:
docker run --name redis -d --restart=always --net=public-net \ -p 6379:6379 \ -v /docker/redis/data:/data \ redisCreating a cryptgeon
The docker run command format is as follows:
docker run --name cryptgeon -d --restart=always --net=public-net \ -e redis=redis://redis \ #Specify the address of redis -e SIZE_LIMIT=100M \ #The maximum size of a single note, you can set it according to your needs -p 9030:8000 \ #Map the host port to 8000 inside the container, the host port can be set according to your actual environment cupcakearmy/cryptgeonDeploy Privatebin (with bonus content)
Considering that some friends may be more stubborn and prefer permanent storage, I also put the deployment command of Privatebin here for everyone to study.
Create a directory on the host that needs to be mounted inside the container
mkdir -p /docker/privatebin/dataDeploy Privatebin
docker run --name privatebin -d --restart=always --net=public-net \ --read-only \ #This image supports running in read-only mode. Using this mode can slightly reduce the attack surface, because exploiting a vulnerability in one of the image services cannot overwrite any files in the container. Only /tmp, /var/tmp, /var/run and /srv/data can be written to -p 8080:8080 \ #Map the host's port 8080 to the container's port 8080. You can adjust this according to your actual situation. -v /docker/privatebin/conf.php:/srv/cfg/conf.php:ro \ #Optional. If you plan to use mariadb or mysql, or perform other customizations, such as advertising, you can do this, but you need to create a container once and copy the conf.php file out. -v /docker/privatebin/data:/srv/data #The path to the system folder, paste and other service data are saved in this folder. This ensures that the paste is not lost after stopping and restarting the image or changing the image. privatebin/nginx-fpm-alpineConfiguring public network access
If cryptgeon is to be published on the public Internet, you need to choose the most suitable publishing method according to the actual environment and the reverse proxy you use. You can refer to my previous articles:
1,Docker series uses Docker to build its own reverse proxy based on NPM
2,Linux panel series configure reverse proxy and use non-443 port for publishing
3.Home data center series uses domestic cloud hosting to get free cloudflare to achieve fast access to domestic sites from abroad
4.Home Data Center Series: Use cloudflare to build a website quickly with no public IP in your home broadband (general purpose)
The first and second methods are suitable for environments with public IP but no legal 443 port (home broadband, unregistered cloud host). You need to add a non-standard port after the URL (if you use cloudflare to build a website, you don't need to add a port, but you need to customize the source station port. You can refer to:Home data center series uses cloudflare's Origin Rules to solve the problem of having a public IP but no legal ports 80 and 443 when building a websiteThe third method is suitable for cloud hosts with a record, and the fourth method is suitable for all environments (including environments without public IP), which is also the method I recommend (regardless of whether your environment has a public IP or not, because this method does not require running https traffic directly on the public network).
Afterword
Normally, when I write an article, I will show you the actual results, but I will let the self-destructing function go. First, it is simple, and a screenshot of the interface shows all the supported functions; second, it is indeed dangerous, like PasteMe was investigated, and the disclaimer is useless, and others do not recognize it. So it is best for everyone to build their own self-destructing function. At the same time, it is best not to use the domain name purchased from a domestic domain name supplier as the self-destructing domain name, and do not use domestic IP addresses. These are all just in case. If you want to put it, put it on cloudflare. Anyway, it is free plan, and it is safe. You must be very careful.
In addition: Bitwarden's own send function can also be used as a self-destructing message:
For the specific steps of setting up bitwarden, please refer to my other article:Docker series uses Docker to build its own password management system based on Bitwarden.
Thank you for sharing a private deployment solution that can be used to replace Bitwarden Send. Since Firefox Send stopped development, I have been looking for a private deployment solution but have not found one. Bitwarden Send is too private, so I don’t want to use it for temporary sharing.
In fact, there are many applications of this type. I think cryptgeon is the most lightweight. If you want to keep content for a long time or want more functions, there are other options, but you need to use a database, which is unnecessary and more dangerous. There are too many such sharing applications on the Internet that are improperly used by others and eventually implicate software developers or builders.
There are many alternative solutions for long-term storage and sharing. My idea is similar to the blogger's. This is only used for temporary private sharing among friends and is not open to others.