Christian WellsIn today’s digital age, password security is of utmost importance. With the increasing number of online accounts and the threat of cyber attacks, it’s crucial to have a reliable password management tool. sysPass is a free, open-source, and PHP-based password management tool that provides a safe and secure location to store your passwords. It is designed for multi-user environments and offers a user-friendly web interface for easy configuration and management.
In this article, we will guide you through the step-by-step process of installing sysPass password manager on Ubuntu 22.04, ensuring the installation of Let’s Encrypt SSL for enhanced security.
Prerequisites
Before we begin, make sure you have the following prerequisites in place:
- A server running Ubuntu 22.04.
- A valid domain name pointed to your server’s IP.
- A root password configured on the server.
Step 1: Install Apache, MariaDB, and PHP
To start, we need to install the Apache web server, MariaDB database server, PHP, and other necessary PHP extensions. Open your terminal and run the following command:
apt-get install apache2 mariadb-server -y
By default, Ubuntu 22.04 ships with PHP 8.1, but sysPass does not support this version. Therefore, we need to install PHP 7.4 along with the required extensions. Run the following commands to add the PHP repository and install PHP 7.4:
apt install software-properties-common ca-certificates lsb-release apt-transport-https add-apt-repository ppa:ondrej/php apt install libapache2-mod-php7.4 php7.4 php7.4-mysqli php7.4-pdo php7.4 php7.4-cgi php7.4-cli php7.4-common php7.4-gd php7.4-json php7.4-readline php7.4-curl php7.4-intl php7.4-ldap php7.4-xml php7.4-mbstring git -y
Once the installations are complete, we need to make some changes to the php.ini file. Open the file using the following command:
nano /etc/php/7.4/apache2/php.ini
Inside the php.ini file, locate the following settings and modify them accordingly:
post_max_size = 100M upload_max_filesize = 100M max_execution_time = 7200 memory_limit = 512M date.timezone = UTC
Save and close the file. To apply the changes, restart the Apache service using the following command:
systemctl restart apache2
Step 2: Configure MariaDB for sysPass
By default, MariaDB installation is not secure. We need to secure it by setting a root password and implementing some security measures. Run the following command to start the MariaDB secure installation process:
mysql_secure_installation
You will be prompted to answer a series of questions to secure the installation. Follow the instructions below:
- Enter current password for root (enter for none): Press Enter as there is no root password set yet.
- Switch to unixsocket authentication [Y/n]: Type “Y” to enable unixsocket authentication.
- Change the root password? [Y/n]: Type “Y” to change the root password.
- New password: Enter your desired root password.
- Re-enter new password: Confirm the root password.
- Remove anonymous users? [Y/n]: Type “Y” to remove anonymous users.
- Disallow root login remotely? [Y/n]: Type “Y” to disallow root login remotely.
- Remove test database and access to it? [Y/n]: Type “Y” to remove the test database.
- Reload privilege tables now? [Y/n]: Type “Y” to reload the privilege tables.
Once the secure installation process is complete, log in to the MariaDB interface using the following command:
mysql -u root -p
Enter the MariaDB root password you just set. Now, create a database and user for sysPass with the following commands:
create database syspassdb; grant all privileges on syspassdb.* to syspassuser@localhost identified by "password";
Remember to replace “password” with a strong password of your choice. After executing these commands, flush the privileges and exit from the MariaDB shell:
flush privileges; exit;
Now, your MariaDB database and user are ready for sysPass. Let’s move on to the next step.
Step 3: Install sysPass
To install sysPass, we need to download the latest version from the Git repository. Run the following command to clone the sysPass repository:
git clone https://github.com/nuxsmin/sysPass.git
Once the download is complete, move the sysPass directory to the Apache web root directory:
mv sysPass /var/www/html/syspass
Next, we need to set the proper ownership and permissions for the syspass directory. Run the following commands:
chown -R www-data:www-data /var/www/html/syspass chmod 750 /var/www/html/syspass/app/{config,backup}
Now, we need to install Composer, a dependency manager for PHP. Create a Composer installation script by running the following command:
nano /var/www/html/syspass/install-composer.sh
Inside the file, add the following lines:
#!/bin/sh EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] then >&2 echo 'ERROR: Invalid installer signature' rm composer-setup.php exit 1 fi php composer-setup.php --quiet RESULT=$? rm composer-setup.php exit $RESULT
Save and close the file. Now, run the Composer installation script:
cd /var/www/html/syspass sh install-composer.sh
Once Composer is installed, run the following command to install all the required PHP dependencies:
php composer.phar install --no-dev
With this, sysPass is now installed on your system. Let’s move on to the next step.
Step 4: Configure Apache for sysPass
To host sysPass on the web, we need to create an Apache virtual host configuration file. Run the following command to create the file:
nano /etc/apache2/sites-available/syspass.conf
Inside the file, add the following lines:
<VirtualHost *:80>
ServerAdmin test@example.com
DocumentRoot "/var/www/html/syspass"
ServerName syspass.example.com
<Directory "/var/www/html/syspass/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/syspass_access.log
ErrorLog /var/log/apache2/syspass_error.log
</VirtualHost>
Remember to replace “syspass.example.com” with your own domain name. Save and close the file. Next, activate the Apache virtual host by running the following command:
a2ensite syspass
To apply the changes, restart the Apache service:
systemctl restart apache2
You can check the status of the Apache service to ensure everything is working fine:
systemctl status apache2
If all goes well, you should see a similar output indicating that the Apache service is active and running.
Step 5: Access the sysPass Admin Interface
Now that sysPass is installed and configured, you can access the sysPass Admin interface through your web browser. Open your browser and enter the URL http://syspass.example.com (replace with your own domain name). You will be redirected to the sysPass installation page.
On the installation page, provide the necessary information, including your admin username, password, master password, database credentials, language preference, and hosting mode. Once you have filled in all the required details, click on the “INSTALL” button to proceed with the installation.
After the installation is complete, you will be redirected to the sysPass login page. Enter your admin username and password, then click on the “>” button to log in. You should now see the sysPass dashboard, indicating that the installation was successful.
Step 6: Install Let’s Encrypt SSL on sysPass
To enhance the security of your sysPass installation, it is recommended to secure it with a Let’s Encrypt SSL certificate. Let’s Encrypt provides free SSL certificates that can be easily installed and managed.
To install the Certbot client, which will help us install and manage the SSL certificate, run the following command:
apt-get install python3-certbot-apache -y
Once the Certbot client is installed, run the following command to secure your sysPass website with a Let’s Encrypt SSL certificate:
certbot --apache -d syspass.example.com
Replace “syspass.example.com” with your own domain name. Follow the prompts to provide your email address and agree to the terms of service. Certbot will automatically obtain and install the SSL certificate for your website.
After the installation is complete, Certbot will ask you whether to redirect HTTP traffic to HTTPS. Choose the appropriate option based on your preference and website requirements.
Congratulations! You have successfully installed sysPass password manager with Let’s Encrypt SSL on Ubuntu 22.04. You can now explore the sysPass password manager and start deploying it in your production environment.
For reliable and scalable cloud hosting solutions, consider Shape.host. Shape.host offers Cloud VPS services that provide excellent performance, security, and flexibility for your hosting needs. Upgrade your infrastructure with Shape.host and experience the power of the cloud.
