Christian WellsIn today’s digital age, password management has become increasingly crucial for individuals and businesses alike. With the growing number of online accounts and the need for strong, unique passwords, it can be challenging to keep track of them all. That’s where password managers like SysPass come in. SysPass is an open-source password manager that provides centralized and collaborative password management, advanced profile management, and multi-user support.
In this article, we will guide you through the process of setting up SysPass Password Manager on a Rocky Linux server. We will cover the installation of the necessary components, including the Apache web server, MariaDB database server, and PHP. Additionally, we will show you how to configure SysPass and secure your installation with SSL certificates.
Prerequisites
Before we begin, make sure you have the following prerequisites:
- A Rocky Linux server (version 8 or 9)
- A non-root user with sudo privileges
- A fully qualified domain name (FQDN) pointing to your server’s IP address
Installing Httpd Web Server
To run SysPass with Apache web server on Rocky Linux, we need to install the httpd package. Fortunately, the httpd web server is available by default in the BaseOS and AppStream repositories.
To install the httpd web server, open a terminal and run the following command:
sudo dnf install httpd
After the installation is complete, start and enable the httpd service by running the following commands:
sudo systemctl start httpd sudo systemctl enable httpd
To verify that the httpd service is running, use the following command:
sudo systemctl status httpd
If the service is active and running, you should see a similar output:
● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-12-07 14:24:15 UTC; 2s ago
Next, we need to configure the firewall to allow HTTP and HTTPS traffic. If you have firewalld enabled, run the following commands:
sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload
Installing MariaDB Server
SysPass supports MySQL or MariaDB as the database backend. In this tutorial, we will install and use MariaDB. To install MariaDB on Rocky Linux, run the following command:
sudo dnf install mariadb-server
After the installation is complete, start and enable the MariaDB service:
sudo systemctl start mariadb sudo systemctl enable mariadb
To verify that the MariaDB service is running, use the following command:
sudo systemctl status mariadb
If the service is active and running, you should see a similar output:
● mariadb.service - MariaDB 10.6.5 database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-12-07 14:24:15 UTC; 2s ago
Next, we need to secure the MariaDB installation by running the mysql_secure_installation command:
sudo mysql_secure_installation
This command will prompt you to configure several options, such as setting the root password, disabling remote login for the root user, and removing the anonymous user and test database. Follow the prompts and answer accordingly to secure your MariaDB installation.
Installing PHP
SysPass requires PHP 7.4 to be installed on your Rocky Linux server. We will install PHP and its necessary extensions using the REMI repository.
First, install the REMI repository by running the following command:
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
Next, enable the PHP 7.4 module by running the following command:
sudo dnf module enable php:remi-7.4
After enabling the PHP module, install PHP and its extensions by running the following command:
sudo dnf install -y php php-pear php-cgi php-cli php-common php-gd php-json php-mysql php-readline php-curl php-intl php-ldap php-mcrypt php-xml php-mbstring php-zip
Once the installation is complete, open the PHP configuration file for editing:
sudo nano /etc/php.ini
In the configuration file, locate the following settings and modify them accordingly:
post_max_size = 120M upload_max_filesize = 120M max_execution_time = 6000 memory_limit = 256M date.timezone = Europe/Stockholm
Save the file and exit the editor. Next, restart the httpd service for the changes to take effect:
sudo systemctl restart httpd
Installing Composer
Composer is a dependency management tool for PHP that SysPass uses to manage its PHP dependencies. To install Composer on Rocky Linux, follow these steps:
- Download the Composer installer by running the following command:
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
- Verify the installation by running the following command:
sudo -u apache composer -v
If Composer is installed successfully, you should see the version number displayed.
Installing SysPass Password Manager
Now that we have all the necessary components installed, we can proceed with the installation of SysPass Password Manager.
- Install the git and unzip packages by running the following command:
sudo dnf install git unzip -y
- Clone the SysPass source code from the GitHub repository to the
/var/www/syspassdirectory:
git clone https://github.com/nuxsmin/sysPass.git /var/www/syspass
- Set the correct ownership and permissions for the SysPass installation directory:
sudo chown -R apache:apache /var/www/syspass sudo chmod 750 /var/www/syspass/app/config /var/www/syspass/app/backup
- Create a cache directory for Composer and set the ownership to the
apacheuser:
sudo mkdir -p /usr/share/httpd/.cache sudo chown -R apache:apache /usr/share/httpd/.cache
- Switch to the SysPass installation directory and install the PHP dependencies using Composer:
cd /var/www/syspass sudo-u apache composer install --no-interaction --no-dev
Once the installation is complete, you are ready to proceed with the configuration of SysPass.
Setting up SELinux
If you are running SysPass with SELinux in enforcing mode, you need to add a new SELinux rule to allow the necessary access.
First, make sure the policycoreutils-python-utils package is installed:
sudo dnf install policycoreutils-python-utils -y
Next, add the SELinux policy for SysPass by running the following command:
sudo setsebool -P httpd_can_connect_ldap 1 sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/syspass/app/(config|backup|cache|temp)(/.*)?" sudo restorecon -R -v /var/www/syspass
These commands allow the httpd service to connect to LDAP via the network and label the correct SELinux context for the SysPass source code.
Configuring Httpd Virtual Host
To access SysPass securely over HTTPS, we need to set up a virtual host in the httpd configuration.
Before proceeding, make sure you have SSL certificates and a domain name pointing to your server’s IP address.
- Install the
mod_sslpackage by running the following command:
sudo dnf install mod_ssl -y
- Generate self-signed SSL certificates for your domain by running the following command:
sudo openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key
Make sure to replace localhost.crt and localhost.key with the appropriate filenames for your domain.
- Create a new virtual host configuration file for SysPass:
sudo nano /etc/httpd/conf.d/syspass.conf
- Add the following configuration to the file, replacing
syspass.example.iowith your domain name:
<VirtualHost *:80>
ServerName syspass.example.io
ServerAdmin webmaster@localhost
DocumentRoot /var/www/syspass
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName syspass.example.io
ServerAdmin webmaster@localhost
DocumentRoot /var/www/syspass
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Save the file and exit the editor.
- Verify the httpd configuration:
sudo apachectl configtest
If the configuration is valid, you should see the message Syntax OK.
- Restart the httpd service to apply the new configuration:
sudo systemctl restart httpd
SysPass Password Manager Configuration
Now it’s time to configure SysPass and set it up for use.
- Open your web browser and visit the domain name of your SysPass installation (e.g.,
https://syspass.example.io). - Create a new admin user and password for SysPass. Choose a strong password that is easy to remember.
- On the database configuration page, enter
rootas the database username and your MariaDB root password. The database name will be automatically created by the SysPass installer. - Optionally, you can change the default installation language to your preferred language.
- Click on the “INSTALL” button to start the SysPass installation.
Once the installation is complete, you will be redirected to the SysPass login page. Enter the admin user and password you created earlier to access the SysPass Password Manager dashboard.
From the dashboard, you can manage users, groups, import passwords from CSV files or Keepass databases, and configure authentication via LDAP.
Conclusion
In this tutorial, we have walked you through the process of setting up SysPass Password Manager on a Rocky Linux server. We have covered the installation of the necessary components, including the Apache web server, MariaDB database server, and PHP. Additionally, we have shown you how to configure SysPass and secure your installation with SSL certificates.
With SysPass installed and configured, you can now enjoy the benefits of centralized and collaborative password management. SysPass provides advanced profile management, multi-user support, and integration with other applications. It is a powerful tool to enhance the security and efficiency of password management in your organization.
If you are looking for reliable and scalable cloud hosting solutions, consider Shape.host’s Linux SSD VPS services. Shape.host offers high-performance virtual private servers with SSD storage, ensuring fast and reliable hosting for your SysPass installation. Visit Shape.host for more information and discover how they can empower your business with efficient and secure cloud hosting solutions.
