How to Install Passbolt on Ubuntu 24.04

How to Install Passbolt on Ubuntu 24.04

Welcome to our step-by-step guide on installing Passbolt CE (Community Edition) on Ubuntu 24.04! In an era where cybersecurity is more important than ever, managing passwords securely is essential. Passbolt CE is an open-source password manager designed to protect sensitive credentials while enabling secure sharing within teams.

This guide provides clear instructions for both IT professionals and tech enthusiasts looking to set up Passbolt CE on Ubuntu 24.04. Whether you’re securing personal data or enhancing team password management, follow along to ensure a smooth installation.

Prerequisites

Before diving into the installation, ensure you have the following:

  • An Ubuntu 24.04 VPS
  • At least 2GB of RAM
  • SSH root access or a system user with sudo privileges
  • A functional SMTP server for email notifications

Step 1: Update System Packages

Start by logging into your Ubuntu 24.04 VPS via SSH:

ssh root@IP_Address -p Port_number

Replace IP_Address and Port_number with your server’s details. If you’re not using the root account, replace root with your sudo user’s username.

Once logged in, update your system packages:

sudo apt-get update -y && sudo apt-get upgrade -y

Step 2: Install Nginx Web Server

Passbolt requires a web server, and we’ll use Nginx. Install Nginx with:

sudo apt install nginx -y

Enable and start the Nginx service:

sudo systemctl enable nginx
sudo systemctl start nginx

Verify the installation:

sudo systemctl status nginx

Step 3: Install MariaDB Database Server

Password managers rely on a database to store their data. Install MariaDB:

sudo apt install mariadb-server mariadb-client -y

Enable and start MariaDB:

sudo systemctl enable mariadb
sudo systemctl start mariadb

Verify the installation:

sudo systemctl status mariadb

Step 4: Install PHP and Required Extensions

Passbolt is built on PHP, so install PHP and its necessary extensions:

sudo apt install php php-{fpm,mysql,common,cli,opcache,readline,mbstring,xml,gd,curl,imagick,gnupg,ldap,imap,zip,bz2,intl,gmp} -y

Step 5: Create a Database for Passbolt

Log into the MariaDB console:

sudo mysql -u root

Create a database and user:

CREATE DATABASE passbolt;
CREATE USER 'passbolt'@'localhost' IDENTIFIED BY 'YourStrongPasswordHere';
GRANT ALL PRIVILEGES ON passbolt.* TO 'passbolt'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Replace YourStrongPasswordHere with a strong, unique password.


Step 6: Clone the Passbolt GitHub Repository

Install Git and set the correct ownership:

sudo apt install git -y
sudo chown -R www-data:www-data /var/www/

Clone the Passbolt repository:

cd /var/www/
sudo -u www-data git clone https://github.com/passbolt/passbolt_api.git

Navigate to the Passbolt directory and install Composer:

cd /var/www/passbolt_api/
sudo apt install composer -y

Install PHP dependencies:

sudo -u www-data composer install --no-dev

Step 7: Generate an OpenPGP Key

Install haveged for better entropy generation:

sudo apt install haveged -y

Generate a GPG key:

sudo -u www-data gpg --quick-gen-key --pinentry-mode=loopback 'YourFirstName YourLastName <[email protected]>' default default never

Export the keys:

sudo -u www-data gpg --armor --export-secret-keys [email protected] > /var/www/passbolt_api/config/gpg/serverkey_private.asc
sudo -u www-data gpg --armor --export [email protected] > /var/www/passbolt_api/config/gpg/serverkey.asc

Retrieve the fingerprint:

sudo -u www-data gpg --list-keys

Step 8: Configure Passbolt

Navigate to the Passbolt directory:

cd /var/www/passbolt_api

Copy and edit the configuration file:

sudo cp config/passbolt.default.php config/passbolt.php
sudo nano config/passbolt.php

Update the following sections:

  • Base URL:
  'fullBaseUrl' => 'https://passbolt.yourdomain.com',
  • Datasource Configuration:
  'database' => 'passbolt',
  'username' => 'passbolt',
  'password' => 'YourStrongPasswordHere',
  • Email Configuration:
  'host' => 'yourSMTPHostname.com',
  'username' => 'yourSMTPUser',
  'password' => 'yourSMTPPassword',
  'tls' => true,
  • GPG Configuration:
  'fingerprint' => 'YOUR_GPG_FINGERPRINT',
  'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
  'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',

Save and exit the file (CTRL + X, then Y and Enter).


Step 9: Run the Passbolt Installation Script

Execute the installation script:

sudo su -s /bin/bash -c "/var/www/passbolt_api/bin/cake passbolt install --force" www-data

Follow the prompts to create an admin account.


Step 10: Configure Nginx for Passbolt

Create an Nginx configuration file:

sudo nano /etc/nginx/conf.d/passbolt.conf

Insert the following configuration:

server {
    listen 80;
    server_name passbolt.yourdomain.com;
    root /var/www/passbolt_api/webroot/;
    index index.php;
    location / { try_files $uri $uri/ /index.php?$query_string; }
    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Test the configuration and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

Step 11: Secure with Let’s Encrypt SSL

Install Certbot:

sudo apt install python3-certbot-nginx -y


Obtain an SSL certificate:

sudo certbot --nginx

Follow the prompts to set up SSL and enable HTTP to HTTPS redirection.


Conclusion
Congratulations! Passbolt CE is now installed and secured with SSL on your Ubuntu 24.04 server. Access it via https://passbolt.yourdomain.com and complete the setup in your browser. Enjoy seamless and secure password management!

If you have difficulties with this installation admins will help you with any aspect. You must sign up for one of our monthly management or per-incident server support plans. Do not hesitate to contact us anytime you want. We are available 24/7.

If you liked this post, please share it with your friends or leave a comment below. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *