Installing Passbolt on Linux (Debian 10) 🌱

  1. Log into the Debian device
  2. Run the following commands in a terminal:
    # update software repositories
    sudo apt update
    # install available updates
    sudo apt upgrade -y
    # install some dependencies
    sudo apt install git composer apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y
    # install Apache HTTPD and MySQL
    sudo apt install apache2 mariadb-server mariadb-client -y
    # install PHP components
    sudo apt install php7.3 libapache2-mod-php7.3 php-imagick php-gnupg php7.3-common php7.3-mysql php7.3-fpm php7.3-ldap php7.3-gd php7.3-imap php7.3-json php7.3-curl php7.3-zip php7.3-xml php7.3-mbstring php7.3-bz2 php7.3-intl php7.3-gmp php7.3-xsl -y
    # configure the MySQL database
    sudo su
    mysql_secure_installation
  3. Press Enter to login as root
  4. Type Y and press Enter to set a root password, type the password twice to confirm
  5. Type Y and press Enter to remove anonymous users
  6. Type Y and press Enter to disallow root login remotely
  7. Type Y and press Enter to remove the test database
  8. Type Y and press Enter to reload privilege tables
  9. Run the following command to login into MySQL:
    mysql -u root -p
  10. Authenticate with the root password set earlier
  11. Run the following commands to create the Passbolt database and database user
    CREATE DATABASE passbolt DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
    GRANT ALL ON passbolt.* TO 'passboltuser'@'localhost' IDENTIFIED BY 'Pa$$b0lt!!';
    FLUSH PRIVILEGES;
    EXIT;
    exit
  12. Continue with the following commands to download and extract Passbolt in the Apache webroot
    cd /var/www
    # clone passbolt from github
    sudo git clone https://github.com/passbolt/passbolt_api.git
    # rename extracted folder passbolt
    sudo mv /var/www/passbolt* /var/www/passbolt
    # set the owner of the new passbolt directory to www-data
    sudo chown -R www-data:www-data /var/www/passbolt
    # setup composer working directory
    sudo mkdir /var/www/.composer
    sudo chown -R www-data:www-data /var/www/.composer
    cd /var/www/passbolt
    # install dependencies with composer, answer y to default permissions
    sudo -u www-data composer install --no-dev
    # generate a key pair
    gpg --gen-key
  13. Enter a name and email address
  14. Type O for Okay > Press Enter
  15. When prompted, leave the passwords blank
  16. Continue the installation with the following commands in terminal
    # export the private key, replace email with the email used to create the key pair above
    gpg --armor --export-secret-keys i12bretro@i12bretro.local | sudo tee /var/www/passbolt/config/gpg/serverkey_private.asc > /dev/null
    # export the public key, replace email with the email used to create the key pair above
    gpg --armor --export i12bretro@i12bretro.local | sudo tee /var/www/passbolt/config/gpg/serverkey.asc > /dev/null
    # setup gnupg working directory
    sudo mkdir /var/www/.gnupg
    sudo chown -R www-data:www-data /var/www/.gnupg
    # initialize the keyring for www-data
    sudo su -s /bin/bash -c "gpg --list-keys" www-data
    # create a copy of the configuration template file
    cd /var/www/passbolt/
    sudo cp config/passbolt.default.php config/passbolt.php
    # display the GPG key fingerprint, update the email to what was used above, copy the output to the clipboard
    gpg --list-keys --fingerprint | grep -i -B 2 'i12bretro@i12bretro.local'
    # edit the passbolt config file
    sudo nano config/passbolt.php
  17. Press CTRL + W and search for fullBaseUrl
  18. Update the URL to http://DNSorIP/passbolt
  19. Press CTRL + W and search for Database configuration
  20. Update the database connection information

    host: localhost
    username: passboltuser
    password: Pa$$b0lt!!
    database: passbolt

  21. Press CTRL + W and search for Email configuration
  22. Update the email server configuration and default sender account
  23. Press CTRL + W and search for fingerprint
  24. Paste the fingerprint from the clipboard
  25. Remove all spaces from the fingerprint
  26. Uncomment the public and private lines below the fingerprint by deleting //
  27. Press CTRL + W and search for passbolt
  28. Paste the following after the 'passbolt' => [ line to disable the SSL requirement
    'ssl' => [
    'force' => false,
    ],
  29. Press CTRL+O, Enter, CTRL+X to write the changes to passbolt.php
  30. Continue the installation with the following commands
    # create a passbolt apache2 config
    sudo nano /etc/apache2/sites-available/passbolt.conf
  31. Paste the following configuration into passbolt.conf

    Alias /passbolt /var/www/passbolt/webroot
    <Directory /var/www/passbolt/webroot>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
    </Directory>

  32. Press CTRL+O, Enter, CTRL+X to write the changes to passbolt.conf
  33. Run the following command to enable the passbolt site
    # enable apache modules
    sudo a2enmod headers rewrite
    # enable the passbolt site
    sudo a2ensite passbolt.conf
    # restart the apache2 service
    sudo systemctl restart apache2
  34. Run the following command to run the passbolt installer
    sudo su -s /bin/bash -c "./bin/cake passbolt install --force" www-data
  35. When prompted, enter an email address, first name and last name to create an account
  36. Copy the URL output after the installation completes
  37. Open a web browser
  38. Install the Passbolt browser extension
  39. With the Passbolt extension installed, navigate to the URL copied from the output of the install script
  40. The Passbolt setup screen should be displayed
  41. Enter a passphrase to use for the account
  42. Save the recovery and store it in a safe place > Click the Next button
  43. Set a color and 3 letter security token > Click the Next button
  44. Welcome to self-hosted Passbolt Password Vault