Welcome to our step-by-step guide on installing Passbolt CE (Community Edition) on Ubuntu 24.04! In an era where cybersecurity is more important than ever, managing passwords securely is essential. Passbolt CE is an open-source password manager designed to protect sensitive credentials while enabling secure sharing within teams.
This guide provides clear instructions for both IT professionals and tech enthusiasts looking to set up Passbolt CE on Ubuntu 24.04. Whether you’re securing personal data or enhancing team password management, follow along to ensure a smooth installation.
Prerequisites
Before diving into the installation, ensure you have the following:
- An Ubuntu 24.04 VPS
- At least 2GB of RAM
- SSH root access or a system user with sudo privileges
- A functional SMTP server for email notifications
Step 1: Update System Packages
Start by logging into your Ubuntu 24.04 VPS via SSH:
ssh root@IP_Address -p Port_number
Replace IP_Address
and Port_number
with your server’s details. If you’re not using the root account, replace root
with your sudo user’s username.
Once logged in, update your system packages:
sudo apt-get update -y && sudo apt-get upgrade -y
Step 2: Install Nginx Web Server
Passbolt requires a web server, and we’ll use Nginx. Install Nginx with:
sudo apt install nginx -y
Enable and start the Nginx service:
sudo systemctl enable nginx
sudo systemctl start nginx
Verify the installation:
sudo systemctl status nginx
Step 3: Install MariaDB Database Server
Password managers rely on a database to store their data. Install MariaDB:
sudo apt install mariadb-server mariadb-client -y
Enable and start MariaDB:
sudo systemctl enable mariadb
sudo systemctl start mariadb
Verify the installation:
sudo systemctl status mariadb
Step 4: Install PHP and Required Extensions
Passbolt is built on PHP, so install PHP and its necessary extensions:
sudo apt install php php-{fpm,mysql,common,cli,opcache,readline,mbstring,xml,gd,curl,imagick,gnupg,ldap,imap,zip,bz2,intl,gmp} -y
Step 5: Create a Database for Passbolt
Log into the MariaDB console:
sudo mysql -u root
Create a database and user:
CREATE DATABASE passbolt;
CREATE USER 'passbolt'@'localhost' IDENTIFIED BY 'YourStrongPasswordHere';
GRANT ALL PRIVILEGES ON passbolt.* TO 'passbolt'@'localhost';
FLUSH PRIVILEGES;
EXIT;
Replace YourStrongPasswordHere
with a strong, unique password.
Step 6: Clone the Passbolt GitHub Repository
Install Git and set the correct ownership:
sudo apt install git -y
sudo chown -R www-data:www-data /var/www/
Clone the Passbolt repository:
cd /var/www/
sudo -u www-data git clone https://github.com/passbolt/passbolt_api.git
Navigate to the Passbolt directory and install Composer:
cd /var/www/passbolt_api/
sudo apt install composer -y
Install PHP dependencies:
sudo -u www-data composer install --no-dev
Step 7: Generate an OpenPGP Key
Install haveged
for better entropy generation:
sudo apt install haveged -y
Generate a GPG key:
sudo -u www-data gpg --quick-gen-key --pinentry-mode=loopback 'YourFirstName YourLastName <[email protected]>' default default never
Export the keys:
sudo -u www-data gpg --armor --export-secret-keys [email protected] > /var/www/passbolt_api/config/gpg/serverkey_private.asc
sudo -u www-data gpg --armor --export [email protected] > /var/www/passbolt_api/config/gpg/serverkey.asc
Retrieve the fingerprint:
sudo -u www-data gpg --list-keys
Step 8: Configure Passbolt
Navigate to the Passbolt directory:
cd /var/www/passbolt_api
Copy and edit the configuration file:
sudo cp config/passbolt.default.php config/passbolt.php
sudo nano config/passbolt.php
Update the following sections:
- Base URL:
'fullBaseUrl' => 'https://passbolt.yourdomain.com',
- Datasource Configuration:
'database' => 'passbolt',
'username' => 'passbolt',
'password' => 'YourStrongPasswordHere',
- Email Configuration:
'host' => 'yourSMTPHostname.com',
'username' => 'yourSMTPUser',
'password' => 'yourSMTPPassword',
'tls' => true,
- GPG Configuration:
'fingerprint' => 'YOUR_GPG_FINGERPRINT',
'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',
Save and exit the file (CTRL + X
, then Y
and Enter
).
Step 9: Run the Passbolt Installation Script
Execute the installation script:
sudo su -s /bin/bash -c "/var/www/passbolt_api/bin/cake passbolt install --force" www-data
Follow the prompts to create an admin account.
Step 10: Configure Nginx for Passbolt
Create an Nginx configuration file:
sudo nano /etc/nginx/conf.d/passbolt.conf
Insert the following configuration:
server {
listen 80;
server_name passbolt.yourdomain.com;
root /var/www/passbolt_api/webroot/;
index index.php;
location / { try_files $uri $uri/ /index.php?$query_string; }
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Test the configuration and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
Step 11: Secure with Let’s Encrypt SSL
Install Certbot:
sudo apt install python3-certbot-nginx -y
Obtain an SSL certificate:
sudo certbot --nginx
Follow the prompts to set up SSL and enable HTTP to HTTPS redirection.
Conclusion
Congratulations! Passbolt CE is now installed and secured with SSL on your Ubuntu 24.04 server. Access it via https://passbolt.yourdomain.com
and complete the setup in your browser. Enjoy seamless and secure password management!
If you have difficulties with this installation admins will help you with any aspect. You must sign up for one of our monthly management or per-incident server support plans. Do not hesitate to contact us anytime you want. We are available 24/7.
If you liked this post, please share it with your friends or leave a comment below. Thanks.