- \n
- CentOS 7<\/li>\n
- Root privileges<\/li>\n<\/ul>\n
What we will do?<\/h2>\n
- \n
- Install Dependencies<\/li>\n
- Install and Configure MariaDB Database<\/li>\n
- Install Nginx and PHP-FPM<\/li>\n
- Generate SSL Letsencrypt<\/li>\n
- Configure Nginx and PHP-FPM<\/li>\n
- Download Passbolt and Generate OpenPGP Key<\/li>\n
- Install Passbolt<\/li>\n
- Passbolt Post-Installation<\/li>\n
- Additional\u00a0Security Server Setup<\/li>\n<\/ol>\n
Step 1 – Install Dependencies<\/h2>\n
The first thing that we will do for this guide is to install all package dependencies needed for the Passbolt installation, including installing EPEL and Remi PHP repositories, php composer, gcc etc.<\/p>\n
Add the EPEL repository.<\/p>\n
sudo yum -y install yum-utils epel-release<\/p>\n
Add and enable the Remi PHP repository.<\/p>\n
sudo yum -y install ‘http:\/\/rpms.remirepo.net\/enterprise\/remi-release-7.rpm’
sudo yum-config-manager –enable ‘remi-php72’<\/p>\nNow install packages dependencies composer, git gcc etc using the yum command below.<\/p>\n
sudo yum -y install unzip wget composer policycoreutils-python git gcc<\/p>\n
Wait for all packages installation.<\/p>\n
Step 2 – Install and Configure MySQL\/MariaDB<\/h2>\n
In this step, we will install the MariaDB database and then create a new database and user for Passbolt installation.<\/p>\n
Install MariaDB server using the yum command below.<\/p>\n
sudo yum -y install mariadb-server<\/p>\n
After the installation is complete, start the MariaDB service and enable it to launch everytime at system boot time.<\/p>\n
sudo systemctl start mariadb
sudo systemctl enable mariadb<\/p>\nNow we need to configure the ‘root’ password for MariaDB. Run the ‘mysql_secure_installation’ command below.<\/p>\n
mysql_secure_installation<\/p>\n
Type your new root password.<\/p>\n
![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7.png\" "\\"\\"")
<\/a><\/p>\nAnd the MariaDB root password has been configured.<\/p>\n
Next, login to the MySQL shell using the ‘root’ user.<\/p>\n
mysql -u root -p<\/p>\n
Create a new database and user named ‘passbolt’ with password ‘hakase-labs’, run MySQL queries below.<\/p>\n
create database passbolt;
grant all on passbolt.* to ‘passbolt’@’localhost’ identified by ‘hakase-labs’;
flush privileges;
quit;<\/p>\n![\"Create](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-1.png\" "\\"\\"")
<\/a><\/p>\nThe MariaDB server has been installed on CentOS 7 server, and the database for ‘Passbolt’ installation has been created.<\/p>\n
Step 3 – Install Nginx and PHP-FPM<\/h2>\n
After installing the MariaDB server, we will install Nginx from the EPEL repository, and PHP-FPM packages using the Remi repository.<\/p>\n
Install Nginx web server.<\/p>\n
sudo yum -y install nginx<\/p>\n
After the installation is complete, start the Nginx service and enable it to launch everytime at system boot.<\/p>\n
sudo systemctl start nginx
sudo systemctl enable nginx<\/p>\n![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-2.png\" "\\"\\"")
<\/a><\/p>\nNow install PHP-FPM with all extensions needed using the yum command below.<\/p>\n
sudo yum -y install php-fpm php-intl php-gd php-mysql php-mcrypt php-pear php-devel php-mbstring php-fpm gpgme-devel<\/p>\n
And if the installation is complete, start the PHP-FPM service and enable it launch everytime at system boot.<\/p>\n
sudo systemctl start php-fpm
sudo systemctl enable php-fpm<\/p>\n![\"Start](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-3.png\" "\\"\\"")
<\/a><\/p>\nThe Nginx web server and PHP-FPM has been installed.<\/p>\n
Step 4 – Generate SSL Letsencrypt<\/h2>\n
Install the certbot tool on the system.<\/p>\n
sudo yum -y install certbot<\/p>\n
Now stop the nginx service.<\/p>\n
sudo systemctl stop nginx<\/p>\n
And generate SSL Letsencrypt for the passbolt domain name ‘passbolt.hakase.io’.<\/p>\n
Run the certbot command below.<\/p>\n
sudo certbot certonly –standalone –agree-tos –no-eff-email –email [email\u00a0protected]<\/a> -d passbolt.hakase.io<\/p>\n
The certbot tool will run a temporary web server for the verification.<\/p>\n
And when it’s complete, you will get your certificate on the ‘\/etc\/letsencrypt\/live\/’ directory.<\/p>\n
Step 5 – Configure Nginx and PHP-FPM<\/h2>\n
In this step, we will configure the Nginx web server by creating a new virtual host configuration for the Passbolt, and configure the PHP-FPM and install the PHP GnuPG support.<\/p>\n
Configure PHP-FPM<\/h3>\n
Go to the ‘\/etc\/php-fpm.d’ directory and edit the default pool configuration ‘www.conf’ using\u00a0vim<\/a> editor.<\/p>\n
cd \/etc\/php-fpm.d\/
sudo vim www.conf<\/p>\nChange the default user and group to the ‘nginx’ user.<\/p>\n
user = nginx \ngroup = nginx<\/pre>\n
Change the port listen for PHP-FPM to the sock file as below.<\/p>\n
listen = \/var\/run\/php-fpm\/php-fpm.sock<\/pre>\n
Uncomment those lines below and change listen.owner and listen.group for the sock file to ‘nginx’.<\/p>\n
listen.owner = nginx \nlisten.group = nginx \nlisten.mode = 0660<\/pre>\n
Save and exit.<\/p>\n
Now we need to change the owner of the PHP session directory and install the PHP GnuPG extension support.<\/p>\n
Change the permission of php session directory.<\/p>\n
sudo chgrp nginx \/var\/lib\/php\/session<\/p>\n
Install the PHP GnuPG extension using the pecl command and activate it.<\/p>\n
sudo pecl install gnupg
echo “extension=gnupg.so” > \/etc\/php.d\/gnupg.ini<\/p>\n![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-4.png\" "\\"\\"")
<\/a><\/p>\nThe PHP GnuPG extension has been installed.<\/p>\n
Configure Nginx Virtual Host<\/h3>\n
Go to the ‘\/etc\/nginx\/conf.d’ directory and create a new virtual host file ‘passbolt.conf’.<\/p>\n
cd \/etc\/nginx\/conf.d\/
sudo vim passbolt.conf<\/p>\nPaste configurations below.<\/p>\n
server { listen 443; server_name passbolt.hakase.io; ssl on; ssl_certificate \/etc\/letsencrypt\/live\/passbolt.hakase.io\/fullchain.pem; ssl_certificate_key \/etc\/letsencrypt\/live\/passbolt.hakase.io\/privkey.pem; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_session_tickets off; root \/var\/www\/passbolt; location \/ { try_files $uri $uri\/ \/index.php?$args; index index.php; } location ~ \\.php$ { fastcgi_index index.php; fastcgi_pass unix:\/var\/run\/php-fpm\/php-fpm.sock; fastcgi_split_path_info ^(.+\\.php)(.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $http_host; } location ~* \\.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\\d)$ { access_log off; log_not_found off; try_files $uri \/webroot\/$uri \/index.php?$args; } \n}<\/pre>\nSave and exit.<\/p>\n
Test the nginx configuration and make sure there is no error.<\/p>\n
sudo nginx -t<\/p>\n
Now restart both Nginx and PHP-FPM services.<\/p>\n
sudo systemctl restart nginx
sudo systemctl restart php-fpm<\/p>\n![\"Configure](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-5.png\" "\\"\\"")
<\/a><\/p>\nConfigurations of Nginx web server and PHP-FPM has been completed successfully.<\/p>\n
Step 6 – Download Passbolt and Generate OpenPGP Key<\/h2>\n
In this step, we will download the passbolt web application and generate a new OpenPGP key that will be used for the Passbolt API.<\/p>\n
Go to the ‘\/var\/www’ directory and clone the passbolt web application.<\/p>\n
cd \/var\/www\/
git clone https:\/\/github.com\/passbolt\/passbolt_api.git passbolt\/<\/p>\n![\"Download](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-6.png\" "\\"\\"")
<\/a><\/p>\nNow install the ‘haveged’ package and start the service.<\/p>\n
sudo yum -y install haveged
sudo systemctl start haveged<\/p>\nGenerate a new OpenPGP key using the gpg command below.<\/p>\n
gpg –gen-key<\/p>\n
Type your details such as email, the expiration days etc.<\/p>\n
![\"Generate](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-7.png\" "\\"\\"")
<\/a><\/p>\nNote:<\/strong><\/p>\n
- \n
- The PHP GnuPG extensions don’t support the OpenPGP Key passphrase, so let the passphrase stay blank.
<\/strong><\/li>\n<\/ul>\nAfter it’s complete, check all key available and write down the ‘fingerprint’ of your key.<\/p>\n
gpg –list-keys –fingerprint<\/p>\n
![\"List](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-8.png\" "\\"\\"")
<\/a><\/p>\nNow export the public and private key to the ‘\/var\/www\/passbolt’ directory.<\/p>\n
gpg –armor –export-secret-keys [email\u00a0protected]<\/a> > \/var\/www\/passbolt\/config\/gpg\/serverkey_private.asc
gpg –armor –export [email\u00a0protected]<\/a> > \/var\/www\/passbolt\/config\/gpg\/serverkey.asc<\/p>\nAnd change all those keys permission and owner of the ‘\/var\/www\/passbolt’ directory.<\/p>\n
sudo chmod 640 \/var\/www\/passbolt\/config\/gpg\/serverkey*
sudo chown -R\u00a0 nginx:nginx \/var\/www\/passbolt<\/p>\n![\"Chown](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-9.png\" "\\"\\"")
<\/a><\/p>\nThe Passbolt web application has been downloaded, and the OpenPGP key has been created.<\/p>\n
Step 7 – Install Passbolt<\/h2>\n
Before installing all dependencies for ‘Passbolt’, we need to initialize keyring of gpg key for nginx user.<\/p>\n
Run the command below.<\/p>\n
sudo su -s \/bin\/bash -c “gpg –list-keys” nginx<\/p>\n
Now login to the ‘nginx’ user and go to the ‘\/var\/www\/passbolt’ directory.<\/p>\n
su -s \/bin\/bash nginx
cd \/var\/www\/passbolt\/<\/p>\n![\"Install](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-10.png\" "\\"\\"")
<\/a><\/p>\nInstall all passbolt dependencies using the composer command below.<\/p>\n
composer install –no-dev<\/p>\n
![\"Composer](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-11.png\" "\\"\\"")
<\/a><\/p>\nWhen it’s complete, copy the default config file of the app and edit it with vim<\/a>.<\/p>\n
cp config\/passbolt.default.php config\/passbolt.php
vim config\/passbolt.php<\/p>\nIn the ‘App’ section, change the domain name with your own domain name.<\/p>\n
'App' => [ \/\/ A base URL to use for absolute links. \/\/ The url where the passbolt instance will be reachable to your end users. \/\/ This information is need to render images in emails for example 'fullBaseUrl' => 'https:\/\/passbolt.hakase.io', ],<\/pre>\n
In the ‘Datasources’ configuration, type your details database info.<\/p>\n
\/\/ Database configuration. 'Datasources' => [ 'default' => [ 'host' => 'localhost', \/\/'port' => 'non_standard_port_number', 'username' => 'passbolt', 'password' => 'hakase-labs', 'database' => 'passbolt', ], ],<\/pre>\n
Under the database configuration, add a new ‘ssl’ configuration to force all connection to secure https.<\/p>\n
'ssl' => [ 'force' => true, ],<\/pre>\n
For the SMTP mail configuration, change everything with your details.<\/p>\n
\/\/ Email configuration. 'EmailTransport' => [ 'default' => [ 'host' => 'localhost', 'port' => 25, 'username' => 'user', 'password' => 'secret', \/\/ Is this a secure connection? true if yes, null if no. 'tls' => null, \/\/'timeout' => 30, \/\/'client' => null, \/\/'url' => null, ], ], 'Email' => [ 'default' => [ \/\/ Defines the default name and email of the sender of the emails. 'from' => ['[email\u00a0protected]<\/a>_organization.com' => 'Passbolt'], \/\/'charset' => 'utf-8', \/\/'headerCharset' => 'utf-8', ], ],<\/pre>\n
And lastly, paste the ‘fingerprint’ of your OpenPGP key and uncomment those public and private configuraiton lines.<\/p>\n
'serverKey' => [ \/\/ Server private key fingerprint. 'fingerprint' => '63BA4EBB65126A6BE334075DD210E985E2ED02E5', 'public' => CONFIG . 'gpg' . DS . 'serverkey.asc', 'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc', ],<\/pre>\n
Save and exit.<\/p>\n
![\"Passbolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-12.png\" "\\"\\"")
<\/a><\/p>\nNow install ‘Passbolt’ using the command below.<\/p>\n
.\/bin\/cake passbolt install<\/p>\n
You will be asked to create a new admin user and password – type your details.<\/p>\n
![\"cake](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-13.png\" "\\"\\"")
<\/a><\/p>\nAnd in the end, you will be given the ‘registration’ link, write it down on your note.<\/p>\n
Step 8 – Passbolt Post-Installation<\/h2>\n
Open your web browser and install the ‘Passbolt’ extensions of your web browser.<\/p>\n
Following is the link of passbolt extension for Chrome browser. Install the extension.<\/p>\n
https:\/\/chrome.google.com\/webstore\/detail\/passbolt-extension<\/a><\/p>\n
Now open a new tab and paste the ‘registration’ link given to the address bar. Mine was:<\/p>\n
https:\/\/passbolt.hakase.io\/setup\/install\/b830cc87-1aa5-4f6f-95f4-9be21accdefa\/103001a4-39a1-4bb9-866c-822ac0f7c76f<\/strong><\/em><\/p>\n
And you will a page similar to the one shown below.<\/p>\n
![\"Passbolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-14.png\" "\\"\\"")
<\/a><\/p>\nCheck the box on the bottom and click the ‘Next’ button. Now you will be asked for creating a new key for the user.<\/p>\n
![\"Create](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-15.png\" "\\"\\"")
<\/a><\/p>\nClick ‘Next’ button.<\/p>\n
Setup the ‘Passphrase’, type your strong passphrase.<\/p>\n
![\"Set](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-16.png\" "\\"\\"")
<\/a><\/p>\nClick ‘Next’ button. Backup your key by pressing the ‘Download’ button and click ‘Next’ again.<\/p>\n
![\"Download](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-17.png\" "\\"\\"")
<\/a><\/p>\nFor the security token, leave it default and click ‘Next’.<\/p>\n
![\"Set](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-18.png\" "\\"\\"")
<\/a><\/p>\nAnd you will be redirected to the Passbolt login page.<\/p>\n
![\"Passbolt](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-19.png\" "\\"\\"")
<\/a><\/p>\nType your ‘Passphrase’ and click ‘Login’. And you will see the Passbolt user Dashboard as below.<\/p>\n
![\"Welcome](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-20.png\" "\\"\\"")
<\/a><\/p>\nPassbolt open source password manager installation on CentOS 7 has been completed successfully.<\/p>\n
Step 9 – Additional Security Server Setup<\/h2>\n
– Setup the Firewalld<\/strong><\/h3>\n
Open new HTTP, HTTPS, and SMTP ports on the server.<\/p>\n
sudo firewall-cmd –add-service=http –permanent
sudo firewall-cmd –add-service=https –permanent
sudo firewall-cmd –add-service=smtp –permanent<\/p>\nNow reload the firewalld configuration.<\/p>\n
sudo firewall-cmd –reload<\/p>\n
– Setup Selinux Permission<\/h3>\n
Permission for the ‘Passbolt’ webroot directory.<\/p>\n
sudo semanage fcontext -a -t httpd_sys_content_t ‘\/var\/www(\/.*)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘\/var\/www\/passbolt\/tmp(\/.*)?’
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘\/var\/www\/passbolt\/logs(\/.*)?’
sudo restorecon -Rv \/var\/www<\/p>\nPermission for the Nginx gnupg keyring directory.<\/p>\n
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘\/var\/lib\/nginx\/.gnupg(\/.*)?’
sudo restorecon -Rv \/var\/lib\/nginx\/.gnupg<\/p>\nReference<\/h2>\n
\nAbout Muhammad Arul<\/strong><\/p>\n
Muhammad Arul is a freelance system administrator and technical writer. He is working with Linux Environments for more than 5 years, an Open Source enthusiast and highly motivated on Linux installation and troubleshooting. Mostly working with RedHat\/CentOS Linux and Ubuntu\/Debian, Nginx and Apache web server, Proxmox, Zimbra Administration, and Website Optimization. Currently learning about OpenStack and Container Technology.<\/p>\n<\/div>\n
\nShare this page:<\/b><\/p>\n
\n
![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-21.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-22.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-23.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/11\/how-to-install-passbolt-self-hosted-password-manager-on-centos-7-24.png\" "\\"\\"")
<\/a>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"Passbolt is a free and open source password manager for teams. It allows team members to store and share credentials\/password securely. Passbolt is created with PHP and can be run under the LEMP stack or run as docker container. In this tutorial, we will show you step-by-step install and configure open source password manager ‘Passbolt’ […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-7200","post","type-post","status-publish","format-standard","hentry","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/7200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=7200"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/7200\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=7200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=7200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=7200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- The PHP GnuPG extensions don’t support the OpenPGP Key passphrase, so let the passphrase stay blank.
![\"Install](\"https:\/\/www.howtoforge.com\/images\/how_to_install_passbolt_self_hosted_password_manager_on_centos_7\/big\/1.png\" "\\"\\"")
<\/a><\/p>\n