MicroBin on Ubuntu 24.04 on Azure User Guide
Overview
MicroBin is a tiny, feature rich, self hosted pastebin and file sharing web application. From one clean web interface you can paste text such as code, notes and logs, upload files to share, shorten URLs and generate QR codes. Uploads can be public, unlisted or private, can expire automatically or vanish after a set number of reads, and can be encrypted on the server or in the browser. The cloudimg image serves MicroBin 2.1.0 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The server listens only on the loopback interface (127.0.0.1:8080) and nginx serves it on port 80.
The image is secure by default. MicroBin includes a built in admin panel, and rather than shipping its well known default admin login, this image generates a unique administrator password on the first boot of every VM and records it in a protected file on the instance. No shared or default credential ever ships in the image. Backed by 24/7 cloudimg support.
What is included:
- MicroBin 2.1.0 served behind nginx, managed by systemd
- The MicroBin web UI for pastes, file uploads and URL shortening on
:80 - A per VM administrator password generated on first boot, never a baked in default
- A built in JSON datastore, with no separate database to run
- The server bound to
127.0.0.1:8080only, never exposed directly to the network - A dedicated Azure data disk at
/var/lib/microbinfor the paste store, uploaded files and the database microbin.serviceandnginx.serviceas enabled systemd units- 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for busier instances or larger uploads. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web UI. MicroBin serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The server is never exposed directly: it listens on 127.0.0.1:8080 only, so port 8080 stays off the network.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for MicroBin by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name microbin \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to the web UI:
az vm open-port --resource-group <your-rg> --name microbin --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm MicroBin and nginx are active. Note that the server listens only on 127.0.0.1:8080 while nginx serves the web UI on port 80.
systemctl is-active microbin nginx microbin-firstboot
sudo ss -tlnp | grep -E ':80 |:8080 ' | sed 's/ */ /g'

Step 4 - The per VM admin password
MicroBin ships a built in admin panel. Instead of the well known default login, this image generates a unique administrator password on the first boot of every VM and writes it, together with the site URL, to a protected file readable only by root. Read it with sudo:
sudo cat /root/microbin-credentials.txt
The file records microbin.url, microbin.admin_username (which is admin) and microbin.admin_password (unique to this VM). Keep it safe, or change it any time by editing MICROBIN_ADMIN_PASSWORD in /etc/microbin/microbin.env and running sudo systemctl restart microbin.
You can confirm the web UI is healthy from the command line; the home page returns 200:
curl -s -o /dev/null -w 'GET / -> HTTP %{http_code}\n' http://127.0.0.1/

Step 5 - Open the web UI and create a paste
Browse to http://<vm-public-ip>/. The home page is the paste editor. Type or paste your text into the large content box, optionally set a filename for syntax highlighting, choose the expiration and the privacy (public, unlisted, private or an encrypted secret), and select Save. To share a file instead of text, use the file control to attach it.

Step 6 - View and share the paste
After you save, MicroBin opens the upload view page. It shows the content with syntax highlighting, a short animal name URL (for example /upload/tiny-red-fox), a QR code, and controls to view the Raw text, Download the content or Remove the upload. Share the URL, or scan the QR code from a phone.

Step 7 - Read a paste back from the command line
Every upload has a matching raw endpoint at /raw/<id>, handy for scripts and configuration files. Create one from the shell and read it straight back:
LOC=$(curl -s -D - -o /dev/null -F 'content=hello from cloudimg' -F 'privacy=public' -F 'expiration=1hour' http://127.0.0.1/upload | awk 'tolower($1)=="location:"{v=$2} END{gsub(/\r/,"",v);print v}')
SLUG=${LOC##*/upload/}
curl -s http://127.0.0.1/raw/$SLUG; echo
Step 8 - Sign in to the admin panel
MicroBin's admin panel lets you review and remove any upload on the instance. Browse to http://<vm-public-ip>/admin, which shows the admin login. Sign in with the username admin and the per VM password from /root/microbin-credentials.txt.

Once signed in, the admin panel lists every upload with its size, creation time and read count, and lets you remove any of them.

You can also confirm the admin password authenticates from the command line. Replace <MICROBIN_ADMIN_PASSWORD> with the value from /root/microbin-credentials.txt; a correct password returns 200:
curl -s -o /dev/null -w 'admin auth -> HTTP %{http_code}\n' --form-string 'username=admin' --form-string 'password=<MICROBIN_ADMIN_PASSWORD>' http://127.0.0.1/admin
Step 9 - Verify the stack
Confirm the MicroBin version, that the services are enabled, the web UI responds through nginx, and the dedicated data disk mount:
/usr/local/bin/microbin --version
systemctl is-enabled microbin nginx
curl -s -o /dev/null -w 'GET / -> HTTP %{http_code}\n' http://127.0.0.1/
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/microbin

Step 10 - Where your data lives
The JSON database, every uploaded file and the public assets all live on a dedicated Azure data disk mounted at /var/lib/microbin, separate from the OS disk. This disk is captured into the image and re provisioned on every VM, and you can snapshot and resize it independently. Confirm the mount and the free space:
df -h /var/lib/microbin | tail -1
sudo ls -la /var/lib/microbin
Security notes
- MicroBin serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks. A common approach is
certbotwith your-domain on a front end proxy. - The server listens on
127.0.0.1:8080only and is never exposed directly; only nginx on port 80 faces the network. - No default admin login ships. A unique administrator password is generated on the first boot of every VM and stored in
/root/microbin-credentials.txt(readable only by root). Keep it safe, and rotate it by editingMICROBIN_ADMIN_PASSWORDin/etc/microbin/microbin.envthen restarting the service. - By default anyone who can reach port 80 can create a paste. To require a password for uploads, set
MICROBIN_UPLOADER_PASSWORDin/etc/microbin/microbin.envand restart the service, or restrict port 80 in the NSG. - Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.
Support
cloudimg images come with 24/7 support. If you have any questions about this MicroBin image or need help with your deployment, contact us through the cloudimg website.