Developer Tools Azure

Opengist on Ubuntu 24.04 on Azure User Guide

| Product: Opengist on Ubuntu 24.04 LTS on Azure

Overview

Opengist is an open source, self hosted pastebin powered by Git. Every snippet you save, called a gist, is a real Git repository, so your pastes carry full version history and can be cloned and pushed over HTTP. A modern web interface offers syntax highlighting, code search, public, unlisted and private visibility, a REST API and optional sign in through OAuth, OpenID Connect or LDAP. The cloudimg image serves Opengist 1.13.1 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The server listens only on the loopback interface (127.0.0.1:6157) and nginx serves it on port 80.

The image is secure by default: it ships with no administrator account, so the very first user to register becomes the admin. Each instance also generates its own session secret on first boot, so no shared or default credential ever ships in the image. Backed by 24/7 cloudimg support.

What is included:

  • Opengist 1.13.1 served behind nginx, managed by systemd
  • The Opengist web UI, git over HTTP and the REST API on :80
  • No default administrator: the first user to register becomes the admin
  • An embedded SQLite datastore and on disk Git repositories, with no separate database to run
  • The server bound to 127.0.0.1:6157 only, never exposed directly to the network
  • A dedicated Azure data disk at /opt/opengist for the database, the gist repositories and the search index
  • opengist.service and nginx.service as enabled systemd units
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for busier instances or larger repositories. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web UI. Opengist serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The server is never exposed directly: it listens on 127.0.0.1:6157 only, so port 6157 stays off the network.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Opengist by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name opengist \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Then open port 80 to the web UI:

az vm open-port --resource-group <your-rg> --name opengist --port 80

Step 3 - Confirm the services are running

SSH in as azureuser and confirm Opengist and nginx are active. Note that the server listens only on 127.0.0.1:6157 while nginx serves the web UI on port 80.

systemctl is-active opengist nginx opengist-firstboot
sudo ss -tlnp | grep -E ':80 |:6157 ' | sed 's/  */ /g'

The opengist, nginx and opengist-firstboot services active, with nginx on port 80 and the Opengist server bound to loopback 127.0.0.1:6157

Step 4 - The first visit info note

Opengist ships with no administrator account. On the first boot of every VM a one shot service writes an instance info note recording the site URL and the register instruction. There is no password in it, because the first user to register becomes the admin. Read it with sudo:

sudo cat /root/opengist-credentials.txt

You can confirm the server is healthy from the command line; the health endpoint returns 200:

curl -s -o /dev/null -w 'GET /healthcheck -> HTTP %{http_code}\n' http://127.0.0.1/healthcheck

The Opengist instance info note showing the site URL and the register instruction, with the health endpoint returning HTTP 200 - no default password ships

Step 5 - Register your admin on first visit

Browse to http://<vm-public-ip>/. Because the image ships with no user, open the Register page and create the first account. The first user to register automatically becomes the administrator. Choose a username and a strong password and select Register. This is where you secure the instance: there are no default credentials to change, because none ship.

The Opengist register form, where the first user to register becomes the administrator - the image ships with no default account

Step 6 - Create your first gist

Once you are signed in, select New to open the gist editor. Give the file a name with an extension (for example healthcheck.sh), paste or type your snippet into the editor, and choose the visibility: public, unlisted or private. Opengist detects the language from the file extension and applies syntax highlighting. Optional metadata such as a title, description and topics is available under Metadata.

The Opengist new gist editor with a filename and a shell snippet typed in, ready to create

Step 7 - View and share the gist

Select Create and Opengist saves the snippet as a Git repository and opens its view page, with syntax highlighted code, a Revisions tab tracking every change, and controls to Like, Edit, Download ZIP, view the Raw file or copy an Embed snippet for a blog or wiki.

A created gist rendered with syntax highlighting, showing the Code and Revisions tabs and the raw, embed and download controls

Step 8 - Browse your gists

Your profile page lists every gist you own, with filters for visibility, language and topics, and a preview of each snippet. Public and unlisted gists from other users appear under All in the top navigation, and the code search box searches across the instance.

The Opengist profile page listing the user's gists, with visibility, language and topic filters

Step 9 - Clone and push over Git

Because every gist is a real Git repository, you can clone it, commit locally and push changes back over HTTP. Copy the gist URL from its view page and use ordinary Git commands, signing in with the account you registered in Step 5:

git clone http://<vm-public-ip>/<username>/<gist-id>.git
cd <gist-id>
# edit files, then
git add -A && git commit -m "update snippet"
git push

You can also create a brand new gist by pushing a repository: create it in the web UI first, then set its URL as a remote and push.

Step 10 - Verify the stack

Confirm the Opengist version, that the services are enabled, the web UI responds through nginx, and the dedicated data disk mount:

/usr/local/bin/opengist version
systemctl is-enabled opengist nginx
curl -s -o /dev/null -w 'GET /healthcheck -> HTTP %{http_code}\n' http://127.0.0.1/healthcheck
findmnt -no SOURCE,TARGET,FSTYPE /opt/opengist

The Opengist 1.13.1 version, the enabled opengist and nginx units, the health endpoint returning HTTP 200 through nginx, and the dedicated ext4 data disk mount

Step 11 - Where your data lives

The SQLite database, every gist Git repository and the search index all live on a dedicated Azure data disk mounted at /opt/opengist, separate from the OS disk. This disk is captured into the image and re provisioned on every VM, and you can snapshot and resize it independently. Confirm the mount and the free space:

df -h /opt/opengist | tail -1
sudo ls -la /opt/opengist

Security notes

  • Opengist serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks. A common approach is certbot with your-domain on a front end proxy.
  • The server listens on 127.0.0.1:6157 only and is never exposed directly; only nginx on port 80 faces the network. The built in Git over SSH server is disabled, so only ports 22, 80 and 443 are in play.
  • The image ships with no administrator. The first user to register becomes the admin, so there are no shared or default credentials to rotate. After you register, open the admin settings and disable open sign up if the instance is not meant to be public, and keep your admin password somewhere safe.
  • Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.

Support

cloudimg images come with 24/7 support. If you have any questions about this Opengist image or need help with your deployment, contact us through the cloudimg website.