{"id":9224,"date":"2021-06-26T21:52:15","date_gmt":"2021-06-26T18:52:15","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9224"},"modified":"2024-03-18T20:14:57","modified_gmt":"2024-03-18T17:14:57","slug":"install-passbolt-password-manager-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-passbolt-password-manager-on-rocky-linux-8\/","title":{"rendered":"Install Passbolt Password Manager on Rocky Linux 8"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to install Passbolt password manager on Rocky Linux 8.&nbsp;<a href=\"https:\/\/www.passbolt.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Passbolt<\/a>&nbsp;is is a free, open source, self-hosted, extensible, OpenPGP based password manager that enables teams to securely store their personal as well as share their common credentials. It is available both a subscription based and community edition. This tutorial focuses on the setup of community edition.<\/p>\n\n\n\n<p>As of this writing, there is no official guide release for setting up Passbolt on Rocky Linux 8. As such, we are going to install Passbolt from the source code.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install Passbolt on Rocky Linux 8<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install a fresh Vanilla Rocky Linux 8 server.<\/li>\n\n\n\n<li>Allocate the server at least 2 GB RAM and 2 vCPUs<\/li>\n\n\n\n<li>A resolvable hostname or IP address of your server.<\/li>\n\n\n\n<li>Install LEMP\/LAMP stack on Rocky Linux 8<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Install LAMP\/LEMP Stack on Rocky Linux 8<\/h3>\n\n\n\n<p>Assuming that the first three prerequisites mentioned above have been met, proceed to install LEMP\/LAMP stack on Rocky Linux 8 server.<\/p>\n\n\n\n<p>Note that Passbolt is written in PHP and hence, it requires either a LEMP or a LAMP stack to run.<\/p>\n\n\n\n<p>Follow either of the links below to set up LAMP or LEMP stack on Rocky Linux 8.<\/p>\n\n\n\n<p><strong>Ensure that you install PHP 7.4.<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-lemp-stack-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install LEMP Stack on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-lamp-stack-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install LAMP Stack on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><strong>In this tutorial, we are using LAMP stack to run Passbolt.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>php -v<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>PHP 7.4.6 (cli) (built: May 12 2020 08:09:15) ( NTS )\nCopyright (c) The PHP Group\nZend Engine v3.4.0, Copyright (c) Zend Technologies\n    with Zend OPcache v7.4.6, Copyright (c), by Zend Technologies<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Create Passbolt Database and Database User<\/h3>\n\n\n\n<p>Login to MariaDB\/MySQL database server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mysql<\/code><\/pre>\n\n\n\n<p>The above command assumes that your MySQL\/MariaDB database is using&nbsp;<code><strong>unix_socket<\/strong><\/code>&nbsp;for authentication and that you are executing the command as a root user. If you are not root and have sudo rights, simply use;&nbsp;<code><strong>sudo mysql -u root<\/strong><\/code>. Otherwise, you can just use&nbsp;<code><strong>mysql -u root -p<\/strong><\/code>&nbsp;command.<\/p>\n\n\n\n<p><strong>Replace the name of the database, the database user username and password as you see fit.<\/strong><\/p>\n\n\n\n<p>Create Passbolt database that supports non latin characters and emojis.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>CREATE DATABASE passbolt CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;<\/code><\/pre>\n\n\n\n<p>Create a Passbolt database user and grant all privileges on the Passbolt database.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>grant all on passbolt.* to passman@localhost identified by 'p@SSw0rd123';<\/code><\/pre>\n\n\n\n<p>Reload privileges tables and quit database;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>flush privileges;\nquit<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install Other Required dependencies<\/h3>\n\n\n\n<p>To successfully install and run Passbolt, there are other tools and PHP extensions that are required.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Install additional PHP modules\/extensions<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install php-intl php-gd php-mysqli php-json php-pear php-devel php-mbstring git make unzip wget mod_ssl openssl<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Enable PHP Gnupg Extension on Rocky Linux<\/h4>\n\n\n\n<p>Passbolt requires PHP Gnupg extension enabled to successfully install. Hence, PHP Gnupg extension can be enabled on Rocky Linux as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf config-manager --set-enabled powertools<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install gpgme gpgme-devel<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pecl install gnupg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"extension=gnupg.so\" &gt;&gt; \/etc\/php.ini<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Install PHP Composer on Rocky Linux 8<\/h4>\n\n\n\n<p>Install PHP Composer on Rocky Linux 8 by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-php-composer-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/kifarunix.com\/install-php-composer-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install PHP Composer on Rocky Linux 8<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Clone Passbolt Github Repository to Apache Web Root Directory<\/h3>\n\n\n\n<p>Since we are going to install Passbolt from the source, you need to clone its Gtihub repository to your web root directory.<\/p>\n\n\n\n<p>In this tutorial, we are using&nbsp;<code><strong>\/var\/www\/passbolt<\/strong><\/code>&nbsp;as the web root directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone https:\/\/github.com\/passbolt\/passbolt_api.git \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<p>Since we are using Apache as the web server, you need to set the ownership (user and group) of the Passbolt web root directory to Apache user and group;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R apache: \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<p>Also create Composer cache directory and assign ownership to apache user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/usr\/share\/httpd\/.cache\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R apache: \/usr\/share\/httpd\/.cache\/<\/code><\/pre>\n\n\n\n<p>Next, navigate to Passbolt web root directory and install other required dependencies using&nbsp;<code>composer<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<p>Run composer as the non privileged user. In this case, we use the owner of the Passbolt directory (Apache web user, apache).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u apache composer install --no-dev<\/code><\/pre>\n\n\n\n<p>During the installation, you are prompted on whether to adjust directories permissions. Accept and continue.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>&gt; App\\Console\\Installer::postInstall\nCreated `config\/app.php` file\nCreated `\/var\/www\/passbolt\/logs` directory\nCreated `\/var\/www\/passbolt\/tmp\/cache\/models` directory\nCreated `\/var\/www\/passbolt\/tmp\/cache\/persistent` directory\nCreated `\/var\/www\/passbolt\/tmp\/cache\/views` directory\nCreated `\/var\/www\/passbolt\/tmp\/sessions` directory\nCreated `\/var\/www\/passbolt\/tmp\/tests` directory\nSet Folder Permissions ? (Default to Y) [Y,n]? y\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Generate OpenPGP Key for Authenticating JSON Requests<\/h3>\n\n\n\n<p>In order to authenticate and sign outgoing JSON requests, Passbolt API uses PGP keys. Therefore, run the command below to generate the keys;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>gpg --full-generate-key<\/code><\/pre>\n\n\n\n<p>When prompted for the passphrase,&nbsp;<strong>DO NOT<\/strong>&nbsp;set it. Just press ENTER and confirm that you don\u2019t want to set it. Also,&nbsp;<strong>do not set the expiration date.<\/strong><\/p>\n\n\n\n<p>Replace&nbsp;<strong>YOUR_NAME<\/strong>&nbsp;and&nbsp;<strong>YOUR_EMAIL_ID<\/strong>&nbsp;with your name and email id.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Please select what kind of key you want:\n   (1) RSA and RSA (default)\n   (2) DSA and Elgamal\n   (3) DSA (sign only)\n   (4) RSA (sign only)\n  (14) Existing key from card\nYour selection? 1\nRSA keys may be between 1024 and 4096 bits long.\nWhat keysize do you want? (3072) 4096\nRequested keysize is 4096 bits\nPlease specify how long the key should be valid.\n         0 = key does not expire\n      <n>  = key expires in n days\n      <n>w = key expires in n weeks\n      <n>m = key expires in n months\n      <n>y = key expires in n years\nKey is valid for? (0) 0\nKey does not expire at all\nIs this correct? (y\/N) y\n\nGnuPG needs to construct a user ID to identify your key.\n\nReal name: YOUR_NAME\nEmail address: ENTER_YOUR_EMAIL_ID\nComment: \nYou selected this USER-ID:\n    \"YOUR_NAME <your_email_id>\"\n\nChange (N)ame, (C)omment, (E)mail or (O)kay\/(Q)uit? O\n...\ngpg: \/root\/.gnupg\/trustdb.gpg: trustdb created\ngpg: key 505EFE2707BC4A9F marked as ultimately trusted\ngpg: directory '\/root\/.gnupg\/openpgp-revocs.d' created\ngpg: revocation certificate stored as '\/root\/.gnupg\/openpgp-revocs.d\/9E968F508E35DDE61A819F59505EFE2707BC4A9F.rev'\npublic and secret key created and signed.\n\npub   rsa4096 2021-06-25 [SC]\n      9E968F508E35DDE61A819F59505EFE2707BC4A9F\nuid                      Kifarunix <admin@kifarunix.com>\nsub   rsa4096 2021-06-25 [E]\n<\/admin@kifarunix.com><\/your_email_id><\/n><\/n><\/n><\/n><\/code><\/pre>\n\n\n\n<p>Note the Key fingerprint and save it somewhere as it will be needed later in the setup.<\/p>\n\n\n\n<p>Export and store both public and private keys on Passbolt configuration directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>gpg --armor --export-secret-keys <strong>YOUR_EMAIL_ID<\/strong> &gt; \/var\/www\/passbolt\/config\/gpg\/serverkey_private.asc<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>gpg --armor --export <strong>YOUR_EMAIL_ID<\/strong> &gt; \/var\/www\/passbolt\/config\/gpg\/serverkey.asc<\/code><\/pre>\n\n\n\n<p>Next, initialize the gpg keyring for the Apache web server user so that Passbolt authentication can work.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/usr\/share\/httpd\/.gnupg &amp;&amp; chown -R apache: \/usr\/share\/httpd\/.gnupg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod 700 \/usr\/share\/httpd\/.gnupg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo su -s \/bin\/bash -c \"gpg --list-keys\" apache<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring Passbolt on Rocky Linux 8<\/h3>\n\n\n\n<p>Copy the sample Passbolt configuration file renaming it as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp \/var\/www\/passbolt\/config\/passbolt{.default,}.php<\/code><\/pre>\n\n\n\n<p>Next, open the configuration file for modification;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/www\/passbolt\/config\/passbolt.php<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Set the Application URL<\/h4>\n\n\n\n<p>Set the application url to the web address for your Passbolt app by replacing the value of the&nbsp;<code><strong>fullBaseUrl<\/strong><\/code>&nbsp;parameter appropriately.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>        \/\/ 'fullBaseUrl' =&gt; 'https:\/\/www.passbolt.test',\n<strong>        'fullBaseUrl' =&gt; 'https:\/\/passbolt.kifarunix-demo.com',<\/strong><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Define Database Connection settings<\/h4>\n\n\n\n<p>Configure Passbolt database connection settings;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>    \/\/ Database configuration.\n    'Datasources' =&gt; [\n        'default' =&gt; [\n            'host' =&gt; 'localhost',\n            \/\/'port' =&gt; 'non_standard_port_number',\n            'username' =&gt; 'passman',\n            'password' =&gt; 'p@SSw0rd123',\n            'database' =&gt; 'passbolt',\n        ],\n    ],\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Passbolt Email Settings<\/h4>\n\n\n\n<p>Configure Passbolt Email Server settings. We are using Gmail SMTP as our relay server.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>    \/\/ Email configuration.\n    'EmailTransport' =&gt; [\n        'default' =&gt; [\n            'host' =&gt; 'smtp.gmail.com',\n            'port' =&gt; 587,\n            'username' =&gt; 'username@gmail.com',\n            'password' =&gt; 'secretpassword',\n            \/\/ Is this a secure connection? true if yes, null if no.\n            'tls' =&gt; true,\n            \/\/'timeout' =&gt; 30,\n            \/\/'client' =&gt; null,\n            \/\/'url' =&gt; null,\n        ],\n    ],\n    'Email' =&gt; [\n        'default' =&gt; [\n            \/\/ Defines the default name and email of the sender of the emails.\n            'from' =&gt; ['passbolt@kifarunix-demo.com' =&gt; 'Kifarunix-demo Passbolt'],\n            \/\/'charset' =&gt; 'utf-8',\n            \/\/'headerCharset' =&gt; 'utf-8',\n        ],\n    ],\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Specify the GPG key fingerprint<\/h4>\n\n\n\n<p>Extract the GPG key fingerprint and set it as the value of the&nbsp;<code>fingerprint<\/code>&nbsp;parameter.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>gpg --list-keys --fingerprint | grep -i -B 2 <strong>YOUR_EMAIL_ID<\/strong> <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pub   rsa4096 2020-07-15 [SC]\n<strong>      C503 E615 618B 3433 1BA1  D26D 85EB 40BA 1D5D E890\n<\/strong>uid           [ultimate] &lt;YOUR_NAME&gt; &lt;YOUR_EMAIL_ID&gt;\nsub   rsa4096 2020-07-15 [E]<\/code><\/pre>\n\n\n\n<p>Copy the highlighted string and remove spaces and paste it as the value of the&nbsp;<code>fingerprint<\/code>&nbsp;parameter. Also, uncomment the public and private lines below the fingerprint by removing the two forward slashes at the beginning of those lines;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\n            'serverKey' =&gt; [\n                \/\/ Server private key fingerprint.\n                'fingerprint' =&gt; 'C503E615618B34331BA1D26D85EB40BA1D5DE890',\n                'public' =&gt; CONFIG . 'gpg' . DS . 'serverkey.asc',\n                'private' =&gt; CONFIG . 'gpg' . DS . 'serverkey_private.asc',\n            ],\n<\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create Apache VirtualHost Configuration for Passbolt and Enable HTTPS<\/h3>\n\n\n\n<p>Next, create a dedicated Apache virtual host configuration file for Passbolt.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/httpd\/conf.d\/passbolt.conf  &lt;&lt; 'EOL'\n&lt;VirtualHost *:80&gt;\n\n        ServerAdmin passbolt.kifarunix-demo.com\n        DocumentRoot \/var\/www\/passbolt\n\n\tRedirect \/ https:\/\/passbolt.kifarunix-demo.com\n&lt;\/VirtualHost&gt;\n#SSLStaplingCache \"shmcb:logs\/stapling-cache(150000)\"\nServerSignature Off\nServerTokens Prod\n&lt;VirtualHost _default_:443&gt;\n        ServerAdmin passbolt.kifarunix-demo.com\n        DocumentRoot \/var\/www\/passbolt\n\n\n        ErrorLog \/var\/log\/httpd\/passbolt_error.log\n        CustomLog \/var\/log\/httpd\/passbolt_access.log combined\n\n\n        SSLEngine on\n        SSLCertificateFile      \/etc\/pki\/tls\/certs\/ssl-cert-passbolt.pem\n        SSLCertificateKeyFile \/etc\/pki\/tls\/private\/ssl-cert-passbolt.key\n        SSLCACertificateFile \/etc\/pki\/tls\/certs\/ssl-cacert-passbolt.pem\n\n        SSLCipherSuite EECDH+AESGCM:EDH+AESGCM\n        SSLProtocol -all +TLSv1.3 +TLSv1.2\n        SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1\n        SSLHonorCipherOrder On\n        Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\"\n        Header always set X-Frame-Options DENY\n        Header always set X-Content-Type-Options nosniff\n        SSLCompression off\n        #SSLUseStapling on\n        SSLSessionTickets Off\n\n\t&lt;Directory \/var\/www\/passbolt\/&gt;\n  \t\tOptions FollowSymLinks MultiViews\n  \t\tAllowOverride All\n\t\tRequire all granted\n\t&lt;\/Directory&gt;\n\n\n        &lt;FilesMatch \"\\.(cgi|shtml|phtml|php)$\"&gt;\n                        SSLOptions +StdEnvVars\n        &lt;\/FilesMatch&gt;\n        &lt;Directory \/usr\/lib\/cgi-bin&gt;\n                        SSLOptions +StdEnvVars\n        &lt;\/Directory&gt;\n\n&lt;\/VirtualHost&gt;\nEOL\n<\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Generate TLS certificates<\/h4>\n\n\n\n<p>If you noticed, we enabled HTTP &gt; HTTPS redirection in our configuration.<\/p>\n\n\n\n<p>Obtain your commercially trusted CA certificates and install them on the directories specified on the Apache configuration.<\/p>\n\n\n\n<p>Run Apache configuration syntax check.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apachectl -t<\/code><\/pre>\n\n\n\n<p>if you get the output, <code><strong>Syntax OK<\/strong><\/code>, you are good to proceed, otherwise, fix the issues before you can proceed.<\/p>\n\n\n\n<p>Ensure the Apache&nbsp;<strong><code>rewrite<\/code><\/strong>,&nbsp;<strong><code>ssl<\/code><\/strong>,&nbsp;<code><strong>headers<\/strong><\/code>&nbsp;modules are enabled;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>httpd -M | grep -E \"rew|ssl|head\"<\/code><\/pre>\n\n\n\n<p>Sample output:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code> headers_module (shared)\n rewrite_module (shared)\n ssl_module (shared)<\/code><\/pre>\n\n\n\n<p>If you get the error below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>AH00526: Syntax error on line 85 of \/etc\/httpd\/conf.d\/ssl.conf:\nSSLCertificateFile: file '\/etc\/pki\/tls\/certs\/localhost.crt' does not exist or is empty<\/code><\/pre>\n\n\n\n<p>restart Apache to fix<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart httpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">&nbsp;Run the Passbolt Install Script<\/h3>\n\n\n\n<p>Next, execute the Passbolt install script.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R apache: \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo su -s \/bin\/bash -c \".\/bin\/cake passbolt install --no-admin\" apache<\/code><\/pre>\n\n\n\n<p>By default, when script is run, it prompts you to create an administrative user. We disabled that by adding the&nbsp;<code>--no-admin<\/code>&nbsp;option. We will create the admin account later.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>     ____                  __          ____  \n    \/ __ \\____  _____ ____\/ \/_  ____  \/ \/ \/_ \n   \/ \/_\/ \/ __ `\/ ___\/ ___\/ __ \\\/ __ \\\/ \/ __\/ \n  \/ ____\/ \/_\/ (__  |__  ) \/_\/ \/ \/_\/ \/ \/ \/    \n \/_\/    \\__,_\/____\/____\/_.___\/\\____\/_\/\\__\/   \n\n Open source password manager for teams\n-------------------------------------------------------------------------------\nRunning baseline checks, please wait...\nCritical healthchecks are OK\nCleaning up existing tables if any.\n-------------------------------------------------------------------------------\n0 tables dropped\nInstall the schema and default data.\n-------------------------------------------------------------------------------\nusing migration paths \n - \/var\/www\/passbolt\/config\/Migrations\nusing seed paths \n - \/var\/www\/passbolt\/config\/Seeds\nusing environment default\nusing adapter mysql\nusing database passbolt\nordering by creation time\n\n == 20170830064410 V162InitialMigration: migrating\n == 20170830064410 V162InitialMigration: migrated 15.9084s\n...\n...\n\nAll Done. Took 100.0627s\nImport the server private key in the keyring\n-------------------------------------------------------------------------------\nImporting \/var\/www\/passbolt\/config\/gpg\/serverkey_private.asc\nKeyring init OK\nPassbolt installation success! Enjoy! \u262e\n<\/code><\/pre>\n\n\n\n<p>Run health check to verify that all is Okay.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo su -s \/bin\/bash -c \".\/bin\/cake passbolt healthcheck\" apache<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>     ____                  __          ____  \n    \/ __ \\____  _____ ____\/ \/_  ____  \/ \/ \/_ \n   \/ \/_\/ \/ __ `\/ ___\/ ___\/ __ \\\/ __ \\\/ \/ __\/ \n  \/ ____\/ \/_\/ (__  |__  ) \/_\/ \/ \/_\/ \/ \/ \/    \n \/_\/    \\__,_\/____\/____\/_.___\/\\____\/_\/\\__\/   \n\n Open source password manager for teams\n-------------------------------------------------------------------------------\n Healthcheck shell       \n-------------------------------------------------------------------------------\n\n Environment\n\n [PASS] PHP version 7.4.6.\n [PASS] PCRE compiled with unicode support.\n [PASS] The temporary directory and its content are writable.\n [PASS] The public image directory and its content are writable.\n [PASS] The logs directory and its content are writable.\n [PASS] GD or Imagick extension is installed.\n [PASS] Intl extension is installed.\n [PASS] Mbstring extension is installed.\n\n Config files\n\n [PASS] The application config file is present\n [PASS] The passbolt config file is present\n\n Core config\n\n [PASS] Debug mode is off.\n [PASS] Cache is working.\n [PASS] Unique value set for security.salt\n [PASS] Full base url is set to https:\/\/passbolt.kifarunix-demo.com\n [PASS] App.fullBaseUrl validation OK.\n [PASS] \/healthcheck\/status is reachable.\n\n SSL Certificate\n\n [PASS] SSL peer certificate validates\n [PASS] Hostname is matching in SSL certificate.\n [PASS] Not using a self-signed certificate\n\n Database\n\n [PASS] The application is able to connect to the database\n [PASS] 25 tables found\n [PASS] Some default content is present\n [PASS] The database schema up to date.\n\n GPG Configuration\n\n [PASS] PHP GPG Module is installed and loaded.\n [PASS] The environment variable GNUPGHOME is set to \/usr\/share\/httpd\/.gnupg.\n [PASS] The directory \/usr\/share\/httpd\/.gnupg containing the keyring is writable by the webserver user.\n [PASS] The server OpenPGP key is not the default one\n [PASS] The public key file is defined in config\/passbolt.php and readable.\n [PASS] The private key file is defined in config\/passbolt.php and readable.\n [PASS] The server key fingerprint matches the one defined in config\/passbolt.php.\n [PASS] The server public key defined in the config\/passbolt.php (or environment variables) is in the keyring.\n [PASS] There is a valid email id defined for the server key.\n [PASS] The public key can be used to encrypt a message.\n [PASS] The private key can be used to sign a message.\n [PASS] The public and private keys can be used to encrypt and sign a message.\n [PASS] The private key can be used to decrypt a message.\n [PASS] The private key can be used to decrypt and verify a message.\n [PASS] The public key can be used to verify a signature.\n\n Application configuration\n\n [PASS] Using latest passbolt version (3.2.1).\n [PASS] Passbolt is configured to force SSL use.\n [PASS] App.fullBaseUrl is set to HTTPS.\n [PASS] Selenium API endpoints are disabled.\n [PASS] Search engine robots are told not to index content.\n [PASS] Registration is closed, only administrators can add users.\n [PASS] Serving the compiled version of the javascript app\n [PASS] All email notifications will be sent.\n\n [PASS] No error found. Nice one sparky!\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Finalize Passbolt Setup from Browser<\/h3>\n\n\n\n<p>Open the Apache Ports on Firewall;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-service={http,https} --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>Disable SELinux (We strongly do not recommend that you do this in a production system).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/=enforcing\/=permissive\/' \/etc\/selinux\/config<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create Passbolt Administrative User<\/h4>\n\n\n\n<p>You can now create Passbolt admin user using the&nbsp;<code>.\/bin\/cake passbolt register_user<\/code>&nbsp;command. Below is the command line options for this command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/bin\/cake passbolt register_user --help<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>    ____                  __          ____  \n    \/ __ \\____  _____ ____\/ \/_  ____  \/ \/ \/_ \n   \/ \/_\/ \/ __ `\/ ___\/ ___\/ __ \\\/ __ \\\/ \/ __\/ \n  \/ ____\/ \/_\/ (__  |__  ) \/_\/ \/ \/_\/ \/ \/ \/    \n \/_\/    \\__,_\/____\/____\/_.___\/\\____\/_\/\\__\/   \n\n Open source password manager for teams\n---------------------------------------------------------------\nRegister a new user.\n\nUsage:\ncake passbolt register_user [options]\n\nOptions:\n\n--first-name, -f        The user first name\n--help, -h              Display this help.\n--interactive, -i       Enable interactive mode\n--interactive-loop      Enable interactive mode (default:\n                        3)\n--last-name, -l         The user last name\n--quiet, -q             Enable quiet output.\n--role, -r              The User role, such as \"admin\" or \"user\"\n--username, -u          The user email aka username\n--verbose, -v           Enable verbose output.\n<\/code><\/pre>\n\n\n\n<p>So let us create an admin user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo su -s \/bin\/bash -c \".\/bin\/cake passbolt register_user -u admin@kifarunix.com -f Kifarunix -l Demo -r admin\" apache<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>     ____                  __          ____  \n    \/ __ \\____  _____ ____\/ \/_  ____  \/ \/ \/_ \n   \/ \/_\/ \/ __ `\/ ___\/ ___\/ __ \\\/ __ \\\/ \/ __\/ \n  \/ ____\/ \/_\/ (__  |__  ) \/_\/ \/ \/_\/ \/ \/ \/    \n \/_\/    \\__,_\/____\/____\/_.___\/\\____\/_\/\\__\/   \n\n Open source password manager for teams\n---------------------------------------------------------------\nUser saved successfully.\nTo start registration follow the link provided in your mailbox or here: \nhttps:&#47;&#47;passbolt.kifarunix-demo.com\/setup\/install\/4dbe1c54-79bc-48b5-9ab3-705afd5af097\/e34ea69b-0954-401b-8232-946ce721eda9<\/code><\/pre>\n\n\n\n<p>Copy the link provided upon user registration and paste it on the browser address bar so you can use it to finalize the setup of Passbolt.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Install Passbolt Browser Plugin<\/h4>\n\n\n\n<p>Download and install plugin for your specific browser, in this demo, we using Firefox.<\/p>\n\n\n\n<p>Therefore, click on&nbsp;<strong>Download Extension<\/strong>&nbsp;to download to install the Passbolt Firefox add-on extension.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/01\/passbolt-chrome-plugin.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1274\" height=\"616\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/install-passbolt-firefox-add-on.png\" alt=\"Install Passbolt Password Manager on Rocky Linux 8\" class=\"wp-image-9361\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/install-passbolt-firefox-add-on.png?v=1624720025 1274w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/install-passbolt-firefox-add-on-768x371.png?v=1624720025 768w\" sizes=\"(max-width: 1274px) 100vw, 1274px\" \/><\/figure>\n\n\n\n<p>Once the extension is installed, click <strong>Refresh to detect the extension<\/strong>.<\/p>\n\n\n\n<p>Set the Passbolt passphrase<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1247\" height=\"744\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-set-passphrase.png\" alt=\"\" class=\"wp-image-9365\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-set-passphrase.png?v=1624720709 1247w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-set-passphrase-768x458.png?v=1624720709 768w\" sizes=\"(max-width: 1247px) 100vw, 1247px\" \/><\/figure>\n\n\n\n<p>Click Next to download the Passbolt recovery kit key. Save the key in a secure place.<\/p>\n\n\n\n<p>Click Next and select a color to identify your security token.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1058\" height=\"660\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-sec-token.png\" alt=\"\" class=\"wp-image-9363\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-sec-token.png?v=1624720103 1058w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-sec-token-768x479.png?v=1624720103 768w\" sizes=\"(max-width: 1058px) 100vw, 1058px\" \/><\/figure>\n\n\n\n<p>Click Next to get to proceed to Passbolt dashboard.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/01\/passbolt-login.png\"><\/a>And there you go.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/07\/passbolt-dashboard.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1357\" height=\"455\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-dashboard.png\" alt=\"\" class=\"wp-image-9364\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-dashboard.png?v=1624720411 1357w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/06\/passbolt-dashboard-768x258.png?v=1624720411 768w\" sizes=\"(max-width: 1357px) 100vw, 1357px\" \/><\/figure>\n\n\n\n<p>You can now start using Passbolt to store passwords\/share them as you wish.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Passbolt to Sent Emails<\/h4>\n\n\n\n<p>Last but not least, you can now configure Passbolt to be able to sent email notifications on new password creation, sharing, modification etc.<\/p>\n\n\n\n<p>Before this, ensure that you have configured Passbolt email settings.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/var\/www\/passbolt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u apache .\/bin\/cake EmailQueue.sender<\/code><\/pre>\n\n\n\n<p>When you run the above, you should be able to receive emails on activating your account as well as welcoming you to Passbolt.<\/p>\n\n\n\n<p>Create a cron job to execute this script to have the emails sent automatically.<\/p>\n\n\n\n<p>Install the cron jobs as Apache Web server user, &nbsp;<code><strong>apache<\/strong><\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>crontab -u apache -e<\/code><\/pre>\n\n\n\n<p>Create a cron job that runs all the time.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code><strong>*<\/strong> <strong>*<\/strong> <strong>*<\/strong> <strong>*<\/strong> <strong>*<\/strong> \/var\/www\/passbolt\/bin\/cake EmailQueue.sender <strong>&gt;&gt;<\/strong> \/var\/log\/passbolt-mails.log<\/code><\/pre>\n\n\n\n<p>Save and exit the cron jobs file.<\/p>\n\n\n\n<p>You can list installed cronjobs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>crontab -u apache -l<\/code><\/pre>\n\n\n\n<p>Your Passbolt password manager is now ready.<\/p>\n\n\n\n<p>That marks the end of our guide on how to install Passbolt on Rocky Linux 8.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-passbolt-password-manager-on-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Passbolt Password Manager on Debian 10<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-passbolt-password-manager-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Passbolt Password Manager on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install Passbolt password manager on Rocky Linux 8.&nbsp;Passbolt&nbsp;is is a free, open source, self-hosted, extensible, OpenPGP based<\/p>\n","protected":false},"author":3,"featured_media":9367,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,339],"tags":[3747,1818,3748,341,3749],"class_list":["post-9224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-password-managers","tag-install-passbolt-rocky-linux","tag-passbolt","tag-passbolt-rocky-linux","tag-password-manager","tag-rocky-linux-passbolt","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9224"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9224"}],"version-history":[{"count":20,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9224\/revisions"}],"predecessor-version":[{"id":21761,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9224\/revisions\/21761"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9367"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}