Welcome to our step-by-step guide on installing Passbolt CE (Community Edition) on Ubuntu 24.04! In an era where cybersecurity is more important than ever, managing passwords securely is essential. Passbolt CE is an open-source password manager designed to protect sensitive credentials while enabling secure sharing within teams.
This guide provides clear instructions for both IT professionals and tech enthusiasts looking to set up Passbolt CE on Ubuntu 24.04. Whether you’re securing personal data or enhancing team password management, follow along to ensure a smooth installation.
Prerequisites
Before diving into the installation, ensure you have the following:
- An Ubuntu 24.04 VPS
- At least 2GB of RAM
- SSH root access or a system user with sudo privileges
- A functional SMTP server for email notifications
Step 1: Update System Packages
Start by logging into your Ubuntu 24.04 VPS via SSH:
ssh root@IP_Address -p Port_numberReplace IP_Address and Port_number with your server’s details. If you’re not using the root account, replace root with your sudo user’s username.
Once logged in, update your system packages:
sudo apt-get update -y && sudo apt-get upgrade -yStep 2: Install Nginx Web Server
Passbolt requires a web server, and we’ll use Nginx. Install Nginx with:
sudo apt install nginx -yEnable and start the Nginx service:
sudo systemctl enable nginx
sudo systemctl start nginxVerify the installation:
sudo systemctl status nginxStep 3: Install MariaDB Database Server
Password managers rely on a database to store their data. Install MariaDB:
sudo apt install mariadb-server mariadb-client -yEnable and start MariaDB:
sudo systemctl enable mariadb
sudo systemctl start mariadbVerify the installation:
sudo systemctl status mariadbStep 4: Install PHP and Required Extensions
Passbolt is built on PHP, so install PHP and its necessary extensions:
sudo apt install php php-{fpm,mysql,common,cli,opcache,readline,mbstring,xml,gd,curl,imagick,gnupg,ldap,imap,zip,bz2,intl,gmp} -yStep 5: Create a Database for Passbolt
Log into the MariaDB console:
sudo mysql -u rootCreate a database and user:
CREATE DATABASE passbolt;
CREATE USER 'passbolt'@'localhost' IDENTIFIED BY 'YourStrongPasswordHere';
GRANT ALL PRIVILEGES ON passbolt.* TO 'passbolt'@'localhost';
FLUSH PRIVILEGES;
EXIT;Replace YourStrongPasswordHere with a strong, unique password.
Step 6: Clone the Passbolt GitHub Repository
Install Git and set the correct ownership:
sudo apt install git -y
sudo chown -R www-data:www-data /var/www/Clone the Passbolt repository:
cd /var/www/
sudo -u www-data git clone https://github.com/passbolt/passbolt_api.gitNavigate to the Passbolt directory and install Composer:
cd /var/www/passbolt_api/
sudo apt install composer -yInstall PHP dependencies:
sudo -u www-data composer install --no-devStep 7: Generate an OpenPGP Key
Install haveged for better entropy generation:
sudo apt install haveged -yGenerate a GPG key:
sudo -u www-data gpg --quick-gen-key --pinentry-mode=loopback 'YourFirstName YourLastName <[email protected]>' default default neverExport the keys:
sudo -u www-data gpg --armor --export-secret-keys [email protected] > /var/www/passbolt_api/config/gpg/serverkey_private.asc
sudo -u www-data gpg --armor --export [email protected] > /var/www/passbolt_api/config/gpg/serverkey.ascRetrieve the fingerprint:
sudo -u www-data gpg --list-keysStep 8: Configure Passbolt
Navigate to the Passbolt directory:
cd /var/www/passbolt_apiCopy and edit the configuration file:
sudo cp config/passbolt.default.php config/passbolt.php
sudo nano config/passbolt.phpUpdate the following sections:
- Base URL:
'fullBaseUrl' => 'https://passbolt.yourdomain.com',- Datasource Configuration:
'database' => 'passbolt',
'username' => 'passbolt',
'password' => 'YourStrongPasswordHere',- Email Configuration:
'host' => 'yourSMTPHostname.com',
'username' => 'yourSMTPUser',
'password' => 'yourSMTPPassword',
'tls' => true,- GPG Configuration:
'fingerprint' => 'YOUR_GPG_FINGERPRINT',
'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',Save and exit the file (CTRL + X, then Y and Enter).
Step 9: Run the Passbolt Installation Script
Execute the installation script:
sudo su -s /bin/bash -c "/var/www/passbolt_api/bin/cake passbolt install --force" www-dataFollow the prompts to create an admin account.
Step 10: Configure Nginx for Passbolt
Create an Nginx configuration file:
sudo nano /etc/nginx/conf.d/passbolt.confInsert the following configuration:
server {
listen 80;
server_name passbolt.yourdomain.com;
root /var/www/passbolt_api/webroot/;
index index.php;
location / { try_files $uri $uri/ /index.php?$query_string; }
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}Test the configuration and reload Nginx:
sudo nginx -t
sudo systemctl reload nginxStep 11: Secure with Let’s Encrypt SSL
Install Certbot:
sudo apt install python3-certbot-nginx -y
Obtain an SSL certificate:
sudo certbot --nginxFollow the prompts to set up SSL and enable HTTP to HTTPS redirection.
Conclusion
Congratulations! Passbolt CE is now installed and secured with SSL on your Ubuntu 24.04 server. Access it via https://passbolt.yourdomain.com and complete the setup in your browser. Enjoy seamless and secure password management!
If you have difficulties with this installation admins will help you with any aspect. You must sign up for one of our monthly management or per-incident server support plans. Do not hesitate to contact us anytime you want. We are available 24/7.
If you liked this post, please share it with your friends or leave a comment below. Thanks.
