Upgrade Passbolt docker from v1
This tutorial covers the case where you want to upgrade your current docker installation of passbolt CE v1.x into passbolt CE v2.x.
Upgrade from v1.6.10-debian
Passbolt v2 introduces several changes that are important to keep in mind when upgrading:
Changes: Environment variables
The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables:
DB_USER is now DATASOURCES_DEFAULT_USERNAME DB_HOST is now DATASOURCES_DEFAULT_HOST
There is a more detailed list in passbolt_docker README file.
Changes: Configuration files
No more core.php, email.php or database.php. Any user that does not want to use environment variables must configure passbolt using:
Passbolt will look for for configuration values in
passbolt.php does not exist or the configuration section is not defined on it, passbolt will then look for configuration details in default.php which relies on environment variables/default values.
Gpg config directory has changed slightly its path from:
/var/www/passbolt/app/Config/gpg/ to /var/www/passbolt/config/gpg
Gpg default server key file names also changed:
serverkey.private.asc to serverkey_private.asc
Changes: www user
Passbolt container is now running under the www-data user
Changes: images directory
Path to the images directory is different:
/var/www/passbolt/app/webroot/img/public/images to /var/www/passbolt/webroot/img/public/images
Users must also rename ProfileAvatar to Avatar directory inside public/images in order to see images in passbolt v2
In order to manage the running process in passbolt container we introduced supervisord. Users are now able to restart passbolt container processes using:
$ docker exec passbolt supervisorctl restart <php-fpm|nginx|cron>
Now that we have a better overview of the changes let’s start with the upgrading process!
Backup MariaDB database
First of all is encouraged to backup all the relevant data that is:
- Server public and private keys
You might want to check the detailed backup list for v1
There are multiple ways to backup your database following there is an example using the passbolt container:
$ docker exec passbolt mysqldump -h <db_host> \ -u passbolt \ -pP4ssb0lt \ passbolt > dump.sql
This will output a dump.sql file on the host machine.
Backup images directory
If you are mounting the images directory using a bind mount just copy the host image directory in a safe location. If you are using docker volumes to persist your images directory, or not persisting the images directory at all, you can execute the following to copy your images to the host machine.
$ docker cp passbolt:/var/www/app/webroot/img/public public_images_backup
This will output a public_images_directory with the images stored in the passbolt container.
Backup gpg keys
As with the previous section you can proceed exactly the same with the gpg keys:
$ docker cp passbolt:/var/www/app/Config/gpg/ gpg_keys_backup
This will output a gpg_keys_backup directory with the contents of the gpg configuration folder of passbolt.
1. Getting and running passbolt container
Passbolt containers follow the following tagging:
For convenience we also provide a latest tag for Passbolt containers. Throughout these documented procedures we make use of the latest tag so users will get the last version of passbolt. However, it is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.
Get passbolt latest docker container:
$ docker pull passbolt/passbolt:latest
Upgrade using latest v1 version (1.6.10)
Passbolt v2 will run the database migrations if needed when starting up. Users just need to provide the gpg keys, configuration files/env variables and images. Following some examples:
Using host bind mounts
Users that use host bind mounts from host machine into docker file must adjust paths of the mounted files:
In the following snippet:
- passbolt_images_dir: path to a host directory that contains passbolt images Avatar directory.
- gpg_host_dir: path to a host directory that contains serverkey.asc and serverkey_private.asc
$ docker run --name passbolt --net passbolt_network \ --mount type=bind, \ source=<passbolt_images_dir>,\ target=/var/www/passbolt/webroot/img \ --mount type=bind, \ source=<gpg_host_dir>, \ target=/var/www/passbolt/config/gpg \ -p 443:443 \ -p 80:80 \ -e DATASOURCES_DEFAULT_HOST=mariadb \ -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \ -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \ -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \ -e APP_FULL_BASE_URL=https://mydomain.com \ passbolt/passbolt:latest
Using docker volumes
Users that use docker volumes should adjust their volumes paths.
$ docker run --name passbolt --net passbolt_network \ --mount source=<passbolt_images_volume>,\ target=/var/www/passbolt/webroot/img \ --mount source=<gpg_keys_volume>, \ target=/var/www/passbolt/config/gpg \ -p 443:443 \ -p 80:80 \ -e DATASOURCES_DEFAULT_HOST=mariadb \ -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \ -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \ -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \ -e APP_FULL_BASE_URL=https://mydomain.com \ passbolt/passbolt:latest
This article was last updated on April 10th, 2018.