-
Notifications
You must be signed in to change notification settings - Fork 364
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Passbolt password manager (#462)
- Loading branch information
Showing
7 changed files
with
763 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
# Install and setup instructions for Passbolt | ||
|
||
- [Introduction](#introduction) | ||
- [Installation](#installation) | ||
- [Setup first admin user](#setup-first-admin-user) | ||
- [Setup Android Mobile App](#setup-android-mobile-app) | ||
- [Acknowledgment / Troubleshoot](#acknowledgment--troubleshoot) | ||
|
||
|
||
## Introduction | ||
|
||
[Passbolt](https://www.passbolt.com) is an open source password manager with [MariaDB](https://mariadb.com) backend. | ||
|
||
## Installation | ||
|
||
### Pre-Installation Steps | ||
|
||
Create directorys: | ||
``` | ||
sudo mkdir /portainer/Files/AppData/Config/passbolt && \ | ||
sudo mkdir /portainer/Files/AppData/Config/passbolt/certs | ||
``` | ||
|
||
Generate a proper Self-signed certificate. Type in the code below and change it to your needs: | ||
``` | ||
sudo openssl req -x509 \ | ||
-newkey rsa:4096 \ | ||
-days 120 \ | ||
-subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \ | ||
-nodes \ | ||
-addext "subjectAltName = DNS:passbolt.domain.tld" \ | ||
-keyout /portainer/Files/AppData/Config/passbolt/certs/key.pem \ | ||
-out /portainer/Files/AppData/Config/passbolt/certs/cert.pem | ||
``` | ||
|
||
This command will output two files: **key.pem** and **cert.pem**. | ||
|
||
Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. | ||
|
||
You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName. `Example: IP:127.0.0.1` | ||
|
||
### Install the App Template. | ||
|
||
Goto App Templates and click on "Passbolt". Change Configuration to your needs: | ||
- **PUID** (Enter your user's PUID here) | ||
- **PGID** (Enter your user's PGID here) | ||
- **TZ** (Enter your time zone here. See examples [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)) | ||
- **MYSQL_ROOT_PASSWORD** (Enter your MySql root password here) | ||
- **MYSQL_DATABASE** (Enter your Passbolt database name here) | ||
- **MYSQL_USER** (Enter your Passbolt database user here) | ||
- **MYSQL_PASSWORD** (Enter your Passbolt database password here) | ||
- **PASSBOLT_PORT** (Enter your Passbolt https port here) | ||
- **PASSBOLT_URL** (Enter your full Passbolt https base URL here. Including port if different from 443) | ||
- **EMAIL_FROM_NAME** (Enter your from email name) | ||
- **EMAIL_FROM_ADDRESS** (Enter your from email address) | ||
- **EMAIL_SMTP_SERVER** (Enter your email smtp server here) | ||
- **EMAIL_SMTP_PORT** (Enter your email smtp port here) | ||
- **EMAIL_USERNAME** (Enter your email username here) | ||
- **EMAIL_PASSWORD** (Enter your email password here) | ||
- **EMAIL_TLS** (Enter set TLS here) | ||
|
||
## Setup first admin user | ||
|
||
Go into Passbolt container console. Type in the code below and change it to your needs: | ||
``` | ||
su -s /bin/bash -c "./bin/cake \ | ||
passbolt register_user \ | ||
-u [email protected] \ | ||
-f yourfirstname \ | ||
-l yourlastname \ | ||
-r admin" www-data | ||
``` | ||
After that you get something like this: | ||
``` | ||
____ __ ____ | ||
/ __ \____ _____ ____/ /_ ____ / / /_ | ||
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ | ||
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / / | ||
/_/ \__,_/____/____/_.___/\____/_/\__/ | ||
Open source password manager for teams | ||
------------------------------------------------------------------------------- | ||
User saved successfully. | ||
To start registration follow the link provided in your mailbox or here: | ||
https://passbolt.local/setup/start/9fb7180d-b44b-41bf-bf77-8c5ab23e8cbc/966ce549-18ec-4b12-9171-9a1bb2f1a393 | ||
``` | ||
Now you should get an email. Open it and click on `get starded`. | ||
|
||
If you do not get an email: | ||
- Double check configuration above | ||
- Have a look into your spam folder | ||
- Copy the url above and paste it in browser | ||
|
||
You may have to accept self signed certificate and/or install Passbolt browser add-on. | ||
|
||
Proceed with `Welcome to Passbolt, please select a passphrase!`. | ||
|
||
## Setup Android Mobile App | ||
|
||
### Import certificate on mobile application | ||
[How to import SSL certificate on mobile application](https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile) | ||
|
||
### Transfer your account key | ||
In your desktop browser go to log in to Passbolt, navigate to `your user > Mobile Transfer` and follow the steps. | ||
|
||
|
||
## Acknowledgment / Troubleshoot | ||
- Help: [Docker passbolt installation](https://help.passbolt.com/hosting/install/ce/docker) | ||
- Help: [iOS / Android Mobile FAQ](https://help.passbolt.com/faq/hosting/mobile-faq) | ||
- Help: [How to import SSL certificate on mobile application](https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile) | ||
- Help: [Troubleshoot SSL](https://help.passbolt.com/faq/hosting/troubleshoot-ssl) | ||
- GitHub: [https://github.com/passbolt/passbolt_docker](https://github.com/passbolt/passbolt_docker) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
version: "3.9" | ||
services: | ||
passbolt-db: | ||
container_name: passbolt-db | ||
environment: | ||
PUID: ${PUID} | ||
PGID: ${PGID} | ||
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} | ||
MYSQL_DATABASE: ${MYSQL_DATABASE} | ||
MYSQL_USER: ${MYSQL_USER} | ||
MYSQL_PASSWORD: ${MYSQL_PASSWORD} | ||
hostname: passbolt-db | ||
image: linuxserver/mariadb:arm64v8-latest | ||
networks: | ||
- passbolt_default | ||
restart: unless-stopped | ||
volumes: | ||
- /portainer/Files/AppData/Config/passbolt/db:/config | ||
|
||
passbolt: | ||
container_name: passbolt | ||
command: | ||
[ | ||
"/usr/bin/wait-for.sh", | ||
"-t", | ||
"0", | ||
"passbolt-db:3306", | ||
"--", | ||
"/docker-entrypoint.sh", | ||
] | ||
depends_on: | ||
- passbolt-db | ||
environment: | ||
APP_FULL_BASE_URL: ${PASSBOLT_URL} | ||
DATASOURCES_DEFAULT_HOST: passbolt-db | ||
DATASOURCES_DEFAULT_USERNAME: ${MYSQL_USER} | ||
DATASOURCES_DEFAULT_PASSWORD: ${MYSQL_PASSWORD} | ||
DATASOURCES_DEFAULT_DATABASE: ${MYSQL_DATABASE} | ||
EMAIL_DEFAULT_FROM_NAME: ${EMAIL_FROM_NAME} | ||
EMAIL_DEFAULT_FROM: ${EMAIL_FROM_ADDRESS} | ||
EMAIL_TRANSPORT_DEFAULT_HOST: ${EMAIL_SMTP_SERVER} | ||
EMAIL_TRANSPORT_DEFAULT_PORT: ${EMAIL_SMTP_PORT} | ||
EMAIL_TRANSPORT_DEFAULT_USERNAME: ${EMAIL_USERNAME} | ||
EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${EMAIL_PASSWORD} | ||
EMAIL_TRANSPORT_DEFAULT_TLS: ${EMAIL_TLS} | ||
hostname: passbolt | ||
image: passbolt/passbolt:latest-ce | ||
networks: | ||
- passbolt_default | ||
ports: | ||
# - 80:80 | ||
- ${PASSBOLT_PORT}:443 | ||
restart: unless-stopped | ||
volumes: | ||
- /portainer/Files/AppData/Config/passbolt/certs/cert.pem:/etc/ssl/certs/certificate.crt:ro | ||
- /portainer/Files/AppData/Config/passbolt/certs/key.pem:/etc/ssl/certs/certificate.key:ro | ||
- gpg:/etc/passbolt/gpg | ||
- jwt:/etc/passbolt/jwt | ||
|
||
networks: | ||
passbolt_default: | ||
name: passbolt | ||
driver: bridge | ||
|
||
volumes: | ||
gpg: | ||
jwt: |
Oops, something went wrong.