Help Search

How to configure HTTPS with RPM package

If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.

If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup

MariaDB / Nginx / SSL settings

Passbolt CE RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

Launch passbolt-configure tool and answer to the questions:

sudo /usr/local/bin/passbolt-configure

Nginx

Please enter the domain name under which passbolt will run.

Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

=========
Hostname: passbolt.domain.tld
=========

SSL configuration

3 available choices for SSL configuration:

  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
  • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
  • none: Do not setup HTTPS at all
==================
Setting up SSL...
==================
1) manual
2) auto
3) none
#?

If you choose 1, you will be prompted for the full path of your certificates:

Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

===============================================================
Installation is almost complete. Please point your browser to
  https://passbolt.domain.tld to complete the process
===============================================================

Reload nginx after finish the reconfigure to use the SSL configuration.

sudo systemctl reload nginx

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

And that’s it you should be able to reach your server on the domain you specified.

Last updated

This article was last updated on December 16th, 2021.

Are you experiencing issues when installing passbolt?

Ask the community!
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!