Install Passbolt CE using debian package

1. Install the server components

Repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt CE and install it.

Step 1. Update the apt indexes and install packages to allow apt to use https repositories:

sudo apt-get update
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

Optionally you can install certbot to enable Let’s Encrypt configuration:

sudo apt-get install certbot python3-certbot-nginx

Step 2. Add Passbolt package official GnuPG key:

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 0xDE8B853FC155581D

Step 3. Check that the GPG fingerprint matches 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D

sudo apt-key fingerprint 0xDE8B853FC155581D
pub   rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
      3D1A 0346 C8E1 802F 774A  EF21 DE8B 853F C155 581D
uid           [ unknown] Passbolt SA package signing key <[email protected]>
sub   rsa2048 2020-05-18 [E] [expires: 2022-05-18]

Step 4. Add passbolt repository to your apt lists:

echo  "deb https://download.passbolt.com/ce/debian buster stable" | \
sudo tee /etc/apt/sources.list.d/passbolt.list

Step 5. Update the apt indexes with the new passbolt apt repository:

sudo apt-get update

Install passbolt

By default, passbolt debian package will install Passbolt server component, mariadb-server, php-fpm and nginx as dependencies.

There are two main ways to install the passbolt debian package:

• Interactive: the package will guide the user through a set of questions to setup mariadb and nginx
• Non interactive: no questions will be asked. Useful for users with specific needs or users that want to automate the installation.

Interactive install

In this type of installation the package will assist you with the passbolt installation asking the user some questions:

Install passbolt package

Install the main passbolt server component:

sudo apt-get install passbolt-ce-server

Configure mariadb

If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create an empty mariadb database for passbolt to use.

fig. Configure mariadb dialog

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. By default in most installations the admin username would be root and the password would be empty.

fig. Mariadb admin user dialog

fig. Mariadb admin user pass dialog

Now we need to create a mariadb user with reduced permissions for passbolt to connect. This values will be later asked on the webconfiguration tool of passbolt so please keep them in mind.

fig. Mariadb passbolt user dialog

fig. Mariadb passbolt user pass dialog

Lastly we need to create a database for passbolt to use, for that we need to name it:

fig. Mariadb database name dialog

Configure nginx

Passbolt debian package currently supports the configuration of nginx. It comes with a default configuration that supports:

• Serve passbolt on port 80 (http)
• Serve passbolt on port 443 (https)

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

fig. Configure nginx dialog

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

fig. nginx SSL dialog

You will now need to introduce the name of the domain name assinged to your server:

fig. nginx domain name

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

fig. lets encrypt admin email

If everything goes fine you should see a final message that points you to finish passbolt configuration:

fig. Success message

Non interactive install

This method is useful for automating passbolt installation and for users with specific needs.

sudo DEBIAN_FRONTEND=noninteractive apt-get install passbolt-ce-server

If you don’t want to install mysql locally or you don’t want to use nginx as http server you can run the above command like:

sudo DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends passbolt-ce-server

2. Configure passbolt using the wizard

2. Configure passbolt

Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt can be reached. You will reach a getting started page.

fig. passbolt welcome page before configuration

Two options are available: Manual configuration and Wizard configuration. Choose Wizard configuration.

This tutorial will guide you through the different steps of the wizard. The manual configuration is not covered in this article.

2.1. Healthcheck

The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on “Start configuration” when ready.

fig. wizard - healthcheck

2.2. Database

This step is about telling passbolt which database to use. Enter the host name, port number, database name, username and password.

fig. wizard - database

2.3. GPG key

In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to authenticate itself during the login handshake process.

Generate a key if you don’t have one.

fig. wizard - generate a key pair

Import a key if you already have one and you want your server to use it.

fig. wizard - import a key pair

2.4. Mail server (SMTP)

At this stage, the wizard will ask you to enter the details of your SMTP server.

fig. wizard - smtp mail server details

You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter the email address at which you want the wizard to send you a test email and click on “Send test email”.

fig. wizard - test smtp settings

2.5. Preferences

The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.

fig. wizard - preferences

2.6. First user creation

You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

fig. wizard - first user

2.7. Installation

That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while the configuration process is going on.

fig. wizard - installation

Your user account is now created. You will see a redirection page for a few second and then will be redirected to the user setup process so that you can configure your user account.

fig. wizard - completion and redirection