How to configure HTTPS with RPM package
If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup
MariaDB / Nginx / SSL settings
Passbolt CE RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.
You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.
Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.
Launch passbolt-configure
tool and answer to the questions:
sudo /usr/local/bin/passbolt-configure
Nginx
Please enter the domain name under which passbolt will run.
Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.
If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.
=========
Hostname: passbolt.domain.tld
=========
SSL configuration
3 available choices for SSL configuration:
- manual: Prompts for the path of user uploaded ssl certificates and set up nginx
- auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
- none: Do not setup HTTPS at all
==================
Setting up SSL...
==================
1) manual
2) auto
3) none
#?
If you choose 1, you will be prompted for the full path of your certificates:
Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem
Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.
===============================================================
Installation is almost complete. Please point your browser to
https://passbolt.domain.tld to complete the process
===============================================================
Reload nginx after finish the reconfigure to use the SSL configuration.
sudo systemctl reload nginx
Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.
And that’s it you should be able to reach your server on the domain you specified.
Last updated
This article was last updated on December 16th, 2021.