‍Passbolt is a powerful open-source password manager that allows you to securely store and share passwords within your team or use it as a personal password manager. In this guide, we will walk you through the process of installing Passbolt on a Rocky Linux server. By the end of this article, you will have a fully functional Passbolt installation with PHP-FPM, MariaDB, and Nginx.

Prerequisites

Before we begin, make sure you have the following prerequisites:

• Rocky Linux 8.4 (green obsidian)
• IP Address: 192.168.1.10
• Domain Name: Shape.host

Step 1: Installing Packages and Dependencies

To get started, we need to install some packages and dependencies on our Rocky Linux system. Follow the steps below:

1. Enable the ‘PowerTools’ repository and install the Extra Packages for Enterprise Linux (EPEL) repository:

sudo dnf config-manager --set-enabled powertools
sudo dnf install epel-release -y

2. Enable the PHP 7.4 repository:

sudo dnf module enable php:7.4 -y

3. Install PHP-FPM, MariaDB, Nginx, and additional packages:

sudo dnf install -y nginx mariadb-server mariadb php php-intl php-gd php-mysqlnd php-pear php-devel php-mbstring php-fpm php-json php-ldap gcc gpgme gpgme-devel git policycoreutils-python-utils unzip haveged make gcc

4. Download and install the PHP composer:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
sudo mv composer.phar /usr/bin/composer

5. Install the GnuPG PHP Extensions:

pecl install gnupg

6. Enable the GnuPG PHP Extension:

echo "extension=gnupg.so" > /etc/php.d/gnupg.ini

7. Start and enable the required services:

sudo systemctl enable --now nginx
sudo systemctl enable --now mariadb
sudo systemctl enable --now php-fpm
sudo systemctl enable --now haveged

Step 2: Configuring MariaDB and PHP-FPM

Now that we have installed the necessary packages and dependencies, let’s configure MariaDB and PHP-FPM.

1. Set up the MariaDB root password:

mysql_secure_installation

Follow the prompts to set a new password and secure your MariaDB installation.

2. Edit the PHP configuration file:

nano /etc/php.ini

Uncomment the date.timezone option and set it to your server’s timezone. For example:

date.timezone = Europe/Paris

Save the file and exit.

3. Edit the PHP-FPM configuration file:

nano /etc/php-fpm.d/www.conf

Change the user and group to nginx:

user = nginx
group = nginx

Uncomment the listen.owner and listen.group lines and set them to nginx:

listen.owner = nginx
listen.group = nginx

Save the file and exit.

Restart the PHP-FPM service to apply the changes:

sudo systemctl restart php-fpm

Step 3: Creating a Database for Passbolt

To create a new database for Passbolt, follow these steps:

1. Log in to the MariaDB shell:

mysql -u root -p

2. Create a new database for Passbolt:

CREATE DATABASE passdb;

3. Create a new user and grant privileges to the database:

GRANTALL ON passdb.* to passbolt@localhost IDENTIFIED BY 'PassboltdbPass';

4. Flush the privileges:

FLUSH PRIVILEGES;

Exit the MariaDB shell:

EXIT;

Step 4: Downloading Passbolt and Installing PHP Dependencies

Now, let’s download the Passbolt source code and install the PHP dependencies:

1. Change to the /var/www directory:

cd /var/www

2. Clone the Passbolt source code:

git clone https://github.com/passbolt/passbolt_api.git passbolt

3. Set the ownership of the Passbolt directory to nginx:

sudo chown -R nginx:nginx /var/www/passbolt

4. Move to the Passbolt directory and install the PHP dependencies:

cd /var/www/passbolt
sudo -u nginx composer install --no-dev

Step 5: Generating a GPG Key for Passbolt

In this step, we will generate a GPG key for Passbolt:

1. Generate a new GPG key:

gpg --gen-key

Follow the prompts to input your name, email address, and create a key without a passphrase.

2. Export the GPG key to the Passbolt configuration directory:

gpg --armor --export-secret-keys test@example.com > /var/www/passbolt/config/gpg/serverkey_private.asc
gpg --armor --export test@example.com > /var/www/passbolt/config/gpg/serverkey.asc

Make sure to replace [test@example.com] with your email address.

3. Generate the GNUPG directory for the nginx user:

sudo su -s /bin/bash -c "gpg --list-keys" nginx

Step 6: Configuring Passbolt and Nginx Server Blocks

In this step, we will configure Passbolt and Nginx server blocks:

1. Edit the Passbolt configuration file:

cp config/passbolt.default.php config/passbolt.php
nano config/passbolt.php

Update the fullBaseUrl option with your Passbolt domain name:

'fullBaseUrl' => 'https://pass.example.io',

Change the database configuration to match your MariaDB credentials:

'Datasources' => [
'default' => [
'host' => 'localhost',
'username' => 'passbolt',
'password' => 'PassboltdbPass',
'database' => 'passdb',
],
],

Uncomment the serverKey section and update the fingerprint, public, and private options:

'gpg' => [
'serverKey' => [
'fingerprint' => 'BCD52DF829FF8F9408A2F1B214F31ED1FBEBAD9A',
'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',
],
],

Save the file and exit.

2. Create a new Nginx server block configuration:

nano /etc/nginx/conf.d/passbolt.conf

Copy and paste the following configuration, replacing the domain name and SSL certificate paths:

server {
listen 80;
server_name pass.example.io;
return 302 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
server_name pass.example.io;
root /var/www/passbolt;
ssl_certificate /etc/letsencrypt/live/pass.example.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pass.example.io/privkey.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

location / {
try_files $uri $uri/ /index.php?$args;
index index.php;
}

location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_split_path_info ^(.+\.php)(.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
}

location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
access_log off;
log_not_found off;
try_files $uri /webroot/$uri /index.php?$args;
}
}

Save the file and exit.

Verify the Nginx configuration:

nginx -t

If there are no errors, restart the Nginx service:

sudo systemctl restart nginx

Step 7: Installing Passbolt

Now that everything is set up, we can proceed with the Passbolt installation:

1. Change to the Passbolt directory:

cd /var/www/passbolt

2. Run the Passbolt installation command:

sudo su -s /bin/bash -c "./bin/cake passbolt install" nginx

Follow the prompts to set up an admin user for Passbolt.

Step 8: Accessing Passbolt

You can now access Passbolt from your web browser:

1. Open your web browser and enter your Passbolt installation link:

https://pass.example.io/setup/install/8383584c-2eca-496a-a0ca-4fe35a157d24/fc5ad911-9409-416a-8175-a18cd19dcb20

2. Passbolt will detect your browser and provide a link to download the Passbolt browser extension. Install the extension.
3. Set a strong passphrase for your Passbolt account.
4. Download the Passbolt recovery kit for backup purposes.
5. Choose a color for your Passbolt security token.

You will then be redirected to the Passbolt user dashboard, where you can start managing your passwords.

Conclusion

Congratulations! You have successfully installed Passbolt on Rocky Linux. With Passbolt, you can securely store and share passwords within your team or use it as a personal password manager. Enjoy the benefits of a secure and convenient password management solution.

If you’re looking for reliable and scalable cloud hosting solutions, consider Shape.host. Their Linux SSD VPS offerings are ideal for businesses seeking efficient and secure hosting services.