NoPaste is a free and open source pastebin of sorts. It was created by Mr. Boris Kubiak and the source code is available on GitHub. In this article, I will demonstrate how to use deploy NoPaste to surge.sh to create your own NoPaste site for free.
What is NoPaste?
The GitHub Readme for NoPaste describes the project as follows:
NoPaste is an open-source website similar to Pastebin where you can store any piece of code, and generate links for easy sharing However, what makes NoPaste special is that it works with no database, and no back-end code. Instead, the data is compressed and stored entirely in the link that you share, nowhere else!
In short, it is a pastebin. But whereas most pastebins store pastes on a server, NoPaste stores the data entirely in links. What happens when you share a link?
When you click on “Generate Link”, NoPaste compresses the whole text using the LZMA algorithm, encodes it in Base64, and puts it in the optional URL fragment, after the first # symbol: nopaste.ml/# When you open a link, NoPaste reads, decodes, and decompresses whatever is after the #, and displays the result in the editor. This process is done entirely in your browser, and the web server hosting NoPaste never has access to the fragment
According to the Readme, NoPaste does not store data. A NoPaste site simply “decodes” and “decompresses” a URL to show the original text content of the paste. In this way, NoPaste pastes are not tied to any single instance of NoPaste.
I am not well qualified to discuss the technical merits or demerits of NoPaste’s approach to private, un-censorable pasting. Because the code is entirely open source, developers can study it and even modify it (NoPaste comes with a permissive MIT License). I move on to describing how to deploy it.
Using NoPaste
The developer of NoPaste maintains a NoPaste site at https://nopaste.ml/. However, unlike some other pastebin tools, you can deploy it on your own server (or someone else’s server, as we will demonstrate).
Deploying NoPaste
The Readme states:
NoPaste is just a bunch of static files, making it really easy to deploy on any kind of file server.
Interesting.
NoPaste offers two methods of deploying (see Wiki). The first involves downloading all of the files from the NoPaste code repository and dropping them into a static file server. To be sure, it is hard to get any easier than that. The second method uses GitHub Pages. I am already using GitHub pages for our feed aggregator. I decided to try a different path for hosting a static site. I do not have a static file server set up at the moment other than using The New Leaf Journal to host a static profile site. What am I to do?
Using surge.sh to Deploy? NoPaste
Surge.sh (heretofore “Surge”) offers static web publishing. It has two plans, one plan is free and the other plan is $30 per month. The free plan is surprisingly robust, offering unlimited publishing and custom domain support (it does not force HTTPS on custom domains, however). You can get full SSL if you use a surge.sh subdomain, which is what we will be doing here.
(Suffice it to say, HTTPS is valuable if you are running a privacy pastebin.)
For the purpose of this guide, I will assume that you are using surge.sh for the first time. If you are a regular surge.sh user (much less a paid customer), you probably figured out how this works as soon as I reached the “NoPaste is just a bunch of static files” part of the Readme. I am also writing this guide from the perspective of using Linux, although I assume the steps are exactly the same on MacOS.
Clone NoPaste GitHub repository
First, clone the NoPaste repository locally. In the case of Linux…
git clone https://github.com/bokub/nopaste
You may also want to fork the repository in case you make any changes. I forked it (although no changes at the moment). Thus, in my case, the command was…
git clone https://github.com/nafnlj/nopaste
Whichever makes you happiest will work.
Install surge.sh
Surge.sh offers a command line tool for deploying to its network. You can find the instructions for installing the command line tool here. I ended up installing an Arch User Repository package for Surge instead of the npm package, but most people will install the npm version. The command as of this writing is…
npm install --global surge
Surge advises users to ensure that they have the latest version of npm installed.
Create Surge account
Before running surge, I changed into my nopaste directory from the command line. While I had it in a sub-directory, we will pretend for the purpose of this exercise that I cloned the entire directory into my Home directory on Linux. In that case, the command would be…
cd ~/nopaste
Change the path if you did not drop it into Home.
Now, from the nopaste directory, run the following command…
surge
Surge will prompt you to log in or create an account with an email and password. If you already have an account, use your credentials. If not, the email and password you enter will be your credentials.
Deploying your NoPaste site
After creating your account (make sure to look for your email confirmation), Surge should then list a project and domain on two lines. The project line will be the local directory (it should be your nopaste directory in this case) and the domain will be the domain your NoPaste site will live on.
Now when I first used this, I thought that the suggested domain from Surge was the final domain. Not only was this not the case, but the suggested domain sometimes does not work (the first I tried was already taken). You can change the domain (before the surge.sh part) to whatever you want. After selecting a domain, hit enter and surge should tell you that your site is now deployed. Test the URL to make sure it works. Assuming all went well, you should now have your own personal NoPaste site set upon your selected surge.sh subdomain.
Alternatives
Because NoPaste is just a collection of static files, any static web host will do. It could be hosted for free with GitHub Pages, GitLab Pages, Netlify, fly.io (I think), or other alternatives. I am not recommending surge.sh over these options, and if I ended up using it regularly, I would prefer to host it on a domain that I own. But I was interested in trying surge.sh and I thought that NoPaste would be an interesting case to test it. If you do not mind using a surge.sh subdomain (provided you are not a paid customer), surge does provide a very quick and easy way to deploy your surge.sh.
Notes
Note that NoPaste has no authentication mechanism, so if you make the URL public, anyone can use your NoPaste (at least by default). However, the special URLs are not tied to any one particular instance. Any NoPaste site can decrypt them per the documentation in the NoPaste readme. This is reassuring in the event, for example, that your host for a particular NoPaste site goes out of business or changes its pricing model. You could set up a new site and all of your saved links will still be readable.
Conclusion
I enjoyed setting up my little surge.sh NoPaste instance and the application looks neat. I will test it a bit and see if it is something that could be useful for my own workflow. While NoPaste’s main purpose seems to be for “storing” and sharing encrypted pastes and notes, it may be amenable to some more general-use cases. For example, provided one has a basic system for tracking versions, it could be used for editing markdown files containing text for articles or things of that sort. I have not tested NoPaste too as much yet, but I can confirm it is very easy to set up and run.