Migrate an existing Passbolt PRO to a new Red Hat server
This document describes how to migrate an existing passbolt to a new Red Hat server.
For this tutorial, you will need:
- Passbolt installed on an old server
- A minimal Red Hat 8 new server
Backup the existing data
Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.
Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.
Don’t delete the existing instance yet!
Prepare the new Red Hat server
Package repository setup
For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.
Step 1. Download our dependencies installation script:
Step 2. Download our SHA512SUM for the installation script:
Step 3. Ensure that the script is valid and execute it:
sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
Install passbolt official linux package
sudo dnf install passbolt-pro-server
During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:
Importing GPG key 0xC155581D: Userid : "Passbolt SA package signing key <[email protected]>" Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D From : https://download.passbolt.com/pub.key
MariaDB / Nginx / SSL settings
Passbolt PRO RPM package on Red Hat 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.
You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.
Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.
passbolt-configure tool and answer to the questions:
================================================================ Do you want to configure a local mariadb server on this machine? ================================================================ 1) yes 2) no #?
Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.
If you chose yes, answer the questions:
======================================================= Please enter a new password for the root database user: ======================================================= MariaDB Root Password: **** MariaDB Root Password (verify): **** ====================================================== Please enter a name for the passbolt database username ====================================================== Passbolt database user name:passboltuser ======================================================= Please enter a new password for the mysql passbolt user ======================================================= MariaDB passbolt user password: **** MariaDB passbolt user password (verify): **** ============================================== Please enter a name for the passbolt database: ============================================== Passbolt database name:passboltdb
On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.
You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.
================== Install Haveged ? ================== 1) yes 2) no #?
Please enter the domain name under which passbolt will run.
Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.
If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.
========= Hostname: passbolt.domain.tld =========
3 available choices for SSL configuration:
- manual: Prompts for the path of user uploaded ssl certificates and set up nginx
- auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
- none: Do not setup HTTPS at all
================== Setting up SSL... ================== 1) manual 2) auto 3) none #?
If you choose 1, you will be prompted for the full path of your certificates:
Enter the path to the SSL certificate: /path/to/certs/cert.pem Enter the path to the SSL privkey: /path/to/certs/key.pem
Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.
=============================================================== Installation is almost complete. Please point your browser to https://passbolt.domain.tld to complete the process ===============================================================
Load the backup files into the new Red Hat server, for the following tasks we will consider that the backup files are in your user home directory
You should have:
Your subscription key
- the private and public GPG key
- Your database dump
- The avatar archive file
passbolt-avatars.tar.gzif you are coming from Passbolt prior to 3.2
Step 1. Create the subscription key file
You received your subscription key by email, copy it as
/etc/passbolt/subscription_key.txt on your server.
Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:
sudo mv ~/backup/passbolt.php /etc/passbolt sudo chown nginx:nginx /etc/passbolt/passbolt.php sudo chmod 440 /etc/passbolt/passbolt.php
Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:
sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc sudo chmod 440 /etc/passbolt/gpg/serverkey.asc sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)
sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
Step 5. Load the database
mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
Step 6. Migrate passbolt to the latest version
sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
Step 7. Test passbolt
Try to access your passbolt application with your browser.
If you are encountering any issues, you can run the following command to assess the status of your instance:
sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
This article was last updated on November 26th, 2021.