- docker: https://docs.docker.com/get-docker/
- docker-compose: https://docs.docker.com/compose/install/
- A Linux user able to run docker commands without sudo
- a working SMTP server for email notifications
- a working NTP service to avoid GPG authentication issues
The easiest and recommended way to deploy your passbolt stack is to use docker-compose.
Step 1. Download our docker-compose.yml example file
wget https://download.passbolt.com/pro/docker/docker-compose-pro.yaml wget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-pro-SHA512SUM.txt
Step 2. Ensure the file has not been corrupted by verifying its shasum
$ sha512sum -c docker-compose-pro-SHA512SUM.txt
Step 3. Create a
subscription_key.txt file containing your subscription key.
Step 4. Configure environment variables in docker-compose-pro.yaml file to customize your instance.
APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.
Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.
You must configure also SMTP settings to be able to receive notifications and recovery emails. Please find below the most used environment variables for this purpose:
|Variable name||Description||Default value|
|EMAIL_DEFAULT_FROM_NAME||From email username||
|EMAIL_DEFAULT_FROM||From email address||
|EMAIL_TRANSPORT_DEFAULT_USERNAME||Username for email server auth||
|EMAIL_TRANSPORT_DEFAULT_PASSWORD||Password for email server auth||
For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.
Step 5. Start your containers
docker-compose -f docker-compose-pro.yaml up -d
Step 6. Create first admin user
$ docker-compose -f docker-compose-pro.yaml exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \ passbolt register_user \ -u <[email protected]> \ -f <yourname> \ -l <surname> \ -r admin" -s /bin/sh www-data
It will output a link similar to the below one that can be pasted on the browser to finalize user registration:
At this point, you should have a working docker setup running on the latest tag. However, it is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.
- How to configure SMTP to receive emails
- How to configure HTTPS with my own certificates in docker
- How to configure HTTPS with Let’s Encrypt in docker
- How to use rootless images
- Troubleshoot Docker
- Passbolt reference environment variables
- Docker Secrets
Passbolt docker repository:
This article was last updated on February 6th, 2023.