opengist/README.md

# Opengist

![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/thomiceli/opengist?sort=semver)
![License](https://img.shields.io/github/license/thomiceli/opengist?color=blue)
![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/thomiceli/opengist/go.yml)

A self-hosted pastebin **powered by Git**. [Try it here](https://opengist.thomice.li).

* [Features](#features)
* [Install](#install)
    * [With Docker](#with-docker)
    * [From source](#from-source)
* [Configuration](#configuration)
* [Administration](#administration)
    * [Use Nginx as a reverse proxy](#use-nginx-as-a-reverse-proxy)
    * [Use Fail2ban](#use-fail2ban)
* [Configure OAuth](#configure-oauth)
* [License](#license)

## Features

* Create public or unlisted snippets
* Clone / Pull / Push snippets **via Git** over HTTP or SSH
* Revisions history
* Syntax highlighting ; markdown & CSV support
* Like / Fork snippets
* Search for all snippets or for certain users snippets
* Editor with indentation mode & size ; drag and drop files
* Download raw files or as a ZIP archive
* OAuth2 login with GitHub and Gitea
* Avatars
* Responsive UI
* Enable or disable signups
* Admin panel : delete users/gists; clean database/filesystem by syncing gists
* SQLite database
* Logging
* Docker support

#### Todo

- [ ] Light mode
- [ ] Tests
- [ ] Search for snippets
- [ ] Embed snippets
- [ ] Filesystem/Redis support for user sessions
- [ ] Have a cool logo

## Install

### With Docker

A Docker [image](https://github.com/users/thomiceli/packages/container/package/opengist), available for each release, can be pulled

```
docker pull ghcr.io/thomiceli/opengist:1
```

It can be used in a `docker-compose.yml` file :

1. Create a `docker-compose.yml` file with the following content
2. Run `docker compose up -d`
3. Opengist is now running on port 6157, you can browse http://localhost:6157

```yml
version: "3"

services:
  opengist:
    image: ghcr.io/thomiceli/opengist:1
    container_name: opengist
    restart: unless-stopped
    ports:
      - "6157:6157" # HTTP port
      - "2222:2222" # SSH port, can be removed if you don't use SSH
    volumes:
      - "$HOME/.opengist:/root/.opengist"
    environment:
      CONFIG: |
        log-level: info
```

### From source

Requirements : [Git](https://git-scm.com/downloads) (2.20+), [Go](https://go.dev/doc/install) (1.19+), [Node.js](https://nodejs.org/en/download/) (16+)

```shell
git clone https://github.com/thomiceli/opengist
cd opengist
make
./opengist
```

Opengist is now running on port 6157, you can browse http://localhost:6157

## Configuration

Opengist can be configured using YAML. The full configuration file is [config.yml](config.yml), each default key/value
pair can be overridden.

### With docker

Add a `CONFIG` environment variable in the `docker-compose.yml` file to the `opengist` service :

```diff
environment:
  CONFIG: |
    log-level: info
    ssh.git-enabled: false
    disable-signup: true
    # ...
```

### With binary

Create a `config.yml` file (you can reuse this [one](config.yml)) and run Opengist binary with the `--config` flag :

```shell
./opengist --config /path/to/config.yml
```


## Administration

### Use Nginx as a reverse proxy

Configure Nginx to proxy requests to Opengist. Here is an example configuration file :
```
server {
    listen 80;
    server_name opengist.example.com;

    location / {
        proxy_pass http://127.0.0.1:6157;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

Then run :
```shell
service nginx restart 
```

### Use Fail2ban

Fail2ban can be used to ban IPs that try to bruteforce the login page.
Log level must be set at least to `warn`.

Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
```ini
[Definition]
failregex =  Invalid .* authentication attempt from <HOST>
ignoreregex =
```

Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
```ini
[opengist]
enabled = true
filter = opengist
logpath = /home/*/.opengist/log/opengist.log
maxretry = 10
findtime = 3600
bantime = 600
banaction = iptables-allports
port = anyport
```

Then run
```shell
service fail2ban restart 
```

## Configure OAuth

Opengist can be configured to use OAuth to authenticate users, with GitHub or Gitea.

<details>
<summary>Integrate Github</summary>

* Add a new OAuth app in your [Github account settings](https://github.com/settings/applications/new)
* Set 'Authorization callback URL' to `http://opengist.domain/oauth/github/callback`
* Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
  ```yaml
  github.client-key: <key>
  github.secret: <secret>
  ```
</details>

<details>
<summary>Integrate Gitea</summary>

* Add a new OAuth app in Application settings from the [Gitea instance](https://gitea.com/user/settings/applications)
* Set 'Redirect URI' to `http://opengist.domain/oauth/gitea/callback`
* Copy the 'Client ID' and 'Client Secret' and add them to the configuration :
  ```yaml
  gitea.client-key: <key>
  gitea.secret: <secret>
  # URL of the Gitea instance. Default: https://gitea.com/
  gitea.url: http://localhost:3000
  ```
</details>

## License

Opengist is licensed under the [AGPL-3.0 license](LICENSE).
Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00			`# Opengist`

			`![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/thomiceli/opengist?sort=semver)`
			`![License](https://img.shields.io/github/license/thomiceli/opengist?color=blue)`
CI status on README 2023-04-26 23:55:37 +02:00			`![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/thomiceli/opengist/go.yml)`
Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00
			`A self-hosted pastebin powered by Git. [Try it here](https://opengist.thomice.li).`

			`* [Features](#features)`
			`* [Install](#install)`
			`* [With Docker](#with-docker)`
			`* [From source](#from-source)`
			`* [Configuration](#configuration)`
			`* [Administration](#administration)`
			`* [Use Nginx as a reverse proxy](#use-nginx-as-a-reverse-proxy)`
			`* [Use Fail2ban](#use-fail2ban)`
Update README.md 2023-04-17 21:57:03 +02:00			`* [Configure OAuth](#configure-oauth)`
Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00			`* [License](#license)`

			`## Features`

			`* Create public or unlisted snippets`
			`* Clone / Pull / Push snippets via Git over HTTP or SSH`
			`* Revisions history`
			`* Syntax highlighting ; markdown & CSV support`
			`* Like / Fork snippets`
			`* Search for all snippets or for certain users snippets`
			`* Editor with indentation mode & size ; drag and drop files`
			`* Download raw files or as a ZIP archive`
v1.1.0 2023-04-18 03:11:28 +02:00			`* OAuth2 login with GitHub and Gitea`
Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00			`* Avatars`
			`* Responsive UI`
			`* Enable or disable signups`
			`* Admin panel : delete users/gists; clean database/filesystem by syncing gists`
			`* SQLite database`
			`* Logging`
			`* Docker support`

			`#### Todo`

			`- [ ] Light mode`
			`- [ ] Tests`
			`- [ ] Search for snippets`
			`- [ ] Embed snippets`
			`- [ ] Filesystem/Redis support for user sessions`
			`- [ ] Have a cool logo`

			`## Install`

			`### With Docker`

			`A Docker [image](https://github.com/users/thomiceli/packages/container/package/opengist), available for each release, can be pulled`

			```
			`docker pull ghcr.io/thomiceli/opengist:1`
			```

			It can be used in a `docker-compose.yml` file :

			1. Create a `docker-compose.yml` file with the following content
Update README.md 2023-04-12 12:50:47 +02:00			2. Run `docker compose up -d`
Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00			`3. Opengist is now running on port 6157, you can browse http://localhost:6157`

			```yml
			`version: "3"`

			`services:`
			`opengist:`
			`image: ghcr.io/thomiceli/opengist:1`
			`container_name: opengist`
			`restart: unless-stopped`
			`ports:`
			`- "6157:6157" # HTTP port`
			`- "2222:2222" # SSH port, can be removed if you don't use SSH`
			`volumes:`
			`- "$HOME/.opengist:/root/.opengist"`
			`environment:`
			`CONFIG: \|`
			`log-level: info`
			```

			`### From source`

			`Requirements : [Git](https://git-scm.com/downloads) (2.20+), [Go](https://go.dev/doc/install) (1.19+), [Node.js](https://nodejs.org/en/download/) (16+)`

			```shell
			`git clone https://github.com/thomiceli/opengist`
			`cd opengist`
			`make`
			`./opengist`
			```

			`Opengist is now running on port 6157, you can browse http://localhost:6157`

			`## Configuration`

			`Opengist can be configured using YAML. The full configuration file is [config.yml](config.yml), each default key/value`
			`pair can be overridden.`

			`### With docker`

			Add a `CONFIG` environment variable in the `docker-compose.yml` file to the `opengist` service :

			```diff
			`environment:`
			`CONFIG: \|`
			`log-level: info`
			`ssh.git-enabled: false`
			`disable-signup: true`
			`# ...`
			```

			`### With binary`

			Create a `config.yml` file (you can reuse this [one](config.yml)) and run Opengist binary with the `--config` flag :

			```shell
			`./opengist --config /path/to/config.yml`
			```


			`## Administration`

			`### Use Nginx as a reverse proxy`

			`Configure Nginx to proxy requests to Opengist. Here is an example configuration file :`
			```
			`server {`
			`listen 80;`
			`server_name opengist.example.com;`

			`location / {`
			`proxy_pass http://127.0.0.1:6157;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`}`
			`}`
			```

			`Then run :`
			```shell
			`service nginx restart`
			```

			`### Use Fail2ban`

			`Fail2ban can be used to ban IPs that try to bruteforce the login page.`
			Log level must be set at least to `warn`.

			Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
			```ini
			`[Definition]`
			`failregex = Invalid .* authentication attempt from <HOST>`
			`ignoreregex =`
			```

			Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
			```ini
			`[opengist]`
			`enabled = true`
			`filter = opengist`
			`logpath = /home/*/.opengist/log/opengist.log`
			`maxretry = 10`
			`findtime = 3600`
			`bantime = 600`
			`banaction = iptables-allports`
			`port = anyport`
			```

			`Then run`
			```shell
			`service fail2ban restart`
			```
Update README.md 2023-04-17 21:57:03 +02:00
			`## Configure OAuth`

			`Opengist can be configured to use OAuth to authenticate users, with GitHub or Gitea.`

			`<details>`
			`<summary>Integrate Github</summary>`

			`* Add a new OAuth app in your [Github account settings](https://github.com/settings/applications/new)`
			* Set 'Authorization callback URL' to `http://opengist.domain/oauth/github/callback`
Small change in README 2023-04-17 22:17:08 +02:00			`* Copy the 'Client ID' and 'Client Secret' and add them to the configuration :`
Update README.md 2023-04-17 21:57:03 +02:00			```yaml
			`github.client-key: <key>`
			`github.secret: <secret>`
			```
			`</details>`

			`<details>`
			`<summary>Integrate Gitea</summary>`

			`* Add a new OAuth app in Application settings from the [Gitea instance](https://gitea.com/user/settings/applications)`
			* Set 'Redirect URI' to `http://opengist.domain/oauth/gitea/callback`
Small change in README 2023-04-17 22:17:08 +02:00			`* Copy the 'Client ID' and 'Client Secret' and add them to the configuration :`
Update README.md 2023-04-17 21:57:03 +02:00			```yaml
			`gitea.client-key: <key>`
			`gitea.secret: <secret>`
			`# URL of the Gitea instance. Default: https://gitea.com/`
			`gitea.url: http://localhost:3000`
			```
			`</details>`

Improve Dockerfile, docker build CI, Readme 2023-04-10 22:52:52 +02:00			`## License`

			`Opengist is licensed under the [AGPL-3.0 license](LICENSE).`