Passbolt is a powerful open-source password manager that allows you to securely store and share passwords within your team or use it as a personal password manager. In this guide, we will walk you through the process of installing Passbolt on a Rocky Linux server. By the end of this article, you will have a fully functional Passbolt installation with PHP-FPM, MariaDB, and Nginx.
Prerequisites
Before we begin, make sure you have the following prerequisites:
- Rocky Linux 8.4 (green obsidian)
- IP Address: 192.168.1.10
- Domain Name: Shape.host
Step 1: Installing Packages and Dependencies
To get started, we need to install some packages and dependencies on our Rocky Linux system. Follow the steps below:
- Enable the ‘PowerTools’ repository and install the Extra Packages for Enterprise Linux (EPEL) repository:
sudo dnf config-manager --set-enabled powertools sudo dnf install epel-release -y
- Enable the PHP 7.4 repository:
sudo dnf module enable php:7.4 -y
- Install PHP-FPM, MariaDB, Nginx, and additional packages:
sudo dnf install -y nginx mariadb-server mariadb php php-intl php-gd php-mysqlnd php-pear php-devel php-mbstring php-fpm php-json php-ldap gcc gpgme gpgme-devel git policycoreutils-python-utils unzip haveged make gcc
- Download and install the PHP composer:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php sudo mv composer.phar /usr/bin/composer
- Install the GnuPG PHP Extensions:
pecl install gnupg
- Enable the GnuPG PHP Extension:
echo "extension=gnupg.so" > /etc/php.d/gnupg.ini
- Start and enable the required services:
sudo systemctl enable --now nginx sudo systemctl enable --now mariadb sudo systemctl enable --now php-fpm sudo systemctl enable --now haveged
Step 2: Configuring MariaDB and PHP-FPM
Now that we have installed the necessary packages and dependencies, let’s configure MariaDB and PHP-FPM.
- Set up the MariaDB root password:
mysql_secure_installation
Follow the prompts to set a new password and secure your MariaDB installation.
- Edit the PHP configuration file:
nano /etc/php.ini
Uncomment the date.timezone
option and set it to your server’s timezone. For example:
date.timezone = Europe/Paris
Save the file and exit.
- Edit the PHP-FPM configuration file:
nano /etc/php-fpm.d/www.conf
Change the user and group to nginx
:
user = nginx group = nginx
Uncomment the listen.owner
and listen.group
lines and set them to nginx
:
listen.owner = nginx listen.group = nginx
Save the file and exit.
Restart the PHP-FPM service to apply the changes:
sudo systemctl restart php-fpm
Step 3: Creating a Database for Passbolt
To create a new database for Passbolt, follow these steps:
- Log in to the MariaDB shell:
mysql -u root -p
- Create a new database for Passbolt:
CREATE DATABASE passdb;
- Create a new user and grant privileges to the database:
GRANTALL ON passdb.* to passbolt@localhost IDENTIFIED BY 'PassboltdbPass';
- Flush the privileges:
FLUSH PRIVILEGES;
Exit the MariaDB shell:
EXIT;
Step 4: Downloading Passbolt and Installing PHP Dependencies
Now, let’s download the Passbolt source code and install the PHP dependencies:
- Change to the
/var/www
directory:
cd /var/www
- Clone the Passbolt source code:
git clone https://github.com/passbolt/passbolt_api.git passbolt
- Set the ownership of the Passbolt directory to
nginx
:
sudo chown -R nginx:nginx /var/www/passbolt
- Move to the Passbolt directory and install the PHP dependencies:
cd /var/www/passbolt sudo -u nginx composer install --no-dev
Step 5: Generating a GPG Key for Passbolt
In this step, we will generate a GPG key for Passbolt:
- Generate a new GPG key:
gpg --gen-key
Follow the prompts to input your name, email address, and create a key without a passphrase.
- Export the GPG key to the Passbolt configuration directory:
gpg --armor --export-secret-keys test@example.com > /var/www/passbolt/config/gpg/serverkey_private.asc gpg --armor --export test@example.com > /var/www/passbolt/config/gpg/serverkey.asc
Make sure to replace [test@example.com]
with your email address.
- Generate the GNUPG directory for the
nginx
user:
sudo su -s /bin/bash -c "gpg --list-keys" nginx
Step 6: Configuring Passbolt and Nginx Server Blocks
In this step, we will configure Passbolt and Nginx server blocks:
- Edit the Passbolt configuration file:
cp config/passbolt.default.php config/passbolt.php nano config/passbolt.php
Update the fullBaseUrl
option with your Passbolt domain name:
'fullBaseUrl' => 'https://pass.example.io',
Change the database configuration to match your MariaDB credentials:
'Datasources' => [
'default' => [
'host' => 'localhost',
'username' => 'passbolt',
'password' => 'PassboltdbPass',
'database' => 'passdb',
],
],
Uncomment the serverKey
section and update the fingerprint, public
, and private
options:
'gpg' => [
'serverKey' => [
'fingerprint' => 'BCD52DF829FF8F9408A2F1B214F31ED1FBEBAD9A',
'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',
],
],
Save the file and exit.
- Create a new Nginx server block configuration:
nano /etc/nginx/conf.d/passbolt.conf
Copy and paste the following configuration, replacing the domain name and SSL certificate paths:
server { listen 80; server_name pass.example.io; return 302 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name pass.example.io; root /var/www/passbolt; ssl_certificate /etc/letsencrypt/live/pass.example.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pass.example.io/privkey.pem; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; location / { try_files $uri $uri/ /index.php?$args; index index.php; } location ~ \.php$ { fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm/www.sock; fastcgi_split_path_info ^(.+\.php)(.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $http_host; } location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ { access_log off; log_not_found off; try_files $uri /webroot/$uri /index.php?$args; } }
Save the file and exit.
Verify the Nginx configuration:
nginx -t
If there are no errors, restart the Nginx service:
sudo systemctl restart nginx
Step 7: Installing Passbolt
Now that everything is set up, we can proceed with the Passbolt installation:
- Change to the Passbolt directory:
cd /var/www/passbolt
- Run the Passbolt installation command:
sudo su -s /bin/bash -c "./bin/cake passbolt install" nginx
Follow the prompts to set up an admin user for Passbolt.
Step 8: Accessing Passbolt
You can now access Passbolt from your web browser:
- Open your web browser and enter your Passbolt installation link:
https://pass.example.io/setup/install/8383584c-2eca-496a-a0ca-4fe35a157d24/fc5ad911-9409-416a-8175-a18cd19dcb20
- Passbolt will detect your browser and provide a link to download the Passbolt browser extension. Install the extension.
- Set a strong passphrase for your Passbolt account.
- Download the Passbolt recovery kit for backup purposes.
- Choose a color for your Passbolt security token.
You will then be redirected to the Passbolt user dashboard, where you can start managing your passwords.
Conclusion
Congratulations! You have successfully installed Passbolt on Rocky Linux. With Passbolt, you can securely store and share passwords within your team or use it as a personal password manager. Enjoy the benefits of a secure and convenient password management solution.
If you’re looking for reliable and scalable cloud hosting solutions, consider Shape.host. Their Linux SSD VPS offerings are ideal for businesses seeking efficient and secure hosting services.