Help Search

Migrate an existing Passbolt CE to a new Debian server

This document describes how to migrate an existing passbolt to a new Debian server.

Pre-requisites

For this tutorial, you will need:

  • Passbolt installed on an old server
  • A minimal Debian 11 new server

Backup the existing data

Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

Don’t delete the existing instance yet!

Prepare the new Debian server

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt CE and install it.

Step 1. Download our dependencies installation script:

wget https://raw.githubusercontent.com/passbolt/passbolt-dep-scripts/main/passbolt-repo-setup.ce.sh

Step 2. Ensure that the script is valid and execute it:

[ "$(sha256sum passbolt-repo-setup.ce.sh | awk '{print $1}')" = "ce96ab921e2fa448d48da018e3be0e9646791629dffb13707bbc49b55c739490" ] && sudo bash ./passbolt-repo-setup.ce.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.ce.sh

Install passbolt official linux package

sudo apt install passbolt-ce-server

Configure mariadb

If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create an empty mariadb database for passbolt to use.

Configure database dialog fig. Configure database dialog

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. You will find the root password on the server in the file /root/.mysql_credentials.

Database admin user dialog fig. Database admin user dialog
Database admin user pass dialog fig. Database admin user pass dialog

Now we need to create a mariadb user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

Database passbolt user dialog fig. Database passbolt user dialog
Database passbolt user pass dialog fig. Database passbolt user pass dialog

Lastly we need to create a database for passbolt to use, for that we need to name it:

Database name dialog fig. Database name dialog

Configure nginx for serving HTTPS

Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

Migrate data

Load the backup files into the new Debian server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

You should have:

  • the private and public GPG key
  • Your database dump
  • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2

Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown www-data:www-data /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php

Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc

Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public

Step 4. Load the database

mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql

Step 5. Migrate passbolt to the latest version

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

Step 6. Test passbolt

Try to access your passbolt application with your browser.

If you are encountering any issues, you can run the following command to assess the status of your instance:

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

Last updated

This article was last updated on November 2nd, 2021.

Are you experiencing issues when updating passbolt?

Ask the community!

Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

View on github
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!