diff --git a/_data/toc.yml b/_data/toc.yml index f25fcbc55..4b19e84d7 100644 --- a/_data/toc.yml +++ b/_data/toc.yml @@ -1,19 +1,28 @@ - title: Introduction - slug: discover + slug: introduction teaser: Everybody has to start somewhere + url: https://help.passbolt.com items: - - title: Discovery FAQ - url: /faq/discover + - title: User Guide + url: https://www.passbolt.com/docs/user + icon: fa-compass + teaser: How to get started and basic functionalities explained. + - title: Admin Guide + url: https://www.passbolt.com/docs/admin + icon: fa-compass + teaser: A guide on how to configuration passbolt. + - title: Hosting Guide + url: https://www.passbolt.com/docs/hosting + icon: fa-compass + teaser: A guide to install and run a passbolt server. + - title: Developer Guide + url: https://help.passbolt.com/api icon: fa-compass - teaser: Everybody has to start somewhere. - - title: Roadmap - url: https://www.passbolt.com/roadmap - icon: fa-map - teaser: What are the current and upcoming features. - - title: Security - url: /faq/security - icon: fa-shield - teaser: Learn more about the security and threat model. + teaser: A guide to call the passbolt API. + - title: Contributor Guide + url: https://help.passbolt.com/contribute + icon: fa-compass + teaser: A guide to contribute to the project. - title: Release notes url: /releases icon: fa-tags @@ -26,178 +35,16 @@ url: https://community.passbolt.com/c/site-feedback icon: fa-comment teaser: We are not machines and it's a cold world out there. -- title: Installation - url: /hosting/install - slug: installation - teaser: Installation guides -- title: Getting started - slug: start - teaser: All the basics to set up and use passbolt - items: - - title: Get started using passbolt - url: /faq/discover - icon: fa-compass - teaser: Frequently asked questions during first time use. - - title: Browser extension - url: /faq/start/browser-extensions - icon: fa-firefox - teaser: How to install and remove the browser extensions. - - title: Password basics - url: /faq/start/create-edit-delete-password - icon: fa-lock - teaser: Creating, editing, sharing and deleting passwords - - title: Sharing passwords - url: /faq/start/share-password - icon: fa-paper-plane - teaser: Sharing is caring (but only if you really have to). - - title: Roles and permissions - url: /faq/start/roles-and-permissions - icon: fa-shield - teaser: Information about the roles and permissions system of passbolt. - - title: Forum - url: https://community.passbolt.com - icon: fa-comments - teaser: When in doubt, you can also ask the community! -- title: Hosting - slug: hosting - teaser: Hosting a passbolt server - items: - - title: Hosting FAQ - url: /faq/hosting - icon: fa-server - teaser: Frequently asked questions about hosting - - title: Installation - slug: install - url: /hosting/install - icon: fa-cogs - teaser: How to install passbolt on your own server - - title: Update - slug: update - url: /hosting/update - icon: fa-refresh - teaser: How to update a self-hosted passbolt instance - - title: Upgrade - slug: upgrade - url: /hosting/upgrade - icon: fa-refresh - teaser: How to upgrade passbolt. - - title: Backup - slug: backup - url: /hosting/backup - icon: fa-download - teaser: Guidelines to backup a passbolt instance - - title: Installation issues - url: https://community.passbolt.com/c/installation-issues - icon: fa-life-saver - teaser: Do you need help installing passbolt? -- title: Configure +- title: User Guide + slug: discover + url: https://www.passbolt.com/docs/user +- title: Admin Guide slug: configure - teaser: Configure your passbolt instance - items: - - title: Configure HTTPS - url: /configure/https - icon: fa-bookmark - slug: https - teaser: How to setup HTTPS for secure communications - - title: Configure LDAP - url: /configure/ldap/setup - icon: fa-address-book-o - teaser: How to configure the directory sync plugin - version: pro - slug: ldap - - title: Configure Account Recovery - url: /configure/account-recovery - icon: fa-key - teaser: How to configure Account Recovery - version: pro - slug: account-recovery - - title: Configure SSO - url: /configure/sso - icon: fa-address-book-o - teaser: How to configure Single Sign-On - version: pro - slug: sso - - title: Configure Windows App - url: /configure/windows-app - icon: fa-windows - teaser: How to configure Windows App - slug: windows-app - - title: Configure Password Policies - url: /configure/password-policies - icon: fa-key - teaser: How to configure Password Policies - version: pro - slug: password-policies - - title: Configure User Passphrase Policies - url: /configure/user-passphrase-policies - icon: fa-key - teaser: How to configure User Passphrase Policies - version: pro - slug: user-passphrase-policies - - title: Configure RBAC - url: /configure/rbac - icon: fa-cogs - teaser: How to configure Role-Based Access Control - slug: rbac - - title: Configure LDAP with ssl - url: /configure/ldap/ldap-with-ssl - icon: fa-address-book-o - teaser: How to configure the LDAP plugin with ssl (ldaps) - version: pro - slug: ldap-with-ssl - - title: Using LDAP Filters - url: /configure/ldap/ldap-filters - icon: fa-address-book-o - teaser: How to use the filters to configure your Users Directory - version: pro - slug: ldap-filters - - title: Troubleshoot LDAP sync errors - url: /configure/ldap/ldap-common-sync-error-messages - icon: fa-address-book-o - teaser: Common ldap synchronization errors and their meaning - version: pro - slug: ldap-with-ssl - - title: Configure MFA - url: /configure/mfa - icon: fa-key - teaser: How to configure Multi Factor Authentication - slug: mfa - - title: Configure TOTP - url: /configure/totp - icon: fa-clock-o - teaser: How to configure Time-based One Time Password - slug: totp - - title: Configure Email Notifications - url: /configure/notification/email - icon: fa-envelope-o - teaser: How to manage email notification settings - slug: email - - title: Configure Email providers - url: /configure/email/setup - icon: fa-envelope-o - teaser: How to setup email providers - slug: email-setup - - title: Configure Email authentication - url: /configure/email/smtp-authentication - icon: fa-envelope-o - teaser: How to configure your authentication method - slug: email-setup - - title: Troobleshoot Email config - url: /faq/hosting/why-email-not-sent - icon: fa-envelope - teaser: Common issues with emails - slug: why-email-not-sent - - title: Environment variable reference - url: /configure/environment/reference - icon: fa-bookmark - teaser: Reference list of all environment variables - slug: reference - - title: Update database credentials - url: /configure/database/credentials - icon: fa-database - teaser: Update database credentials - slug: update-database-credentials -- title: Extend + url: https://www.passbolt.com/docs/admin +- title: Hosting guide + slug: hosting + url: https://www.passbolt.com/docs/hosting +- title: Developer Guide slug: extend teaser: Build on top of passbolt items: @@ -217,7 +64,7 @@ url: https://github.com/passbolt icon: fa-github teaser: Want to see the code? This way! -- title: Contribute +- title: Contributor Guide slug: contribute teaser: Are you doing your part? items: @@ -244,28 +91,4 @@ - title: Small print slug: legal teaser: The small print - items: - - title: Terms of service - url: https://www.passbolt.com/terms - icon: fa-balance-scale - teaser: Did you read the small print? - - title: Privacy policy - url: https://www.passbolt.com/privacy - icon: fa-street-view - teaser: What we do with your data. - - title: CLA Policy - url: https://www.passbolt.com/legal/cla - icon: fa-pencil - teaser: Contributor licence agreement - - title: Code of conduct - url: https://www.passbolt.com/code_of_conduct - icon: fa-handshake-o - teaser: Because everyone should feel welcome - - title: Credits - url: https://www.passbolt.com/credits - teaser: Passbolt would not be possible without... - icon: fa-hand-peace-o - - title: Legal FAQ - url: /faq/legal - teaser: Frequently asked questions about legal matters - icon: fa-question + url: https://www.passbolt.com/terms \ No newline at end of file diff --git a/_faq/configure/000-how-can-i-disable-import-export-plugin.md b/_faq/configure/000-how-can-i-disable-import-export-plugin.md deleted file mode 100644 index 10861bbdf..000000000 --- a/_faq/configure/000-how-can-i-disable-import-export-plugin.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: How can I enable or disable import / export plugins -slug: enable-disable-import-export-plugins -layout: faq -category: configure -permalink: /faq/configure/:slug ---- - -By default, the import and export plugins are enabled for all your users, which can be an issue for some admins. - -## Toggle the import or export plugin - -You can either remove the corresponding entries inside the plugins section, since the plugins are activated by default. -Otherwise, if you prefer it to be explicit, you can add the section below to your `/etc/passbolt/passbolt.php` file: - -``` -return [ - /* Locate or add the passbolt section */ - 'passbolt' => [ - /* Locate or add the plugins section */ - 'plugins' => [ - 'import' => [ - 'enabled' => false, - ], - 'export' => [ - 'enabled' => false, - ], - ] - ] -] -``` \ No newline at end of file diff --git a/_faq/configure/000-performance-tweaks.md b/_faq/configure/000-performance-tweaks.md deleted file mode 100644 index 7b27f925f..000000000 --- a/_faq/configure/000-performance-tweaks.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Some potential performance tweaks -slug: performance-tweaks -layout: faq -category: configure -permalink: /faq/configure/:slug ---- - -## Table of contents: - -- [Table of contents:](#table-of-contents) -- [Introduction](#introduction) -- [Database](#database) -- [PHP FPM](#php-fpm) -- [Nginx](#nginx) - -## Introduction -At Passbolt, we are constantly striving to enhance performance, introduce new functionality, and refine existing features. - -The default settings that come with Passbolt are suitable for the majority of our users. However, if you have a significant number of users or groups who have access to hundreds or thousands of secrets, the defaults may not meet your performance expectations. - -To address this, we have created this guide to help you optimize Passbolt's performance. - -If you prefer not to make these adjustments, please let us know which areas of Passbolt are slowing down for you, and we will consider incorporating improvements in future releases. - -## Database -{% include messages/warning.html - content="**Important:** This assumes you are running your database on the same host as your Passbolt installation" -%} - -One database improvement that can be made is to skip the reverse DNS lookup in MySQL/MariaDB. To do this you will need to: - -Ensure the passbolt user in the database is allowed to connect via `127.0.0.1` and not just `localhost`: -``` -[mysql]> GRANT USAGE ON *.* TO `passboltadmin`@`127.0.0.1` IDENTIFIED BY PASSWORD ``; -[mysql]> GRANT ALL PRIVILEGES ON `passboltdb`.* TO `passboltadmin`@`127.0.0.1`; -[mysql]> FLUSH PRIVILEGES; -``` - -You can find the password hash by running: -``` -[mysql]> use mysql; -[mysql]> select user, host, password from user where user = ‘passboltadmin’; -``` - -Both above samples assume user is named `passboltadmin` and the database is named `passboltdb`, actual values may be different depending on what was chosen during installation. - -Edit your mysql configuration file, search for `[mysqld]` block and add: -``` -# Skip reverse DNS lookup -skip-name-resolve -``` - -Then restart mysql: -``` -systemctl restart mysql -``` -You will then need to adjust your Passbolt configuration to point to `127.0.0.1` instead of `localhost` if it is set to `localhost` - -## PHP FPM -There are two values which you can change to increase the resources that PHP is able to use. These are `memory_limit` and `pm.max_children` - -You can adjust `memory_limit` by editing the `/etc/php/X.X/fpm/php.ini` file where X.X is your PHP version. - -You can adjust `pm.max_children` by editing the `/etc/php/X.X/fpm/pool.d/www.conf` file where X.X is your PHP version. - -{% include messages/warning.html -content="Since you edited the php configuration, you will need to restart php-fpm to apply those changes. It's important to run **sudo systemctl restart phpX.X-fpm** where X.X is your PHP version" -%} - - -## Nginx -For Nginx our recommendation is less about making it more performant, but rather increasing a timeout so that your users don't experience as many errors if they are regularly running into time outs. You can do this by editing the value for `keepalive_timeout` in your Nginx config file. \ No newline at end of file diff --git a/_faq/configure/001-self-registration.md b/_faq/configure/001-self-registration.md deleted file mode 100644 index db1937c4d..000000000 --- a/_faq/configure/001-self-registration.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: User Self Registration Set Up -slug: self-registration -layout: faq -category: configure -permalink: /configure/:slug -date: 2023-02-15 00:00:00 Z ---- - - -### How to set up user Self Registration - -The purpose of this guide is to show you how to set up user Self Registration on your passbolt installation as an admin and for users how to register. - - -{% assign adminstepNumber = 1 %} - -## Admin Guide - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Log in with an administrator account - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Navigate to the adminstration tab - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/Admin1.png" - legend="Navigate to admin tab" - width="500px" -%} - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Select the Self Registration option on the left - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/Admin2.png" - legend="Navigate to self registration" - width="500px" -%} - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Click the toggle to enable - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/Admin3.png" - legend="Toggle self registration" - width="500px" -%} - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Enter the domains you want to allow to self register. - -This section will require that you specify the domains you want to allow self registration on. This is used to only allow users with an email address at that domain to register. - -{% include messages/warning.html - content="**Important:** This will allow **ANY** user with an email address at that domain to register. So, it is recommended to not use a free or common domain such as gmail.com here." -%} - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/Admin4.png" - legend="Enter domains" - width="500px" -%} - - -**Step {{ adminstepNumber }}{% assign adminstepNumber = adminstepNumber | plus:1 %}.** Save your settings - -Congrats! At this point you have user Self Registration set up and configured and you can let your users know! - - -{% assign userstepNumber = 1 %} - -## User Guide - -**Step {{ userstepNumber }}{% assign userstepNumber = userstepNumber | plus:1 %}.** Navigate to your Passbolt URL - - -**Step {{ userstepNumber }}{% assign userstepNumber = userstepNumber | plus:1 %}.** Enter your email address - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/User1.png" - legend="Enter your email address" - width="500px" -%} - -**Step {{ userstepNumber }}{% assign userstepNumber = userstepNumber | plus:1 %}.** Enter your name - -{% include articles/figure.html - url="/assets/img/help/2023/02/self-registration/User2.png" - legend="Enter your name" - width="500px" -%} - -**Step {{ userstepNumber }}{% assign userstepNumber = userstepNumber | plus:1 %}.** Proceed with the standard sign up process. \ No newline at end of file diff --git a/_faq/configure/index.html b/_faq/configure/index.html deleted file mode 100644 index 6e9ec15d2..000000000 --- a/_faq/configure/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Configuration FAQ -layout: faq -category: configure -notsearchable: true -slug: faq ---- -{% include faq/list-by-category.html category=page.category %} diff --git a/_faq/discover/000-what-is-passbolt.md b/_faq/discover/000-what-is-passbolt.md deleted file mode 100644 index 991f00126..000000000 --- a/_faq/discover/000-what-is-passbolt.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: What is passbolt? -slug: what-is-passbolt -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -Passbolt is a free and open source password manager that allows team members to store and share credentials securely. -For instance, the wifi password of your office, the administrator password of a router or your organisation social -media account password, all of them can be secured using passbolt. - -### Um, the TL;DR? -* Free & Open source -* Designed for teams -* Extensible API \ No newline at end of file diff --git a/_faq/discover/000-why-do-i-need-passbolt.md b/_faq/discover/000-why-do-i-need-passbolt.md deleted file mode 100644 index fa7dc6103..000000000 --- a/_faq/discover/000-why-do-i-need-passbolt.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Why do I need a password manager? -slug: why -category: discover -permalink: /faq/discover/why -sidebar: aside/org-usp.html -layout: faq -date: 2017-01-20 00:00:00 Z ---- -A password manager allows you to comfortably implement best security practices and therefore reduces the risks for -you and your organisation. - -With a password manager you can prevent your team from reusing the same password on multiple systems. -You can also make sure they generate stronger passwords by default, since they do not have to remember them anymore. -It also makes it easier to rotate credentials, e.g. help you change your passwords regularly, every 40 days for example. - -Additionally, having an overview of who has access to what, allows you to reset passwords when somebody leaves -your organisation. Reciprocally it can also help facilitate when someone is joining your team, since a new member -can easily be given access to the all the password they need. It also prevents loss of credentials since you can -perform backups. - -### Um, the TL;DR? -* Decrease password reuse -* Implement password rotation -* Increase password strength -* Help on-boarding new member \ No newline at end of file diff --git a/_faq/discover/001-how-does-it-work.md b/_faq/discover/001-how-does-it-work.md deleted file mode 100644 index ec7f9e7bd..000000000 --- a/_faq/discover/001-how-does-it-work.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: How does it work? -slug: how-does-it-work -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- - -{% include articles/figure.html - url="/assets/img/diagrams/howitworks.svg" - legend="password exchange using passbolt" -%} - -In a nutshell: -* Ada has a password to share with betty -* Ada encrypts the password using passbolt plugin and Betty public key -* The password is sent encrypted over HTTPS to the server -* The password is stored on the passbolt server -* Betty receives and email notification -* Betty logs in to passbolt -* Betty using her private key decrypts the password and uses it to login! diff --git a/_faq/discover/001-how-is-it-different.md b/_faq/discover/001-how-is-it-different.md deleted file mode 100644 index 747ebf9df..000000000 --- a/_faq/discover/001-how-is-it-different.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: How is passbolt different from other password managers? -slug: how-is-different -layout: faq -category: discover -sidebar: aside/mini-usp.html -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -A lot of password solutions focus on personal needs. Passbolt is primarily designed for teams and not individuals. -We built passbolt taking into account the needs of small and medium organisations in mind. -Moreover passbolt is open source and respectful of your privacy. -Passbolt community edition is free. -It is also extensible thanks to its restful API. diff --git a/_faq/discover/001-is-sharing-password-a-bad-practice.md b/_faq/discover/001-is-sharing-password-a-bad-practice.md deleted file mode 100644 index fe4621352..000000000 --- a/_faq/discover/001-is-sharing-password-a-bad-practice.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Is sharing the same password with multiple users a bad practice? -slug: is-sharing-password-a-bad-practice -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -Indeed, it is. Wherever possible you should try to have one user account and a unique password per person. -However it is not always possible, especially for built-in privileged accounts (like the admin password of a -router, a root password on a linux server, your organization instagram / twitter account password, etc.), -and this is where passbolt can be of most help. diff --git a/_faq/discover/002-can-i-use-passbolt-as-personal-password-manager.md b/_faq/discover/002-can-i-use-passbolt-as-personal-password-manager.md deleted file mode 100644 index d86c1ea57..000000000 --- a/_faq/discover/002-can-i-use-passbolt-as-personal-password-manager.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: I need a personal password manager, can I use passbolt? -slug: can-i-use-passbolt-as-personal-password-manager -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -Yes, even though passbolt is primarily design for organizations, you can also use it -to store those passwords that you do not want to share with anyone. \ No newline at end of file diff --git a/_faq/discover/002-why-do-i-need-a-browser-extension.md b/_faq/discover/002-why-do-i-need-a-browser-extension.md deleted file mode 100644 index cf9de2254..000000000 --- a/_faq/discover/002-why-do-i-need-a-browser-extension.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Why do I need a browser extension? -slug: why-an-extension -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -A browser extension is needed to provide functionalities such as auto -filling your passwords when visiting known websites, but more importantly to maintain a higher level of security and provide a secure random number generator. - -## More info - -A regular website serves users content in the form of html, javascript, css assets. It may be cached on a content delivery network (CDN) for speed, but everything is coming from one place. In the event of an attacker accessing the server, they may be able to change these assets, such as showing you modified content, or change the application logic. - -The solution we opted-for to ensure code integrity was to split the application in two parts: - -1. Server side: the API who serves encrypted data -2. Client side: the web extension who renders the assets and contains the logic to encrypt/decrypt data. - -The web extension is published on browsers extension marketplaces (Firefox, Chrome, Edge). Each of them requires the extension to be cryptographically signed by Passbolt developers with a secret key, to make sure nobody can change that code while it is being transmitted from the marketplace. - -{% include articles/figure.html - url="/assets/img/help/2022/05/passbolt-app-and-data-delivery.jpeg" - legend="passbolt application and data delivery" - width="540px" -%} - -## Some points you must be aware of: - -* The passbolt login page is rendered by the browser extension. By entering your passphrase, you unlock your PGP private key stored in the local storage of your browser to let the extension communicate with the passbolt API and perform the user [authentication with GnuPG protocol](/api/authentication). -* Most of passbolt application (passwords, users, or profile namespaces) isn't rendered by the server but by the browser extension. -* End-to-end encryption is provided by the browser extension. - -{% include articles/figure.html - url="/assets/img/help/2022/05/e2e-security.jpeg" - legend="End to end security using OpenPGP" - width="540px" -%} - -## References: - -* [Why does passbolt require an extension? (Blog post 2020)](https://blog.passbolt.com/why-does-passbolt-require-an-extension-d1b189133b2) -* [API Authentication sequence diagram](https://help.passbolt.com/api/authentication) -* [Security white paper](https://help.passbolt.com/assets/files/Security%20White%20Paper%20-%20Passbolt%20Pro%20Edition.pdf) \ No newline at end of file diff --git a/_faq/discover/003-are-we-there-yet.md b/_faq/discover/003-are-we-there-yet.md deleted file mode 100644 index 2c2daa5eb..000000000 --- a/_faq/discover/003-are-we-there-yet.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: When will you be releasing feature X or Y? -slug: are-we-there-yet -layout: faq -category: discover -permalink: /faq/discover/:slug ---- -If the feature is on our [roadmap](https://www.passbolt.com/roadmap) we will most likely get to it at some point. -Good things take time and our capacity to add features depends on how many customers and contributors we have. - -Please consider [supporting us]({{ "/faq/contribute/financial-contribution" | absolute_url }})! diff --git a/_faq/discover/003-how-do-you-prioritize.md b/_faq/discover/003-how-do-you-prioritize.md deleted file mode 100644 index 6395d65ba..000000000 --- a/_faq/discover/003-how-do-you-prioritize.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: How to you prioritize feature development? -slug: feature-priority -layout: faq -category: discover -permalink: /faq/discover/:slug ---- -Upcoming new funtionalities are advertised on the [roadmap](https://www.passbolt.com/roadmap). -Passbolt users can propose and upvote for new ideas on the [community forum](https://community.passbolt.com). -The more financial contributors (and supporters in general) the quicker we can develop new functionalities. - -Security vulnerabilities and bugs fixes are to be given a higher priority than new features. -Core libraries and framework maintenance upgrade also need to be dealt with proactively. diff --git a/_faq/discover/003-where-can-i-login.md b/_faq/discover/003-where-can-i-login.md deleted file mode 100644 index e244f62f8..000000000 --- a/_faq/discover/003-where-can-i-login.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Where can I login? -slug: where-can-i-login -layout: faq -category: discover -permalink: /faq/discover/:slug ---- -Long story short, it depends on your situation, as passbolt can be hosted -on-premises or in the cloud. - -## Quick clues -### If you have completed the setup -If you have completed the setup and configured passbolt on your current laptop or desktop, -you can click on the passbolt icon in the top right corner of your browser. If you -then click on the passbolt logo it will take you to your passbolt workspace. - -### Check for passbolt emails in your mailbox -In most cases you will have received an email notification from passbolt in the past -in your mailbox. So check your inbox and follow one of the links. - -### Ask for help to your administrator -In doubt you can also ask the person that invited you to passbolt, e.g. the administrator -that setup passbolt for your company. - -## Other clues -### You are using passbolt cloud version -If you are using passbolt cloud your passwords will be located -in a workspace in https://cloud.passbolt.com/workspace, where -workspace is the name of your organization, like https://cloud.passbolt.com/acme. - -### You are using passbolt self-hosted version -If you are using the self hosted version of passbolt you can contact your administrator, -as the self hosted version, much like a blog, can be hosted anywhere. - diff --git a/_faq/discover/003-where-to-get-help.md b/_faq/discover/003-where-to-get-help.md deleted file mode 100644 index 936172bf5..000000000 --- a/_faq/discover/003-where-to-get-help.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Where can I get help? -slug: where-to-get-help -layout: faq -category: discover -permalink: /faq/discover/:slug -date: 2017-01-20 00:00:00 Z ---- -For installation issues or an issue specific to your instance -you can request help from the community on the [forum](https://community.passbolt.com). - -If you have found a bug you can report it on [github](https://github.com/passbolt). - -If you require professional support or help to customize passbolt you can get in touch with - the team at [contact@passbolt.com](mailto:contact@passbolt.com). - diff --git a/_faq/discover/index.html b/_faq/discover/index.html deleted file mode 100644 index d026637ea..000000000 --- a/_faq/discover/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Discovering passbolt -layout: faq -category: discover -notsearchable: true -slug: faq ---- -{% include faq/list-by-category.html category=page.category %} diff --git a/_faq/hosting/000-how-to-install-passbolt-non-interactive.md b/_faq/hosting/000-how-to-install-passbolt-non-interactive.md deleted file mode 100644 index 59fe04e34..000000000 --- a/_faq/hosting/000-how-to-install-passbolt-non-interactive.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: How to install passbolt in non-interactive mode? -slug: how-to-install-passbolt-non-interactive -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-03-02 00:00:00 Z ---- - -The non-interactive mode is useful for automating passbolt installation and for users with specific needs. It is available only on Debian and Ubuntu operating systems. - -The commands of this page assume you want to install passbolt CE. Replace `ce` with `pro` if you plan to install the PRO version. - -### Package repository setup - -For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt and install it. - -**Step 1.** Download our dependencies installation script: - -``` -wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh" -``` - -**Step 2.** Download our SHA512SUM for the installation script: - -``` -wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt -``` - -**Step 3.** Ensure that the script is valid and execute it: - -``` -sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh {% if migrate == 'yes' %} --passbolt-migrate {% endif %} || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh -``` - -### Simple mode - -If you don't want to install mysql locally or you don't want to use nginx as http server you can run the non-interactive command with `--no-install-recommends` parameter. - -``` -sudo DEBIAN_FRONTEND=noninteractive apt-get install \ - --no-install-recommends passbolt-ce-server -``` - -### Advanced mode - -You can automate the installation by pre-fill answers with this command (run one command per parameter): - -``` -echo passbolt-ce-server | \ - sudo debconf-set-selections -``` - -Parameter and type reference table: - -| Parameter | Type | Description | -| ------------------------------------------ | -------- | ----------------------------------------------------------------------------------------------------- | -| passbolt/mysql-configuration | boolean | To enable MySQL, can be true (default) or false | -| passbolt/mysql-passbolt-username | string | Passbolt database username | -| passbolt/mysql-passbolt-password | password | Passbolt database password | -| passbolt/mysql-passbolt-password-repeat | password | Passbolt database password confirm (must be the same as passbolt/mysql-passbolt-password) | -| passbolt/mysql-passbolt-dbname | string | Passbolt database name | -| passbolt/nginx-configuration | boolean | To enable Nginx, can be true (default) or false | -| passbolt/nginx-configuration-three-choices | select | SSL configuration: When certbot package is installed, you can choose between auto, manual and none | -| passbolt/nginx-configuration-two-choices | select | SSL configuration: When certbot package is not installed, you can choose only between manual and none | -| passbolt/nginx-domain | string | Passbolt domain name (FQDN) | -| passbolt/nginx-certificate-file | string | Absolute path to SSL certificate path (applies only if nginx-configuration-*-choices is manual) | -| passbolt/nginx-certificate-key-file | string | Absolute path to SSL key path (applies only if nginx-configuration-*-choices is manual) | -{: .table-parameters } - -Once done, run this non-interactive install command: - -``` -sudo DEBIAN_FRONTEND=noninteractive apt-get install passbolt-ce-server -``` \ No newline at end of file diff --git a/_faq/hosting/000-how-to-install.md b/_faq/hosting/000-how-to-install.md deleted file mode 100644 index c46372bcb..000000000 --- a/_faq/hosting/000-how-to-install.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: How to install passbolt server -slug: how-to-install -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- -There are multiple way to install passbolt. You can install it using Docker or on your favorite distribution. -Check out the dedicated [documentation page]({{ "/hosting/install" | absolute_url }}) for that topic. \ No newline at end of file diff --git a/_faq/hosting/000-how-to-make-backup.md b/_faq/hosting/000-how-to-make-backup.md deleted file mode 100644 index 95f30ddc9..000000000 --- a/_faq/hosting/000-how-to-make-backup.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: How to make passbolt backups -slug: how-to-backup -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- -You can (and should) make a backup of your secret key during the setup after generating a new key. -You can also do that at any moment when you are logged in the application by going to the profile section. - -At the moment it is not possible to download a backup of your passwords from the client side. However if you -have email notification enabled you should receive a copy of your encrypted passwords by email, which can act as -a backup. - -However on the server side you can make a regular backup of the entire database. Several methods are available -and there is plenty of [documentation available online](http://dev.mysql.com/doc/refman/5.7/en/backup-methods.html). - -See also [How to make passbolt server backup](/hosting/backup). diff --git a/_faq/hosting/000-how-to-update.md b/_faq/hosting/000-how-to-update.md deleted file mode 100644 index 61e2e6df8..000000000 --- a/_faq/hosting/000-how-to-update.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: How can I update my passbolt server? -slug: how-to-update -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- -Check out the dedicated [documentation page]({{ "/hosting/update" | absolute_url }}) for that topic. \ No newline at end of file diff --git a/_faq/hosting/000-what-are-the-machine-requirements.md b/_faq/hosting/000-what-are-the-machine-requirements.md deleted file mode 100644 index e0d8689c8..000000000 --- a/_faq/hosting/000-what-are-the-machine-requirements.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: What are the minimum server requirements? -slug: hosting-requirements -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- -Passbolt has been reported to work on a large variety of servers. -However we recommend you run passbolt using the stable version of a major linux distribution such as Debian, -Ubuntu, Centos, etc. - -The minimum virtual machine specs we recommend: -- 2 cores -- 2GB RAM -- 20GB -- 10mbps -- Internet access diff --git a/_faq/hosting/001-do-you-provide-hosting.md b/_faq/hosting/001-do-you-provide-hosting.md deleted file mode 100644 index 46dc6bd66..000000000 --- a/_faq/hosting/001-do-you-provide-hosting.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Does passbolt provide hosting? -slug: where-to-host -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- -Please check out the [service page](https://www.passbolt.com/services) for a list of current professional offers. diff --git a/_faq/hosting/001-docker-secrets.md b/_faq/hosting/001-docker-secrets.md deleted file mode 100644 index 5526aeab7..000000000 --- a/_faq/hosting/001-docker-secrets.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Docker Secrets -slug: docker-secrets -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2023-01-16 00:00:00 Z ---- -This page should give you the information necessary to successfully use [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/) with your Passbolt installation. - -{% include messages/notice.html - content="Notice: For more information you can learn about secrets for [Compose](https://docs.docker.com/compose/compose-file/#secrets) and [Swarm](https://docs.docker.com/engine/swarm/secrets/)" -%} - - -### Supported environment variables -List of [environment variables](/configure/environment/reference.html){:target="_blank"} that can be received as Docker secret and the matching Docker secret path environment variable: - -| PASSBOLT ENV VAR | DOCKER SECRET ENV VAR | -| ---------------------------------------- | ------------------------------------------------------------------------- | -| DATASOURCES_DEFAULT_PASSWORD | DATASOURCES_DEFAULT_PASSWORD_FILE | -| DATASOURCES_DEFAULT_HOST | DATASOURCES_DEFAULT_HOST_FILE | -| DATASOURCES_DEFAULT_USERNAME | DATASOURCES_DEFAULT_USERNAME_FILE | -| DATASOURCES_DEFAULT_DATABASE | DATASOURCES_DEFAULT_DATABASE_FILE | -{: .table-parameters } - - -### Supported secret files -List of file that contains secret data and the matching Docker secret path environment variable: - -| FILE PATH | DOCKER SECRET ENV VAR | -| ---------------------------------------- | ------------------------------------------------------------------------- | -| etc/passbolt/gpg/serverkey.asc | PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE | -| /etc/passbolt/gpg/serverkey_private.asc | PASSBOLT_GPG_SERVER_KEY_PRIVATE_FILE | -| /etc/ssl/certs/certificate.crt | PASSBOLT_SSL_SERVER_CERT_FILE | -| /etc/ssl/certs/certificate.key | PASSBOLT_SSL_SERVER_KEY_FILE | -{: .table-parameters } - -### Examples -#### Inject DATASOURCES_DEFAULT_PASSWORD variable usign Docker secrets -Following the Docker secrets documentation for Docker compose we have the following docker-compose.yaml example: -``` -services: - - passbolt: - ... - environment: - DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_password - secrets: - - db_password - ... - -secrets: - db_password: - file: db_password.txt -``` - -In this example we want to inject the contents of ‘db_password.txt’ in the DATASOURCES_DEFAULT_PASSWORD environment variable inside the Passbolt container. - -To do so we create the secret and call it db_password in this snippet: -``` -secrets: - db_password: - file: db_password.txt -``` - -Once we have this, we use this secret on the Passbolt service: -``` -services: - passbolt: - ... - secrets: - - db_password - ... -``` - -Finally, we have to check which environment variable we have to set in order to get the contents of the secret file in the DATASOURCES_DEFAULT_PASSWORD var. So we check in the Supported environment variables section to get the correct variable (DATASOURCES_DEFAULT_PASSWORD_FILE in this case) and set it on the Passbolt container environment with the path that points to the secret name: -``` -services: - passbolt: - ... - environment: - DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_password -``` - -#### Inject /etc/ssl/certs/certificate.pem file using Docker secrets -``` -services: - - passbolt: - ... - environment: - PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_cert - secrets: - - ssl_cert - ... - -secrets: - ssl_cert: - file: ssl_cert.pem -``` - -In this example we want to inject the contents of ‘ssl_cert.pem’ in the ‘/etc/ssl/certs/certificate.pem’ file inside the Passbolt container. - -To do so, we create a Docker secret and call it ssl_cert with the contents of ssl_cert.pem: -``` -secrets: - ssl_cert: - file: ssl_cert.pem -``` - - -Then we inject the secret in the Passbolt service: -``` -services: - passbolt: - ... - secrets: - - ssl_cert - ... -``` -And finally, we go to the supported secret files section to get which environment variable is the one that points to the path I want to fill ( PASSBOLT_SSL_SERVER_CERT_FILE which points to ‘/etc/ssl/certs/certificate.crt’): -``` -services: - passbolt: - ... - environment: - PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_cert -``` -#### Create secret outside of compose file -You can also create secrets directly so that you don't have to retain the file with the secret. This example will show you how to do that. - -The first step here is to create the secret: -``` -docker secret create gpg-public public.key -``` - -You will then need to modify your compose file to designate this as an external secret: -``` -secrets: - gpg-public: - external: true -``` - -Finally you will need to make sure this secret is used by the Passbolt service: -``` -services: - - passbolt: - ... - environment: - PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE: /run/secrets/gpg-public - secrets: - - gpg-public - ... -``` \ No newline at end of file diff --git a/_faq/hosting/001-where-to-get-help-for-installation.md b/_faq/hosting/001-where-to-get-help-for-installation.md deleted file mode 100644 index ad96405ec..000000000 --- a/_faq/hosting/001-where-to-get-help-for-installation.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Where can I get help for installation issues? -slug: installation-issue-help -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2017-01-20 00:00:00 Z ---- - -## Community support -If you are experiencing issues during the installation process you can request help from the -community in the [forum](https://community.passbolt.com). - -Before posting make sure to: -- read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12 -- read the tutorials and relevant help section on this site -- searched for similar issues on the web -- provide relevant information about the server (component names and versions, etc.) -- provide a copy of my logs and health check -- describe the steps you have taken to trouble shoot the problem -- describe the steps we can take to be able to reproduce the issue - -## Professional support -If you need a more rapid response time and more in depth help you can also contact -Passbolt SARL, the company behind passbolt, to get professional support services at -[contact@passbolt.com](mailto:contact@passbolt.com). diff --git a/_faq/hosting/001-why-unsafe.md b/_faq/hosting/001-why-unsafe.md deleted file mode 100644 index 5bf381871..000000000 --- a/_faq/hosting/001-why-unsafe.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Why do I see an unsafe mode banner in the footer? -slug: why-unsafe -layout: faq -category: hosting -tags: [troubleshoot] -permalink: /faq/hosting/:slug -date: 2017-03-03 00:00:00 Z ---- -When running the site with debug mode on, or without enforcing https, your passbolt instance can -not be considered secure. These settings can be useful for example when doing some local testing or development, -but should not be used for production. - -To disable the warning a passbolt administrator can edit your configuration to set `debug` to false and -`passbolt.ssl.force` to true. diff --git a/_faq/hosting/002-common-ldap-sync-error-messages.md b/_faq/hosting/002-common-ldap-sync-error-messages.md deleted file mode 100644 index 221775635..000000000 --- a/_faq/hosting/002-common-ldap-sync-error-messages.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: Why am I getting ldap synchronization issues? -slug: why-am-i-getting-ldap-synchronization-issues -layout: faq -category: hosting -tags: [troubleshoot] -permalink: /faq/configure/:slug -date: 2020-08-09 00:00:00 Z ---- - -Synchronization issues can come from a variety of reasons, [here are the most common ones](/configure/ldap/ldap-common-sync-error-messages). - diff --git a/_faq/hosting/002-how-to-increase-auto-logout-time.md b/_faq/hosting/002-how-to-increase-auto-logout-time.md deleted file mode 100644 index af25c7144..000000000 --- a/_faq/hosting/002-how-to-increase-auto-logout-time.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to increase auto logout time? -slug: how-to-increase-auto-logout-time -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-11-23 00:00:00 Z ---- - -By default passbolt uses the PHP session duration setting to define when the auto logout should -kick in. If the default session timeout is too short for you and your user you can extend it in -the PHP configuration. - -Currently, the code checks every 15 minutes if the browser is idle, using this browser functionality reserved for extensions, which returns "locked" if the system is locked, "idle" if the user has not generated any input for a specified number of seconds, or "active" otherwise. - -So if there is no direct interaction with the extension, the extension will not try to keep the session alive, and will just let it timeout. So if you have a long session default normally you would need to fail several checks to get logged out. - -{% include messages/notice.html - content="**Pro tip:** If the browser window is closed (even if the browser application is not closed) you will get logged out right away." -%} - -The best way to keep your session active is via the remember me feature as shown here. -{% include articles/figure.html -url="/assets/img/help/2023/03/remember-me.png" -legend="Remember my password" -%} - - -See the directive -[session.gc-maxlifetime](https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime) - -In order to change this number you must locate your `php.ini` file. Its location depends on your -operating system and php versions. - -For example on Debian or Ubuntu if you are using Nginx and PHP 7.4 it will be in -`/etc/php/7.4/fpm/php.ini` but the easy way to find it is to execute this command: - -``` -$ grep -lr session.gc_maxlifetime /etc/ | grep fpm -/etc/php/7.4/fpm/php.ini -``` - -Once located replace the `1440` timout value in seconds with for example `2700` for 45 minutes: -``` -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 2700 -``` - -**Important:** It's really important to note that the browser extension is sending a request to the server in order to keep the session active, that means that any behaviour that is comprometting it will end the session, even if the session lifetime is not ended. We have noticed a short behaviour that will result in a session ended: - -- Internet connection lost -- Browser shutdown -- Computer shutdown -- Computer's session inactive (locked) -- Changing IP address -- Browser's Confidentiality settings - diff --git a/_faq/hosting/002-why-are-my-email-not-being-sent.md b/_faq/hosting/002-why-are-my-email-not-being-sent.md deleted file mode 100644 index 59fe3d29a..000000000 --- a/_faq/hosting/002-why-are-my-email-not-being-sent.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Why are my emails not being sent? -slug: why-email-not-sent -layout: faq -category: hosting -tags: [troubleshoot] -permalink: /faq/hosting/:slug -date: 2018-03-14 00:00:00 Z ---- - -This can come from a variety of reasons, here are the most common ones. - -### Reason 1: Configuration issues - -There may be an issue with some of the [SMTP configuration](/configure/email/setup) -items, such as credentials, or the hostname, or the port for the selected protocol. - -By default passbolt is quite discrete on why a given configuration is not working. You can use the following -command to send a test email and get more debug information (replace **www-data** with **nginx** if you are running a RHEL-like server, or **wwwrun** in case you are using openSUSE): - -```shell -$ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=youremail@domain.com" -``` - -If this fails you should double check what is the recommended configuration in your email provider documentation. -You can also ask on the community forum in case another user have a working configuration for the same provider. - -### Reason 2: Email notifications are disabled in the config - -Another reason could be because email notifications are disabled in your configuration. -You can review such settings in the administration panel, when you are logged in as an administrator in passbolt. - -{% include articles/figure.html - url="/assets/img/help/2019/05/AD_email_notification_send_settings.png" - legend="Email Notification Settings - Email Delivery" -%} - -### Reason 3: The cron system is stopped - -Passbolt uses a system of email queue to send email notifications. -A dedicated cron job (located in `/etc/cron.d/passbolt-{ce|pro}-server`) runs every minute to go through the queue and send emails. - -So if you manage to send the test email but are not receiving notifications (such as registration emails), -one of the reason may be that the cron service is stopped. - -You can verify if the service is running by executing this command: - -``` -sudo systemctl status cron.service -``` - -You can also verify cronjobs activity with this command: - -``` -sudo journalctl -fu cron.service -``` -### Reason 4: There is an issue with the database schema related to the email queue - -If after an update you are getting error messages such as: -``` -Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘EmailQueue.to’ in ‘field list’ ... -``` - -It is possible that the wrong version of the data model is stored in the cache. This can happen -if the cache is not cleared after an install or an update. You can try clearing out the cache to solve this(replace **www-data** with **nginx** if you are running a RHEL-like server, or **wwwrun** in case you are using openSUSE). -``` -sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all" -``` - -### Reason 5: You are using credentials password instead of application password - -Some email providers will not let you use the password from your organization account for security purposes. It means that if you’re trying to use the authentication method “Username & Password” it will result in a failure if you are using something other than an application password. \ No newline at end of file diff --git a/_faq/hosting/002-why-should-i-install-haveged-on-virtual-environments.md b/_faq/hosting/002-why-should-i-install-haveged-on-virtual-environments.md deleted file mode 100644 index f564f9f0c..000000000 --- a/_faq/hosting/002-why-should-i-install-haveged-on-virtual-environments.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Why should I install haveged on virtual environments? -slug: why-haveged-virtual-env -layout: faq -category: hosting -tags: [troubleshoot] -permalink: /faq/hosting/:slug -date: 2019-03-29 00:00:00 Z ---- -Passbolt uses Gnupg as the encryption engine. Encryption operations such as creating a private key require an enough amount of entropy on the system's entropy pool. -A good and fast source of entropy is important to generate high quality random numbers. Poor quality on the random numbers could lead to weak private keys that -could compromise the security of your setup. -Random number generation is a complex topic that has been discussed widely on the community [[1]](https://lwn.net/Articles/525459/) - -Virtualisation strongly affects the quantity of produced entropy and. In other words, when you run a virtualised system such as a virtual machine or a container you likely -will find yourself in a situation where the entropy pool is low and it is filling slowly. There are few remediations for this situation: - -- Use a hardware random number generation and use [rng-tools](https://github.com/nhorman/rng-tools) -- Use [Haveged](http://www.issihosts.com/haveged/) - -As stated in [[1]](https://lwn.net/Articles/525459/) and [[2]](https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines), haveged could lead -to generation of poor entropy so, in order to stay safe, the recommendation would be to: - -1. Use rng-tools if you trust your hardware random number generator -2. If rng-tools is not enough then use Haveged as well. - -You can check the current available entropy on your system by executing this command: - -``` -cat /proc/sys/kernel/random/entropy_avail -``` - -A good number of available entropy is usually between 2500 and 4096 bits. Entropy is considered to be low when it is below 1000. \ No newline at end of file diff --git a/_faq/hosting/003-update-subscription-key.md b/_faq/hosting/003-update-subscription-key.md deleted file mode 100644 index 9fa7f21fb..000000000 --- a/_faq/hosting/003-update-subscription-key.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: How to update my subscription key -slug: update-evaluation-subscription-key -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2019-05-27 00:00:00 Z ---- - -For Passbolt version 3.2 and higher, you can update your subscription key on the web interface directly, [using the administration panel](#using-administration-panel). - -For Passbolt version prior to 3.2, the command line is the only way to update your subscription key, [as described below](#from-command-line). - -## Using administration panel - -Navigate to **administration > Subscription** and click on the **"Update key"** button. - -{% include articles/figure.html - url="/assets/img/screenshots/update-subscription-key-1.jpg" - legend="Update subscription key administration screen" -%} - -A pop-up will appear and you will be able to import your new subscription key - -{% include articles/figure.html - url="/assets/img/screenshots/update-subscription-key-2.jpg" - legend="Choose file popup in subscription key administration screen" - width="500px" -%} - -You are now able to see your subscription details: - -{% include articles/figure.html - url="/assets/img/screenshots/update-subscription-key-3.jpg" - legend="Subscription details in subscription key administration screen" -%} - -## From command line - -### Get ready -All the commands provided below should be done from inside your passbolt directory. - -```bash -$ cd /var/www/passbolt -``` - -{% include messages/notice.html - content="Notice: If you installed passbolt using the Debian package, or - are using the passbolt VM (OVA) run the commands from /usr/share/php/passbolt." -%} - -### Steps -Passbolt Pro currently does not provide a UI to manage subscription keys. - -To update your subscription key, you need to replace your previous subscription key with the new one. -In passbolt, the subscription key is stored in `/var/www/passbolt/config/license` - -To replace the existing subscription key with the new one: - -```bash -$ cp -u path_to_your_new_subscription_key config/license -``` -{% include messages/notice.html - content="Notice: If you installed passbolt using the package, or - are using the passbolt VM (OVA) the subscription key file is found here: /etc/passbolt/subscription_key.txt." -%} - -To check if the operation was successful and if the new subscription key is valid: - -```bash -$ bin/cake passbolt license_check -``` - -If your key is valid, this command will display the passbolt logo and the subscription key details, as in the example below: - -```bash -root@c6a4f37958b4:/var/www/passbolt# ./bin/cake passbolt license_check - - ____ __ ____ - / __ \____ _____ ____/ /_ ____ / / /_ - / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ - / ____/ /_/ (__ |__ ) /_/ / /_/ / / / - /_/ \__,_/____/____/_.___/\____/_/\__/ - - Open source password manager for teams ---------------------------------------------------------------- - -Thanks for choosing Passbolt Pro -Below are your subscription key details - -Customer id: xxxxxx -Users limit: 150 (currently: 43) -Valid from: May 6, 2020 -Expires on: May 6, 2021 (in 385 days) -``` diff --git a/_faq/hosting/004-firewall-rules.md b/_faq/hosting/004-firewall-rules.md deleted file mode 100644 index 1a8ecc6c0..000000000 --- a/_faq/hosting/004-firewall-rules.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Firewall rules -slug: firewall-rules -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-11-23 00:00:00 Z ---- - -You must allow these rules to make Passbolt work in a firewalled environment: - -## Inbound rules - -| Protocol name | Port number | Transport Layer Protocol | Comment | -| ------------- | ----------- | ------------------------ | ---------------------------------------------------- | -| HTTP | 80 | TCP | Optional, should be used only to redirect to HTTPS | -| HTTPS | 443 | TCP | To serve Passbolt through HTTPS | -{: .table-parameters } - -## Outbound rules - -| Protocol name | Port number | Transport Layer Protocol | Comment | -| ------------- | ----------- | ------------------------ | -------------------------------------------------------------------------------------------------------------------- | -| HTTP | 80 | TCP | To be able to connect to operating system repositories who don't use https (Ubuntu) | -| HTTPS | 443 | TCP | To be able to connect to package repository or bitbucket repository | -| SMTP | usually 587 | TCP | To send email notifications, used port depends of your SMTP server configuration, usually 25/TCP, 587/TCP or 465/TCP | -| DNS | 53 | UDP | To be able to resolve SMTP server name, or download.passbolt.com to check for updates | -| NTP | 123 | UDP | To make server synchronized to a NTP server. Mandatory to make GPG or MFA/OTP work | -| HKPS | 11371 | TCP | HKPS protocol for receiving GPG keys | -{: .table-parameters } \ No newline at end of file diff --git a/_faq/hosting/004-troubleshoot-ssl.md b/_faq/hosting/004-troubleshoot-ssl.md deleted file mode 100644 index 1b45ce372..000000000 --- a/_faq/hosting/004-troubleshoot-ssl.md +++ /dev/null @@ -1,281 +0,0 @@ ---- -title: Troubleshoot SSL -slug: troubleshoot-ssl -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-01-06 00:00:00 Z ---- - -## Table of content: - -* [HTTPS configuration documentation](#https-configuration-documentation) -* [Check certificates content](#check-certificates-content) - * [Certificate file](#certificate-file) - * [Key file](#key-file) -* [Check if certificate file matches with the key](#check-if-certificate-file-matches-with-the-key) -* [Self-hosted private certificate chain study](#self-hosted-private-certificate-chain-study) - * [Chain of trust](#chain-of-trust) - * [Use case](#use-case) - * [Display the chain of trust](#display-the-chain-of-trust) - * [Check the chain of trust](#check-the-chain-of-trust) -* [Use online tools to check your SSL configuration](#use-online-tools-to-check-your-ssl-configuration) - * [SSL Checker](#ssl-checker) - * [What is my chain cert](#what-is-my-chain-cert) - * [Qualys SSL Labs](#qualys-ssl-labs) - * [Mozilla Observatory](#mozilla-observatory) - -## HTTPS configuration documentation - -You will find infos about [how to set up HTTPS on passbolt here](/configure/https) - -## Check certificates content - -It is a common error to invert certificate and key, so check their content :-) - -### Certificate file - -Certificate file must start with: - -``` ------BEGIN CERTIFICATE----- -``` - -and end with: - -``` ------END CERTIFICATE----- -``` - -### Key file - -Key file must start with: - -``` ------BEGIN PRIVATE KEY----- -``` - -and end with: - -``` ------END PRIVATE KEY----- -``` - -## Check if certificate file matches with the key - -The output of the two below commands must be **absolutely the same**. - -Check the certificate: - -``` -openssl x509 -noout -modulus -in cert.pem | openssl md5 -``` - -Check the key: - -``` -openssl rsa -noout -modulus -in key.pem | openssl md5 -``` - -## Check if certificate matches your passbolt domain name - -Another common error is to define a domain name to passbolt and set a certificate valid for another domain. - -Check the domain name of your local certificate: - -``` -openssl x509 -text -noout -in cert.pem | grep DNS -``` - -You can also check your instance like this (replace passbolt.domain.tld with your passbolt domain name): - -``` -openssl s_client -connect passbolt.domain.tld:443 /dev/null | openssl x509 -noout -ext subjectAltName -openssl s_client -connect passbolt.domain.tld:443 /dev/null | openssl x509 -noout -text | grep DNS: -``` - -## Self-hosted private certificate chain study - -Some companies don't rely on public certification authorities. They generate self-signed certificates and trust them with their own Private Key Infrastructure (PKI). - -To trust SSL certificates signed by the PKI, you have to ensure root certificate of your company's PKI has been added in your operating system keychain. - -### Chain of trust - -A certificate chain or certificate CA bundle is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. - -An intermediate certificate authority (CA) is an entity that can sign certificates on behalf of the root CA. - -The root CA is only ever used to create one or more intermediate CAs, which are trusted by the root CA to sign certificates on their behalf. This is best practice. - -### Use-case - -Let's assume the following chain of trust: - -{% include articles/figure.html - url="/assets/img/help/2022/01/chain-of-trust.jpg" - legend="Chain of Trust" - width="550px" -%} - -* Your passbolt server certificate has been issued by "My Intermediate CA". -* "My Intermediate CA" has been issued by "My Root CA" - -To make your passbolt certificate trusted on your system, you have to add the root CA to your operating system keychain. - -To manually check if your passbolt SSL certificate has been issued by the correct certificate authority, follow the procedure below. - -#### Display the chain of trust - -This command will display the chain of trust for passbolt.domain.tld: - -``` -openssl s_client -quiet -connect passbolt.domain.tld:443 -``` - -It returns: - -``` -depth=2 CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU -verify return:1 -depth=1 C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld -verify return:1 -depth=0 CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU -verify return:1 -``` - -Where: - -* depth 2 is your root certificate `CN=My Root CA` -* depth 1 is the intermediate certificate `CN=My Intermediate CA` -* depth 0 is your certificate `CN=passbolt.domain.tld` - -#### Check the chain of trust - -This command will display all certificates of the chain of trust: - -``` -openssl s_client -showcerts -connect passbolt.domain.tld:443 -``` - -``` -Certificate chain - 0 s:CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU - i:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld ------BEGIN CERTIFICATE----- -(...) ------END CERTIFICATE----- - 1 s:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld - i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU ------BEGIN CERTIFICATE----- -(...) ------END CERTIFICATE----- - 2 s:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU - i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU ------BEGIN CERTIFICATE----- -(...) ------END CERTIFICATE----- -``` - -{% include messages/warning.html - content="Warning: As it is not mandatory to expose root CA, it can be missing from the above command output. You will have to ask for it to the team who is managing the local PKI." -%} - -Each "depth" is followed by its following certificate. You can now create 3 files: - -* root certificate `rootCA.pem` -* intermediate certificate: `intermediate.pem` -* passbolt certificate: `passbolt.pem` - -To check if `intermediate.pem` has been issued by `rootCA.pem`: - -``` -$ openssl verify -CAfile rootCA.pem intermediate.pem -``` - -It will return: - -``` -intermediate.pem: OK -``` - -But if we try to check if `passbolt.pem` has been issued by `intermediate.pem`, it fails: - -``` -$ openssl verify -CAfile intermediate.pem passbolt.pem -C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld -error 2 at 1 depth lookup: unable to get issuer certificate -error passbolt.pem: verification failed -``` - -To correctly check `passbolt.pem` certificate, you have to check the **full chain of trust**, aka `intermediate.pem + passbolt.pem` with the `rootCA.pem`. - -Create a bundle certificate: - -``` -cat intermediate.pem passbolt.pem > bundle.pem -``` - -Then check `bundle.pem`: - -``` -$ openssl verify -CAfile rootCA.pem bundle.pem -bundle.pem: OK -``` - -Congratulations, your certificate is fully trusted ! - -## Use online tools to check your SSL configuration - -In case your passbolt instance is publicly reachable, you can use online tools to validate your SSL configuration. -### SSL Checker - -[https://www.sslshopper.com/](https://www.sslshopper.com/ssl-checker.html) - -This tool will check your server and reports if any misconfiguration found. - -{% include articles/figure.html - url="/assets/img/help/2022/01/sslshopper-success.jpg" - legend="SSL Checker Success" - width="550px" -%} - -{% include articles/figure.html - url="/assets/img/help/2022/01/sslshopper-fail.jpg" - legend="SSL Checker Fail" - width="550px" -%} - -### What is my chain cert - -[https://whatsmychaincert.com/](https://whatsmychaincert.com/){:target="_blank"} - -Typically, the root CA does not sign server or client certificates directly, it is achieved by intermediate certificate and you must include them with your cert. - -[https://whatsmychaincert.com/](https://whatsmychaincert.com/){:target="_blank"} will help you to generate the correct certificate chain. - -If you want to know more about "Root vs Intermediate Certificates" you can read [this well-explained external ressource](https://www.golinuxcloud.com/openssl-create-certificate-chain-linux/){:target="_blank"} - -### Qualys SSL Labs - -[https://www.ssllabs.com/ssltest/](https://www.ssllabs.com/){:target="_blank"} - -This tool will show you the quality of your SSL configuration. A+ is the highest note. - -{% include articles/figure.html - url="/assets/img/help/2022/01/qualys-ssl-labs.jpg" - legend="SSL Test Pass" - width="550px" -%} - -### Mozilla Observatory - -[https://observatory.mozilla.org/](https://observatory.mozilla.org/){:target="_blank"} - -Mozilla Observatory is another web tool to show you the quality of your SSL configuration. - -{% include articles/figure.html - url="/assets/img/help/2022/01/mozilla-observatory.jpg" - legend="SSL Scan Pass" - width="550px" -%} diff --git a/_faq/hosting/005-how-to-migrate-from-http-to-https.md b/_faq/hosting/005-how-to-migrate-from-http-to-https.md deleted file mode 100644 index d22e70ff2..000000000 --- a/_faq/hosting/005-how-to-migrate-from-http-to-https.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: How to migrate from HTTP to HTTPS -slug: how-to-migrate-from-http-to-https -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-12-27 00:00:00 Z ---- - -You will find documentation about how to configure https [by clicking here](/configure/https) \ No newline at end of file diff --git a/_faq/hosting/005-how-to-use-docker-rootless-images.md b/_faq/hosting/005-how-to-use-docker-rootless-images.md deleted file mode 100644 index 3911c2908..000000000 --- a/_faq/hosting/005-how-to-use-docker-rootless-images.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to use docker rootless images -slug: how-to-use-rootless-images -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-12-30 00:00:00 Z ---- - -Our docker-compose.yml example uses root images. If you want to use non-root images, choose [one from available docker tags](https://hub.docker.com/r/passbolt/passbolt/tags?name=non-root){:target="_blank"} as **image** and update **ports** option. - -root images uses 80 and 443 ports: - -``` -version: '3.7' -services: - db: - ... - passbolt: - image: passbolt/passbolt:latest-ce - ... - ports: - - 80:80 - - 443:443 -``` - -non-root images uses 8080 and 4433 so you need to map ports 80 and 443 to them: - -``` -version: '3.7' -services: - db: - ... - passbolt: - image: passbolt/passbolt:latest-ce-non-root - ... - ports: - - 80:8080 - - 443:4433 -``` - -non-root images also uses a different path to handle ssl certificates: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - volumes: - ... - - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro - - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro -``` - -You can know more about how to setup https on docker on the [https configuration section](/configure/https). \ No newline at end of file diff --git a/_faq/hosting/005-troubleshoot-docker.md b/_faq/hosting/005-troubleshoot-docker.md deleted file mode 100644 index 71b779473..000000000 --- a/_faq/hosting/005-troubleshoot-docker.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Troubleshoot Docker -slug: troubleshoot-docker -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-12-15 00:00:00 Z ---- - -Connect yourself inside passbolt docker container (replace passbolt-container-name with your own): - -``` -$ docker exec -ti passbolt-container-name bash -``` - -All troubleshooting commands must be launched as `www-data` user. It is the case if you are running non-root docker images but for root images, switch as `www-data` user: - -``` -su -s /bin/bash www-data -``` - -Then to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable: - -``` -export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(gpg \ - --home $GNUPGHOME\ - --list-keys \ - ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \ - grep -Ev "^(pub|sub|uid|^$)" | tr -d ' ')" -``` - -Alternatively if you are using [Docker Secrets](/faq/hosting/docker-secrets.html){:target="_blank"} you'll need to run the following to access the secrets as environment variables: -``` -source /etc/environment -``` - -### Healthcheck - -``` -./bin/cake passbolt healthcheck -``` - -### Send a test email - -``` -./bin/cake passbolt send_test_email \ - --recipient=youremail@domain.com -``` - -### Datacheck - -``` -./bin/cake passbolt datacheck --hide-success-details -``` - -### Database migrations status - -``` -./bin/cake migrations status -``` - -## database container - -To connect into mysql container console (replace db-container-name with your own): - -``` -docker exec -ti db-container-name bash -c \ - 'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}' -``` \ No newline at end of file diff --git a/_faq/hosting/005-troubleshoot-helm.md b/_faq/hosting/005-troubleshoot-helm.md deleted file mode 100644 index c6bec425b..000000000 --- a/_faq/hosting/005-troubleshoot-helm.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Troubleshoot Helm -slug: troubleshoot-helm -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-11-23 00:00:00 Z ---- - -Connect yourself inside passbolt docker container (replace passbolt-container-name with your own): - -``` -$ kubectl exec -ti passbolt-container-name bash -``` - -All troubleshooting commands must be launched as `www-data` user. It is the case if you are running non-root docker images but for root images, switch as `www-data` user: - -``` -su -s /bin/bash www-data -``` - -Then to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable: - -``` -export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(gpg \ - --home $GNUPGHOME\ - --list-keys \ - ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \ - grep -Ev "^(pub|sub|uid|^$)" | tr -d ' ')" -``` - -### Healthcheck - -``` -./bin/cake passbolt healthcheck -``` - -### Send a test email - -``` -./bin/cake passbolt send_test_email \ - --recipient=youremail@domain.com -``` - -### Datacheck - -``` -./bin/cake passbolt datacheck --hide-success-details -``` - -### Database migrations status - -``` -./bin/cake migrations status -``` - -## database container - -To connect into mysql container console (replace db-container-name with your own): - -``` -kubectl exec -ti db-container-name bash -c \ - 'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}' -``` \ No newline at end of file diff --git a/_faq/hosting/006-how-to-generate-jwt-key-pair-manually.md b/_faq/hosting/006-how-to-generate-jwt-key-pair-manually.md deleted file mode 100644 index 9af6b0e2c..000000000 --- a/_faq/hosting/006-how-to-generate-jwt-key-pair-manually.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to generate JWT key pair manually -slug: how-to-generate-jwt-key-pair-manually -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2021-11-23 00:00:00 Z ---- - -{% include messages/warning.html - content="Warning: Replace /usr/share/php by /var/www and - /etc/passbolt by /var/www/passbolt/config if you have installed passbolt from sources." -%} - -Ensure `/etc/passbolt/jwt` folder exists and is owned by `root` user and `www-data` group. - -``` -sudo mkdir -m=750 /etc/passbolt/jwt -``` - -Create the JWT keys: - -``` -sudo /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys -``` - -Ensure rights are correct: - -``` -sudo chown -R root:www-data /etc/passbolt/jwt -sudo chmod 600 /etc/passbolt/jwt/jwt.key -sudo chmod 640 /etc/passbolt/jwt/jwt.pem -``` - -Ensure that all is good by executing the healthcheck. - -``` -sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt" www-data -``` - -You should see this result: - -``` -JWT Authentication -[PASS] The JWT Authentication plugin is enabled -[PASS] The /etc/passbolt/jwt/ directory is not writable. -[PASS] A valid JWT key pair was found -``` \ No newline at end of file diff --git a/_faq/hosting/006-how-to-import-ssl-certificate-on-mobile.md b/_faq/hosting/006-how-to-import-ssl-certificate-on-mobile.md deleted file mode 100644 index 568e1a876..000000000 --- a/_faq/hosting/006-how-to-import-ssl-certificate-on-mobile.md +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: How to import SSL certificate on mobile application -slug: how-to-import-ssl-certificate-on-mobile -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-01-05 00:00:00 Z ---- - -Your passbolt server must have HTTPS enabled to be able to use passbolt mobile app. - -If you are using self-signed certificates, you must import your server certificate to your mobile device. - -The screenshots below assume you are importing a root CA certificate (in case your self-signed certificates are trusted by a local certification authority), but the procedure remains the same in case you import server certificate. - -Not using iOS ? [Click here for importing certificates on Android](#import-certificate-on-android) - -## Import certificate on iOS - -Put certificate on your device and select it to install. You will be asked to review it in Setting app: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-01.jpg" -legend="Download profile" -width="450px" -%} - -Go to Settings app and select "Profile Downloaded" - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-02.jpg" -legend="Select Profile Downloaded" -width="450px" -%} - -Your certificate informations will be displayed, select **Install** to install it: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-03.jpg" -legend="Install profile" -width="450px" -%} - -Enter your iOS passcode: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-04.jpg" -legend="Enter your iOS passcode" -width="450px" -%} - -Be warned than certificate won't be usuable until you have enable it Certificate Trust Settings, select **Install** - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-05.jpg" -legend="Install profile warning" -width="450px" -%} - -Select Install: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-06.jpg" -legend="Install profile" -width="450px" -%} - -Profile is installed, select **Done**: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-07.jpg" -legend="Profile installed" -width="450px" -%} - -To enable your certificate, go to Setting app > General > About and select **Certificate Trust Settings**: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-08.jpg" -legend="Select Certificate trust Settings" -width="450px" -%} - -Enable your new certificate and confirm by selecting **Continue**: - -{% include articles/figure.html -url="/assets/img/help/2022/01/ios/ios-09.jpg" -legend="Select Certificate trust Settings" -width="450px" -%} - -## Import certificate on Android - -Go to Settings > Security > Encryption & credentials and select **Install a certificate**: - -{% include articles/figure.html -url="/assets/img/help/2022/01/android/android-01.jpg" -legend="Install a certificate" -width="450px" -%} - -Select **CA certificate**: - -{% include articles/figure.html -url="/assets/img/help/2022/01/android/android-02.jpg" -legend="Select CA certificate" -width="450px" -%} - -A warning is displayed, read it and only if you agree with it, select **Install Anyway** - -{% include articles/figure.html -url="/assets/img/help/2022/01/android/android-03.jpg" -legend="Displayed warning" -width="450px" -%} - -Select your certificate: - -{% include articles/figure.html -url="/assets/img/help/2022/01/android/android-04.jpg" -legend="Select your certificate" -width="450px" -%} - -Your certificate is installed: - -{% include articles/figure.html -url="/assets/img/help/2022/01/android/android-05.jpg" -legend="Installed certificate" -width="450px" -%} \ No newline at end of file diff --git a/_faq/hosting/007-how-to-rotate-server-gpg-keys.md b/_faq/hosting/007-how-to-rotate-server-gpg-keys.md deleted file mode 100644 index 9be282d57..000000000 --- a/_faq/hosting/007-how-to-rotate-server-gpg-keys.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: How to rotate server GPG keys -slug: how-to-rotate-server-gpg-keys -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-01-21 00:00:00 Z ---- - -## Docker installation - -It is quite simple with docker to rotate your passbolt server GPG keys. Connect yourself inside the passbolt container and delete the keys: - -``` -rm /etc/passbolt/gpg/serverkey.asc -rm /etc/passbolt/gpg/serverkey_private.asc -``` - -Destroy then recreate passbolt container and new GPG server keys will be generated. - -```bash -docker-compose up -d --force-recreate -``` - -## Other installations - -Create a temporary GPG home folder: - -``` -mkdir /tmp/gpg-temp -``` - -Generate new GPG keys: - -``` -gpg --homedir /tmp/gpg-temp --batch --no-tty --gen-key < /dev/null -gpg --homedir /tmp/gpg-temp --armor --export-secret-key ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | sudo tee /etc/passbolt/gpg/serverkey_private.asc > /dev/null -``` - -Ensure new GPG keys owner and group are correct. Replace **www-data** with **nginx** if you are using RPM-based Linux distribution. - -``` -sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc -sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc -``` - -Get new GPG keys fingerprint from public key: - -``` -sudo gpg --show-keys /etc/passbolt/gpg/serverkey.asc | grep -Ev "^(pub|sub|uid|$)" | tr -d ' ' -``` - -Ensure the fingerprint from private key is the same: - -``` -sudo gpg --show-keys /etc/passbolt/gpg/serverkey_private.asc | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' ' -``` - -CentOS 7 gpg command is quite old and has no **--show-keys** parameter. Use these commands instead: - -``` -# public key fingerprint -sudo cat /etc/passbolt/gpg/serverkey.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$)" | tr -d ' ' | sed 's/Keyfingerprint=//' -# private key fingerprint -sudo cat /etc/passbolt/gpg/serverkey_private.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' ' | sed 's/Keyfingerprint=//' -``` - -Open **/etc/passbolt/passbolt.php** configuration file and replace old fingerprint with the new one in the **passbolt** section: - -``` - 'passbolt' => [ - // GPG Configuration. - // The keyring must to be owned and accessible by the webserver user. - // Example: www-data user on Debian - 'gpg' => [ - // Main server key. - 'serverKey' => [ - // Server private key fingerprint. - 'fingerprint' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX', - 'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc', - 'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc', - ], - ], - -``` - -Launch a healthcheck command to get passbolt GNUPGHOME folder (usually /var/lib/passbolt/.gnupg but can be different if you installed passbolt from sources): - -``` - sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg" | grep GNUPGHOME -``` - -Delete the current GNUPGHOME folder, it will be automatically recreated. - -``` -sudo rm -rf /var/lib/passbolt/.gnupg -``` - -On next connection through web interface, you will get a warning that the server key has been changed: - -{% include - articles/figure.html - url="/assets/img/help/2022/01/gpg-server-key-changed.png" - legend="Server key has changed" width="586px" -%} - -You can now delete the temporary GPG home folder: - -``` -rm -rf /tmp/gpg-temp -``` diff --git a/_faq/hosting/008-how-to-ntp.md b/_faq/hosting/008-how-to-ntp.md deleted file mode 100644 index 53bf48e05..000000000 --- a/_faq/hosting/008-how-to-ntp.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to set up NTP -slug: set-up-ntp -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-12-05 00:00:00 Z ---- - -## Table of contents: - -- [Table of contents:](#table-of-contents) -- [Introduction](#introduction) -- [Ubuntu](#ubuntu) -- [Debian](#debian) -- [RedHat](#redhat) -- [OpenSUSE](#opensuse) -- [Oracle Linux](#oracle-linux) -- [Fedora](#fedora) -- [Docker](#docker) - -## Introduction -This page is intended to give you the resources to set up NTP(or suitable equivalent) on the main distrobutions that we support. NTP is important for two main reasons with Passbolt. The first is in regards to GPG authentication. The other area where this becomes important is if you have MFA enabled as if the server and user device time get out of sync the codes will not work. - -## Ubuntu -{% include faq/ntp/ubuntu.md %} - -## Debian -{% include faq/ntp/debian.md %} - -## RedHat -{% include faq/ntp/redhat.md %} - -## OpenSUSE -{% include faq/ntp/opensuse.md %} - -## Oracle Linux -{% include faq/ntp/oracle.md %} - -## Fedora -{% include faq/ntp/fedora.md %} - -## Docker -{% include faq/ntp/docker.md %} diff --git a/_faq/hosting/008-mobile-faq.md b/_faq/hosting/008-mobile-faq.md deleted file mode 100644 index f654d4dc1..000000000 --- a/_faq/hosting/008-mobile-faq.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: iOS / Android Mobile FAQ -slug: mobile-faq -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2022-02-02 00:00:00 Z ---- - -## Can I use the mobile application without HTTPS configured on my passbolt server ? - -A valid HTTPS configuration is mandatory for security concerns to be able to use the passbolt with iOS / Android. Mobile app won't work with plain HTTP. - -You can get a green padlock aside the url in your browser without a valid configuration for mobile app. A common misconfiguration error is to forget the intermediate certificate. You can check our [SSL troubleshooting page](/faq/hosting/troubleshoot-ssl){:target="_blank"} for more details. - - -## Can I use a self-signed certificate with the mobile application ? - -The answer is yes. The mandatory part is to generate a certificate with a valid subjectAltName. - -### How to generate a proper Self-signed certificate ? - -``` -openssl req -x509 \ - -newkey rsa:4096 \ - -days 120 \ - -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \ - -nodes \ - -addext "subjectAltName = DNS:passbolt.domain.tld" \ - -keyout key.pem \ - -out cert.pem -``` - -This command will output two files: **key.pem** and **cert.pem**. - -Of course, replace `-subj` values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. - -{% include messages/notice.html - content="Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. - If you do that, replace DNS with IP in subjectAltName." -%} - -### How to import my self-signed certificate ? - -Once [your self-signed certificate configured](/configure/https){:target="_blank"}, [import it in your mobile](/faq/hosting/how-to-import-ssl-certificate-on-mobile){:target="_blank"}. - -## Can I use 2FA ? - -Our mobile application support TOTP and [Yubikey](/configure/mfa/yubikey.html). - -[Duo OTP](/configure/mfa/duo) is not supported yet. - -## How to get logs ? - -Logs are available: - - * inside top-right (?) button on Login screen and while scanning QRCodes - * once logged in inside the settings menu. - -You can share them by clicking on the share icon on top-right of your screen. - -On Android, logs collection must be manually enabled: - -{% include articles/figure.html - url="/assets/img/help/2022/02/android-enable-logs.jpg" - legend="Enable Android logs" - width="350px" -%} - -## I can't login using Apache - -Apache [seems to discard](https://github.com/tymondesigns/jwt-auth/wiki/Authentication) the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your Apache config: - -``` -RewriteEngine On -RewriteCond %{HTTP:Authorization} ^(.*) -RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] -``` - -## I can't login with this error: "gopenpgp: the key contains too many entities" - -It means the OpenPGP key of your passbolt server contains more than one entity. It should not occur but we seen this issue on some old docker setup. - -To fix this issue, you can [rotate your passbolt server keys following this other FAQ page](/faq/hosting/how-to-rotate-server-gpg-keys){:target="_blank"}. - -## How can I check if JWT certificate matches with the JWT key - -First check if the JWT key format is correct: - -``` -$ openssl rsa -in /etc/passbolt/jwt/jwt.key -check -noout -RSA key ok -``` - -You can now check if the certificate matches with the key with the command below: - -``` -$ if openssl rsa -in /etc/passbolt/jwt/jwt.key -outform PEM -pubout 2>/dev/null | diff /etc/passbolt/jwt/jwt.pem - > /dev/null; then echo "OK: JWT key matches with JWT pem"; else echo "NOT OK: JWT key and pem doesn't match"; fi -``` \ No newline at end of file diff --git a/_faq/hosting/009-how-to-share-logs.md b/_faq/hosting/009-how-to-share-logs.md deleted file mode 100644 index 360e07803..000000000 --- a/_faq/hosting/009-how-to-share-logs.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: How can I check logs on my server? -slug: logs -layout: faq -category: hosting -permalink: /faq/hosting/:slug -date: 2023-05-22 00:00:00 Z ---- - -## The importance of the installation method -There are three main types of installations for Passbolt, and that's what you need to know before running one of these commands as they may not work for each installation. -- Package installation ([Debian](/hosting/install/ce/debian/debian.html), [Ubuntu](/hosting/install/ce/ubuntu/ubuntu.html), [OracleLinux](/hosting/install/ce/oraclelinux.html), and so on.) -- [From source](/hosting/install/ce/from-source.html) -- [Docker](/hosting/install/ce/docker.html) - -With **package** installation, the files will be split into two different directories, */etc/passbolt* for the configuration files and */usr/share/php/passbolt* for every other files and the CakePHP CLI. - -If you did a **from source** installation, the whole directory will be in */var/www/passbolt*. - -If you are runnig **docker**, please, refer to the [Troubleshoot Docker](/faq/hosting/troubleshoot-docker) guide as all is explained there. - - -## API -### Healthcheck -The healthcheck is used to check whether the Passbolt system is running as expected. It evaluates various aspects of the system to ensure that all components are working properly and configured correctly. It provides a detailed report about important information such as the gpg configuration, the ssl access, database configuration, etc. - -1. Package Installation - - ```bash - sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data - ``` - -2. From source - - ```bash - sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck" www-data - ``` - -{% include hosting/web-server-for-server-logs.md %} - -### Datacheck -The datacheck is a great tool as it aims to have a look at the data integrity for gpg keys, authentication tokens, groups, resources, etc. - -1. Package Installation - - ```bash - sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck" www-data - ``` - -2. From source - - ```bash - sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt datacheck" www-data - ``` - -{% include hosting/web-server-for-server-logs.md %} - -### Status Report - -The status report is in most case the best alternative if you need to gather information from the healthcheck, datacheck, do a cleanup dry-run and retrieve the server logs. - -On top of executing the healthcheck, datacheck and retrieving the server logs one after the other, it also gives important information about the system itself such as the passbolt edition and version, the version of CakePHP and PHP, composer version etc. - -1. Package Installation - - ```bash - sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/status-report" www-data - ``` - -2. From source - - ```bash - sudo su -s /bin/bash -c "/var/www/passbolt/bin/status-report" www-data - ``` - -{% include hosting/web-server-for-server-logs.md %} - -### Server logs - -The server logs contains mostly error and warnings such as bad request, invalid requests, applications errors, etc. - -1. Package Installation - - ```bash - sudo su -s /bin/bash -c "cat /var/log/passbolt/error.log" www-data - ``` - -2. From source - ```bash - sudo su -s /bin/bash -c "cat /var/www/passbolt/logs/error.log" www-data - ``` - -{% include hosting/web-server-for-server-logs.md %} - -## Browser Extension -### Google Chrome -1. You will need to navigate to your [extensions](chrome://extensions) -2. Activate the Developer mode in the top right corner -3. Look for Passbolt and click details button -4. Look for the Inspect views and the `index.html` link -5. A new window will appear this is the debugger of the browser extension -6. You can see from here, if there is any issue in the `console` tab -7. Go to the `network` tab -8. Try to reproduce the error -9. Export the logs by clicking the **down arrow** - -{% include messages/warning.html - content="**Warning:** HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can't check by opening them in a text editor." -%} - -{% - include articles/figure.html - url="/assets/img/help/2023/05/browser-extension-logs.png" - legend="Browser Extension Network Logs" width="900px" -%} - -### Firefox -1. You will need to navigate to your [extensions](about:debugging#/runtime/this-firefox) -2. Locate Passbolt and click Inspect -3. A new window will appear this is the debugger of the browser extension -4. You can see from here, if there is any issue in the `console` tab -7. Go to the `network` tab -8. Try to reproduce the error -9. Export logs by clicking right on the logs and select **Save all As HAR** - -{% include messages/warning.html - content="**Warning:** HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can't check by opening them in a text editor." -%} \ No newline at end of file diff --git a/_faq/hosting/index.html b/_faq/hosting/index.html deleted file mode 100644 index 45b673292..000000000 --- a/_faq/hosting/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Hosting FAQ -layout: faq -category: hosting -notsearchable: true -slug: faq ---- -{% include faq/list-by-category.html category=page.category %} diff --git a/_faq/legal/000-which-license.md b/_faq/legal/000-which-license.md deleted file mode 100644 index a9097200d..000000000 --- a/_faq/legal/000-which-license.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Under which license is passbolt distributed? -slug: which-license -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- - -Unless stated otherwise in the project's files distributed on Github, including but not limited to passbolt application and browser extensions, testing and deployment tools, styleguide, documentation and artwork included with the code etc.) - -* [Free Software Foundation's GNU AGPL v3.0](http://www.gnu.org/licenses/agpl-3.0.en.html). - -Unless stated otherwise the text and illustrations on this website are available under: - -* [Creative Commons BY SA 4.0](http://creativecommons.org/licenses/by-sa/4.0/). - -For 3rd party libraries the flavor of the open source license will vary (MIT, MPL, etc.), you can check the source for more details. - -Third party logos (such as Firefox, Docker, JSON, GnuPG, Github, etc.) are the sole property of their respective owners. They are used for illustrative use only. Their respective owners do not endorse passbolt or our use of their products. diff --git a/_faq/legal/001-can-i-commercially-distribute-passbolt.md b/_faq/legal/001-can-i-commercially-distribute-passbolt.md deleted file mode 100644 index 665c62f07..000000000 --- a/_faq/legal/001-can-i-commercially-distribute-passbolt.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Can I commercially host and distribute Passbolt? -slug: commercial-use -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- -For Passbolt Community Edition you can if you abide by the AGPL license terms! For the Passbolt Pro Edition -you also need to to abide to the Passbolt subscription terms (tldr: pay the fees, have a valid number of users, etc.). - -Our goal in selecting the AGPL v3.0, as our default license is to require that the source code is distributed to the -end users, so that enhancements can be released back to the community. Traditional open source licenses such as GPL -often do not achieve this when the software is runs as a web application, e.g. as hosted application available -through a network. - -If the AGPL v3 does not satisfy your organisation, an alternative open source license (OSI compatible) can be purchased. -Feel free to contact us for more details. diff --git a/_faq/legal/001-can-i-review-modify-share.md b/_faq/legal/001-can-i-review-modify-share.md deleted file mode 100644 index b8e291093..000000000 --- a/_faq/legal/001-can-i-review-modify-share.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Can I review, modify and share passbolt source code? -slug: review-modify-share -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- -Absolutely. The entire passbolt solution is composed of a free software. Our source code is made available in such a way that all of our users have the rights to: - -* Use the software for any purpose, -* Change the software to suit their needs, -* Share the software with their friends and neighbors, -* Distribute the software and the changes they make. - -You can learn more about free software on the [free software foundation website](http://www.gnu.org/philosophy/philosophy.html). diff --git a/_faq/legal/001-how-to-sign-cla.md b/_faq/legal/001-how-to-sign-cla.md deleted file mode 100644 index c77ba7e95..000000000 --- a/_faq/legal/001-how-to-sign-cla.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: How do I sign the Contributor Licence Agreement? -slug: how-to-sign-cla -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- -As part of the pull request process on github you will be asked to electronically sign passbolt CLA, -thanks to the CLA Assistant. You only need to do this once. You can also print it and send it to us -signed by email at [contact@passbolt.com](mailto:contact@passbolt.com). diff --git a/_faq/legal/001-where-is-cla.md b/_faq/legal/001-where-is-cla.md deleted file mode 100644 index cdc780632..000000000 --- a/_faq/legal/001-where-is-cla.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Where can I find the Contributor Licence Agreement? -slug: where-is-cla -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- -We use the [Harmony CLA](http://harmonyagreements.org/faqs.html) to protect your rights regarding any -contribution you make to our open source projects. -You can find our version below: - -{% include legal/cla.md %} diff --git a/_faq/legal/001-why-a-cla.md b/_faq/legal/001-why-a-cla.md deleted file mode 100644 index 25a6a1160..000000000 --- a/_faq/legal/001-why-a-cla.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Why do we need a Contributor Licence Agreement? -slug: why-cla -layout: faq -category: legal -permalink: /faq/legal/:slug -date: 2017-01-20 00:00:00 Z ---- -At passbolt we are required to have agreement with everyone who submit contributions, in order to make sure -that we, and the user of our software, are legally entitled to distribute your contributed code anywhere -in the world. - -In effect, you still own the copyright but you are giving us a licence. You retain the right to modify your -code and use it in other projects. diff --git a/_faq/legal/index.html b/_faq/legal/index.html deleted file mode 100644 index bfcee8551..000000000 --- a/_faq/legal/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Legal FAQ -layout: faq -category: legal -notsearchable: true -slug: faq ---- -{% include faq/list-by-category.html category=page.category %} diff --git a/_faq/start/000-install-browser-extensions.md b/_faq/start/000-install-browser-extensions.md deleted file mode 100644 index 839ccd251..000000000 --- a/_faq/start/000-install-browser-extensions.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to install and remove browser extensions -slug: browser-extensions -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -## Chrome -### Install the Chrome add-on - -1. Go to [https://chrome.google.com/webstore/detail/passbolt-extension/didegimhafipceonhjepacocaffmoppf](https://chrome.google.com/webstore/detail/passbolt-extension/didegimhafipceonhjepacocaffmoppf) -2. Click on the "Add to Chrome" button -3. Click "Add extension" - -## Firefox -### Install the Firefox add-on - -{% include articles/video.html - url="/assets/files/an_install_plugin_firefox_864.mp4" - mime_type="video/mp4" - legend="Passbolt Add-on - Install on Firefox" - width="500px" -%} - -1. Make sure you Firefox version is up to date. We only support the most recent versions. -2. Go to [https://addons.mozilla.org/en-US/firefox/addon/passbolt/](https://addons.mozilla.org/en-US/firefox/addon/passbolt/) -3. Click on the "Add to Firefox" button -4. Wait until the add-on download is complete -5. Click install -6. A passbolt icon should now be visible - -### I did this, but it still does not work! - -Sometimes Firefox does not behave as expected and passbolt will not start. We are aware of the problem and are trying to fix it. In the meantime here is what you try: - -* Press F5 / refresh the page. -* Close firefox and restart it again. -* Remove the firefox extension and reinstall it again. - -If you are still experiencing issues after trying these options out, feel free to get in touch, we would be happy to know more. - -[contact us!](mailto:contact@passbolt.com) - -### How to remove the Firefox extension - -{% include articles/video.html - url="/assets/files/an_remove_plugin_firefox_864.mp4" - mime_type="video/mp4" - legend="Passbolt Browser Extension - Remove on Firefox" - width="500px" -%} - -Clicking on "remove from toolbar" will only hide passbolt icon and not remove it! - -1. Open firefox -2. Click on the menu icon on the top right -3. Click on Add-ons -4. You should see passbolt in the list -5. Click on the remove button diff --git a/_faq/start/001-create-an-account.md b/_faq/start/001-create-an-account.md deleted file mode 100644 index f3d697438..000000000 --- a/_faq/start/001-create-an-account.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: How to create and setup an account -slug: account-setup -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -## Creating a demo account -Passbolt requires a server to work. You can either [install it on your own]({{ "/hosting/install" | absolute_url }}) machine -or use the demo environment. Here is the procedure to try out the demo: - -**Step 1.** Open the demo page: [https://demo.passbolt.com](https://demo.passbolt.com). - -**Step 2.** An add-on is required to use passbolt, click on the link to install the plugin for Firefox or Chrome. - -**Step 3.** You will see a small red key icon in the upper right hand corner of your browser. Click on it. - -**Step 4.** Select the demo instance. - -**Step 5.** Click the Register button and enter your name and email. Other users will be able to see your email ( -this is to allow testing "sharing" functionality), so you can use a throw-away email account if you are not confortable with this. - -**Step 6.** Passbolt sent you an email that contains a link allowing you to login. -{% include messages/warning.html - content="The link is only valid for a short duration (72h by default, but this can be vary). - If you registration email token expired you can request another one using the recovery feature at `https://[your_passbolt]/recover`" -%} - -## Setup the account - -**Step 1.** Check your email. When you click this link the setup will start. - -**Step 2.** passbolt will ask you to check the URL passbolt is associated with - -{% include articles/figure.html - url="/assets/img/help/2018/01/url-check.png" - legend="Validation of the domain" - width="450px" -%} - -**Step 3.** If you recognize the domain name, check the checkbox and then click Next. - -**Step 4.** Passbolt will ask you to create a new key on the following screen: -{% include articles/figure.html - url="/assets/img/help/2018/01/create-new-key.png" - legend="creating a new key" - width="450px" -%} - -**Step 5.** Next, passbolt will help you create a new master password. Choose this password wisely, -it will be the gatekeeper to all your other passwords. -{% include articles/figure.html - url="/assets/img/help/2018/01/set-passphrase.png" - legend="setting a passphrase" - width="450px" -%} - -**Step 6.** Once you have chosen your master password and clicked Next, you will be given the opportunity to -download your private key. It is highly recommended that you do so! - -**Step 7.** The final step is to create a security token. -Choosing a color and a three character token is a secondary security mechanism that helps you know you are -logging into a *real* passbolt instance. - -## Set up your profile - -1. Once you have registered, log in to passbolt for the first time. You will see a welcome screen. -2. You can edit your profile by clicking the user icon in the upper right corner and choosing "my profile" -3. Click the edit button on the left side to edit your name or upload a profile picture. - -![Set up profile gif]({{ "/assets/img/help/2018/01/passbolt-profile.gif" | absolute_url }}) diff --git a/_faq/start/002-how-can-i-recover-my-passphrase.md b/_faq/start/002-how-can-i-recover-my-passphrase.md deleted file mode 100644 index ca63902b6..000000000 --- a/_faq/start/002-how-can-i-recover-my-passphrase.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: How to recover my passphrase? -slug: passphrase-recovery -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-08-02 00:00:00 Z ---- -Unfortunately it is not possible to reset your private key passphrase if you do not remember the original. -Similarly if you have lost your private key and you do not have a backup, you cannot decrypt your passwords anymore. - -Sadly, you have lost access to the passwords that you have not yet shared. If you have shared your password with -somebody you can create a new account and ask them to share your password back with you. - -If you can’t remember your passphrase, the best thing to do is to start anew. diff --git a/_faq/start/002-recover-an-account.md b/_faq/start/002-recover-an-account.md deleted file mode 100644 index f387415d0..000000000 --- a/_faq/start/002-recover-an-account.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: How to recover an account? -slug: account-recover -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-08-02 00:00:00 Z ---- - -## Recover an account with the recovery kit - -The recovery kit can be used if you are setting up passbolt on a new machine because you lost, upgraded or reinstalled -the previous one. This procedure can also be used to configure passbolt on an additional machine. - -### Requirements - -You can follow this procedure if you are meeting the following requirements: - -- You are in possession of an active account; -- You are in possession of your recovery kit, it contains a copy of the private key associated to your account; -- You remember your passphrase. - -If you lost your recovery kit or your passphrase and you subscribed to the account recovery program, checkout this -[documentation](#recover-account-recovery-program). - -### Procedure - -**Step 1.** In order to recover you will need to go to your domain URL and add `/recover` at the end of the url, -for example `https://yourpassbolt.com/recover`. -**Step 2.** Complete the form by providing your email address. - -**Step 3.** Follow the link in your mailbox. - -**Step 4.** Follow the recovery steps, which is much like the initial setup. You will need to import your private key. - -**Step 5.** Enter your passphrase to login! - -## Recover an account with the account recovery program - -Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss. To know more about account recovery, checkout [this documentation](/configure/account-recovery). - -### Requirements - -You can follow this procedure if you are meeting the following requirements: -- You are in possession of an active account; -- Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud. -- You subscribed to the account recovery program while installing passbolt for the first time or via in your user settings workspace. - -### Procedure - -There are 2 ways to start the procedure: - -1. Assuming the browser extension is configured but the passphrase is lost: users can, at any time, click on the “help, I lost my passphrase” link in the sign in screen. An email will be sent to them to start the procedure. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-help-lost-passphrase.png" -legend="Login screen with the account recovery feature" -width="550px" -%} - -2. Assuming users are configuring Passbolt for a new browser or a new browser profile: during the process, they will be prompted to provide a recovery kit and its passphrase. If one of the information is missing, users can click on the “help, I lost my private key” link. Users will receive an email to start the procedure. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-help-lost-private-key.png" -legend="Recover screen with the help link" -width="550px" -%} - -### How does the account recovery procedure look like - -1. Users have asked for an account recovery and just received an email to start. The email contains a link that brings the users to the account recovery request page. Pay attention that at this moment, the browser being used must be the one on which the browser extension has to be configured to access the application. If the browser or profile is changed during the process users will be blocked at some point and might need to restart from the beginning. - -2. Users are prompted to provide a new passphrase and set their security token. Please note that the chosen passphrase is not a temporary one and will be the new passphrase to sign in. It’s the same for the security token. - -3. After these steps, an email is sent to the administrators to tell them that an account recovery has been requested. Users need to wait for them to accept the account recovery request (they could also reject it if they wish and users won’t be able to finish the recovery process). - -4. If they reject or accept the request an email is sent to inform the users about their choice. If it’s accepted, the email contains a link that users can follow to go on with the account recovery procedure. - -5. At this step, users are asked to provide the passphrase they chose previously. If they don’t remember it, they’re still able to request for another account recovery from the interface. After entering the right passphrase, the browser extension will sign the users in after ensuring they have downloaded their new recovery kit. diff --git a/_faq/start/002-registration-token-expired.md b/_faq/start/002-registration-token-expired.md deleted file mode 100644 index a1ffbc509..000000000 --- a/_faq/start/002-registration-token-expired.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: What can I do if my registration token expired? -slug: registration-token-expired -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -By default when you (or an administrator) create an account you will receive an email to verify your address. -This email contains a link that is only valid for a short duration. -By default it is valid for 72h, but this value can be changed by your passbolt server administrator. - -Since passbolt v2.0.0, if your registration email token expired and you still want to register, you can request -another one using the account recovery feature at `/recover` (e.g. https://[your_passbolt]/recover). - diff --git a/_faq/start/003-change-profile-picture.md b/_faq/start/003-change-profile-picture.md deleted file mode 100644 index a372dcc56..000000000 --- a/_faq/start/003-change-profile-picture.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: How can I change the profile picture -slug: profile-picture -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -Changing the profile picture is easy: - -1. While logged into your passbolt account... -2. Click the drop down button on your username icon on the top right corner of your screen. -3. Click on "my profile" -4. Select "Click here to upload a new picture" -5. Click "Browse" -6. Select a picture from your computer that you would like to upload -7. Click "Save" once you have selected a picture -8. Wait a moment till your profile picture is updated. - -### Caution! -{% include messages/warning.html content="Please note that if your file size and picture quality are heavy you may be unable to upload your picture." %} - -When you upload a picture be mindful of the following compatibilities: -* The height and width of the picture -* The file size -* The file extension diff --git a/_faq/start/003-copy-to-clipboard.md b/_faq/start/003-copy-to-clipboard.md deleted file mode 100644 index 7217c4f20..000000000 --- a/_faq/start/003-copy-to-clipboard.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: How to copy a password to clipboard -slug: copy-to-clipboard -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -* Note: A clipboard in computer terms, is a temporary storage area where material cut or copied from a file is kept -for pasting into another file.* - -1. Log in to your passbolt account -2. Select a password you wish to copy to clipboard -3. Click the "more" button" on top of your password list -4. Select option "copy password to clipboard" -5. Enter your master password. Click OK to confirm. -6. Your password will be copied to clipboard. diff --git a/_faq/start/003-create-edit-delete-password.md b/_faq/start/003-create-edit-delete-password.md deleted file mode 100644 index 803e80f39..000000000 --- a/_faq/start/003-create-edit-delete-password.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Password basics -slug: create-edit-delete-password -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -## Creating a new password - -1. Login and/or go to the password workspace -2. Click on create password button (at the top left corner) -3. You should now see a "Create password" dialog -4. Fill in a name, a username and a password. Optionally you can also specify a URL and a description. -5. Press the save button (or enter on your keyboard) -6. Wait until the encryption is done - -### Pro Tips: -* You can switch through the fields using the tab button on your keyboard -* You can press on the eye button to see your password in clear -* You can press the magic wand button to generate a random password automatically -* Make sure to check the complexity. This will be indicated right below the password field. - -## Editing a password - -1. Login and/ or go to password workspace -2. Select the password from your list -3. Click the "Edit" button on top of your password list -4. Click in the password field to unlock" -5. Enter your master password to continue. Press "OK" to confirm. -6. Edit your password and press the save button -7. Wait till Encryption is done - -### Pro Tip: -Press on the "Eye" button to check the edits made to your password - -## Deleting a password -1. Login and/or go to the password workspace -2. In the list, click on the password you wish to delete -3. Click on the "more" button on top of the password list -4. Select the "delete" option. -5. Click "OK" to confirm. - -### Pro tip: -Alternatively you can right click on a password and then choose the delete option in the contextual menu. diff --git a/_faq/start/003-how-to-use-tags.md b/_faq/start/003-how-to-use-tags.md deleted file mode 100644 index b3787ab66..000000000 --- a/_faq/start/003-how-to-use-tags.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -title: How to use tags (PRO) -slug: how-to-use-tags -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-05-02 00:00:00 Z ---- - -Sharing passwords using groups is already possible in passbolt and can help organise the passwords. It is often not enough for small teams or users with a lot of passwords, who often need another way to organise their data. - -## How are tags different than categories? - -The major difference between categories and tags is that, in most systems using folders, a given item only belongs to one folder. Inversely, when tagging, one item can be linked to many tags. Also while it is possible to have a hierarchical tag structure it is also less common. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-mental-models.png" - legend="Tags mental models" - width="500px" -%} - -## User experience and use cases - -You will find tags in the passwords workspace: - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-passwords-workspace.png" - legend="Tags in passwords workspace" - width="500px" -%} - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-use-cases.png" - legend="Tags use cases" - width="500px" -%} - -### View tags - -A user can view the tags applied to a resource from the tag section in the passwords workspace secondary sidebar. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-view.png" - legend="View tags" - width="500px" -%} - -### Edit tags - -#### Tag / Untag a resource via the tags editor - -Users can tag a resource by clicking on the “Tags editor” in the passwords workspace secondary sidebar. - -Users will see an autocomplete with a list of proposed tags when adding/editing tags to promote tag reuse. This autocomplete is updated for each letter typed starting with the first one. When clicking on an autocomplete list item, the tag is added. It is possible to select autocomplete list items using keyboard keys. - -By default, tags are set to be personal. It is a way for users to organize their passwords (their own and shared ones) following their own personal classification. Any resource can be tagged by users as personal. - -If using the prefix “#” a tag can be shared to everyone with access to this password. Users must be able to update a resource to be able to create a shared tag on it. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-add.png" - legend="Add tags" - width="500px" -%} - -#### Tag a resource by dragging it on a tag - -A user can tag a resource by dragging a resource from the grid on a tag in the “Filter by tags” section in the primary sidebar. - -### Rename tag - -A user can rename a tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-contextual-menu.png" - legend="Tags contextual menu" - width="400px" -%} - -By clicking on "Edit Tag", a dialog will therefore be shown to the user. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-rename.png" - legend="Rename tags" - width="400px" -%} - -### Delete tag - -A user can delete a personal tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar. To prevent someone from removing a tag by mistake, we request the user to confirm the delete action. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-delete.png" - legend="Delete personal tag confirmation window" - width="400px" -%} - -You cannot delete shared tags from contextual menu of the “Filter by Tags” section. On each resource of the shared tag you want to delete, you have to manually remove it from the tags editor. - -{% include articles/figure.html - url="/assets/img/help/2022/05/shared-tags-delete.png" - legend="Delete a shared tag from tags editor" - width="400px" -%} -## Filter resources - -### Filter resources from the user tags list - -Users can filter resources by tag via the “Filter by tags” section in the passwords workspace primary sidebar. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-filter.png" - legend="Filter tags" - width="400px" -%} - -### Filter resources from the resource details sidebar - -Users can filter the resources by clicking on a tag in the “Tags” section of the resource details sidebar. - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-untag.png" - legend="Click on a tag to filter on this tag" - width="500px" -%} - -### Filter resources by personal or shared tags - -By clicking on the funnel icon, you can filter by personal or shared tags: - -{% include articles/figure.html - url="/assets/img/help/2022/05/tags-filter-2.png" - legend="Filter by personal or shared tags" - width="400px" -%} - -### Filter resources from the search form - -You can type a tag slug in the password search form to display tagged resources. - -## Email notifications - -Editing or deleting a tag does not trigger any email notifications. \ No newline at end of file diff --git a/_faq/start/003-manage-favorites.md b/_faq/start/003-manage-favorites.md deleted file mode 100644 index b7ceba978..000000000 --- a/_faq/start/003-manage-favorites.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Managing your favorites -slug: account-basics -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- -Marking passwords as favorites is easy: - -1. While logged in, click passwords in the upper left. -2. With *All items* selected, click on the star next to the passwords you want to favorite. The star will turn red. -3. Click on Favorite to see the passwords you have marked. -4. Just click the star again to unfavorite a password. The star will become grey when unfavorited. \ No newline at end of file diff --git a/_faq/start/003-roles-and-permissions-FAQ.md b/_faq/start/003-roles-and-permissions-FAQ.md deleted file mode 100644 index 43073c1e0..000000000 --- a/_faq/start/003-roles-and-permissions-FAQ.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Roles and permissions FAQ -slug: roles-and-permissions-faq -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-05-02 00:00:00 Z ---- - -### What are the main differences between passbolt resource permissions? - -Passbolt offers three permissions at the resource level: - -* **Owner**: can manage share settings, delete, update, read. -* **Update**: can update the record and delete. -* **Read**: can only read and use the password metadata and secret. - -{% include messages/warning.html - content="Warning: A User with **Update** right is able to delete a resource. The main difference between **Owner** and **Update** right is the ability for the **Owner** - to share a resource." -%} - -### What happens when you delete a user who is sole owner of a resource shared with a group or user? Does the group/user keeps access to this resource or is it deleted? - -When a user, sole owner of a resource, is about to be deleted, a popup window is displayed and passbolt admin will be asked to transfer ownership of the resource to the group or user. - -{% include articles/figure.html - url="/assets/img/help/2022/05/delete-user-group.png" - legend="Shared password ownership transfer" - width="500px" -%} - -If the deleted user was also the sole group manager, passbolt admin will promote another user of the group as group manager. - -### What happens when you delete a user who owns non-shared resources? - -Unlike shared ones, non-shared resources of a deleted user will be deleted as well. - -### What is the difference between a group manager and group member? - -The group manager is a group member who can add or delete users to a given group, and promote them as another group manager. No more, no less. - -It is possible for a group member to share a resource he owns in "read-only" mode with the group. Group manager doesn't have extra-rights to edit resources ownership. - -### Who can create a group in passbolt? - -Only a passbolt administrator can create groups on passbolt. diff --git a/_faq/start/003-roles-and-permissions.md b/_faq/start/003-roles-and-permissions.md deleted file mode 100644 index a5bac1185..000000000 --- a/_faq/start/003-roles-and-permissions.md +++ /dev/null @@ -1,144 +0,0 @@ ---- -title: Roles and permissions -slug: roles-and-permissions -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-05-02 00:00:00 Z ---- - -## System-wide roles - -Passbolt proposes two system roles "admin" and "user". This system is the first line of the authorization mechanism performing checks directly for each user's actions. - -In a nutshell, an administrator manages the instance. In practice it means that they can manage organization-wide settings such as the content of the email notifications or which multiple factor authentication provider is enabled. Another responsibility is to create or delete users, manage groups and group managers, perform synchronization with a user directory, etc. - -### Settings - -| Action | Admin | User | -|--------------------------------------|-------|------| -| Manage email notification settings | Yes | No | -| Manage MFA settings | Yes | No | -| Manage LDAP settings / sync | Yes | No | -| Choose organization default language | Yes | No | -{: .table-parameters } - -### Users - -| Action | Admin | User | -|--------------------------------|-------|--------------| -| Create users | Yes | No | -| Rename user | Yes | Yes (if own) | -| Update email address | Yes | No | -| Delete users | Yes | No | -| Promote/Demote admin | Yes | No | -| View users | Yes | Yes | -| Select user preferred language | Yes | Yes (if own) | -{: .table-parameters } - -### Groups - -| Action | Admin | User | -|------------------------|--------------------------|--------------------------| -| Create groups | Yes | No | -| Rename groups | Yes | No | -| Add user to group | See. "Group level roles" | See. "Group level roles" | -| Delete groups | Yes | No | -| View groups | Yes | Yes | -| View group composition | Yes | Yes | -{: .table-parameters } - -### Others - -| Resources / Action | Admin | User | -|--------------------|----------------------------|----------------------------| -| Create resources | Yes | Yes | -| Manage resources | See “Resource level roles” | See “Resource level roles” | -| Create comments | Yes | Yes | -| Delete comments | Yes | Yes (if own) | -| Manage folders | See “Folder level roles” | See “Folder level roles” | -| Manage tags | See “Folder level roles” | See “Folder level roles” | -{: .table-parameters } - -## Group level roles - -Each group must have at least one group manager in charge of adding and removing group members. The administrators can appoint themselves as group administrator or appoint a regular user. - -{% include articles/figure.html - url="/assets/img/help/2022/05/groups workflow.jpg" - legend="Groups workflow" -%} - -Due to the nature of the encryption in passbolt, only someone with access to the secrets of a given group can add a member to that group (as they need to be able to decrypt and encrypt the secret for the new member). - -| Action | Group manager | Group member | -|------------------------------|---------------|--------------| -| Rename group | Yes | No | -| Add user to group | Yes | No | -| Remove user to group | Yes | No | -| Promote/Demote group manager | Yes | No | -{: .table-parameters } - -### Additional resources: - -* [Blog post: How passbolt will implement groups (2017)](https://blog.passbolt.com/how-passbolt-will-implement-groups-ee49108a6ff1) -* [Groups functional specifications (2020)](https://docs.google.com/document/d/1b7hwleV0VrU45ARErCutgNBQTD48mjoFVfD_OEE4le8/) - -## Resource level roles - -Passbolt offers three permissions on the resource level: - -* **Owner**: can manage share settings, delete, update, read. -* **Update**: can update the record and delete. -* **Read**: can only read and use the password metadata and secret. - -| Operation / Folder Permission | Owner | Update | Read | -|---------------------------------------|-------|--------|------| -| View resource metadata and secret | Yes | Yes | Yes | -| Edit resource metadata and secret | Yes | Yes | No | -| Delete resource | Yes | Yes | No | -| Share resource, e.g. edit permissions | Yes | No | No | -{: .table-parameters } - -## Folder Level roles - -Behind the scenes, permissions for folders will reuse the same permissions system than the one available for the resources. This will allow the user to associate a set of permissions to one or more folders, while reusing the metaphors the users are already accustomed to. - -Like resources, a folder must have an owner permission defined in the folder permissions. Two other permissions types are available: update and read. Each permission type give access to operations as described in the grid below: - -| Operation / Folder Permission | Owner | Update | Read | -|--------------------------------|-------|--------|------| -| View folder permissions | Yes | Yes | Yes | -| View folder | Yes | Yes | Yes | -| Rename folder | Yes | Yes | No | -| Delete folder | Yes | Yes | No | -| Create an item inside a folder | Yes | Yes | No | -| Move an item inside a folder | Yes | Yes | No | -| Edit folder permissions | Yes | No | No | -{: .table-parameters } - -Once an item is inside a folder what can be done with the items does not depend on the folder permission but the item itself, like on a regular file system. For a user to move an item that is inside a folder they must generally at least have update rights on the item and the destination folder. - -| Operation / Enclosed Item Permission | Owner | Update | Read | -|--------------------------------------|-------|--------|----------------------------------------------------------------------------| -| Move an item outside the folder | Yes | Yes | Only in some cases. See Approach to personal & shared folder organizations | -| Edit the resource | Yes | Yes | No | -| Delete the resource | Yes | Yes | No | -{: .table-parameters } - -### Approach to folder permissions inheritance - -One of the key requirements is to be able to apply a given folder permission to the items inside it. For example when a user “share” a folder or create a new item in that folder, or drop an existing resource in a folder, the folder permissions will be applied to the items where possible. - -The “where possible” is important here. While folders in passbolt can be used to organize resources and apply permissions, folders do not enforce the permission on its enclosed content at all times, but serve as a guide when an operation such as create or move is performed. As we have seen exceptions can be created, i.e. it is possible for a user to have more rights on an item than they have on a given folder. The opposite is also possible, the same way it is possible to create a hidden or restricted file in a shared folder in a traditional filesystem. - -One should picture a folder permission list as a permission mask, i.e. a predefined set of group/user rights, that could be applied to the folder content whenever a user is interacting with it. Applying permissions on a folder is the equivalent of selecting all the resources the user has the right to share inside the given folder and apply a new set of permission to this selection. Items where the user does not have access to (or cannot edit the permissions) will be ignored. - -This approach is also needed to work with the limitation of the end to end encryption scheme. Indeed only a user that has access to a secret can provide such access to another user. - -A user with can update as a permission is able to move a secret from one folder to another folder. In this case if the new folder is shared with more users these users won't have the secret shared with them. This is because to share a secret a user needs to have the owner permission on the secret. To ensure a secret inherits the permissions you expect it is best to have a user with the owner permission move the secret to the new folder. - -### Additional resources - -* [Blog post: Introducing the new “Folders” feature (2020)](https://blog.passbolt.com/introducing-the-new-folders-feature-77366ae59315) -* [Folders functional specifications (2020)](https://docs.google.com/document/d/1pSR97b5emJH5XxMME_lN4CqLUfYFuDw6DGCMJ_XjF-o) \ No newline at end of file diff --git a/_faq/start/003-share-password.md b/_faq/start/003-share-password.md deleted file mode 100644 index 229c01435..000000000 --- a/_faq/start/003-share-password.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: How to share passwords -slug: share-password -layout: faq -category: start -permalink: /faq/start/:slug -date: 2017-01-20 00:00:00 Z ---- - -## Sharing a password -1. Login and/ or go to password workspace -2. Select the password you would like to share -3. Click the "share" button -4. Type the name of a user you would like to share this password with. Optionally, you can select the permissions you wish to give to a user -5. Press the save button (or enter on your keyboard) -6. Enter your master password. Press OK to continue. -7. Wait until encryption is done - -{% include messages/warning.html content="Make sure you **press the save button every time** you make changes" %} - -## Removing yourself from a password shared with you -1. Log in to your passbolt account. -2. Click on "Shared with me" from the menu on the left -3. Select a password you wish to remove yourself from -4. Remove yourself from the list of users with whom the password is shared -5. The password will no longer be shared with you diff --git a/_faq/start/004-export-passwords.md b/_faq/start/004-export-passwords.md deleted file mode 100644 index 804927336..000000000 --- a/_faq/start/004-export-passwords.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to export passwords in a csv or kdbx file -slug: export-passwords -layout: faq -category: start -permalink: /faq/start/:slug -date: 2023-10-03 00:00:00 Z ---- - -## How to export passwords in passbolt - -{% include articles/video.html -url="/assets/files/export-video-example.mp4" -mime_type="video/mp4" -legend="Passbolt GUI - Export passwords" -width="500px" -%} - -### Steps -1. Select the password(s) or the folder(s) you'd like to export. - - If you want to export all the passwords you have access to, you can click on the menu next to "Folders". -3. Click on the "Export" or "Export all" button. -4. Choose the right format for the export. -5. You will be prompted to enter your passphrase. -6. The download will start and you will be able to open the file. - -### Supported file formats -Passbolt export system supports the following file formats: - -* Csv - Lastpass export -* Csv - 1password export -* Csv - Keepass export -* Csv - Dashlane export -* Csv - Nordpass export -* Csv - LogMeOnce export -* Csv - BitWarden export -* Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon...) -* Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave ...) -* Csv - Safari -* Kdbx (file format used by Keepass 2.x, you'll need to specify a keepass passphrase for the encryption) - -If you'd like to request the support of a specific format, you can open a request on [the community forum](https://community.passbolt.com/c/backlog). diff --git a/_faq/start/004-import-passwords.md b/_faq/start/004-import-passwords.md deleted file mode 100644 index f4c48195c..000000000 --- a/_faq/start/004-import-passwords.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: How to import passwords from a csv or kdbx file -slug: import-passwords -layout: faq -category: start -permalink: /faq/start/:slug -date: 2018-04-23 00:00:00 Z ---- - -## How to import passwords in passbolt - -{% include articles/video.html - url="/assets/files/import-video-example.mp4" - mime_type="video/mp4" - legend="Passbolt GUI - Import passwords" - width="500px" -%} - - -### Steps -1. Click on the "import" button at the top left, next to the "create" button. -2. Select a file (supported files are kdbx or csv. More details below.) -3. Click on "continue import" -4. For kdbx files, you might need to enter a password. Enter it and click "Ok". -5. The import will start. You will see a progress bar. -6. At the end of the import, you will see a report. After closing this window, you will see the passwords imported in your workspace. - -### Supported file formats -Passbolt import system supports the following file formats: -* Csv - Lastpass export -* Csv - 1password export -* Csv - Keepass export -* Csv - Dashlane export -* Csv - Nordpass export -* Csv - LogMeOnce export -* Csv - BitWarden export -* Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon...) -* Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave ...) -* Csv - Safari -* Kdbx (file format used by Keepass 2.x) - -If you'd like to request the support of a specific format, you can open a request on [the community forum](https://community.passbolt.com/c/backlog). - -### File format examples - -**Csv (Lastpass)** -``` -url,username,password,extra,name,grouping,fav -https://test.url,account1,P4ssw0Rd!,,Account1,,0 -https://test.url,account1,P4ssw0Rd!,,Account2,,0 -,,P4ssw0Rd!,,Account3,,1 -``` - -**Csv (1Password)** -``` -Title,Username,URL,Password,Notes,Type -Account1,account1,https://test.url,P4ssw0Rd!,Notes Account2,server -Account2,account2,https://test.url,P4ssw0Rd!,Notes Account2,shell -Account3,,,P4ssw0Rd!,Notes Account3,server -``` - -**Csv (Keepass / KeepassX)** -``` -"Group","Title","Username","Password","URL","Notes" -"My Servers","Account1","account1","P4ssw0Rd!","https://test.url","this is the description" -"My Servers","Account2","account2","P4ssw0Rd!","https://test.url","this is the description" -"My Servers","Account2","","P4ssw0Rd!","https://test.url","" -``` - -**Csv (Dashlane)** -``` -username,username2,username3,title,password,note,url,category,otpSecret -account1,,,Account 1,P4ssw0Rd,"this is the description",https:///test.url,, -account2@domain.tld,,,Account 2,P4ssw0Rd,"this is the description",https://test.url,, -account3@domain.tld,,,Account 3,P4ssw0Rd,,https://test.url,, -``` - -**Csv (Nordpass)** -``` -name,url,username,password,note,folder -Account1,https://test.url,account1,P4ssw0RD!,this is a description,PasswordFolder -Account2,https://test.url,account2,P4ssw0RD!,this is a description,PasswordFolder -Account3,https://test.url,account3,P4ssw0RD!,,, -``` - -**Csv (LogMeOnce)** -``` -"name","url","note","group","username","password","extra" -"Account1","https://test.url","this is the description","My servers","account1","P4ssw0Rd!","" -"Account2","https://test.url","","My servers","account2","P4ssw0Rd!","" -"Account3","https://test.url","this is the description","My servers","account3","P4ssw0Rd!","" -``` - -**Csv (BitWarden)** -``` -folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp -My Servers,1,login,Account1,,,0,https://test.url,account1,P4ssw0Rd!, -My Servers,,login,Account2,,,,https://test.url,account2,P4ssw0Rd!,TOTPSEED1337 -My Servers,,login,Account3,This is a description with field,"Field: 1337",,https://test.url,account3,P4ssw0Rd!, -My Servers,,note,Description Name,"This is a description.",,,,, -``` - -**Csv (Firefox platforms browsers)** -``` -"url","username","password" -"https://test.url","Account1",,"P4ssw0Rd!" -"https://test.url","Account2",,"P4ssw0Rd!" -"https://test.url","Account3",,"P4ssw0Rd!" -``` - -**Csv (Chromium browsers)** -``` -name,url,username,password -Account1,https://test.url,account1,P4ssw0Rd! -Account2,https://test.url,account2,P4ssw0Rd! -Account3,https://test.url,account3,P4ssw0Rd! -``` - -**Csv (Safari)** -``` -Title,URL,Username,Password,Notes -Account1,https://test.url,account1,P4ssw0Rd!,this is the description -Account2,https://test.url,account2,P4ssw0Rd!,this is the description -Account3,https://test.url,account3,P4ssw0Rd!,, -``` - -**Keepass file** - -[download example](/assets/files/keepass_file_example.kdbx) (the file is not password protected) - diff --git a/_faq/start/005-disable-built-in-password-manager.md b/_faq/start/005-disable-built-in-password-manager.md deleted file mode 100644 index 09958a344..000000000 --- a/_faq/start/005-disable-built-in-password-manager.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: How to disable your browser/mobile built-in password manager -slug: disable-built-in-password-manager -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-03-11 00:00:00 Z ---- - -Most web browsers and mobile devices include built-in password management that prompts you to save passwords for sites that you visit. - -We will see in this help page how to disable this feature in web browsers and set passbolt as default password manager on iOS / Android to avoid confusion and enhance security. - -- [Google Chrome](#google-chrome) -- [Mozilla Firefox](#mozilla-firefox) -- [Microsoft Edge](#microsoft-edge) -- [Brave](#brave) -- [iOS](#ios) - - [Disable iCloud Keychain](#disable-icloud-keychain) - - [Verify AutoFill settings](#verify-autofill-settings) -- [Android](#android) - -## Google Chrome - -* Go to **chrome://settings/autofill** and select **Password Manager** -* Turn off **Offer to save passwords** and **Auto Sign-in**. - -{% include articles/figure.html - url="/assets/img/help/2022/11/password-built-in-chrome.png" - legend="Disable Google Chrome built-in password manager" - width="550px" -%} - -## Mozilla Firefox - -* Go to **about:preferences#privacy** -* Scroll down to **Logins and Passwords** menu -* Uncheck **Ask to save logins and passwords for web sites** - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-built-in-firefox.jpg" - legend="Disable Mozilla Firefox built-in password manager" - width="550px" -%} - -## Microsoft Edge - -* Go to **edge://settings/passwords** -* Turn off **Offer to save passwords** - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-built-in-edge.jpg" - legend="Disable Microsoft Edge built-in password manager" - width="550px" -%} - -## Brave - -* Go to **brave://settings/passwords** -* Turn off **Offer to save passwords** and **Auto Sign-in**. - -{% include articles/figure.html - url="/assets/img/help/2022/11/password-built-in-brave.png" - legend="Disable Brave built-in password manager" - width="550px" -%} - -## iOS - -### Disable iCloud Keychain - -iCloud Keychain keeps informations like your Safari usernames and passwords, credit cards and Wi-Fi passwords up to date on any Apple device you approve. - -You can disable it if you want these data located only on passbolt. - -* From settings, tap you name: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-ios-01.jpg" - legend="iOS settings" - width="400px" -%} - -* Select iCloud: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-ios-02.png" - legend="iCloud" - width="400px" -%} - -* Select Keychain: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-ios-03.png" - legend="Keychain" - width="400px" -%} - -* Turn off iCloud Keychain - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-ios-04.png" - legend="Turn off iCloud Keychain" - width="400px" -%} - -### Verify AutoFill settings - -* Go to Settings > Passwords > AutoFill Passwords -* Select Passbolt in **Allow filling from** - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-autofill-iOS.jpg" - legend="Configure autofill on iOS" - width="400px" -%} - -## Android - -* From Settings, go to **Passwords & accounts** - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-01.jpg" - legend="Passwords & accounts" - width="400px" -%} - -* Ensure AutoFill setting is set to passbolt - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-07.jpg" - legend="Verify AutoFill setting" - width="400px" -%} - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-06.jpg" - legend="Verify AutoFill setting" - width="400px" -%} - -* Go back and tap on Google: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-02.jpg" - legend="Tap on Google logo" - width="400px" -%} - -* Select the account you want to manage. If you have multiple accounts, you will have to execute the next steps for each account. - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-03.png" - legend="Select your google account" - width="400px" -%} - -* Tap the setting icon: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-04.png" - legend="Android password manager" - width="400px" -%} - -* Turn off **Offer to save passwords** and **Auto Sign-in**: - -{% include articles/figure.html - url="/assets/img/help/2022/03/password-android-05.png" - legend="Android password manager" - width="400px" -%} \ No newline at end of file diff --git a/_faq/start/006-subscribe-to-account-recovery-program.md b/_faq/start/006-subscribe-to-account-recovery-program.md deleted file mode 100644 index 12e7b643b..000000000 --- a/_faq/start/006-subscribe-to-account-recovery-program.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to subscribe to the account recovery program? -slug: subscribe -layout: faq -category: start -permalink: /faq/start/account-recovery/:slug -date: 2022-07-28 00:00:00 Z ---- - -Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss. To know more about account recovery, checkout [this documentation](/configure/account-recovery). - -## Requirements - -You can follow this procedure if you are meeting the following requirements: - -- You are in possession of an active account; -- Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud. - -## How to subscribe as a new user during the setup process? - -If the account recovery is enabled for the organisation, all new users will be prompted to join the account recovery program during the setup process. - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-during-setup.png" - legend="Account recovery screen during browser extension setup process (Opt-out policy)" - width="450px" -%} - -The prompt presents different options depending on the organisation policy: - -- __Mandatory__: as its name states, users have to subscribe to the program no mater their preferences. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance; -- __Opt-out__: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference; -- __Opt-in__: as the *opt-out* option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference. - -## How to subscribe as an already registered user? - -If the account recovery is enabled for the organisation, all users can access their account recovery preference from the *account recovery* section of the *user settings workspace*. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-redirection-dialog.png" -legend="Account recovery user prompt dialog." -width="450px" -%} - -If the organisation account recovery policy is set to *mandatory* or *opt-out*, users will be prompted to enroll to the program immediately after signing in into passbolt. If they postpone the decision, they could follow the *attention crumbs* (❗) displayed in the interface to go to the setting screen later. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-setting.png" -legend="Account recovery user setting screen." -width="750px" -%} - -Users will be then able to enroll to the program by clicking the *review* button. Similarly to the setup process, the setting screen presents different options depending on the organisation policy: - -- __Mandatory__: as its name states, users have no other choice but to subscribe to the program. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance; -- __Opt-out__: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference; -- __Opt-in__: as the *opt-out* option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference. - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-dialog.png" - legend="Account recovery subscription dialog" - width="450px" -%} - -Users will notice additional information relative to the administrator who enabled the account recovery program. For safety reasons, it is highly recommended to verify carefully this information: Is the administrator known? Is the fingerprint matching the administrator public key? diff --git a/_faq/start/007-review-an-account-recovery-request.md b/_faq/start/007-review-an-account-recovery-request.md deleted file mode 100644 index 41c8d0935..000000000 --- a/_faq/start/007-review-an-account-recovery-request.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: How to review an account recovery request -slug: review-request -layout: faq -category: start -permalink: /faq/start/account-recovery/:slug -date: 2022-07-28 00:00:00 Z ---- - -## Accepting or rejecting an account recovery request -Administrators might receive account recovery requests from the users who lost their passphrase or recovery kit. Email notifications can be configured for the administrators to receive an email when an account recovery is requested. This email facilitates the account recovery request review by providing a link that redirects to the account recovery request review dialog. -In any case, it’s possible to review account recovery requests without email by accessing the user workspace. With the account recovery feature enabled, a new column “attention required” appears in the list of users. This helps to quickly see or sort users who require administrators to process their account recovery request. - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-request-review-entry-points.png" - legend="Account recovery request review entry points" - width="550px" -%} - -To process a request there are 4 ways you can choose. - -1. Using the link in the received email, it will open the application with the corresponding dialog opened. - -2. By right-clicking on the user row in the grid and click on “review request” in the contextual menu - -3. Having the user selected, by clicking on the “more” button on top of the grid and click on “review request” - -4. Using the “review” button accessible in the section “account recovery” from the user details. This section also shows the number of account recovery requests a user made and the state of the last request.. - -Administrators are prompted to accept or reject the account recovery request. Some information is provided in the UI, they need to be carefully checked before taking any action by verifying that the user is known and that the fingerprint is the expected one (we’re never too much careful). As a safety check, after making a choice administrators are prompted to provide their passphrase (unless they decided that the extension should remember it). - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-request-review-dialog.png" - legend="Account recovery request review dialog" - width="550px" -%} - -At this step, if administrators choose to reject the request, an email will be sent to inform the corresponding user and the procedure stops there. Otherwise the private ORK is asked in order to continue with the procedure. It is necessary for the browser extension as the key will be used to decrypt the user’s private key before re-encrypting iit with the user’s temporary key. Then the user will receive an email to finish the procedure. diff --git a/_faq/start/008-generate-openpgp-key.md b/_faq/start/008-generate-openpgp-key.md deleted file mode 100644 index a6ea8ca5c..000000000 --- a/_faq/start/008-generate-openpgp-key.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: How to generate an OpenPGP key -slug: generate-openpgp-key -layout: faq -category: start -permalink: /faq/start/:slug -date: 2022-07-28 00:00:00 Z ---- - -## Requirements - -In order to follow this procedure, ensure you meet with the following minimum requirements: - -- An access to a linux terminal machine; -- The OpenPGP package installed on the linux machine; -- The OpenPGP key to generate requirements: Algorithm, strength ... - -## Generate a new OpenPGP key pair - -{% include hosting/install/warning-gpg-key-server-generation.html %} - -Execute the following command to generate a new OpenPGP key pair. - -```shell -gpg --full-generate-key -``` - -This command will run an interactive wizard that will help you define the key settings: - -1. Select the key type, by instance: *RSA*. -2. If RSA was chosen, select the keysize, by instance for a strong key: *3072*. -3. Select the expiration time, by instance for "no expiry": *0*. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing. -4. Confirm the key type information. -5. Enter a name, by instance: *Ada Lovelace*. -6. Enter an email, by instance: *ada.lovelace@mydomain.tld*. -7. Enter a comment, it is optional. It will only help you to identify a key in the keyring if similar name or email chosen. -8. Confirm the key meta information. -9. If you are creating an Organization Account Recovery key pair set a passphrase, if this is for the server GPG key pair do not set a passphrase - -Once the key generated, the key will be stored in the keyring of the user you authenticated with and OpenPGP will -output the details of the newly generated key. - -```shell -public and secret key created and signed. - -pub rsa3072 2022-08-04 [SC] - F5B94A730D636A18815046C1408B779FE1951A9A -uid Ada Lovelace -sub rsa3072 2022-07-28 [E] -``` - -The output contains a 40 characters long identifier (*F5B94A730D636A18815046C1408B779FE1951A9A*) that represents the key fingerprint, -note it down, it will be useful later to identify the key in the keyring. - -## Export an OpenPGP key pair - -### Export an OpenPGP public key - -Execute the following command to export a public key having *F5B94A730D636A18815046C1408B779FE1951A9A* as fingerprint from -the OpenPGP keyring into a file in armor format. - -```shell -gpg --armor --export F5B94A730D636A18815046C1408B779FE1951A9A > public.key -``` - -### Export an OpenPGP private key - -Execute the following command to export a private key having *F5B94A730D636A18815046C1408B779FE1951A9A* as fingerprint from -the OpenPGP keyring into a file in armor format. - -```shell -gpg --armor --export-secret-keys F5B94A730D636A18815046C1408B779FE1951A9A > private.key -```` diff --git a/_faq/start/index.html b/_faq/start/index.html deleted file mode 100644 index af7ed82d7..000000000 --- a/_faq/start/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Get started using passbolt -layout: faq -category: start -notsearchable: true -slug: faq ---- -{% include faq/list-by-category.html category=page.category %} diff --git a/_includes/configure/configure-account-recovery.md b/_includes/configure/configure-account-recovery.md deleted file mode 100644 index fee993ded..000000000 --- a/_includes/configure/configure-account-recovery.md +++ /dev/null @@ -1,136 +0,0 @@ -
- -
- -## Requirements - -You can follow this procedure if you are meeting the following requirements: - -- You are running passbolt Pro > v3.6.0 or Passbolt Cloud. -- You have an active administrator account - -## How does it work? - -Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss. - -Depending on the organisation policy, all users will be able to deposit an encrypted backup of their private keys in -passbolt. Backups that can only be unlocked cryptographically by the organisation administrators having in their possession -the organisation recovery key. - -## Enable account recovery - -In order to configure account recovery for your organisation, go to administration setting workspace *Administration* > *Account recovery*. - -### Choose the organisation policy - -By default, account recovery is disabled. To enable it choose among the proposed policies the one that suits best your -organization. - -{% include articles/figure.html - url="/assets/img/help/2022/08/account-recovery-administration-settings-choose-policy.png" - legend="Account recovery administration settings choose policy" - width="550px" -%} - -- __Mandatory__: as its name states, users have to subscribe to the program no matter their preferences. New users will be forced to subscribe to the program while registering for the first time while existing users will be prompted to subscribe after signing in to the application. - -- __Opt-out__: users have the choice to subscribe or reject the program, but they are subscribed by default. Users will be able to set their preferences while registering for the first time while existing users will be prompted to subscribe after signing in to the application. - -- __Opt-in__: as the *opt-out* option, users have the choice to subscribe or reject the program, but they are not subscribed by default. New users will be able to set their preferences while registering for the first time and existing users will be able to set their preference via their settings workspace. - -- __Disable__: as the name states, the program is disabled and nobody will be able to use it. - -### Set the organisation key - -Once you have chosen the organisation policy the next step is to set an organisation key. This key will be used to encrypt -the escrow of the organisation users private keys. - -#### Import the organisation key - -This method is the recommended one as it will keep your organisation key isolated from passbolt until the moment you -need it. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-administration-setting-ORK-import.png" -legend="Account recovery administration settings ORK import screen" -width="450px" -%} - -In order to be accepted, the organisation key should meet these requirements: - -- The key should be public gpg key -- The key should use the algorithm RSA -- The key should have a length of 4096 bits -- The key should have a passphrase - -If you do not know how to generate an OpenPGP key, checkout the following documentation: [how to generate an OpenPGP key](/faq/start/generate-openpgp-key). - -#### Generate the organisation key - -If you cannot generate an OpenPGP key on your own, we got your back. In the import recovery key dialog, -click on the “Generate” tab. From there you will find a tool that will help you to generate your organisation key. - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-administration-setting-ORK-generation.png" - legend="Account recovery administration settings organisation generation screen" - width="450px" -%} - -{% include messages/warning.html -content="**Attention**: Passbolt will prompt you to save the generated key on your computer. Keep this backup offline in a safe place, it will be -required later to update the organisation policy as well as to approve the users' recovery requests." -%} - -### Apply the policy - -Once the organisation policy and the organisation key were imported, you can apply the changes. Click on the “save -settings” button, you will be prompted to review the settings. It is advised to do a careful check here before continuing. - -{% include articles/figure.html - url="/assets/img/help/2022/07/account-recovery-administration-settings-summary-review-dialog.png" - legend="Account recovery administration settings summary review dialog" - width="450px" -%} - -## Disable account recovery - -In order to disabled account recovery for your organisation, go to administration setting workspace *Administration* > *Account recovery*. - -{% include articles/figure.html -url="/assets/img/help/2022/08/account-recovery-administration-settings-disable-policy.png" -legend="Account recovery administration settings disable policy" -width="650px" -%} - -Select the policy "Disable" and click on the "Save settings" button on top of the screen. You will be prompted to -review the changes and then to provide the organisation key currently in use. This extra check will prevent attackers to -disable then enable again the feature with an organisation key of their own. - -{% include articles/figure.html -url="/assets/img/help/2022/08/account-recovery-administration-settings-provide-organisation-key.png" -legend="Account recovery administration settings provide organization key" -width="450px" -%} - -{% include messages/warning.html -content="**Attention**: By disabling account recovery, you will truncate all the relative data. If you decide to -enable it again you and the all the users will have to start everything from scratch." -%} - -## Update account recovery - -In order to update the settings, go to administration setting workspace *Administration* > *Account recovery*. - -Select the policy of your choice and update the organisation key if necessary as explained in the section -[enable account recovery](#enable-account-recovery). - -Once you have made your changes, click on the "Save settings" button on top of the screen. You will be prompted to -review the changes and to provide the organisation key currently in use. This extra check will prevent attackers to -disable then enable again the feature with an organisation key of their own. - -{% include articles/figure.html -url="/assets/img/help/2022/07/account-recovery-administration-settings-summary-review-dialog.png" -legend="Account recovery administration settings summary review dialog" -width="450px" -%} diff --git a/_includes/configure/configure-debian-package-mariadb.md b/_includes/configure/configure-debian-package-mariadb.md deleted file mode 100644 index abc1763c8..000000000 --- a/_includes/configure/configure-debian-package-mariadb.md +++ /dev/null @@ -1,69 +0,0 @@ -#### Configure {{ databaseEngine }} - -If not instructed otherwise passbolt {{ distribution }} package will install {{ databaseEngine }}-server locally. This step will help you create -an empty {{ databaseEngine }} database for passbolt to use. - -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/configure_mysql.png" %} -{% if product == 'pro' %} -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/configure_mysql_pro.png" %} -{% endif %} -{% - include articles/figure.html - url= imgUrl - legend="Configure database dialog" width="450px" -%} - -The configuration process will ask you for the credentials of the {{ databaseEngine }} admin user to create a new database. -{% if migrate %}You will find the root password on the server in the file `/root/.mysql_credentials`. {% else %}By default in most installations the admin username would be `root` and the password would be empty.{% endif %} - -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/mysql_admin_user.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/mysql_admin_user_pro.png' %} -{% endif %} -{% - include articles/figure.html - url= imgUrl - legend="Database admin user dialog" width="450px" -%} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/mysql_admin_user_pass.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/mysql_admin_user_pass_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Database admin user pass dialog" width="450px" -%} - -Now we need to create a {{ databaseEngine }} user with reduced permissions for passbolt to connect. {% if migrate %}For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.{% else %}These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.{% endif %} - -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/passbolt_db_user_name.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/passbolt_db_user_name_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Database passbolt user dialog" width="450px" -%} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/passbolt_db_user_pass.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/passbolt_db_user_pass_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Database passbolt user pass dialog" width="450px" -%} - -Lastly we need to create a database for passbolt to use, for that we need to name it: -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/db_name.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/db_name_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Database name dialog" - width="450px" -%} diff --git a/_includes/configure/configure-debian-package-nginx-https-auto.md b/_includes/configure/configure-debian-package-nginx-https-auto.md deleted file mode 100644 index 7716a9cfb..000000000 --- a/_includes/configure/configure-debian-package-nginx-https-auto.md +++ /dev/null @@ -1,89 +0,0 @@ -{% include messages/warning.html - content="If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account." -%} - -{% - include messages/warning.html - content="**Important requirement:** This tutorial assumes your machine has a valid domain name assigned in - order to work with let's encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section" -%} - -{% - include messages/warning.html - content="**Note:** the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default" -%} - -{% include configure/install_or_reconfigure_passbolt.md %} - -Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: - -- Serve passbolt on port 80 (http) -- Serve passbolt on port 443 (https) - -The following steps will guide you through the option that uses Let's encrypt method to enable SSL. - -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/configure_nginx.png" %} -{% if product == 'pro' %} -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/configure_nginx_pro.png" %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Configure nginx dialog" width="450px" -%} - -After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx: - -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/nginx_choices.png" %} -{% if product == 'pro' %} -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/nginx_choices_pro.png" %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="nginx SSL dialog" width="450px" -%} - -You will now need to introduce the name of the domain name assinged to your server: - -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/nginx_domain.png" %} -{% if product == 'pro' %} -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/nginx_domain_pro.png" %} -{% endif %} -{% include - articles/figure.html - url=imgUrl - legend="nginx domain name" width="450px" -%} - -Finally you will need to provide an email address for Let's encrypt to notify you for renewals and other admin info: - -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/lets_encrypt_email.png" %} -{% if product == 'pro' %} -{% assign imgUrl = "/assets/img/help/2020/05/debian-package/lets_encrypt_email_pro.png" %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="lets encrypt admin email" width="450px" -%} - -If everything goes fine you should see a final message that points you to finish passbolt configuration: - -{% - include articles/figure.html - url="/assets/img/help/2020/05/debian-package/success.png" - legend="Success message" width="450px" -%} - -Reload nginx after finish the reconfigure to use the SSL configuration. - -```bash -sudo systemctl reload nginx -``` - -Finally, ensure 'fullBaseUrl' value in /etc/passbolt/passbolt.php starts with https://. - -And that's it you should be able to reach your server on the domain you specified. \ No newline at end of file diff --git a/_includes/configure/configure-debian-package-nginx-https-manual.md b/_includes/configure/configure-debian-package-nginx-https-manual.md deleted file mode 100644 index b0ca90603..000000000 --- a/_includes/configure/configure-debian-package-nginx-https-manual.md +++ /dev/null @@ -1,127 +0,0 @@ -{% include messages/warning.html - content="If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account." -%} - -Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: - -- Serve passbolt on port 80 (http) -- Serve passbolt on port 443 (https) - -On this context 'manually' means that the user will provide the SSL certificates, this is the main difference with -the 'auto' method where [Let's Encrypt](https://letsencrypt.org/) will issue the SSL certificate for you. - -This manual method is often useful on private network installations with private [CA](https://en.wikipedia.org/wiki/Certificate_authority) where -the system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used with -self-signed SSL certificates for test installations. - -On this example we will assume the user is generating a self-signed certificate on the passbolt server. - -## Generate the SSL certificate - -While connected to your passbolt instance you can generate a SSL certificate in the following way: - -``` -openssl req -x509 \ - -newkey rsa:4096 \ - -days 120 \ - -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \ - -nodes \ - -addext "subjectAltName = DNS:passbolt.domain.tld" \ - -keyout key.pem \ - -out cert.pem -``` - -This command will output two files: **key.pem** and **cert.pem**. Identify the absolute path where these files are located as you will need them in next steps. - -Of course, replace `-subj` values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser. - -{% include messages/notice.html - content="Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. - If you do that, replace DNS with IP in subjectAltName." -%} - -{% include configure/install_or_reconfigure_passbolt.md %} - -You should select yes for the nginx setup: - -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/configure_nginx.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/05/debian-package/configure_nginx_pro.png' %} -{% endif %} - -{% - include articles/figure.html - url=imgUrl - legend="Nginx configuration message" width="450px" -%} - -Choose 'manual' for the SSL setup method: - -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_method_select.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_method_select_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="SSL method selection" width="450px" -%} - -Provide the domain name you plan to use for your passbolt server. On this example and as we are using a -self-signed certificate the domain name is not as important as if you are planning to use a proper SSL -certificate. In the later escenario DNS domain name and SSL domain name must match. - -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_domain.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_domain_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="Domain for nginx setup" width="450px" -%} - -Provide the full path of the SSL certificate you created on previous steps ('cert.pem') - -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_cert.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/ssl_cert_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="SSL certificate path" width="450px" -%} - -Now provide the full path of the SSL key ('key.pem') - -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/key_ssl.png' %} -{% if product == 'pro' %} -{% assign imgUrl = '/assets/img/help/2020/09/debian-package/key_ssl_pro.png' %} -{% endif %} -{% - include articles/figure.html - url=imgUrl - legend="SSL private key path" width="450px" -%} - -Keep in mind that you might need to add DNS records to reach your domain on your local -network or in a public DNS provider. - -{% - include articles/figure.html - url="/assets/img/help/2020/09/debian-package/success_message.png" - legend="Success message" width="450px" -%} - -Reload nginx after finish the reconfigure to use the SSL configuration. - -```bash -sudo systemctl reload nginx -``` - -Finally, ensure 'fullBaseUrl' value in /etc/passbolt/passbolt.php starts with https://. - -And that's it you should be able to reach your server on the domain you specified. - diff --git a/_includes/configure/configure-docker-https-auto.md b/_includes/configure/configure-docker-https-auto.md deleted file mode 100644 index 965f9393e..000000000 --- a/_includes/configure/configure-docker-https-auto.md +++ /dev/null @@ -1,197 +0,0 @@ -{% include messages/warning.html - content="If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery." -%} - -{% - include messages/warning.html - content="**Important requirement:** This tutorial assumes your machine has a valid domain name assigned in - order to work with let's encrypt." -%} - -## Requirements - -* [docker setup with docker-compose](/hosting/install/{{ product }}/docker.html) -* A domain name reachable over the internet - -### Add traefik service to handle https - -If you have followed [our installation documentation](/hosting/install/{{ product }}/docker.html), you should have defined **db** and **passbolt** services for your passbolt stack. - -To handle HTTPS setup with Let's Encrypt, add a traefik service as follow: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - traefik: - image: traefik:2.6 - restart: always - ports: - - 80:80 - - 443:443 - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./traefik.yaml:/traefik.yaml:ro - - ./conf/:/etc/traefik/conf - - ./shared/:/shared -``` - -Traefik will: -* act as a proxy in front of passbolt service, that's why we defined ports 80 and 443. -* handle Let's Encrypt certificates renew. - -### configuration files - -Create a **traefik.yaml** configuration file with this content (replace yourname@domain.tld with your email for Let's Encrypt): - -``` -global: - sendAnonymousUsage: false -log: - level: INFO - format: common -providers: - docker: - endpoint: 'unix:///var/run/docker.sock' - watch: true - exposedByDefault: true - swarmMode: false - file: - directory: /etc/traefik/conf/ - watch: true -api: - dashboard: false - debug: false - insecure: false -entryPoints: - web: - address: ':80' - http: - redirections: - entryPoint: - to: websecure - scheme: https - permanent: true - websecure: - address: ':443' -certificatesResolvers: - letsencrypt: - acme: - email: yourname@domain.tld - storage: /shared/acme.json - caServer: 'https://acme-v02.api.letsencrypt.org/directory' - keyType: EC256 - httpChallenge: - entryPoint: web - tlsChallenge: {} -``` - -Create a **conf** folder: - -``` -mkdir conf -``` - -In the **conf** folder, create 2 files: - -**conf/headers.yaml**: - -``` -http: - middlewares: - SslHeader: - headers: - FrameDeny: true - AccessControlAllowMethods: 'GET,OPTIONS,PUT' - AccessControlAllowOriginList: - - origin-list-or-null - AccessControlMaxAge: 100 - AddVaryHeader: true - BrowserXssFilter: true - ContentTypeNosniff: true - ForceSTSHeader: true - STSIncludeSubdomains: true - STSPreload: true - ContentSecurityPolicy: default-src 'self' 'unsafe-inline' - CustomFrameOptionsValue: SAMEORIGIN - ReferrerPolicy: same-origin - PermissionsPolicy: vibrate 'self' - STSSeconds: 315360000 -``` - -**conf/tls.yaml**: - -``` -tls: - options: - default: - minVersion: VersionTLS12 - sniStrict: true - curvePreferences: - - CurveP521 - - CurveP384 - cipherSuites: - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -``` - -**traefik.yaml**, **conf/headers.yaml** and **conf/tls.yaml** will be mounted inside traefik container. - -### Handle passbolt with Traefik - -To make Traefik redirect incoming requests to passbolt, edit the **passbolt** service as follow: - -**Step 1.** As traefik will handle HTTPS connexion, remove the ports definition for passbolt service - -**Step 2.** Add docker labels to make Traefik aware of passbolt service - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - labels: - traefik.enable: "true" - traefik.http.routers.passbolt-http.entrypoints: "web" - traefik.http.routers.passbolt-http.rule: "Host(`passbolt.domain.tld`)" - traefik.http.routers.passbolt-http.middlewares: "SslHeader@file" - traefik.http.routers.passbolt-https.middlewares: "SslHeader@file" - traefik.http.routers.passbolt-https.entrypoints: "websecure" - traefik.http.routers.passbolt-https.rule: "Host(`passbolt.domain.tld`)" - traefik.http.routers.passbolt-https.tls: "true" - traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt" - traefik: - ... -``` - -{% include messages/warning.html - content="Ensure you have correctly set your domain name (replace passbolt.domain.tld with your own in the example above)." -%} - -## non-root images - -If you are using non-root images, add `loadbalancer.server.port` label to make traefik aware of the to be used port for passbolt service: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - labels: - ... - traefik.http.services.passbolt-https.loadbalancer.server.port: 8080 -``` - -## That's it - -Launch `docker-compose up -d` and you should be able to reach passbolt with HTTPS and a Let's Encrypt certificate. -The renewal of the certificate will be handled automatically by Traefik daemon. diff --git a/_includes/configure/configure-docker-https-manual.md b/_includes/configure/configure-docker-https-manual.md deleted file mode 100644 index 087ebc10a..000000000 --- a/_includes/configure/configure-docker-https-manual.md +++ /dev/null @@ -1,66 +0,0 @@ -{% include messages/warning.html - content="If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery." -%} - -## Requirements - -* [docker setup with docker-compose](/hosting/install/{{ product }}/docker.html) - -## HTTPS configuration - -You need to bind-mount your certificates inside passbolt container to use them. - -Create a certs folder and put your certificates there: - -``` -mkdir certs -mv /path/to/your/certificate.crt certs/cert.pem -mv /path/to/your/certificate.key certs/key.pem -``` - -The bind-mount configuration will differ depending which passbolt image you are using. - -### standard images - -If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - volumes: - ... - - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro - - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro - ports: - - 80:80 - - 443:443 -``` - -Ensure your **APP_FULL_BASE_URL** environment variable starts with **https://** - -### rootless images - -If you are using rootless images, [tagged as non-root](https://hub.docker.com/r/passbolt/passbolt/tags?name=non-root){:target="_blank"}, the bind-mount path will be different as well as port mapping: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - volumes: - ... - - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro - - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro - ports: - - 80:8080 - - 443:4433 -``` - -Like standard images, ensure your **APP_FULL_BASE_URL** environment variable starts with **https://** \ No newline at end of file diff --git a/_includes/configure/configure-rpm-package-nginx-https-auto.md b/_includes/configure/configure-rpm-package-nginx-https-auto.md deleted file mode 100644 index 1b3dac375..000000000 --- a/_includes/configure/configure-rpm-package-nginx-https-auto.md +++ /dev/null @@ -1,20 +0,0 @@ -{% include messages/warning.html - content="If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account." -%} - -If you are reconfiguring passbolt you most likely want to say **'NO'** to the mariadb or havaged setup questions and go for the nginx setup - -{% assign ssl_reconfigure = 'true' %} - -{% include configure/configure-rpm-package.md %} - -Reload nginx after finish the reconfigure to use the SSL configuration. - -```bash -sudo systemctl reload nginx -``` - -Finally, ensure 'fullBaseUrl' value in /etc/passbolt/passbolt.php starts with https://. - -And that's it you should be able to reach your server on the domain you specified. \ No newline at end of file diff --git a/_includes/configure/configure-rpm-package.md b/_includes/configure/configure-rpm-package.md deleted file mode 100644 index 506365c96..000000000 --- a/_includes/configure/configure-rpm-package.md +++ /dev/null @@ -1,115 +0,0 @@ -#### MariaDB / Nginx / SSL settings - -Passbolt {{ product | upcase }} RPM package on {{ distributionLabel }} {{ distributionVersion }} come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings. - -You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process. - -Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. - -Launch `passbolt-configure` tool and answer to the questions: - -``` -sudo /usr/local/bin/passbolt-configure -``` - -{% if ssl_reconfigure != 'true' %} -#### MariaDB - -``` -================================================================ -Do you want to configure a local mariadb server on this machine? -================================================================ -1) yes -2) no -#? -``` - -Answer **1** for yes if you want to configure a local MariaDB database, otherwise **2** for no if you plan to use an existing one. - -If you chose yes, answer the questions: - -``` -======================================================= -Please enter a new password for the root database user: -======================================================= -MariaDB Root Password: **** -MariaDB Root Password (verify): **** -====================================================== -Please enter a name for the passbolt database username -====================================================== -Passbolt database user name:passboltuser -======================================================= -Please enter a new password for the mysql passbolt user -======================================================= -MariaDB passbolt user password: **** -MariaDB passbolt user password (verify): **** -============================================== -Please enter a name for the passbolt database: -============================================== -Passbolt database name:passboltdb -``` - -#### Haveged - -On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly. - -You should consider to install Haveged to speed up the entropy generation. Please check [our FAQ page about this](https://help.passbolt.com/faq/hosting/why-haveged-virtual-env) for more informations. - -``` -================== -Install Haveged ? -================== -1) yes -2) no -#? -``` - -{% endif %} - -#### Nginx - -Please enter the domain name under which passbolt will run. - -Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let's encrypt if you don't have your own SSL certificates. - -If you don't have a domain name and you do not plan to use let's encrypt please enter the ip address to access this machine. - -``` -========= -Hostname: passbolt.domain.tld -========= -``` - -#### SSL configuration - -3 available choices for SSL configuration: - -* manual: Prompts for the path of user uploaded ssl certificates and set up nginx -* auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx -* none: Do not setup HTTPS at all - -``` -================== -Setting up SSL... -================== -1) manual -2) auto -3) none -#? -``` - -If you choose **1**, you will be prompted for the full path of your certificates: - -``` -Enter the path to the SSL certificate: /path/to/certs/cert.pem -Enter the path to the SSL privkey: /path/to/certs/key.pem -``` - -Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration. - -``` -=============================================================== -Installation is almost complete. Please point your browser to - https://passbolt.domain.tld to complete the process -=============================================================== -``` \ No newline at end of file diff --git a/_includes/configure/configure-smtp.md b/_includes/configure/configure-smtp.md deleted file mode 100644 index 2f1c44bd3..000000000 --- a/_includes/configure/configure-smtp.md +++ /dev/null @@ -1,9 +0,0 @@ -- Test your configuration - -Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-test-email-success.png" legend="Passbolt - Email test success" width="586px" %} - -- Save your configuration - -If everything went as expected, do not forget to save your configuration and **"Success: The SMTP settings have been saved successfully"** should appear. \ No newline at end of file diff --git a/_includes/configure/env-var-reference.md b/_includes/configure/env-var-reference.md deleted file mode 100644 index 400879ced..000000000 --- a/_includes/configure/env-var-reference.md +++ /dev/null @@ -1,63 +0,0 @@ -Following there is a list of the environment variables supported in passbolt both PRO and CE editions with their default values. - -| Variable name | Description | Default value | -| ---------------------------------------- | ------------------------------------------------------------------------- | -------------------------------------------------- | -| APP_BASE | it allows people to specify the base subdir the application is running in | `null` | -| APP_ENCODING | Set text encoding | `'UTF-8'` | -| APP_FULL_BASE_URL | Passbolt base url | `'false'` | -| DATASOURCES_DEFAULT_DATABASE | Database name | `''` | -| DATASOURCES_DEFAULT_HOST | Database hostname | `'localhost'` | -| DATASOURCES_DEFAULT_PORT | Database port | `3306` | -| DATASOURCES_DEFAULT_URL | Database url | `''` | -| DATASOURCES_DEFAULT_PASSWORD | Database password | `''` | -| DATASOURCES_DEFAULT_SSL_KEY | Database SSL Key | `''` | -| DATASOURCES_DEFAULT_SSL_CERT | Database SSL Cert | `''` | -| DATASOURCES_DEFAULT_SSL_CA | Database SSL CA | `''` | -| DATASOURCES_DEFAULT_USERNAME | Database username | `''` | -| DEBUG | Debug mode | `'false'` | -| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME | Email classname | `'Smtp'` | -| EMAIL_DEFAULT_FROM_NAME | From email username | `'Passbolt'` | -| EMAIL_DEFAULT_FROM | From email address | `'you@localhost'` | -| EMAIL_DEFAULT_TRANSPORT | Sets transport method | `'default'` | -| EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | `'localhost'` | -| EMAIL_TRANSPORT_DEFAULT_PORT | Server port | `25` | -| EMAIL_TRANSPORT_DEFAULT_TIMEOUT | Timeout | `30` | -| EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | `null` | -| EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | `null` | -| EMAIL_TRANSPORT_DEFAULT_CLIENT | Client | `null` | -| EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | `null` | -| EMAIL_TRANSPORT_DEFAULT_URL | Set url | `null` | -| GNUPGHOME | path to gnupghome directory | `'/home/www-data/.gnupg'` | -| PASSBOLT_AUTH_TOKEN_EXPIRY | Passbolt authorization token expiration | `'3 days'` | -| PASSBOLT_AUTH_REGISTER_TOKEN_EXPIRY | Passbolt authorization registration token expiration | `'10 days'` | -| PASSBOLT_AUTH_RECOVER_TOKEN_EXPIRY | Passbolt authorization recover token expiration | `'1 day'` | -| PASSBOLT_AUTH_LOGIN_TOKEN_EXPIRY | Passbolt authorization token login expiration | `'5 minutes'` | -| PASSBOLT_AUTH_MOBILE_TRANSFER_TOKEN_EXPIRY | Passbolt mobile transfer token expiration | `'5 minutes'` | -| PASSBOLT_AUTH_JWT_REFRESH_TOKEN | Passbolt authorization JWT refresh token | `'1 month'` | -| PASSBOLT_AUTH_JWT_ACCESS_TOKEN | Passbolt authorization JWT access token | `'5 minutes'` | -| PASSBOLT_AUTH_JWT_VERIFY_TOKEN | Passbolt authorization JWT verify token | `'1 hour'` | -| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | `null` | -| PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | `'/etc/passbolt/gpg/serverkey.asc'` | -| PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | `'/etc/passbolt/gpg/serverkey_private.asc'` | -| PASSBOLT_JS_BUILD | passbolt.js type of build 'development' or 'production' | `'production'` | -| PASSBOLT_LEGAL_PRIVACYPOLICYURL | Set legal policy URL | `''` | -| PASSBOLT_LEGAL_TERMSURL | Set legal terms URL | `'https://www.passbolt.com/terms'` | -| PASSBOLT_META_DESCRIPTION | Set html meta description for the site | `'Open source password manager for teams'` | -| PASSBOLT_META_ROBOTS | Search engines indexing parameters | `'noindex, nofollow'` | -| PASSBOLT_META_TITLE | Set html meta title for | `'Passbolt'` | -| PASSBOLT_PLUGINS_EXPORT_ENABLED | Enable export plugin | ``true`` | -| PASSBOLT_PLUGINS_IMPORT_ENABLED | Enable import plugin | ``true`` | -| PASSBOLT_PLUGINS_IN_FORM_INTEGRATION_ENABLED | Enable Passbolt icon in web forms | ``true`` | -| PASSBOLT_PLUGINS_PASSWORD_GENERATOR_DEFAULT_GENERATOR | Default password generator (can be password or passphrase) | `password` | -| PASSBOLT_PLUGINS_PASSWORD_GENERATOR_ENABLED | Enable password generator plugin | `true` | -| PASSBOLT_PLUGINS_PREVIEW_PASSWORD_ENABLED | Enable password generator preview | `true` | -| PASSBOLT_PLUGINS_MOBILE_ENABLED | Enable mobile plugin | `true` | -| PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | Enable jwt authentication plugin | `true` | -| PASSBOLT_REGISTRATION_PUBLIC | Defines if users can register | `false` | -| PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | `true` | -| PASSBOLT_SECURITY_CSP | CSP Headers (`true`, false or custom CSP string) | `true` | -| PASSBOLT_SECURITY_COOKIE_SECURE | Set MFA cookie secure flag | `true` | -| PASSBOLT_SSL_FORCE | Redirects http to https | `true` | -| SECURITY_SALT | CakePHP security salt | `__SALT__` | -| SESSION_DEFAULTS | Session engine configuration | `'php'` | -{: .table-parameters } diff --git a/_includes/configure/install_or_reconfigure_passbolt.md b/_includes/configure/install_or_reconfigure_passbolt.md deleted file mode 100644 index fe2ffd916..000000000 --- a/_includes/configure/install_or_reconfigure_passbolt.md +++ /dev/null @@ -1,36 +0,0 @@ -[comment]: <> (lets_encrypt_requirement variable is used for: OVA, AWS, Digital Ocean) -{% if lets_encrypt_requirement == 'yes' %} -## Edit nginx configuration file - -By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let's Encrypt SSL certificate, you will have to manually set your passbolt domain name. - -Open `/etc/nginx/sites-enabled/nginx-passbolt.conf` and search for this line: - -``` -server_name _; -``` - -Replace the underscore with your passbolt domain name: - -``` -server_name passbolt.domain.tld; -``` - -## Reconfigure passbolt - -Execute this command: - -{% else %} -## Install or reconfigure passbolt - -If you don't have passbolt installed please check on the [hosting section](/hosting/install) for more information -on how to install passbolt on debian. - -If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL: -{% endif %} - -``` -sudo dpkg-reconfigure passbolt-{{ product }}-server -``` - -You most likely want to say 'NO' to the mariadb/mysql setup question and go for the nginx setup diff --git a/_includes/hosting/backup/backup_collaborators_keys.md b/_includes/hosting/backup/backup_collaborators_keys.md deleted file mode 100644 index 7abc63de7..000000000 --- a/_includes/hosting/backup/backup_collaborators_keys.md +++ /dev/null @@ -1,8 +0,0 @@ - -## What about the secret keys of my collaborators? - -Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose. - -As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users. - -It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you. diff --git a/_includes/hosting/backup/backup_docker.md b/_includes/hosting/backup/backup_docker.md deleted file mode 100644 index 130c4f714..000000000 --- a/_includes/hosting/backup/backup_docker.md +++ /dev/null @@ -1,56 +0,0 @@ -We assume here Passbolt container is named "**passbolt-container**" and MariaDB -container "**database-container**". -Please replace these names with your own. You can use `docker ps` for this. - -{% include messages/warning.html - content="Many docker users use \"`-ti`\", \"`-it`\" or \"`-t -i`\" arguments to execute commands on docker containers. To get reliable backups on docker, please use only `-i`, as `-t` will create a pseudo-tty and make your backup files unusuable." -%} -#### 1. The database - -This can be easily scripted using [mysqldump](https://mariadb.com/kb/en/mariadb/mysqldump/). -Use `docker exec` to connect to the Passbolt database container and write mysqldump output to a local file. - -Be sure to use simple-quotes for the `bash -c` argument to be able to use MYSQL_USER, MYSQL_PASSWORD and MYSQL_DATABASE environment variables. - -```bash -docker exec -i database-container bash -c \ -'mysqldump -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}' \ -> /path/to/backup.sql -``` - - -#### 2. The server public and private keys - -You can use `docker cp` to backup the Passbolt GPG keys: - -```bash -docker cp passbolt-container:/etc/passbolt/gpg/serverkey_private.asc \ - /path/to/backup/serverkey_private.asc -docker cp passbolt-container:/etc/passbolt/gpg/serverkey.asc \ - /path/to/backup/serverkey.asc -``` - -#### 3. The application configuration - -Passbolt {{ distributionSlug }} stores its configuration as environment variables. - -If you are using docker-compose, environment variables are on the env folder: - -* env/passbolt.env -* env/mysql.env - -If you are running docker container, you should have passed these variables through the command line. -Please check the -[passbolt env variable reference]({{ site.baseurl }}{% link _posts/configure/2021-12-30-env-var-reference.md %}) - -#### 4. The avatars (for Passbolt version prior to 3.2) - -{% include messages/notice.html - content="Since Passbolt 3.2, user's avatars are no longer stored on disk but on the avatars table of passbolt database." -%} - -```bash -docker exec -i passbolt-container \ - tar cvfzp - -C /usr/share/php/passbolt/ webroot/img/avatar \ - > passbolt-avatars.tar.gz -``` diff --git a/_includes/hosting/backup/backup_files_list.md b/_includes/hosting/backup/backup_files_list.md deleted file mode 100644 index ed50fe849..000000000 --- a/_includes/hosting/backup/backup_files_list.md +++ /dev/null @@ -1,33 +0,0 @@ -## Backup list - -At the end of the backup process you should have: - -* a dump of your database -* the server public and private GPG keys -* a copy of your config/passbolt.php configuration file -* a copy of your avatar folder (**only if Passbolt version < 3.2**) - -## Migrate the back-up to the new server - -We will still consider that the backup files are in your user home directory ~/backup - -### On the original server - -Use a tool such as tar to compress the backup directory -```` -tar -cvzf /home/backup.tar.gz /home/backup -```` - -You should copy the compressed backup file to the new server. Use a tool such as scp to do it -```` -scp /home/backup.tar.gz new_server_username@server_ip:/home -```` - -### On the new server - -The compressed backup file should appears inside your home directory, we will extract using a tool such as tar -```` -tar -xzvf /home/backup.tar.gz -C /home/backup -```` - -The uncompressed backup file are now available inside your home directory. \ No newline at end of file diff --git a/_includes/hosting/backup/backup_from_source_full_page.md b/_includes/hosting/backup/backup_from_source_full_page.md deleted file mode 100644 index df89420da..000000000 --- a/_includes/hosting/backup/backup_from_source_full_page.md +++ /dev/null @@ -1,57 +0,0 @@ -{% include hosting/backup/backup_intro.md %} - - -#### 1. The database - -We made a dedicated command in order to make a backup of the database, it uses `mysqldump` but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors. - -**Replace *WEB_SERVER_USER* with the correct one.** Depending on your OS, it could be nginx, www-data, etc. - -```bash -sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER -``` - -#### 2. The server public and private keys - -The easiest way is copy the server OpenPGP key in `config/gpg`. - - * private key is `serverkey_private.asc` - * public key is `serverkey.asc` - -Another method is to export it using GnuPG. You can use the email attached to your keys to identify them or use the fingerprint. -In order to find the fingerprint if you do not know the email attached to your keys: - -```bash -sudo -H -u www-data /bin/bash -c "gpg --list-keys" -``` - -If you know the email attached to your keys you can use it to export your keys as follows: - -```bash -sudo -H -u www-data /bin/bash -c "gpg --export-secret-keys > /var/www/passbolt/config/gpg/private.asc" www-data -sudo -H -u www-data /bin/bash -c "gpg --export > /var/www/passbolt/config/gpg/public.asc" www-data -``` -Where can be the key fingerprint or the email associated with the key you want to export. - -{% include messages/warning.html - content="Be sure to **remove the expiration time** before importing the keys at backup restore. While restoring the backup, the imported keys cannot have an expiry date." -%} - -#### 3. The application configuration - -Passbolt configuration file is located in `config/passbolt.php`. - -#### 4. The avatars (for Passbolt version prior to 3.2) - -{% include messages/notice.html - content="Since Passbolt 3.2, user's avatars are no longer stored on disk but on the avatars table of passbolt database." -%} - -Back up `webroot/img/public` to avoid losing the profile images. - -```bash -sudo tar cvfzp passbolt-avatars.tar.gz -C /var/www/passbolt/ webroot/img/avatar -``` - -{% include hosting/backup/backup_files_list.md %} -{% include hosting/backup/backup_collaborators_keys.md %} diff --git a/_includes/hosting/backup/backup_intro.md b/_includes/hosting/backup/backup_intro.md deleted file mode 100644 index a2d450e4c..000000000 --- a/_includes/hosting/backup/backup_intro.md +++ /dev/null @@ -1,18 +0,0 @@ -Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place. - -As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization. - -Here are some best practices to keep in mind: - -* Ensure that the backups are taken at intervals that match your usage -* Take these backups off-site, or to another environment than the live one -* Make sure the backup is encrypted and stored in a safe location -* Practice drills and test the backups to make sure they work - -## What to backup? - -If you are a PRO user, ensure you have a backup of your subscription key. - -There are also several elements you need to backup: diff --git a/_includes/hosting/backup/backup_package.md b/_includes/hosting/backup/backup_package.md deleted file mode 100644 index 397b75cdc..000000000 --- a/_includes/hosting/backup/backup_package.md +++ /dev/null @@ -1,33 +0,0 @@ -#### 1. The database - -We made a dedicated command in order to make a backup of the database, it uses `mysqldump` but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors. - -**Replace *WEB_SERVER_USER* with the correct one.** Depending on your OS, it could be nginx, www-data, etc. - -```bash -sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER -``` - -#### 2. The server public and private keys - -The GPG server keys are stored under `/etc/passbolt/gpg/` folder: - - * private key is `serverkey_private.asc` - * public key is `serverkey.asc` - -#### 3. The application configuration - -Passbolt {{ distributionSlug }} package stores all configuration files under `/etc/passbolt/*` but the one you need is `/etc/passbolt/passbolt.php` - -#### 4. The avatars (for Passbolt version prior to 3.2) - -{% include messages/notice.html - content="Since Passbolt 3.2, user's avatars are no longer stored on disk but on the avatars table of passbolt database." -%} - -Back up `/usr/share/php/passbolt/webroot/img/avatar` to avoid losing -the profile images. - -```bash -sudo tar cvfzp passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ webroot/img/avatar -``` diff --git a/_includes/hosting/backup/backup_package_full_page.md b/_includes/hosting/backup/backup_package_full_page.md deleted file mode 100644 index 8403499fd..000000000 --- a/_includes/hosting/backup/backup_package_full_page.md +++ /dev/null @@ -1,8 +0,0 @@ -{% include hosting/backup/backup_intro.md %} -{% if distribution == "docker" %} -{% include hosting/backup/backup_docker.md %} -{% else %} -{% include hosting/backup/backup_package.md %} -{% endif %} -{% include hosting/backup/backup_files_list.md %} -{% include hosting/backup/backup_collaborators_keys.md %} \ No newline at end of file diff --git a/_includes/hosting/docker/docker-backup-section.md b/_includes/hosting/docker/docker-backup-section.md deleted file mode 100644 index 2521cfbe4..000000000 --- a/_includes/hosting/docker/docker-backup-section.md +++ /dev/null @@ -1,38 +0,0 @@ -### Backup MariaDB database - -First of all is encouraged to backup all the relevant data that is: -- Database -- Images -- Server public and private keys - -You might want to check the detailed [backup list for v1](/hosting/backup/backup-v1) - -There are multiple ways to backup your database following there is an example using the passbolt container: -```bash -$ docker exec passbolt mysqldump -h \ - -u passbolt \ - -pP4ssb0lt \ - passbolt > dump.sql -``` - -This will output a dump.sql file on the host machine. - -### Backup images directory - -If you are mounting the images directory using a bind mount just copy the host image directory in a safe location. -If you are using docker volumes to persist your images directory, or not persisting the images directory at all, you can execute the following to copy your images to the host machine. - -```bash -$ docker cp passbolt:/var/www/app/webroot/img/public public_images_backup -``` -This will output a public_images_directory with the images stored in the passbolt container. - -### Backup gpg keys - -As with the previous section you can proceed exactly the same with the gpg keys: - -```bash -$ docker cp passbolt:/var/www/app/Config/gpg/ gpg_keys_backup -``` - -This will output a gpg_keys_backup directory with the contents of the gpg configuration folder of passbolt. diff --git a/_includes/hosting/docker/docker-changes-section.md b/_includes/hosting/docker/docker-changes-section.md deleted file mode 100644 index 2674d639c..000000000 --- a/_includes/hosting/docker/docker-changes-section.md +++ /dev/null @@ -1,57 +0,0 @@ -## Upgrade from v1.6.10-debian - -Passbolt v2 introduces several changes that are important to keep in mind when upgrading: - -#### Changes: Environment variables - -The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables: - -```bash -DB_USER is now DATASOURCES_DEFAULT_USERNAME -DB_HOST is now DATASOURCES_DEFAULT_HOST -``` -There is a more detailed list in passbolt_docker [README](https://github.com/passbolt/passbolt_docker/blob/master/README.md) file. - -#### Changes: Configuration files - -No more core.php, email.php or database.php. -Any user that does not want to use environment variables must configure passbolt using: -``` -/var/www/passbolt/config/passbolt.php -``` -Passbolt will look for for configuration values in `passbolt.php`. Wether `passbolt.php` does not exist or the configuration section is not defined on it, passbolt will then look for configuration details in default.php which relies on environment variables/default values. -Gpg config directory has changed slightly its path from: - -```bash -/var/www/passbolt/app/Config/gpg/ to /var/www/passbolt/config/gpg -``` - -Gpg default server key file names also changed: - -```bash -serverkey.private.asc to serverkey_private.asc -``` - -#### Changes: www user - -Passbolt container is now running under the www-data user - -#### Changes: images directory - -Path to the images directory is different: - -```bash -/var/www/passbolt/app/webroot/img/public/images to /var/www/passbolt/webroot/img/public/images -``` - -Users must also rename ProfileAvatar to Avatar directory inside public/images in order to see images in passbolt v2 - -#### Changes: supervisor - -In order to manage the running process in passbolt container we introduced supervisord. Users are now able to restart passbolt container processes using: - -```bash -$ docker exec passbolt supervisorctl restart -``` - -Now that we have a better overview of the changes let's start with the upgrading process! diff --git a/_includes/hosting/docker/docker-compose-usage.md b/_includes/hosting/docker/docker-compose-usage.md deleted file mode 100644 index 4b0d66f8f..000000000 --- a/_includes/hosting/docker/docker-compose-usage.md +++ /dev/null @@ -1,102 +0,0 @@ - -## docker-compose - -The easiest and recommended way to deploy your passbolt stack is to use docker-compose. - -{% assign stepNumber = 1 %} - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Download our docker-compose.yml example file - -``` -wget https://download.passbolt.com/{{ product }}/docker/docker-compose-{{ product }}.yaml -wget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-{{ product }}-SHA512SUM.txt -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Ensure the file has not been corrupted by verifying its shasum - -``` -$ sha512sum -c docker-compose-{{ product }}-SHA512SUM.txt - -``` - -Must return: - -``` -docker-compose-{{ product }}.yaml: OK -``` - -{% include messages/warning.html - content="Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask for support on our community forum." -%} - -{% if product == 'pro' %} -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Create a `subscription_key.txt` file containing your subscription key. -{% endif %} - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Configure environment variables in docker-compose-{{ product }}.yaml file to customize your instance. - -{% include messages/notice.html - content="Notice: By default the docker-compose.yaml file is set to **latest**. We strongly recommend - changing that to the [tag](https://hub.docker.com/r/passbolt/passbolt/tags){:target='_blank'} for the version you want to install." -%} - -The `APP_FULL_BASE_URL` environment variable is set by default to [https://passbolt.local](https://passbolt.local), using a self-signed certificate. - -Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate. - -You must configure also SMTP settings to be able to receive notifications and recovery emails. Please find below -the most used environment variables for this purpose: - -| Variable name | Description | Default value | -|----------------------------------|--------------------------------|-------------------| -| EMAIL_DEFAULT_FROM_NAME | From email username | `'Passbolt'` | -| EMAIL_DEFAULT_FROM | From email address | `'you@localhost'` | -| EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | `'localhost'` | -| EMAIL_TRANSPORT_DEFAULT_PORT | Server port | `25` | -| EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | `null` | -| EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | `null` | -| EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | `null` | -{: .table-parameters } - -For more information on which environment variables are available on passbolt, please check the [passbolt environment variable reference](/configure/environment/reference.html){:target="_blank"}. - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Start your containers - -``` -docker-compose -f docker-compose-{{ product }}.yaml up -d -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Create first admin user - -```bash -$ docker-compose -f docker-compose-{{ product }}.yaml exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \ - passbolt register_user \ - -u \ - -f \ - -l \ - -r admin" -s /bin/sh www-data -``` - -It will output a link similar to the below one that can be pasted on the browser to finalize user registration: - -``` -https://my.domain.tld/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc -``` - -At this point, you should have a working docker setup running on the **latest** tag. However, it is recommended that users [pull the tags pointing to specific passbolt versions](https://hub.docker.com/r/passbolt/passbolt/tags){:target="_blank"} when running in environments other than testing. - -## Going further - -Docker FAQs: - -* [How to configure SMTP to receive emails](/configure/email/setup){:target="_blank"} -* [How to configure HTTPS with my own certificates in docker](/configure/https/{{ product }}/docker/manual.html){:target="_blank"} -* [How to configure HTTPS with Let's Encrypt in docker](/configure/https/{{ product }}/docker/auto.html){:target="_blank"} -* [How to use rootless images](/faq/hosting/how-to-use-rootless-images){:target="_blank"} -* [Troubleshoot Docker](/faq/hosting/troubleshoot-docker){:target="_blank"} -* [Passbolt reference environment variables](/configure/environment/reference.html){:target="_blank"} -* [Docker Secrets](/faq/hosting/docker-secrets){:target="_blank"} - -Passbolt docker repository: - -* [https://github.com/passbolt/passbolt_docker/](https://github.com/passbolt/passbolt_docker/){:target="_blank"} diff --git a/_includes/hosting/docker/docker-first-user-creation.md b/_includes/hosting/docker/docker-first-user-creation.md deleted file mode 100644 index 146547b48..000000000 --- a/_includes/hosting/docker/docker-first-user-creation.md +++ /dev/null @@ -1,16 +0,0 @@ -### Manually creating first admin user - -Once the passbolt container is up and running use this command to generate the first admin user: -```bash -$ docker exec passbolt{{ page.docker_tag }} su -m -c "/usr/share/php/passbolt/bin/cake \ - passbolt register_user \ - -u \ - -f \ - -l \ - -r admin" -s /bin/sh www-data -``` - -It will output a link similar to the below one that can be pasted on the browser to finalize user registration: -```bash -https://mydomain.com/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc -``` diff --git a/_includes/hosting/docker/docker-persisting-data.md b/_includes/hosting/docker/docker-persisting-data.md deleted file mode 100644 index 7e052d681..000000000 --- a/_includes/hosting/docker/docker-persisting-data.md +++ /dev/null @@ -1,65 +0,0 @@ -### Persisting data in passbolt container - -There are several locations that might be interesting for the users to persist data between container restarts: -* Images directory: /usr/share/php/passbolt/webroot/img -* Gnupg serverkeys directory: /etc/passbolt/gpg -* SSL certificate files: /etc/ssl/certs/certificate.crt /etc/ssl/certs/certificate.key -{% if page.passbolt_version == 'Pro' %} -* Subscription key file: /etc/passbolt/license -{% endif %} - -This files and directories can be persisted in the docker volume using [docker volumes](https://docs.docker.com/storage/volumes/) or using [bind mounts](https://docs.docker.com/storage/bind-mounts/#start-a-container-with-a-bind-mount) - -### Examples - -An example for persisting the images directory could be to create a docker volume: -```bash -$ docker volume create passbolt_images -``` - -And run passbolt container with the previously created volume: -```bash -$ docker run --name passbolt{{ page.docker_tag }} --net passbolt_network \ - --mount source=passbolt_images,\ - target=/usr/share/php/passbolt/webroot/img \ - {%- if page.passbolt_version == 'Pro' %} - --mount type=bind,\ - source=,\ - target=/etc/passbolt/license \ - {% else %} - {% endif -%} - -p 443:443 \ - -p 80:80 \ - -e DATASOURCES_DEFAULT_HOST=mariadb \ - -e DATASOURCES_DEFAULT_PASSWORD= \ - -e DATASOURCES_DEFAULT_USERNAME= \ - -e DATASOURCES_DEFAULT_DATABASE= \ - -e APP_FULL_BASE_URL=https://mydomain.com \ - passbolt/passbolt:latest{{ page.docker_tag }} -``` - -Bind volumes are usually useful when, for instance, the SSL certificates or GnuPG keys have been already created in the host machine: -```bash -$ docker run --name passbolt --net passbolt_network \ - --mount type=bind,\ - source=,\ - target=/etc/passbolt/gpg \ - {%- if page.passbolt_version == 'Pro' %} - --mount type=bind,\ - source=,\ - target=/etc/passbolt/license \ - {% else %} - {% endif -%} - -p 443:443 \ - -p 80:80 \ - -e DATASOURCES_DEFAULT_HOST=mariadb \ - -e DATASOURCES_DEFAULT_PASSWORD= \ - -e DATASOURCES_DEFAULT_USERNAME= \ - -e DATASOURCES_DEFAULT_DATABASE= \ - -e APP_FULL_BASE_URL=https://mydomain.com \ - passbolt/passbolt:latest{{ page.docker_tag }} -``` - -An example of the above using docker-compose can be found [here](https://github.com/passbolt/passbolt_docker/blob/master/docker-compose{{ page.docker_tag }}.yml) where bind mounts and volumes are used. - -NOTE: If you dont provide any GnuPG severkey or SSL certificate passbolt container will create a self signed SSL certificate and a GnuPG server key pair. diff --git a/_includes/hosting/docker/docker-reference-message.md b/_includes/hosting/docker/docker-reference-message.md deleted file mode 100644 index 485b68514..000000000 --- a/_includes/hosting/docker/docker-reference-message.md +++ /dev/null @@ -1,3 +0,0 @@ -## More information on environment variables -For more information on which environment variables are available on Passbolt, please check the -[passbolt env variable reference]({{ site.baseurl }}{% link _posts/configure/2021-12-30-env-var-reference.md %}) diff --git a/_includes/hosting/docker/docker-system-requirements.md b/_includes/hosting/docker/docker-system-requirements.md deleted file mode 100644 index 22db57180..000000000 --- a/_includes/hosting/docker/docker-system-requirements.md +++ /dev/null @@ -1,12 +0,0 @@ -## System requirements - -* docker: [https://docs.docker.com/get-docker/](https://docs.docker.com/get-docker/){:target="_blank"} -* docker-compose: [https://docs.docker.com/compose/install/](https://docs.docker.com/compose/install/){:target="_blank"} -* [A Linux user able to run docker commands without sudo](https://docs.docker.com/engine/install/linux-postinstall/){:target="_blank"} -* a working SMTP server for email notifications -* a working NTP service to avoid GPG authentication issues - -FAQ pages: - -* [Set up NTP](/faq/hosting/set-up-ntp) -* [Firewall rules](/faq/hosting/firewall-rules){:target="_blank"} \ No newline at end of file diff --git a/_includes/hosting/docker/docker-upgrade-section.md b/_includes/hosting/docker/docker-upgrade-section.md deleted file mode 100644 index b67a807c4..000000000 --- a/_includes/hosting/docker/docker-upgrade-section.md +++ /dev/null @@ -1,62 +0,0 @@ -## Upgrade using latest v1 version (1.6.10) - -Passbolt {{ page.passbolt_version }} v2 will run the database migrations if needed when starting up. Users just need to provide the gpg keys, configuration files/env variables and images. -Following some examples: - -### Using host bind mounts - -Users that use host bind mounts from host machine into docker file must adjust paths of the mounted files: - -In the following snippet: -- passbolt_images_dir: path to a host directory that contains passbolt images Avatar directory. -- gpg_host_dir: path to a host directory that contains serverkey.asc and serverkey_private.asc - -```bash -$ docker run --name passbolt{{ page.docker_tag }} --net passbolt_network \ - --mount type=bind, \ - source=,\ - target=/var/www/passbolt/webroot/img \ - {%- if page.passbolt_version == 'Pro' %} - --mount type=bind,\ - source=,\ - target=/var/www/passbolt/config/license \ - {% else %} - {% endif -%} - --mount type=bind, \ - source=, \ - target=/var/www/passbolt/config/gpg \ - -p 443:443 \ - -p 80:80 \ - -e DATASOURCES_DEFAULT_HOST=mariadb \ - -e DATASOURCES_DEFAULT_PASSWORD= \ - -e DATASOURCES_DEFAULT_USERNAME= \ - -e DATASOURCES_DEFAULT_DATABASE= \ - -e APP_FULL_BASE_URL=https://mydomain.com \ - passbolt/passbolt:latest{{ page.docker_tag }} -``` - -### Using docker volumes - -Users that use docker volumes should adjust their volumes paths. - -```bash -$ docker run --name passbolt{{ page.docker_tag }} --net passbolt_network \ - --mount source=,\ - target=/var/www/passbolt/webroot/img \ - {%- if page.passbolt_version == 'Pro' %} - --mount type=bind,\ - source=,\ - target=/var/www/passbolt/config/license \ - {% else %} - {% endif -%} - --mount source=, \ - target=/var/www/passbolt/config/gpg \ - -p 443:443 \ - -p 80:80 \ - -e DATASOURCES_DEFAULT_HOST=mariadb \ - -e DATASOURCES_DEFAULT_PASSWORD= \ - -e DATASOURCES_DEFAULT_USERNAME= \ - -e DATASOURCES_DEFAULT_DATABASE= \ - -e APP_FULL_BASE_URL=https://mydomain.com \ - passbolt/passbolt:latest{{ page.docker_tag }} -``` diff --git a/_includes/hosting/docker/docker-usage.md b/_includes/hosting/docker/docker-usage.md deleted file mode 100644 index 0fe8c7364..000000000 --- a/_includes/hosting/docker/docker-usage.md +++ /dev/null @@ -1,62 +0,0 @@ -## Using passbolt container - -Passbolt requires a database backend to store the information. In this section we will be using a MariaDB database packaged as a docker container. -{% if page.passbolt_version == 'Pro' %} - A subscription key file is also required to use Passbolt Pro. You can get the subscription key [here](https://www.passbolt.com/) -{% endif %} - -{% include messages/warning.html - content="**Please note:** Passbolt uses Mariadb/MySQL as a storage backend for encrypted passwords. It is mandatory to persist `/var/lib/mysql` -if you are running Mariadb/MySQL on a docker container to avoid data loss when restarting such containers." -%} - -### Manually run passbolt container and mariadb container - -It is recommended to create a user defined network to ease the container name resolution. Using a user defined network will provide a method to access containers using their names instead ip addresses: -```bash -$ docker network create passbolt_network -``` - -First run the mariadb container: - -As we want all the data in mariadb to survive container restarts it is recommended to create either a docker -volume or a host directory and mount it at `/var/lib/mysql` - -```bash -$ docker volume create mariadb_passbolt_data -$ docker run -d --name mariadb --net passbolt_network \ - --mount source=mariadb_passbolt_data,target=/var/lib/mysql \ - -e MYSQL_ROOT_PASSWORD= \ - -e MYSQL_DATABASE= \ - -e MYSQL_USER= \ - -e MYSQL_PASSWORD= \ - mariadb -``` - -Now we can run the passbolt container: -```bash -$ docker run --name passbolt{{page.docker_tag}} --net passbolt_network \ - --mount type=bind,\ - source=,\ - target=/etc/passbolt/gpg \ - {%- if page.passbolt_version == 'Pro' %} - --mount type=bind,\ - source=,\ - target=/etc/passbolt/subscription_key.txt \ - {% else %} - {% endif -%} - -p 443:443 \ - -p 80:80 \ - -e DATASOURCES_DEFAULT_HOST=mariadb \ - -e DATASOURCES_DEFAULT_PASSWORD= \ - -e DATASOURCES_DEFAULT_USERNAME= \ - -e DATASOURCES_DEFAULT_DATABASE= \ - -e APP_FULL_BASE_URL=https://mydomain.com \ - passbolt/passbolt:latest{{page.docker_tag}} -``` - -Note: strings between '<' and '>' are variables that the users should fill with their data. - -Passbolt requires some data to be persistant, most notably the OpenPGP server keys. However, images and -potentially the SSL certificate might also need to be persisted depending on your specific configuration. -You can read more about it below. diff --git a/_includes/hosting/docker/docker-warning.md b/_includes/hosting/docker/docker-warning.md deleted file mode 100644 index 853fcc2fb..000000000 --- a/_includes/hosting/docker/docker-warning.md +++ /dev/null @@ -1,3 +0,0 @@ -{% include messages/warning.html - content="Important: Installing Passbolt with Docker is considered a somewhat advanced method. Using this method assumes you are familiar with Docker and have run other applications with Docker. If you do not have experience working with Docker we recommend you use another of our installation methods." -%} \ No newline at end of file diff --git a/_includes/hosting/helm/helm-backup-section.md b/_includes/hosting/helm/helm-backup-section.md deleted file mode 100644 index dc46059b6..000000000 --- a/_includes/hosting/helm/helm-backup-section.md +++ /dev/null @@ -1,38 +0,0 @@ -### Backup MariaDB database - -First of all is encouraged to backup all the relevant data that is: -- Database -- Images -- Server public and private keys - -You might want to check the detailed [backup list for v1](/hosting/backup/backup-v1) - -There are multiple ways to backup your database following there is an example using the passbolt container: -```bash -kubectl exec -it -- /bin/bash -c "mysqldump -h \ - -u passbolt \ - -pP4ssb0lt \ - passbolt > dump.sql" -``` - -This will output a dump.sql file on the host machine. - -### Backup images directory - -If you are mounting the images directory using a bind mount just copy the host image directory in a safe location. -If you are using docker volumes to persist your images directory, or not persisting the images directory at all, you can execute the following to copy your images to the host machine. - -```bash -$ kubectl cp :/var/www/app/webroot/img/public public_images_backup -``` -This will output a public_images_directory with the images stored in the passbolt container. - -### Backup gpg keys - -As with the previous section you can proceed exactly the same with the gpg keys: - -```bash -$ kubectl cp :/var/www/app/Config/gpg/ gpg_keys_backup -``` - -This will output a gpg_keys_backup directory with the contents of the gpg configuration folder of passbolt. diff --git a/_includes/hosting/helm/helm-first-user-creation.md b/_includes/hosting/helm/helm-first-user-creation.md deleted file mode 100644 index f1c50999c..000000000 --- a/_includes/hosting/helm/helm-first-user-creation.md +++ /dev/null @@ -1,12 +0,0 @@ -### Manually creating first admin user - -Once the Helm chart is deployed, you can create your first user by running the following command: - -```bash -kubectl exec -it -- /bin/bash -c "su -s /bin/bash -c \"bin/cake passbolt register_user -u -f -l -r admin\" www-data" -``` - -It will output a link similar to the below one that can be pasted on the browser to finalize user registration: -```bash -https://mydomain.com/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc -``` diff --git a/_includes/hosting/helm/helm-going-further.md b/_includes/hosting/helm/helm-going-further.md deleted file mode 100644 index 0beb03ec8..000000000 --- a/_includes/hosting/helm/helm-going-further.md +++ /dev/null @@ -1,12 +0,0 @@ -## Going further - -Helm FAQs: - -* [How to configure SMTP to receive emails](/configure/email/setup){:target="_blank"} -* [How to use rootless images](/faq/hosting/how-to-use-rootless-images){:target="_blank"} -* [Troubleshoot Helm](/faq/hosting/troubleshoot-helm){:target="_blank"} -* [Passbolt reference environment variables](/configure/environment/reference.html){:target="_blank"} - -Passbolt docker repository: - -* [https://github.com/passbolt/charts-passbolt](https://github.com/passbolt/charts-passbolt){:target="_blank"} diff --git a/_includes/hosting/helm/helm-install-usage.md b/_includes/hosting/helm/helm-install-usage.md deleted file mode 100644 index 0eb1529c8..000000000 --- a/_includes/hosting/helm/helm-install-usage.md +++ /dev/null @@ -1,75 +0,0 @@ - -## Helm install - -The easiest and recommended way to deploy your Passbolt Helm chart is to use `helm install`. - -{% assign stepNumber = 1 %} - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Set up our Helm repo - -```bash -helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Get a copy of the values file - -```bash -wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml -``` - - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Configure values file to customize your instance {% if product == 'pro' %} and enable the Pro install {% endif %}. - - -The `APP_FULL_BASE_URL` environment variable is set by default to [https://passbolt.local](https://passbolt.local), using a self-signed certificate. - -Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate. - -{% if product == 'pro' %} -As the `values.yaml` file is set up for CE by default you'll need to adjust the [tag](https://hub.docker.com/r/passbolt/passbolt/tags) for the Passbolt image to pro. You can find this on line 59 of `values.yaml`. -``` - # -- Overrides the image tag whose default is the chart appVersion. - tag: 3.11.1-1-pro -``` - It is recommended to just change ce to pro but you can use any of the tags that you want to. - -The next thing you will need to do is uncomment the two lines dealing with the subscription key. You can find these on lines 88 and 90. - -``` - -# -- Pro subscription key in base64 only if you are using pro version -subscriptionKey: -# -- Configure passbolt subscription key path -subscription_keyPath: /etc/passbolt/subscription_key.txt -``` -For subscription key it expects the key to be base64 encoded. Yes, the one supplied to you by us is already base64 encoded once, but you'll need to do that again and put that in as the value for `subscriptionKey`. - -{% endif %} - -If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects. - -```bash -gpg --armor --export-secret-keys | base64 -w 0 -gpg --armor --export | base64 -w 0 -``` - -You must configure also SMTP settings to be able to receive notifications and recovery emails. - -For more information on which environment variables are available on passbolt, please check the [passbolt environment variable reference](/configure/environment/reference.html){:target="_blank"}. - -{% include messages/notice.html - content="Important: By default we have the ingress set to false, you'll need to decide how you want to handle this to access the web page." -%} - -Additionally the following charts are used by Passbolt and you can adjust the values under their respective headings in values.yaml - -{% include hosting/helm/helm-required-charts.md %} - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Run helm install - -``` -helm install -f values.yaml my-passbolt passbolt-repo/passbolt -``` - - -At this point, you should have a working Passbolt setup via Helm running on the most up to date CE version of Passbolt. diff --git a/_includes/hosting/helm/helm-required-charts.md b/_includes/hosting/helm/helm-required-charts.md deleted file mode 100644 index d6225f6c5..000000000 --- a/_includes/hosting/helm/helm-required-charts.md +++ /dev/null @@ -1,6 +0,0 @@ -| Repository | Name | Version | -| ------------------------------------------------------------- | ---------------- | ------- | -| [https://charts.bitnami.com/bitnami](https://charts.bitnami.com/bitnami) | mariadb | 11.3.5 | -| [https://charts.bitnami.com/bitnami](https://charts.bitnami.com/bitnami) | redis | 17.3.8 | -| [https://passbolt.gitlab.io/passbolt-ops/passbolt-helm-library](https://passbolt.gitlab.io/passbolt-ops/passbolt-helm-library) | passbolt-library | 0.2.1 | -{: .table-parameters } diff --git a/_includes/hosting/helm/helm-system-requirements.md b/_includes/hosting/helm/helm-system-requirements.md deleted file mode 100644 index c9a4dc9bc..000000000 --- a/_includes/hosting/helm/helm-system-requirements.md +++ /dev/null @@ -1,10 +0,0 @@ -## System requirements - -* Kubernetes cluster (>1.19): [https://kubernetes.io/docs/setup/](https://kubernetes.io/docs/setup/){:target="_blank"} -* kubectl: [https://kubernetes.io/docs/tasks/tools/#kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl){:target="_blank"} -* Helm (3.X): [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/){:target="_blank"} -* a working SMTP server for email notifications - -FAQ pages: - -* [Firewall rules](/faq/hosting/firewall-rules){:target="_blank"} \ No newline at end of file diff --git a/_includes/hosting/helm/helm-values.md b/_includes/hosting/helm/helm-values.md deleted file mode 100644 index b9e9bbffb..000000000 --- a/_includes/hosting/helm/helm-values.md +++ /dev/null @@ -1,91 +0,0 @@ -## Values - -| Key | Type | Description | Default | -| ------------------------------------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| affinity | object | Configure passbolt deployment affinity | `{}` | -| app.cache.redis.enabled | bool | By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php That instructs passbolt to store sessions on redis and to use it as a general cache. | `true` | -| app.cache.redis.sentinelProxy.enabled | bool | Inject a haproxy sidecar container configured as a proxy to redis sentinel Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy | `true` | -| app.cache.redis.sentinelProxy.image | object | Configure redis sentinel proxy image | `{"repository":"haproxy","tag":"latest"}` | -| app.cache.redis.sentinelProxy.image.repository | string | Configure redis sentinel image repository | `"haproxy"` | -| app.cache.redis.sentinelProxy.image.tag | string | Configure redis sentinel image tag | `"latest"` | -| app.image.pullPolicy | string | Configure pasbolt deployment image pullPolicy | `"IfNotPresent"` | -| app.image.repository | string | Configure pasbolt deployment image repsitory | `"passbolt/passbolt"` | -| app.image.tag | string | Overrides the image tag whose default is the chart appVersion. | `"latest"`\* | -| app.initImage.pullPolicy | string | Configure pasbolt deployment image pullPolicy | `"IfNotPresent"` | -| app.initImage.repository | string | Configure pasbolt deployment image repsitory | `"mariadb"` | -| app.initImage.tag | string | Overrides the image tag whose default is the chart appVersion. | `"latest"` | -| app.resources | object | | `{}` | -| autoscaling.enabled | bool | Enable autoscaling on passbolt deployment | `false` | -| autoscaling.maxReplicas | int | Configure autoscaling maximum replicas | `100` | -| autoscaling.minReplicas | int | Configure autoscaling minimum replicas | `1` | -| autoscaling.targetCPUUtilizationPercentage | int | Configure autoscaling target CPU uptilization percentage | `80` | -| fullnameOverride | string | Value to override the whole fullName | `""` | -| gpgPath | string | Configure passbolt gpg directory | `"/etc/passbolt/gpg"` | -| gpgServerKeyPrivate | string | Gpg server private key in base64 | `nil` | -| gpgServerKeyPublic | string | Gpg server public key in base64 | `nil` | -| imagePullSecrets | list | Configure image pull secrets | `[]` | -| ingress.annotations | object | Configure passbolt ingress annotations | `{}` | -| ingress.enabled | bool | Enable passbolt ingress | `false` | -| ingress.hosts | list | Configure passbolt ingress hosts | `[]` | -| ingress.tls | list | Configure passbolt ingress tls | `[]` | -| jwtPath | string | Configure passbolt jwt directory | `"/etc/passbolt/jwt"` | -| jwtServerPrivate | string | JWT server private key in base64 | `nil` | -| jwtServerPublic | string | JWT server public key in base64 | `nil` | -| livenessProbe | object | Configure passbolt container livenessProbe | `{"initialDelaySeconds":20,"periodSeconds":10}` | -| mariadb.architecture | string | Configure mariadb architecture | `"replication"` | -| mariadb.auth.database | string | Configure mariadb auth database | `"test"` | -| mariadb.auth.password | string | Configure mariadb auth password | `"test"` | -| mariadb.auth.replicationPassword | string | Configure mariadb auth replicationPassword | `"test"` | -| mariadb.auth.rootPassword | string | Configure mariadb auth root password | `"root"` | -| mariadb.auth.username | string | Configure mariadb auth username | `"test"` | -| mariadbDependencyEnabled | bool | Install mariadb as a depending chart | `true` | -| nameOverride | string | Value to override the chart name on default | `""` | -| networkPolicy.enabled | bool | Enable network policies to allow ingress access passbolt pods | `false` | -| networkPolicy.label | string | Configure network policies label for ingress deployment | `"app.kubernetes.io/name"` | -| networkPolicy.namespaceLabel | string | Configure network policies namespaceLabel for namespaceSelector | `"ingress-nginx"` | -| networkPolicy.podLabel | string | Configure network policies podLabel for podSelector | `"ingress-nginx"` | -| nodeSelector | object | Configure passbolt deployment nodeSelector | `{}` | -| passboltEnv.plain.APP_FULL_BASE_URL | string | Configure passbolt fullBaseUrl | `"https://passbolt.local"` | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_PASSWORD | string | Configure passbolt cake cache password | `"test"` | -| passboltEnv.plain.CACHE_CAKE_DEFAULT_SERVER | string | Configure passbolt cake cache server | `"127.0.0.1"` | -| passboltEnv.plain.DEBUG | bool | Toggle passbolt debug mode | `false` | -| passboltEnv.plain.EMAIL_DEFAULT_FROM | string | Configure passbolt default email from | `"no-reply@passbolt.local"` | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_HOST | string | Configure passbolt default email host | `nil` | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_PORT | int | Configure passbolt default email service port | `587` | -| passboltEnv.plain.EMAIL_TRANSPORT_DEFAULT_TLS | bool | Toggle passbolt tls | `true` | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_KEY | string | Configure passbolt jwt private key path | `"/var/www/passbolt/config/jwt/jwt.key"` | -| passboltEnv.plain.PASSBOLT_JWT_SERVER_PEM | string | Configure passbolt jwt public key path | `"/var/www/passbolt/config/jwt/jwt.pem"` | -| passboltEnv.plain.PASSBOLT_LEGAL_PRIVACYPOLICYURL | string | Configure passbolt privacy url | `"https://www.passbolt.com/privacy"` | -| passboltEnv.plain.PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED | bool | Toggle passbolt jwt authentication | `true` | -| passboltEnv.plain.PASSBOLT_PLUGINS_LICENSE_LICENSE | string | Configure passbolt license path | `"/etc/passbolt/subscription_key.txt"` | -| passboltEnv.plain.PASSBOLT_REGISTRATION_PUBLIC | bool | Toggle passbolt public registration | `true` | -| passboltEnv.plain.PASSBOLT_SELENIUM_ACTIVE | bool | Toggle passbolt selenium mode | `false` | -| passboltEnv.plain.PASSBOLT_SSL_FORCE | bool | Configure passbolt to force ssl | `true` | -| passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE | string | Configure passbolt default database | `"test"` | -| passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD | string | Configure passbolt default database password | `"test"` | -| passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME | string | Configure passbolt default database username | `"test"` | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_PASSWORD | string | Configure passbolt default email service password | `"test"` | -| passboltEnv.secret.EMAIL_TRANSPORT_DEFAULT_USERNAME | string | Configure passbolt default email service username | `"test"` | -| passboltEnv.secret.PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | string | Configure passbolt server gpg key fingerprint | `nil` | -| passboltEnv.secret.SECURITY_SALT | string | Configure passbolt security salt | `nil` | -| podAnnotations | object | Map of annotation for passbolt server pod | `{}` | -| podSecurityContext | object | Security Context configuration for passbolt server pod | `{}` | -| rbacEnabled | bool | Enable role based access control | `true` | -| readinessProbe | object | Configure passbolt container RadinessProbe | `{"initialDelaySeconds":5,"periodSeconds":10}` | -| redis.auth.enabled | bool | Enable redis authentication | `true` | -| redis.auth.password | string | Configure redis password | `"test"` | -| redis.sentinel.enabled | bool | Enable redis sentinel | `true` | -| redisDependencyEnabled | bool | Install redis as a depending chart | `true` | -| replicaCount | int | If autoscaling is disabled this will define the number of pods to run | `2` | -| service.name | string | Configure passbolt service port name | `"https"` | -| service.port | int | Configure passbolt service port | `443` | -| service.targetPort | int | Configure passbolt service targetPort | `443` | -| service.type | string | Configure passbolt service type | `"ClusterIP"` | -| serviceAccount.annotations | object | Annotations to add to the service account | `{}` | -| serviceAccount.create | bool | Specifies whether a service account should be created | `true` | -| subscriptionKey | string | Pro subscription key in base64 only if you are using pro version | `nil` | -| subscription_keyPath | string | Configure passbolt subscription key path | `"/etc/passbolt/subscription_key.txt"` | -| tolerations | list | Configure passbolt deployment tolerations | `[]` | -{: .table-parameters } - -\* this is actually set to the latest available ce version, and not "latest", at time of writing this was 3.9.0-2-ce \ No newline at end of file diff --git a/_includes/hosting/helm/helm-warning.md b/_includes/hosting/helm/helm-warning.md deleted file mode 100644 index 3a577eef2..000000000 --- a/_includes/hosting/helm/helm-warning.md +++ /dev/null @@ -1,3 +0,0 @@ -{% include messages/warning.html - content="Important: Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods." -%} \ No newline at end of file diff --git a/_includes/hosting/install/aws/ami.md b/_includes/hosting/install/aws/ami.md deleted file mode 100644 index a07465067..000000000 --- a/_includes/hosting/install/aws/ami.md +++ /dev/null @@ -1,73 +0,0 @@ -Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you can -use for free on your Amazon Web Services infrastructure. -The AMI includes the following software: - -- Debian 11 -- Nginx -- Php-fpm -- Mariadb -- Passbolt {{ product | upcase }} preinstalled -- certbot - -This AMI does not provide an email server preinstalled so users can manually install it or -leverage on third party email providers. - - -## 1. Getting started with passbolt {{ product | upcase }} AMI - -{% if product == 'ce' %} - {% assign AWSMarketPlaceUrl = 'https://aws.amazon.com/marketplace/pp/B08PDGS3ML' %} - {% assign subscribeMarketPlaceUrl = '/assets/img/help/2020/12/subscribe-aws-ce.png' %} - {% assign acceptMarketPlaceUrl = '/assets/img/help/2020/12/accept-terms-aws-ce.png' %} - {% assign configureMarketPlaceUrl = '/assets/img/help/2020/12/configure-aws-ce.png' %} - {% assign launchMarketPlaceUrl = '/assets/img/help/2020/12/launch-aws-ce.png' %} -{% elsif product == 'pro'%} - {% assign AWSMarketPlaceUrl = 'https://aws.amazon.com/marketplace/pp/prodview-7tuiu3brmboa2' %} - {% assign subscribeMarketPlaceUrl = '/assets/img/help/2021/08/subscribe-aws-pro.png' %} - {% assign acceptMarketPlaceUrl = '/assets/img/help/2021/08/accept-terms-aws-pro.png' %} - {% assign configureMarketPlaceUrl = '/assets/img/help/2021/08/configure-aws-pro.png' %} - {% assign launchMarketPlaceUrl = '/assets/img/help/2021/08/launch-aws-pro.png' %} -{% endif %} - -You can subscribe to passbolt {{ product | upcase }} on the following [AWS marketplace listing]({{AWSMarketPlaceUrl}}). Just -click on "continue to subscribe" button on the listing page. - -{% include articles/figure.html url=subscribeMarketPlaceUrl legend="Subscribe to passbolt marketplace" width="586px" %} - -The EULA for the passbolt {{ product | upcase }} is the AGPL license you have to accept that in order -to use this image by just clicking on the "Accept terms" button. - -{% include articles/figure.html url=acceptMarketPlaceUrl legend="Accept AMI terms" width="586px" %} - -Once the terms are accepted you can click on "Continue to configuration" button. In the next -screen you will be able to select which version of the AMI you want to use as well as in which AWS region -you want the instance to be launched. -Once you have selected your desired configuration just click on "Continue to Launch" button. - -{% include articles/figure.html url=configureMarketPlaceUrl legend="Configure instance region and version" width="586px" %} - - -On the launch screen you will be able to select: -- How to launch the instance -- Instance type -- VPC -- Subnet settings -- Security group settings -- Key pair settings - -If you do not know what this fields mean just rely on the defaults making sure that they key pair -is available on your local machine so you can connect through SSH to the instance. -If all the values are good just click on "Launch" button. - -{% include articles/figure.html url=launchMarketPlaceUrl legend="Launch instance" width="586px" %} - -### 1.1. Setup HTTPS (optional, but highly recommended): - -If you are planning to use this AWS instance in production, it is highly recommended to setup SSL. There are two main methods described below: - -- [Auto (Using Let's Encrypt)](/configure/https/{{ product }}/aws/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/{{ product }}/debian/manual.html) - -{% include hosting/install/wizard/server.md databaseSection="hosting/install/wizard/database.md" %} - -{% include hosting/install/wizard/admin.md %} diff --git a/_includes/hosting/install/install-composer-dependencies.md b/_includes/hosting/install/install-composer-dependencies.md deleted file mode 100644 index 745a152ab..000000000 --- a/_includes/hosting/install/install-composer-dependencies.md +++ /dev/null @@ -1,4 +0,0 @@ -```shell -/var/www$ cd ./passbolt -/var/www/passbolt$ composer install --no-dev -``` \ No newline at end of file diff --git a/_includes/hosting/install/install.md b/_includes/hosting/install/install.md deleted file mode 100644 index 86eff868e..000000000 --- a/_includes/hosting/install/install.md +++ /dev/null @@ -1,100 +0,0 @@ - - -{% if distribution == 'centos' %} - {% assign downloadCmd = 'curl -L -o' %} -{% else %} - {% assign downloadCmd = 'wget -O' %} -{% endif %} - -This tutorial describes how to install Passbolt {{ product | upcase }} on a minimal {{ distributionLabel }} server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring. - -Installation time: 10 minutes. - -{% if distribution == 'debian' %} -Any doubt? Check out this [step by step video of the installation](https://youtu.be/rMgCQaAfJwE). -{% endif %} - -If you prefer to install passbolt manually please refer to this documentation: [Install passbolt from source](/hosting/install/ce/from-source.html). - -## Prerequisites - -For this tutorial, you will need: -- A minimal {{ distributionLabel }} server. -- A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. -- a working SMTP server for email notifications -* a working NTP service to avoid GPG authentication issues - -The recommended server requirements are: -- 2 cores -- 2GB of RAM - -FAQ pages: - -* [Set up NTP](/faq/hosting/set-up-ntp) -* [Firewall rules](/faq/hosting/firewall-rules){:target="_blank"} -* [Considerations about entropy](/faq/hosting/why-haveged-virtual-env){:target="_blank"} - -{% include messages/warning.html - content="**Please note:** It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server." -%} - -## 1. Configure your server - -{% if distribution == 'ubuntu' %} -If you are using ubuntu server image make sure the universe repository is present. -``` -sudo add-apt-repository universe -sudo apt-get update -``` - -In doubt you can check as follow: -``` -sudo cat /etc/apt/sources.list - -deb http://archive.ubuntu.com/ubuntu bionic main universe -deb http://archive.ubuntu.com/ubuntu bionic-security main universe -deb http://archive.ubuntu.com/ubuntu bionic-updates main universe -``` -{% endif %} - -### Download and execute the installation script - -{% if product == 'ce' %} - {% assign scriptSourceUrl = 'https://github.com/passbolt/passbolt_install_scripts' %} -{% else %} - {% assign scriptSourceUrl = 'https://bitbucket.org/passbolt/passbolt_install_scripts' %} -{% endif %} -*Note that you can find the source code of the install scripts on our [git repository]({{scriptSourceUrl}}).* - -The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs. - -```shell -{%- if distributionVersion == 'latest' %} -{{downloadCmd}} passbolt-{{ product }}-installer-{{ distributionSlug }}.tar.gz https://www.passbolt.com/{{ product }}/download/installers/{{ distribution }}/latest -{{downloadCmd}} passbolt-installer-checksum https://www.passbolt.com/{{ product }}/download/installers/{{ distribution }}/latest-checksum -{% else %} -{{downloadCmd}} passbolt-{{ product }}-installer-{{ distributionSlug }}.tar.gz https://www.passbolt.com/{{ product }}/download/installers/{{ distribution }}/{{ distributionVersion }}/latest -{{downloadCmd}} passbolt-installer-checksum https://www.passbolt.com/{{ product }}/download/installers/{{ distribution }}/{{ distributionVersion }}/latest-checksum -{% endif -%} -sha512sum -c passbolt-installer-checksum -tar -xzf passbolt-{{ product }}-installer-{{ distributionSlug }}.tar.gz -sudo ./passbolt_{{ product }}_{{ distribution }}_installer.sh -``` - -{% include hosting/install/wizard/install-scripts.md %} -{% include hosting/install/wizard/server.md %} -{% include hosting/install/wizard/admin.md %} - -### Frequently asked questions -- [Why are my emails not being sent?](/faq/hosting/why-email-not-sent) -- [How to I increase auto logout timeout?](/faq/hosting/how-to-increase-auto-logout-time) -- [How do I make backups](/faq/hosting/how-to-backup) diff --git a/_includes/hosting/install/packages/debian/install-debian-package.md b/_includes/hosting/install/packages/debian/install-debian-package.md deleted file mode 100644 index f26837948..000000000 --- a/_includes/hosting/install/packages/debian/install-debian-package.md +++ /dev/null @@ -1,8 +0,0 @@ -{% include hosting/install/packages/debian/prerequisites.md %} -{% include hosting/install/packages/debian/install-server-components.md %} - -{% include hosting/install/packages/debian/package-configuration.md %} - -{% include hosting/install/wizard/server.md %} - -{% include hosting/install/wizard/admin.md %} diff --git a/_includes/hosting/install/packages/debian/install-server-components.md b/_includes/hosting/install/packages/debian/install-server-components.md deleted file mode 100644 index bb1d477be..000000000 --- a/_includes/hosting/install/packages/debian/install-server-components.md +++ /dev/null @@ -1,82 +0,0 @@ -{% if upgrade_from_ce_to_pro != 'yes' %} -## Package repository setup - -{% endif %} - -For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt {{ product | upcase }} and install it. - -**Step 1.** Download our dependencies installation script: - -``` -wget "https://download.passbolt.com/{{product}}/installer/passbolt-repo-setup.{{product}}.sh" -``` - -**Step 2.** Download our SHA512SUM for the installation script: - -``` -wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-{{product}}-SHA512SUM.txt -``` - -**Step 3.** Ensure that the script is valid and execute it: - -``` -sha512sum -c passbolt-{{product}}-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.{{product}}.sh {% if migrate == 'yes' %} --passbolt-migrate {% endif %} || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.{{product}}.sh -``` - -{% if upgrade_from_ce_to_pro != 'yes' %} -## Install passbolt official linux package - -``` -sudo {{ distributionPackage }} install passbolt-{{product}}-server -``` - -{% if distributionPackage == 'dnf' or distributionPackage == 'yum' %} - -During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below: - -``` -Importing GPG key 0xC155581D: - Userid : "Passbolt SA package signing key " - Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D - From : https://download.passbolt.com/pub.key -``` -{% endif %} -{% if distributionPackage == 'zypper' %} - -During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below: - -``` - Repository: Passbolt Server - Key Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D - Key Name: Passbolt SA package signing key - Key Algorithm: RSA 2048 -``` - -If the fingerprint matches, trust always by answering **a** to this question: - -``` -Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): -``` - -Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always: - -``` - Repository: php - Key Fingerprint: 55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5 - Key Name: devel:languages:php OBS Project - Key Algorithm: DSA 1024 -``` - -Finally, verify and trust openSUSE PHP extensions repository GPG key: - -``` - Repository: php-extensions-x86_64 - Key Fingerprint: A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065 - Key Name: server:php:extensions OBS Project - Key Algorithm: RSA 2048 -``` - - -{% endif %} -{% endif %} diff --git a/_includes/hosting/install/packages/debian/package-configuration.md b/_includes/hosting/install/packages/debian/package-configuration.md deleted file mode 100644 index 4bed47269..000000000 --- a/_includes/hosting/install/packages/debian/package-configuration.md +++ /dev/null @@ -1,13 +0,0 @@ -{% if distributionPackage == 'dnf' or distributionPackage == 'yum' or distributionPackage == 'zypper' %} -{% include configure/configure-rpm-package.md %} -{% elsif distributionPackage == 'apt' %} -{% include configure/configure-debian-package-mariadb.md %} - -#### Configure nginx for serving HTTPS - -Depending on your needs there are two different options to setup nginx and SSL using the {{ distributionLabel }} package: - -- [Auto (Using Let's Encrypt)](/configure/https/{{ product }}/debian/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/{{ product }}/debian/manual.html) - -{% endif %} \ No newline at end of file diff --git a/_includes/hosting/install/packages/debian/prerequisites.md b/_includes/hosting/install/packages/debian/prerequisites.md deleted file mode 100644 index 4cb020859..000000000 --- a/_includes/hosting/install/packages/debian/prerequisites.md +++ /dev/null @@ -1,32 +0,0 @@ -## Prerequisites - -For this tutorial, you will need: -{% if distributionLabel == 'Raspberry' %} -- Any Raspberry PI from zero to 4 -- A minimal [Raspberry Pi OS Lite (formerly called Raspbian)](https://www.raspberrypi.com/software/operating-systems/) server or any OS based on Debian 11 Bullseye. -{% else %} -- A minimal {{ distributionLabel }} {{ distributionVersion }} server. -{% endif %} -- A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. -- a working SMTP server for email notifications -* a working NTP service to avoid GPG authentication issues - -The recommended server requirements are: -- 2 cores -- 2GB of RAM - -FAQ pages: - -* [Set up NTP](/faq/hosting/set-up-ntp) -* [Firewall rules](/faq/hosting/firewall-rules){:target="_blank"} -{% unless distributionLabel == 'Ubuntu' or distributionLabel == 'Debian' or distributionLabel == 'Raspberry' %} -* [Considerations about entropy](/faq/hosting/why-haveged-virtual-env){:target="_blank"} -{% endunless %} - -{% include messages/warning.html - content="**Please note:** It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server." -%} - -{% include messages/notice.html - content="Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning!" -%} \ No newline at end of file diff --git a/_includes/hosting/install/pro/v2/install-with-webinstaller.md b/_includes/hosting/install/pro/v2/install-with-webinstaller.md deleted file mode 100644 index 3e27a580d..000000000 --- a/_includes/hosting/install/pro/v2/install-with-webinstaller.md +++ /dev/null @@ -1,21 +0,0 @@ -To configure Passbolt Pro, the easiest way is to use the in-built configuration wizard. -Just point your browser to your passbolt url. - -You will be greeted by a welcome screen. Click on the Configure with wizard option and follow the instructions. - -{% include articles/figure.html - url="/assets/img/help/2018/11/web-installer-getting-started.png" - legend="passbolt welcome page before configuration" - width="586px" -%} - -{% include messages/warning.html - content="**Note:** Enter the same configuration details as the the ones that were used for your Passbolt CE. - This includes your database, smtp details, as well as your server GPG key that you'll need to import (**Do not generate a new one**)." -%} - -{% include articles/figure.html - url="/assets/img/help/2018/11/web-installer-pro-server-key-import.png" - legend="Wizard - import key screen" - width="586px" -%} \ No newline at end of file diff --git a/_includes/hosting/install/vm/00-vm-description.md b/_includes/hosting/install/vm/00-vm-description.md deleted file mode 100644 index eeae91be0..000000000 --- a/_includes/hosting/install/vm/00-vm-description.md +++ /dev/null @@ -1,8 +0,0 @@ -Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and start enjoying Passbolt Pro. -The VM includes the following software: -- Debian 12 -- Nginx -- Php-fpm -- Mariadb -- Passbolt Pro preinstalled -- certbot \ No newline at end of file diff --git a/_includes/hosting/install/vm/01-vm-setup.md b/_includes/hosting/install/vm/01-vm-setup.md deleted file mode 100644 index 758565239..000000000 --- a/_includes/hosting/install/vm/01-vm-setup.md +++ /dev/null @@ -1,44 +0,0 @@ - -## 1. Getting started with Passbolt Pro VM - -### 1.1 Download - -Download the ova and the SHA512SUM.txt: - -- [Passbolt Pro VM](https://www.passbolt.com/pro/download/vm/debian/latest) -- [SHA512SUM.txt](https://www.passbolt.com/pro/download/vm/debian/latest-checksum) - -Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files. - -Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM's settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process. - -### 1.2 Credentials - -The appliance performs some actions on the first boot: -- Creates ssh host keys -- Enables ssh -- Creates a set of random mariadb credentials for the mariadb server installed on the appliance -- Creates an empty database where passbolt can be installed. - -For the first login the appliance comes with the following ssh default credentials: - -```bash -VM login credentials: -username: passbolt -password: admin -``` - -The `passbolt` user is part of `sudo` group. There is no root password, so you cannot -login in as root. You can however create a shell as root with the default user: -``` -sudo -s -``` - -{% if migrate == false %} -### 1.3. HTTPS setup process: - -Passbolt Pro VM uses passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the debian package: - -- [Auto (Using Let's Encrypt)](/configure/https/{{ product }}/ova/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/{{ product }}/debian/manual.html) -{% endif %} \ No newline at end of file diff --git a/_includes/hosting/install/vm/02-vm-configuration.md b/_includes/hosting/install/vm/02-vm-configuration.md deleted file mode 100644 index b70c4ff9c..000000000 --- a/_includes/hosting/install/vm/02-vm-configuration.md +++ /dev/null @@ -1,3 +0,0 @@ -{% include hosting/install/wizard/server.md databaseSection="hosting/install/wizard/database.md" %} - -{% include hosting/install/wizard/admin.md %} \ No newline at end of file diff --git a/_includes/hosting/install/warning-gpg-key-generation.html b/_includes/hosting/install/warning-gpg-key-generation.html deleted file mode 100644 index 574b9b2a2..000000000 --- a/_includes/hosting/install/warning-gpg-key-generation.html +++ /dev/null @@ -1,29 +0,0 @@ -

- Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

- -To create a new GnuPG key without passphrase: -``` -gpg --batch --no-tty --gen-key <
- Passphrase or no?
- Whether or not you need to set a passphrase will depend on why you are making this keypair.
- Organization Account Recovery: In this case you want to set a passphrase.
- Server GPG keys: In this case you do not want to set a passphrase.
-

- diff --git a/_includes/hosting/install/wizard/admin.md b/_includes/hosting/install/wizard/admin.md deleted file mode 100644 index e47a87c3d..000000000 --- a/_includes/hosting/install/wizard/admin.md +++ /dev/null @@ -1,37 +0,0 @@ - -## 3. Configure your administrator account - -### 3.1. Download the plugin - -Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step. - -{% include articles/figure.html url="/assets/img/help/2021/02/user-setup-download-browser-extension.png" legend="download the browser extension" width="586px" %} - -### 3.2. Create a new key - -Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords. - -{% include articles/figure.html url="/assets/img/help/2021/02/user-setup-generate-key.png" legend="generate a key" width="586px" %} - -### 3.3. Download your recovery kit - -This step is essential. Your key is the only way to access your account and passwords. - -{% include messages/warning.html -content="**WARNING:** If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase." -%} - -{% include articles/figure.html url="/assets/img/help/2021/02/user-setup-download-recovery-kit.png" legend="download the recovery kit" width="586px" %} - -### 3.4. Define your security token - -Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token. - -{% include articles/figure.html url="/assets/img/help/2021/02/user-setup-security-token.png" legend="define your security token" width="586px" %} - -### 3.5. That's it! - -Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy! diff --git a/_includes/hosting/install/wizard/database.md b/_includes/hosting/install/wizard/database.md deleted file mode 100644 index 7a8cd86cd..000000000 --- a/_includes/hosting/install/wizard/database.md +++ /dev/null @@ -1,34 +0,0 @@ -## 2.{{ include.stepNumber }}{% assign include.stepNumber = include.stepNumber | plus:1 %}. Database - -Passbolt {{ page.card_title }} comes with a preinstalled mariadb database. The credentials for -this database are randomly generated on the first boot and the webinstaller autofills -those credentials for you. The autogenerated database credentials will be -available for later use by administrators in `/etc/passbolt/passbolt.php` file. - -If you decide to use the autogenerated credentials you -can click the "Next" button and move to the next step on this tutorial. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2021/02/web-installer-pro-database.png" legend="wizard - database" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2021/02/web-installer-ce-database.png" legend="wizard - database" width="586px" %} -{% endif %} - -**Optional:** in case you do not want to use the autogenerated mariadb -credentials you could connect through ssh to your instance -and use the mariadb root credentials to create a new -user, password and database for passbolt to use: - -``` -ssh admin@ -``` - -You can find the root database credentials in `/root/.mysql_credentials` file: - -``` -sudo cat /root/.mysql_credentials -``` - -Once you have the root database credentials you can connect to the local mariadb -and create any database and user you want to use to install passbolt. - diff --git a/_includes/hosting/install/wizard/install-scripts.md b/_includes/hosting/install/wizard/install-scripts.md deleted file mode 100644 index 558d31f42..000000000 --- a/_includes/hosting/install/wizard/install-scripts.md +++ /dev/null @@ -1,55 +0,0 @@ - -{% include articles/figure.html - url="/assets/img/help/2018/04/execute-install-script.png" - legend="execute the install script" - width="586px" -%} - -### Do you want to install a local mariadb server on this machine? - -- **Yes**: if you are not planning on using an external mysql / mariadb server. -- **No**: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt. - -The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password. - -### Hostname - -To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation. - -example: my-passbolt.acme.com - -### SSL Setup -Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance. - -- **manual**: (recommended) choose manual if you have your own ssl certificates. -- **auto**: this option will issue a SSL certificate automatically through [Let's Encrypt](https://letsencrypt.org). -Use this option only if you have a domain name that is reachable by the outside world, or it will not work. -- **none**: choose this option if you don't want your webserver to run https. This is not recommended. - -**Important:** if you choose 'none' and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie. - -### Common GnuPG issues - -On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged. - -Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question. - -{% include hosting/install/warning-gpg-key-generation.html %} - -For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow. - -Your environment is now ready to support passbolt. - -{% include articles/figure.html - url="/assets/img/help/2018/04/end-install-script.png" - legend="completion of the install script" - width="586px" -%} diff --git a/_includes/hosting/install/wizard/server.md b/_includes/hosting/install/wizard/server.md deleted file mode 100644 index c617a771e..000000000 --- a/_includes/hosting/install/wizard/server.md +++ /dev/null @@ -1,122 +0,0 @@ -## 2. Configure passbolt - -Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page. - -{% include articles/figure.html url="/assets/img/help/2021/02/web-installer-getting-started.png" legend="passbolt welcome page before configuration" width="586px" %} - -{% assign stepNumber = 1 %} -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Healthcheck - -The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -"Start configuration" when ready. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-healthcheck.png" legend="wizard - healthcheck" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-healthcheck.png" legend="wizard - healthcheck" width="586px" %} -{% endif %} - -{% if product == 'pro' %} -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Subscription key - -At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box. - -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-subscription-key.png" legend="wizard - subscription key" width="586px" %} -{% endif %} - -{% if include.databaseSection %} -{% include {{include.databaseSection}} stepNumber=stepNumber %} -{% else %} -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Database - -This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2021/02/web-installer-pro-database.png" legend="wizard - database" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2021/02/web-installer-ce-database.png" legend="wizard - database" width="586px" %} -{% endif %} -{% endif %} - -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. GPG key - -In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process. - -Generate a key if you don't have one. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-server-key-generate.png" legend="wizard - generate a key pair" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-server-key-generate.png" legend="wizard - generate a key pair" width="586px" %} -{% endif %} - -**Optional**: Import a key if you already have one and you want your server to use it. - -{% include hosting/install/warning-gpg-key-generation.html %} - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-server-key-import.png" legend="wizard - import a key pair" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-server-key-import.png" legend="wizard - import a key pair" width="586px" %} -{% endif %} - -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Mail server (SMTP) - -At this stage, the wizard will ask you to enter the details of your SMTP server. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-email.png" legend="wizard - smtp mail server details" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-email.png" legend="wizard - smtp mail server details" width="586px" %} -{% endif %} - -You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on "Send test email". - -{% include articles/figure.html url="/assets/img/help/2018/04/wizard-test-email.png" legend="wizard - test smtp settings" width="300px" %} - -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Preferences - -The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-options.png" legend="wizard - preferences" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-options.png" legend="wizard - preferences" width="586px" %} -{% endif %} - -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. First user creation - -You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-first-user.png" legend="wizard - first user" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-first-user.png" legend="wizard - first user" width="586px" %} -{% endif %} - -### 2.{{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Installation - -That's it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-install.png" legend="wizard - installation" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-install.png" legend="wizard - installation" width="586px" %} -{% endif %} - -Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account. - -{% if product == 'pro' %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-pro-completed.png" legend="wizard - completion and redirection" width="586px" %} -{% else %} -{% include articles/figure.html url="/assets/img/help/2018/11/web-installer-ce-completed.png" legend="wizard - completion and redirection" width="586px" %} -{% endif %} - diff --git a/_includes/hosting/update/in-case-of-issues-from-source.md b/_includes/hosting/update/in-case-of-issues-from-source.md deleted file mode 100644 index 1c578b683..000000000 --- a/_includes/hosting/update/in-case-of-issues-from-source.md +++ /dev/null @@ -1,31 +0,0 @@ -## Troubleshooting - -#### Verifying the status of the application -Optionally, you can login as an administrator and check the status on the healthcheck page: - -{% include articles/figure.html -url="/assets/img/screenshots/AD_healthcheck.jpg" -legend="Example of healthcheck screen" -%} - -You can also run the following command: -```bash -$ sudo -H -u www-data bash -c "./bin/cake passbolt healthcheck" -``` - -#### If you run into some issues - -If you run into some issues: -* Make a copy or screenshot of the errors messages displayed on the screen -* Check for error message in the `logs` directory -* Check for error message in the browser console -* Checkout the previous working version using git -* Drop the database and load your backup data to restore to a previously working version -* Note down the the details of you environment: your OS, php, mysql environment versions. - -Where to get help: -* If you are a Passbolt Pro Edition subscriber send us an [email](mailto:contact@passbolt.com) with the details. -* If you are a Passbolt Community Edition user you can open new thread on the [community forum](https://community.passbolt.com/c/installation-issues). - -The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you. diff --git a/_includes/hosting/update/in-case-of-issues.md b/_includes/hosting/update/in-case-of-issues.md deleted file mode 100644 index a27336d94..000000000 --- a/_includes/hosting/update/in-case-of-issues.md +++ /dev/null @@ -1,31 +0,0 @@ -## Troubleshooting - -#### Verifying the status of the application -Optionally, you can login as an administrator and check the status on the healthcheck page: - -{% include articles/figure.html - url="/assets/img/screenshots/AD_healthcheck.jpg" - legend="Example of healthcheck screen" -%} - -You can also run the following command: -```bash -$ sudo -H -u {{ webServerUser }} bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" -``` - -#### If you run into some issues - -If you run into some issues: -* Make a copy or screenshot of the errors messages displayed on the screen -* Check for error message in the `logs` directory -* Check for error message in the browser console -* Checkout the previous working version using git -* Drop the database and load your backup data to restore to a previously working version -* Note down the the details of you environment: your OS, php, mysql environment versions. - -Where to get help: -* If you are a Passbolt Pro Edition subscriber send us an [email](mailto:contact@passbolt.com) with the details. -* If you are a Passbolt Community Edition user you can open new thread on the [community forum](https://community.passbolt.com/c/installation-issues). - -The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you. diff --git a/_includes/hosting/update/major-update.md b/_includes/hosting/update/major-update.md deleted file mode 100644 index 7d681dfd0..000000000 --- a/_includes/hosting/update/major-update.md +++ /dev/null @@ -1,3 +0,0 @@ -## Major update - -Please see the following documentation to [Update from v1 to v2](/hosting/upgrade) diff --git a/_includes/hosting/update/package-update.md b/_includes/hosting/update/package-update.md deleted file mode 100644 index 5c2b9f99a..000000000 --- a/_includes/hosting/update/package-update.md +++ /dev/null @@ -1,65 +0,0 @@ -## Prerequisites - -For this tutorial, you will need: -- A minimal {{ distributionLabel }} server. -- Passbolt {{ distributionLabel }} package installed. - -## Update passbolt -### 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -$ sudo systemctl stop nginx -``` - -### 2. Backup your database - -It is recommended to always perform a backup of your passbolt installation. Please check the [backup](/hosting/backup) article - -### 3. Upgrade your system - -{% include messages/warning.html -content="**Pro tip:** Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That's why we are suggesting to manually upgrade passbolt prior to system upgrade" -%} - -This commands will trigger an upgrade on your whole {{ distributionLabel }} system: - -{% if distributionPackage == 'apt' %} -```bash -sudo {{ distributionPackage }} update -sudo {{ distributionPackage }} --only-upgrade install passbolt-ce-server -sudo {{ distributionPackage }} upgrade -``` - -{% include messages/notice.html -content="**You are running Passbolt PRO? ↓**" -%} - -```bash -sudo {{ distributionPackage }} update -sudo {{ distributionPackage }} --only-upgrade install passbolt-pro-server -sudo {{ distributionPackage }} upgrade -``` - -{% elsif distributionPackage == 'dnf' or distributionPackage == 'yum' or distributionPackage == 'zypper' %} -```bash -$ sudo {{ distributionPackage }} update -``` -{% endif %} -### 4. Clear the cache - -Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files: - -```bash -$ sudo -H -u {{ webServerUser }} bash -c "/usr/share/php/passbolt/bin/cake cache clear_all" -``` - -### 5. Bring your site back online - -Almost done: -```bash -sudo systemctl start nginx -``` \ No newline at end of file diff --git a/_includes/hosting/update/version-helper.md b/_includes/hosting/update/version-helper.md deleted file mode 100644 index 5c70a8213..000000000 --- a/_includes/hosting/update/version-helper.md +++ /dev/null @@ -1,13 +0,0 @@ -## Where to find the latest release version number? - -You can find information about which version is the latest in the [release notes](/releases). It is generally a good idea to check these notes before running an update. You can also find it on the official [GIT repository](https://github.com/passbolt/passbolt_api/blob/master/config/version.php). - -## Where to find the version number for a given installation? - -You can check `app/Config/version.php` to know the version number for your local instance. You can also hover on the _heart_ icon at the bottom right corner of any passbolt screen. The first item is the server version, the second the one from the browser extension. - -{% include articles/figure.html - url="/assets/img/help/2018/05/AN_footer_version_help.png" - legend="footer version helper" - width="210px" -%} diff --git a/_includes/hosting/upgrade/ce/v1/check-latest-version-installed.md b/_includes/hosting/upgrade/ce/v1/check-latest-version-installed.md deleted file mode 100644 index e25e2f811..000000000 --- a/_includes/hosting/upgrade/ce/v1/check-latest-version-installed.md +++ /dev/null @@ -1,7 +0,0 @@ -If you do not have the latest version, please follow the regular [v1 udpate process](/hosting/update-v1). -We’ll also assume you have a web server that match the system requirements. - -```shell -/var/www/passbolt$ cat app/Config/version.php | grep number -'number' => '1.6.10' -``` \ No newline at end of file diff --git a/_includes/hosting/upgrade/ce/v2/copy-avatar-from-v1.md b/_includes/hosting/upgrade/ce/v2/copy-avatar-from-v1.md deleted file mode 100644 index 8b85fcb20..000000000 --- a/_includes/hosting/upgrade/ce/v2/copy-avatar-from-v1.md +++ /dev/null @@ -1,4 +0,0 @@ -```shell -/var/www/passbolt$ cp -R ../passbolt_old/app/webroot/img/public/* ./webroot/img/public/. -/var/www/passbolt$ mv ./webroot/img/public/images/ProfileAvatar ./webroot/img/public/images/Avatar -``` diff --git a/_includes/hosting/upgrade/ce/v2/copy-server-gpg-from-v1.md b/_includes/hosting/upgrade/ce/v2/copy-server-gpg-from-v1.md deleted file mode 100644 index 84e6c2bfd..000000000 --- a/_includes/hosting/upgrade/ce/v2/copy-server-gpg-from-v1.md +++ /dev/null @@ -1,3 +0,0 @@ -```shell -/var/www/passbolt$ cp ../passbolt_old/app/Config/gpg/* config/gpg/. -``` \ No newline at end of file diff --git a/_includes/hosting/upgrade/cronjobs.md b/_includes/hosting/upgrade/cronjobs.md deleted file mode 100644 index 023657447..000000000 --- a/_includes/hosting/upgrade/cronjobs.md +++ /dev/null @@ -1,31 +0,0 @@ -As you are upgrading from CE to Pro you will need to make sure you don't have duplicate cronjobs. - -You can do this by checking `/etc/cron.d/` - -You may see: -``` -/etc/cron.d/passbolt-ce-server -/etc/cron.d/passbolt-pro-server -``` - -If this is the case you'll want to run: -``` -rm /etc/cron.d/passbolt-ce-server -``` - -As this will clear out the no longer needed CE job to send emails. If you leave this you may experience receiving duplicate emails. - -The other regularly occuring job which you can remove will be under `/etc/logrotate.d/` - -You may see: -``` -/etc/logrotate.d/passbolt-ce-server -/etc/logrotate.d/passbolt-pro-server -``` - -If this is the case you'll want to run: -``` -rm /etc/logrotate.d/passbolt-ce-server -``` - -This will clean up the no longer needed log rotation job. \ No newline at end of file diff --git a/_includes/hosting/upgrade/pro/v2/download-and-replace-passbolt.md b/_includes/hosting/upgrade/pro/v2/download-and-replace-passbolt.md deleted file mode 100644 index 61d290e26..000000000 --- a/_includes/hosting/upgrade/pro/v2/download-and-replace-passbolt.md +++ /dev/null @@ -1,12 +0,0 @@ -Open a shell with the same user as your web server user. (usually, www-data for apache, nginx for nginx) - -```shell -/var/www$ su -s /bin/bash www-data -``` - -Replace the previous passbolt by the new version. - -```shell -/var/www$ mv ./passbolt ./passbolt_old -/var/www$ git clone {{ include.repo_url }} ./passbolt -``` diff --git a/_includes/hosting/upgrade/take-your-site-offline.md b/_includes/hosting/upgrade/take-your-site-offline.md deleted file mode 100644 index 33da1b9b2..000000000 --- a/_includes/hosting/upgrade/take-your-site-offline.md +++ /dev/null @@ -1,3 +0,0 @@ -There are multiple ways of doing that, the simplest is sending a notice by email to your users -and stopping your webserver. The better approach would be to create a temporary html file and -redirect your passbolt user there. \ No newline at end of file diff --git a/_includes/hosting/upgrade/upgrade-debian-like-os.md b/_includes/hosting/upgrade/upgrade-debian-like-os.md deleted file mode 100644 index 98e44e6c5..000000000 --- a/_includes/hosting/upgrade/upgrade-debian-like-os.md +++ /dev/null @@ -1,174 +0,0 @@ -## Prerequisites - -For this tutorial, you will need: -- A {{ distributionLabel }} {{ distributionVersionOld }} server. -- Passbolt Debian package installed. -- Ensure you have sufficient space for the upgrade. - -This manual has for aim to help you upgrade your distribution, but it does not replace -[the official {{ distributionLabel }} guide]({{distributionUpgradeGuide}}), please refer to it if you have any doubt. - -## 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -$ sudo systemctl stop nginx -``` - -## 2. Backup your instance - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup). - -## 3. Prepare repositories - -### 3.1. Upgrade the OS and other third party repositories - -Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -{{ distributionLabel }} {{ distributionVersion }}. This can be easily done with sed: - -``` -sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list -sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/*.list -``` - -Take care of the debian security repository !! The format has changed and the correct one is now, edit the file -*/etc/apt/sources.list* and update the security repositories as following: - -``` -deb https://security.debian.org/debian-security bullseye-security main -deb-src https://security.debian.org/debian-security bullseye-security main -``` - -### 3.2. Remove the old passbolt repository source - -With {{ distributionLabel }} {{ distributionVersion }} apt-key is now deprecated and with this change let's migrate to -the new source-file format (DEB822). - -Remove the old passbolt source-file: - -``` -sudo rm /etc/apt/sources.list.d/passbolt.list -``` - -Remove the passbolt GnuPG key from apt-key: - -``` -sudo apt-key del 0xDE8B853FC155581D -``` - -### 3.3. Retrieve and store the passbolt GnuPG repository key - -Retrieve passbolt repository package official GnuPG key from *hkps://keys.mailvelope.com*, *hkps://pgp.mit.edu* or *hkps://keys.gnupg.net*: - -``` -gpg --keyserver hkps://keys.mailvelope.com --receive-keys 0xDE8B853FC155581D -``` - -Check that the GPG fingerprint matches `3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D`: - -``` -gpg --list-key --with-fingerprint 0xDE8B853FC155581D -``` - -It must return: - -``` -pub rsa2048 2020-05-18 [SC] [expires: 2022-05-18] - 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D -uid [ unknown] Passbolt SA package signing key -sub rsa2048 2020-05-18 [E] [expires: 2022-05-18] -``` - -Stock the passbolt GnuPG key on disk for later use: - -``` -gpg --export 0xDE8B853FC155581D | sudo tee \ - /usr/share/keyrings/passbolt-repository.gpg >/dev/null -``` - -### 3.4. Add the new passbolt repository source - -Create a new repository source-file following the format DEB822 for passbolt. - -``` -cat << EOF | sudo tee /etc/apt/sources.list.d/passbolt.sources > /dev/null -Types: deb -URIs: https://download.passbolt.com/{{ product }}/{{ distribution }} -Suites: {{ distributionVersionName }} -Components: stable -Signed-By: /usr/share/keyrings/passbolt-repository.gpg -EOF -``` - -## 4. Upgrade your system - -Update the apt indexes : - -``` -sudo apt update -``` - -You can now upgrade your system : - -``` -# Upgrade first -sudo apt upgrade - -# Then perform the dist-upgrade -sudo apt dist-upgrade -``` - -## 5. Update passbolt nginx configuration - -As php-fpm has been upgraded from 7.3 to 7.4, nginx configuration has to be updated accordingly. - -It can easily be done with sed : - -``` -sudo sed -i 's/php7.3-fpm/php-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf -``` - -Check if you have no configuration issue : - -``` -sudo nginx -t -``` - -It should return: - -``` -nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -``` - -You can now safely reload the nginx web server: - -``` -sudo systemctl reload nginx.service -``` - -## 6. Reboot your server - -With {{ distributionLabel }} {{ distributionVersion }} comes a new Linux kernel, you must reboot your server. - -## 7. Clean useless packages - -Once the server rebooted on the new kernel, you can now remove useless packages: - -``` -sudo apt autoremove --purge -sudo apt autoclean -``` - -## 8. Troubleshooting - -### MariaDB went missing - -It is possible your MariaDB instance has been uninstalled. You can install it back: - -``` -sudo apt install default-mysql-server -``` diff --git a/_includes/hosting/upgrade/upgrade-debian12-new-specs.md b/_includes/hosting/upgrade/upgrade-debian12-new-specs.md deleted file mode 100644 index 26863c8c9..000000000 --- a/_includes/hosting/upgrade/upgrade-debian12-new-specs.md +++ /dev/null @@ -1,150 +0,0 @@ -## Prerequisites - -For this tutorial, you will need: -- A {{ distributionLabel }} {{ distributionVersionOld }} server. -- Passbolt Debian package installed. -- Ensure you have sufficient space for the upgrade. - -This manual has for aim to help you upgrade your distribution, but it does not replace -[the official {{ distributionLabel }} guide]({{distributionUpgradeGuide}}), please refer to it if you have any doubt. - -## 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -$ sudo systemctl stop nginx -``` - -## 2. Backup your instance - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup). - -## 3. Prepare repositories - -### 3.1. Upgrade the OS and other third party repositories - -Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -{{ distributionLabel }} {{ distributionVersion }}. This can be easily done with sed: - -``` -sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list -``` - -Please, take a moment with: *cat /etc/apt/sources.list* to ensure that there is not any bullseye left on this file. You should expect something like what's shown below. - -```bash -# deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main - -#deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main - -deb http://httpredir.debian.org/debian/ bookworm main -deb-src http://httpredir.debian.org/debian/ bookworm main - -deb http://security.debian.org/debian-security bookworm-security main contrib -deb-src http://security.debian.org/debian-security bookworm-security main contrib - -# bookworm-updates, to get updates before a point release is made; -# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports -deb http://httpredir.debian.org/debian/ bookworm-updates main contrib -deb-src http://httpredir.debian.org/debian/ bookworm-updates main contrib - -``` - -## 4. Upgrade your system - -Update the apt indexes : - -``` -sudo apt update -``` - -Upgrade Passbolt PRO : -``` -sudo apt --only-upgrade install passbolt-pro-server -``` - -{% include messages/warning.html -content="You are using Passbolt CE? Run `sudo apt --only-upgrade install passbolt-ce-server`" -%} - -You can now upgrade your system : - -``` -# Upgrade first -sudo apt upgrade - -# Then perform the dist-upgrade -sudo apt dist-upgrade -``` - -### 4.1. Ensure that you are running the correct distributions - -In order to verify the distribution : - -```bash -lsb_release -a -``` - -### 4.2. Ensure that you are running the correct PHP 8.2 version - -To verify the PHP version : - -```bash -php -v -``` - -## 5. Update passbolt nginx configuration - -As php-fpm has been upgraded from 7.4 to 8.2, nginx configuration has to be updated accordingly. - -It can easily be done with sed : - -``` -sudo sed -i 's/php7.4-fpm/php8.2-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf -``` - -Check if you have no configuration issue : - -``` -sudo nginx -t -``` - -It should return: - -``` -nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -``` - -You can now safely restart the nginx web server and php-fpm: - -```bash -sudo systemctl restart nginx -sudo systemctl restart php8.2-fpm -``` - -## 6. Reboot your server - -With {{ distributionLabel }} {{ distributionVersion }} comes a new Linux kernel, you must reboot your server. - -## 7. Clean useless packages - -Once the server rebooted on the new kernel, you can now remove useless packages: - -``` -sudo apt autoremove --purge -sudo apt autoclean -``` - -## 8. Troubleshooting - -### MariaDB went missing - -It is possible your MariaDB instance has been uninstalled. You can install it back: - -``` -sudo apt install default-mysql-server -``` diff --git a/_includes/hosting/upgrade/upgrade-existing-migrate-data.md b/_includes/hosting/upgrade/upgrade-existing-migrate-data.md deleted file mode 100644 index 403c62c90..000000000 --- a/_includes/hosting/upgrade/upgrade-existing-migrate-data.md +++ /dev/null @@ -1,81 +0,0 @@ - - -## Migrate data - -Load the backup files into the new {{ distributionLabel }} server, for the following tasks we will consider that the backup files are in your user home directory `~/backup` - -You should have: - -{% if product == 'pro' %} -* Your subscription key -{% endif %} -* the private and public GPG key -* Your database dump -* The avatar archive file `passbolt-avatars.tar.gz` if you are coming from Passbolt prior to 3.2 - -{% assign stepNumber = 1 %} - -{% if product == 'pro' %} -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Create the subscription key file - -You received your subscription key by email, copy it as `/etc/passbolt/subscription_key.txt` on your server. -```` -nano /etc/passbolt/subscription_key.txt -```` - -{% endif %} - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Restore Passbolt configuration file and ensure rights and ownership are correct: - -``` -sudo mv ~/backup/passbolt.php /etc/passbolt -sudo chown {{ webServerUser }}:{{ webServerUser }} /etc/passbolt/passbolt.php -sudo chown {{ webServerUser }}:{{ webServerUser }} /etc/passbolt/subscription_key.txt -sudo chmod 440 /etc/passbolt/passbolt.php -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Restore GPG public and private keys and ensure rights and ownership are correct: - -``` -sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg -sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg -sudo chown {{ webServerUser }}:{{ webServerUser }} /etc/passbolt/gpg/serverkey_private.asc -sudo chown {{ webServerUser }}:{{ webServerUser }} /etc/passbolt/gpg/serverkey.asc -sudo chmod 440 /etc/passbolt/gpg/serverkey.asc -sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2) - -``` -sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ -sudo chown -R {{ webServerUser }}:{{ webServerUser }} /usr/share/php/passbolt/webroot/img/public -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Load the database - -``` -mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Import the server key - -``` -sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" {{ webServerUser }} -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Migrate passbolt to the latest version - -``` -sudo -H -u {{ webServerUser }} /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate" -``` - -**Step {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}.** Test passbolt - -Try to access your passbolt application with your browser. - -If you are encountering any issues, you can run the following command to assess the status of your instance: - -``` -sudo -H -u {{ webServerUser }} /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" -``` \ No newline at end of file diff --git a/_includes/hosting/upgrade/upgrade-existing-to-new-docker.md b/_includes/hosting/upgrade/upgrade-existing-to-new-docker.md deleted file mode 100644 index 86479bb39..000000000 --- a/_includes/hosting/upgrade/upgrade-existing-to-new-docker.md +++ /dev/null @@ -1,135 +0,0 @@ -This document describes how to migrate an existing passbolt to a new {{ distributionLabel }} server. - -## Pre-requisites - -For this tutorial, you will need: -- Passbolt installed on an old server -- A new server with Docker - -## Backup the existing data - -Prior to the migration you will need to backup the existing passbolt instance data. Please refer to [the official backup documentations](/hosting/backup). - -Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. - -Don’t delete the existing instance yet! - -## Prepare the new server - -Create a fresh new Passbolt instance on Docker following [this documentation](/hosting/install/{{ product }}/docker.html). - -## Migrate the data - -### Stop running containers - -At this step, you should have a running empty Passbolt instance running on your server. We will now stop it and delete the database volume. - -If you have chosen the `docker-compose` install, you just have to delete the volumes you created with this command (don't forget the `-v`): - -```bash -docker-compose -f docker-compose-{{ product }}.yaml down -v -``` - -If you have chosen to run docker containers, stop them and delete the database volume: - -``` -docker stop passbolt-container-name -docker stop passbolt-database-name -docker volume rm passbolt-database-volume-name -``` - -Of course, replace containers and volume name with your own ! - -### Restore your database - -According to [MariaDB documentation on Docker Hub](https://hub.docker.com/_/mariadb): - -``` -When a container is started for the first time, a new database with the specified name will be created and initialized with the provided configuration variables. - -Furthermore, it will execute files with extensions .sh, .sql, .sql.gz, and .sql.xz that are found in /docker-entrypoint-initdb.d. Files will be executed in alphabetical order. .sh files without file execute permission are sourced rather than executed. - -You can easily populate your mariadb services by mounting a SQL dump into that directory and provide custom images with contributed data. SQL files will be imported by default to the database specified by the MARIADB_DATABASE / MYSQL_DATABASE variable. -``` - -This means you just have to mount your database backup file on `/docker-entrypoint-initdb.d` folder of the database container. - -Edit your docker-compose-{{ product }}.yaml file and add a volume mount in the db service: - -``` -volumes: - - database_volume:/var/lib/mysql - - ./path/to/your/database/dump.sql:/docker-entrypoint-initdb.d/dump.sql -``` - -### Set your GPG server keys fingerprint and email - -In the scope of a migration to docker, you need to add 2 environment variables to the passbolt service -related to the GPG server keys fingerprint and email address. - -Get them from your backed up keys: - -``` -$ gpg --show-keys /path/to/serverkey.asc -pub rsa2048 2022-01-20 [SC] - 43F978AFF88B53F5ABBD12C87D5E40A4C43926ED -uid Passbolt default user -sub rsa2048 2022-01-20 [E] -``` - -In the above output, fingerprint is `43F978AFF88B53F5ABBD12C87D5E40A4C43926ED` and email address is `passbolt@yourdomain.com`. - -Add the environment variables in your `docker-compose-{{ product }}.yaml` file (replace with your own values): - -``` -services: - passbolt: - environment: - PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "43F978AFF88B53F5ABBD12C87D5E40A4C43926ED" - PASSBOLT_KEY_EMAIL: "passbolt@yourdomain.com" -``` - -### Start your containers - -You can now start your database and passbolt containers, your database will be restored at the database container start. - -### Restore GPG server keys - -Copy the GPG you backed up in your container: - -``` -docker cp serverkey_private.asc your-passbolt-container:/etc/passbolt/gpg/serverkey_private.asc -docker cp serverkey.asc your-passbolt-container:/etc/passbolt/gpg/serverkey.asc -``` - -Then set correct rights: - -``` -docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey.asc -docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc -docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey.asc -docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey_private.asc -``` - -### Restore avatars (if you are coming from prior 3.2) - -{% - include messages/warning.html - content="This step is needed only if you come from Passbolt version prior to 3.2. Since 3.2, avatars are stored in database" -%} - -Extract the avatars to the Passbolt docker container: - -``` -cat passbolt-avatars.tar.gz | docker exec -i your-passbolt-container tar -C /usr/share/php/passbolt/ -xzf - -``` - -Then set correct rights to the avatars: - -``` -docker exec -it your-passbolt-container chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/avatar -``` - -### That's it - -If your passbolt URL has changed, you will have to proceed to an [account recovery](/faq/start/account-recover). diff --git a/_includes/hosting/upgrade/upgrade-existing-to-new-server.md b/_includes/hosting/upgrade/upgrade-existing-to-new-server.md deleted file mode 100644 index 3c22a6bd4..000000000 --- a/_includes/hosting/upgrade/upgrade-existing-to-new-server.md +++ /dev/null @@ -1,24 +0,0 @@ -This document describes how to migrate an existing passbolt to a new {{ distributionLabel }} server. - -## Pre-requisites - -For this tutorial, you will need: -- Passbolt installed on an old server -- A minimal {{ distributionLabel }} {{ distributionVersion }} new server - -## Backup the existing data - -Prior to the migration you will need to backup the existing passbolt instance data. Please refer to [the official backup documentations](/hosting/backup). - -Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. - -Don’t delete the existing instance yet! - -## Prepare the new {{ distributionLabel }} server - - -{% include hosting/install/packages/debian/install-server-components.md %} -{% assign migrate = true %} -{% include hosting/install/packages/debian/package-configuration.md %} -{% include hosting/upgrade/upgrade-existing-migrate-data.md %} - diff --git a/_includes/hosting/upgrade/upgrade-existing-to-new-vm.md b/_includes/hosting/upgrade/upgrade-existing-to-new-vm.md deleted file mode 100644 index 3bf557c94..000000000 --- a/_includes/hosting/upgrade/upgrade-existing-to-new-vm.md +++ /dev/null @@ -1,47 +0,0 @@ -This document describes how to migrate an existing passbolt to a new Virtual Machine Appliance. - -## Pre-requisites - -For this tutorial, you will need: -- Passbolt installed on an old server - -## Backup the existing data - -Prior to the migration you will need to backup the existing passbolt instance data. Please refer to [the official backup documentations](/hosting/backup). - -Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. - -Don’t delete the existing instance yet! - -## Prepare the Virtual Machine Appliance for migration - -{% include messages/warning.html - content="While configuring the database ensure you are configuring the database as it was on your previous server, check the backup of the file passbolt.php for the configuration details." -%} - -{% include hosting/install/vm/00-vm-description.md %} - -{% include hosting/install/vm/01-vm-setup.md %} - -## Configure the OVA Services - -Reconfigure the Passbolt package: - -``` -sudo dpkg-reconfigure passbolt-pro-server -``` - -{% include configure/configure-debian-package-mariadb.md %} - -Depending on your needs there are two different options to setup nginx and SSL using the debian package: - -- [Auto (Using Let's Encrypt)](/configure/https/{{ product }}/debian/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/{{ product }}/debian/manual.html) - -Once you're done, restart the nginx server: - -``` -sudo systemctl restart nginx -``` - -{% include hosting/upgrade/upgrade-existing-migrate-data.md %} \ No newline at end of file diff --git a/_includes/hosting/upgrade/upgrade-to-debian-pkg.md b/_includes/hosting/upgrade/upgrade-to-debian-pkg.md deleted file mode 100644 index 7e7c99a05..000000000 --- a/_includes/hosting/upgrade/upgrade-to-debian-pkg.md +++ /dev/null @@ -1,184 +0,0 @@ -A {{ distributionLabel }} package has been created to increase the ease of installing and upgrading passbolt. - -## Pre-requisites - -For this tutorial, you will need: -- A minimal {{ distributionLabel }} {{ distributionVersion }} server. -- Passbolt installed with the {{ distributionLabel }} install script. - -## 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -sudo systemctl stop nginx -``` - -## 2. Backup your instance - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup). - -## 3. Upgrade your system - -Passbolt requires PHP 7.4 and supports PHP 8.2. - -A full system upgrade to {{ distributionLabel }} {{ distributionVersion }} is necessary before installing the passbolt {{ distributionLabel }} package. -{% if distributionPackage == 'dnf' or distributionPackage == 'yum' %} -``` -sudo {{ distributionPackage }} upgrade -``` -{% elsif distributionPackage == 'apt' %} -[Here]({{distributionUpgradeGuide}}) is the official {{ distributionLabel }} guide to -upgrade your system with a step by step tutorial. -{% endif %} -## 4. Install the package - - -{% assign migrate = 'yes' %} -{% include hosting/install/packages/debian/install-server-components.md %} - -{% if distributionPackage == 'dnf' or distributionPackage == 'yum' %} -{% elsif distributionPackage == 'apt' %} -It is recommended at this point to select: - -- **No** for {{ databaseEngine }} configuration as it is already configured -- **No** to nginx configuration as we will do it at the end - -{% endif %} - -## 5. Copy existing configuration to the new location - -### 5.1. Copy the server keys - -Copy the GPG server keys as following: -```bash -sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/ -sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/ -sudo chown -R root:{{ webServerUser }} /etc/passbolt/gpg -sudo chmod g-w /etc/passbolt/gpg -``` - -### 5.2. Copy the passbolt configuration - -Copy passbolt configuration as following: -```bash -sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php -sudo chown root:{{ webServerUser }} /etc/passbolt/passbolt.php -sudo chmod g-w /etc/passbolt/passbolt.php -``` - -If you are running mysql 8, please change the `quoteIdentifiers` setting of the passbolt.php as follow: - -```php -'quoteIdentifiers' => true -``` - -### 5.3. Copy the avatars - -If coming from Passbolt version prior to 3.2, copy passbolt avatars as following: - -```bash -sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/ -``` - -{% if page.passbolt_version == 'pro' %} -### 5.4. Copy the subscription key - -Copy subscription key as following: - -```bash -sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt -sudo chown root:{{ webServerUser }} /etc/passbolt/subscription_key.txt -sudo chmod g-w /etc/passbolt/subscription_key.txt -``` -{% endif %} - -{% assign stepNumber = 6 %} - -{% if distributionPackage == 'apt' %} -## {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. PHP-FPM - -Edit `/etc/php/{{ distributionPhpVersion }}/fpm/pool.d/www.conf` and look for the line that looks like this: - -```bash -listen = 127.0.0.1:9000 -``` - -Change it to look like this: - -```bash -listen = /run/php/php{{ distributionPhpVersion }}-fpm.sock -``` - -Due to a bug on the install scripts some installations might need to do an additional substitution on `/etc/php/{{ distributionPhpVersion }}/fpm/pool.d/www.conf`: - -Look for the line containing: - -```bash -listen.group = _WWW_GROUP_ -``` - -And change it to look like: - -```bash -listen.group = www-data -``` - -{% endif %} -## {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Nginx - -Now you can remove all the old nginx configuration files from `/etc/nginx/conf.d/` -```bash -sudo rm /etc/nginx/conf.d/passbolt.conf -sudo rm /etc/nginx/conf.d/passbolt_ssl.conf -``` -Then you can reconfigure the {{ distributionLabel }} package using: -{% if distributionPackage == 'dnf' or distributionPackage == 'yum' %} -``` -sudo /usr/local/bin/passbolt-configure -``` -{% elsif distributionPackage == 'apt' %} -```bash -sudo dpkg-reconfigure passbolt-{{ page.passbolt_version }}-server -``` -{% endif %} - -Answer the following way: - -- **No** to {{ databaseEngine }} configuration -- **Yes** to nginx configuration - -You can then select the SSL method that suits best your needs. - -## {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Run the database migrations - -Now it is time to run the migrations to upgrade the database schemas: - -```bash -sudo -H -u {{ webServerUser }} bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate" -``` - -## {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Cleanup - -After you have checked you can access your new setup with the {{ distributionLabel }} package make a backup of `/var/www/passbolt` and then -you can delete it: - -```bash -sudo rm -rf /var/www/passbolt -``` - -You may also want to check for the old CRON job that may need to be removed: -```bash -sudo crontab -u {{ webServerUser }} -e -``` - -## {{ stepNumber }}{% assign stepNumber = stepNumber | plus:1 %}. Bring your site back online - -Finally take passbolt back up: - -```bash -sudo systemctl start nginx -sudo systemctl restart php{{ distributionPhpVersion }}-fpm -``` diff --git a/_includes/hosting/v2-requirements.md b/_includes/hosting/v2-requirements.md deleted file mode 100644 index 5d1ab8536..000000000 --- a/_includes/hosting/v2-requirements.md +++ /dev/null @@ -1,24 +0,0 @@ -Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, -[please check the forum](https://community.passbolt.com/c/installation-issues). -Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -- Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) -- A webserver (Apache or Nginx) -- A TLS server certificate for HTTPS -- PHP >= 7.3.0 -- MariaDB/Mysql >= 5.5.59 -- [Composer](https://getcomposer.org/download/) -- [GnuPG](https://gnupg.org/) -- [Git](https://git-scm.com/) - -The following PHP extensions (that may or may not come by default): -- [PHP-GNUPG](http://php.net/manual/en/gnupg.installation.php): for key verification and authentication. -- Cakephp default requirements: Intl, mbstring, simplexml -- Image manipulation: gd or imagick -- Database: Mysqlnd, pdo, pdo_mysql -- Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. -- [Ldap](https://secure.php.net/manual/en/ldap.installation.php) -- & more depending on your configuration (for example if you want to use memcache for sessions). diff --git a/_includes/hosting/v3-requirements.md b/_includes/hosting/v3-requirements.md deleted file mode 100644 index 39c82b90f..000000000 --- a/_includes/hosting/v3-requirements.md +++ /dev/null @@ -1,24 +0,0 @@ -Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, -[please check the forum](https://community.passbolt.com/c/installation-issues). -Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -- Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) -- A webserver (Apache or Nginx) -- A TLS server certificate for HTTPS -- PHP >= 7.3.0 -- MariaDB/Mysql >= 5.5.59 -- [Composer](https://getcomposer.org/download/) >= 2 -- [GnuPG](https://gnupg.org/) -- [Git](https://git-scm.com/) - -The following PHP extensions (that may or may not come by default): -- [PHP-GNUPG](http://php.net/manual/en/gnupg.installation.php): for key verification and authentication. -- Cakephp default requirements: Intl, mbstring, simplexml -- Image manipulation: gd or imagick -- Database: Mysqlnd, pdo, pdo_mysql -- Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. -- [Ldap](https://secure.php.net/manual/en/ldap.installation.php) -- & more depending on your configuration (for example if you want to use memcache for sessions). diff --git a/_includes/hosting/v3-sources-requirements.md b/_includes/hosting/v3-sources-requirements.md deleted file mode 100644 index 1671f6717..000000000 --- a/_includes/hosting/v3-sources-requirements.md +++ /dev/null @@ -1,25 +0,0 @@ -Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, -[please check the forum](https://community.passbolt.com/c/installation-issues). -Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -- Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) -- A webserver (Apache or Nginx) -- A TLS server certificate for HTTPS -- PHP >= 7.3.0 -- MariaDB/Mysql >= 5.5.59 -- [Composer](https://getcomposer.org/download/) >= 2 -- [GnuPG](https://gnupg.org/) -- [Git](https://git-scm.com/) - -The following PHP extensions (that may or may not come by default): -- [PHP-GNUPG](http://php.net/manual/en/gnupg.installation.php): for key verification and authentication. -- Cakephp default requirements: Intl, mbstring, simplexml -- [FastCGI Process Manager (FPM)](https://www.php.net/manual/en/install.fpm.php) -- Image manipulation: gd or imagick -- Database: Mysqlnd, pdo, pdo_mysql -- Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. -- [Ldap](https://secure.php.net/manual/en/ldap.installation.php) -- & more depending on your configuration (for example if you want to use memcache for sessions). diff --git a/_includes/hosting/v4-requirements.md b/_includes/hosting/v4-requirements.md deleted file mode 100644 index a4c2c1b47..000000000 --- a/_includes/hosting/v4-requirements.md +++ /dev/null @@ -1,24 +0,0 @@ -Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, -[please check the forum](https://community.passbolt.com/c/installation-issues). -Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -- Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) -- A webserver (Apache or Nginx) -- A TLS server certificate for HTTPS -- PHP >= 7.4.0 -- MariaDB >= 10.3 /Mysql >= 5.7 -- [Composer](https://getcomposer.org/download/) >= 2 -- [GnuPG](https://gnupg.org/) -- [Git](https://git-scm.com/) - -The following PHP extensions (that may or may not come by default): -- [PHP-GNUPG](http://php.net/manual/en/gnupg.installation.php): for key verification and authentication. -- Cakephp default requirements: Intl, mbstring, simplexml -- Image manipulation: gd or imagick -- Database: Mysqlnd, pdo, pdo_mysql -- Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. -- [Ldap](https://secure.php.net/manual/en/ldap.installation.php) -- & more depending on your configuration (for example if you want to use memcache for sessions). diff --git a/_includes/hosting/v4-sources-requirements.md b/_includes/hosting/v4-sources-requirements.md deleted file mode 100644 index a99ec9364..000000000 --- a/_includes/hosting/v4-sources-requirements.md +++ /dev/null @@ -1,28 +0,0 @@ -Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, -[please check the forum](https://community.passbolt.com/c/installation-issues). -Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -- Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) -- A webserver (Apache or Nginx) -- A TLS server certificate for HTTPS -- PHP >= 7.4.0 -{% include messages/warning.html - content="**WARNING:** PHP 8.1.0 will be required in the next major release" -%} -- MariaDB >= 10.3 /Mysql >= 5.7 -- [Composer](https://getcomposer.org/download/) >= 2 -- [GnuPG](https://gnupg.org/) -- [Git](https://git-scm.com/) - -The following PHP extensions (that may or may not come by default): -- [PHP-GNUPG](http://php.net/manual/en/gnupg.installation.php): for key verification and authentication. -- Cakephp default requirements: Intl, mbstring, simplexml -- [FastCGI Process Manager (FPM)](https://www.php.net/manual/en/install.fpm.php) -- Image manipulation: gd or imagick -- Database: Mysqlnd, pdo, pdo_mysql -- Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. -- [Ldap](https://secure.php.net/manual/en/ldap.installation.php) -- & more depending on your configuration (for example if you want to use memcache for sessions). diff --git a/_includes/hosting/web-server-for-server-logs.md b/_includes/hosting/web-server-for-server-logs.md deleted file mode 100644 index 7adfc6014..000000000 --- a/_includes/hosting/web-server-for-server-logs.md +++ /dev/null @@ -1,4 +0,0 @@ -{% include messages/warning.html -content="**Pro tip:** While running web server commands, it's common to use *www-data*. However, this can vary based on your distribution. For example, *nginx* is used in distributions like CentOS, and *httpd* is used in distributions like Fedora. Always double-check what's applicable for your specific setup to avoid errors." -%} - diff --git a/_pages/configure/docker/index.html b/_pages/configure/docker/index.html deleted file mode 100644 index a439db625..000000000 --- a/_pages/configure/docker/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Configure -layout: home -slug: configure -permalink: /configure/docker/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/configure/https.html b/_pages/configure/https.html deleted file mode 100644 index e0d652617..000000000 --- a/_pages/configure/https.html +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: HTTPS -layout: home -category: configure -slug: https -permalink: /configure/https ---- -
-
- {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% assign ceCategories = "configure|https|ce" | split: "|" %} - {% include cards/jmy-section-cards.html section='configure' sub='https' title='Community edition' categories=ceCategories %} - {% assign proCategories = "configure|https|pro" | split: "|" %} - {% include cards/jmy-section-cards.html section='configure' sub='https' title='Pro edition' categories=proCategories %} -
-
-
diff --git a/_pages/configure/index.html b/_pages/configure/index.html deleted file mode 100644 index bb27bf054..000000000 --- a/_pages/configure/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Configure -layout: home -slug: configure -permalink: /configure/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/configure/mfa.html b/_pages/configure/mfa.html deleted file mode 100644 index c30b062dd..000000000 --- a/_pages/configure/mfa.html +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: MFA -layout: home -category: configure -slug: mfa -permalink: /configure/mfa ---- -
-
- {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} -
-
-
- {% assign proCategories = "configure|mfa" | split: "|" %} - {% include cards/jmy-section-cards.html section='configure' sub='mfa' title='Configure Multi-Factor Authentication' categories=proCategories %} -
-
-
diff --git a/_pages/configure/sso.html b/_pages/configure/sso.html deleted file mode 100644 index e22b521db..000000000 --- a/_pages/configure/sso.html +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: SSO -layout: home -category: configure -slug: sso -permalink: /configure/sso ---- -
-
- {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} -
-
-
- {% assign proCategories = "configure|sso" | split: "|" %} - {% include cards/jmy-section-cards.html section='configure' sub='sso' title='Configure Single Sign-On' categories=proCategories %} -
-
-
diff --git a/_pages/configure/totp.html b/_pages/configure/totp.html deleted file mode 100644 index dd9a8bea6..000000000 --- a/_pages/configure/totp.html +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: TOTP -layout: home -category: configure -slug: totp -permalink: /configure/totp ---- -
-
- {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} -
-
-
- {% assign proCategories = "configure|totp" | split: "|" %} - {% include cards/jmy-section-cards.html section='configure' sub='totp' title='Configure TOTP' categories=proCategories %} -
-
-
diff --git a/_pages/contribute/index.html b/_pages/contribute/index.html index 5449e1316..eac686ff4 100644 --- a/_pages/contribute/index.html +++ b/_pages/contribute/index.html @@ -1,5 +1,5 @@ --- -title: Contribute +title: Contributor Guide layout: home slug: contribute permalink: /contribute/index.html diff --git a/_pages/discover/index.html b/_pages/discover/index.html deleted file mode 100644 index c44683678..000000000 --- a/_pages/discover/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Discover passbolt -layout: home -slug: discover -permalink: /discover/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/extend/index.html b/_pages/extend/index.html index 9f8503bcd..d490c3f80 100644 --- a/_pages/extend/index.html +++ b/_pages/extend/index.html @@ -1,5 +1,5 @@ --- -title: Extend +title: Developer Guide layout: home slug: extend permalink: /extend/index.html diff --git a/_pages/hosting/backup.html b/_pages/hosting/backup.html deleted file mode 100644 index 4ba12ce78..000000000 --- a/_pages/hosting/backup.html +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Backup -layout: home -category: hosting -slug: backup -permalink: /hosting/backup ---- -
-
- {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% assign debCategories = "hosting|backup" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='backup' title='Backup your passbolt instance' categories=debCategories %} -
-
-
diff --git a/_pages/hosting/index.html b/_pages/hosting/index.html deleted file mode 100644 index 5b9b947c4..000000000 --- a/_pages/hosting/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Hosting -layout: home -slug: hosting -permalink: /hosting/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/hosting/install.html b/_pages/hosting/install.html deleted file mode 100644 index c9f646da0..000000000 --- a/_pages/hosting/install.html +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Installation -layout: home -category: hosting -slug: install -permalink: /hosting/install ---- -
-
- {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% assign ceCategories = "hosting|install|ce" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='install' title='Community edition' categories=ceCategories %} - {% assign proCategories = "hosting|install|pro" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='install' title='Pro edition' categories=proCategories %} -
-
-
diff --git a/_pages/hosting/update.html b/_pages/hosting/update.html deleted file mode 100644 index 4a77a4181..000000000 --- a/_pages/hosting/update.html +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Update -layout: home -category: hosting -slug: update -permalink: /hosting/update ---- -
-
- {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% assign debCategories = "hosting|update" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='update' title='Update your passbolt instance' categories=debCategories %} -
-
-
diff --git a/_pages/hosting/upgrade.html b/_pages/hosting/upgrade.html deleted file mode 100644 index 34c64c907..000000000 --- a/_pages/hosting/upgrade.html +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Upgrade -layout: home -category: hosting -slug: upgrade -permalink: /hosting/upgrade ---- -
-
- {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% assign ceCategories = "hosting|upgrade|ce" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='upgrade' title='Community edition' categories=ceCategories %} - {% assign proCategories = "hosting|upgrade|pro" | split: "|" %} - {% include cards/jmy-section-cards.html section='hosting' sub='upgrade' title='Pro edition' categories=proCategories %} -
-
-
diff --git a/_pages/legal/index.html b/_pages/legal/index.html deleted file mode 100644 index 3c95d3688..000000000 --- a/_pages/legal/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: The small print -layout: home -slug: legal -permalink: /legal/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/start/index.html b/_pages/start/index.html deleted file mode 100644 index 4e511a188..000000000 --- a/_pages/start/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Get started with passbolt -layout: home -slug: start -permalink: /start/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug=page.slug %} -
-
-
diff --git a/_pages/tech/index.html b/_pages/tech/index.html deleted file mode 100644 index 7cdb25d05..000000000 --- a/_pages/tech/index.html +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: All tech articles -layout: home -slug: tech -permalink: /tech/index.html ---- -
-
- {% include sidebar/main.html selected=page.slug %} -
-
-
- {% include breadcrumbs/default.html slug=page.slug %} -

More coming soon!

-
-
-
diff --git a/_posts/configure/2018-04-04-hosting-configure-wizard-pro.md b/_posts/configure/2018-04-04-hosting-configure-wizard-pro.md deleted file mode 100644 index 04abd7f50..000000000 --- a/_posts/configure/2018-04-04-hosting-configure-wizard-pro.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Install Passbolt Pro -date: 2018-11-13 00:00:00 Z -description: Install Passbolt Pro -icon: fa-server -categories: [hosting,install,pro] -archived: true -sidebar: hosting -layout: default -slug: wizard -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -### Choose the guide corresponding to your distribution -- Debian 9: [https://www.passbolt.com/hosting/install/pro/debian-9-stretch.html](/hosting/install/pro/debian-9-stretch.html) -- Centos 7: [https://www.passbolt.com/hosting/install/pro/centos-7.html](/hosting/install/pro/centos-7.html) -- Ubuntu 18.04: [https://www.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html](/hosting/install/pro/ubuntu-18-04-bionic-beaver.html) - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} \ No newline at end of file diff --git a/_posts/configure/2018-09-06-configure-ldap-configuration-file.md b/_posts/configure/2018-09-06-configure-ldap-configuration-file.md deleted file mode 100644 index bc2125674..000000000 --- a/_posts/configure/2018-09-06-configure-ldap-configuration-file.md +++ /dev/null @@ -1,359 +0,0 @@ ---- -title: Configure Ldap plugin -date: 2018-09-07 00:00:00 Z -description: Configure Ldap plugin (directory sync) from configuration file -icon: fa-address-book-o -categories: [configure,ldap] -sidebar: configure -layout: default -slug: ldap-from-configuration-file -ogimage: /assets/img/help/2018/09/AD_ldap_overview.png -permalink: /:categories/:slug.html -redirect_from: - - /configure/ldap-configuration-from-file ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** The Ldap plugin is part of [Passbolt Pro](https://www.passbolt.com/pricing/pro) only and is not available in the Community Edition." -%} - -## Introduction - -### What is it? - -The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passbolt -administrator to synchronize a list of groups and users, as well as the associated group memberships. - -Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the future -we will also support other non ldap based user directories such as Google API User Directory. - - -### How does it work? - -In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimal -involvement of the administrators and group managers. However if an action is not possible, such as, deleting -a user that is the sole password owner, the process triggers will trigger relevant email notifications so -that a human can solve it manually. An admin can also alternatively tell passbolt to ignore a record in the -next synchronization round, if the issue does not need to be resolved. - -### Requirements - -{% include messages/warning.html - content="**Important:** If you have installed passbolt-pro using our debian and ubuntu packages you can skip this section" -%} - -The directory synchronization tools requires the [php-ldap extension](https://secure.php.net/manual/en/book.ldap.php) -to be present on the server. If you built your own server the way you install -[php-ldap](https://packages.debian.org/stretch/php-ldap) will depend on your system flavor. - -On Debian using nginx for example you can do: -```bash -sudo apt-get install php-ldap -sudo service nginx restart -``` - -Make sure the ldap extension is present in the php-cli.ini file. -You should add `extension=ldap.so` if it is not already present: -```bash -$ php -i |grep php\.ini -Configuration File (php.ini) Path => /etc/php/7.4/cli -Loaded Configuration File => /etc/php/7.4/cli/php.ini -$ nano /etc/php/7.4/cli/php.ini -``` - -For testing purpose, it might be handy to have some [ldap utilities](https://wiki.debian.org/LDAP/LDAPUtils) -installed on your system. On Debian you can use ldapsearch for example to search for and display entries: -```bash -sudo apt-get install ldap-utils -ldapsearch -b'dc=example,dc=com' -x -``` - -The plugin relies on a 3rd party library called ldaptools which you will need to install as part of your passbolt -update or install. You can get it the same way than other php dependencies using composer: -```bash -cd /var/www/passbolt -git pull origin master -composer install -./bin/cake passbolt migrate -``` - -To run, the ldap plugin needs to have at least one active admin user existing inside passbolt. - -## How to use? - -{% include messages/warning.html - content="**Please note:** This guide explains how to configure the Ldap connector through the configuration file. For simpler configurations, you can [configure Ldap through the UI](/configure/ldap)." -%} - -### Activate the plugin - -The plugin is deactivated by default. You need to activate it to be able to use it. - -To do so, simply copy the file `/config/ldap.default.php` into `ldap.php`. -```bash -cd /var/www/passbolt -mv ./config/ldap.default.php ./config/ldap.php -``` - -### Configure the plugin - -Edit the file `ldap.php` and modify the configuration to match your needs. The available options are: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDetailsExample
- defaultUser
- (required) - 		- Enter here the username of the passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. -

You can also create a dedicated admin user in passbolt if you want to be able to track more accurately the actions related to ldap. - 		- passboltadmin@domain.com -
- defaultGroupAdminUser
- (required) - 		- Enter here the username of the default group manager. It is the user that will be assigned as a group manager to all new groups created by ldap. - - passboltadmin@domain.com -
- fieldsMapping
- (optional) - 		- In case of OpenLdap, the default mapping between the passbolt and directory record fields might not be the one that will work for you. In this section you can redefine the default mapping for your directory. - 
'openldap' => [
-  'user' => [
-     'id' => 'entryUUID',
-     'firstname' => 'firstName',
-     'lastname' => 'lastName',
-     'username' => 'mail',
-     'created' => 'created',
-     'modified' => 'modified',
-  ],
-  'group' => [
-     'id' => 'entryUUID',
-     'name' => 'cn',
-     'created' => 'created',
-     'modified' => 'modified',
-     'users' => 'members',
-  ],
-],
- groupObjectClass
- (optional) - 		- For OpenLdap only, you can specify here the name of the group object class that you are using in your openldap. -

Default value: groupOfUniqueNames - 		- groupOfUniqueNames -
- userObjectClass
- (optional) - 		- For OpenLdap only, you can specify here the name of the user object class that you are using in your openldap. -

Default value: inetOrgPerson - 		- inetOrgPerson -
- groupPath
- (optional) - 		- If your groups are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyGroups
- userPath
- (optional) - 		- If your users are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyUsers
- jobs
- (optional) - 		- By default, the synchronization will be done for all created / deleted users and groups in your directory and all edited group members. You can enable / disable some tasks here. -

Default value: see example - 
'jobs' => [
-    'users' => [
-        'create' => true,
-        'delete' => true,
-    ],
-    'groups' => [
-        'create' => true,
-        'update' => true,
-        'delete' => true,
-    ],
-],
-
- ldap
- (required) - 		- This contains the ldap connection details such as the domain name, username, password, base DN, servers, port, etc.. - The options in the config file are self explanatory. - 
'ldap' => [
-  'domains' => [
-      // Active directory.
-     'mydomain.local' => [
-          'domain_name' => 'mydomain.local',
-          'username' => 'johndoe',
-          'password' => 'Compl!c4t3dP4ssw0rD',
-          'base_dn' => 'OU=OrgUsers,DC=mydomain,DC=local',
-          'servers' => ['35.225.111.241'],
-          'port' => 389,
-          'use_ssl' => false,
-         'ldap_type' => 'ad',
-      ],
-   ],
-]
- -### Test the connection - -Once the configuration options have been entered in ldap.php, you can test that the connection is working and that the objects are retrieved correctly from your directory: -```bash -./bin/cake directory_sync test -``` - -An output similar to the one below should be observed: - -{% include articles/figure.html - url="/assets/img/help/2018/09/AD_ldap_command_test.png" - legend="Screenshot of directory synchronization test" - width="750px" -%} - -**What you should pay attention to:** -- Make sure that you can see the same groups and users as the ones available in your directory. -- Make sure that each user has an email address. If not, they will not validate in passbolt. -- Make sure that each group is shown with the right number of users. - -### First synchronization -Before we actually do a real synchronization, we will first simulate one: -```bash -./bin/cake directory_sync all --dry-run -``` -This command will simulate what will happen when the synchronization will be done for real. - -{% include articles/figure.html - url="/assets/img/help/2018/09/AD_ldap_command_dry_run.png" - legend="Screenshot of directory synchronization sync in dry run" -%} - -If the result displayed is similar to what you expect to happen, you can proceed with the actual synchronization: -```bash -./bin/cake directory_sync all --persist -``` - -{% include articles/figure.html - url="/assets/img/help/2018/09/AD_ldap_command_sync.png" - legend="Screenshot of directory synchronization running" -%} - -{% include messages/notice.html - content="Please note that a user can be added into a group only once his account is activated." -%} - -### Run it automatically -To synchronize the changes automatically you will need to add a cron job. We recommend to execute the job once a day, but you can choose as per your preference. - -```bash -0 0 * * * su -c "/var/www/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1 -``` - -For debian and ubuntu systems where passbolt is installed through our supported packages: - -```bash -0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1 -``` - -### Ignoring records -It is possible for you to individually ignore synchronization of some of your directory records and/or some users/groups in passbolt, especially when there are some problematics records you do not want to keep in sync. Such records and the command to ignore them will be displayed in the reports. - -{% include articles/figure.html - url="/assets/img/help/2018/09/AD_ldap_ignore_option.png" - legend="Screenshot of directory synchronization with items to ignore" -%} - -```bash - ./bin/cake directory_sync ignore-create --id=55872084-ed6f-4e96-b401-479dd86ca357 --model=DirectoryEntries -``` - -You can also view all the records that are being ignored. - -{% include articles/figure.html - url="/assets/img/help/2018/09/AD_ldap_command_view_ignored.png" - legend="Screenshot of directory synchronization view ignored command" -%} - -``` -./bin/cake directory_sync ignore-list -``` - -You can also stop ignoring them: -``` -./bin/cake directory_sync ignore-delete --id=16789f75-2cf7-4755-9bd9-634d1ff42240 --model=DirectoryEntries -``` - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2018-09-06-configure-ldap.md b/_posts/configure/2018-09-06-configure-ldap.md deleted file mode 100644 index 002054ab4..000000000 --- a/_posts/configure/2018-09-06-configure-ldap.md +++ /dev/null @@ -1,389 +0,0 @@ ---- -title: Configure Ldap plugin -date: 2021-10-11 00:00:00 Z -description: Configure Ldap plugin (directory sync) -icon: fa-address-book-o -categories: [configure,ldap] -sidebar: configure -layout: default -slug: setup -ogimage: /assets/img/help/2018/09/AD_ldap_overview.png -permalink: /:categories/:slug.html -redirect_from: - - /configure/ldap ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -ldap illustration - -{% include messages/warning.html - content="**Important:** The LDAP connector will send an invitation email to all the users matching your configuration during a synchronization. If you are simply testing it, make sure not to perform an actual synchronization (use simulate sync instead), or disable the cron job to send emails first." -%} - -## Introduction - -### What is it? - -The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passbolt -administrator to synchronize a list of groups and users, as well as the associated group memberships. - -Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the future -we will also support other non ldap based user directories such as Google API User Directory. - - -### How does it work? - -In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimal -involvement of the administrators and group managers. However if an action is not possible, such as, deleting -a user that is the sole password owner, the process triggers will trigger relevant email notifications so -that a human can solve it manually. An admin can also alternatively tell passbolt to ignore a record in the -next synchronization round, if the issue does not need to be resolved. - -### Requirements - -{% include messages/warning.html - content="**Important:** If you have installed passbolt-pro using our debian and ubuntu packages you can skip this section" -%} - -The directory synchronization tools requires the [php-ldap extension](https://secure.php.net/manual/en/book.ldap.php) -to be present on the server. If you built your own server the way you install -[php-ldap](https://packages.debian.org/stretch/php-ldap) will depend on your system flavor. - -On Debian using nginx for example you can do: -```bash -sudo apt-get install php-ldap -sudo service nginx restart -``` - -Make sure the ldap extension is present in the php-cli.ini file. -You should add `extension=ldap.so` if it is not already present: -```bash -$ php -i |grep php\.ini -Configuration File (php.ini) Path => /etc/php/7.4/cli -Loaded Configuration File => /etc/php/7.4/cli/php.ini -$ nano /etc/php/7.4/cli/php.ini -``` - -For testing purpose, it might be handy to have some [ldap utilities](https://wiki.debian.org/LDAP/LDAPUtils) -installed on your system. On Debian you can use ldapsearch for example to search for and display entries: -```bash -sudo apt-get install ldap-utils -ldapsearch -b'dc=example,dc=com' -x -``` - -The plugin relies on a 3rd party library called ldaptools which you will need to install as part of your passbolt -update or install. You can get it the same way than other php dependencies using composer: -```bash -cd /var/www/passbolt -git pull origin master -composer install -./bin/cake passbolt migrate -``` - -To run, the ldap plugin needs to have at least one active admin user existing inside passbolt. - -## Limitations - -The Ldap plugin doesn’t support nested groups in the current version. This improvement will be added later, -once groups inside groups is supported by passbolt. - -A delegated authentication (such as using a LDAP user password as replacement of the passphrase) is currently -not supported (and is not a trivial problem) but could still be considered in the future. If you are interested -in this feature you can join the discussion on the -[community forum](https://community.passbolt.com/t/as-a-user-i-can-login-using-my-organization-ldap-credentials/159). - -The following improvements will also be shipped gradually and will be available soon: -- Test mode: the capability to test the configuration and mapping directly from the configuration screen. -- Report screens: the synchronization reports will be available in the admin workspace. - -## How to use? - -{% include messages/warning.html - content="**Please note:** This guide explains how to configure the Ldap connector through the UI. For complex configurations (for example custom field mapping in openldap) you will need to [configure ldap directly through the configuration file](/configure/ldap/ldap-from-configuration-file)." -%} - -### Activate the plugin - -The plugin is deactivated by default. You need to activate it to be able to use it. -While logged in as an admin, click on the administration menu item in the top menu, and then click on "Users Directory" - -{% include articles/figure.html - url="/assets/img/help/2018/12/AD_directory_sync_settings_disabled.png" - legend="Ldap directory settings screen (disabled)" - width="660px" -%} - -Click on the switch next to "Users Directory" to enable the plugin. - -{% include articles/figure.html - url="/assets/img/help/2018/12/AD_directory_sync_settings_enabled.png" - legend="Ldap directory settings screen (enabled)" - width="660px" -%} - -You will need to fill the configuration parameters with your connection details before you can save the settings and -actually activate it. - - -### Configure the plugin - -The available options are: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDetailsExample
- Directory Type
- (required) - 		- Choose here the type of your directory. Currently only Active Directory and OpenLdap are supported. - - Active Directory -
- Domain
- (required) - 		- The domain your directory is configured with. - - mydomain.local -
- Server URL
- (required) - 		- The full url to reach your server. - - ldap://198.163.0.1:389 -
- Username and password
- (required) - 		- Username and password to authentify on your directory - -
- Base DN
- (required) - 		- The base DN (default naming context) for the domain. - - OU=OrgUsers,DC=mydomain,DC=local -
- Group path
- (optional) - 		- If your groups are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyGroups
- User path
- (optional) - 		- If your users are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyUsers
- Group object class
- (optional) - 		- For OpenLdap only, you can specify here the name of the group object class that you are using in your openldap. -

Default value: groupOfUniqueNames - 		- groupOfUniqueNames -
- User object class
- (optional) - 		- For OpenLdap only, you can specify here the name of the user object class that you are using in your openldap. -

Default value: inetOrgPerson - 		- inetOrgPerson -
- Default admin
- (required) - 		- Choose here the username of the passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. -

You can also create a dedicated admin user in passbolt if you want to be able to track more accurately the actions related to ldap. - 		- passboltadmin@domain.com -
- Default group admin
- (required) - 		- Choose here the username of the default group manager. It is the user that will be assigned as a group manager to all new groups created by ldap. - - passboltadmin@domain.com -
- Groups parent group
- (optional) - 		- Using this filter will list only groups that are part of the given parent group (recursively). Enter the parent group name. - - MyGroupName -
- Users parent group
- (optional) - 		- Using this filter will list only users that are part of the given parent group (recursively). Enter the parent group name. - - MyGroupName -
- Enabled users only
- (optional) - 		- Only for AD. Synchronize only the users that are enabled (=not disabled). - -
- Sync operations
- (optional) - 		- By default, the synchronization will be done for all created / deleted users and groups in your directory and all edited group members. You can enable / disable some tasks here. -

Default value: everything is enabled. - 		-
- -### Save configuration - -Once the configuration is entered, do not forget to save it by clicking on the "save settings" at the top. The configuration will be saved -only if passbolt managed to connect to your directory. If not, it will display an error message. - -{% include articles/figure.html - url="/assets/img/help/2018/12/AD_directory_sync_settings_saved.png" - legend="Ldap directory settings have been saved" - width="660px" -%} - -### Test configuration and simulate sync - -Once the settings have been saved, the buttons "simulate synchronize" and "synchronize" at the top have become clickable. - -Before we actually do a real synchronization, we will first simulate one. Click on "simulate synchronize" and wait a few seconds. Once the simulation is complete, -a report such as the one below will be displayed. - -{% include articles/figure.html - url="/assets/img/help/2018/12/AD_directory_sync_simulation.png" - legend="Ldap directory sync simulation" - width="660px" -%} - -In this report, you will be able to see what will actually happen when you will synchronize your directory for real. You will also be -able to take corrective measures before an error actually happens. - -### First synchronization - -To do the first synchronization, repeat the same process as above. Only, click on "synchronize" this time. A similar report to the one that was displayed during a simulate -will appear and let you know what happened exactly. - -### User synchronization example workflow - -When an user is created in LDAP, they are imported in Passbolt using synchronization. - -If you delete this user in Passbolt, he will remain present in LDAP but won't be added back to Passbolt on next synchronization. - -If you want to re-sync this user with LDAP, manually re-create him in Passbolt then run synchronization. Passbolt synchronization tool will automatically recreate the link in Passbolt database. - -If you delete this user in LDAP, he will be deleted from Passbolt on next synchronization. -### How to synchronize my directory automatically? -To synchronize the changes automatically you will need to add a cron job on your server. We recommend to execute the job once a day, but you can choose as per your preference. - -```bash -0 0 * * * su -c "/var/www/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1 -``` - -For debian and ubuntu systems where passbolt is installed through our supported packages: - -```bash -0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1 -``` - -## Configure ldap with SSL (ldaps) -If your configuration doesn't run out of the box with ldaps, you can refer to the [ldap with ssl](/configure/ldap-with-ssl) documentation in order to adjust your config or throubleshoot your issue. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2018-11-14-configure-mfa-duo.md b/_posts/configure/2018-11-14-configure-mfa-duo.md deleted file mode 100644 index 732cd14a5..000000000 --- a/_posts/configure/2018-11-14-configure-mfa-duo.md +++ /dev/null @@ -1,219 +0,0 @@ ---- -title: How to configure passbolt to use Duo OTP -date: 2023-02-06 00:00:00 Z -card_title: How to configure DUO with Passbolt -card_teaser: How to configure passbolt to use DUO -description: -icon: fa-key -categories: [configure, mfa] -sidebar: configure -layout: default -slug: duo -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Passbolt Pro Edition since v2.5 and CE since 3.9 support Duo as a multi factor authentication option. -Duo is a proprietary solution that is free for up to 10 users, and supports a bundle -of authentication channels (such as HOTP, mobile push, phone calls, etc.) configurable -by the Duo account administrator. - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-website.png" - legend="Duo website" - width="550px" -%} - -{% include messages/warning.html - content="**Important:** Multi Factor Authentication requires HTTPS to work." -%} - -## Security considerations - -It is important to enable and setup at least one additional multi factor authentication -provider in case Duo service becomes temporarily not available. - -In order to authenticate using Duo, the user will be redirected to Duo's authentication -page. Whether or not the authentication was successful, the user will be redirected back -to passbolt. Make sure your users have access to internet or do -not enable this authentication provider if you are running passbolt on a private network -that is not connected to internet. - -## Install Duo app - -In order to use this authentication provider, each of your users will need to have either: -- [Duo Mobile for Android](https://play.google.com/store/apps/details?id=com.duosecurity.duomobile&hl=en) on google play store. -- [Duo Mobile for iOS](https://itunes.apple.com/us/app/duo-mobile/id422663827?mt=8) on apple itunes. -- TouchID fingerprint reader on MacOS laptops -- A security key -- A physical token -- A network administrator - -{% include messages/notice.html - content="Visit the [Duo authentication methods page](https://duo.com/product/multi-factor-authentication-mfa/authentication-methods) for more information." -%} - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-app-login.png" - legend="Duo mobile application" - width="250px" -%} - -## Register a Duo administrator account - -If you do not have a Duo admin account, first sign up at [https://signup.duo.com/](https://signup.duo.com/) -Then log in to the Duo Admin panel at [https://admin.duosecurity.com/login](https://admin.duosecurity.com/login) - -Configure your Duo policies as required by your organization. - -### Add a passbolt application - -In order for passbolt to enable onboarding and authentication of new users with Duo, -you will need to create a Web SDK application for passbolt in Duo. - -Login to the [Duo Admin page](https://admin.duosecurity.com/login). -In the left-hand side menu, click on "Applications", then click on "Protect an Application". - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-application.png" - legend="Duo protect application" - width="550px" -%} - -Find the "Web SDK" application and click on the "Protect" button. - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-admin.png" - legend="Duo administration" - width="550px" -%} - -Note down the Client ID, Client secret, and API hostname details, as you will need them to configure the integration. - -{% include messages/warning.html - content="**Important:** Passbolt versions below 3.11 use DUO v3 which means a generated salt is mandatory" -%} -## Generate a random salt - -Generating a random salt to configure Duo is mandatory, a salt is a random piece of data that is generated and used in the hashing process to protect sentivite information. It is generated and combined with the secret key before hashing it. - -To generate a random salt, you can use the passbolt interface, generate a new password as shown below and use it as the generated salt. - -{% include articles/figure.html - url="/assets/img/help/2023/05/password-generator.png" - legend="Passbolt - Password Generator" - width="250px" -%} - - -## Set the configuration in passbolt - -You can configure Duo OTP using either the admin interface or environment variables. -If multiple settings providers are used the settings in the admin interface will override the one in environment -variables. Note that we recommend using the admin interface, since it is more secure. - -### Using admin user interface - -Since v2.6 a user interface is provided for administrators to setup MFA providers. -Click on "administration" in the top menu, then "multi factor authentication" on the left menu. -You can then enable or disable the Duo provider by providing the API Hostname, the Client ID and the Client Secret that you gathered in the previous steps. If you are running a Passbolt version below 3.11 you will also need the generated salt. Click "save settings" when you are done. - -{% include articles/figure.html - url="/assets/img/help/2023/02/AD_mfa_org_settings_duo.png" - legend="MFA organization settings for Duo" - width="550px" -%} - -### Using environment variables - - - - - - - - - - - - - - - - - - - - - - - - - - -
Variable nameDescriptionType
PASSBOLT_PLUGINS_MFA_DUO_CLIENT_IDClient IDstring
PASSBOLT_PLUGINS_MFA_DUO_CLIENT_SECRETClient Secretstring
PASSBOLT_PLUGINS_MFA_DUO_API_HOSTNAMEAPI Hostnamestring
-
- -When you using docker to set these environment variable you can pass them as arguments, -like other variables such as the database name, for example: - -``` -$ docker run --name passbolt \ - -p 80:80 \ - -p 443:443 \ - -e PASSBOLT_PLUGINS_MFA_DUO_API_HOSTNAME=api-26e9f2fce.duosecurity.com \ - -e etc. -``` - -## Setting Duo for a given passbolt user account - -Once you have the Duo integration configured and a Duo authentication device, you can proceed -with enabling Duo as MFA provider for your user account. It is important that you test this to -make sure the integration works. - -When logged in on passbolt, go to your profile section and click on "Multi factor authentication" -in the sidebar on the left. You should see the list of providers that are enabled for this instance. -Click on the Duo provider. - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-user-setup.png" - legend="Passbolt Duo setup" - width="550px" -%} - -Then, click on the "Sign-in with Duo" button to start the Duo authentication process. If this is -the first time you are using Duo with this user and this server, you will be asked to link one or -more device(s) to Duo to authenticate with. - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-setup-welcome.png" - legend="Duo welcome screen" - width="550px" -%} - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-setup-options.png" - legend="Duo authentication options" - width="550px" -%} - -Follow the instructions provided by Duo and you should be all set. -The next time you try login from a new device, you will be presented with a Duo -authentication prompt. - -{% include articles/figure.html - url="/assets/img/help/2023/02/mfa-duo-login.png" - legend="Login prompt" - width="550px" -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2019-05-15-configure-notification-email.md b/_posts/configure/2019-05-15-configure-notification-email.md deleted file mode 100644 index a78758487..000000000 --- a/_posts/configure/2019-05-15-configure-notification-email.md +++ /dev/null @@ -1,407 +0,0 @@ ---- -title: How to configure email notification settings for your organization -date: 2019-05-22 00:00:00 Z -description: How to configure email notification settings for your organization -icon: fa-key -categories: [configure,notification] -sidebar: configure -layout: default -slug: email -permalink: /configure/notification/email -redirect_from: - - /configure/notification/email.htm - - /configure/notifications/email ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Some actions in passbolt, such as a user sharing a password with someone else, trigger an email notification. As passbolt admin, you can control which events result in an email notification and which events are ignored. Similarly you can control whether or not a piece of information is included in those notification emails. - -## Passbolt events that trigger email notification - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventRecipients
When a comment is posted on a password.All the users having access to the given password.
When a password is created.The user creating the password.
When a password is shared.The users gaining access to the given password.
When a password is updated.All the users having access to the given password.
When a password is deleted.All the users who had access to the given password.
When a new user is invited.The invited user.
When users try to recover their passbolt account.The user trying to recover their account.
When a group is deleted.Group's members.
A user is added to a group.The user getting added.
A user is removed from a group.The user getting removed.
When user roles change in a group.The affected users.
When members of a group change.The group's manager.
- -## Information that can be shown/hidden from the outgoing emails. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ConfigShow / Hide what
UsernameResource username
URIResource URI/URL
Encrypted SecretPGP encrypted password
DescriptionResource description
CommentComment content
- -## Default behavior - -By default all the settings are `true` which means all the notifications are set to be broadcasted and all the information blocks are set to be shown. - -## Configuring Email Notification Settings - -You can configure email notification settings using either the admin interface, config files or environment variables. If multiple settings providers are used the settings in the admin interface will override the one used in files. Similarly the settings in files will override environment variables. - - -## Using admin user interface - -Since v2.10 a user interface is provided for administrators to setup email notification settings. Click on “administration” in the top menu, then "Email Notifications" on the left menu. - -The settings are divided into two sections. - -### Email Delivery -These settings control whether or not an email is sent on a given event. - -{% include articles/figure.html - url="/assets/img/help/2019/05/AD_email_notification_send_settings.png" - legend="Email Notification Settings - Email Delivery" -%} - -### Email content visibility - -These settings control whether a piece of information is included in the emails sent. - -{% include articles/figure.html - url="/assets/img/help/2019/05/AD_email_notification_show_settings.png" - legend="Email Notification Settings - Email Content Visibility" -%} - - -## Using Environment variables - -You can use the following environment variables to control the email delivery settings. They are all boolean and accepts 1 or 0. Setting the variable to 1 (one) will mean that email will be sent for that event and setting it 0 (zero) will ignore the event. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventEnvironment variable
When a comment is posted on a password.PASSBOLT_EMAIL_SEND_COMMENT_ADD
When a password is created.PASSBOLT_EMAIL_SEND_PASSWORD_CREATE
When a password is shared.PASSBOLT_EMAIL_SEND_PASSWORD_SHARE
When a password is updatedPASSBOLT_EMAIL_SEND_PASSWORD_UPDATE
When a password is deletedPASSBOLT_EMAIL_SEND_PASSWORD_DELETE
When a new user is invited.PASSBOLT_EMAIL_SEND_USER_CREATE
When users try to recover their passbolt account.PASSBOLT_EMAIL_SEND_USER_RECOVER
When a group is deleted.PASSBOLT_EMAIL_SEND_GROUP_DELETE
A user is added to a group.PASSBOLT_EMAIL_SEND_GROUP_USER_ADD
A user is removed from a group.PASSBOLT_EMAIL_SEND_GROUP_USER_DELETE
When user roles change in a group.PASSBOLT_EMAIL_SEND_GROUP_USER_UPDATE
When members of a group change.PASSBOLT_EMAIL_SEND_GROUP_MANAGER_UPDATE
When a folder is created, notify its creator.PASSBOLT_EMAIL_SEND_FOLDER_CREATED
When a folder is updated, notify the users who have access to it.PASSBOLT_EMAIL_SEND_FOLDER_UPDATED
When a folder is deleted, notify the users who had access to it.PASSBOLT_EMAIL_SEND_FOLDER_DELETED
When a folder is shared, notify the users who gain access to it.PASSBOLT_EMAIL_SEND_FOLDER_SHARE_CREATED
When permissions on a folder are removed, notify the users who lost access to it.PASSBOLT_EMAIL_SEND_FOLDER_SHARE_DROPPED
- -Similarly, for changing the email content visibility, you can use the following environment variables . They are all boolean and accepts 1 or 0. Setting the variable to 1 (one) will mean that information will be included in outgoing mails and setting it to 0 (zero) will result in not including that. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Show/HideEnvironment variable
Resource usernamePASSBOLT_EMAIL_SHOW_USERNAME
Resource URI/URLPASSBOLT_EMAIL_SHOW_URI
PGP encrypted passwordPASSBOLT_EMAIL_SHOW_SECRET
Resource descriptionPASSBOLT_EMAIL_SHOW_DESCRIPTION
Comment contentPASSBOLT_EMAIL_SHOW_COMMENT
- - - -When you using docker to set these environment variable you can pass them as arguments, -like other variables such as the database name, for example: - -``` -$ docker run --name passbolt \ - -p 80:80 \ - -p 443:443 \ - -e PASSBOLT_EMAIL_SHOW_COMMENT=0 \ - -e PASSBOLT_EMAIL_SHOW_DESCRIPTION=0 \ - -e PASSBOLT_EMAIL_SEND_COMMENT_ADD=0 \ - -e PASSBOLT_EMAIL_SEND_PASSWORD_CREATE=0 \ -``` - -## Using config file - -Email notification settings can also be managed by updating the `config/passbolt.php` file in your install directory. These settings live in the `email` key under `passbolt`. - -``` -'passbolt' => [ - 'email' => [ - // For Email Delivery configs - 'send' => [ - 'comment' => [ - 'add' => false - ], - 'password' => [ - 'create' => 'false' - ] - ], - // For content visibility configs - 'show' => [ - 'comment' => false, - 'description' => false - ] - ] -] -``` - -If a config variable doesn't exist in your config file, it's default value will be picked. - -You can use the following config variables to control the email delivery settings. They are all boolean and accepts `true` or `false`. Setting the variable to `true` will mean that email will be sent for that event and setting it `false` will ignore the event. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventConfig variable
when a comment is posted on a password.passbolt.email.send.comment.add
when a password is created.passbolt.email.send.password.create
when a password is shared.passbolt.email.send.password.share
when a password is updatedpassbolt.email.send.password.update
when a password is deletedpassbolt.email.send.password.delete
when a new user is invited.passbolt.email.send.user.create
when users try to recover their passbolt account.passbolt.email.send.user.recover
when a group is deleted.passbolt.email.send.group.delete
a user is added to a group.passbolt.email.send.group.user.add
a user is removed from a group.passbolt.email.send.group.user.delete
when user roles change in a group.passbolt.email.send.group.user.update
when members of a group change.passbolt.email.send.group.manager.update
- -Similarly, for changing the email content visibility, you can use the following config variables . They are all boolean and accepts `true` or `false`. Setting the variable to `true` will mean that information will be included in outgoing mails and setting it to `false` will result in not including that. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Show/HideVariable name
Resource usernamepassbolt.email.show.username
Resource URI/URLpassbolt.email.show.uri
PGP encrypted passwordpassbolt.email.show.secret
Resource descriptionpassbolt.email.show.description
Comment contentpassbolt.email.show.comment
- -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2020-01-10-configure-ldap-ssl.md b/_posts/configure/2020-01-10-configure-ldap-ssl.md deleted file mode 100644 index 28b59f203..000000000 --- a/_posts/configure/2020-01-10-configure-ldap-ssl.md +++ /dev/null @@ -1,175 +0,0 @@ ---- -title: Configure LDAP plugin with SSL (ldaps) -date: 2020-02-07 00:00:00 Z -description: Configure LDAP plugin with ssl (ldaps) -icon: fa-address-book-o -categories: [configure,ldap] -sidebar: configure -layout: default -slug: ldap-with-ssl -ogimage: /assets/img/help/2018/09/AD_ldap_overview.png -permalink: /:categories/:slug.html -redirect_from: - - /configure/ldap-with-ssl ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Introduction - -To run LDAPS your LDAP server must offer a valid SSL certificate to the client which in this case that client is the passbolt server. -It is also required that the SSL certificate is trusted by your passbolt instance. - -There are two ways of obtaining your SSL certificate, listed below. - -### Your LDAP server is offering a SSL certificate obtained by a public Certificate Authority - -If your SSL certificate has been obtained through a public and well known SSL certificate authority such as [Let's encrypt](https://letsencrypt.org/) your certificate would -be automatically trusted by the passbolt instance unless otherwise specified by your SSL provider. - -Most of the time in this scenario your passbolt instance will not require any extra configuration. - -### Your LDAP server is offering a SSL certificate obtained from a private Certficate Authority - -Some organizations run LDAP on a private network on premises. In these scenarios it is very common that your organization has a private SSL certificate authority that -generates SSL certificates valid only on the private network. - -If this is your scenario you probably will need a CA certificate to trust the private SSL certificate offered by your LDAP server if the LDAP SSL certificate is not chained correctly. - -If the LDAP SSL certificate is not chained correctly meaning that it is not offering both the CA certificate and SSL certificate on connection you must obtain and upload the CA certificate -to your passbolt instance. - -{% include articles/figure.html - url="/assets/img/help/2020/01/AD_ldaps_ssl_certificate_error.png" - legend="LDAP with ssl - certificate error message" - width="660px" -%} - -## Configure passbolt server to trust a private LDAPS certificate - -### Step 1: ping the server - -The first step is to understand what is causing the issue and be sure that it's related to a certificate issue. - -We first try to ping the server and see if it goes through. - -```bash -ping your_ldap_server.com -``` - -If it does not go through, check that there is a corresponding entry for your domain / server ip in `/etc/hosts`. If it's not there add it. - -If it goes through, we will then try to execute a similar ldap query to what passbolt does using ldapsearch. - -### Step 2: Connect with ldapsearch - -{% include messages/warning.html - content="As passbolt will connect to your LDAP server as the web user, it is important to execute the ldapsearch command as this user (www-data for Debian/Ubuntu, wwwrun for openSUSE, nginx for RHEL based Linux distributions)." -%} - -```bash -$ sudo su -s /bin/bash -c 'ldapsearch -x -D "username" -W -H ldaps://your_ldap_server.com -b "dc=domain,dc=com" -d 9' www-data -``` - -Do not forget to replace the 'username', 'your_ldap_server.com' 'domain' and 'com' variables with the real ones. - -If after this command is executed you see your objects returned, it means that the LDAPS connection is going through and that -there must be an issue with the parameters you entered in passbolt LDAP plugin. You should check them again and make sure that they are alright. - -If this command returns something as displayed below, then you most likely have a LDAPS certificate issue. - -```bash -$ sudo su -s /bin/bash -c 'ldapsearch -x -D "ada" -W -H ldaps://your_ldap_server.com -b "dc=passbolt,dc=local" -d 9' www-data - -ldap_url_parse_ext(ldaps://your_ldap_server.com) -ldap_create -ldap_url_parse_ext(ldaps://your_ldap_server.com:636/??base) -Enter LDAP Password: -ldap_sasl_bind -ldap_send_initial_request -ldap_new_connection 1 1 0 -ldap_int_open_connection -ldap_connect_to_host: TCP your_ldap_server.com:636 -ldap_new_socket: 3 -ldap_prepare_socket: 3 -ldap_connect_to_host: Trying 172.16.0.50:636 -ldap_pvt_connect: fd: 3 tm: -1 async: 0 -attempting to connect: -connect success -ldap_err2string -ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) -``` - -If that's the case, the good news is that it's quite easy to fix. The issue is that the client is not trusting the certificate provided by the server. -Let's fix this by moving forward to the next step. - - -### Step 3: Download a correctly chained SSL certificate - -Openldap requires usually the entire chained certificate. We have developed a quick utility that aims to help retrieve all the parts of a ldaps certificate and bundle them together. -You can access this tool [here](https://github.com/passbolt/ldaps_cert_util) - -Follow the README instructions, retrieve your certificate and move to step 2. - -### Step 4: tell openldap to use the right certificate - -In Debian: - -```bash -nano /etc/ldap/ldap.conf -``` - -*Note that the ldap.conf can also be found in /etc/ldap/ldap.conf, depending on your distro* - -The content of the file should look like: - -``` -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -#BASE dc=example,dc=com -#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never - -# TLS certificates (needed for GnuTLS) -TLS_CACERT /etc/ssl/certs/cert.crt -``` - -Edit the line with `TLS_CACERT` to make it point to the right certificate. - -That's it. It should now work. Go back to step 1 and execute the ldapsearch command again. You should see a -successful connection to your ldaps server happening. If that's the case, you can get back to Passbolt and try the synchronization again. - -### Alternatively - -If for some obscure reasons openldap was still refusing to cooperate, you can try telling him to ignore the certificate. - -{% include messages/warning.html - content="**Warning:** Do this for tests purpose only. This practice is insecure and could make your server prone to MITM attacks." -%} - -```bash -nano /etc/ldap/ldap.conf -``` - -Then add the line: `TLS_REQCERT never`, and try again. - -If now the connection is going through, it means that there is still an issue with your certificate. - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2020-03-06-configure-email-ssl.md b/_posts/configure/2020-03-06-configure-email-ssl.md deleted file mode 100644 index e43c35355..000000000 --- a/_posts/configure/2020-03-06-configure-email-ssl.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Configure email providers -date: 2020-03-06 00:00:00 Z -description: Configuration of email providers -icon: fa-key -categories: [configure,email] -sidebar: configure -layout: default -slug: setup -permalink: /:categories/:slug.html -redirect_from: -- /configure/email ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Introduction - -Passbolt relies heavily on emails: - - Account creation - - Account recovery - - Notifications on different user actions - -Having a working email setup is essential if you want to use passbolt at its best. There are many email providers -and each one has its own setup process. The aim of this help page is to provide the basic concepts so each admin -can setup their provider adjusting to their particular case. - -## Requirements -You can follow this procedure if you are meeting the following requirements: - -- You are running Passbolt Pro > 3.8.0 or Passbolt Cloud -- You have an active administrator account - -[You are running Passbolt Pro < 3.7.3 ?](#outdated) - -## How does it work? -Configuring email server, but through the UI is a feature introduced with Passbolt v3.8.0 that as for aim to help all administrators who needs to change their SMTP server settings the easiest way.
-We moved the email configuration from *`config/passbolt.php`* directly into the database and your credentials are encrypted with the server GPG public key. - -## Access to email server configuration -In order to configure your email server configuration, go to administration setting workspace.
-*Administration > Email server* - -### Choose your email provider -When you consult your email server settings for the first time, by default, the provider is **Other**. Everything is filled out except logins details. You are free to edit thoses fields to match your email configuration. - -{% include articles/figure.html url="/assets/img/help/2023/07/email_server_settings_v4.png" legend="Email Server - Providers" width="586px" %} - -We also provide pre-filled configuration for most common mail server such as Gmail, AWS SES, etc. -
-But still, you can navigate through *advanced settings* to change all the setings like *SMTP host*, *TLS*, and *port*. - -### Save the settings -To save the settings, you have to click on the *save settings* button. -{% include articles/figure.html url="/assets/img/help/2023/07/email_success_box_v4.png" legend="Email Server - Save configuration" width="586px" %} -If at least one mandatory field is empty or doesn’t have the expected format, an error alert will appears and the interface jumps to the first mandatory field that doesn’t fit the requirements. This field will also shows an error message in red. - -### Test email notifications -You can test your configuration by clicking on the *send test email* button. You must enter a valid recipient email to start the test procedure but the administrator current email is pre-filled. -{% include articles/figure.html url="/assets/img/help/2022/11/email_tests.png" legend="Email Server - Test notifications" width="586px" %} - - -If the email has been successfully sent and you haven't received anything you should check your spam folder. -The logs are also available in a text area if you unfolds the logs section. -
- -# Environment variables -If you are using environment variables, it is still possible to configure your email settings. -
-Please note that the database prevails on environment variables. If you were using environment variables while updating to v3.8.0 or newer version, they will be moved into the database. - -#### TLS -```bash -EMAIL_TRANSPORT_DEFAULT_HOST=your.smtp.provider.host.com -EMAIL_TRANSPORT_DEFAULT_PORT=587 -EMAIL_TRANSPORT_DEFAULT_USERNAME=user -EMAIL_TRANSPORT_DEFAULT_PASSWORD=secret -EMAIL_TRANSPORT_DEFAULT_TLS=true -``` -You should replace: -- your.smtp.provider.host.com -- user -- secret - -With the actual values for your provider. Usually email providers that support TLS use port 587 however you should check with your provider specific requirements. - -#### SSL -```bash -EMAIL_TRANSPORT_DEFAULT_HOST=ssl://your.smtp.provider.host.com -EMAIL_TRANSPORT_DEFAULT_PORT=465 -EMAIL_TRANSPORT_DEFAULT_USERNAME=user -EMAIL_TRANSPORT_DEFAULT_PASSWORD=secret -EMAIL_TRANSPORT_DEFAULT_TLS=null -``` - -All the changes are the same as the TLS providers except that you will set **EMAIL_TRANSPORT_DEFAULT_TLS** to null and replace placeholders with the actual values for your provider. - -## Configure SMTP with Passbolt 3.7.3 or earlier version - - - -### TLS email providers - -If your email provider supports TLS encryption your setup should look like this in `config/passbolt.php`: - -```bash - 'EmailTransport' => [ - 'default' => [ - 'host' => 'your.smtp.provider.host.com', - 'port' => 587, - 'username' => 'user', - 'password' => 'secret', - 'tls' => true, - ], - ], -``` -You should replace: -- your.smtp.provider.host.com -- user -- secret - -With the actual values for your provider. -Usually email providers that support TLS use port 587 however you should check with your provider specific -requirements. - -### SSL email providers - -Some providers support SSL encryption and the setup is slightly different from the TLS case. Just change -your *`config/passbolt.php`* file to look like this: - -```bash - 'EmailTransport' => [ - 'default' => [ - 'host' => 'ssl://your.smtp.provider.host.com', - 'port' => 465, - 'username' => 'user', - 'password' => 'secret', - 'tls' => null, - ], - ], -``` - -All the changes are the same as the TLS providers except that you will set **tls** to null and replace placeholders with the actual values for your provider. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2020-08-10-common-ldap-sync-error-messages.md b/_posts/configure/2020-08-10-common-ldap-sync-error-messages.md deleted file mode 100644 index e55728c3d..000000000 --- a/_posts/configure/2020-08-10-common-ldap-sync-error-messages.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Most common ldap sync error messages -date: 2021-10-11 00:00:00 Z -description: List of most common ldap sync error messages and their meaning. -icon: fa-address-book-o -categories: [configure,ldap] -sidebar: configure -layout: default -slug: ldap-common-sync-error-messages -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Introduction - -Depending on the structure of your directory or the state of the synchronization between passbolt and your directory, passbolt can report certain synchronization issues. -They come from a variety of reasons, here are the most common ones. - -### The user user@domain.com could not be added to group MyGroup because it is not active yet -This error happens when passbolt is trying to add a user to a group, but the user has not yet activated their account. Passbolt -cannot add such users to groups automatically since their account is not operational yet. -When this situation happens, no intervention is required. The user will be added to the group automatically once they activate their account (when they click on the link provided in the email invitation and complete the initial setup). - -### The user user@domain.com could not be mapped with an existing user in passbolt because it was created after. -This error happens when a user was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt user has the priority and should not be synced, since it would also mean that the same user would get -deleted whenever it is deleted from the directory. -When this situation happens, if you absolutely want to sync these 2 users, the solution is to delete the user in passbolt and to run the synchronization again. The user will then be created again and synced. - -### The group MyGroup could not be mapped with an existing group in passbolt because it was created after. -This error happens when a group was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt group has the priority and should not be synced, since it would also mean that the same group would get -deleted whenever it is deleted from the directory. -When this situation happens, if you absolutely want to sync these 2 groups, the solution is to delete the group in passbolt and to run the synchronization again. The group will then be created again and synced. - -### The previously deleted user user@domain.com was not re-added to passbolt. -This error happens when a passbolt user was deleted manually in passbolt but not in the directory. Passbolt then considers that the actions performed in passbolt -have a higher priority and that the user was deleted for a good reason. -When this situation happens, if you absolutely want to sync back this user, the solution is to re-create the user in passbolt and run the synchronization again. - -### The user user@domain.com could not be added to the group MyGroup because of an internal error -This error usually happens when the group could not be created in Passbolt for some reason, which means that it is impossible for the -system to create a group membership for the given user. - -### A request to add user user@domain.com in group MyGroup was sent to the group manager. -This scenario happens when passbolt attempts to add a user to a group that has passwords directly shared with it. -In this case, adding our user to the group would mean having to encrypt all the passwords shared with the group for this new group member. -Due to the end-to-end nature of the solution, the system cannot do it without a human intervention. This is why passbolt sends a request to the group manager so that he can add the user to the group manually, and encrypt the shared secrets at the same time. - -Note: this scenario will not happen in the case of groups without direct access to shared passwords. In this case, the user will be added automatically to the group during the sync. - -### The user userA was not synced with existing membership for group groupA because the membership was created before. -This happens when a user has been added to a group in Passbolt prior to being added to the group in LDAP, or prior to the change in LDAP being synchronized. This means that Passbolt has priority over that membership. To solve this the user will have to be removed from the group in Passbolt and then another synchronization has to occur. Once that happens the user should once again be in the group in Passbolt, or an email should be triggered if the group has shared passwords. - -### No message, but the user I removed from a group in LDAP is still in the group in Passbolt -This tends to happen when a user is added in a group in Passbolt prior to being added to a group in LDAP and then later being removed from the group in LDAP. If you see any errors that are in the format of "The user userA was not synced with existing membership for group groupA because the membership was created before." there is a risk of this issue occuring. This is because Passbolt has priority over this group membership. You will have to manually remove the user from the group in Passbolt in this case. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-debian-auto-pro.md b/_posts/configure/2021-12-16-configure-https-debian-auto-pro.md deleted file mode 100644 index d3d47c50b..000000000 --- a/_posts/configure/2021-12-16-configure-https-debian-auto-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu -date: 2021-12-16 00:00:00 Z -card_title: Debian/Ubuntu auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt -description: Auto configure HTTPS with Let's Encrypt on debian and ubuntu systems -icon: fa-debian -card_position: 1 -categories: [configure,https,pro,debian] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-debian-manual-pro.md b/_posts/configure/2021-12-16-configure-https-debian-manual-pro.md deleted file mode 100644 index c679c9bc6..000000000 --- a/_posts/configure/2021-12-16-configure-https-debian-manual-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Manual HTTPS configuration on Debian and Ubuntu with user provided certificates -date: 2021-12-16 00:00:00 Z -card_teaser: Configure HTTPS with user provided certificates -card_title: Debian/Ubuntu manual HTTPS configuration -description: Configure HTTPS with user provided certificates on debian and ubuntu systems -icon: fa-debian -card_position: 2 -categories: [configure,https,pro,debian] -sidebar: configure -layout: default -slug: manual -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-manual.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-debian-manual.md b/_posts/configure/2021-12-16-configure-https-debian-manual.md deleted file mode 100644 index aed5308d1..000000000 --- a/_posts/configure/2021-12-16-configure-https-debian-manual.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Manual HTTPS configuration on Debian and Ubuntu with user provided certificates -date: 2021-12-16 00:00:00 Z -card_teaser: Configure HTTPS with user provided certificates -card_title: Debian/Ubuntu manual HTTPS configuration -description: Configure HTTPS with user provided certificates on debian and ubuntu systems -icon: fa-debian -card_position: 2 -categories: [configure,https,ce,debian] -sidebar: configure -layout: default -slug: manual -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-manual.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-debian.md b/_posts/configure/2021-12-16-configure-https-debian.md deleted file mode 100644 index 876d2e955..000000000 --- a/_posts/configure/2021-12-16-configure-https-debian.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu -date: 2021-12-16 00:00:00 Z -card_title: Debian/Ubuntu auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt -description: Auto configure HTTPS with Let's Encrypt on debian and ubuntu systems -icon: fa-debian -card_position: 1 -categories: [configure,https,ce,debian] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-docker-manual-pro.md b/_posts/configure/2021-12-16-configure-https-docker-manual-pro.md deleted file mode 100644 index 6c5997ede..000000000 --- a/_posts/configure/2021-12-16-configure-https-docker-manual-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Manual HTTPS configuration on Docker -date: 2021-12-16 00:00:00 Z -card_title: Docker manual HTTPS configuration -card_teaser: Configure HTTPS with user provided certificates -description: Configure HTTPS with user provided certificates on docker -icon: fa-docker -card_position: 4 -categories: [configure,https,pro,docker] -sidebar: configure -layout: default -slug: manual -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-docker-https-manual.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-docker-manual.md b/_posts/configure/2021-12-16-configure-https-docker-manual.md deleted file mode 100644 index 02b8b28c6..000000000 --- a/_posts/configure/2021-12-16-configure-https-docker-manual.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Manual HTTPS configuration on Docker -date: 2021-12-16 00:00:00 Z -card_title: Docker manual HTTPS configuration -card_teaser: Configure HTTPS with user provided certificates -description: Configure HTTPS with user provided certificates on docker -icon: fa-docker -card_position: 4 -categories: [configure,https,ce,docker] -sidebar: configure -layout: default -slug: manual -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-docker-https-manual.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-rpm-pro.md b/_posts/configure/2021-12-16-configure-https-rpm-pro.md deleted file mode 100644 index ed7511892..000000000 --- a/_posts/configure/2021-12-16-configure-https-rpm-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: How to configure HTTPS with RPM package -date: 2021-12-16 00:00:00 Z -card_title: How to configure HTTPS with RPM package -card_teaser: Configure HTTPS with RPM package -description: Configure HTTPS with RPM package -icon: fa-redhat -card_position: 5 -categories: [configure,https,pro] -sidebar: configure -layout: default -slug: rpm -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-rpm-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-configure-https-rpm.md b/_posts/configure/2021-12-16-configure-https-rpm.md deleted file mode 100644 index a6f4b7384..000000000 --- a/_posts/configure/2021-12-16-configure-https-rpm.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: How to configure HTTPS with RPM package -date: 2021-12-16 00:00:00 Z -card_title: How to configure HTTPS with RPM package -card_teaser: Configure HTTPS with RPM package -description: Configure HTTPS with RPM package -icon: fa-redhat -card_position: 5 -categories: [configure,https,ce] -sidebar: configure -layout: default -slug: rpm -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-rpm-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-16-update-database-credentials.md b/_posts/configure/2021-12-16-update-database-credentials.md deleted file mode 100644 index 1228fce72..000000000 --- a/_posts/configure/2021-12-16-update-database-credentials.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Update my database credentials -date: 2021-12-16 00:00:00 Z -description: Update my database credentials -icon: fa-address-book-o -categories: [configure,database] -sidebar: configure -layout: default -slug: credentials -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## With package installation (Debian, Ubuntu, RPM) - -Open **/etc/passbolt/passbolt.php** file and edit the **Datasources** block: - -``` -(...) - // Database configuration. - 'Datasources' => [ - 'default' => [ - 'host' => '127.0.0.1', - 'port' => '3306', - 'username' => 'passbolt', - 'password' => 'password', - 'database' => 'passboltdb', - ], - ], -(...) -``` - -Save and quit. - -## From source installation - -It is the same block to edit than the package installation, but passbolt configuration file is located on **/var/www/passbolt/config/passbolt.php** - -## With docker installation - -Database credentials are set in environment variables and you need to edit them for each container: - -For mariadb container: - -``` -MYSQL_DATABASE: "passboltdb" -MYSQL_USER: "passbolt" -MYSQL_PASSWORD: "very-strong-password" -``` - -For passbolt container: - -``` -DATASOURCES_DEFAULT_DATABASE: "passboltdb" -DATASOURCES_DEFAULT_USERNAME: "passbolt" -DATASOURCES_DEFAULT_PASSWORD: "very-strong-password" -``` - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-30-configure-https-docker-auto-pro.md b/_posts/configure/2021-12-30-configure-https-docker-auto-pro.md deleted file mode 100644 index 569312922..000000000 --- a/_posts/configure/2021-12-30-configure-https-docker-auto-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on Docker -date: 2021-12-30 00:00:00 Z -card_title: Docker auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt -description: Auto configure HTTPS with Let's Encrypt on docker -icon: fa-docker -card_position: 3 -categories: [configure,https,pro,docker] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-docker-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-30-configure-https-docker-auto.md b/_posts/configure/2021-12-30-configure-https-docker-auto.md deleted file mode 100644 index 9493d6589..000000000 --- a/_posts/configure/2021-12-30-configure-https-docker-auto.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on Docker -date: 2021-12-30 00:00:00 Z -card_title: Docker auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt -description: Auto configure HTTPS with Let's Encrypt on docker -icon: fa-docker -card_position: 3 -categories: [configure,https,ce,docker] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-docker-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2021-12-30-env-var-reference.md b/_posts/configure/2021-12-30-env-var-reference.md deleted file mode 100644 index 5f907d7c9..000000000 --- a/_posts/configure/2021-12-30-env-var-reference.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Passbolt reference environment variables -date: 2021-12-30 00:00:00 Z -description: Passbolt environment variable reference -icon: fa-server -categories: [configure,environment] -sidebar: configure -layout: default -slug: reference -permalink: /:categories/:slug.html -redirect_from: - - /configure/reference ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include configure/env-var-reference.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-02-02-configure-mfa-yubikey.md b/_posts/configure/2022-02-02-configure-mfa-yubikey.md deleted file mode 100644 index b0d1b21d6..000000000 --- a/_posts/configure/2022-02-02-configure-mfa-yubikey.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -title: How to configure passbolt to use Yubikey OTP -date: 2022-02-02 00:00:00 Z -card_title: How to configure YubiKey with Passbolt -card_teaser: How to configure passbolt to use Yubikey OTP -icon: fa-key -categories: [configure, mfa] -sidebar: configure -layout: default -slug: yubikey -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Passbolt Pro Edition since v2.5 and CE since 3.9 support Yubikey OTP as a multi factor authentication option. -Yubico OTP is a simple authentication mechanism that is supported by all YubiKeys out of the box. - -{% include messages/notice.html - content="Please note than only [Yubikey 5 Series](https://www.yubico.com/products/yubikey-5-overview/) are supported. [Security Keys](https://www.yubico.com/products/security-key/) with FIDO2/U2F/WebAuthN support are currently not supported." -%} - -{% include articles/figure.html - url="/assets/img/help/2018/11/mfa-yubikey-login.jpg" - legend="Using a Yubikey at login" - width="450px" -%} - -{% include messages/warning.html -content="**Important:** Multi Factor Authentication requires HTTPS to work." -%} - -## Security considerations - -It is important to enable and setup at least one additional multi factor authentication provider in -case the user lose its Yubikey or the the Yubicloud service becomes temporarily not available. - -During a login attempt the passbolt will check if the key ID used by the user is the same that was -used during setup. To change key (if the key was lost for example) a user will need to first disable -the Yubikey provider in their settings. - -## Get a Yubikey cloud api key - -In order to use Yubikey OTP you need get an API key for Yubicloud, Yubico’s web service for verifying OTPs. -Please note that it is no longer possible to [host yourself the OTP validation server](https://support.yubico.com/hc/en-us/articles/360021227000-YK-VAL-YK-KSM-and-YubiHSM-1-End-of-Life){:target="_blank"}. - -{% include articles/figure.html - url="/assets/img/help/2018/11/mfa-yubikey-admin.png" - legend="Yubicloud registration" - width="550px" -%} - -Before using YubiCloud, you need to get an API key from [upgrade.yubico.com](https://upgrade.yubico.com/getapikey/){:target="_blank"} -in order to prevent misuse of the service. You will need to authenticate yourself using a Yubikey One-Time Password -and provide your e-mail address as a reference, as well as read and accept the terms of service. - -## Make sure YubiCloud urls are whitelisted - -In order to verify a Yubikey OTP passbolt will need to connect to YubiCloud. -If you prevent outgoing connection from Passbolt server to the following domains: -- api.yubico.com -- api2.yubico.com -- api3.yubico.com -- api4.yubico.com -- api5.yubico.com - -One or more of these domains may be used to try to validate an OTP. - -## Set the configuration in passbolt - -You can configure Yubikey OTP using either the admin interface or environment variables. If multiple -settings providers are used the settings in the admin interface will override the one used in environment variables. - -### Using admin user interface - -A user interface is provided for administrators to setup MFA providers. -Click on "administration" in the top menu, then "multi-factor authentication" on the left menu. -You can then enable or disable the Yubikey provider by providing the user id and secret key that -you gathered in the previous steps. Click "save settings" when you are done. - -{% include articles/figure.html - url="/assets/img/help/2018/12/AD_mfa_org_settings_yubikey.png" - legend="MFA organization settings for Yubikey" - width="550px" -%} - -### Using environment variables - -If you are [using docker](/hosting/install/ce/docker.html), you can set these environment variables to configure your Yubikey: - - - - - - - - - - - - - - - - - - - - - -
Variable nameDescriptionType
PASSBOLT_PLUGINS_MFA_YUBIKEY_SECRETKEYYubicloud secret keystring
PASSBOLT_PLUGINS_MFA_YUBIKEY_CLIENTIDYubicloud client idinteger
-
- -## Setting Yubikey for a given passbolt user account - -Once you have the Yubikey integration configured and Yubikey plugged in your computer you -can proceed with enabling Yubikey as provider for your user account. It is important you test -this to make sure the integration works. - -{% include articles/figure.html - url="/assets/img/help/2018/11/mfa-providers.png" - legend="MFA provider selection for passbolt user" - width="550px" -%} - -When logged in passbolt go to your profile section and click on "Multi-factor authentication" -in the left sidebar. You should see the list of providers that are enabled for this instance. -Click on the Yubikey provider. Passbolt will then prompt you to touch your Yubikey -to enter a one time password. - -The next time you try login from a new device, you will be presented with a Yubikey -authentication prompt. - -{% include articles/figure.html - url="/assets/img/help/2018/11/mfa-yubikey-login2.png" - legend="Login prompt" - width="550px" -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-03-21-configure-https-ova-auto.md b/_posts/configure/2022-03-21-configure-https-ova-auto.md deleted file mode 100644 index 331e3fcd1..000000000 --- a/_posts/configure/2022-03-21-configure-https-ova-auto.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on OVA -date: 2022-03-21 00:00:00 Z -card_title: OVA auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt on OVA -description: Auto configure HTTPS with Let's Encrypt on OVA -icon: fa-server -card_position: 10 -categories: [configure,https,pro,ova] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign lets_encrypt_requirement = 'yes' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-03-29-configure-https-aws-ce-auto.md b/_posts/configure/2022-03-29-configure-https-aws-ce-auto.md deleted file mode 100644 index 7f8e32aa8..000000000 --- a/_posts/configure/2022-03-29-configure-https-aws-ce-auto.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on AWS -date: 2022-03-29 00:00:00 Z -card_title: AWS auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt on AWS -description: Auto configure HTTPS with Let's Encrypt on AWS -icon: fa-aws -card_position: 10 -categories: [configure,https,ce,aws] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign lets_encrypt_requirement = 'yes' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-03-29-configure-https-aws-pro-auto.md b/_posts/configure/2022-03-29-configure-https-aws-pro-auto.md deleted file mode 100644 index 4cdece790..000000000 --- a/_posts/configure/2022-03-29-configure-https-aws-pro-auto.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on AWS -date: 2022-03-29 00:00:00 Z -card_title: AWS auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt on AWS -description: Auto configure HTTPS with Let's Encrypt on AWS -icon: fa-aws -card_position: 10 -categories: [configure,https,pro,aws] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign lets_encrypt_requirement = 'yes' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-03-29-configure-https-digital-ocean-ce-auto.md b/_posts/configure/2022-03-29-configure-https-digital-ocean-ce-auto.md deleted file mode 100644 index f7d854fc7..000000000 --- a/_posts/configure/2022-03-29-configure-https-digital-ocean-ce-auto.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Auto configure HTTPS with Let's Encrypt on Digital Ocean -date: 2022-03-29 00:00:00 Z -card_title: Digital Ocean auto configure HTTPS -card_teaser: Auto configure HTTPS with Let's Encrypt on Digital Ocean -description: Auto configure HTTPS with Let's Encrypt on Digital Ocean -icon: fa-digitalocean -card_position: 10 -categories: [configure,https,ce,digital-ocean] -sidebar: configure -layout: default -slug: auto -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign lets_encrypt_requirement = 'yes' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-debian-package-nginx-https-auto.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2022-07-28-configure-account-recovery.md b/_posts/configure/2022-07-28-configure-account-recovery.md deleted file mode 100644 index abd302749..000000000 --- a/_posts/configure/2022-07-28-configure-account-recovery.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: How to configure Account Recovery -date: 2022-08-05 00:00:00 Z -card_title: How to configure Account Recovery -icon: fa-key -categories: [configure] -sidebar: configure -layout: default -slug: account-recovery -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include configure/configure-account-recovery.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-01-18-configure-sso-azure.md b/_posts/configure/2023-01-18-configure-sso-azure.md deleted file mode 100644 index f4bf56865..000000000 --- a/_posts/configure/2023-01-18-configure-sso-azure.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: How to configure SSO with Microsoft -date: 2023-03-15 00:00:00 Z -card_title: How to configure SSO with Microsoft -card_teaser: Configure SSO with Microsoft Azure AD -description: -icon: fa-brands fa-windows -categories: [configure, sso] -sidebar: configure -layout: default -slug: azure -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html -content="**Attention**: This feature is currently available only in Passbolt Pro Edition." -%} - -Since version 3.9, Passbolt Pro Edition supports SSO with Microsoft via Azure AD. - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-passbolt-login.png" -legend="SSO with Azure" -%} - -## How does it work? - -In short Passbolt SSO leverages Azure OAuth2/OpenID on top of the existing [challenge-based authentication](/api/authentication). -The user by logging in Microsoft unlocks a key stored server side needed to decrypt the secret key passphrase twice encrypted -with a non-extractable symetric key stored in the browser extension local storage client side. - -To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the -[developer documentation](https://docs.google.com/document/d/1S58TonJ2uXwkaKl7WwLzTzmwJGiSJdhlqP-xbmxFBd0/edit#heading=h.5z0ujk6vpr1j). - -## How to configure the plugin? - -{% include messages/warning.html -content="**Attention**: This feature requires HTTPS to work." -%} - -Open both the Azure portal and Passbolt: -- You will need to go the administration section of your Passbolt instance and then to the "Single Sign On" section. -- You will need to also login to the [Azure Portal](https://portal.azure.com). - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-passbolt-admin.png" -legend="Passbolt administration" -%} - -You must ensure users are present both in passbolt and Azure AD, the email is used to correlate accounts. -- Users that are not present in Azure AD but are present in passbolt will not be able to use SSO (a message on microsoft side will be shown). -- Users that are not present in passbolt but are present in Azure AD will not be able to login in passbolt (a message on passbolt side will be shown). - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-0-azure-home.png" -legend="Azure Portal" -%} - -### Configure Azure AD -In your Azure AD portal: -- Go to Azure Directory service (or set one up) - - Make sure your user email in Azure Directory matches the one in [assbolt -- Copy your Tenant ID (a UUID) and paste it in passbolt -- Go to App Registrations > New registration OR "+ Add" > "App Registration" - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-1-azure-directory.png" -legend="Azure AD" -%} - -Register a new application -- Give it a Name such as "Passbolt SSO" -- Select the supported account type you desire. "Accounts in this organizational directory only" is a good default. -- Copy the redirect url from Passbolt to Azure, it should be something like `https://yourdomain.com/sso/azure/redirect`. -- In "Select a platform", select "Web" -- Click register, you should be back on the Azure application page -- Copy the application (client) ID back to your passbolt instance - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-2-create-app.png" -legend="App registration" -%} - -Add a secret for the application -- On the Azure application page, click on "Certificate and secrets" -- Click on "New client secret" -- Choose a name like "Passbolt SSO Secret" -- Select an expiry date -- Copy the secret value and expiry back to your passbolt instance - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-4-create-secret.png" -legend="App secret creation" -%} - -In your passbolt instance: -- Click save settings -- A dialog will open with Microsoft button, click on it -- A popup will open asking you to perform the authentication with Microsoft -- Once the authentication is successful you can save the settings -- Once the settings have been saved, you can log out, you should then see an SSO option - -{% include articles/figure.html -url="/assets/img/help/2023/01/sso-passbolt-test.png" -legend="Passbolt SSO test settings" -%} - -Please note that users must successfully perform a login using their current passphrase *after SSO has been activated* -in order for the SSO option to be proposed to them at future logins. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-01-23-configure-totp.md b/_posts/configure/2023-01-23-configure-totp.md deleted file mode 100644 index 878996605..000000000 --- a/_posts/configure/2023-01-23-configure-totp.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: How to configure passbolt to use TOTP -date: 2018-11-15 00:00:00 Z -card_title: How to configure TOTP with Passbolt -card_teaser: How to configure passbolt to use TOTP -description: -icon: fa-key -categories: [configure, mfa] -sidebar: configure -layout: default -slug: totp -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Passbolt Pro Edition since v2.4.0 support TOTP (Time-based One Time Password). - -TOTP is a type of authentication method that generates a new, unique password at set intervals (such as every 30 seconds) to be used in addition to a static username and password. - -{% include messages/warning.html - content="**Important:** Multi Factor Authentication requires HTTPS to work." -%} - -## Security considerations - -When using Time-based One-time Passwords (TOTP) as a form of multi-factor authentication, it is important to enable and set up at least one additional form of multi-factor authentication as a backup, in case the TOTP service becomes temporarily unavailable. - -This will ensure that users are still able to access their accounts even if one form of authentication is not working. - -Another consideration is to ensure that the time-synchronization between the server and the client devices is accurate, if not TOTP codes will not match and the authentication will fail. - -## Install a TOTP application - -In order to use this authentication service, each of your users will need to install -an application that supports Time Based One Time Passwords (TOTP) such as Google Authenticator or FreeOTP. Throughout this page, we will take the Google authenticator mobile application which works on smartphones or tablets. - -- [Google Authenticator for Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en&gl=US&pli=1) on google play store. -- [Google Authenticator for iOS](https://apps.apple.com/us/app/google-authenticator/id388497605) on apple store. - - -## Enable TOTP -Log in to Passbolt and navigate to the administration page. (*Administration > Multi Factor Authentication*). - -You should be able to enable "Time-based One Time Password". - -{% include articles/figure.html - url="/assets/img/help/2023/01/totp-passbolt-admin-enable.png" - legend="Enable TOTP in Administration settings" - width="550px" -%} - -Do not forget to save settings. - -## Configure TOTP - -Log in to Passbolt and navigate to the settings page by clicking on your avatar. -Navigate to *Settings > Multi Factor Authentication*. -You should be able to select a provider. - -As mentionned before, troughout this example we will take Google Authenticator TOTP. - -{% include articles/figure.html - url="/assets/img/help/2023/01/totp-passbolt-user-enable.png" - legend="Enable TOTP in User settings" - width="550px" -%} - -After you clicked on your provider, you are allowed to go further by clicking on "Get Started!". - -A QR code will be displayed, which you can scan using the Google Authenticator app. The app will generate a six-digit code that changes every 30 seconds. Enter this code into Passbolt to verify that it is working correctly. Save the backup key provided or write it down in a secure place. You will need this key to recover your account if you lose your phone. - -Once you have set up TOTP, every time you log in to Passbolt, you will be prompted to enter the six-digit code generated by the Google Authenticator app. This code is unique to your device and changes every 30 seconds, providing an extra layer of security for your Passbolt account. - -{% include articles/figure.html - url="/assets/img/help/2023/01/totp-passbolt-user-working.png" - legend="TOTP successfully enabled" - width="550px" -%} - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-02-27-configure-login-authentication-smtp.md b/_posts/configure/2023-02-27-configure-login-authentication-smtp.md deleted file mode 100644 index 56a9c3210..000000000 --- a/_posts/configure/2023-02-27-configure-login-authentication-smtp.md +++ /dev/null @@ -1,370 +0,0 @@ ---- -title: Configure Email authentication -date: 2023-02-26 00:00:00 Z -description: Configuration of the authentication methods that is used with SMTP -icon: fa-key -categories: [configure,email] -sidebar: configure -layout: default -slug: smtp-authentication -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Table of contents: -- [Table of contents:](#table-of-contents) -- [Introduction](#introduction) -- [Google](#google) -- [Office 365](#office-365) -- [ElasticEmail](#elasticemail) -- [MailGun](#mailgun) -- [Mailjet](#mailjet) -- [Mailchimp](#mailchimp) -- [Sendgrid](#sendgrid) -- [Sendinblue](#sendinblue) -- [Zoho](#zoho) -- [AWS SES](#aws-ses) -- [Other](#other) - -## Introduction -This page is dedicated to providing you with valuable resources to help you configure an authentication method based on the email provider you choose. Authentication is an essential security measure that verifies the identity of users and ensures that only authorized individuals have access to sensitive information. - -In order to follow this guide, you will need an email provider. -If you want to know how to configure your email provider, please [follow this link](/configure/email/setup). - - -## Google - -Passbolt provides two different options for Google: Google Workspace and Google Email. - -**Google Workspace** is a paid productivity suite that includes business email, cloud storage, video conferencing, and other collaboration tools. It is designed for use by businesses and organizations of all sizes, and provides additional features such as custom email addresses, shared calendars, and team drives. - -It uses *smtp-relay.gmail.com* as its SMTP server address. This server is intended to be used by applications that send email on behalf of users, such as custom scripts or third-party applications. This server is designed to provide higher sending limits, enhanced reliability, and better tracking of email sent through it. - -**Google Email** is a free email service that is available to anyone with a Google account. It is primarily intended for personal use and provides users with a simple, user-friendly email interface. - -It uses *smtp.gmail.com* as its SMTP server address. This server is intended for use by individual users who want to send email using a desktop email client, such as Microsoft Outlook or Apple Mail. This server provides standard sending limits and is intended for personal use. - - -To use Google's authentication method on the Passbolt GUI, it is important to note that you should not use your personal Google password for security reasons. Instead, you will need to create an "App password" specifically for Passbolt. This is a unique password that will be used solely for Passbolt and is not the same as your personal Google password. - -- Enable MFA - -In order to have a dedicated application password you will need to enable MFA on your Google account, if you already have MFA enabled you can skip to the second part. - -You will have to navigate from *Manage your Google Account > Security > Signing in to Google* - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-gmail-mfa-not-enabled.png" legend="Google - Enable MFA" width="586px" %} - -After clicking on *2-Step-Verification* you should be redirected to a "Get Started" page as shown below - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-enabling-mfa.png" legend="Google - MFA (Get Started)" width="586px" %} - -To configure MFA on Google you will need a TOTP Mobile Application. - -- Enable Application Password - -Now that MFA is enabled on your Google account, please go back to *Security > Signing in to Google* - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-gmail-mfa-enabled.png" legend="Google - MFA Enabled" width="586px" %} - -You will have the choice for the selection of the application, our recommendation is to use *Other (Custom name)*, as it will be easier for your organisation. In our case, we will name it "Passbolt". - -***An application password should have been generated, it contains 16 digits and should not be shared.*** - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-gmail-app-password.png" legend="Google - Generated App password" width="586px" %} - -**WARNING:** Please, note that the password could not be shown after your close the tab, please be sure to copy the application password generated otherwise you will need to generate a new one. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -In our example, we will use Google Email, but if you are using a premium subscription with google, do not forger to use Google Workspace instead. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-username-password-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -Under authentication method, choose *Username & password*, provide your Google username which basically is your email address, for the password you can paste the previously generated application password. - -{% include configure/configure-smtp.md %} - -## Office 365 - -- Administration panel - -When you are using Office 365, you will need to access your [Microsoft 365 admin center](https://admin.microsoft.com). - -- Create your SMTP Credentials - -Office 365 uses OAuth 2.0 for authentication, so you will need to set up an *application password* to authenticate with the SMTP server. - -In the Microsoft 365 admin center, navigate to *[Additional security verification page](https://mysignins.microsoft.com/security-info)* > Add sign-in method > App password - -{% include articles/figure.html url="/assets/img/help/2023/08/office365-app-password-menu.png" legend="Microsoft - Create an application password" width="586px" %} - -**WARNING:** Please, note that the password could not be shown after your close the tab, please be sure to copy the application password generated otherwise you will need to generate a new one. - -{% include articles/figure.html url="/assets/img/help/2023/08/office365-app-password-example.png" legend="Microsoft - Application password" width="586px" %} - - -Now, you'll need to get the SMTP settings that are available from Outlook in *Settings > Mail > POP and IMAP* - -{% include articles/figure.html url="/assets/img/help/2023/08/office365-smtp-credentials.png" legend="Microsoft - SMTP Settings" width="586px" %} - - -- Authentication on Passbolt GUI - -On your Passbolt instance, navigate to "Administration" > "Email server." - -You will need to fill in your SMTP credentials to match your authentication method, remember, do not use the login credentials but the application password instead. - -{% include articles/figure.html url="/assets/img/help/2023/08/passbolt-office365-smtp-settings.png" legend="Passbolt - Email authentication" width="586px" %} - -{% include configure/configure-smtp.md %} - -## ElasticEmail - -- Administration panel - -When you are using ElasticEmail, once logged in, you will be automatically redirected to the administration panel dashboard. - -You will need to navigate to *Settings > SMTP > Create SMTP credentials*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-elasticemail-credentials-panel.png" legend="ElasticEmail - SMTP Credentials Panel" width="850px" %} - -- Create your SMTP Credentials - -When you create new SMTP credentials, ElasticEmail will generate a unique password consisting of 40 random characters. The username for your SMTP credentials is your email address associated with your ElasticEmail account. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-elasticemail-credentials-example.png" legend="ElasticEmail - SMTP Credentials" width="586px" %} - -To copy your newly generated password, simply click on the "Copy" button next to the password field. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-elasticemail-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## MailGun - -- Administration panel - -When you are using MailGun, once logged in, you will be automatically redirected to the administration panel dashboard. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailgun-credentials-panel.png" legend="MailGun - SMTP Credentials Panel" width="586px" %} - -You will need to navigate to *Sending > Overview*. - -- Create your SMTP Credentials - -On this page you will find the SMTP hostname, port, username, and default password that you will need to set up SMTP authentication for your email sending requests. - -MailGun provides a dedicated page for managing your SMTP credentials. To access this page, you can click on the "SMTP Credentials" link located in the "SMTP" section. Here you can create new SMTP credentials by clicking on the "Add New SMTP Credential" button. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailgun-credentials-example.png" legend="MailGun - SMTP Credentials" width="586px" %} - -When you create new SMTP credentials on MailGun, the platform will generate a unique password consisting of 50 random characters. You can use this password to authenticate your email sending requests through the MailGun SMTP servers. - -It's important to keep your MailGun SMTP credentials secure, as they can be used to send emails from your account. You should never share your password or username with anyone, and you should take steps to protect your account from unauthorized access. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailgun-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## Mailjet - -- Administration panel - -When you are using Mailjet, once logged in, you will be automatically redirected to the administration panel dashboard. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailjet-credentials-panel.png" legend="Mailjet - SMTP Credentials Panel" width="586px" %} - -You will need to navigate to *Senders & Domains > SMTP & SEND API Settings*. - -- Create your SMTP Credentials - -Mailjet provides a dedicated page for managing your API keys. You can create a new API key by selecting the "SMTP & API Keys" option from the dashboard, clicking on the "Create a new API Key" button, and then following the prompts. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailjet-credentials-example.png" legend="Mailjet - SMTP Credentials" width="586px" %} - -When you create a new API key on Mailjet, the platform will generate a unique key pair consisting of a public API key and a secret key. The public API key can be used as the SMTP username for your email sending requests, while the secret key can be used as the SMTP password. - -It's important to keep your Mailjet API keys secure, as they can be used to access your Mailjet account and send emails from your account. You should never share your secret key or public API key with anyone, and you should take steps to protect your account from unauthorized access. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-mailjet-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## Mailchimp - -- Administration panel - -When you are using Mailchimp, once logged in, you will be automatically redirected to the administration panel dashboard. - -You will need to navigate to *Transactionnal > SMTP & API > SMTP Credentials* and click on Create A Key. - -- Create your SMTP Credentials - -Give your new SMTP key a name that is easy to remember, such as the name of your web application. When you create an SMTP key, you will be prompted to give it a name that will help you remember what it's for. This is important because you may have multiple SMTP keys for different applications, and you don't want to get them confused. Make sure to choose a name that is descriptive and easy to remember, such as the name of your web application. - -Copy the generated SMTP key as you will need it to authenticate your SMTP requests. After you have created your SMTP key, Mailchimp will generate a unique key string that you will need to copy and use to authenticate your SMTP requests. Make sure to copy the entire key string exactly as it appears, as any errors or omissions could prevent your SMTP requests from being authenticated. - -Your SMTP username is the same as the login credentials to your Mailchimp account. Make sure that it remain, with the correct capitalization and any special characters. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## Sendgrid - -- Administration panel - -When you are using Sendgrid, once logged in, you will be automatically redirected to the administration panel dashboard. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendgrid-credentials-panel.png" legend="Sendgrid - SMTP Credentials Panel" width="586px" %} - -You will need to navigate to *Settings > API Keys* and click on Create API Key. - -- Create your SMTP Credentials - -When creating a new API key, you can give it a name that's easy for you to remember, such as "Passbolt". SendGrid will then generate a unique API key consisting of 70 random characters. This key can be used to authenticate your email sending requests through the SendGrid SMTP servers. - -After generating the API key, you can use the settings shown to configure your email client or application. The SMTP username should be "apikey". The SMTP password is the API key that you generated in the previous step. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendgrid-credentials-example.png" legend="Sendgrid - SMTP Credentials" width="586px" %} - -It's important to keep your SendGrid API key secure, as it can be used to access your SendGrid account and send emails from your account. You should never share your API key with anyone, and you should take steps to protect your account from unauthorized access. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendgrid-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} -## Sendinblue - -- Administration panel - -When you are using Sendinblue, once logged in, you will be automatically redirected to the administration panel dashboard. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendinblue-credentials-panel.png" legend="Sendinblue - SMTP Credentials Panel" width="586px" %} - -You will need to navigate to *Your Senders & Domains > SMTP & API*. - -- Create your SMTP Credentials - -You will find your SMTP key value under the "SMTP Credentials" section. This key can be used to authenticate your email sending requests through the Sendinblue SMTP servers. - -Sendinblue also provides the SMTP settings that you can use to configure your email client or application. The SMTP username is your Sendinblue account email address. The SMTP password is your SMTP key value. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendinblue-credentials-example.png" legend="Sendinblue - SMTP Credentials" width="586px" %} - -It's important to keep your Sendinblue SMTP key value secure, as it can be used to access your Sendinblue account and send emails from your account. You should never share your SMTP key value with anyone, and you should take steps to protect your account from unauthorized access. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-sendgrid-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} -## Zoho - -- Administration panel - -You will need to navigate to your ZohoMail administration panel, in order to do that you can click on the gear icon located in the top-right corner of the screen. A drop-down menu will appear with several options, please click on the "Control Panel" to access the Zoho administration panel - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-zoho-credentials-panel.png" legend="Zoho - SMTP Credentials Panel" width="586px" %} - -You will need to navigate to *Security > App password*. - -- Create your SMTP Credentials - -You will be prompt to generate a name for the "App password", we recommend to use "Passbolt". - -Then, you will need to click on "Generate" and a random application password will be generated. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-zoho-credentials-example.png" legend="Zoho - SMTP Credentials" width="586px" %} - -Please, be sure to save this password as you will need it to authenticate on the Passbolt GUI. - -Your SMTP username should be the Zoho account email address and your SMTP password is the application password that has been generated previously. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -{% include articles/figure.html url="/assets/img/help/2023/02/smtp-zoho-authentication.png" legend="Passbolt - Email authentication" width="586px" %} - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## AWS SES - -- Navigate through your AWS Management Console - -You'll see the navigation panel on the left-hand side of the screen. - -When you are on the navigation panel, you will need to navigate to *Email Sending > SMTP Settings*. - -- Create your SMTP Credentials - -Once you are on the SMTP Settings page, you can click on the "Create SMTP Credentials" button to begin the process. When prompted, you can either accept the default name for your credentials or choose a custom name that is easy for you to remember, such as "Passbolt". - -Once you have selected a name for your credentials, AWS SES will generate a set of SMTP credentials that you can use to authenticate your email sending requests. These credentials will consist of an SMTP username and password. - -To download your newly created SMTP credentials, simply click on the "Download Credentials" button. This will download a file containing your SMTP username and password. It's important to keep this file safe and secure, as it contains sensitive information that can be used to send emails from your account. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -You will need to fill in your smtp credentials to match your authentication method (username & password). - -{% include configure/configure-smtp.md %} - -## Other - -If you are using another smtp email provider or a local one, you'd rather use the **"Other"** email provider. - -- Authentication on Passbolt GUI - -On your Passbolt instance, you can navigate to *Administration > Email server*. - -You will need to fill in your smtp credentials to match your authentication method, it could be: -1. Username & Password -2. Username only -3. None - -Please, take into consideration that if you are using an email provider that doesn't require any authentication, you'll need to use the *none* authentication method, leaving empty fields with another authentication method could result in a failure to send emails. - -{% include configure/configure-smtp.md %} \ No newline at end of file diff --git a/_posts/configure/2023-03-27-configure-sso-google.md b/_posts/configure/2023-03-27-configure-sso-google.md deleted file mode 100644 index db58beb2a..000000000 --- a/_posts/configure/2023-03-27-configure-sso-google.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: How to configure SSO with Google -date: 2023-01-18 00:00:00 Z -card_title: How to configure SSO with Google -card_teaser: Configure SSO with Google Cloud Identity -icon: fa-brands fa-google -categories: [configure, sso] -sidebar: configure -layout: default -slug: google -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/notice.html -content="**Attention**: This feature is only available in Passbolt Pro Edition." -%} - -Since version 4.0.0, Passbolt Pro Edition supports SSO with Google via Google Cloud Identity. - -{% include articles/figure.html -url="/assets/img/help/2023/05/passbolt-sso-google-login.png" -legend="Passbolt GUI - SSO Login with Google Cloud Identity" -%} - -{% include messages/warning.html - content="**Important:** Passbolt will request a Google API for authorization, if you have firewall rules setup, you have to allow your server to request the accounts.google.com domain." -%} - -## How does it work? - -In short Passbolt SSO leverages Google OAuth2/OpenID on top of the existing [challenge-based authentication](/api/authentication). The user by logging in Google unlocks a key stored server side needed to decrypt the secret key passphrase twice encrypted with a non-extractable symetric key stored in the browser extension local storage client side. - -To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the [developer documentation](https://docs.google.com/document/d/1Id33XyNRxyeJ5sof5ggWNpFUq1nX6RKwU8vLIe8ROF8/edit). - -## How to configure the plugin? - -Open both the [Google API console](https://console.developers.google.com/) and Passbolt: - -Once the plugin is enabled you will need to go the administration section of your Passbolt instance and then to the “Single Sign On” section. - -You will need to also login to the Google API console. - -{% include articles/figure.html -url="/assets/img/help/2023/05/sso-google-panel.png" -legend="Passbolt administration - SSO" -%} - -With Passbolt v4.0.0, SSO users can self-register themselves if self registration plugin is enabled. Which means that if one of your users is not yet configured in the browser, he can use SSO to self-register. If self registration plugin is not enabled, you must ensure users are present both in Passbolt and Google Cloud, the email is used to correlate accounts. - -- Users that are not present in Google Cloud but are present in Passbolt will not be able to use SSO (a message on google side will be shown). -- Users that are not present in Passbolt but are present in Google Cloud will not be able to login in Passbolt (a message on Passbolt side will be shown). -- If self registration is enabled, users that are not present in Passbolt but are present in Google Cloud will be able to self-register in Passbolt (a message on Passbolt side will be shown). - -## Configure Google SSO - -Navigate to your project lists, click on "New project" button - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-projects.png" -legend="Google API Console - Projects" -%} - -In the new project screen, you will be prompted to enter a project name, you can edit the project ID or accept the default one, select an organization and the location. After that, click on "Create" button to create the project, it should appear in your project list as shown above. - -### Set up OAuth - -Once the project is create, navigate to *APIs & Services > OAuth consent screen* - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-oauth.png" -legend="Google API Console - Burger Menu" -%} - -On this page, choose the user type to "Internal" and click the "Create" button. [Read more about user type](https://support.google.com/cloud/answer/10311615#user-type) - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-oauth-type.png" -legend="Google API Console - OAuth conset screen" -%} - -**Note:** As the name suggests, the “Internal” type app will only be available to users within your organization. However selecting “External” might work, we do not recommend it to use with Passbolt as it can let any user with a valid google account can sign-in to Passbolt. - -- Fill in required fields like App name, support email, and developer contact information and click the “Save and continue” button. You can also fill in the details of optional fields if you want. - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-oauth-app-information.png" -legend="Google API Console - OAuth App Information" -%} - -- On the Scopes page, you must have to select these three scopes: - - auth/userinfo.email - - auth/userinfo.profile - - openid - -Once it is done, click on “Save and continue” to go to the next screen. - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-oauth-scopes.png" -legend="Google API Console - OAuth Scopes" -%} - -- Verify and submit the summary of the details you selected. - -## Create credentials - -Navigate to *APIs & Services > Credentials* and click on *Create credentials > OAuth client ID*. - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-credentials.png" -legend="Google API Console - Create Credentials" -%} - -On the Create OAuth client ID screen, select Application type to “Web application”, then enter the name of your choice, Authorized Javascript origins, Authorized redirect URIs *(You can get this from the Passbolt SSO settings page)* - -Once you’ve entered all the details click on the “Create” button to create the credentials. - -When credentials are created, you’ll get Client ID and Client secret. These are the two things you’ll need to add to Passbolt when you configure the Google SSO. - -{% include articles/figure.html -url="/assets/img/help/2023/05/google-api-oauth-client-created.png" -legend="Google API Console - Credentials Created" -%} - -{% include messages/warning.html - content="**Things to consider:** The Authorized redirect URIs should be the URL given by the passbolt while configuring SSO from administration (https:///app/administration/sso). Google can accept any valid URL in redirect URLs but it might not work with passbolt." -%} - -## Configure SSO through the GUI - -To finish the configuration, navigate to *Administration > Single Sign On* - -Fill the fields with what we created, such as: -1. Application ID -2. Secret - -{% include articles/figure.html -url="/assets/img/help/2023/05/passbolt-sso-google-test.png" -legend="Passbolt GUI - Google SSO Test Settings" -%} - -After that, a dialog will open with a "Sign in with Google" button, click on it. -A popup will open asking you to perform the authentication with Microsoft, once the authentication is successful you can save the settings. -Once the settings have been saved, you can log out and you should see an SSO option. - -**Note:** Users must successfully perform a login using their current passphrase after SSO has been activated in order for the SSO option to be proposed to them at future logins. - diff --git a/_posts/configure/2023-06-13-configure-password-policies.md b/_posts/configure/2023-06-13-configure-password-policies.md deleted file mode 100644 index 8caa4503d..000000000 --- a/_posts/configure/2023-06-13-configure-password-policies.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: How to configure the Password Policies -date: 2023-09-14 00:00:00 Z -card_title: How to configure the Password Policies -card_teaser: -description: -icon: fa-key -categories: [configure] -sidebar: configure -layout: default -slug: password-policies -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html -content="**Attention**: This feature is currently available only in Passbolt Pro Edition." -%} - -Since version 4.2, Passbolt Pro Edition supports the configuration of Password Policies. - -{% include articles/figure.html -url="/assets/img/help/2023/09/password-policies-administration.png" -legend="Password Policies administration" -%} - -## How does it work? - -This feature allows administrators to define the default secret generator settings and an external service should be used to check if the generated passwords have been leaked or not. -These policies concern only the secrets that are accessible in the resource workspace, it's not relative to the user's private key passphrase (for this part, please check the User Passphrase Policies). - -Once configured, the secret generators preset their default configuration with these policies. As a consequence, when a secret is generated from the "dice" button or from the in-form menu, generators use the policies as a default configuration. -However, a user still has the possibility to change the configuration on demand to avoid blocking situation when a service asks specific secret patterns. - -## How to configure the plugin? - -The plugin is enabled by default and since the version 4.2.0 of the API, it is possible to configure the plugin to apply these policies in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “Password Policies" section. - -At this stage, you can see 2 configurable sections: - -- Password generator default settings -- External services - -### Configuring the default password generators - -With this part, the password generator settings can be changed such that it becomes the default configuration when users generate a new secret or the default configuration set when they need to customize the generation of a secret. -The UI is composed in 3 parts: - -- the default used generator: password or passphrase -- a togglable pannel to configure in details the password generator -- a togglable pannel to configure in details the passphrase generator - -{% include articles/figure.html -url="/assets/img/help/2023/09/password-generator-settings.png" -legend="Default password generator settings" -width="450px" -%} - -#### Configuring the password generator - -To configure the password generator in details, open the configuration panel by clicking on "Passwords settings". Then you can see an interface close to the password generator configuration. -From there you can change: - -- the default length of the generated password -- the default set of characters that the password generator should use. -- if the set of characters should use or not similar characters - -To help administrators to have an idea of the strength of the generated password, an entropy bar is displayed on the top of the togglable panel. - -{% include messages/warning.html -content="Most generated password strength match the entropy displayed but notice that some generated password strength might be a bit lower than that." -%} - -{% include articles/figure.html -url="/assets/img/help/2023/09/passphrase-generator-settings.png" -legend="Default passphrase generator settings" -width="450px" -%} - -#### Configuring the passphrase generator - -To configure the passphrase generator in details, open the configuration panel by clicking on "Passphrase settings". Then you can see an interface close to the passphrase generator configuration. -From there you can change: - -- the default number of words to generate -- the default words separator to use -- the default word case to use during passphrase generation - -To help administrators to have an idea of the strength of the generated passphrase, an entropy bar is displayed on the top of the togglable panel. All generated passphrase strength match the entropy displayed. - -### Configuring the external dictionary check - -This option allows the administrators to choose rather if a secret should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user to inform them that the current secret could be leaked in a database but their Passbolt application cannot verify that. - -On the contrary, if the option is enabled, requests are made to an external service to check if the current secret is known in some data breach (notice that a hash of the secret is sent to the external service and not the secret itself). -In case of a secret leaked, the user is informed via a warning message. - -These warning messages are shown: - -- on the resource creation -- on the resource modification -- on the generation of an Organisation Recovery Kit - -{% include messages/warning.html -content="Notice that these external checks are **not** done when a user is importing a set of passwords." -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-06-13-configure-role-based-access-control.md b/_posts/configure/2023-06-13-configure-role-based-access-control.md deleted file mode 100644 index 961db7b38..000000000 --- a/_posts/configure/2023-06-13-configure-role-based-access-control.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to configure Role-Based Access Control -date: 2023-07-05 00:00:00 Z -card_title: How to configure Role-Based Access Control -icon: fa-cogs -categories: [configure] -sidebar: configure -layout: default -slug: rbac -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Since version 4.1.0, all editions of passbolt support Role-Based Access Control. - -{% include articles/figure.html -url="/assets/img/help/2023/06/rbac.png" -legend="Role-Based Access Control" -width="850px" -%} - -## Requirements - -You can follow this procedure if you are meeting the following requirements: - -- You are running passbolt >= v4.1.0. -- You have an active administrator account. - -## How does it work? - -RBAC is a feature introduced that as for aim to restrict the access of functionalities to users. - -According to the administrator choices, users can be restricted to some functionalities. The administrator has only to chose between allow or deny options for the functionalities. - -## RBAC - -In order to configure RBAC for your organisation, go to administration setting workspace *Administration* > *Role-Based Access Control*. - -### Choose to restrict or not a functionality - -By default, all functionalities are allowed. To deny one select and restrict the one that suits best your organization. - -{% include articles/figure.html -url="/assets/img/help/2023/06/rbac-select-permission.png" -legend="RBAC administration settings select permission" -width="550px" -%} - -### Apply the changes - -Once the RBAC is configured as you wish, you can apply the changes. Click on the “save settings” button. - -{% include articles/figure.html -url="/assets/img/help/2023/06/rbac-save.png" -legend="RBAC administration settings save changes" -width="550px" -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-09-12-configure-user-passphrase-policies.md b/_posts/configure/2023-09-12-configure-user-passphrase-policies.md deleted file mode 100644 index 0f94c2eaf..000000000 --- a/_posts/configure/2023-09-12-configure-user-passphrase-policies.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: How to configure User Passphrase Policies -date: 2023-09-13 00:00:00 Z -card_title: How to configure User Passphrase Policies -card_teaser: Define minimal user's passphrase minimal strength required -icon: fa-brands fa-google -categories: [configure] -sidebar: configure -layout: default -slug: user-passphrase-policies -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/notice.html -content="**Attention**: This feature is only available in Passbolt Pro Edition." -%} - -Since version 4.3.0, Passbolt Pro Edition supports User Passphrase Policies. - -{% include articles/figure.html -url="/assets/img/help/2023/09/passbolt-user-passphrase-policies.png" -legend="Passbolt GUI - User Passphrase Policies administration" -%} - -## How does it work? - -User Passphrase Policies allows administrators to configure minimal strength requirements for the users' private key passphrase. -When defining a new passphrase, users have to find a passphrase that matches these policies. - -Also, it allows to choose rather or not if a user's passphrase should be check against an external service to know if it has been leaked or not. - -## How to configure the plugin? - -The plugin is enabled by default and since the version 4.3.0 of the browser extension, Passbolt uses this new User Passphrase Policies feature in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “User Passphrase Policies" section. - -At this stage, you can see 2 configurable sections: - -- User passphrase minimal entropy -- External password dictionary check - -### User passphrase minimal entropy - -This section allows administrators to choose among a preset of minimal entropy a user's private key passphrase needs to match. -It concerns only the passphrase of the users' private key and not the secret generated for the creation of a new password for instance (to change the secret generation behaviour, please refer to the Password Policies configuration page). - -As a consequence when a user has to define a passphrase, it will be required that the passphrase strength matches the minimal entropy set. In other words the strength of the passphrase will have to fit the requirements when: - -- a user is changing its private key passphrase -- a user is defining a new passphrase during the account recovery process -- a user is defining a passphrase during the creation of its Passbolt account - -Notice that on some cases, passphrases does not have to match this requirements but instead the minimal entropy is shown as a recommendation. It's the case when users import an already existing GPG private key, so when: - -- a user is recovering its account using its recovery kit -- a user is creating a new account and imports its own encrypted GPG key - -{% include articles/figure.html -url="/assets/img/help/2023/09/passbolt-user-passphrase-policies_setup.png" -legend="Passbolt GUI - Setup process with User Passphrase Policies" -width="423px" -%} - -### External password dictionary check - -This option allows the administrators to choose rather if a passphrase a user is typing should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user that their passphrase could be leaked in a database but their Passbolt application cannot verify that. - -On the contrary, if the option is enabled, requests are made to an external service to check if the currently typed passphrase is known in some data breach (notice that a hash of the passphrase is sent to the external service and not the passphrase itself). -In case of the passphrase being known in data breach the user will be informed via a warning message. - -This feature impacts the behaviour of the application by: - -- blocking processes if the minimal entropy is required (not just recommended) in that process and the currently typed passphrase is leaked in a database -- not blocking processes if the minimal entropy is recommended (not required) -- not blocking processes if the external service cannot be called for any reason regardless of the minimal entropy being a requirement or a recommendation - -{% include articles/figure.html -url="/assets/img/help/2023/09/passbolt-user-passphrase-policies_leaked.png" -legend="Passbolt GUI - Setup process with a leaked password" -width="423px" -%} diff --git a/_posts/configure/2023-10-04-create-totp.md b/_posts/configure/2023-10-04-create-totp.md deleted file mode 100644 index 553143304..000000000 --- a/_posts/configure/2023-10-04-create-totp.md +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: How to create a TOTP -date: 2023-10-04 00:00:00 Z -card_title: How to create a TOTP with Mobile -card_teaser: How to configure passbolt mobile application to create a TOTP -description: -icon: fa-key -categories: [configure, totp] -sidebar: configure -layout: default -slug: time-based-one-time-password-mobile -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password). - -TOTP is a mechanism that generates a unique and temporary password based on the current time. This dynamic code can be used on its own or in combination with a static password, offering an additional layer of security compared to traditional password-only systems. - -- [iOS](#ios) -- [Android](#android) - -### iOS -On the iOS application, there is a new section called "TOTP" -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_menu.png" -legend="iOS - Empty TOTP" -width="400px" -%} - -In order to create a new TOTP, you'd need to click on "Create" -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_creation.png" -legend="iOS - TOTP Creation" -width="400px" -%} -That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you'd need to create it manually. - -For the TOTP manual creation, you will have to fill three fields: -1. Name, which is the label of the resource -2. URL, which is the fullBaseUrl of the resource -3. Secret, the secret from the TOTP provider -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_manual_configuration.png" -legend="iOS - TOTP Configuration" -width="400px" -%} - -You do have the possibility to link this TOTP to an existing password but that's optional. You can also create a standalone TOTP instead. -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_linked_to_password.png" -legend="iOS - Link TOTP to an existing password" -width="400px" -%} - -There is also an advanced settings part in order to adjust the **expiry, length and algorithm** -{% include messages/warning.html -content="**WARNING:** Advanced settings have to match the TOTP provider settings otherwise it won't work." -%} -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_advanced_settings.png" -legend="iOS - TOTP Advanced Settings" -width="400px" -%} - -Once created, you will see a success message "TOTP has been created." then you will be able to preview the TOTP code when you need it. -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_code_preview.png" -legend="iOS - TOTP Preview" -width="400px" -%} - -### Android -On the Android application, there will be a new section called "TOTP" -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_empty_totp.jpg" -legend="Android - Empty TOTP" -width="400px" -%} - -In order to create a new TOTP, you'd need to click on "+" icon -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_creation.jpg" -legend="Android - TOTP Creation" -width="400px" -%} -That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you'd need to create it manually. - -For the TOTP manual creation, you will have to fill three fields: -1. Name, which is the label of the resource -2. URL, which is the fullBaseUrl of the resource -3. Secret, the secret from the TOTP provider -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_configuration.jpg" -legend="Android - TOTP Configuration" -width="400px" -%} - -You do have the possibility to link this TOTP to an existing password but that's optional. You can also create a standalone TOTP instead. -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_link_to_password.jpg" -legend="Android - Link TOTP to an existing password" -width="400px" -%} - -There is also an advanced settings part in order to adjust the **expiry, length and algorithm** -{% include messages/warning.html -content="**WARNING:** Advanced settings have to match the TOTP provider settings otherwise it won't work." -%} -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_advanced_settings.jpg" -legend="Android - TOTP Advanced Settings" -width="400px" -%} - -Once created, you will see a success message then you will be able to preview the TOTP code when you need it. -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_android_code_preview.jpg" -legend="Android - TOTP Preview" -width="400px" -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/community.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-10-04-preview-totp-ui.md b/_posts/configure/2023-10-04-preview-totp-ui.md deleted file mode 100644 index 576f93dfe..000000000 --- a/_posts/configure/2023-10-04-preview-totp-ui.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to preview a TOTP -date: 2023-10-04 00:00:00 Z -card_title: How to preview a TOTP on the Web UI -card_teaser: How to preview a TOTP on the web interface -description: -icon: fa-eye -categories: [configure, totp] -sidebar: configure -layout: default -slug: time-based-one-time-password-ui -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password) via [Mobile](/configure/totp/time-based-one-time-password-mobile.html). However, it is still possible to preview those TOTP from the Web UI - -{% include articles/figure.html -url="/assets/img/help/2023/10/totp_web_preview.png" -legend="Web UI - Preview TOTP" -width="850px" -%} - -There are two types of TOTP: -- Standalone - - That is the **Passbolt Community TOTP** resource, this is not linked to any passwords. -- Linked to an existing password - - The resource **Passbolt** was existing before the creation of the TOTP and has been linked to it. - -From the Web UI, you are able to preview any TOTP shown in the column "TOTP" - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/community.html %} - -{% include layout/row_end.html %} \ No newline at end of file diff --git a/_posts/configure/2023-11-29-ldap-filters.md b/_posts/configure/2023-11-29-ldap-filters.md deleted file mode 100644 index 56e4d89d8..000000000 --- a/_posts/configure/2023-11-29-ldap-filters.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Using LDAP Filters -date: 2023-11-30 00:00:00 Z -description: How to use the filters to configure your Users Directory -icon: fa-address-book-o -categories: [configure,ldap] -sidebar: configure -layout: default -slug: ldap-filters -permalink: /:categories/:slug.html ---- -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** The Ldap plugin is part of [Passbolt Pro](https://www.passbolt.com/pricing/pro) only and is not available in the Community Edition." -%} - -## Introduction -As part of the Users Directory feature passbolt offers two ways to help filter your Active Directory/OpenLDAP users and groups so you have more control over which users and groups are synchronized. This page will go over how to use both of these options. - -## Groups & Users Parent Group -One of the options for filtering users and groups is to use the Groups Parent Group or the Users Parent Group option. This can be found under the Synchronization options section of the Users Directory configuration page. - -{% include articles/figure.html - url="/assets/img/help/2023/11/LDAP_parent_group.png" - legend="Ldap settings parent group fields" - width="660px" - alt="ldap parent group" -%} - -This option will allow you to specify a Parent Group for your users or groups. Passbolt will then only look for Users or Groups which are part of that Parent group and use those for synchronization. This is most useful if you have directory set up where the Users or Groups you want to synchronize are all under the same group. For this field you can use just the name of the group, for example: -- admins -- testers -- Passbolt_Users -- Passbolt Groups - -## Group & User custom filters -The other option we have is to use custom filters for users or groups. This can be found under the Directory configuration section of the Users Directory configuration page. - -{% include articles/figure.html - url="/assets/img/help/2023/11/LDAP_custom_filter.png" - legend="Ldap settings custom filter fields" - width="660px" - alt="ldap custom filter" -%} -These fields will accept standard LDAP query syntax. This is useful if you need just a few groups/users or wish to exclude one which may have normally been synchronized. These fields provide more flexibility when interacting with more complicated directory structures. Some examples of the expected syntax are: - -- `(memberof=cn=somegroup)` - - This would be for the users filter for members of "somegroup" -- `(|(cn=admins)(cn=testers))` - - This would be for the groups "admins" or "testers" -- `(uid=*smith*)` - - This would be for any user with "smith" in their uid - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/configure/2023-12-21-windows-app.md b/_posts/configure/2023-12-21-windows-app.md deleted file mode 100644 index 4e07226fd..000000000 --- a/_posts/configure/2023-12-21-windows-app.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Using Windows App -date: 2023-11-30 00:00:00 Z -description: How to use the Windows App -icon: fa-address-book-o -categories: [configure] -sidebar: configure -layout: default -slug: windows-app -permalink: /:categories/:slug.html ---- -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Prerequisites - -{% include messages/warning.html - content="**Important:** The Windows application is currently in **BETA** mode. To use it, you need to enable the 'desktop' feature flag. This will allow all your users to access and configure the Passbolt desktop application from their user profiles" -%} - -This feature flag can be enabled through different methods: -* Docker: Set the environment variable `PASSBOLT_PLUGINS_DESKTOP_ENABLED` to true. - -* Configuration File: In `/etc/passbolt/passbolt.php`, add the following section: - -```php -return [ - "passbolt" => [ - "plugins" => [ - "desktop" => [ - "enabled" => true - ] - ] - ] -]; -``` - - -## How to download and install the application -Access the application by clicking on the link in your profile space. This [link](https://apps.microsoft.com/detail/9PFXS2WVKVPB?hl=en-US&gl=US){:target="_blank"} will redirect you to the Windows Store. - -{% include articles/figure.html - url="/assets/img/help/2023/12/desktop-app-profile.png" - legend="Home Desktop app page from profile" - width="660px" - alt="windows app home in profile" -%} - -## Import an existing passbolt account -To configure your account in the desktop application, you must transfer your private key from the browser extension to the desktop application. - -### Getting started -After installing the application, you will see instructions on how to download your account kit via the web application. By clicking the 'Next' button, you will be guided to the process for uploading your account kit. - -{% include articles/figure.html - url="/assets/img/help/2023/12/desktop-app-get-started.png" - legend="How to download account kit" - width="660px" - alt="How to download account kit" -%} - -### Upload your account kit - -{% include articles/figure.html - url="/assets/img/help/2023/12/desktop-app-import.png" - legend="Show account import page" - width="660px" - alt="Show account import page" -%} - -### Verify account kit -Once the account kit is successfully uploaded, your account information, including your username and the URL of the Passbolt server, will be displayed on the screen. - -Please review this information carefully before proceeding. If you find any discrepancies, you can return to the upload screen by clicking on 'Import another account'. - -{% include articles/figure.html - url="/assets/img/help/2023/12/desktop-app-import-verif.png" - legend="How to download account kit" - width="660px" - alt="How to download account kit" -%} - -Once your passphrase is validated, the setup of your account will be complete, and you will be able to access the password workspace. - -### How can I reset my windows application -To unlink an existing account and set up a new one, first download the current entries from the Credentials Manager. To do this, use the search bar to find 'Credential Manager' and select it. - -{% include articles/figure.html - url="/assets/img/help/2023/12/desktop-app-import-rename.png" - legend="Remove credentials in Windows Credential Manager" - width="660px" - alt="Remove credentials in Windows Credential Manager" -%} -To remove an existing account from the application, delete the 'account-metadata' and 'account-secret' entries. This action will reset the application, enabling you to import a new account. - -### Can I Use Windows Hello? -Currently, we do not support Windows Hello due to certain security concerns that are under review. We are investigating the most secure implementation methods and will inform you as soon as a plan is established. - -### How to Report Issues to Help Us Improve the Product -As mentioned earlier, the app is currently in beta and is primarily intended for reporting issues that you encounter while using it. To report issues, please visit the following link: Passbolt Community - Windows Application Developer Edition v0.5.0. - - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/extend/2017-01-20-tech-gpgauth.md b/_posts/extend/2017-01-20-tech-gpgauth.md deleted file mode 100644 index cf8d4392d..000000000 --- a/_posts/extend/2017-01-20-tech-gpgauth.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -title: Authentication in passbolt -date: 2017-01-20 00:00:00 Z -description: How does authentication work in passbolt? -category: tech -sidebar: hosting -layout: default -slug: auth -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Passbolt instead of a classic form based authentication perform a challenge based authentication based on OpenPGP -keys set during the setup. - -The aim of this document is to help explain how this authentication process works to facilitate review and -discussions as well as future integration with other products. - -Our goals were both to improve the security and usability of the overall solution, e.g. reuse the existing - OpenPGP facilities of passbolt to avoid having the user remember another password than their passphrase. - -## Form based authentication - -While some web application today defer to another service such as Google or Facebook to handle the authentication, -most still support a form based authentication by default. - -The process goes as follow: - -{% include articles/figure.html - url="/assets/img/diagrams/sequence_diagram_form_authenticate.png" - legend="Sequence diagram of a form based authentication" -%} - -During the registration, the password is sent (ideally over HTTPS) to the server. This password is then salted -and hashed using bcrypt (or equivalent) and stored for further use by the server. A salt known only by this -application instance is used to prevent brute force in case the password’s hashes get leaked (via a sql injection -for example). - -During login is sent in a similar fashion than the setup, the server hash it and compare it with the stored -version. If they match the server store a session token that is send back as a cookie (or url parameter) and -set on the client side. This cookie is produced by the client for each requests for the duration of the session -(until the cookie expires, the user logout or the server terminate the session). - -### The problem with the form based approach - -The main issue is one of usability. Using this approach for passbolt would mean that a user would need to -remember another password on top of their private key password. This negates the benefits of having a password manager. - -We would also store the password in the authentication plugin. But this would complicate our requirements as it -would introduce the need for passbolt user account password creation, update and recovery. - -Another big issue is the inability for the user to reset their password using an email verification, in case the -password to the email client is stored in passbolt. - -Other issues are not specific to passbolt but still worth trying to fix with with another approach: - -* **Phishing**: it is possible for an attacker to mimic the passbolt login page and trick a user into entering -their credentials. Traditional form based authentication do not perform server identity verification: it is the -responsibility of the user to verify if the URL is correct and SSL certificates are valid. -* **Password quality**: password fatigue generally leads to password reuse, poor rotation and weak strength. -Validation can be implemented server side to improve password quality but only by placing an additional burden -on the user. - -# GPGAuth based authentication - -This process will follow the gpgAuth protocol. This authentication mechanism uses Public/Private keys to authenticate users to a web application. The process works by the two-way exchange of encrypted and signed tokens between the user and the service. - -The authentication process is as follow: - -{% include articles/figure.html - url="/assets/img/diagrams/sequence_diagram_gpg_authenticate.png" - legend="Sequence diagram of a GPGAuth based authentication" -%} - -### Verify steps - -1. The client generates an encrypted token of random data (encrypted with the server public key), and stores -the unencrypted version locally. -2. That encrypted token is sent to the server along with the user key fingerprint. -3. Based on the user key fingerprint the server check if the user exist and is active. If it is the case the -server decrypts the nonce and check if it is in the valid format. -4. The server sends back the decrypted nonce. -5. The client check if the nonce match the previously recorded one. If it does not match the client warns the -user that the server identity cannot be verified. - -{% capture warning_content %}This server identity verification should not be understood as an end to end server authentication, - e.g. it does not protect against an attacker performing a man in the middle attack. View the discussion - around this topic on the - [community forum](https://community.passbolt.com/t/is-the-gpgauth-server-key-verification-a-placebo/212/2). -{% endcapture %} -{% include messages/warning.html content=warning_content %} - -### Login steps - -1. The user sends their key fingerprint. -2. The server checks to see if the fingerprint and user associated with are valid. It then generates an -encrypted token of random data, and stores the unencrypted version locally. -3. The server sends the unencrypted signed user token, and the encrypted server token to the user. -4. The user enter their private key passphrase, the client decrypt the nonce and check the token format. -5. The client send back the decrypted nonce along with the user key fingerprint. -6. The server compares the un-encrypted signed token sent from the client to make sure it matches. If the -server is satisfied, the authentication is completed as with a normal form based login: session is started. - -### Notes and remarks - -* As per protocol definition the server key verification steps are optional but recommended all our client -enforce it by default. -* We decided to stick to the historical version of the protocol for now, but in the future we may try to reduce -the number of HTTP request: e.g. currently one can not request nonce1 in the verify step. So with the verify -step a total of 3 POST are needed. The whole protocol could probably be simplified to single GET/POST roundtrip, -like for form based auth. -* There is also an optional "step 0" where the user perform a GET /auth/verify request. -This can be used to get the URLs of the server public key and server verification, or to view the public key -advertised by the server. - -### Benefits - -On top of the usability benefit of not having to remember an additional password we note the following additional benefits are made available: - -* **Phishing:** this risk is mitigated because the client does not enter a password, e.g. getting the secret key -passphrase alone would not allow an attacker to login. Since the client can verify the server identity based on -server key (manually added to the keyring), it is not enough for an attacker to fake a form and domain. -* **Password quality**: the strength of the authentication token is stronger than a classic password, since a -different “password” is also used every time and is not linked the private key master password complexity. - -### Residual risks and drawbacks - -There are still risks with the chosen solution: - -* **Server: integrity and verification of client public key validity.** A server could be tricked into storing the -wrong client public key. To prevent this the server must check the validity automatically via OpenPGP web of trust -and/or by checking against public key servers and/or there must be a manual check by an administrator. This check -is not in place at the moment. -* **Server: DDOS**. Since encrypt / sign operations are more costly than the password hashing operations in a -“normal” form based login, these endpoints could potentially be used to create a denial of service. To mitigate -that risks we throttle attempts, e.g. limit the number of attempt over time. This check is not in place at the moment. -* **Server: information leak about user base**. An attacker can find out if a user have an account on the server -by requesting an encrypted nonce and receiving an error. We also leak information in the header to improve usability -and provide better error messages: for example to tell a user that their account was delete for example. -* **Client: integrity and verification of server public key.** The client could be tricked into storing invalid -server key. To prevent this the client must check the validity (as in previous case) during the setup. Similarly -during the setup the client must also check domain / key mapping in case someone is creating a real key with a -fake but very similar domain url. This is implemented at the moment, but could certainly be improved as the end -user can still make a mistake and not check properly. -* **Client/Server: the client/server can be tricked into decrypting** and returning/signing wrong data, for -example an email previously captured by an attacker. To mitigate this the encrypted format message is fixed -(e.g. a UUID) and signed by the server. -* **Client: the authentication cookie can be stolen if SSL can be broken.** This is not specific to this -authentication method, as form authentication is also vulnerable to this class of attack. -* **Both: Key revocation and expiracy.** There is no facility at the moment to replace and revoke keys. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/gpgauth.html %} -{% include aside/message.html %} -{% include layout/row_end.html %} \ No newline at end of file diff --git a/_posts/hosting/archived/backup/2017-06-15-hosting-backup-v1.md b/_posts/hosting/archived/backup/2017-06-15-hosting-backup-v1.md deleted file mode 100644 index 3a85e279a..000000000 --- a/_posts/hosting/archived/backup/2017-06-15-hosting-backup-v1.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Backing up a passbolt installation (v1) -date: 2017-06-15 00:00:00 Z -card_teaser: Backing up a from source passbolt installation -card_title: From source (v1) -icon: fa-download -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: backup-v1 -archived: true -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include hosting/backup/backup_intro.md %} - -#### 1. The database - -This can be easily scripted using [mysqldump](https://mariadb.com/kb/en/mariadb/mysqldump/) for example: -```bash -mysqldump -u[user] -p[pass] db > /path/to/backup.sql -``` - -#### 2. The avatars - -The images in `app/webroot/img/public` also need to be backed up, otherwise profile images will be lost. - -#### 3. The server public and private keys -```bash -gpg --export-secret-key -a "passbolt user" > private.key -``` -#### 4. The application configuration - -The files located in `app/Config` such as core.php, app.php, email.php, database.php. It is optional, but it can save you some time if you need to rebuild a new instance. - -{% include hosting/backup/backup_collaborators_keys.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This article is for passbolt v1, make sure you check the newest version of this article if you are using a more recent version." - link="/hosting/backup" - ask="See latest version" -%} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/backup/2021-02-10-debian-package-backup.md b/_posts/hosting/archived/backup/2021-02-10-debian-package-backup.md deleted file mode 100644 index e0b9c715e..000000000 --- a/_posts/hosting/archived/backup/2021-02-10-debian-package-backup.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Debian package -date: 2021-02-10 00:00:00 Z -card_teaser: Backing up a debian package passbolt installation -card_title: Debian package -icon: fa-download -card_position: 2 -archived: true -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '10' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/backup/backup_package_full_page.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} - - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/backup/2021-09-16-ubuntu-package-backup.md b/_posts/hosting/archived/backup/2021-09-16-ubuntu-package-backup.md deleted file mode 100644 index 0ebd9b271..000000000 --- a/_posts/hosting/archived/backup/2021-09-16-ubuntu-package-backup.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Ubuntu package -date: 2021-09-16 00:00:00 Z -card_teaser: Backing up an ubuntu package passbolt installation -card_title: Ubuntu package -icon: fa-download -card_position: 3 -archived: true -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '20.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/backup/backup_package_full_page.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} - - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2017-03-20-hosting-install-v1.md b/_posts/hosting/archived/installation/2017-03-20-hosting-install-v1.md deleted file mode 100644 index eef238cfb..000000000 --- a/_posts/hosting/archived/installation/2017-03-20-hosting-install-v1.md +++ /dev/null @@ -1,297 +0,0 @@ ---- -title: "Install passbolt API version 1" -date: 2017-03-20 00:00:00 Z -description: How to install passbolt version 1 on your server. -category: hosting -sidebar: hosting -layout: default -slug: install-v1 -archived: true -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Passbolt is reported to work on a large variety of operating system configurations. Therefore this help page is a generic guide that should work for most environments. - -If you run into any issues with your particular configuration, [please check the forum](https://community.passbolt.com/c/installation-issues). Maybe someone else has had your issue. If not, make a post and the community will try to help you. - -## Other community guides - -If you are looking for more system specific step by step guides please check out the following resources: - -* [Debian 8 "Jessy" with Apache, MariaDB and PHP 5 (by Passbolt)](https://medium.com/passbolt/passbolt-on-debian-8-71-from-scratch-4438dad18908) -* [CentOS 7 with Nginx, MariaDB and PHP7 (by Passbolt)](https://medium.com/passbolt/passbolt-on-centos-7-with-nginx-php7-fpm-mariadb-from-scratch-7b2a9b15f3a4) -* [CentOS 7 with Apache, MariaDB and PHP 7 (by Wobak)](https://wobak.github.io/Installing%20passbolt%20on%20CentOS%207.html) -* [FreeBSD 10.3, Apache, Mysql 5.7, PHP 5.6 (by Patpro)](https://www.patpro.net/blog/index.php/2016/09/22/3037-self-hosted-password-manager-installing-passbolt-on-freebsd/) -* [OpenBSD 6.1, Nginx, MariaDB, PHP 5.6/7.0 (by AuthBSD)](https://www.authbsd.com/blog/?p=60) - -## Environment setup and baseline requirements - -### Operating system - -We recommend you install passbolt on stable Unix-like operating system distributions such as Debian, Centos or FreeBSD. We have not tested passbolt on Windows (please do let us know if you tried). - -### Web server requirements - -* Apache or Nginx web server with SSL enabled. -* Pretty urls: with mod_rewrite [for apache](http://book.cakephp.org/2.0/en/installation/url-rewriting.html#apache-and-mod-rewrite-and-htaccess), and a site-available configuration [for nginx](http://book.cakephp.org/2.0/en/installation/url-rewriting.html#pretty-urls-on-nginx). - -### A word about SSL - -By default passbolt is configured to force SSL connections, which means that whoever tries to access your passbolt instance without an https connection will automatically be redirected to https. For this reason, if https is not enabled on your host at the time of the installation, passbolt will not be able to work. - -However, if you know what you are doing, and wish to disable https, you can change this setting by editing `/app/Config/app.php` and set the parameter `App.force_ssl` to false. Keep in mind that this setting will make your installation unsecure and should be used for development or testing only. - -### PHP requirements - -* PHP >= 5.4. -* Either one of these image manipulation libraries (to manipulate avatars): - * [GD2](http://php.net/manual/en/book.image.php). - * [Imagick](http://php.net/manual/en/book.imagick.php). - * [Gmagick](http://php.net/manual/en/book.gmagick.php). -* [GnuPG](http://php.net/manual/en/gnupg.installation.php) for PHP: for key verification and authentication. -* PHP extensions (that may or may not come by default): PDO, intl, openssl, ctype, filter, hash, phar. - -#### The following PHP modules are greatly recommended: - -* [Memcached](http://php.net/manual/en/memcached.setup.php): to store sessions. If you are using memcached: json, session, pecl-memcached are also required as dependencies. - -### Database requirements - -{% include messages/warning.html - content="Currently passbolt only works with Mysql due to the view we use to check permissions. If you want to help us make it work on postgresql, do get in touch!" -%} - -* MySQL >= 5.0. - -## Generate the GPG server key - -The main [authentication method]() of passbolt is based on GPG. For this reason, it is required that you generate a GPG server key, and add it to the configuration. - -### Generate a new key -```bash -gpg --gen-key -``` - -Answer the few questions asked by GPG, and **do not enter a passphrase**. Due to limitations of PHP GnuPG, passbolt can not work with a key that has a passphrase. - -When key generation is complete, make sure you note down the key fingerprint. It is a 40 char in length string, displayed at the end of the command output. For example: -```bash -pub 4096R/573EE67E 2015-10-26 [expires: 2019-10-26] - Key fingerprint = 2FC8 9458 33C5 1946 E937 F9FE D47B 0811 573E E67E -uid Passbolt Server Test Key -``` -### Export the newly created key - -Export the public and private key -```bash -gpg --armor --export-secret-keys your_email@domain.com > /var/www/passbolt/app/Config/gpg/private.key -gpg --armor --export your_email@domain.com > /var/www/passbolt/app/Config/gpg/public.key -``` -Store both these files in a secure location on the server. They should be accessible by the web server user. In this example, we are storing them in the Config directory of passbolt. - -## Get the code - -Get the passbolt code from the [github repository](https://github.com/passbolt/passbolt): -```bash -git clone https://github.com/passbolt/passbolt.git -``` -## Set the file permissions - -Make sure the `app/tmp` and `app/webroot/img/public` are writable by the webserver user (www-data or similar). -```bash -chmod +w -R app/tmp -chmod +w app/webroot/img/public -``` -## Configure the php application - -The configuration of your passbolt instance is a crucial step to make it work as per your needs and to ensure an optimal level of security. Pay a close attention to the steps described below. - -### core.php (core settings) - -The CakePHP core configuration file (located in `app/Config/core.php`) is the base configuration file. It contains the settings that determine the application behavior (debug mode, cache, sessions, etc..). - -Copy the default core configuration file: -```bash -cp app/Config/core.php.default app/Config/core.php -``` -However, you need to modify the cypherseed and salt. Passbolt do not actually use these, but it is part of the standard Cakephp installation to change these values. -```php -Configure::write('Security.salt', 'put your own salt here'); -Configure::write('Security.cipherSeed', 'put your own cipher seed here'); -``` -Also for images that are sent in emails to work, we need to tell cakephp what is the base url. To fix this, uncomment and edit this line in `app/Config/core.php`: -```php -Configure::write('App.fullBaseUrl', 'http://{your domain without slash}'); -``` -The rest of the default version of core.php is good enough to be used as it is. - -### database.php (database connection settings) - -The database configuration file (located in `app/Config/database.php`) file contains the database connection settings. - -Copy the default database configuration file : -```bash -cp app/Config/database.php.default app/Config/database.php -``` - -Then edit it. You will need to provide the name of your database, the username and password of the mysql user that passbolt can use to connect. For example: - -```php -public $default = array( - 'datasource' => 'Database/Mysql', - 'persistent' => false, - 'host' => 'localhost', - 'login' => 'username', - 'password' => 'password', - 'database' => 'passbolt' -); -``` -### app.php (application settings) - -The passbolt application configuration (located in `app/Config/app.php`) contains the application settings. Copy the app.php.default configuration file to create one for your instance: -```bash -cp app/Config/app.php.default app/Config/app.php -``` - -You will need to specify the details of the GPG servery key, e.g. the location of the public and private key and the fingerprint. You also need to make sure that the webserver can access the gpg keyring. You can either add set it manually with `$GNUPGHOME` or in your config as follow: -```php -$config = [ - 'GPG' => [ - 'env' => [ - 'setenv' => true, - 'home' => '/usr/share/httpd/.gnupg' - ], - 'serverKey' => [ - 'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67D', - 'public' => APP . 'Config' . DS . 'gpg' . DS . 'public.key', - 'private' => APP . 'Config' . DS . 'gpg' . DS . 'private.key', - - ] - ] -] -``` -The default file is good to be used as it is. However, you might want to look at these interesting options : - -* **App.ssl.force** (true or false, default: true): Defines if passbolt should force ssl connections. -* **App.registration.public** (true or false, default: true): Defines if users can self register, or if only the administrator can create new accounts. -* **App.meta.robots.index** (true or false, default: false): Defines if you want search engines to find and index your instance. -* **App.selenium.active** (true or false, default:false): Do not change this to true unless you want to run the [selenium tests](https://github.com/passbolt/passbolt_selenium). It is to be used in development environment only, and setting this option to true will compromise the security of your installation. - -### email.php (email settings) - -The `app/Config/email.php` configuration file defines your email settings to enable passbolt send emails to the world. Make sure you provide the correct settings. Without this, passbolt will not be able to send notifications email. -```php -public $default = array( - 'transport' => 'Smtp', - 'from' => array('passbolt@yourdomain.com' => 'Passbolt'), - 'host' => 'smtp.yourserver.com', - 'port' => 587, - 'timeout' => 30, - 'username' => 'your@email.com', - 'password' => 'password', -); -``` -You only need to modify the default variable, and leave the other sections of this file alone. - -## Run the install script - -The configuration is all set! We can now install passbolt. - -Passbolt can be installed via a command line installation script. -```bash -app/Console/cake install --no-admin -``` -In this command, we also mention that we do not want a default administrator. We will create one explicitely at the next step. - -**Note :** To avoid any permission issues, mostly with the keyring, it is recommended to execute the PHP cli with the webserver rights. For instance: -```bash -su -s /bin/bash -c "app/Console/cake install --no-admin" www-data -``` -### Create the first admin account - -An admin user will be able to manage the other users on passbolt. You will need at least one: -```bash -app/Console/cake passbolt register_user -u me@domain.com -f myFirtsname -l myLastname -r admin -``` -After the admin user creation, the command line tool will give you a setup link which will also be sent to you by email (if your emails are properly configured). Follow the link given to setup your account. - -## Enabling emails - -Emails are placed in a queue that needs to be processed by a CakePhp Shell. You can add a cron call to the script so the emails will be sent every minute. Add the following line to you crontab: -```bash - * * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log -``` -And you are done! - -# Troubleshooting - -The healthcheck is a tool that can help you identify what are the problems with your install. It is accessible from the command line: -```bash -./app/Console/cake passbolt healthcheck -``` -When the application is on debug mode (or if you are logged in as an administrator), a simplified dashboard version is also accessible directly in the browser at the url : /healthcheck - -{% include articles/figure.html - url="/assets/img/screenshots/AD_healthcheck.jpg" - legend="example /healthcheck screen" -%} - -You will find below a list of common errors, and how to solve them. - -### I get the error GPG Keyring is not available or not writable at install - -It is possible that your `$GNUPGHOME` is not set or not available to either the php CLI or Apache users thus causing a segmentation fault. - -* Check `app/Config/app.php`. If you don't have ssh access, it can be set at run time with `GPG.env.home` variable. -* Make sure the directory is accessible and writable for the PHP CLI and Apache users. - -It is commonly solved by executing this command: -```bash -chown -R www-data:www-data /home/www-data/.gnupg -``` -### I get an error saying the GPG Server key defined in the config is not found - -If you are running passbolt on FreeBSD make sure the `$PATH` for the www user include `/usr/local/{s,}bin`. Otherwise Apache won't be able to find the gpg modules. Something like this should do: -```bash -PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin -``` -### I get the error that the GPG key fingerprint is not found in the keyring - -It is possible that the keyring location specified by the app.php is not writable for the web application, or that you made a mistake in specifying $GNUPGHOME. You can check if the fingerprint exist in a given keyring for a given user as follow. -```bash -sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /home/www-data/.gnupg" www-data | grep -i -B 2 'Passbolt Server' -pub 4096R/573EE67E 2015-10-26 [expires: 2019-10-26] - Key fingerprint = 2FC8 9458 33C5 1946 E937 F9FE D47B 0811 573E E67E -uid Passbolt Server Test Key -``` -### At the end of the setup I get an error saying "Invalid request method, should be PUT" - -Make sure your webserver config is not rewriting the PUT method to POST. See. [Issue #52](https://github.com/passbolt/passbolt_api/issues/52). - -### Passbolt emails are not being sent by GMail - -If you have two step verification enabled on your google account you will need to create an App Password. See. [Issue #51](https://github.com/passbolt/passbolt_api/issues/51). - -### When trying to login I'm stuck on "loading, please wait" - -This can indicate that the fullBaseUrl is not set right in the app/Config/core.php, like the url is correct but not the SSL scheme (e.g. http instead of https). See. [Issue #47](https://github.com/passbolt/passbolt_api/issues/47). - -### Last updated - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This article is about passbolt v1 and is kept for archival. Please install passbolt version 2 instead." - link="/hosting/install" - ask="Install passbolt version 2" -%} - - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-04-04-hosting-install-scripts-pro.md b/_posts/hosting/archived/installation/2018-04-04-hosting-install-scripts-pro.md deleted file mode 100644 index 6035ce5a0..000000000 --- a/_posts/hosting/archived/installation/2018-04-04-hosting-install-scripts-pro.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Install Passbolt Pro -date: 2018-11-13 00:00:00 Z -description: Install Passbolt Pro -icon: fa-server -categories: [hosting,install,pro] -archived: true -sidebar: hosting -layout: default -slug: install-scripts -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -### Choose the guide corresponding to your distribution -- Debian 9: [https://www.passbolt.com/hosting/install/pro/debian-9-stretch.html](/hosting/install/pro/debian-9-stretch.html) -- Centos 7: [https://www.passbolt.com/hosting/install/pro/centos-7.html](/hosting/install/pro/centos-7.html) -- Ubuntu 18.04: [https://www.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html](/hosting/install/pro/ubuntu-18-04-bionic-beaver.html) - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-centos-7.md b/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-centos-7.md deleted file mode 100644 index d5175d8b3..000000000 --- a/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-centos-7.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install Passbolt CE on CentOS 7 -date: 2018-11-13 00:00:00 Z -description: How to install Passbolt CE on CentOS 7 -card_title: CentOS 7 -card_teaser: Step by step guide to install passbolt CE on CentOS 7 -card_position: 3 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -archived: true -layout: default -slug: CentOS 7 -permalink: hosting/install/ce/centos-7-from-source.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionSlug = 'centos-7' %} -{% assign distributionLabel = 'CentOS 7' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include aside/ce-install-pro-cta.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-debian-9.md b/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-debian-9.md deleted file mode 100644 index a7d69e055..000000000 --- a/_posts/hosting/archived/installation/2018-04-18-hosting-install-ce-debian-9.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Install Passbolt CE on Debian 9 (Stretch) -date: 2018-11-13 00:00:00 Z -description: How to install Passbolt CE on Debian 9 (Stretch) -card_title: Debian -card_teaser: Step by step guide to install passbolt CE on Debian 9 -card_position: 1 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: Debian 9 (Stretch) -archived: true -permalink: hosting/install/ce/debian-9-stretch.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '9' %} -{% assign distributionSlug = 'debian-9' %} -{% assign distributionLabel = 'Debian 9 (Stretch)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="Please note: This article is for an old version of debian, please consider upgrading." - link="https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html" - ask="How to upgrade debian" -%} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include aside/contribute.html %} - -{% include aside/ce-install-pro-cta.html %} - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-11-13-hosting-install-ce-ubuntu-18-04.md b/_posts/hosting/archived/installation/2018-11-13-hosting-install-ce-ubuntu-18-04.md deleted file mode 100644 index e561ebfb0..000000000 --- a/_posts/hosting/archived/installation/2018-11-13-hosting-install-ce-ubuntu-18-04.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install Passbolt CE on Ubuntu 18.04 (Bionic Beaver) -date: 2018-11-13 00:00:00 Z -description: How to install Passbolt CE on Ubuntu 18.04 (Bionic Beaver) -card_title: Ubuntu 18.04 -card_teaser: Step by step guide to install passbolt CE on Ubuntu 18.04 -card_position: 3 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -layout: default -archived: true -slug: Ubuntu 18.04 (Bionic Beaver) -permalink: hosting/install/ce/ubuntu-18-04-bionic-beaver.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionSlug = 'ubuntu-18.04' %} -{% assign distributionLabel = 'Ubuntu 18.04 (Bionic Beaver)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include aside/ce-install-pro-cta.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-centos-7.md b/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-centos-7.md deleted file mode 100644 index db35f80fb..000000000 --- a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-centos-7.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Install Passbolt Pro on CentOS 7 -date: 2018-11-13 00:00:00 Z -description: How to install Passbolt Pro on CentOS 7 -card_title: CentOS 7 -card_teaser: Step by step guide to install passbolt Pro on CentOS 7 -card_position: 3 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -archived: true -layout: default -slug: CentOS 7 -permalink: hosting/install/pro/centos-7-from-source.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionSlug = 'centos-7' %} -{% assign distributionLabel = 'CentOS 7' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-debian-9.md b/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-debian-9.md deleted file mode 100644 index 3c6ddb255..000000000 --- a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-debian-9.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Install Passbolt Pro on Debian 9 (Stretch) -date: 2019-08-09 00:00:00 Z -description: How to install Passbolt Pro on Debian 9 (Stretch) -card_title: Debian 9 guide -card_teaser: Step by step guide to install passbolt on Debian 9 -card_position: 2 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: Debian 9 (Stretch) -archived: true -permalink: hosting/install/pro/debian-9-stretch.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '9' %} -{% assign distributionSlug = 'debian-9' %} -{% assign distributionLabel = 'Debian 9 (Stretch)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-ubuntu-18-04.md b/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-ubuntu-18-04.md deleted file mode 100644 index 088d9f233..000000000 --- a/_posts/hosting/archived/installation/2018-11-13-hosting-install-pro-ubuntu-18-04.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Install Passbolt Pro on Ubuntu 18.04 (Bionic Beaver) -date: 2018-11-13 00:00:00 Z -description: How to install Passbolt Pro on Ubuntu 18.04 (Bionic Beaver) -card_title: Ubuntu 18.04 guide -card_teaser: Step by step guide to install passbolt Pro on Ubuntu 18.04 -card_position: 3 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -archived: true -slug: Ubuntu 18.04 (Bionic Beaver) -permalink: hosting/install/pro/ubuntu-18-04-bionic-beaver.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionSlug = 'ubuntu-18.04' %} -{% assign distributionLabel = 'Ubuntu 18.04 (Bionic Beaver)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/install.md column="7" %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2019-08-09-hosting-install-ce-debian-10.md b/_posts/hosting/archived/installation/2019-08-09-hosting-install-ce-debian-10.md deleted file mode 100644 index f35e576ae..000000000 --- a/_posts/hosting/archived/installation/2019-08-09-hosting-install-ce-debian-10.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Install Passbolt CE on Debian 10 (Buster) -date: 2021-11-22 00:00:00 Z -description: How to install Passbolt CE on Debian 10 (Buster) -card_title: Debian 10 guide -card_teaser: Step by step guide to install passbolt on Debian 10 -card_position: 1 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: Debian 10 (Buster) -archived: true -permalink: hosting/install/ce/debian-10-buster.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian-10' %} -{% assign distributionLabel = 'Debian 10 (Buster)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest Debian" - link="debian/debian.html" - ask="Read install manual" -%} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include aside/ce-install-pro-cta.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2019-08-09-hosting-install-pro-debian-10.md b/_posts/hosting/archived/installation/2019-08-09-hosting-install-pro-debian-10.md deleted file mode 100644 index 45b32a6bf..000000000 --- a/_posts/hosting/archived/installation/2019-08-09-hosting-install-pro-debian-10.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Install Passbolt Pro on Debian 10 (Buster) -date: 2021-11-22 00:00:00 Z -description: How to install Passbolt Pro on Debian 10 (Buster) -card_title: Debian 10 guide -card_teaser: Step by step guide to install passbolt on Debian 10 -card_position: 2 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: Debian 10 (Buster) -archived: true -permalink: hosting/install/pro/debian-10-buster.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = 'latest' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian-10' %} -{% assign distributionLabel = 'Debian 10 (Buster)' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest Debian" - link="debian/debian.html" - ask="Read install manual" -%} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-ce.md b/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-ce.md deleted file mode 100644 index 2d61e54d6..000000000 --- a/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-ce.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Install Passbolt CE on Ubuntu 20.04 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on Ubuntu 20.04 -card_title: Ubuntu 20.04 -card_teaser: Step by step guide to install passbolt CE on Ubuntu 20.04 -card_position: 2 -icon: fa-ubuntu -categories: [hosting,install,ce,ubuntu] -sidebar: hosting -layout: default -slug: ubuntu 20-04 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '20.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/community.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} - - diff --git a/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-pro.md b/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-pro.md deleted file mode 100644 index a7780f5c0..000000000 --- a/_posts/hosting/archived/installation/2021-02-11-hosting-install-ubuntu-20.04-pro.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Install Passbolt Pro on Ubuntu 20.04 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt Pro on Ubuntu 20.04 -card_title: Ubuntu 20.04 -card_teaser: Step by step guide to install passbolt Pro on Ubuntu 20.04 -card_position: 2 -icon: fa-ubuntu -categories: [hosting,install,pro,ubuntu] -sidebar: hosting -layout: default -archived: true -slug: ubuntu 20-04 -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '20.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} - diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-centos-8.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-centos-8.md deleted file mode 100644 index 97e9e1175..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-centos-8.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Install Passbolt CE on CentOS 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: CentOS 8 -card_teaser: Install passbolt CE on CentOS -card_position: 10 -icon: fa-centos -categories: [hosting,install,ce] -sidebar: hosting -layout: default -archived: true -slug: centos-8 -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Warning:** CentOS 8 is not one of our supported distributions. Please see our [install page](hosting/install) to see which distributions we support." -%} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-oraclelinux-7.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-oraclelinux-7.md deleted file mode 100644 index e2f8c8cbc..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-oraclelinux-7.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Install Passbolt CE on OracleLinux 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: OracleLinux 7 -card_teaser: Install passbolt CE on OracleLinux -card_position: 10 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: oraclelinux-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest OracleLinux" - link="oraclelinux.html" - ask="Read install manual" -%} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-redhat-7.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-redhat-7.md deleted file mode 100644 index 23da6db1f..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-ce-redhat-7.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Install Passbolt CE on Red Hat 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: Red Hat 7 -card_teaser: Install passbolt CE on Red Hat -card_position: 10 -icon: fa-server -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: redhat-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -distributionPackage -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest Red Hat" - link="redhat.html" - ask="Read install manual" -%} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-centos-8.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-centos-8.md deleted file mode 100644 index 6f8f7a159..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-centos-8.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Install Passbolt PRO on CentOS 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: CentOS 8 -card_teaser: Install passbolt PRO on CentOS -card_position: 10 -icon: fa-centos -categories: [hosting,install,pro] -sidebar: hosting -layout: default -archived: true -slug: centos-8 -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Warning:** CentOS 8 is not one of our supported distributions. Please see our [install page](/hosting/install) to see which distributions we support." -%} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-oraclelinux-7.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-oraclelinux-7.md deleted file mode 100644 index b5de80144..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-oraclelinux-7.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Install Passbolt PRO on OracleLinux 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: OracleLinux 7 -card_teaser: Install passbolt PRO on OracleLinux -card_position: 10 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: oraclelinux-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest OracleLinux" - link="oraclelinux.html" - ask="Read install manual" -%} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-redhat-7.md b/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-redhat-7.md deleted file mode 100644 index e6e19e59b..000000000 --- a/_posts/hosting/archived/installation/2021-11-24-hosting-install-pro-redhat-7.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Install Passbolt PRO on Red Hat 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: Red Hat 7 -card_teaser: Install passbolt PRO on Red Hat -card_position: 10 -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: redhat-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr warning" - content="This documentation is relative to an old distribution, please consider installing passbolt on the latest Red Hat" - link="redhat.html" - ask="Read install manual" -%} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/update/2017-01-20-hosting-update-v1.md b/_posts/hosting/archived/update/2017-01-20-hosting-update-v1.md deleted file mode 100644 index 16122526e..000000000 --- a/_posts/hosting/archived/update/2017-01-20-hosting-update-v1.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: Update passbolt server component (v1) -date: 2017-01-20 00:00:00 Z -description: How to update passbolt v1 on your server. -categories: [hosting, update] -card_teaser: Update passbolt instances installed with install scripts -card_title: Update passbolt v1 install scripts -icon: fa-server -sidebar: hosting -layout: default -slug: update-v1 -archived: true -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Which update process to follow? - -Each passbolt release follows the concept of [Semantic Versioning](http://www.semver.org). Given a version number MAJOR.MINOR.PATCH, we increment as follow: - -* **PATCH** version when we make backwards-compatible bug fixes. So let's say you are running passbolt v1.3.2 and the latest one available is v1.3.7 you will need to perform a patch update. -* **MINOR** version when we add functionality in a backwards-compatible manner. Similarly say you have passbolt v1.2.0 installed and the latest version available is v1.3.2, you will need to perform a minor version update. -* **MAJOR** version when incompatible API changes are made. You get the deal for major version update: that would mean going from v1.3.7 to v2.0.0 for example. - -{% include hosting/update/version-helper.md %} -{% include hosting/update/major-update.md %} - -## Minor update - -Every now and again some releases will introduce some database and/or configuration files changes. Here is a step by step guide on how to perform a minor update. - -#### 1. Take your site down -Create a temporary webserver configuration to redirect all the requests to a maintenance page. You can find resources how to do this online: [here is an example for apache](http://stackoverflow.com/questions/21709026/apache-enable-maintenance-mode-across-all-virtual-hosts) . - -#### 2. Get the latest release -```bash -$ git fetch -$ git checkout tags/v1.x.x -``` - -#### 3. Review the configuration files - -While we try to provide backward compatibility by providing safe fallbacks for new configuration files items, -it is recommended that you review your configuration files when the default changes. - -For example let's take the scenario where you are running v1.1.0 and you want to upgrade to v1.3.2. -We can check that both the app and core files have changed as follow: - -```bash -$ git diff --name-status v1.3.2 v1.1.0 | grep 'php.default' -M app/Config/app.php.default -M app/Config/core.php.default -``` - -#### 4. Make a backup of your database - -Prior to running a database migration script it is very important that you perform a backup, in case something -goes wrong. You can do this using mysqldump, with for example: - -```bash -$ mysqldump -u[user] -p[pass] db > /path/to/backup.sql -``` - -#### 5. Run the migration script - -To see if a database schema migration script is available you can run the following command: - -```bash -$ ./app/Console/cake Migrations.migration status -Cake Migration Shell ---------------------------------------------------------------- -Application - -Current version: - #1465367816 1465367816_Migration_1.1.0 -Latest version: - #1479926461 1479926461_Migration_1.3.0 ---------------------------------------------------------------- -``` - -In this case we can see that a migration is needed, so we run the following: - -```bash -$ ./app/Console/cake Migrations.migration run all -Cake Migration Shell ---------------------------------------------------------------- -Running migrations: - [1474629203] 1474629203_Migration_1.2.0 (2016-09-23 16:43:23) - > Changing field "uri" from table "resources". - - [1479926461] 1479926461_Migration_1.3.0 (2016-11-24 00:11:01) - -Allow sending anonymous usage statistics? (y/n) -[n] > y ---------------------------------------------------------------- -All migrations have completed. -``` - -As you can see above, the migration script for v1.2.0 will also be applied automatically. Sometimes also, -for example with the introduction of the anonymous usage statistics, the migration script can prompt you for input. - -#### 6. Put your site back online! - -As an administrator (or as any user in debug mode) you can go and check on the /healthcheck page to see if -your instance configuration is looking good. - -## Patch update - -Performing a patch update is the easiest. All you need to do is checkout the latest version. -```bash -$ git pull origin master -``` - -You can also checkout a specific version and use branches to switch versions. For example for version 1.0.9: - -```bash -$ git fetch --tags -$ git checkout tags/v1.0.9 -b tags/v1.0.9 -``` - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/update/2021-11-26-hosting-update-centos-7-package.md b/_posts/hosting/archived/update/2021-11-26-hosting-update-centos-7-package.md deleted file mode 100644 index 79c33fe61..000000000 --- a/_posts/hosting/archived/update/2021-11-26-hosting-update-centos-7-package.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Update passbolt on CentOS 7 -date: 2021-11-26 00:00:00 Z -description: How to update your server on CentOS 7. -categories: [hosting, update] -slug: centos-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionVersion = '7' %} -{% assign distributionPackage = 'yum' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr" - content="Your installation is not based on a debian package?" - link="/hosting/upgrade/ce/migrate-to-debian.html" - ask="Migrate passbolt to debian package" -%} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/update/2021-11-26-hosting-update-oraclelinux-7-package.md b/_posts/hosting/archived/update/2021-11-26-hosting-update-oraclelinux-7-package.md deleted file mode 100644 index eda879342..000000000 --- a/_posts/hosting/archived/update/2021-11-26-hosting-update-oraclelinux-7-package.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Update passbolt on OracleLinux 7 -date: 2021-11-26 00:00:00 Z -description: How to update your server on OracleLinux 7. -card_teaser: Guide for instances installed using OracleLinux package. -card_title: Update for OracleLinux 7 -card_position: 10 -icon: fa-server -categories: [hosting, update] -sidebar: hosting -layout: default -slug: oraclelinux-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionVersion = '7' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** This page has been depreciated, see the [Oracle Linux](oraclelinux) update page for instructions." -%} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/update/2021-11-26-hosting-update-redhat-7-package.md b/_posts/hosting/archived/update/2021-11-26-hosting-update-redhat-7-package.md deleted file mode 100644 index 8a580dbc6..000000000 --- a/_posts/hosting/archived/update/2021-11-26-hosting-update-redhat-7-package.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Update passbolt on Red Hat 7 -date: 2021-11-26 00:00:00 Z -description: How to update your server on Red Hat 7. -card_teaser: Guide for instances installed using Red Hat package. -card_title: Update for Red Hat 7 -card_position: 10 -icon: fa-server -categories: [hosting, update] -sidebar: hosting -layout: default -slug: redhat-7 -archived: true -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionVersion = '7' %} -{% assign distributionPackage = 'yum' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** This page has been depreciated, see the [Red Hat](redhat) update page for instructions." -%} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-03-14-hosting-upgrade-ce.md b/_posts/hosting/archived/upgrade/2018-03-14-hosting-upgrade-ce.md deleted file mode 100644 index 7fd30f24f..000000000 --- a/_posts/hosting/archived/upgrade/2018-03-14-hosting-upgrade-ce.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -title: Upgrade Passbolt CE from v1 to v2 -card_title: Upgrade from source -card_teaser: Upgrade from a version 1 source installation -icon: fa-server -date: 2018-03-14 00:00:00 Z -description: How to upgrade passbolt to version 2 -categories: [hosting,upgrade,ce] -sidebar: hosting -layout: default -slug: upgrade-ce -archived: true -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**WARNING** This involves outdated versions, v3.x is the current version. You will likely want to contact us at [contact@passbolt.com](mailto:contact@passbolt.com) for assistance with this. **WARNING**" -%} - -This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into passbolt CE v2.x. - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database." -%} - -## System requirements - -{% include hosting/v2-requirements.md %} - -## Upgrade with a new server - -Considering that the system requirements haved it may make sense for you to upgrade on a fresh server. -If that is what you want to do, copy the v1 [backup](/hosting/backup) files to your new server, import your passbolt -database into your new server and proceed like you were upgrading on the same server, with the process described below. - -## Upgrade from the same server - -In the following examples we assume you are running passbolt v1 using apache in the `/var/www/passbolt` -directory. You will need to replace these values with your local environment settings. - -### 1. Make sure you have the latest v1.x version -{% include hosting/upgrade/ce/v1/check-latest-version-installed.md %} - -### 2. Take your site offline -{% include hosting/upgrade/take-your-site-offline.md %} - -### 3. Download the v2 -{% include hosting/upgrade/pro/v2/download-and-replace-passbolt.md - repo_url="https://github.com/passbolt/passbolt_api.git" -%} - -### 4. Install the dependencies -{% include hosting/install/install-composer-dependencies.md %} - -### 5. Copy the avatar folder -{% include hosting/upgrade/ce/v2/copy-avatar-from-v1.md %} - -### 6. Copy the server gpg key -{% include hosting/upgrade/ce/v2/copy-server-gpg-from-v1.md %} - -### 7. Create a passbolt configuration file - -The name and values in the main configuration file have changed. Everything is now located in one file called -`config/passbolt.php`. Do not copy your v1 configuration files, instead you need to create a new one: - -```shell -/var/www/passbolt$ cp config/passbolt.default.php config/passbolt.php -/var/www/passbolt$ nano config/passbolt.php -``` - -Even if the format has changed the information needed are pretty much the same than v1. -You will need to set at least the following: -- Application full base url -- Database configuration -- Email settings -- Server OpenPGP key fingerprint. - -You can also set your configuration using environment variables. -Check `config/default.php` to get the names of the environment variables. - -### 8. Run the migration script - -The structure of the database changed in version 2. Make sure you run the following script to migrate your -data to the new format. - -```shell -/var/www/passbolt$ ./bin/cake passbolt migrate -``` - -Optionally you can also run the health check to see if everything is fine. - -```shell -$ sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data -``` - -### 9. Modify the cron job to send emails - -Modify the cronjob entry you had added for passbolt CE v1 : -``` -* * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log -``` - -into this one: -``` -* * * * * /var/www/passbolt/bin/cake EmailQueue.sender > /var/log/passbolt.log -``` - -### 10. Get your service back online - -Edit your apache or nginx to point to the new directory and bring your service back online. -```shell -$ nano /etc/apache2/sites-enabled/001-default.conf -$ service apache2 restart -``` - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/docker.html %} - -{% include aside/message.html - class="tldr" - content="Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!" - link="https://www.github.com/passbolt/passbolt_help" - ask="View on github" -%} - -{% include aside/message.html - class="tldr notice" - content="We highly recommend that you install https on your server. You can get a free SSL certificate with the let's encrypt initiative." - link="https://letsencrypt.org/" - ask="let's encrypt!" -%} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-v2.md b/_posts/hosting/archived/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-v2.md deleted file mode 100644 index 268207b51..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-v2.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Upgrade Passbolt from community edition v2 to Pro -card_title: From CE v2 (source) -card_teaser: Upgrade from community edition v2 to Pro -card_position: 7 -date: 2018-04-03 00:00:00 Z -description: Upgrade from CE v2 to Pro -icon: fa-server -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-v2 -permalink: /:categories/:slug.html -archived: true ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**WARNING** This involves an outdated version, v3.x is the current version. You will likely want to contact us at [contact@passbolt.com](mailto:contact@passbolt.com) for assistance with this. **WARNING**" -%} - - -This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro. - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database." -%} - -## System requirements -{% include hosting/v2-requirements.md %} - -## Upgrade to Passbolt Pro -In the following examples we assume you are running passbolt using apache in the `/var/www/passbolt` -directory. You will need to replace these values with your local environment settings. - -### 1. Take your site offline & install the required modules -{% include hosting/upgrade/take-your-site-offline.md %} - -If you are planning to use LDAP integration you will need to make sure the PHP extension for LDAP -is installed and enabled (for example: `apt-get install php-ldap`). Make sure you restart your webserver -when you add new PHP extensions (for example with: `sudo service restart php-fpm`). - -### 2. Download Passbolt Pro -{% include hosting/upgrade/pro/v2/download-and-replace-passbolt.md - repo_url="https://bitbucket.org/passbolt_pro/passbolt_pro_api.git" -%} - -### 3. Install the dependencies -{% include hosting/install/install-composer-dependencies.md %} - -### 4. Copy the avatar folder -```shell -/var/www/passbolt$ cp -R ../passbolt_old/webroot/img/public/* ./webroot/img/public/. -``` - -### 5. Configure Passbolt Pro -{% include hosting/install/pro/v2/install-with-webinstaller.md %} - -### 6. Your server is now ready to run passbolt - -Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in. - -## That's it! - -At this stage, Passbolt Pro should be working perfectly. - -Any issue? Do contact us on the [Passbolt Pro support](mailto:contact@passbolt.com) with the email provided during your purchase. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-new-server.md b/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-new-server.md deleted file mode 100644 index e016e6fb8..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-new-server.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Upgrade Passbolt from v1 to Pro on a new server -card_title: From v1 (new server) -card_teaser: Upgrade from v1 to Pro on a new server -date: 2018-04-09 00:00:00 Z -description: Upgrade from Passbolt v1 to Pro on a new server -icon: fa-server -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -archived: true -slug: upgrade-pro-from-ce-v1-new-server -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -This tutorial will be available soon. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-same-server.md b/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-same-server.md deleted file mode 100644 index 931580ced..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce-v1-same-server.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Upgrade Passbolt from v1 to Pro on the same server -card_title: From v1 (same machine) -card_teaser: Upgrade from v1 to Pro on the same server -date: 2018-04-09 00:00:00 Z -description: Upgrade from Passbolt v1 to Pro on the same server -icon: fa-server -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -archived: true -slug: upgrade-pro-from-ce-v1-same-server -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**WARNING** This involves an outdated version, v3.x is the current version. You will likely want to contact us at [contact@passbolt.com](mailto:contact@passbolt.com) for assistance with this. **WARNING**" -%} - - -This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into Passbolt Pro on -the same server. - -If you want to use a new server, [follow this link](/hosting/upgrade/pro/upgrade-ce-v1-to-pro-new-server). - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your Passbolt CE before proceeding - with the upgrade. Backup should include passbolt files as well as the database." -%} - -## System requirements -{% include hosting/v2-requirements.md %} - -## Upgrade to Passbolt Pro -In the following examples we assume you are running passbolt CE v1 using apache in the `/var/www/passbolt` -directory. You will need to replace these values with your local environment settings. - -### 1. Make sure you have the latest v1.x version -{% include hosting/upgrade/ce/v1/check-latest-version-installed.md %} - -### 2. Take your site offline -{% include hosting/upgrade/take-your-site-offline.md %} - -### 3. Download Passbolt Pro -{% include hosting/upgrade/pro/v2/download-and-replace-passbolt.md - repo_url="https://bitbucket.org/passbolt_pro/passbolt_pro_api.git" -%} - -### 4. Install the dependencies -{% include hosting/install/install-composer-dependencies.md %} - -### 5. Copy the avatar folder -{% include hosting/upgrade/ce/v2/copy-avatar-from-v1.md %} - -### 6. Configure Passbolt Pro -{% include hosting/install/pro/v2/install-with-webinstaller.md %} - -### 7. Your server is now ready to run passbolt - -Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in. - -### 8. Final step: modify the cron job to send emails - -Modify the cronjob entry you had added for passbolt CE v1 : -``` -* * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log -``` - -into this one: -``` -* * * * * /var/www/passbolt/bin/cake EmailQueue.sender > /var/log/passbolt.log -``` - -## That's it! - -At this stage, Passbolt Pro should be working perfectly. - -Any issue? Do contact us on the [Passbolt Pro support](mailto:contact@passbolt.com) with the email provided during your purchase. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce.md b/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce.md deleted file mode 100644 index 472e28768..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-04-hosting-upgrade-pro-from-ce.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Upgrade to Passbolt Pro -card_title: Introduction -card_teaser: Need help to select which upgrade method to use? -date: 2021-02-10 00:00:00 Z -card_position: 1 -description: Upgrade to Passbolt Pro -icon: fa-server -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce -popular: true -permalink: /:categories/:slug.html -archived: true ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - - -{% include messages/warning.html - content="**Important:** This page is depreciated. For up to date upgrade instructions please see our [help site page](/hosting/upgrade) on upgrades." -%} - -There are many ways you can upgrade your version 2 Community Edition (CE) to Passbolt Pro. -This page list the options and will point you to the right manual. - -### Upgrade from CE v2 - -- [Upgrade CE v2.x to Pro using source](/hosting/upgrade/pro/upgrade-pro-from-ce-v2) -- [Upgrade CE v2.x to Pro using docker](/hosting/upgrade/pro/upgrade-pro-from-v2-docker) - -#### Requirements -{% include hosting/v2-requirements.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-10-hosting-upgrade-docker-ce.md b/_posts/hosting/archived/upgrade/2018-04-10-hosting-upgrade-docker-ce.md deleted file mode 100644 index 7ea127b89..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-10-hosting-upgrade-docker-ce.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Upgrade Passbolt docker from v1 -card_title: Upgrade using docker -card_teaser: Upgrade from version 1 docker installation -icon: fa-server -date: 2018-04-10 00:00:00 Z -description: How to upgrade passbolt to version 2 on docker installations -categories: [hosting,upgrade,ce] -sidebar: hosting -layout: default -archived: true -slug: upgrade-docker-ce - -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -This tutorial covers the case where you want to upgrade your current docker installation of passbolt CE v1.x into passbolt CE v2.x. - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database." -%} - - -{% include hosting/docker/docker-changes-section.md %} -{% include hosting/docker/docker-backup-section.md %} -{% include hosting/docker/docker-upgrade-section.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/docker.html %} - -{% include aside/message.html - class="tldr" - content="Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!" - link="https://www.github.com/passbolt/passbolt_help" - ask="View on github" -%} - -{% include aside/message.html - class="tldr notice" - content="We highly recommend that you install https on your server. You can get a free SSL certificate with the let's encrypt initiative." - link="https://letsencrypt.org/" - ask="let's encrypt!" -%} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/archived/upgrade/2018-04-11-hosting-upgrade-pro-from-v1-docker.md b/_posts/hosting/archived/upgrade/2018-04-11-hosting-upgrade-pro-from-v1-docker.md deleted file mode 100644 index 177fb2d14..000000000 --- a/_posts/hosting/archived/upgrade/2018-04-11-hosting-upgrade-pro-from-v1-docker.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Upgrade from CE v1 to Pro using docker -card_title: From v1 (docker) -card_teaser: Upgrade from CE v1 to Pro using docker -date: 2018-04-09 00:00:00 Z -description: Upgrade from CE v1.x to Passbolt Pro using docker -icon: fa-server -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-v1-docker -docker_tag: '-pro' -passbolt_version: Pro -archived: true -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -This tutorial covers the case where you want to upgrade from your passbolt CE v1.x into Passbolt Pro when using docker. - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup-v1) of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database." -%} - -The upgrading process is very similar to the one listed in the [ce section](/hosting/upgrade/ce/upgrade-docker-ce.html). The main difference is that Passbolt Pro requires a subscription key to -work. - -{% include hosting/docker/docker-changes-section.md %} -{% include hosting/docker/docker-backup-section.md %} -{% include hosting/docker/docker-upgrade-section.md %} diff --git a/_posts/hosting/backup/2018-03-14-hosting-backup-v2.md b/_posts/hosting/backup/2018-03-14-hosting-backup-v2.md deleted file mode 100644 index 166a623bf..000000000 --- a/_posts/hosting/backup/2018-03-14-hosting-backup-v2.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Backing up a passbolt installation -date: 2018-03-14 00:00:00 Z -card_teaser: Backing up a from source passbolt installation -card_title: From source -icon: fa-download -description: Backing up a from source passbolt installation -card_position: 1 -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: from_source -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/backup/backup_from_source_full_page.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} - -{% include aside/message.html - class="tldr" - content="Are you still using passbolt v1? Check out the previous version of this article." - link="/hosting/backup/backup-v1" - ask="See previous version" -%} - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/backup/2021-10-01-docker-backup.md b/_posts/hosting/backup/2021-10-01-docker-backup.md deleted file mode 100644 index 0582ec014..000000000 --- a/_posts/hosting/backup/2021-10-01-docker-backup.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Docker -date: 2021-10-01 00:00:00 Z -card_teaser: Backing up a docker passbolt installation -card_title: Docker -icon: fa-download -card_position: 4 -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: docker -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'docker' %} -{% assign distributionVersion = '20.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'docker' %} -{% assign distributionLabel = 'Docker' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/backup/backup_package_full_page.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} - - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/backup/2021-11-24-package-backup.md b/_posts/hosting/backup/2021-11-24-package-backup.md deleted file mode 100644 index 017f5f73e..000000000 --- a/_posts/hosting/backup/2021-11-24-package-backup.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Backing up a Passbolt package installation -date: 2021-11-24 00:00:00 Z -card_teaser: Backing up a Passbolt package installation -card_title: DEB/RPM package -icon: fa-download -card_position: 3 -categories: [hosting,backup] -sidebar: hosting -layout: default -slug: package -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/backup/backup_package_full_page.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Do you have a question about backups? Do you want to share your experience and best practices?" - link="https://community.passbolt.com/c/installation-issues" - ask="Get in touch!" - button="primary" -%} - - -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2018-04-10-hosting-install-vm-pro.md b/_posts/hosting/installation/2018-04-10-hosting-install-vm-pro.md deleted file mode 100644 index 398b497ea..000000000 --- a/_posts/hosting/installation/2018-04-10-hosting-install-vm-pro.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Using Passbolt pro virtual machine appliance -card_title: Virtual machine -card_teaser: Step by step guide to install passbolt Pro virtual appliance. -card_position: 5 -date: 2021-02-02 00:00:00 Z -description: Start using passbolt pro virtual machine -icon: fa-server -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: vm -docker_tag: '-pro' -passbolt_version: Pro -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign migrate = false %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/vm/00-vm-description.md %} - -{% include hosting/install/vm/01-vm-setup.md %} - -{% include hosting/install/vm/02-vm-configuration.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2019-02-28-hosting-install-ce-digital-ocean.md b/_posts/hosting/installation/2019-02-28-hosting-install-ce-digital-ocean.md deleted file mode 100644 index 166731772..000000000 --- a/_posts/hosting/installation/2019-02-28-hosting-install-ce-digital-ocean.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Install Passbolt CE Digital Ocean -date: 2019-03-01 00:00:00 Z -description: How to install Passbolt CE Digital Ocean -card_title: Digital Ocean -card_teaser: Step by step guide to install passbolt CE on Digital Ocean -card_position: 6 -icon: fa-digitalocean -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: digital-ocean -permalink: hosting/install/ce/digital-ocean ---- - -{% assign product = 'ce' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -Since march 2019 it is possible to install passbolt easily directly from Digital Ocean. -Digital Ocean is an hosting provider based in the USA. In order to run passbolt -you will need the following: -- A Digital Ocean account -- A domain name for example passbolt.yourdomain.com -- Some level of access to point your DNS records to the new passbolt server - -## 1. Create the droplet in Digital Ocean - -The first step is to login in [Digital Ocean](https://cloud.digitalocean.com) (or create and setup an account). -You can then head to Marketplace and search for passbolt. - -It is recommended at the point that you have domain name (or subdomain). It is not mandatory but -highly encouraged. Since passbolt web extension is tied to a domain name it will be easier to get -it right upfront rather than using the IP address and changing the proper domain name later. - -Go to the marketplace and search for passbolt, select the card and click on create -droplet. - -{% include articles/figure.html - url="/assets/img/help/2019/03/digital-ocean/001_create_droplet.png" - legend="Create droplet" -%} - -Choose a plan and the associated server matching at least the following requirements: -- 1 GB -- 1 CPU - -{% include articles/figure.html - url="/assets/img/help/2019/03/digital-ocean/002_choose_plan.png" - legend="Create droplet" -%} - -Select your preferred datacenter region, and select additional options. -You can upload your SSH keys to login into the machine once it's created. -Choose a hostname and click create. - -Grab a cup of coffee and get ready. - -Once created you can see the droplet was assigned an IP address. -You can copy it and check if it is reachable and up and running. - -{% include articles/figure.html - url="/assets/img/help/2019/03/digital-ocean/005_highlight_copy_ip.png" - legend="Copy the IP address" -%} - -## 1.1. Setup your DNS to point to the droplet - -Next you need to point your domain DNS to this machine IP address. Please check -[Digital Ocean DNS documentation](https://www.digitalocean.com/docs/networking/dns/) -or your domain name provider help for this. - -Wait until the DNS propagation is done. To check if it is done, ping your domain and it should -resolve to this droplet IP. You can also check the propagation using -[online tools](https://www.whatsmydns.net/). - -{% include hosting/install/wizard/server.md databaseSection="hosting/install/wizard/database.md" %} - -{% include hosting/install/wizard/admin.md %} - -### 4. Setup HTTPS (optional, but highly recommended): - -If you are planning to use this droplet instance in production, it is highly recommended to setup SSL. There are two main methods described below: - -- [Auto (Using Let's Encrypt)](/configure/https/{{ product }}/digital-ocean/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/{{ product }}/debian/manual.html) - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2020-11-27-hosting-install-aws-ami-ce.md b/_posts/hosting/installation/2020-11-27-hosting-install-aws-ami-ce.md deleted file mode 100644 index 31470b4ce..000000000 --- a/_posts/hosting/installation/2020-11-27-hosting-install-aws-ami-ce.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Using Passbolt CE AWS AMI -card_title: AWS AMI -card_teaser: Use passbolt CE on AWS -card_position: 5 -date: 2019-08-07 00:00:00 Z -description: Start using passbolt CE on AWS -icon: fa-aws -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: aws -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include hosting/install/aws/ami.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-02-07-hosting-install-source-ce.md b/_posts/hosting/installation/2021-02-07-hosting-install-source-ce.md deleted file mode 100644 index 87f4391f3..000000000 --- a/_posts/hosting/installation/2021-02-07-hosting-install-source-ce.md +++ /dev/null @@ -1,298 +0,0 @@ ---- -title: Install passbolt API from source -card_title: From source code -card_teaser: Guide to install passbolt CE from the source code. -card_position: 100 -date: 2018-11-13 00:00:00 Z -description: How to install passbolt CE on your server from the source. -icon: fa-git -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: from-source -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Introduction -This tutorial is distribution agnostic. It details the installation steps at a high level, without -taking into account the specifics related to each and every linux distribution. - -{% include messages/warning.html - content="**Please note:** This is not the recommended way to install passbolt. You will find guides to install passbolt on your distribution [here](/hosting/install). - You should only attempt this if you are advanced in terms of server configuration" -%} - -## System requirements - -{% include hosting/v4-sources-requirements.md %} - -## Installation steps - -### 1. Create a web server matching the system requirements. - -Spin up a new fresh server with your favorite distribution, install a database server -and a webserver with a TLS certificate. If you are using apache as web server make sure you -have mod_rewrite module enabled. - -Find out your web server user. Some commands need to be run as the same user running the web server. Generally on Debian -systems it will be `www-data` but on other distributions like Centos it could be for example `nginx` or `http`. -For the rest of this tutorial we will assume that the user named `www-data`. - -{% include messages/warning.html - content="We highly recommend that you install https on your server. You can get a free SSL certificate with the let's encrypt initiative." - link="https://letsencrypt.org/" - ask="let's encrypt!" -%} - -### 2. Database configuration -#### Create an empty database - -Connect to your mysql server and create new database. Make sure it is in the utf8mb4 char set to -support non latin characters and emojis. 👏 - -```shell -/var/www$ mysql -u[user] -p[password] -mysql> CREATE DATABASE passbolt CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -``` - -#### Create a non-root user with according privilege - -The database user should not be root, create a non-root user that have privileges on the passbolt database that has been created. - -```shell -mysql> CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password'; -mysql> GRANT ALL PRIVILEGES ON passbolt.* TO 'your_user'@'localhost'; -mysql> FLUSH PRIVILEGES; -mysql> exit; -``` - -### 3. Clone the repository - -Cloning the code using git will allow you to keep the source under version control and facilitate -subsequent updates. - -```shell -/var/www$ git clone https://github.com/passbolt/passbolt_api.git -/var/www$ mv passbolt_api passbolt -``` - -### 4. Generate an OpenPGP key - -Passbolt API uses an OpenPGP key for the server in order to authenticate and sign the outgoing JSON requests. -For improved compatibility we recommend that you use the same GnuPG version for generating the keys and for the -php module. - -**WARNING:** Some of the following commands such as the GnuPG parts need to be run as www-data. In order to do that, we recommend using - -```shell -$ sudo su -s /bin/bash -c "run the command here" www-data -``` - -{% include hosting/install/warning-gpg-key-generation.html %} - -After creating the key make sure you note down the fingerprint, it will be requested later in the install process. -You can get the server key fingerprint as follow: - -```shell -$ gpg --list-keys --fingerprint | grep -i -B 2 'email@domain.tld' -``` - -Copy the public and private keys to the passbolt config location: - -```shell -$ gpg --armor --export-secret-keys email@domain.tld > /var/www/passbolt/config/gpg/serverkey_private.asc -$ gpg --armor --export email@domain.tld > /var/www/passbolt/config/gpg/serverkey.asc -``` - -### 5. Initialize the gpg keyring - -You no longer need to be connected as www-data from now. In order for passbolt authentication to work your server key needs to be in the keyring used by the web server. - -```shell -$ sudo su -s /bin/bash -c "gpg --list-keys" www-data -pub 4096R/573EE67E 2015-10-26 [expires: 2019-10-26] - Key fingerprint = 2FC8 9458 33C5 1946 E937 F9FE D47B 0811 573E E67E -uid Passbolt Server Test Key -``` - -### 6. Install the dependencies - -The project dependencies such as the plugin to manage the images, emails, etc. are not included anymore -in the code on the official repository. Fret not, composer will manage this for us. - -```shell -/var/www/passbolt$ composer install --no-dev -``` - -Depending on your setup it is possible that your composer command is named `composer` and not `composer.phar`. - -If for some reason the command above fails because you don't have composer installed, -you can check the [composer installation instructions](https://getcomposer.org/download/). - -### 7. Create a passbolt configuration file - -The name and values in the main configuration file have changed. Everything is now located in one file called -`config/passbolt.php`. Do not copy your v1 configuration files, instead you need to create a new one: - -```shell -$ cp config/passbolt.default.php config/passbolt.php -$ nano config/passbolt.php -``` - -Even if the format has changed the information needed are pretty much the same than v1. -You will need to set at least the following: -- Application full base url -- Database configuration -- Email settings -- Server OpenPGP key fingerprint. - -**WARNING:** The OpenPGP key fingerprint has to be written with no spaces and the application full base url should match the ssl configuration. - -You can also set your configuration using environment variables. -Check `config/default.php` to get the names of the environment variables. - -### 8. Run the install script - -Make sure you run the installation script as the web server user: - -```shell -$ sudo su -s /bin/bash -c "./bin/cake passbolt install" www-data -``` - -Optionally you can also run the health check to see if everything is fine. - -```shell -$ sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data -``` - -### 9. Configure Nginx - -#### Configure Nginx for serving HTTPS - -Depending on your needs there are two different options to setup nginx and SSL : - -- [Auto (Using Let's Encrypt)](/configure/https/ce/debian/auto.html) -- [Manual (Using user-provided SSL certificates)](/configure/https/ce/debian/manual.html) - -Be sure to write down the full path to your cert/key combo, it will be needed later in the Nginx configuration process. - -Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. - -#### Configure Nginx to serve passbolt - -For Nginx to serve passbolt, you will need to set up a server block file : - -```shell -$ nano /etc/nginx/sites-enabled/passbolt.conf -``` - -You can use this default configuration sample (do not forget to replace PLACEHOLDERS with your values): -- **SERVER_NAME** with your localhost/virtualhost address -- **CERTIFICATE_PATH** with the path where cert.pem is located -- **KEY_PATH** with the path where key.pem is located -- **PHP_VERSION** with the PHP version you are using - -```shell -server { - listen [::]:443 ssl http2; - listen 443 ssl http2; - - server_name SERVER_NAME; - - client_body_buffer_size 100K; - client_header_buffer_size 1k; - client_max_body_size 5M; - client_body_timeout 10; - client_header_timeout 10; - keepalive_timeout 5 5; - send_timeout 10; - - ssl_certificate CERTIFICATE_PATH; - ssl_certificate_key KEY_PATH; - ssl_session_timeout 1d; - ssl_session_cache shared:MozSSL:10m; # about 40000 sessions - ssl_session_tickets off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - root /var/www/passbolt/webroot; - index index.php; - location / { - try_files $uri $uri/ /index.php?$args; - } - location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass unix:/run/php/PHP_VERSION-fpm.sock; - fastcgi_index index.php; - fastcgi_intercept_errors on; - fastcgi_split_path_info ^(.+\.php)(.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SERVER_NAME $http_host; - fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M"; - } -} -``` - -Then, reload the Nginx process so that it takes your new configuration into account : - -``` -$ sudo systemctl reload nginx -``` - - -### 10. Setup the emails - -**WARNING:** If you are running Passbolt 3.8.0 or higher version, you are able to configure your email server through the UI, any changes made will override the *config/passbolt.php* - -#### You are running Passbolt CE < 3.8.0 ? -For passbolt to be able to send emails, you must first configure properly the “EmailTransport” section in the -`config/passbolt.php` file to match your provider smtp details. - -Emails are placed in a queue that needs to be processed by the following shell. -```bash -$ ./bin/cake EmailQueue.sender -``` - -In order to have your emails sent automatically, you can add a cron call to the script so the emails -will be sent every minute. Run the following command to edit the crontab for the www-data user: -```bash -$ crontab -u www-data -e -``` - -You can add a cron call to the script so the emails will be sent every minute. -Add the following line to you crontab: -```bash - * * * * * /var/www/passbolt/bin/cron >> /var/log/passbolt.log -``` - -If the log file does not yet exist, you can create it with the following command: -```bash -$ touch /var/log/passbolt.log && chown www-data:www-data /var/log/passbolt.log -``` - -And you are done! - - -### Troubleshooting - -Here are some frequently asked questions related to passbolt installation: -{% include faq/list-by-tag.html tag='troubleshoot' %} - -Feel free to ask for help on the [community forum](https://community.passbolt.com/c/installation-issues). - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include aside/ce-install-pro-cta.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-ce.md b/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-ce.md deleted file mode 100644 index e4e30253e..000000000 --- a/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-ce.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Install Passbolt CE on Ubuntu 22.04 -date: 2022-07-11 00:00:00 Z -description: How to install Passbolt CE on Ubuntu 22.04 -card_title: Ubuntu 22.04 -card_teaser: Step by step guide to install passbolt CE on Ubuntu 22.04 -card_position: 2 -icon: fa-ubuntu -categories: [hosting,install,ce,ubuntu] -sidebar: hosting -layout: default -slug: ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'jammy' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/community.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} - - diff --git a/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-pro.md b/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-pro.md deleted file mode 100644 index fbe8bb887..000000000 --- a/_posts/hosting/installation/2021-02-11-hosting-install-ubuntu-pro.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Install Passbolt Pro on Ubuntu 22.04 -date: 2022-07-11 00:00:00 Z -description: How to install Passbolt Pro on Ubuntu 22.04 -card_title: Ubuntu 22.04 -card_teaser: Step by step guide to install passbolt Pro on Ubuntu 22.04 -card_position: 2 -icon: fa-ubuntu -categories: [hosting,install,pro,ubuntu] -sidebar: hosting -layout: default -slug: ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'jammy' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} - diff --git a/_posts/hosting/installation/2021-11-02-hosting-install-debian-ce.md b/_posts/hosting/installation/2021-11-02-hosting-install-debian-ce.md deleted file mode 100644 index 4766a0163..000000000 --- a/_posts/hosting/installation/2021-11-02-hosting-install-debian-ce.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Install Passbolt CE on Debian 11 (Bullseye) -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on (Bullseye) -slug: Debian11-ce -layout: default ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-02-hosting-install-debian-pro.md b/_posts/hosting/installation/2021-11-02-hosting-install-debian-pro.md deleted file mode 100644 index e41524806..000000000 --- a/_posts/hosting/installation/2021-11-02-hosting-install-debian-pro.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Install Passbolt Pro on Debian 11 (Bullseye) -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt Pro on (Bullseye) -slug: Debian11 -layout: default ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-08-hosting-install-aws-ami-pro.md b/_posts/hosting/installation/2021-11-08-hosting-install-aws-ami-pro.md deleted file mode 100644 index a51d8f77e..000000000 --- a/_posts/hosting/installation/2021-11-08-hosting-install-aws-ami-pro.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Using Passbolt PRO AWS AMI -card_title: AWS AMI -card_teaser: Use passbolt Pro on AWS -card_position: 5 -date: 2021-08-11 00:00:00 Z -description: Start using passbolt Pro on AWS -icon: fa-aws -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: aws -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include hosting/install/aws/ami.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-ce-almalinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-ce-almalinux-8.md deleted file mode 100644 index 61b9f202e..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-ce-almalinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on AlmaLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: AlmaLinux 8 -card_teaser: Install passbolt CE on AlmaLinux -card_position: 10 -icon: fa-almalinux -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: almalinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'almalinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'almalinux' %} -{% assign distributionLabel = 'AlmaLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-ce-centos-7.md b/_posts/hosting/installation/2021-11-24-hosting-install-ce-centos-7.md deleted file mode 100644 index ab8ba2d5b..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-ce-centos-7.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install Passbolt CE on CentOS 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on CentOS 7 -card_title: CentOS 7 -card_teaser: Install passbolt CE on CentOS -card_position: 10 -icon: fa-centos -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: centos -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-ce-oraclelinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-ce-oraclelinux-8.md deleted file mode 100644 index 13a54e33e..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-ce-oraclelinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on OracleLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: OracleLinux 8 -card_teaser: Install passbolt CE on OracleLinux -card_position: 10 -icon: fa-oraclelinux -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: oraclelinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-ce-redhat-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-ce-redhat-8.md deleted file mode 100644 index 30221c599..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-ce-redhat-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on Red Hat 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: Red Hat 8 -card_teaser: Install passbolt CE on Red Hat -card_position: 10 -icon: fa-redhat -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: redhat -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -distributionPackage -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-ce-rockylinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-ce-rockylinux-8.md deleted file mode 100644 index 3828b61f3..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-ce-rockylinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on RockyLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: RockyLinux 8 -card_teaser: Install passbolt CE on RockyLinux -card_position: 10 -icon: fa-rockylinux -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: rockylinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'rockylinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'rockylinux' %} -{% assign distributionLabel = 'RockyLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-pro-almalinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-pro-almalinux-8.md deleted file mode 100644 index 2d09ce11d..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-pro-almalinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on AlmaLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: AlmaLinux 8 -card_teaser: Install passbolt PRO on AlmaLinux -card_position: 10 -icon: fa-almalinux -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: almalinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'almalinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'almalinux' %} -{% assign distributionLabel = 'AlmaLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-pro-centos-7.md b/_posts/hosting/installation/2021-11-24-hosting-install-pro-centos-7.md deleted file mode 100644 index ff7333252..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-pro-centos-7.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Install Passbolt PRO on CentOS 7 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on CentOS 7 -card_title: CentOS 7 -card_teaser: Install passbolt PRO on CentOS -card_position: 10 -icon: fa-centos -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: centos -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'yum' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-pro-oraclelinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-pro-oraclelinux-8.md deleted file mode 100644 index dd6e4831b..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-pro-oraclelinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on OracleLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: OracleLinux 8 -card_teaser: Install passbolt PRO on OracleLinux -card_position: 10 -icon: fa-oraclelinux -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: oraclelinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-pro-redhat-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-pro-redhat-8.md deleted file mode 100644 index b5efcf838..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-pro-redhat-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on Red Hat 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: Red Hat 8 -card_teaser: Install passbolt PRO on Red Hat -card_position: 10 -icon: fa-redhat -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: redhat -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-11-24-hosting-install-pro-rockylinux-8.md b/_posts/hosting/installation/2021-11-24-hosting-install-pro-rockylinux-8.md deleted file mode 100644 index 9a6244760..000000000 --- a/_posts/hosting/installation/2021-11-24-hosting-install-pro-rockylinux-8.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on RockyLinux 8 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: RockyLinux 8 -card_teaser: Install passbolt PRO on RockyLinux -card_position: 10 -icon: fa-rockylinux -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: rockylinux -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'rockylinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionSlug = 'rockylinux' %} -{% assign distributionLabel = 'RockyLinux' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-12-15-hosting-install-docker-ce.md b/_posts/hosting/installation/2021-12-15-hosting-install-docker-ce.md deleted file mode 100644 index 6fe5ed51b..000000000 --- a/_posts/hosting/installation/2021-12-15-hosting-install-docker-ce.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Docker passbolt installation -card_title: Docker -card_teaser: Install passbolt CE using docker -card_position: 3 -date: 2023-02-06 00:00:00 Z -description: Install passbolt CE using docker -icon: fa-docker -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: docker -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/docker/docker-warning.md %} - -{% include hosting/docker/docker-system-requirements.md %} -{% include hosting/docker/docker-compose-usage.md %} - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/docker.html %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2021-12-15-hosting-install-docker-pro.md b/_posts/hosting/installation/2021-12-15-hosting-install-docker-pro.md deleted file mode 100644 index bb93f1041..000000000 --- a/_posts/hosting/installation/2021-12-15-hosting-install-docker-pro.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Docker install -card_title: Docker -card_teaser: Step by step guide to install passbolt Pro using Docker. -card_position: 3 -date: 2023-02-06 00:00:00 Z -description: Install passbolt Pro using Docker -icon: fa-docker -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: docker -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/docker/docker-warning.md %} - -{% include hosting/docker/docker-system-requirements.md %} -{% include hosting/docker/docker-compose-usage.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/docker.html %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-ce.md b/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-ce.md deleted file mode 100644 index a325053d0..000000000 --- a/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-ce.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install Passbolt CE on Raspberry PI -date: 2022-01-06 00:00:00 Z -description: How to install Passbolt CE on raspberry PI -card_title: Raspberry PI -card_teaser: Step by step guide to install passbolt CE on Raspberry PI -card_position: 4 -icon: fa-raspberry -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: raspberry -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Raspberry' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-pro.md b/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-pro.md deleted file mode 100644 index 5606469ed..000000000 --- a/_posts/hosting/installation/2022-01-06-hosting-install-raspberry-pro.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install Passbolt PRO on Raspberry PI -date: 2022-01-06 00:00:00 Z -description: How to install Passbolt PRO on raspberry PI -card_title: Raspberry PI -card_teaser: Step by step guide to install passbolt PRO on Raspberry PI -card_position: 4 -icon: fa-raspberry -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: raspberry -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Raspberry' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-02-07-hosting-install-ce-opensuse-15.md b/_posts/hosting/installation/2022-02-07-hosting-install-ce-opensuse-15.md deleted file mode 100644 index 04053a271..000000000 --- a/_posts/hosting/installation/2022-02-07-hosting-install-ce-opensuse-15.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on openSUSE Leap 15 -date: 2022-02-07 00:00:00 Z -description: How to install Passbolt CE on -card_title: openSUSE Leap 15 -card_teaser: Install passbolt CE on openSUSE -card_position: 10 -icon: fa-opensuse -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: opensuse -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'opensuse' %} -{% assign distributionVersion = 'Leap 15' %} -{% assign distributionSlug = 'opensuse' %} -{% assign distributionLabel = 'openSUSE' %} -{% assign distributionPackage = 'zypper' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-02-07-hosting-install-pro-opensuse-15.md b/_posts/hosting/installation/2022-02-07-hosting-install-pro-opensuse-15.md deleted file mode 100644 index 1e94dd95f..000000000 --- a/_posts/hosting/installation/2022-02-07-hosting-install-pro-opensuse-15.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on openSUSE Leap 15 -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: openSUSE Leap 15 -card_teaser: Install passbolt PRO on openSUSE -card_position: 10 -icon: fa-opensuse -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: opensuse -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'opensuse' %} -{% assign distributionVersion = 'Leap 15' %} -{% assign distributionSlug = 'opensuse' %} -{% assign distributionLabel = 'openSUSE' %} -{% assign distributionPackage = 'zypper' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-02-14-hosting-install-ce-fedora.md b/_posts/hosting/installation/2022-02-14-hosting-install-ce-fedora.md deleted file mode 100644 index 4110c427b..000000000 --- a/_posts/hosting/installation/2022-02-14-hosting-install-ce-fedora.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt CE on Fedora -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt CE on -card_title: Fedora -card_teaser: Install passbolt CE on Fedora -card_position: 10 -icon: fa-fedora -categories: [hosting,install,ce] -sidebar: hosting -layout: default -slug: fedora -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'fedora' %} -{% assign distributionVersion = '37' %} -{% assign distributionSlug = 'fedora' %} -{% assign distributionLabel = 'Fedora' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-02-14-hosting-install-pro-fedora.md b/_posts/hosting/installation/2022-02-14-hosting-install-pro-fedora.md deleted file mode 100644 index ccd601c4d..000000000 --- a/_posts/hosting/installation/2022-02-14-hosting-install-pro-fedora.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Install Passbolt PRO on Fedora -date: 2021-11-24 00:00:00 Z -description: How to install Passbolt PRO on -card_title: Fedora -card_teaser: Install passbolt PRO on Fedora -card_position: 10 -icon: fa-fedora -categories: [hosting,install,pro] -sidebar: hosting -layout: default -slug: fedora -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'fedora' %} -{% assign distributionVersion = '37' %} -{% assign distributionSlug = 'fedora' %} -{% assign distributionLabel = 'Fedora' %} -{% assign distributionPackage = 'dnf' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-11-22-hosting-install-helm-ce.md b/_posts/hosting/installation/2022-11-22-hosting-install-helm-ce.md deleted file mode 100644 index 8d9ced361..000000000 --- a/_posts/hosting/installation/2022-11-22-hosting-install-helm-ce.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Helm passbolt installation -card_title: Helm -card_teaser: Step by step guide to install passbolt CE using Helm. -card_position: 3 -date: 2023-02-06 00:00:00 Z -description: Install passbolt CE using Helm -icon: fa-helm -categories: [hosting,install,ce] -sidebar: hosting -layout: default -new: true -slug: helm -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/helm/helm-warning.md %} - - -{% include hosting/helm/helm-system-requirements.md %} -{% include hosting/helm/helm-install-usage.md %} -{% include hosting/helm/helm-first-user-creation.md %} - -{% include hosting/helm/helm-going-further.md %} - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/helm.html %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when installing passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2022-11-22-hosting-install-helm-pro.md b/_posts/hosting/installation/2022-11-22-hosting-install-helm-pro.md deleted file mode 100644 index 7113ee191..000000000 --- a/_posts/hosting/installation/2022-11-22-hosting-install-helm-pro.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Helm install -card_title: Helm -card_teaser: Step by step guide to install passbolt Pro using Helm. -card_position: 3 -date: 2022-02-06 00:00:00 Z -description: Install passbolt Pro using Helm -icon: fa-helm -categories: [hosting,install,pro] -sidebar: hosting -layout: default -new: true -slug: helm -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - - -{% include hosting/helm/helm-warning.md %} - -{% include hosting/helm/helm-system-requirements.md %} -{% include hosting/helm/helm-install-usage.md %} -{% include hosting/helm/helm-first-user-creation.md %} -{% include hosting/helm/helm-going-further.md %} - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/helm.html %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2023-06-29-hosting-install-debian12-ce.md b/_posts/hosting/installation/2023-06-29-hosting-install-debian12-ce.md deleted file mode 100644 index aac10b3cf..000000000 --- a/_posts/hosting/installation/2023-06-29-hosting-install-debian12-ce.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Install Passbolt CE on Debian 12 (Bookworm) -date: 2023-06-29 00:00:00 Z -description: How to install Passbolt CE on (Bookworm) -card_title: Debian 12 -card_teaser: Step by step guide to install Passbolt CE on Debian -card_position: 1 -icon: fa-debian -categories: [hosting,install,ce,debian] -sidebar: hosting -layout: default -popular: true -slug: Debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/ce-install-community-forum-cta.md %} - -{% include aside/ce-stay-up-to-date.md %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/installation/2023-06-29-hosting-install-debian12-pro.md b/_posts/hosting/installation/2023-06-29-hosting-install-debian12-pro.md deleted file mode 100644 index 215cfbc02..000000000 --- a/_posts/hosting/installation/2023-06-29-hosting-install-debian12-pro.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Install Passbolt Pro on Debian 12 (Bookworm) -date: 2023-06-29 00:00:00 Z -description: How to install Passbolt Pro on (Bookworm) -card_title: Debian 12 -card_teaser: Step by step guide to install Passbolt Pro on Debian -card_position: 1 -icon: fa-debian -categories: [hosting,install,pro,debian] -sidebar: hosting -layout: default -popular: true -slug: Debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/install/packages/debian/install-debian-package.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include aside/contribute.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-02-07-hosting-update-vm.md b/_posts/hosting/update/2021-02-07-hosting-update-vm.md deleted file mode 100644 index 5bbf3af3a..000000000 --- a/_posts/hosting/update/2021-02-07-hosting-update-vm.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Update for Virtual Machine -date: 2021-02-07 00:00:00 Z -description: How to update passbolt Pro virtual machine appliance. -card_teaser: Update passbolt Pro virtual machine appliance. -card_title: Update for VM -card_position: 50 -icon: fa-server -categories: [hosting, update] -sidebar: hosting -layout: default -slug: vm_update -permalink: /:categories/:slug.html -redirect_to: /hosting/update/debian-package.html ---- diff --git a/_posts/hosting/update/2021-02-08-hosting-update-install-scripts.md b/_posts/hosting/update/2021-02-08-hosting-update-install-scripts.md deleted file mode 100644 index 5fab47baf..000000000 --- a/_posts/hosting/update/2021-02-08-hosting-update-install-scripts.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: Update passbolt on Centos 7 (installation script) -date: 2021-10-19 00:00:00 Z -description: How to update passbolt on your server. -categories: [hosting, update] -slug: install-scripts -permalink: /:categories/:slug.html -archived: true ---- - -{% include messages/warning.html - content="**Important:** This page has been depreciated, CentOS is not supported anymore." -%} -{% include hosting/install/packages/debian/install-debian-package.md %} - - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** This is no longer a recommended installation method. You may want to consider [migrating](/hosting/upgrade/pro/migrate-to-centos) to the package." -%} - -## Pre-requisites - -For this tutorial, you will need: -- A minimal CentOS 7 server. -- Passbolt installed with the CentOS install script. - -## Updating passbolt -### 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. For example if you are using `nginx` as a -webserver: -```bash -$ sudo systemctl stop nginx -``` - -If you feel a bit more fancy, you can change your web server configuration to point to an "under maintenance" page. -It is a good practice to announce such maintenance window to your users in advance, so that they can also -plan for the update, for example by downloading some key passwords they may need. - -### 2. Backup your instance - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup). - -### 3. Get the latest code version - -Pull the latest version directly from master: -```bash -$ cd /var/www/passbolt -$ sudo -H -u nginx bash -c "git pull origin master" -``` - -### 4. Update the dependencies - -Some libraries are not packaged with the software but need to be updated using composer, based on -what is recommended in the composer.lock. This file is provided by passbolt. - -Passbolt requires composer v2, check the version you have already installed: - -```bash -$ sudo -H -u nginx bash -c "composer.phar --version" -> Composer version 2.0.9 2021-01-27 16:09:27 -``` - -To get the latest version of composer, you can check the -[composer installation instructions](https://getcomposer.org/download/). - -Update the dependencies: - -```bash -$ sudo -H -u nginx bash -c "php -d allow_url_fopen=on composer.phar install --no-dev -n -o" -``` - -### 5. Migrate your data - -A new version can come with a data structure change. You can run the migration scripts as follow: -```bash -$ sudo -H -u nginx bash -c "./bin/cake passbolt migrate" -``` - -### 6. Clear the cache - -Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files: -```bash -$ sudo -H -u nginx bash -c "./bin/cake cache clear_all" -``` - -### 7. Bring your site back online - -Almost done: -```bash -$ sudo systemctl start nginx -``` - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr" - content="Have you installed passbolt from source instead?" - link="/hosting/update/source" - ask="Update passbolt on from source installation" -%} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-02-08-hosting-update-source.md b/_posts/hosting/update/2021-02-08-hosting-update-source.md deleted file mode 100644 index b7e676998..000000000 --- a/_posts/hosting/update/2021-02-08-hosting-update-source.md +++ /dev/null @@ -1,232 +0,0 @@ ---- -title: Update passbolt source install -date: 2021-02-08 00:00:00 Z -description: How to update passbolt on your server. -card_teaser: Guide for instances installed from source. -card_title: Update for source install -card_position: 200 -categories: [hosting, update] -icon: fa-git -sidebar: hosting -layout: default -slug: source -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -# Pre-requisites - -## System requirements -{% include hosting/v4-requirements.md %} - -## Find out where is your passbolt directory - -All the commands hereafter should be done from inside your passbolt directory: -```bash -$ cd /var/www/passbolt -``` - -By default passbolt should be installed under `/var/www/passbolt` but it could be different if you -installed from source manually. We will assume for the rest of this tutorial that it is located -in `/var/www/passbolt`. - -## Find out the name of your webserver user - -Some commands need to be run as the same user running the web server. Generally on Debian systems it will be -`www-data` but on other distributions like Centos it could be for example `nginx` or `http`. -For the rest of this tutorial we will assume that the user named `www-data`. - -Generally it is not possible to login as this user, so in order to run the command as this user, -you can execute something like this: - -```bash -$ sudo -H -u www-data bash -c "./bin/cake passbolt healthcheck" -``` - -This command for example, will run the healthcheck command as `www-data` data user. -It is a good idea to start with running a healthcheck prior to updating, to make sure everything is in order. - -## Make sure the permissions are right for your current user - -{% include messages/warning.html -content="Do not run the commands as root when updating passbolt. It can render your installation unusable." -%} - -Running commands as root can make your installation unusable until the permissions are repaired. -We recommend you use another user for this purpose. The `whoami` command will let you know which user you are logged -in as. In our case below, it is the user `passbolt`. -```bash -$ whoami -passbolt -``` - -You need to make sure that this user have access to the passbolt directory. -The easiest way to do this would be to add such user to the `www-data` and `sudo` groups, -so for example for a `passbolt` user, you could execute as root: - -```bash -$ sudo usermod -a -G www-data passbolt -$ sudo usermod -a -G sudo passbolt -``` - -You can check if the user is included in the group (you may need to logout / login again for the permissions to be -applied): -```bash -$ groups passbolt -passbolt : passbolt www-data sudo -``` - -Make sure the passbolt directory is owned by the passbolt user and accessible to the www-data group. -You can set the permissions as follow: - -```bash -$ sudo chown -R passbolt:www-data . -$ sudo chmod -R o-rwx . -$ sudo find . -type d -print0 | xargs -0 sudo chmod g-w -$ sudo find . -type f -print0 | xargs -0 sudo chmod g-wx -$ sudo chmod g+x ./bin/cake -$ sudo find ./tmp -type d -print0 | xargs -0 sudo chmod 770 -$ sudo find ./tmp -type f -print0 | xargs -0 sudo chmod 660 -$ sudo find ./logs -type d -print0 | xargs -0 sudo chmod 770 -$ sudo find ./logs -type f -print0 | xargs -0 sudo chmod 660 -$ sudo find ./webroot/img/public -type d -print0 | xargs -0 sudo chmod 770 -$ sudo find ./webroot/img/public -type f -print0 | xargs -0 sudo chmod 660 -``` - -Check that the permissions are set as expected. -```bash -$ ls -la . -drwxr-x--- 2 passbolt www-data . -drwx------ 6 root root .. -drwxr-x--- 6 passbolt www-data config -``` - -Make sure the passbolt directory doesn't contain any changes. If you have altered the passbolt code, stash your changes -before executing the following command. -```bash -$ git checkout HEAD . -``` - -## Check if git is present on your system - -By default you should have git installed: -```bash -$ which git -/usr/bin/git -``` - -If not install the relative distribution package. - -## Check if composer is present on your system - -You should also already have composer installed. -```bash -$ which composer.phar -/usr/bin/composer.phar -``` - -Depending on your setup it is possible that your composer command is named `composer` and not `composer.phar`. - -If for some reason the command above fails because you don't have composer installed, -you can check the [composer installation instructions](https://getcomposer.org/download/). - -Passbolt requires composer v2, check the version you have already installed: - -```bash -composer.phar --version -> Composer version 2.0.9 2021-01-27 16:09:27 -``` - -To get the latest version of composer, you can check the -[composer installation instructions](https://getcomposer.org/download/). - -# Updating passbolt -## 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. For example if you are using `nginx` as a -webserver: -```bash -$ sudo systemctl stop nginx -``` - -If you feel a bit more fancy, you can change your web server configuration to point to an "under maintenance" page. -It is a good practice to announce such maintenance window to your users in advance, so that they can also -plan for the update, for example by downloading some key passwords they may need. - -## 2. Get the latest code version - -You can pull the latest version directly from master: -```bash -$ git pull origin master -``` - -To pull a specific version you can do: -```bash -$ git fetch origin tags/v2.13.0 -$ git checkout tags/v2.13.0 -``` - -On installations based on install scripts or in the VM appliance you are in a shallow clone state so to change -the branch you will need to: - -```bash -$ git remote set-branches origin "*" -$ git fetch origin tags/v2.13.0 -$ git checkout tags/v2.13.0 -``` - -## 3. Update the dependencies - -Some libraries are not packaged with the software but need to be updated using composer, based on -what is recommended in the composer.lock. This file is provided by passbolt. - -```bash -$ php -d allow_url_fopen=on /usr/bin/composer.phar install --no-dev -n -o -``` - -## 4. Run the migration script - -You can run the database migration scripts as follow: -```bash -$ sudo -H -u www-data bash -c "./bin/cake passbolt migrate --backup" -``` - -As you can see with the command above you can optional ask the application to create a database backup. -This is useful in case you run into any issues with the new version and need to revert to an old but working one. - -This backup will be placed in `./tmp/cache/database/backup/backup_timestamp.sql`. - -## 5. Clear the cache - -Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files: -```bash -$ sudo -H -u www-data bash -c "./bin/cake cache clear_all" -``` - -## 6. Bring your site back online - -Almost done: -```bash -sudo systemctl start nginx -``` - -{% include hosting/update/in-case-of-issues-from-source.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html -class="tldr notice" -content="Are you experiencing issues when updating passbolt?" -link="https://community.passbolt.com/c/installation-issues" -ask="Ask the community!" -button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-02-09-hosting-update-docker.md b/_posts/hosting/update/2021-02-09-hosting-update-docker.md deleted file mode 100644 index 499c42e7e..000000000 --- a/_posts/hosting/update/2021-02-09-hosting-update-docker.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Update for docker container -date: 2022-02-21 00:00:00 Z -description: How to update passbolt docker container -card_teaser: Guide for instances using docker container. -card_title: Update for Docker -card_position: 3 -icon: fa-docker -categories: [hosting, update] -sidebar: hosting -layout: default -slug: docker -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -It is recommended that users [pull the tags pointing to specific passbolt versions](https://hub.docker.com/r/passbolt/passbolt/tags) when running in environments other than testing. - -To update passbolt, you would just need to change the image tag in your docker-compose.yml file: - -``` - image: passbolt/passbolt: -``` - -Then relaunch your docker containers: - -``` -$ docker-compose up -d -``` - -By doing this: - -* a new passbolt docker image will be pulled and a new container created -* your passbolt database schema will be updated - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-02-12-hosting-update-ubuntu-package.md b/_posts/hosting/update/2021-02-12-hosting-update-ubuntu-package.md deleted file mode 100644 index 1d6388d51..000000000 --- a/_posts/hosting/update/2021-02-12-hosting-update-ubuntu-package.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Update passbolt on Ubuntu -date: 2021-11-26 00:00:00 Z -description: How to update your server on Ubuntu. -card_teaser: Guide for instances installed using Ubuntu package. -card_title: Update for Ubuntu -card_position: 2 -icon: fa-ubuntu -categories: [hosting, update] -sidebar: hosting -layout: default -slug: ubuntu_package -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html -class="tldr" -content="Your installation is not based on a Ubuntu package?" -link="/hosting/upgrade/ce/migrate-to-ubuntu.html" -ask="Migrate passbolt to Ubuntu package" -%} - -{% include aside/message.html -class="tldr notice" -content="Are you experiencing issues when updating passbolt?" -link="https://community.passbolt.com/c/installation-issues" -ask="Ask the community!" -button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-02-15-hosting-update-aws-ami.md b/_posts/hosting/update/2021-02-15-hosting-update-aws-ami.md deleted file mode 100644 index 4bd06a223..000000000 --- a/_posts/hosting/update/2021-02-15-hosting-update-aws-ami.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Update for AWS ami -date: 2021-02-07 00:00:00 Z -description: How to update passbolt CE AWS ami. -card_teaser: Update passbolt CE AWS ami. -card_title: Update for AWS ami -icon: fa-aws -card_position: 100 -categories: [hosting, update] -sidebar: hosting -layout: default -slug: ami_update -permalink: /:categories/:slug.html -redirect_to: /hosting/update/debian-package.html ---- - diff --git a/_posts/hosting/update/2021-02-15-hosting-update-digital-ocean.md b/_posts/hosting/update/2021-02-15-hosting-update-digital-ocean.md deleted file mode 100644 index 8bfd38faf..000000000 --- a/_posts/hosting/update/2021-02-15-hosting-update-digital-ocean.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Update for Digital Ocean -date: 2021-02-07 00:00:00 Z -description: How to update passbolt CE digital ocean appliance. -card_teaser: Update passbolt CE digital ocean appliance. -card_title: Update for Digital Ocean -icon: fa-digitalocean -card_position: 100 -categories: [hosting, update] -sidebar: hosting -layout: default -slug: do_update -permalink: /:categories/:slug.html -redirect_to: /hosting/update/debian-package.html ---- - diff --git a/_posts/hosting/update/2021-11-02-hosting-update-debian-package.md b/_posts/hosting/update/2021-11-02-hosting-update-debian-package.md deleted file mode 100644 index 0cdd83964..000000000 --- a/_posts/hosting/update/2021-11-02-hosting-update-debian-package.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Update passbolt on Debian -date: 2021-11-26 00:00:00 Z -description: How to update your server on Debian. -card_teaser: Guide for instances installed using Debian package. -card_title: Update for Debian -card_position: 1 -icon: fa-debian -categories: [hosting, update] -sidebar: hosting -layout: default -slug: debian_package -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/notice.html - content="Pro tip: These instructions are also used for updates to the [virtual machine](/hosting/install/pro/vm)." -%} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr" - content="Your installation is not based on a debian package?" - link="/hosting/upgrade/ce/migrate-to-debian.html" - ask="Migrate passbolt to debian package" -%} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-11-26-hosting-update-almainux-package.md b/_posts/hosting/update/2021-11-26-hosting-update-almainux-package.md deleted file mode 100644 index 56f96ad21..000000000 --- a/_posts/hosting/update/2021-11-26-hosting-update-almainux-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on AlmaLinux -date: 2021-11-26 00:00:00 Z -description: How to update your server on AlmaLinux. -card_teaser: Guide for instances installed using AlmaLinux package. -card_title: Update for AlmaLinux -card_position: 10 -icon: fa-almalinux -categories: [hosting, update] -sidebar: hosting -layout: default -slug: almalinux -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'almalinux' %} -{% assign distributionLabel = 'AlmaLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-11-26-hosting-update-centos-package.md b/_posts/hosting/update/2021-11-26-hosting-update-centos-package.md deleted file mode 100644 index 27074caa1..000000000 --- a/_posts/hosting/update/2021-11-26-hosting-update-centos-package.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Update passbolt on CentOS -date: 2021-11-26 00:00:00 Z -description: How to update your server on CentOS. -card_teaser: Guide for instances installed using CentOS package. -card_title: Update for CentOS -card_position: 10 -icon: fa-centos -categories: [hosting, update] -slug: centos -sidebar: hosting -layout: default -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'yum' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-11-26-hosting-update-oraclelinux-package.md b/_posts/hosting/update/2021-11-26-hosting-update-oraclelinux-package.md deleted file mode 100644 index 676ba765e..000000000 --- a/_posts/hosting/update/2021-11-26-hosting-update-oraclelinux-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on OracleLinux -date: 2021-11-26 00:00:00 Z -description: How to update your server on OracleLinux. -card_teaser: Guide for instances installed using OracleLinux package. -card_title: Update for OracleLinux -card_position: 10 -icon: fa-oraclelinux -categories: [hosting, update] -sidebar: hosting -layout: default -slug: oraclelinux -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-11-26-hosting-update-redhat-package.md b/_posts/hosting/update/2021-11-26-hosting-update-redhat-package.md deleted file mode 100644 index 18edbeff3..000000000 --- a/_posts/hosting/update/2021-11-26-hosting-update-redhat-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on Red Hat -date: 2021-11-26 00:00:00 Z -description: How to update your server on Red Hat. -card_teaser: Guide for instances installed using Red Hat package. -card_title: Update for Red Hat -card_position: 10 -icon: fa-redhat -categories: [hosting, update] -sidebar: hosting -layout: default -slug: redhat -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2021-11-26-hosting-update-rockylinux-package.md b/_posts/hosting/update/2021-11-26-hosting-update-rockylinux-package.md deleted file mode 100644 index 4a059231b..000000000 --- a/_posts/hosting/update/2021-11-26-hosting-update-rockylinux-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on RockyLinux -date: 2021-11-26 00:00:00 Z -description: How to update your server on RockyLinux. -card_teaser: Guide for instances installed using RockyLinux package. -card_title: Update for RockyLinux -card_position: 10 -icon: fa-rockylinux -categories: [hosting, update] -sidebar: hosting -layout: default -slug: rockylinux -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'rockylinux' %} -{% assign distributionLabel = 'RockyLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2022-01-06-hosting-update-raspberry-pi.md b/_posts/hosting/update/2022-01-06-hosting-update-raspberry-pi.md deleted file mode 100644 index ccb6c195f..000000000 --- a/_posts/hosting/update/2022-01-06-hosting-update-raspberry-pi.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Update passbolt on Raspberry Pi -date: 2021-11-26 00:00:00 Z -description: How to update your server on Raspberry Pi. -card_teaser: Guide for instances installed using Debian package. -card_title: Update for Raspberry Pi -card_position: 4 -icon: fa-raspberry -categories: [hosting, update] -sidebar: hosting -layout: default -slug: raspberry -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr" - content="Your installation is not based on a debian package?" - link="/hosting/upgrade/ce/migrate-to-debian.html" - ask="Migrate passbolt to debian package" -%} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2022-02-11-hosting-update-opensuse-package.md b/_posts/hosting/update/2022-02-11-hosting-update-opensuse-package.md deleted file mode 100644 index f19a43305..000000000 --- a/_posts/hosting/update/2022-02-11-hosting-update-opensuse-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on openSUSE -date: 2021-11-26 00:00:00 Z -description: How to update your server on openSUSE. -card_teaser: Guide for instances installed using openSUSE package. -card_title: Update for openSUSE -card_position: 10 -icon: fa-opensuse -categories: [hosting, update] -sidebar: hosting -layout: default -slug: opensuse -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'opensuse' %} -{% assign distributionLabel = 'openSUSE' %} -{% assign distributionPackage = 'zypper' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/update/2022-02-14-hosting-update-fedora-package.md b/_posts/hosting/update/2022-02-14-hosting-update-fedora-package.md deleted file mode 100644 index 0500a7944..000000000 --- a/_posts/hosting/update/2022-02-14-hosting-update-fedora-package.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Update passbolt on Fedora -date: 2021-11-26 00:00:00 Z -description: How to update your server on Fedora. -card_teaser: Guide for instances installed using Fedora package. -card_title: Update for Fedora -card_position: 10 -icon: fa-fedora -categories: [hosting, update] -sidebar: hosting -layout: default -slug: fedora -permalink: /:categories/:slug.html ---- - -{% assign distribution = 'fedora' %} -{% assign distributionLabel = 'Fedora' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/update/package-update.md %} - -{% include hosting/update/in-case-of-issues.md %} - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} -{% include aside/message.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-source.md b/_posts/hosting/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-source.md deleted file mode 100644 index b004af1d7..000000000 --- a/_posts/hosting/upgrade/2018-04-03-hosting-upgrade-pro-from-ce-source.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Upgrade Passbolt from CE source install to Pro -card_title: From CE source install -card_teaser: Upgrade from CE source install to Pro -card_position: 7 -date: 2018-04-03 00:00:00 Z -description: Upgrade from CE source install to Pro -icon: fa-git -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-source -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro. - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database." -%} - -{% include messages/notice.html - content="You may want to consider moving to one of our [packages](/hosting/upgrade) before upgrading to Pro." -%} - -## System requirements -{% include hosting/v4-requirements.md %} - -## Upgrade to Passbolt Pro -In the following examples we assume you are running passbolt using apache in the `/var/www/passbolt` -directory. You will need to replace these values with your local environment settings. - -### 1. Take your site offline & install the required modules -{% include hosting/upgrade/take-your-site-offline.md %} - -If you are planning to use LDAP integration you will need to make sure the PHP extension for LDAP -is installed and enabled (for example: `apt-get install php-ldap`). Make sure you restart your webserver -when you add new PHP extensions (for example with: `sudo service restart php-fpm`). - -### 2. Download Passbolt Pro -{% include hosting/upgrade/pro/v2/download-and-replace-passbolt.md - repo_url="https://bitbucket.org/passbolt_pro/passbolt_pro_api.git" -%} - -### 3. Install the dependencies -{% include hosting/install/install-composer-dependencies.md %} - -### 4. Copy the avatar folder -```shell -/var/www/passbolt$ cp -R ../passbolt_old/webroot/img/public/* ./webroot/img/public/. -``` - -### 5. Configure Passbolt Pro -{% include hosting/install/pro/v2/install-with-webinstaller.md %} - -### 6. Your server is now ready to run passbolt - -Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in. - -### 7. Ensure you don't have duplicate cron jobs - -{% include hosting/upgrade/cronjobs.md %} - - -## That's it! - -At this stage, Passbolt Pro should be working perfectly. - -Any issue? Do contact us on the [Passbolt Pro support](mailto:contact@passbolt.com) with the email provided during your purchase. - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2020-09-22-migrate-to-ubuntu-package-pro.md b/_posts/hosting/upgrade/2020-09-22-migrate-to-ubuntu-package-pro.md deleted file mode 100644 index 2d383b133..000000000 --- a/_posts/hosting/upgrade/2020-09-22-migrate-to-ubuntu-package-pro.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Migrate from install scripts to Ubuntu package -date: 2021-02-03 00:00:00 Z -description: Migrate from install scripts to Ubuntu package -categories: [hosting, upgrade, pro] -card_teaser: Migrate from install script to Ubuntu package -card_title: Migrate to Ubuntu package -card_position: 3 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-ubuntu -layout: default -slug: migrate-to-ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionUpgradeGuide = 'https://ubuntu.com/blog/how-to-upgrade-from-ubuntu-18-04-lts-to-20-04-lts-today' %} -{% assign distributionPhpVersion = '7.4' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} -{% include aside/contribute.html %} - -{% include layout/col_end.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-02-12-migrate-to-ubuntu-package.md b/_posts/hosting/upgrade/2021-02-12-migrate-to-ubuntu-package.md deleted file mode 100644 index e11bddbec..000000000 --- a/_posts/hosting/upgrade/2021-02-12-migrate-to-ubuntu-package.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Migrate passbolt CE from install scripts to Ubuntu package -date: 2021-02-12 00:00:00 Z -description: Migrate passbolt CE from install scripts to Ubuntu package -categories: [hosting,upgrade,ce] -card_teaser: Migrate from install script to Ubuntu package -card_title: Migrate to Ubuntu package -card_position: 2 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-ubuntu -layout: default -slug: migrate-to-ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '20.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionUpgradeGuide = 'https://ubuntu.com/blog/how-to-upgrade-from-ubuntu-18-04-lts-to-20-04-lts-today' %} -{% assign distributionPhpVersion = '7.4' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-docker.md b/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-docker.md deleted file mode 100644 index 8bc1cb92c..000000000 --- a/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-docker.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new Docker -date: 2021-09-29 00:00:00 Z -description: Migrate an existing Passbolt CE to a new Docker -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new Docker -card_title: Migrate to new Docker -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-docker -layout: default -slug: migrate-existing-ce-to-docker -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-docker.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-ubuntu-server.md b/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-ubuntu-server.md deleted file mode 100644 index d39b53256..000000000 --- a/_posts/hosting/upgrade/2021-09-16-migrate-existing-ce-to-ubuntu-server.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new Ubuntu server -date: 2021-09-16 00:00:00 Z -description: Migrate an existing Passbolt CE to a new Ubuntu server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new Ubuntu server -card_title: Migrate to new Ubuntu server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-ubuntu -layout: default -slug: migrate-existing-ce-to-ubuntu-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-docker.md b/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-docker.md deleted file mode 100644 index 687514cbe..000000000 --- a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-docker.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new Docker -date: 2021-09-29 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new Docker -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new Docker -card_title: Migrate to new Docker -card_position: 10 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-docker -layout: default -slug: migrate-existing-pro-to-docker -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-docker.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-ubuntu-server.md b/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-ubuntu-server.md deleted file mode 100644 index 4394da261..000000000 --- a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-ubuntu-server.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new Ubuntu server -date: 2021-09-16 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new Ubuntu server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new Ubuntu server -card_title: Migrate to new Ubuntu server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-ubuntu -layout: default -slug: migrate-existing-pro-to-ubuntu-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mysql' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-vm.md b/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-vm.md deleted file mode 100644 index f42742b33..000000000 --- a/_posts/hosting/upgrade/2021-09-16-migrate-existing-pro-to-vm.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to Virtual Machine -date: 2021-09-16 00:00:00 Z -description: Migrate an existing Passbolt PRO to Virtual Machine -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to Virtual Machine -card_title: Migrate to new Virtual Machine -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-server -layout: default -slug: migrate-existing-pro-to-virtual-machine -permalink: /:categories/:slug.html ---- - -{% assign migrate = true %} -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionName = 'bullseye' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-vm.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-debian.md b/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-debian.md deleted file mode 100644 index e2319a8d1..000000000 --- a/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-debian.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: Upgrade Passbolt from CE to Pro on Debian -card_title: From CE on Debian -card_teaser: Upgrade Passbolt from CE to Pro on Debian -card_position: 4 -date: 2021-11-02 00:00:00 Z -description: Upgrade Passbolt from CE to Pro on Debian -icon: fa-debian -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign migrate = 'yes' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Pre-requisites - -For this tutorial, you will need: -- A minimal Debian server. -- Passbolt CE Debian package installed. - -## Upgrading passbolt - -### 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -$ sudo systemctl stop nginx -``` - -### 2. Backup passbolt - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup/debian). - -### 3. Upload your subscription key - -You should copy your subscription key to `/etc/passbolt/subscription_key.txt` and ensure the permissions are correct. - -```bash -sudo chown root:www-data /etc/passbolt/subscription_key.txt -sudo chmod 640 /etc/passbolt/subscription_key.txt -``` - -### 4. Uninstall passbolt CE - -Passbolt CE package should be removed prior to installing passbolt Pro. - -```bash -sudo apt-get remove passbolt-ce-server -``` - -### 5. Update passbolt package repository - -{% assign upgrade_from_ce_to_pro = 'yes' %} - -{% include hosting/install/packages/debian/install-server-components.md %} - -### 6. Install passbolt Pro - -Now you can install the passbolt Pro package. - -```bash -sudo apt-get install passbolt-pro-server -``` - -As you have already configured passbolt CE, and passbolt Pro relies on the same configuration, you should reply: - -- **No** for mariadb configuration -- **No** to nginx configuration - -### 7. Migrate the data - -Once the package installed, run the following command to migrate the data to passbolt Pro: - -```bash -sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate" -``` - -### 8. Clear the cache - -Make sure you clear the application cache, to make sure any changes in the database structure are reflected in -model cache files: - -```bash -sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all" -``` - -### 9. Ensure you don't have duplicate cron jobs - -{% include hosting/upgrade/cronjobs.md %} - - -### 10. Bring your site back online - -Finally take passbolt back up: - -```bash -sudo systemctl start nginx -``` - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html -class="tldr" -content="Your installation is not based on a debian package?" -link="/hosting/upgrade/ce/migrate-to-debian.html" -ask="Migrate passbolt to debian package" -%} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-ubuntu.md b/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-ubuntu.md deleted file mode 100644 index 12d64b3a6..000000000 --- a/_posts/hosting/upgrade/2021-11-02-hosting-upgrade-pro-from-ce-ubuntu.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Upgrade Passbolt from CE to Pro on Ubuntu -card_title: From CE on Ubuntu -card_teaser: Upgrade Passbolt from CE to Pro on Ubuntu -card_position: 5 -date: 2021-02-10 00:00:00 Z -description: Upgrade Passbolt from CE to Pro on Ubuntu -icon: fa-ubuntu -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-ubuntu -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'ubuntu' %} -{% assign distributionVersion = '22.04' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'ubuntu' %} -{% assign distributionLabel = 'Ubuntu' %} -{% assign migrate = 'yes' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -## Pre-requisites - -For this tutorial, you will need: -- A minimal Ubuntu 22.04 server. -- Passbolt CE Ubuntu package installed. - -## Upgrading passbolt - -### 1. Take down your site - -It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. - -```bash -$ sudo systemctl stop nginx -``` - -### 2. Backup passbolt - -First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our [backup process](/hosting/backup/debian). - -### 3. Upload your subscription key - -You should copy your subscription key to `/etc/passbolt/subscription_key.txt` and ensure the permissions are correct. - -```bash -sudo chown root:www-data /etc/passbolt/subscription_key.txt -sudo chmod 640 /etc/passbolt/subscription_key.txt -``` - -### 4. Uninstall passbolt CE - -Passbolt CE package should be removed prior to installing passbolt Pro. - -```bash -sudo apt-get remove passbolt-ce-server -``` - -### 5. Update passbolt package repository - -{% assign upgrade_from_ce_to_pro = 'yes' %} - -{% include hosting/install/packages/debian/install-server-components.md %} -### 6. Install passbolt Pro - -Now you can install the passbolt Pro package. - -```bash -sudo apt-get install passbolt-pro-server -``` - -As you have already configured passbolt CE, and passbolt Pro relies on the same configuration, you should reply: - -- **No** for mysql configuration -- **No** to nginx configuration - -### 7. Migrate the data - -Once the package installed, run the following command to migrate the data to passbolt Pro: - -```bash -sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate" -``` - -### 8. Clear the cache - -Make sure you clear the application cache, to make sure any changes in the database structure are reflected in -model cache files: - -```bash -sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all" -``` - -### 9. Ensure you don't have duplicate cron jobs - -{% include hosting/upgrade/cronjobs.md %} - - -### 10. Bring your site back online - -Finally take passbolt back up: - -```bash -sudo systemctl start nginx -``` - - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html -class="tldr" -content="Is your installation not based on the Ubuntu package?" -link="/hosting/upgrade/ce/migrate-to-ubuntu.html" -ask="Migrate passbolt to Ubuntu package" -%} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-migrate-existing-ce-to-debian-server.md b/_posts/hosting/upgrade/2021-11-02-migrate-existing-ce-to-debian-server.md deleted file mode 100644 index b800bc77a..000000000 --- a/_posts/hosting/upgrade/2021-11-02-migrate-existing-ce-to-debian-server.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new Debian server -date: 2021-11-02 00:00:00 Z -description: Migrate an existing Passbolt CE to a new Debian server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new Debian server -card_title: Migrate to new Debian server -card_position: 8 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-debian -layout: default -slug: migrate-existing-ce-to-debian-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-migrate-existing-pro-to-debian-server.md b/_posts/hosting/upgrade/2021-11-02-migrate-existing-pro-to-debian-server.md deleted file mode 100644 index 146672a59..000000000 --- a/_posts/hosting/upgrade/2021-11-02-migrate-existing-pro-to-debian-server.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new Debian server -date: 2021-11-02 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new Debian server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new Debian server -card_title: Migrate to new Debian server -card_position: 8 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-debian -layout: default -slug: migrate-existing-pro-to-debian-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package-pro.md b/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package-pro.md deleted file mode 100644 index 6ec363fcb..000000000 --- a/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package-pro.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Migrate from install scripts to Debian package -date: 2021-11-02 00:00:00 Z -description: Migrate from install scripts to Debian package -categories: [hosting, upgrade, pro] -card_teaser: Migrate from install script to Debian package -card_title: Migrate to Debian package -card_position: 2 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-debian -layout: default -slug: migrate-to-debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign distributionPhpVersion = '7.4' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} -{% include aside/contribute.html %} - -{% include layout/col_end.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package.md b/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package.md deleted file mode 100644 index 5d8500b73..000000000 --- a/_posts/hosting/upgrade/2021-11-02-migrate-to-debian-package.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Migrate passbolt CE from install scripts to Debian package -date: 2021-11-02 00:00:00 Z -description: Migrate passbolt CE from install scripts to Debian package -categories: [hosting,upgrade,ce] -card_teaser: Migrate from install script to Debian package -card_title: Migrate to Debian package -card_position: 1 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-debian -layout: default -slug: migrate-to-debian -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign distributionPhpVersion = '7.4' %} -{% assign distributionPackage = 'apt' %} -{% assign webServerUser = 'www-data' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-ce.md b/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-ce.md deleted file mode 100644 index 31ab4e8e7..000000000 --- a/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-ce.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Upgrade from Debian 10 to Debian 11 -date: 2021-11-03 00:00:00 Z -description: Upgrade your Debian 10 Operating System running Passbolt to Debian 11 -categories: [hosting,upgrade,ce] -passbolt_version: ce -slug: from-debian-10-to-debian-11-ce -permalink: /:categories/:slug.html -archived: true -layout: default ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersionOld = '10' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionNameOld = 'buster' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-debian-like-os.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-pro.md b/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-pro.md deleted file mode 100644 index 90a1e4784..000000000 --- a/_posts/hosting/upgrade/2021-11-03-from-debian-10-to-debian-11-pro.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Upgrade from Debian 10 to Debian 11 -date: 2021-11-03 00:00:00 Z -description: Upgrade your Debian 10 Operating System running Passbolt to Debian 11 -categories: [hosting,upgrade,pro] -sidebar: [hosting, upgrade] -passbolt_version: pro -slug: from-debian-10-to-debian-11-pro -permalink: /:categories/:slug.html -archived: true -layout: default ---- - -{% assign product = 'pro' %} -{% assign distribution = 'debian' %} -{% assign distributionVersionOld = '10' %} -{% assign distributionVersion = '11' %} -{% assign distributionVersionNameOld = 'buster' %} -{% assign distributionVersionName = 'buster' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-debian-like-os.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-almalinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-almalinux-server.md deleted file mode 100644 index 909eeb302..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-almalinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new AlmaLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new AlmaLinux server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new AlmaLinux server -card_title: Migrate to new AlmaLinux server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-almalinux -layout: default -slug: migrate-existing-ce-to-almalinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'almalinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'almalinux' %} -{% assign distributionLabel = 'AlmaLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-oraclelinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-oraclelinux-server.md deleted file mode 100644 index e7633781e..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-oraclelinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new OracleLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new OracleLinux server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new OracleLinux server -card_title: Migrate to new OracleLinux server -card_position: 90 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-oraclelinux -layout: default -slug: migrate-existing-ce-to-oraclelinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-redhat-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-redhat-server.md deleted file mode 100644 index 2ee1ce278..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-redhat-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new Red Hat server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new Red Hat server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new Red Hat server -card_title: Migrate to new Red Hat server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-redhat -layout: default -slug: migrate-existing-ce-to-redhat-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-rockylinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-rockylinux-server.md deleted file mode 100644 index 4ce4f6592..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-ce-to-rockylinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new RockyLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new RockyLinux server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new RockyLinux server -card_title: Migrate to new RockyLinux server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-rockylinux -layout: default -slug: migrate-existing-ce-to-rockylinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'rockylinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'rockylinux' %} -{% assign distributionLabel = 'RockyLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-almalinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-almalinux-server.md deleted file mode 100644 index 931f7b68f..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-almalinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new AlmaLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new AlmaLinux server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new AlmaLinux server -card_title: Migrate to new AlmaLinux server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-almalinux -layout: default -slug: migrate-existing-pro-to-almalinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'almalinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'almalinux' %} -{% assign distributionLabel = 'AlmaLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-oraclelinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-oraclelinux-server.md deleted file mode 100644 index 1228abc08..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-oraclelinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new OracleLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new OracleLinux server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new OracleLinux server -card_title: Migrate to new OracleLinux server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-oraclelinux -layout: default -slug: migrate-existing-pro-to-oraclelinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'oraclelinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'oraclelinux' %} -{% assign distributionLabel = 'OracleLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-redhat-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-redhat-server.md deleted file mode 100644 index 12f3fc799..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-redhat-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new Red Hat server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to a new Red Hat server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to a new Red Hat server -card_title: Migrate to new Red Hat server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-redhat -layout: default -slug: migrate-existing-pro-to-redhat-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'redhat' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'redhat' %} -{% assign distributionLabel = 'Red Hat' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-rockylinux-server.md b/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-rockylinux-server.md deleted file mode 100644 index ee382bbff..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-existing-pro-to-rockylinux-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new RockyLinux server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to new RockyLinux server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to new RockyLinux server -card_title: Migrate to new RockyLinux server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-rockylinux -layout: default -slug: migrate-existing-pro-to-rockylinux-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'rockylinux' %} -{% assign distributionVersion = '8' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'rockylinux' %} -{% assign distributionLabel = 'RockyLinux' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package-pro.md b/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package-pro.md deleted file mode 100644 index cd1cb1a96..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package-pro.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Migrate passbolt PRO from install scripts to CentOS 7 package -date: 2021-11-26 00:00:00 Z -description: Migrate passbolt PRO from install scripts to CentOS 7 package -card_teaser: Migrate from install script to CentOS 7 package -card_title: Migrate to CentOS 7 package -card_position: 1 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-centos -layout: default -categories: [hosting,upgrade,pro] -slug: migrate-to-centos -permalink: /:categories/:slug.html ---- - - -{% assign product = 'pro' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'yum' %} -{% assign webServerUser = 'nginx' %} - - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package.md b/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package.md deleted file mode 100644 index ee9afef6b..000000000 --- a/_posts/hosting/upgrade/2021-11-26-migrate-to-centos-package.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Migrate passbolt CE from install scripts to CentOS 7 package -date: 2021-11-26 00:00:00 Z -description: Migrate passbolt CE from install scripts to CentOS 7 package -card_teaser: Migrate from install script to CentOS 7 package -card_title: Migrate to CentOS 7 package -card_position: 1 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-centos -layout: default -categories: [hosting,upgrade,ce] -slug: migrate-to-centos -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'yum' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/upgrade/upgrade-to-debian-pkg.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2021-12-30-hosting-upgrade-pro-from-docker.md b/_posts/hosting/upgrade/2021-12-30-hosting-upgrade-pro-from-docker.md deleted file mode 100644 index 484e9b4a4..000000000 --- a/_posts/hosting/upgrade/2021-12-30-hosting-upgrade-pro-from-docker.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Upgrade from CE to Pro using docker -card_title: From CE with Docker -card_teaser: Upgrade from CE to Pro using docker -card_position: 6 -date: 2022-02-21 00:00:00 Z -description: Upgrade from CE to Passbolt Pro using docker -icon: fa-docker -categories: [hosting,upgrade,pro] -sidebar: hosting -layout: default -slug: upgrade-pro-from-ce-docker -docker_tag: '-pro' -passbolt_version: Pro -permalink: /:categories/:slug.html ---- - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include messages/warning.html - content="**Important:** Please take a full [backup](/hosting/backup) of your passbolt before proceeding with the upgrade." -%} - -In order to upgrade from CE to PRO, open your `docker-compose.yaml` file and search for the passbolt CE image definition: - -``` -image: passbolt/passbolt: -``` - -And replace the CE `` [with a PRO ``](https://hub.docker.com/r/passbolt/passbolt/tags?page=1&name=pro). - -In the same location of your docker-compose.yaml file, create a subscription_key.txt file containing your passbolt subscription key, and add a new volume definition in your docker-compose.yaml file: - -``` -version: '3.7' -services: - db: - ... - passbolt: - ... - volumes: - ... - - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro -``` - -Then relaunch your docker containers: - -``` -$ docker-compose up -d -``` - -By doing this: - -* a new passbolt docker image will be pulled and a new container created -* your passbolt database schema will be updated - -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/pro-support.html %} - -{% include layout/row_end.html %} \ No newline at end of file diff --git a/_posts/hosting/upgrade/2022-02-11-migrate-existing-ce-to-opensuse-server.md b/_posts/hosting/upgrade/2022-02-11-migrate-existing-ce-to-opensuse-server.md deleted file mode 100644 index 81d27a28e..000000000 --- a/_posts/hosting/upgrade/2022-02-11-migrate-existing-ce-to-opensuse-server.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new openSUSE server -date: 2022-02-11 00:00:00 Z -description: Migrate an existing Passbolt CE to a new openSUSE server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new openSUSE server -card_title: Migrate to new openSUSE server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-opensuse -layout: default -slug: migrate-existing-ce-to-opensuse-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'opensuse' %} -{% assign distributionVersion = 'Leap 15' %} -{% assign distributionSlug = 'opensuse' %} -{% assign distributionLabel = 'openSUSE' %} -{% assign distributionPackage = 'zypper' %} -{% assign webServerUser = 'wwwrun' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2022-02-11-migrate-existing-pro-to-opensuse-server.md b/_posts/hosting/upgrade/2022-02-11-migrate-existing-pro-to-opensuse-server.md deleted file mode 100644 index 6a2fa7c69..000000000 --- a/_posts/hosting/upgrade/2022-02-11-migrate-existing-pro-to-opensuse-server.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new openSUSE server -date: 2022-02-11 00:00:00 Z -description: Migrate an existing Passbolt PRO to new openSUSE server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to new openSUSE server -card_title: Migrate to new openSUSE server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-opensuse -layout: default -slug: migrate-existing-pro-to-opensuse-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'opensuse' %} -{% assign distributionVersion = 'Leap 15' %} -{% assign distributionSlug = 'opensuse' %} -{% assign distributionLabel = 'openSUSE' %} -{% assign distributionPackage = 'zypper' %} -{% assign webServerUser = 'wwwrun' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2022-02-14-migrate-existing-ce-to-fedora-server.md b/_posts/hosting/upgrade/2022-02-14-migrate-existing-ce-to-fedora-server.md deleted file mode 100644 index 999c4e39a..000000000 --- a/_posts/hosting/upgrade/2022-02-14-migrate-existing-ce-to-fedora-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new Fedora server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new Fedora server -categories: [hosting,upgrade,ce] -card_teaser: Migrate an existing Passbolt CE to a new Fedora server -card_title: Migrate to new Fedora server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-fedora -layout: default -slug: migrate-existing-ce-to-fedora-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'ce' %} -{% assign distribution = 'fedora' %} -{% assign distributionVersion = '37' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'fedora' %} -{% assign distributionLabel = 'Fedora' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2022-02-14-migrate-existing-pro-to-fedora-server.md b/_posts/hosting/upgrade/2022-02-14-migrate-existing-pro-to-fedora-server.md deleted file mode 100644 index e7cad1b5f..000000000 --- a/_posts/hosting/upgrade/2022-02-14-migrate-existing-pro-to-fedora-server.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new Fedora server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to new Fedora server -categories: [hosting,upgrade,pro] -card_teaser: Migrate an existing Passbolt PRO to new Fedora server -card_title: Migrate to new Fedora server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-fedora -layout: default -slug: migrate-existing-pro-to-fedora-server -permalink: /:categories/:slug.html ---- - -{% assign product = 'pro' %} -{% assign distribution = 'fedora' %} -{% assign distributionVersion = '37' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'fedora' %} -{% assign distributionLabel = 'Fedora' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2023-02-02-migrate-existing-ce-to-centos-server.md b/_posts/hosting/upgrade/2023-02-02-migrate-existing-ce-to-centos-server.md deleted file mode 100644 index b78341862..000000000 --- a/_posts/hosting/upgrade/2023-02-02-migrate-existing-ce-to-centos-server.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Migrate an existing Passbolt CE to a new CentOS server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt CE to a new CentOS server -card_teaser: Migrate an existing Passbolt CE to a new CentOS server -card_title: Migrate to new CentOS server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: ce -icon: fa-centos -layout: default -categories: [hosting,upgrade,ce] -slug: migrate-existing-ce-to-centos-server -permalink: /:categories/:slug.html ---- -{% assign product = 'ce' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2023-02-02-migrate-existing-pro-to-centos-server.md b/_posts/hosting/upgrade/2023-02-02-migrate-existing-pro-to-centos-server.md deleted file mode 100644 index b070eddc4..000000000 --- a/_posts/hosting/upgrade/2023-02-02-migrate-existing-pro-to-centos-server.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Migrate an existing Passbolt PRO to a new CentOS server -date: 2021-11-26 00:00:00 Z -description: Migrate an existing Passbolt PRO to new CentOS server -card_teaser: Migrate an existing Passbolt PRO to new CentOS server -card_title: Migrate to new CentOS server -card_position: 9 -sidebar: [hosting, upgrade] -passbolt_version: pro -icon: fa-centos -layout: default -categories: [hosting,upgrade,pro] -slug: migrate-existing-pro-to-centos-server -permalink: /:categories/:slug.html ---- -{% assign product = 'pro' %} -{% assign distribution = 'centos' %} -{% assign distributionVersion = '7' %} -{% assign distributionVersionName = 'focal' %} -{% assign distributionSlug = 'centos' %} -{% assign distributionLabel = 'CentOS' %} -{% assign distributionPackage = 'dnf' %} -{% assign webServerUser = 'nginx' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} -{% include messages/warning.html - content="**Important:** You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then." -%} -{% include hosting/upgrade/upgrade-existing-to-new-server.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-ce.md b/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-ce.md deleted file mode 100644 index 2584e0988..000000000 --- a/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-ce.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Upgrade from Debian 11 to Debian 12 -date: 2023-06-29 00:00:00 Z -description: Upgrade your Debian 11 Operating System running Passbolt to Debian 12 -categories: [hosting,upgrade,ce] -sidebar: [hosting, upgrade] -passbolt_version: ce -slug: from-debian-11-to-debian-12-ce -permalink: /:categories/:slug.html -archived: true -layout: default ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersionOld = '11' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionNameOld = 'bullseye' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-debian12-new-specs.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-pro.md b/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-pro.md deleted file mode 100644 index 9a28992e4..000000000 --- a/_posts/hosting/upgrade/2023-06-29-from-debian11-to-debian12-pro.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Upgrade from Debian 11 to Debian 12 -date: 2023-06-29 00:00:00 Z -description: Upgrade your Debian 11 Operating System running Passbolt to Debian 12 -categories: [hosting,upgrade,pro] -passbolt_version: pro -slug: from-debian-11-to-debian-12-pro -permalink: /:categories/:slug.html -archived: true -layout: default ---- - -{% assign product = 'ce' %} -{% assign distribution = 'debian' %} -{% assign distributionVersionOld = '11' %} -{% assign distributionVersion = '12' %} -{% assign distributionVersionNameOld = 'bullseye' %} -{% assign distributionVersionName = 'bookworm' %} -{% assign distributionSlug = 'debian' %} -{% assign distributionLabel = 'Debian' %} -{% assign distributionUpgradeGuide = 'https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html' %} -{% assign databaseEngine = 'mariadb' %} - -{% include layout/row_start.html %} -{% include layout/col_start.html column="7" %} - -{% include hosting/upgrade/upgrade-debian12-new-specs.md %} -{% include date/updated.html %} - -{% include layout/col_end.html %} -{% include layout/col_start.html column="4 last push1" %} - -{% include aside/message.html - class="tldr notice" - content="Are you experiencing issues when updating passbolt?" - link="https://community.passbolt.com/c/installation-issues" - ask="Ask the community!" - button="primary" -%} - -{% include aside/message.html %} -{% include aside/contribute.html %} -{% include layout/row_end.html %} diff --git a/docs/2021/11/24/Debian11-ce.html b/docs/2021/11/24/Debian11-ce.html deleted file mode 100644 index eaf6df9c7..000000000 --- a/docs/2021/11/24/Debian11-ce.html +++ /dev/null @@ -1,506 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Debian 11 (Bullseye) - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Install Passbolt CE on Debian 11 (Bullseye)

-
-
- - -
-
- -

Prerequisites

- -

For this tutorial, you will need:

- -
    -
  • -

    A minimal Debian 11 server.

    -
    • -
  • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
    • -
  • a working SMTP server for email notifications
    • -
  • a working NTP service to avoid GPG authentication issues
    • -
- -

The recommended server requirements are:

-
    -
  • 2 cores
    • -
  • 2GB of RAM
    • -
- -

FAQ pages:

- - - -
-

- Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

- -
- -
-

- Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

- -
- -

Package repository setup

- -

For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

- -

Step 1. Download our dependencies installation script:

- - 
wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
- -

Step 2. Download our SHA512SUM for the installation script:

- - 
wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
- -

Step 3. Ensure that the script is valid and execute it:

- - 
sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
- -

Install passbolt official linux package

- - 
sudo apt install passbolt-ce-server
-
- -

Configure mariadb

- -

If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

- -
- Configure database dialog - fig. Configure database dialog -
- -

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

- -
- Database admin user dialog - fig. Database admin user dialog -
- -
- Database admin user pass dialog - fig. Database admin user pass dialog -
- -

Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

- -
- Database passbolt user dialog - fig. Database passbolt user dialog -
- -
- Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
- -

Lastly we need to create a database for passbolt to use, for that we need to name it:

- -
- Database name dialog - fig. Database name dialog -
- -

Configure nginx for serving HTTPS

- -

Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

- - - -

2. Configure passbolt

- -

Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

- -
- passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
- -

2.1. Healthcheck

- -

The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

- -
- wizard - healthcheck - fig. wizard - healthcheck -
- -

2.2. Database

- -

This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

- -
- wizard - database - fig. wizard - database -
- -

2.3. GPG key

- -

In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

- -

Generate a key if you don’t have one.

- -
- wizard - generate a key pair - fig. wizard - generate a key pair -
- -

Optional: Import a key if you already have one and you want your server to use it.

- -

- Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

- -

To create a new GnuPG key without passphrase:

- 
gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
- -

Feel free to replace Name-Real and Name-Email with your own.

- -

To display your new key:

- - 
gpg --armor --export-secret-keys email@domain.tld
-
- -
- wizard - import a key pair - fig. wizard - import a key pair -
- -

2.4. Mail server (SMTP)

- -

At this stage, the wizard will ask you to enter the details of your SMTP server.

- -
- wizard - smtp mail server details - fig. wizard - smtp mail server details -
- -

You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

- -
- wizard - test smtp settings - fig. wizard - test smtp settings -
- -

2.5. Preferences

- -

The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

- -
- wizard - preferences - fig. wizard - preferences -
- -

2.6. First user creation

- -

You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

- -
- wizard - first user - fig. wizard - first user -
- -

2.7. Installation

- -

That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

- -
- wizard - installation - fig. wizard - installation -
- -

Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

- -
- wizard - completion and redirection - fig. wizard - completion and redirection -
- -

3. Configure your administrator account

- -

3.1. Download the plugin

- -

Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

- -
- download the browser extension - fig. download the browser extension -
- -

3.2. Create a new key

- -

Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

- -
- generate a key - fig. generate a key -
- -

3.3. Download your recovery kit

- -

This step is essential. Your key is the only way to access your account and passwords.

- -
-

- WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

- -
- -
- download the recovery kit - fig. download the recovery kit -
- -

3.4. Define your security token

- -

Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

- -
- define your security token - fig. define your security token -
- -

3.5. That’s it!

- -

Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

- -
-

Last updated

-

This article was last updated on -November -24th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-

Stay informed of the next releases!

- - Star Passbolt CE on github - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/2021/11/24/Debian11.html b/docs/2021/11/24/Debian11.html deleted file mode 100644 index e4ef5a64c..000000000 --- a/docs/2021/11/24/Debian11.html +++ /dev/null @@ -1,516 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Debian 11 (Bullseye) - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Install Passbolt Pro on Debian 11 (Bullseye)

-
-
- - -
-
- -

Prerequisites

- -

For this tutorial, you will need:

- -
    -
  • -

    A minimal Debian 11 server.

    -
    • -
  • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
    • -
  • a working SMTP server for email notifications
    • -
  • a working NTP service to avoid GPG authentication issues
    • -
- -

The recommended server requirements are:

-
    -
  • 2 cores
    • -
  • 2GB of RAM
    • -
- -

FAQ pages:

- - - -
-

- Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

- -
- -
-

- Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

- -
- -

Package repository setup

- -

For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

- -

Step 1. Download our dependencies installation script:

- - 
wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
- -

Step 2. Download our SHA512SUM for the installation script:

- - 
wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
- -

Step 3. Ensure that the script is valid and execute it:

- - 
sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
- -

Install passbolt official linux package

- - 
sudo apt install passbolt-pro-server
-
- -

Configure mariadb

- -

If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

- -
- Configure database dialog - fig. Configure database dialog -
- -

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

- -
- Database admin user dialog - fig. Database admin user dialog -
- -
- Database admin user pass dialog - fig. Database admin user pass dialog -
- -

Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

- -
- Database passbolt user dialog - fig. Database passbolt user dialog -
- -
- Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
- -

Lastly we need to create a database for passbolt to use, for that we need to name it:

- -
- Database name dialog - fig. Database name dialog -
- -

Configure nginx for serving HTTPS

- -

Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

- - - -

2. Configure passbolt

- -

Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

- -
- passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
- -

2.1. Healthcheck

- -

The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

- -
- wizard - healthcheck - fig. wizard - healthcheck -
- -

2.2. Subscription key

- -

At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

- -
- wizard - subscription key - fig. wizard - subscription key -
- -

2.3. Database

- -

This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

- -
- wizard - database - fig. wizard - database -
- -

2.4. GPG key

- -

In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

- -

Generate a key if you don’t have one.

- -
- wizard - generate a key pair - fig. wizard - generate a key pair -
- -

Optional: Import a key if you already have one and you want your server to use it.

- -

- Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

- -

To create a new GnuPG key without passphrase:

- 
gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
- -

Feel free to replace Name-Real and Name-Email with your own.

- -

To display your new key:

- - 
gpg --armor --export-secret-keys email@domain.tld
-
- -
- wizard - import a key pair - fig. wizard - import a key pair -
- -

2.5. Mail server (SMTP)

- -

At this stage, the wizard will ask you to enter the details of your SMTP server.

- -
- wizard - smtp mail server details - fig. wizard - smtp mail server details -
- -

You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

- -
- wizard - test smtp settings - fig. wizard - test smtp settings -
- -

2.6. Preferences

- -

The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

- -
- wizard - preferences - fig. wizard - preferences -
- -

2.7. First user creation

- -

You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

- -
- wizard - first user - fig. wizard - first user -
- -

2.8. Installation

- -

That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

- -
- wizard - installation - fig. wizard - installation -
- -

Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

- -
- wizard - completion and redirection - fig. wizard - completion and redirection -
- -

3. Configure your administrator account

- -

3.1. Download the plugin

- -

Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

- -
- download the browser extension - fig. download the browser extension -
- -

3.2. Create a new key

- -

Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

- -
- generate a key - fig. generate a key -
- -

3.3. Download your recovery kit

- -

This step is essential. Your key is the only way to access your account and passwords.

- -
-

- WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

- -
- -
- download the recovery kit - fig. download the recovery kit -
- -

3.4. Define your security token

- -

Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

- -
- define your security token - fig. define your security token -
- -

3.5. That’s it!

- -

Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

- -
-

Last updated

-

This article was last updated on -November -24th, -2021.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-

Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

- - View on github - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/account-recovery.html b/docs/configure/account-recovery.html deleted file mode 100644 index 79ee1206c..000000000 --- a/docs/configure/account-recovery.html +++ /dev/null @@ -1,475 +0,0 @@ - - - - - Passbolt Help | How to configure Account Recovery - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure Account Recovery

-
-
- - -
-
- -
- -
- -

Requirements

- -

You can follow this procedure if you are meeting the following requirements:

- -
    -
  • You are running passbolt Pro > v3.6.0 or Passbolt Cloud.
    • -
  • You have an active administrator account
    • -
- -

How does it work?

- -

Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss.

- -

Depending on the organisation policy, all users will be able to deposit an encrypted backup of their private keys in -passbolt. Backups that can only be unlocked cryptographically by the organisation administrators having in their possession -the organisation recovery key.

- -

Enable account recovery

- -

In order to configure account recovery for your organisation, go to administration setting workspace Administration > Account recovery.

- -

Choose the organisation policy

- -

By default, account recovery is disabled. To enable it choose among the proposed policies the one that suits best your -organization.

- -
- Account recovery administration settings choose policy - fig. Account recovery administration settings choose policy -
- -
    -
  • -

    Mandatory: as its name states, users have to subscribe to the program no matter their preferences. New users will be forced to subscribe to the program while registering for the first time while existing users will be prompted to subscribe after signing in to the application.

    -
    • -
  • -

    Opt-out: users have the choice to subscribe or reject the program, but they are subscribed by default. Users will be able to set their preferences while registering for the first time while existing users will be prompted to subscribe after signing in to the application.

    -
    • -
  • -

    Opt-in: as the opt-out option, users have the choice to subscribe or reject the program, but they are not subscribed by default. New users will be able to set their preferences while registering for the first time and existing users will be able to set their preference via their settings workspace.

    -
    • -
  • -

    Disable: as the name states, the program is disabled and nobody will be able to use it.

    -
    • -
- -

Set the organisation key

- -

Once you have chosen the organisation policy the next step is to set an organisation key. This key will be used to encrypt -the escrow of the organisation users private keys.

- -

Import the organisation key

- -

This method is the recommended one as it will keep your organisation key isolated from passbolt until the moment you -need it.

- -
- Account recovery administration settings ORK import screen - fig. Account recovery administration settings ORK import screen -
- -

In order to be accepted, the organisation key should meet these requirements:

- -
    -
  • The key should be public gpg key
    • -
  • The key should use the algorithm RSA
    • -
  • The key should have a length of 4096 bits
    • -
  • The key should have a passphrase
    • -
- -

If you do not know how to generate an OpenPGP key, checkout the following documentation: how to generate an OpenPGP key.

- -

Generate the organisation key

- -

If you cannot generate an OpenPGP key on your own, we got your back. In the import recovery key dialog, -click on the “Generate” tab. From there you will find a tool that will help you to generate your organisation key.

- -
- Account recovery administration settings organisation generation screen - fig. Account recovery administration settings organisation generation screen -
- -
-

- Attention: Passbolt will prompt you to save the generated key on your computer. Keep this backup offline in a safe place, it will be -required later to update the organisation policy as well as to approve the users’ recovery requests. -

- -
- -

Apply the policy

- -

Once the organisation policy and the organisation key were imported, you can apply the changes. Click on the “save -settings” button, you will be prompted to review the settings. It is advised to do a careful check here before continuing.

- -
- Account recovery administration settings summary review dialog - fig. Account recovery administration settings summary review dialog -
- -

Disable account recovery

- -

In order to disabled account recovery for your organisation, go to administration setting workspace Administration > Account recovery.

- -
- Account recovery administration settings disable policy - fig. Account recovery administration settings disable policy -
- -

Select the policy “Disable” and click on the “Save settings” button on top of the screen. You will be prompted to -review the changes and then to provide the organisation key currently in use. This extra check will prevent attackers to -disable then enable again the feature with an organisation key of their own.

- -
- Account recovery administration settings provide organization key - fig. Account recovery administration settings provide organization key -
- -
-

- Attention: By disabling account recovery, you will truncate all the relative data. If you decide to -enable it again you and the all the users will have to start everything from scratch. -

- -
- -

Update account recovery

- -

In order to update the settings, go to administration setting workspace Administration > Account recovery.

- -

Select the policy of your choice and update the organisation key if necessary as explained in the section -enable account recovery.

- -

Once you have made your changes, click on the “Save settings” button on top of the screen. You will be prompted to -review the changes and to provide the organisation key currently in use. This extra check will prevent attackers to -disable then enable again the feature with an organisation key of their own.

- -
- Account recovery administration settings summary review dialog - fig. Account recovery administration settings summary review dialog -
- -
-

Last updated

-

This article was last updated on -August -5th, -2022.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/database/credentials.html b/docs/configure/database/credentials.html deleted file mode 100644 index 7c8b80851..000000000 --- a/docs/configure/database/credentials.html +++ /dev/null @@ -1,357 +0,0 @@ - - - - - Passbolt Help | Update my database credentials - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Update my database credentials

-
-
- -
-
- -

With package installation (Debian, Ubuntu, RPM)

- -

Open /etc/passbolt/passbolt.php file and edit the Datasources block:

- - 
(...)
-    // Database configuration.
-    'Datasources' => [
-        'default' => [
-            'host' => '127.0.0.1',
-            'port' => '3306',
-            'username' => 'passbolt',
-            'password' => 'password',
-            'database' => 'passboltdb',
-        ],
-    ],
-(...)
-
- -

Save and quit.

- -

From source installation

- -

It is the same block to edit than the package installation, but passbolt configuration file is located on /var/www/passbolt/config/passbolt.php

- -

With docker installation

- -

Database credentials are set in environment variables and you need to edit them for each container:

- -

For mariadb container:

- - 
MYSQL_DATABASE: "passboltdb"
-MYSQL_USER: "passbolt"
-MYSQL_PASSWORD: "very-strong-password"
-
- -

For passbolt container:

- - 
DATASOURCES_DEFAULT_DATABASE: "passboltdb"
-DATASOURCES_DEFAULT_USERNAME: "passbolt"
-DATASOURCES_DEFAULT_PASSWORD: "very-strong-password"
-
- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/docker/index.html b/docs/configure/docker/index.html deleted file mode 100644 index 827a036c4..000000000 --- a/docs/configure/docker/index.html +++ /dev/null @@ -1,471 +0,0 @@ - - - - - Passbolt Help | Configure - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- -
-
-
-
-
-
- -
-
-
- - - - - - - - - - - -
-
-

Configure

-
-
-
- - -
- - - - - - Configure HTTPS - How to setup HTTPS for secure communications - -
- - -
- - - - -
PRO
- - - Configure LDAP - How to configure the directory sync plugin - -
- - -
- - - - -
PRO
- - - Configure Account Recovery - How to configure Account Recovery - -
- - -
- - - - -
PRO
- - - Configure SSO - How to configure Single Sign-On - -
- - -
- - - - - - Configure Windows App - How to configure Windows App - -
- - -
- - - - -
PRO
- - - Configure Password Policies - How to configure Password Policies - -
- - -
- - - - -
PRO
- - - Configure User Passphrase Policies - How to configure User Passphrase Policies - -
- - -
- - - - - - Configure RBAC - How to configure Role-Based Access Control - -
- - -
- - - - -
PRO
- - - Configure LDAP with ssl - How to configure the LDAP plugin with ssl (ldaps) - -
- - -
- - - - -
PRO
- - - Using LDAP Filters - How to use the filters to configure your Users Directory - -
- - -
- - - - -
PRO
- - - Troubleshoot LDAP sync errors - Common ldap synchronization errors and their meaning - -
- - -
- - - - - - Configure MFA - How to configure Multi Factor Authentication - -
- - -
- - - - - - Configure TOTP - How to configure Time-based One Time Password - -
- - -
- - - - - - Configure Email Notifications - How to manage email notification settings - -
- - -
- - - - - - Configure Email providers - How to setup email providers - -
- - -
- - - - - - Configure Email authentication - How to configure your authentication method - -
- - -
- - - - - - Troobleshoot Email config - Common issues with emails - -
- - -
- - - - - - Environment variable reference - Reference list of all environment variables - -
- - -
- - - - - - Update database credentials - Update database credentials - -
- -
- - - - - - - - - -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/email.html b/docs/configure/email.html deleted file mode 100644 index a3b3c9ab9..000000000 --- a/docs/configure/email.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/email/setup.html b/docs/configure/email/setup.html deleted file mode 100644 index 383b25e36..000000000 --- a/docs/configure/email/setup.html +++ /dev/null @@ -1,449 +0,0 @@ - - - - - Passbolt Help | Configure email providers - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Configure email providers

-
-
- -
-
- -

Introduction

- -

Passbolt relies heavily on emails:

-
    -
  • Account creation
    • -
  • Account recovery
    • -
  • Notifications on different user actions
    • -
- -

Having a working email setup is essential if you want to use passbolt at its best. There are many email providers -and each one has its own setup process. The aim of this help page is to provide the basic concepts so each admin -can setup their provider adjusting to their particular case.

- -

Requirements

-

You can follow this procedure if you are meeting the following requirements:

- -
    -
  • You are running Passbolt Pro > 3.8.0 or Passbolt Cloud
    • -
  • You have an active administrator account
    • -
- -

You are running Passbolt Pro < 3.7.3 ?

- -

How does it work?

-

Configuring email server, but through the UI is a feature introduced with Passbolt v3.8.0 that as for aim to help all administrators who needs to change their SMTP server settings the easiest way.
-We moved the email configuration from config/passbolt.php directly into the database and your credentials are encrypted with the server GPG public key.

- -

Access to email server configuration

-

In order to configure your email server configuration, go to administration setting workspace.
-Administration > Email server

- -

Choose your email provider

-

When you consult your email server settings for the first time, by default, the provider is Other. Everything is filled out except logins details. You are free to edit thoses fields to match your email configuration.

- -
- Email Server - Providers - fig. Email Server - Providers -
- -

We also provide pre-filled configuration for most common mail server such as Gmail, AWS SES, etc. -
-But still, you can navigate through advanced settings to change all the setings like SMTP host, TLS, and port.

- -

Save the settings

-

To save the settings, you have to click on the save settings button.

-
- Email Server - Save configuration - fig. Email Server - Save configuration -
- -

If at least one mandatory field is empty or doesn’t have the expected format, an error alert will appears and the interface jumps to the first mandatory field that doesn’t fit the requirements. This field will also shows an error message in red.

- -

Test email notifications

-

You can test your configuration by clicking on the send test email button. You must enter a valid recipient email to start the test procedure but the administrator current email is pre-filled.

-
- Email Server - Test notifications - fig. Email Server - Test notifications -
- -

If the email has been successfully sent and you haven’t received anything you should check your spam folder. -The logs are also available in a text area if you unfolds the logs section. -

- -

Environment variables

-

If you are using environment variables, it is still possible to configure your email settings. -
-Please note that the database prevails on environment variables. If you were using environment variables while updating to v3.8.0 or newer version, they will be moved into the database.

- -

TLS

- 
EMAIL_TRANSPORT_DEFAULT_HOST=your.smtp.provider.host.com
-EMAIL_TRANSPORT_DEFAULT_PORT=587
-EMAIL_TRANSPORT_DEFAULT_USERNAME=user
-EMAIL_TRANSPORT_DEFAULT_PASSWORD=secret
-EMAIL_TRANSPORT_DEFAULT_TLS=true
-
-

You should replace:

-
    -
  • your.smtp.provider.host.com
    • -
  • user
    • -
  • secret
    • -
- -

With the actual values for your provider. Usually email providers that support TLS use port 587 however you should check with your provider specific requirements.

- -

SSL

- 
EMAIL_TRANSPORT_DEFAULT_HOST=ssl://your.smtp.provider.host.com
-EMAIL_TRANSPORT_DEFAULT_PORT=465
-EMAIL_TRANSPORT_DEFAULT_USERNAME=user
-EMAIL_TRANSPORT_DEFAULT_PASSWORD=secret
-EMAIL_TRANSPORT_DEFAULT_TLS=null
-
- -

All the changes are the same as the TLS providers except that you will set EMAIL_TRANSPORT_DEFAULT_TLS to null and replace placeholders with the actual values for your provider.

- -

Configure SMTP with Passbolt 3.7.3 or earlier version

- -

TLS email providers

- -

If your email provider supports TLS encryption your setup should look like this in config/passbolt.php:

- - 
    'EmailTransport' => [
-        'default' => [
-            'host' => 'your.smtp.provider.host.com',
-            'port' => 587,
-            'username' => 'user',
-            'password' => 'secret',
-            'tls' => true,
-        ],
-    ],
-
-

You should replace:

-
    -
  • your.smtp.provider.host.com
    • -
  • user
    • -
  • secret
    • -
- -

With the actual values for your provider. -Usually email providers that support TLS use port 587 however you should check with your provider specific -requirements.

- -

SSL email providers

- -

Some providers support SSL encryption and the setup is slightly different from the TLS case. Just change -your config/passbolt.php file to look like this:

- - 
    'EmailTransport' => [
-        'default' => [
-            'host' => 'ssl://your.smtp.provider.host.com',
-            'port' => 465,
-            'username' => 'user',
-            'password' => 'secret',
-            'tls' => null,
-        ],
-    ],
-
- -

All the changes are the same as the TLS providers except that you will set tls to null and replace placeholders with the actual values for your provider.

- -
-

Last updated

-

This article was last updated on -March -6th, -2020.

-
- -
-
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/email/smtp-authentication.html b/docs/configure/email/smtp-authentication.html deleted file mode 100644 index 2a4258c40..000000000 --- a/docs/configure/email/smtp-authentication.html +++ /dev/null @@ -1,962 +0,0 @@ - - - - - Passbolt Help | Configure Email authentication - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Configure Email authentication

-
-
- -
-
- -

Table of contents:

- - -

Introduction

-

This page is dedicated to providing you with valuable resources to help you configure an authentication method based on the email provider you choose. Authentication is an essential security measure that verifies the identity of users and ensures that only authorized individuals have access to sensitive information.

- -

In order to follow this guide, you will need an email provider. -If you want to know how to configure your email provider, please follow this link.

- -

Google

- -

Passbolt provides two different options for Google: Google Workspace and Google Email.

- -

Google Workspace is a paid productivity suite that includes business email, cloud storage, video conferencing, and other collaboration tools. It is designed for use by businesses and organizations of all sizes, and provides additional features such as custom email addresses, shared calendars, and team drives.

- -

It uses smtp-relay.gmail.com as its SMTP server address. This server is intended to be used by applications that send email on behalf of users, such as custom scripts or third-party applications. This server is designed to provide higher sending limits, enhanced reliability, and better tracking of email sent through it.

- -

Google Email is a free email service that is available to anyone with a Google account. It is primarily intended for personal use and provides users with a simple, user-friendly email interface.

- -

It uses smtp.gmail.com as its SMTP server address. This server is intended for use by individual users who want to send email using a desktop email client, such as Microsoft Outlook or Apple Mail. This server provides standard sending limits and is intended for personal use.

- -

To use Google’s authentication method on the Passbolt GUI, it is important to note that you should not use your personal Google password for security reasons. Instead, you will need to create an “App password” specifically for Passbolt. This is a unique password that will be used solely for Passbolt and is not the same as your personal Google password.

- -
    -
  • Enable MFA
    • -
- -

In order to have a dedicated application password you will need to enable MFA on your Google account, if you already have MFA enabled you can skip to the second part.

- -

You will have to navigate from Manage your Google Account > Security > Signing in to Google

- -
- Google - Enable MFA - fig. Google - Enable MFA -
- -

After clicking on 2-Step-Verification you should be redirected to a “Get Started” page as shown below

- -
- Google - MFA (Get Started) - fig. Google - MFA (Get Started) -
- -

To configure MFA on Google you will need a TOTP Mobile Application.

- -
    -
  • Enable Application Password
    • -
- -

Now that MFA is enabled on your Google account, please go back to Security > Signing in to Google

- -
- Google - MFA Enabled - fig. Google - MFA Enabled -
- -

You will have the choice for the selection of the application, our recommendation is to use Other (Custom name), as it will be easier for your organisation. In our case, we will name it “Passbolt”.

- -

An application password should have been generated, it contains 16 digits and should not be shared.

- -
- Google - Generated App password - fig. Google - Generated App password -
- -

WARNING: Please, note that the password could not be shown after your close the tab, please be sure to copy the application password generated otherwise you will need to generate a new one.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -

In our example, we will use Google Email, but if you are using a premium subscription with google, do not forger to use Google Workspace instead.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

Under authentication method, choose Username & password, provide your Google username which basically is your email address, for the password you can paste the previously generated application password.

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

Office 365

- -
    -
  • Administration panel
    • -
- -

When you are using Office 365, you will need to access your Microsoft 365 admin center.

- -
    -
  • Create your SMTP Credentials
    • -
- -

Office 365 uses OAuth 2.0 for authentication, so you will need to set up an application password to authenticate with the SMTP server.

- -

In the Microsoft 365 admin center, navigate to Additional security verification page > Add sign-in method > App password

- -
- Microsoft - Create an application password - fig. Microsoft - Create an application password -
- -

WARNING: Please, note that the password could not be shown after your close the tab, please be sure to copy the application password generated otherwise you will need to generate a new one.

- -
- Microsoft - Application password - fig. Microsoft - Application password -
- -

Now, you’ll need to get the SMTP settings that are available from Outlook in Settings > Mail > POP and IMAP

- -
- Microsoft - SMTP Settings - fig. Microsoft - SMTP Settings -
- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, navigate to “Administration” > “Email server.”

- -

You will need to fill in your SMTP credentials to match your authentication method, remember, do not use the login credentials but the application password instead.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

ElasticEmail

- -
    -
  • Administration panel
    • -
- -

When you are using ElasticEmail, once logged in, you will be automatically redirected to the administration panel dashboard.

- -

You will need to navigate to Settings > SMTP > Create SMTP credentials.

- -
- ElasticEmail - SMTP Credentials Panel - fig. ElasticEmail - SMTP Credentials Panel -
- -
    -
  • Create your SMTP Credentials
    • -
- -

When you create new SMTP credentials, ElasticEmail will generate a unique password consisting of 40 random characters. The username for your SMTP credentials is your email address associated with your ElasticEmail account.

- -
- ElasticEmail - SMTP Credentials - fig. ElasticEmail - SMTP Credentials -
- -

To copy your newly generated password, simply click on the “Copy” button next to the password field.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

MailGun

- -
    -
  • Administration panel
    • -
- -

When you are using MailGun, once logged in, you will be automatically redirected to the administration panel dashboard.

- -
- MailGun - SMTP Credentials Panel - fig. MailGun - SMTP Credentials Panel -
- -

You will need to navigate to Sending > Overview.

- -
    -
  • Create your SMTP Credentials
    • -
- -

On this page you will find the SMTP hostname, port, username, and default password that you will need to set up SMTP authentication for your email sending requests.

- -

MailGun provides a dedicated page for managing your SMTP credentials. To access this page, you can click on the “SMTP Credentials” link located in the “SMTP” section. Here you can create new SMTP credentials by clicking on the “Add New SMTP Credential” button.

- -
- MailGun - SMTP Credentials - fig. MailGun - SMTP Credentials -
- -

When you create new SMTP credentials on MailGun, the platform will generate a unique password consisting of 50 random characters. You can use this password to authenticate your email sending requests through the MailGun SMTP servers.

- -

It’s important to keep your MailGun SMTP credentials secure, as they can be used to send emails from your account. You should never share your password or username with anyone, and you should take steps to protect your account from unauthorized access.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

Mailjet

- -
    -
  • Administration panel
    • -
- -

When you are using Mailjet, once logged in, you will be automatically redirected to the administration panel dashboard.

- -
- Mailjet - SMTP Credentials Panel - fig. Mailjet - SMTP Credentials Panel -
- -

You will need to navigate to Senders & Domains > SMTP & SEND API Settings.

- -
    -
  • Create your SMTP Credentials
    • -
- -

Mailjet provides a dedicated page for managing your API keys. You can create a new API key by selecting the “SMTP & API Keys” option from the dashboard, clicking on the “Create a new API Key” button, and then following the prompts.

- -
- Mailjet - SMTP Credentials - fig. Mailjet - SMTP Credentials -
- -

When you create a new API key on Mailjet, the platform will generate a unique key pair consisting of a public API key and a secret key. The public API key can be used as the SMTP username for your email sending requests, while the secret key can be used as the SMTP password.

- -

It’s important to keep your Mailjet API keys secure, as they can be used to access your Mailjet account and send emails from your account. You should never share your secret key or public API key with anyone, and you should take steps to protect your account from unauthorized access.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

Mailchimp

- -
    -
  • Administration panel
    • -
- -

When you are using Mailchimp, once logged in, you will be automatically redirected to the administration panel dashboard.

- -

You will need to navigate to Transactionnal > SMTP & API > SMTP Credentials and click on Create A Key.

- -
    -
  • Create your SMTP Credentials
    • -
- -

Give your new SMTP key a name that is easy to remember, such as the name of your web application. When you create an SMTP key, you will be prompted to give it a name that will help you remember what it’s for. This is important because you may have multiple SMTP keys for different applications, and you don’t want to get them confused. Make sure to choose a name that is descriptive and easy to remember, such as the name of your web application.

- -

Copy the generated SMTP key as you will need it to authenticate your SMTP requests. After you have created your SMTP key, Mailchimp will generate a unique key string that you will need to copy and use to authenticate your SMTP requests. Make sure to copy the entire key string exactly as it appears, as any errors or omissions could prevent your SMTP requests from being authenticated.

- -

Your SMTP username is the same as the login credentials to your Mailchimp account. Make sure that it remain, with the correct capitalization and any special characters.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

Sendgrid

- -
    -
  • Administration panel
    • -
- -

When you are using Sendgrid, once logged in, you will be automatically redirected to the administration panel dashboard.

- -
- Sendgrid - SMTP Credentials Panel - fig. Sendgrid - SMTP Credentials Panel -
- -

You will need to navigate to Settings > API Keys and click on Create API Key.

- -
    -
  • Create your SMTP Credentials
    • -
- -

When creating a new API key, you can give it a name that’s easy for you to remember, such as “Passbolt”. SendGrid will then generate a unique API key consisting of 70 random characters. This key can be used to authenticate your email sending requests through the SendGrid SMTP servers.

- -

After generating the API key, you can use the settings shown to configure your email client or application. The SMTP username should be “apikey”. The SMTP password is the API key that you generated in the previous step.

- -
- Sendgrid - SMTP Credentials - fig. Sendgrid - SMTP Credentials -
- -

It’s important to keep your SendGrid API key secure, as it can be used to access your SendGrid account and send emails from your account. You should never share your API key with anyone, and you should take steps to protect your account from unauthorized access.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

-

Sendinblue

- -
    -
  • Administration panel
    • -
- -

When you are using Sendinblue, once logged in, you will be automatically redirected to the administration panel dashboard.

- -
- Sendinblue - SMTP Credentials Panel - fig. Sendinblue - SMTP Credentials Panel -
- -

You will need to navigate to Your Senders & Domains > SMTP & API.

- -
    -
  • Create your SMTP Credentials
    • -
- -

You will find your SMTP key value under the “SMTP Credentials” section. This key can be used to authenticate your email sending requests through the Sendinblue SMTP servers.

- -

Sendinblue also provides the SMTP settings that you can use to configure your email client or application. The SMTP username is your Sendinblue account email address. The SMTP password is your SMTP key value.

- -
- Sendinblue - SMTP Credentials - fig. Sendinblue - SMTP Credentials -
- -

It’s important to keep your Sendinblue SMTP key value secure, as it can be used to access your Sendinblue account and send emails from your account. You should never share your SMTP key value with anyone, and you should take steps to protect your account from unauthorized access.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

-

Zoho

- -
    -
  • Administration panel
    • -
- -

You will need to navigate to your ZohoMail administration panel, in order to do that you can click on the gear icon located in the top-right corner of the screen. A drop-down menu will appear with several options, please click on the “Control Panel” to access the Zoho administration panel

- -
- Zoho - SMTP Credentials Panel - fig. Zoho - SMTP Credentials Panel -
- -

You will need to navigate to Security > App password.

- -
    -
  • Create your SMTP Credentials
    • -
- -

You will be prompt to generate a name for the “App password”, we recommend to use “Passbolt”.

- -

Then, you will need to click on “Generate” and a random application password will be generated.

- -
- Zoho - SMTP Credentials - fig. Zoho - SMTP Credentials -
- -

Please, be sure to save this password as you will need it to authenticate on the Passbolt GUI.

- -

Your SMTP username should be the Zoho account email address and your SMTP password is the application password that has been generated previously.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -
- Passbolt - Email authentication - fig. Passbolt - Email authentication -
- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

AWS SES

- -
    -
  • Navigate through your AWS Management Console
    • -
- -

You’ll see the navigation panel on the left-hand side of the screen.

- -

When you are on the navigation panel, you will need to navigate to Email Sending > SMTP Settings.

- -
    -
  • Create your SMTP Credentials
    • -
- -

Once you are on the SMTP Settings page, you can click on the “Create SMTP Credentials” button to begin the process. When prompted, you can either accept the default name for your credentials or choose a custom name that is easy for you to remember, such as “Passbolt”.

- -

Once you have selected a name for your credentials, AWS SES will generate a set of SMTP credentials that you can use to authenticate your email sending requests. These credentials will consist of an SMTP username and password.

- -

To download your newly created SMTP credentials, simply click on the “Download Credentials” button. This will download a file containing your SMTP username and password. It’s important to keep this file safe and secure, as it contains sensitive information that can be used to send emails from your account.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -

You will need to fill in your smtp credentials to match your authentication method (username & password).

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

- -

Other

- -

If you are using another smtp email provider or a local one, you’d rather use the “Other” email provider.

- -
    -
  • Authentication on Passbolt GUI
    • -
- -

On your Passbolt instance, you can navigate to Administration > Email server.

- -

You will need to fill in your smtp credentials to match your authentication method, it could be:

-
    -
  1. Username & Password
    2. -
  2. Username only
    3. -
  3. None
    4. -
- -

Please, take into consideration that if you are using an email provider that doesn’t require any authentication, you’ll need to use the none authentication method, leaving empty fields with another authentication method could result in a failure to send emails.

- -
    -
  • Test your configuration
    • -
- -

Before saving your configuration, you will need to test it in order to avoid any issues. it should pass and give the results shown below.

- -
- Passbolt - Email test success - fig. Passbolt - Email test success -
- -
    -
  • Save your configuration
    • -
- -

If everything went as expected, do not forget to save your configuration and “Success: The SMTP settings have been saved successfully” should appear.

-
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/environment/reference.html b/docs/configure/environment/reference.html deleted file mode 100644 index 078b08ed7..000000000 --- a/docs/configure/environment/reference.html +++ /dev/null @@ -1,612 +0,0 @@ - - - - - Passbolt Help | Passbolt reference environment variables - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Passbolt reference environment variables

-
-
- -
-
-

Following there is a list of the environment variables supported in passbolt both PRO and CE editions with their default values.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Variable nameDescriptionDefault value
APP_BASEit allows people to specify the base subdir the application is running innull
APP_ENCODINGSet text encoding'UTF-8'
APP_FULL_BASE_URLPassbolt base url'false'
DATASOURCES_DEFAULT_DATABASEDatabase name''
DATASOURCES_DEFAULT_HOSTDatabase hostname'localhost'
DATASOURCES_DEFAULT_PORTDatabase port3306
DATASOURCES_DEFAULT_URLDatabase url''
DATASOURCES_DEFAULT_PASSWORDDatabase password''
DATASOURCES_DEFAULT_SSL_KEYDatabase SSL Key''
DATASOURCES_DEFAULT_SSL_CERTDatabase SSL Cert''
DATASOURCES_DEFAULT_SSL_CADatabase SSL CA''
DATASOURCES_DEFAULT_USERNAMEDatabase username''
DEBUGDebug mode'false'
EMAIL_TRANSPORT_DEFAULT_CLASS_NAMEEmail classname'Smtp'
EMAIL_DEFAULT_FROM_NAMEFrom email username'Passbolt'
EMAIL_DEFAULT_FROMFrom email address'you@localhost'
EMAIL_DEFAULT_TRANSPORTSets transport method'default'
EMAIL_TRANSPORT_DEFAULT_HOSTServer hostname'localhost'
EMAIL_TRANSPORT_DEFAULT_PORTServer port25
EMAIL_TRANSPORT_DEFAULT_TIMEOUTTimeout30
EMAIL_TRANSPORT_DEFAULT_USERNAMEUsername for email server authnull
EMAIL_TRANSPORT_DEFAULT_PASSWORDPassword for email server authnull
EMAIL_TRANSPORT_DEFAULT_CLIENTClientnull
EMAIL_TRANSPORT_DEFAULT_TLSSet tlsnull
EMAIL_TRANSPORT_DEFAULT_URLSet urlnull
GNUPGHOMEpath to gnupghome directory'/home/www-data/.gnupg'
PASSBOLT_AUTH_TOKEN_EXPIRYPassbolt authorization token expiration'3 days'
PASSBOLT_AUTH_REGISTER_TOKEN_EXPIRYPassbolt authorization registration token expiration'10 days'
PASSBOLT_AUTH_RECOVER_TOKEN_EXPIRYPassbolt authorization recover token expiration'1 day'
PASSBOLT_AUTH_LOGIN_TOKEN_EXPIRYPassbolt authorization token login expiration'5 minutes'
PASSBOLT_AUTH_MOBILE_TRANSFER_TOKEN_EXPIRYPassbolt mobile transfer token expiration'5 minutes'
PASSBOLT_AUTH_JWT_REFRESH_TOKENPassbolt authorization JWT refresh token'1 month'
PASSBOLT_AUTH_JWT_ACCESS_TOKENPassbolt authorization JWT access token'5 minutes'
PASSBOLT_AUTH_JWT_VERIFY_TOKENPassbolt authorization JWT verify token'1 hour'
PASSBOLT_GPG_SERVER_KEY_FINGERPRINTGnuPG fingerprintnull
PASSBOLT_GPG_SERVER_KEY_PUBLICPath to GnuPG public server key'/etc/passbolt/gpg/serverkey.asc'
PASSBOLT_GPG_SERVER_KEY_PRIVATEPath to GnuPG private server key'/etc/passbolt/gpg/serverkey_private.asc'
PASSBOLT_JS_BUILDpassbolt.js type of build ‘development’ or ‘production’'production'
PASSBOLT_LEGAL_PRIVACYPOLICYURLSet legal policy URL''
PASSBOLT_LEGAL_TERMSURLSet legal terms URL'https://www.passbolt.com/terms'
PASSBOLT_META_DESCRIPTIONSet html meta description for the site'Open source password manager for teams'
PASSBOLT_META_ROBOTSSearch engines indexing parameters'noindex, nofollow'
PASSBOLT_META_TITLESet html meta title for'Passbolt'
PASSBOLT_PLUGINS_EXPORT_ENABLEDEnable export plugintrue
PASSBOLT_PLUGINS_IMPORT_ENABLEDEnable import plugintrue
PASSBOLT_PLUGINS_IN_FORM_INTEGRATION_ENABLEDEnable Passbolt icon in web formstrue
PASSBOLT_PLUGINS_PASSWORD_GENERATOR_DEFAULT_GENERATORDefault password generator (can be password or passphrase)password
PASSBOLT_PLUGINS_PASSWORD_GENERATOR_ENABLEDEnable password generator plugintrue
PASSBOLT_PLUGINS_PREVIEW_PASSWORD_ENABLEDEnable password generator previewtrue
PASSBOLT_PLUGINS_MOBILE_ENABLEDEnable mobile plugintrue
PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLEDEnable jwt authentication plugintrue
PASSBOLT_REGISTRATION_PUBLICDefines if users can registerfalse
PASSBOLT_SECURITY_SET_HEADERSSend CSP Headerstrue
PASSBOLT_SECURITY_CSPCSP Headers (true, false or custom CSP string)true
PASSBOLT_SECURITY_COOKIE_SECURESet MFA cookie secure flagtrue
PASSBOLT_SSL_FORCERedirects http to httpstrue
SECURITY_SALTCakePHP security salt__SALT__
SESSION_DEFAULTSSession engine configuration'php'
- -
-

Last updated

-

This article was last updated on -December -30th, -2021.

-
- -
-
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https.html b/docs/configure/https.html deleted file mode 100644 index 48d50f5c0..000000000 --- a/docs/configure/https.html +++ /dev/null @@ -1,2027 +0,0 @@ - - - - - Passbolt Help | HTTPS - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
- -
-
-
- - -
-
-

Community edition

-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Debian/Ubuntu auto configure HTTPS - Auto configure HTTPS with Let's Encrypt - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Debian/Ubuntu manual HTTPS configuration - Configure HTTPS with user provided certificates - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Docker auto configure HTTPS - Auto configure HTTPS with Let's Encrypt - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Docker manual HTTPS configuration - Configure HTTPS with user provided certificates - -
- - - - - - - - -
- - - - - - How to configure HTTPS with RPM package - Configure HTTPS with RPM package - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - AWS auto configure HTTPS - Auto configure HTTPS with Let's Encrypt on AWS - -
- - - - - - - - - - - - - -
- - - - - - Digital Ocean auto configure HTTPS - Auto configure HTTPS with Let's Encrypt on Digital Ocean - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
-
-

Pro edition

-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Debian/Ubuntu auto configure HTTPS - Auto configure HTTPS with Let's Encrypt - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Debian/Ubuntu manual HTTPS configuration - Configure HTTPS with user provided certificates - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Docker auto configure HTTPS - Auto configure HTTPS with Let's Encrypt - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - Docker manual HTTPS configuration - Configure HTTPS with user provided certificates - -
- - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to configure HTTPS with RPM package - Configure HTTPS with RPM package - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - OVA auto configure HTTPS - Auto configure HTTPS with Let's Encrypt on OVA - -
- - - - - - - - - - - - - -
- - - - - - AWS auto configure HTTPS - Auto configure HTTPS with Let's Encrypt on AWS - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/https/ce/aws/auto.html b/docs/configure/https/ce/aws/auto.html deleted file mode 100644 index f6284ac40..000000000 --- a/docs/configure/https/ce/aws/auto.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on AWS - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on AWS

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Edit nginx configuration file

- -

By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.

- -

Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line:

- - 
server_name _;
-
- -

Replace the underscore with your passbolt domain name:

- - 
server_name passbolt.domain.tld;
-
- -

Reconfigure passbolt

- -

Execute this command:

- - 
sudo dpkg-reconfigure passbolt-ce-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -March -29th, -2022.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/debian/auto.html b/docs/configure/https/ce/debian/auto.html deleted file mode 100644 index 628e1b695..000000000 --- a/docs/configure/https/ce/debian/auto.html +++ /dev/null @@ -1,405 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Install or reconfigure passbolt

- -

If you don’t have passbolt installed please check on the hosting section for more information -on how to install passbolt on debian.

- -

If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL:

- - 
sudo dpkg-reconfigure passbolt-ce-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/debian/manual.html b/docs/configure/https/ce/debian/manual.html deleted file mode 100644 index d39485a39..000000000 --- a/docs/configure/https/ce/debian/manual.html +++ /dev/null @@ -1,434 +0,0 @@ - - - - - Passbolt Help | Manual HTTPS configuration on Debian and Ubuntu with user provided certificates - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Manual HTTPS configuration on Debian and Ubuntu with user provided certificates

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference with -the ‘auto’ method where Let’s Encrypt will issue the SSL certificate for you.

- -

This manual method is often useful on private network installations with private CA where -the system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used with -self-signed SSL certificates for test installations.

- -

On this example we will assume the user is generating a self-signed certificate on the passbolt server.

- -

Generate the SSL certificate

- -

While connected to your passbolt instance you can generate a SSL certificate in the following way:

- - 
openssl req -x509 \
-    -newkey rsa:4096 \
-    -days 120 \
-    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
-    -nodes \
-    -addext "subjectAltName = DNS:passbolt.domain.tld" \
-    -keyout key.pem \
-    -out cert.pem
-
- -

This command will output two files: key.pem and cert.pem. Identify the absolute path where these files are located as you will need them in next steps.

- -

Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser.

- -
-

- Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. - If you do that, replace DNS with IP in subjectAltName. -

- -
- -

Install or reconfigure passbolt

- -

If you don’t have passbolt installed please check on the hosting section for more information -on how to install passbolt on debian.

- -

If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL:

- - 
sudo dpkg-reconfigure passbolt-ce-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

You should select yes for the nginx setup:

- -
- Nginx configuration message - fig. Nginx configuration message -
- -

Choose ‘manual’ for the SSL setup method:

- -
- SSL method selection - fig. SSL method selection -
- -

Provide the domain name you plan to use for your passbolt server. On this example and as we are using a -self-signed certificate the domain name is not as important as if you are planning to use a proper SSL -certificate. In the later escenario DNS domain name and SSL domain name must match.

- -
- Domain for nginx setup - fig. Domain for nginx setup -
- -

Provide the full path of the SSL certificate you created on previous steps (‘cert.pem’)

- -
- SSL certificate path - fig. SSL certificate path -
- -

Now provide the full path of the SSL key (‘key.pem’)

- -
- SSL private key path - fig. SSL private key path -
- -

Keep in mind that you might need to add DNS records to reach your domain on your local -network or in a public DNS provider.

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/digital-ocean/auto.html b/docs/configure/https/ce/digital-ocean/auto.html deleted file mode 100644 index 31d15ecdf..000000000 --- a/docs/configure/https/ce/digital-ocean/auto.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on Digital Ocean - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on Digital Ocean

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Edit nginx configuration file

- -

By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.

- -

Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line:

- - 
server_name _;
-
- -

Replace the underscore with your passbolt domain name:

- - 
server_name passbolt.domain.tld;
-
- -

Reconfigure passbolt

- -

Execute this command:

- - 
sudo dpkg-reconfigure passbolt-ce-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -March -29th, -2022.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/docker/auto.html b/docs/configure/https/ce/docker/auto.html deleted file mode 100644 index cefbe10d7..000000000 --- a/docs/configure/https/ce/docker/auto.html +++ /dev/null @@ -1,521 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on Docker - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on Docker

-
-
- - -
-
- -
-

- If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. -

- -
- -

Requirements

- - - -

Add traefik service to handle https

- -

If you have followed our installation documentation, you should have defined db and passbolt services for your passbolt stack.

- -

To handle HTTPS setup with Let’s Encrypt, add a traefik service as follow:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-  traefik:
-    image: traefik:2.6
-    restart: always
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./traefik.yaml:/traefik.yaml:ro
-      - ./conf/:/etc/traefik/conf
-      - ./shared/:/shared
-
- -

Traefik will:

-
    -
  • act as a proxy in front of passbolt service, that’s why we defined ports 80 and 443.
    • -
  • handle Let’s Encrypt certificates renew.
    • -
- -

configuration files

- -

Create a traefik.yaml configuration file with this content (replace yourname@domain.tld with your email for Let’s Encrypt):

- - 
global:
-  sendAnonymousUsage: false
-log:
-  level: INFO
-  format: common
-providers:
-  docker:
-    endpoint: 'unix:///var/run/docker.sock'
-    watch: true
-    exposedByDefault: true
-    swarmMode: false
-  file:
-    directory: /etc/traefik/conf/
-    watch: true
-api:
-  dashboard: false
-  debug: false
-  insecure: false
-entryPoints:
-  web:
-    address: ':80'
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-          permanent: true
-  websecure:
-    address: ':443'
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: yourname@domain.tld
-      storage: /shared/acme.json
-      caServer: 'https://acme-v02.api.letsencrypt.org/directory'
-      keyType: EC256
-      httpChallenge:
-        entryPoint: web
-      tlsChallenge: {}
-
- -

Create a conf folder:

- - 
mkdir conf
-
- -

In the conf folder, create 2 files:

- -

conf/headers.yaml:

- - 
http:
-  middlewares:
-    SslHeader:
-      headers:
-        FrameDeny: true
-        AccessControlAllowMethods: 'GET,OPTIONS,PUT'
-        AccessControlAllowOriginList:
-          - origin-list-or-null
-        AccessControlMaxAge: 100
-        AddVaryHeader: true
-        BrowserXssFilter: true
-        ContentTypeNosniff: true
-        ForceSTSHeader: true
-        STSIncludeSubdomains: true
-        STSPreload: true
-        ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
-        CustomFrameOptionsValue: SAMEORIGIN
-        ReferrerPolicy: same-origin
-        PermissionsPolicy: vibrate 'self'
-        STSSeconds: 315360000
-
- -

conf/tls.yaml:

- - 
tls:
-  options:
-    default:
-      minVersion: VersionTLS12
-      sniStrict: true
-      curvePreferences:
-        - CurveP521
-        - CurveP384
-      cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-
- -

traefik.yaml, conf/headers.yaml and conf/tls.yaml will be mounted inside traefik container.

- -

Handle passbolt with Traefik

- -

To make Traefik redirect incoming requests to passbolt, edit the passbolt service as follow:

- -

Step 1. As traefik will handle HTTPS connexion, remove the ports definition for passbolt service

- -

Step 2. Add docker labels to make Traefik aware of passbolt service

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.passbolt-http.entrypoints: "web"
-      traefik.http.routers.passbolt-http.rule: "Host(`passbolt.domain.tld`)"
-      traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
-      traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
-      traefik.http.routers.passbolt-https.entrypoints: "websecure"
-      traefik.http.routers.passbolt-https.rule: "Host(`passbolt.domain.tld`)"
-      traefik.http.routers.passbolt-https.tls: "true"
-      traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
-  traefik:
-    ...
-
- -
-

- Ensure you have correctly set your domain name (replace passbolt.domain.tld with your own in the example above). -

- -
- -

non-root images

- -

If you are using non-root images, add loadbalancer.server.port label to make traefik aware of the to be used port for passbolt service:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    labels:
-      ...
-      traefik.http.services.passbolt-https.loadbalancer.server.port: 8080
-
- -

That’s it

- -

Launch docker-compose up -d and you should be able to reach passbolt with HTTPS and a Let’s Encrypt certificate. -The renewal of the certificate will be handled automatically by Traefik daemon.

- -
-

Last updated

-

This article was last updated on -December -30th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/docker/manual.html b/docs/configure/https/ce/docker/manual.html deleted file mode 100644 index 1dfdcc641..000000000 --- a/docs/configure/https/ce/docker/manual.html +++ /dev/null @@ -1,387 +0,0 @@ - - - - - Passbolt Help | Manual HTTPS configuration on Docker - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Manual HTTPS configuration on Docker

-
-
- - -
-
- -
-

- If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. -

- -
- -

Requirements

- - - -

HTTPS configuration

- -

You need to bind-mount your certificates inside passbolt container to use them.

- -

Create a certs folder and put your certificates there:

- - 
mkdir certs
-mv /path/to/your/certificate.crt certs/cert.pem
-mv /path/to/your/certificate.key certs/key.pem
-
- -

The bind-mount configuration will differ depending which passbolt image you are using.

- -

standard images

- -

If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
-      - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro
-    ports:
-      - 80:80
-      - 443:443
-
- -

Ensure your APP_FULL_BASE_URL environment variable starts with https://

- -

rootless images

- -

If you are using rootless images, tagged as non-root, the bind-mount path will be different as well as port mapping:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
-      - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
-    ports:
-      - 80:8080
-      - 443:4433
-
- -

Like standard images, ensure your APP_FULL_BASE_URL environment variable starts with https://

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/ce/rpm.html b/docs/configure/https/ce/rpm.html deleted file mode 100644 index 07fa61c72..000000000 --- a/docs/configure/https/ce/rpm.html +++ /dev/null @@ -1,396 +0,0 @@ - - - - - Passbolt Help | How to configure HTTPS with RPM package - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure HTTPS with RPM package

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -

If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup

- -

MariaDB / Nginx / SSL settings

- -

Passbolt CE RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

- -

You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

- -

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

- -

Launch passbolt-configure tool and answer to the questions:

- - 
sudo /usr/local/bin/passbolt-configure
-
- -

Nginx

- -

Please enter the domain name under which passbolt will run.

- -

Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

- -

If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

- - 
=========
-Hostname: passbolt.domain.tld
-=========
-
- -

SSL configuration

- -

3 available choices for SSL configuration:

- -
    -
  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
    • -
  • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
    • -
  • none: Do not setup HTTPS at all
    • -
- - 
==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
- -

If you choose 1, you will be prompted for the full path of your certificates:

- - 
Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
- -

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

- - 
===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/aws/auto.html b/docs/configure/https/pro/aws/auto.html deleted file mode 100644 index aca2ac56a..000000000 --- a/docs/configure/https/pro/aws/auto.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on AWS - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on AWS

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Edit nginx configuration file

- -

By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.

- -

Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line:

- - 
server_name _;
-
- -

Replace the underscore with your passbolt domain name:

- - 
server_name passbolt.domain.tld;
-
- -

Reconfigure passbolt

- -

Execute this command:

- - 
sudo dpkg-reconfigure passbolt-pro-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -March -29th, -2022.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/debian/auto.html b/docs/configure/https/pro/debian/auto.html deleted file mode 100644 index 42631a9fd..000000000 --- a/docs/configure/https/pro/debian/auto.html +++ /dev/null @@ -1,405 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Install or reconfigure passbolt

- -

If you don’t have passbolt installed please check on the hosting section for more information -on how to install passbolt on debian.

- -

If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL:

- - 
sudo dpkg-reconfigure passbolt-pro-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/debian/manual.html b/docs/configure/https/pro/debian/manual.html deleted file mode 100644 index c29d20ec0..000000000 --- a/docs/configure/https/pro/debian/manual.html +++ /dev/null @@ -1,434 +0,0 @@ - - - - - Passbolt Help | Manual HTTPS configuration on Debian and Ubuntu with user provided certificates - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Manual HTTPS configuration on Debian and Ubuntu with user provided certificates

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference with -the ‘auto’ method where Let’s Encrypt will issue the SSL certificate for you.

- -

This manual method is often useful on private network installations with private CA where -the system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used with -self-signed SSL certificates for test installations.

- -

On this example we will assume the user is generating a self-signed certificate on the passbolt server.

- -

Generate the SSL certificate

- -

While connected to your passbolt instance you can generate a SSL certificate in the following way:

- - 
openssl req -x509 \
-    -newkey rsa:4096 \
-    -days 120 \
-    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
-    -nodes \
-    -addext "subjectAltName = DNS:passbolt.domain.tld" \
-    -keyout key.pem \
-    -out cert.pem
-
- -

This command will output two files: key.pem and cert.pem. Identify the absolute path where these files are located as you will need them in next steps.

- -

Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser.

- -
-

- Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. - If you do that, replace DNS with IP in subjectAltName. -

- -
- -

Install or reconfigure passbolt

- -

If you don’t have passbolt installed please check on the hosting section for more information -on how to install passbolt on debian.

- -

If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL:

- - 
sudo dpkg-reconfigure passbolt-pro-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

You should select yes for the nginx setup:

- -
- Nginx configuration message - fig. Nginx configuration message -
- -

Choose ‘manual’ for the SSL setup method:

- -
- SSL method selection - fig. SSL method selection -
- -

Provide the domain name you plan to use for your passbolt server. On this example and as we are using a -self-signed certificate the domain name is not as important as if you are planning to use a proper SSL -certificate. In the later escenario DNS domain name and SSL domain name must match.

- -
- Domain for nginx setup - fig. Domain for nginx setup -
- -

Provide the full path of the SSL certificate you created on previous steps (‘cert.pem’)

- -
- SSL certificate path - fig. SSL certificate path -
- -

Now provide the full path of the SSL key (‘key.pem’)

- -
- SSL private key path - fig. SSL private key path -
- -

Keep in mind that you might need to add DNS records to reach your domain on your local -network or in a public DNS provider.

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/docker/auto.html b/docs/configure/https/pro/docker/auto.html deleted file mode 100644 index ae494b5c1..000000000 --- a/docs/configure/https/pro/docker/auto.html +++ /dev/null @@ -1,521 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on Docker - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on Docker

-
-
- - -
-
- -
-

- If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. -

- -
- -

Requirements

- - - -

Add traefik service to handle https

- -

If you have followed our installation documentation, you should have defined db and passbolt services for your passbolt stack.

- -

To handle HTTPS setup with Let’s Encrypt, add a traefik service as follow:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-  traefik:
-    image: traefik:2.6
-    restart: always
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./traefik.yaml:/traefik.yaml:ro
-      - ./conf/:/etc/traefik/conf
-      - ./shared/:/shared
-
- -

Traefik will:

-
    -
  • act as a proxy in front of passbolt service, that’s why we defined ports 80 and 443.
    • -
  • handle Let’s Encrypt certificates renew.
    • -
- -

configuration files

- -

Create a traefik.yaml configuration file with this content (replace yourname@domain.tld with your email for Let’s Encrypt):

- - 
global:
-  sendAnonymousUsage: false
-log:
-  level: INFO
-  format: common
-providers:
-  docker:
-    endpoint: 'unix:///var/run/docker.sock'
-    watch: true
-    exposedByDefault: true
-    swarmMode: false
-  file:
-    directory: /etc/traefik/conf/
-    watch: true
-api:
-  dashboard: false
-  debug: false
-  insecure: false
-entryPoints:
-  web:
-    address: ':80'
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-          permanent: true
-  websecure:
-    address: ':443'
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: yourname@domain.tld
-      storage: /shared/acme.json
-      caServer: 'https://acme-v02.api.letsencrypt.org/directory'
-      keyType: EC256
-      httpChallenge:
-        entryPoint: web
-      tlsChallenge: {}
-
- -

Create a conf folder:

- - 
mkdir conf
-
- -

In the conf folder, create 2 files:

- -

conf/headers.yaml:

- - 
http:
-  middlewares:
-    SslHeader:
-      headers:
-        FrameDeny: true
-        AccessControlAllowMethods: 'GET,OPTIONS,PUT'
-        AccessControlAllowOriginList:
-          - origin-list-or-null
-        AccessControlMaxAge: 100
-        AddVaryHeader: true
-        BrowserXssFilter: true
-        ContentTypeNosniff: true
-        ForceSTSHeader: true
-        STSIncludeSubdomains: true
-        STSPreload: true
-        ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
-        CustomFrameOptionsValue: SAMEORIGIN
-        ReferrerPolicy: same-origin
-        PermissionsPolicy: vibrate 'self'
-        STSSeconds: 315360000
-
- -

conf/tls.yaml:

- - 
tls:
-  options:
-    default:
-      minVersion: VersionTLS12
-      sniStrict: true
-      curvePreferences:
-        - CurveP521
-        - CurveP384
-      cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-
- -

traefik.yaml, conf/headers.yaml and conf/tls.yaml will be mounted inside traefik container.

- -

Handle passbolt with Traefik

- -

To make Traefik redirect incoming requests to passbolt, edit the passbolt service as follow:

- -

Step 1. As traefik will handle HTTPS connexion, remove the ports definition for passbolt service

- -

Step 2. Add docker labels to make Traefik aware of passbolt service

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.passbolt-http.entrypoints: "web"
-      traefik.http.routers.passbolt-http.rule: "Host(`passbolt.domain.tld`)"
-      traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
-      traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
-      traefik.http.routers.passbolt-https.entrypoints: "websecure"
-      traefik.http.routers.passbolt-https.rule: "Host(`passbolt.domain.tld`)"
-      traefik.http.routers.passbolt-https.tls: "true"
-      traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
-  traefik:
-    ...
-
- -
-

- Ensure you have correctly set your domain name (replace passbolt.domain.tld with your own in the example above). -

- -
- -

non-root images

- -

If you are using non-root images, add loadbalancer.server.port label to make traefik aware of the to be used port for passbolt service:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    labels:
-      ...
-      traefik.http.services.passbolt-https.loadbalancer.server.port: 8080
-
- -

That’s it

- -

Launch docker-compose up -d and you should be able to reach passbolt with HTTPS and a Let’s Encrypt certificate. -The renewal of the certificate will be handled automatically by Traefik daemon.

- -
-

Last updated

-

This article was last updated on -December -30th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/docker/manual.html b/docs/configure/https/pro/docker/manual.html deleted file mode 100644 index 9598a239e..000000000 --- a/docs/configure/https/pro/docker/manual.html +++ /dev/null @@ -1,387 +0,0 @@ - - - - - Passbolt Help | Manual HTTPS configuration on Docker - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Manual HTTPS configuration on Docker

-
-
- - -
-
- -
-

- If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
- As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. -

- -
- -

Requirements

- - - -

HTTPS configuration

- -

You need to bind-mount your certificates inside passbolt container to use them.

- -

Create a certs folder and put your certificates there:

- - 
mkdir certs
-mv /path/to/your/certificate.crt certs/cert.pem
-mv /path/to/your/certificate.key certs/key.pem
-
- -

The bind-mount configuration will differ depending which passbolt image you are using.

- -

standard images

- -

If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
-      - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro
-    ports:
-      - 80:80
-      - 443:443
-
- -

Ensure your APP_FULL_BASE_URL environment variable starts with https://

- -

rootless images

- -

If you are using rootless images, tagged as non-root, the bind-mount path will be different as well as port mapping:

- - 
version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
-      - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
-    ports:
-      - 80:8080
-      - 443:4433
-
- -

Like standard images, ensure your APP_FULL_BASE_URL environment variable starts with https://

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/ova/auto.html b/docs/configure/https/pro/ova/auto.html deleted file mode 100644 index fb0b52ba4..000000000 --- a/docs/configure/https/pro/ova/auto.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - - Passbolt Help | Auto configure HTTPS with Let's Encrypt on OVA - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Auto configure HTTPS with Let's Encrypt on OVA

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -
-

- Important requirement: This tutorial assumes your machine has a valid domain name assigned in - order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section -

- -
- -
-

- Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, - scenarios like https://mydomain.com/passbolt are not supported by default -

- -
- -

Edit nginx configuration file

- -

By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.

- -

Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line:

- - 
server_name _;
-
- -

Replace the underscore with your passbolt domain name:

- - 
server_name passbolt.domain.tld;
-
- -

Reconfigure passbolt

- -

Execute this command:

- - 
sudo dpkg-reconfigure passbolt-pro-server
-
- -

You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup

- -

Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports:

- -
    -
  • Serve passbolt on port 80 (http)
    • -
  • Serve passbolt on port 443 (https)
    • -
- -

The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.

- -
- Configure nginx dialog - fig. Configure nginx dialog -
- -

After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:

- -
- nginx SSL dialog - fig. nginx SSL dialog -
- -

You will now need to introduce the name of the domain name assinged to your server:

- -
- nginx domain name - fig. nginx domain name -
- -

Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:

- -
- lets encrypt admin email - fig. lets encrypt admin email -
- -

If everything goes fine you should see a final message that points you to finish passbolt configuration:

- -
- Success message - fig. Success message -
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -March -21st, -2022.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/https/pro/rpm.html b/docs/configure/https/pro/rpm.html deleted file mode 100644 index d5070bf1c..000000000 --- a/docs/configure/https/pro/rpm.html +++ /dev/null @@ -1,396 +0,0 @@ - - - - - Passbolt Help | How to configure HTTPS with RPM package - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure HTTPS with RPM package

-
-
- - -
-
- -
-

- If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. -Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. -

- -
- -

If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup

- -

MariaDB / Nginx / SSL settings

- -

Passbolt PRO RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

- -

You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

- -

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

- -

Launch passbolt-configure tool and answer to the questions:

- - 
sudo /usr/local/bin/passbolt-configure
-
- -

Nginx

- -

Please enter the domain name under which passbolt will run.

- -

Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

- -

If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

- - 
=========
-Hostname: passbolt.domain.tld
-=========
-
- -

SSL configuration

- -

3 available choices for SSL configuration:

- -
    -
  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
    • -
  • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
    • -
  • none: Do not setup HTTPS at all
    • -
- - 
==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
- -

If you choose 1, you will be prompted for the full path of your certificates:

- - 
Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
- -

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

- - 
===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
- -

Reload nginx after finish the reconfigure to use the SSL configuration.

- - 
sudo systemctl reload nginx
-
- -

Finally, ensure ‘fullBaseUrl’ value in /etc/passbolt/passbolt.php starts with https://.

- -

And that’s it you should be able to reach your server on the domain you specified.

- -
-

Last updated

-

This article was last updated on -December -16th, -2021.

-
- -
-
- -
-

Are you experiencing issues when installing passbolt?

- - Ask the community! - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/index.html b/docs/configure/index.html deleted file mode 100644 index e374cf990..000000000 --- a/docs/configure/index.html +++ /dev/null @@ -1,471 +0,0 @@ - - - - - Passbolt Help | Configure - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- -
-
-
-
-
-
- -
-
-
- - - - - - - - - - - -
-
-

Configure

-
-
-
- - -
- - - - - - Configure HTTPS - How to setup HTTPS for secure communications - -
- - -
- - - - -
PRO
- - - Configure LDAP - How to configure the directory sync plugin - -
- - -
- - - - -
PRO
- - - Configure Account Recovery - How to configure Account Recovery - -
- - -
- - - - -
PRO
- - - Configure SSO - How to configure Single Sign-On - -
- - -
- - - - - - Configure Windows App - How to configure Windows App - -
- - -
- - - - -
PRO
- - - Configure Password Policies - How to configure Password Policies - -
- - -
- - - - -
PRO
- - - Configure User Passphrase Policies - How to configure User Passphrase Policies - -
- - -
- - - - - - Configure RBAC - How to configure Role-Based Access Control - -
- - -
- - - - -
PRO
- - - Configure LDAP with ssl - How to configure the LDAP plugin with ssl (ldaps) - -
- - -
- - - - -
PRO
- - - Using LDAP Filters - How to use the filters to configure your Users Directory - -
- - -
- - - - -
PRO
- - - Troubleshoot LDAP sync errors - Common ldap synchronization errors and their meaning - -
- - -
- - - - - - Configure MFA - How to configure Multi Factor Authentication - -
- - -
- - - - - - Configure TOTP - How to configure Time-based One Time Password - -
- - -
- - - - - - Configure Email Notifications - How to manage email notification settings - -
- - -
- - - - - - Configure Email providers - How to setup email providers - -
- - -
- - - - - - Configure Email authentication - How to configure your authentication method - -
- - -
- - - - - - Troobleshoot Email config - Common issues with emails - -
- - -
- - - - - - Environment variable reference - Reference list of all environment variables - -
- - -
- - - - - - Update database credentials - Update database credentials - -
- -
- - - - - - - - - -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/ldap-configuration-from-file.html b/docs/configure/ldap-configuration-from-file.html deleted file mode 100644 index d7139b39e..000000000 --- a/docs/configure/ldap-configuration-from-file.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/ldap-with-ssl.html b/docs/configure/ldap-with-ssl.html deleted file mode 100644 index a515ca090..000000000 --- a/docs/configure/ldap-with-ssl.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/ldap.html b/docs/configure/ldap.html deleted file mode 100644 index c65bbe900..000000000 --- a/docs/configure/ldap.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/ldap/ldap-common-sync-error-messages.html b/docs/configure/ldap/ldap-common-sync-error-messages.html deleted file mode 100644 index 309d4f55c..000000000 --- a/docs/configure/ldap/ldap-common-sync-error-messages.html +++ /dev/null @@ -1,352 +0,0 @@ - - - - - Passbolt Help | Most common ldap sync error messages - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Most common ldap sync error messages

-
-
- -
-
- -

Introduction

- -

Depending on the structure of your directory or the state of the synchronization between passbolt and your directory, passbolt can report certain synchronization issues. -They come from a variety of reasons, here are the most common ones.

- -

The user user@domain.com could not be added to group MyGroup because it is not active yet

-

This error happens when passbolt is trying to add a user to a group, but the user has not yet activated their account. Passbolt -cannot add such users to groups automatically since their account is not operational yet. -When this situation happens, no intervention is required. The user will be added to the group automatically once they activate their account (when they click on the link provided in the email invitation and complete the initial setup).

- -

The user user@domain.com could not be mapped with an existing user in passbolt because it was created after.

-

This error happens when a user was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt user has the priority and should not be synced, since it would also mean that the same user would get -deleted whenever it is deleted from the directory. -When this situation happens, if you absolutely want to sync these 2 users, the solution is to delete the user in passbolt and to run the synchronization again. The user will then be created again and synced.

- -

The group MyGroup could not be mapped with an existing group in passbolt because it was created after.

-

This error happens when a group was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt group has the priority and should not be synced, since it would also mean that the same group would get -deleted whenever it is deleted from the directory. -When this situation happens, if you absolutely want to sync these 2 groups, the solution is to delete the group in passbolt and to run the synchronization again. The group will then be created again and synced.

- -

The previously deleted user user@domain.com was not re-added to passbolt.

-

This error happens when a passbolt user was deleted manually in passbolt but not in the directory. Passbolt then considers that the actions performed in passbolt -have a higher priority and that the user was deleted for a good reason. -When this situation happens, if you absolutely want to sync back this user, the solution is to re-create the user in passbolt and run the synchronization again.

- -

The user user@domain.com could not be added to the group MyGroup because of an internal error

-

This error usually happens when the group could not be created in Passbolt for some reason, which means that it is impossible for the -system to create a group membership for the given user.

- -

A request to add user user@domain.com in group MyGroup was sent to the group manager.

-

This scenario happens when passbolt attempts to add a user to a group that has passwords directly shared with it. -In this case, adding our user to the group would mean having to encrypt all the passwords shared with the group for this new group member. -Due to the end-to-end nature of the solution, the system cannot do it without a human intervention. This is why passbolt sends a request to the group manager so that he can add the user to the group manually, and encrypt the shared secrets at the same time.

- -

Note: this scenario will not happen in the case of groups without direct access to shared passwords. In this case, the user will be added automatically to the group during the sync.

- -

The user userA was not synced with existing membership for group groupA because the membership was created before.

-

This happens when a user has been added to a group in Passbolt prior to being added to the group in LDAP, or prior to the change in LDAP being synchronized. This means that Passbolt has priority over that membership. To solve this the user will have to be removed from the group in Passbolt and then another synchronization has to occur. Once that happens the user should once again be in the group in Passbolt, or an email should be triggered if the group has shared passwords.

- -

No message, but the user I removed from a group in LDAP is still in the group in Passbolt

-

This tends to happen when a user is added in a group in Passbolt prior to being added to a group in LDAP and then later being removed from the group in LDAP. If you see any errors that are in the format of “The user userA was not synced with existing membership for group groupA because the membership was created before.” there is a risk of this issue occuring. This is because Passbolt has priority over this group membership. You will have to manually remove the user from the group in Passbolt in this case.

- -
-

Last updated

-

This article was last updated on -October -11th, -2021.

-
- -
-
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/ldap/ldap-filters.html b/docs/configure/ldap/ldap-filters.html deleted file mode 100644 index 5b611a189..000000000 --- a/docs/configure/ldap/ldap-filters.html +++ /dev/null @@ -1,372 +0,0 @@ - - - - - Passbolt Help | Using LDAP Filters - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Using LDAP Filters

-
-
- -
-
- -
-

- Important: The Ldap plugin is part of Passbolt Pro only and is not available in the Community Edition. -

- -
- -

Introduction

-

As part of the Users Directory feature passbolt offers two ways to help filter your Active Directory/OpenLDAP users and groups so you have more control over which users and groups are synchronized. This page will go over how to use both of these options.

- -

Groups & Users Parent Group

-

One of the options for filtering users and groups is to use the Groups Parent Group or the Users Parent Group option. This can be found under the Synchronization options section of the Users Directory configuration page.

- -
- Ldap settings parent group fields - fig. Ldap settings parent group fields -
- -

This option will allow you to specify a Parent Group for your users or groups. Passbolt will then only look for Users or Groups which are part of that Parent group and use those for synchronization. This is most useful if you have directory set up where the Users or Groups you want to synchronize are all under the same group. For this field you can use just the name of the group, for example:

-
    -
  • admins
    • -
  • testers
    • -
  • Passbolt_Users
    • -
  • Passbolt Groups
    • -
- -

Group & User custom filters

-

The other option we have is to use custom filters for users or groups. This can be found under the Directory configuration section of the Users Directory configuration page.

- -
- Ldap settings custom filter fields - fig. Ldap settings custom filter fields -
- -

These fields will accept standard LDAP query syntax. This is useful if you need just a few groups/users or wish to exclude one which may have normally been synchronized. These fields provide more flexibility when interacting with more complicated directory structures. Some examples of the expected syntax are:

- -
    -
  • (memberof=cn=somegroup) -
      -
    • This would be for the users filter for members of “somegroup”
      • -
    -
    • -
  • (|(cn=admins)(cn=testers)) -
      -
    • This would be for the groups “admins” or “testers”
      • -
    -
    • -
  • (uid=*smith*) -
      -
    • This would be for any user with “smith” in their uid
      • -
    -
    • -
- -
-

Last updated

-

This article was last updated on -November -30th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/ldap/ldap-from-configuration-file.html b/docs/configure/ldap/ldap-from-configuration-file.html deleted file mode 100644 index 270e4d27b..000000000 --- a/docs/configure/ldap/ldap-from-configuration-file.html +++ /dev/null @@ -1,647 +0,0 @@ - - - - - Passbolt Help | Configure Ldap plugin - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Configure Ldap plugin

-
-
- -
-
- -
-

- Important: The Ldap plugin is part of Passbolt Pro only and is not available in the Community Edition. -

- -
- -

Introduction

- -

What is it?

- -

The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passbolt -administrator to synchronize a list of groups and users, as well as the associated group memberships.

- -

Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the future -we will also support other non ldap based user directories such as Google API User Directory.

- -

How does it work?

- -

In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimal -involvement of the administrators and group managers. However if an action is not possible, such as, deleting -a user that is the sole password owner, the process triggers will trigger relevant email notifications so -that a human can solve it manually. An admin can also alternatively tell passbolt to ignore a record in the -next synchronization round, if the issue does not need to be resolved.

- -

Requirements

- -
-

- Important: If you have installed passbolt-pro using our debian and ubuntu packages you can skip this section -

- -
- -

The directory synchronization tools requires the php-ldap extension -to be present on the server. If you built your own server the way you install -php-ldap will depend on your system flavor.

- -

On Debian using nginx for example you can do:

- 
sudo apt-get install php-ldap
-sudo service nginx restart
-
- -

Make sure the ldap extension is present in the php-cli.ini file. -You should add extension=ldap.so if it is not already present:

- 
$ php -i |grep php\.ini
-Configuration File (php.ini) Path => /etc/php/7.4/cli
-Loaded Configuration File => /etc/php/7.4/cli/php.ini
-$ nano /etc/php/7.4/cli/php.ini
-
- -

For testing purpose, it might be handy to have some ldap utilities -installed on your system. On Debian you can use ldapsearch for example to search for and display entries:

- 
sudo apt-get install ldap-utils
-ldapsearch -b'dc=example,dc=com' -x
-
- -

The plugin relies on a 3rd party library called ldaptools which you will need to install as part of your passbolt -update or install. You can get it the same way than other php dependencies using composer:

- 
cd /var/www/passbolt
-git pull origin master
-composer install
-./bin/cake passbolt migrate
-
- -

To run, the ldap plugin needs to have at least one active admin user existing inside passbolt.

- -

How to use?

- -
-

- Please note: This guide explains how to configure the Ldap connector through the configuration file. For simpler configurations, you can configure Ldap through the UI. -

- -
- -

Activate the plugin

- -

The plugin is deactivated by default. You need to activate it to be able to use it.

- -

To do so, simply copy the file /config/ldap.default.php into ldap.php.

- 
cd /var/www/passbolt
-mv ./config/ldap.default.php ./config/ldap.php
-
- -

Configure the plugin

- -

Edit the file ldap.php and modify the configuration to match your needs. The available options are:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDetailsExample
- defaultUser
- (required) - 		- Enter here the username of the passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. -

You can also create a dedicated admin user in passbolt if you want to be able to track more accurately the actions related to ldap. - 		- passboltadmin@domain.com -
- defaultGroupAdminUser
- (required) - 		- Enter here the username of the default group manager. It is the user that will be assigned as a group manager to all new groups created by ldap. - - passboltadmin@domain.com -
- fieldsMapping
- (optional) - 		- In case of OpenLdap, the default mapping between the passbolt and directory record fields might not be the one that will work for you. In this section you can redefine the default mapping for your directory. - 
'openldap' => [
-  'user' => [
-     'id' => 'entryUUID',
-     'firstname' => 'firstName',
-     'lastname' => 'lastName',
-     'username' => 'mail',
-     'created' => 'created',
-     'modified' => 'modified',
-  ],
-  'group' => [
-     'id' => 'entryUUID',
-     'name' => 'cn',
-     'created' => 'created',
-     'modified' => 'modified',
-     'users' => 'members',
-  ],
-],
- groupObjectClass
- (optional) - 		- For OpenLdap only, you can specify here the name of the group object class that you are using in your openldap. -

Default value: groupOfUniqueNames - 		- groupOfUniqueNames -
- userObjectClass
- (optional) - 		- For OpenLdap only, you can specify here the name of the user object class that you are using in your openldap. -

Default value: inetOrgPerson - 		- inetOrgPerson -
- groupPath
- (optional) - 		- If your groups are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyGroups
- userPath
- (optional) - 		- If your users are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyUsers
- jobs
- (optional) - 		- By default, the synchronization will be done for all created / deleted users and groups in your directory and all edited group members. You can enable / disable some tasks here. -

Default value: see example - 
'jobs' => [
-    'users' => [
-        'create' => true,
-        'delete' => true,
-    ],
-    'groups' => [
-        'create' => true,
-        'update' => true,
-        'delete' => true,
-    ],
-],
-
- ldap
- (required) - 		- This contains the ldap connection details such as the domain name, username, password, base DN, servers, port, etc.. - The options in the config file are self explanatory. - 
'ldap' => [
-  'domains' => [
-      // Active directory.
-     'mydomain.local' => [
-          'domain_name' => 'mydomain.local',
-          'username' => 'johndoe',
-          'password' => 'Compl!c4t3dP4ssw0rD',
-          'base_dn' => 'OU=OrgUsers,DC=mydomain,DC=local',
-          'servers' => ['35.225.111.241'],
-          'port' => 389,
-          'use_ssl' => false,
-         'ldap_type' => 'ad',
-      ],
-   ],
-]
- -

Test the connection

- -

Once the configuration options have been entered in ldap.php, you can test that the connection is working and that the objects are retrieved correctly from your directory:

- 
./bin/cake directory_sync test
-
- -

An output similar to the one below should be observed:

- -
- Screenshot of directory synchronization test - fig. Screenshot of directory synchronization test -
- -

What you should pay attention to:

-
    -
  • Make sure that you can see the same groups and users as the ones available in your directory.
    • -
  • Make sure that each user has an email address. If not, they will not validate in passbolt.
    • -
  • Make sure that each group is shown with the right number of users.
    • -
- -

First synchronization

-

Before we actually do a real synchronization, we will first simulate one:

- 
./bin/cake directory_sync all --dry-run
-
-

This command will simulate what will happen when the synchronization will be done for real.

- -
- Screenshot of directory synchronization sync in dry run - fig. Screenshot of directory synchronization sync in dry run -
- -

If the result displayed is similar to what you expect to happen, you can proceed with the actual synchronization:

- 
./bin/cake directory_sync all --persist
-
- -
- Screenshot of directory synchronization running - fig. Screenshot of directory synchronization running -
- -
-

- Please note that a user can be added into a group only once his account is activated. -

- -
- -

Run it automatically

-

To synchronize the changes automatically you will need to add a cron job. We recommend to execute the job once a day, but you can choose as per your preference.

- - 
0 0 * * * su -c "/var/www/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1
-
- -

For debian and ubuntu systems where passbolt is installed through our supported packages:

- - 
0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1
-
- -

Ignoring records

-

It is possible for you to individually ignore synchronization of some of your directory records and/or some users/groups in passbolt, especially when there are some problematics records you do not want to keep in sync. Such records and the command to ignore them will be displayed in the reports.

- -
- Screenshot of directory synchronization with items to ignore - fig. Screenshot of directory synchronization with items to ignore -
- - 
 ./bin/cake directory_sync ignore-create --id=55872084-ed6f-4e96-b401-479dd86ca357 --model=DirectoryEntries
-
- -

You can also view all the records that are being ignored.

- -
- Screenshot of directory synchronization view ignored command - fig. Screenshot of directory synchronization view ignored command -
- - 
./bin/cake directory_sync ignore-list
-
- -

You can also stop ignoring them:

- 
./bin/cake directory_sync ignore-delete --id=16789f75-2cf7-4755-9bd9-634d1ff42240 --model=DirectoryEntries
-
- -
-

Last updated

-

This article was last updated on -September -7th, -2018.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/ldap/ldap-with-ssl.html b/docs/configure/ldap/ldap-with-ssl.html deleted file mode 100644 index 6da26ad30..000000000 --- a/docs/configure/ldap/ldap-with-ssl.html +++ /dev/null @@ -1,465 +0,0 @@ - - - - - Passbolt Help | Configure LDAP plugin with SSL (ldaps) - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Configure LDAP plugin with SSL (ldaps)

-
-
- -
-
- -

Introduction

- -

To run LDAPS your LDAP server must offer a valid SSL certificate to the client which in this case that client is the passbolt server. -It is also required that the SSL certificate is trusted by your passbolt instance.

- -

There are two ways of obtaining your SSL certificate, listed below.

- -

Your LDAP server is offering a SSL certificate obtained by a public Certificate Authority

- -

If your SSL certificate has been obtained through a public and well known SSL certificate authority such as Let’s encrypt your certificate would -be automatically trusted by the passbolt instance unless otherwise specified by your SSL provider.

- -

Most of the time in this scenario your passbolt instance will not require any extra configuration.

- -

Your LDAP server is offering a SSL certificate obtained from a private Certficate Authority

- -

Some organizations run LDAP on a private network on premises. In these scenarios it is very common that your organization has a private SSL certificate authority that -generates SSL certificates valid only on the private network.

- -

If this is your scenario you probably will need a CA certificate to trust the private SSL certificate offered by your LDAP server if the LDAP SSL certificate is not chained correctly.

- -

If the LDAP SSL certificate is not chained correctly meaning that it is not offering both the CA certificate and SSL certificate on connection you must obtain and upload the CA certificate -to your passbolt instance.

- -
- LDAP with ssl - certificate error message - fig. LDAP with ssl - certificate error message -
- -

Configure passbolt server to trust a private LDAPS certificate

- -

Step 1: ping the server

- -

The first step is to understand what is causing the issue and be sure that it’s related to a certificate issue.

- -

We first try to ping the server and see if it goes through.

- - 
ping your_ldap_server.com
-
- -

If it does not go through, check that there is a corresponding entry for your domain / server ip in /etc/hosts. If it’s not there add it.

- -

If it goes through, we will then try to execute a similar ldap query to what passbolt does using ldapsearch.

- -

Step 2: Connect with ldapsearch

- -
-

- As passbolt will connect to your LDAP server as the web user, it is important to execute the ldapsearch command as this user (www-data for Debian/Ubuntu, wwwrun for openSUSE, nginx for RHEL based Linux distributions). -

- -
- - 
$ sudo su -s /bin/bash -c 'ldapsearch -x -D "username" -W -H ldaps://your_ldap_server.com -b "dc=domain,dc=com" -d 9' www-data
-
- -

Do not forget to replace the ‘username’, ‘your_ldap_server.com’ ‘domain’ and ‘com’ variables with the real ones.

- -

If after this command is executed you see your objects returned, it means that the LDAPS connection is going through and that -there must be an issue with the parameters you entered in passbolt LDAP plugin. You should check them again and make sure that they are alright.

- -

If this command returns something as displayed below, then you most likely have a LDAPS certificate issue.

- - 
$ sudo su -s /bin/bash -c 'ldapsearch -x -D "ada" -W -H ldaps://your_ldap_server.com -b "dc=passbolt,dc=local" -d 9' www-data
-
-ldap_url_parse_ext(ldaps://your_ldap_server.com)
-ldap_create
-ldap_url_parse_ext(ldaps://your_ldap_server.com:636/??base)
-Enter LDAP Password:
-ldap_sasl_bind
-ldap_send_initial_request
-ldap_new_connection 1 1 0
-ldap_int_open_connection
-ldap_connect_to_host: TCP your_ldap_server.com:636
-ldap_new_socket: 3
-ldap_prepare_socket: 3
-ldap_connect_to_host: Trying 172.16.0.50:636
-ldap_pvt_connect: fd: 3 tm: -1 async: 0
-attempting to connect:
-connect success
-ldap_err2string
-ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
-
- -

If that’s the case, the good news is that it’s quite easy to fix. The issue is that the client is not trusting the certificate provided by the server. -Let’s fix this by moving forward to the next step.

- -

Step 3: Download a correctly chained SSL certificate

- -

Openldap requires usually the entire chained certificate. We have developed a quick utility that aims to help retrieve all the parts of a ldaps certificate and bundle them together. -You can access this tool here

- -

Follow the README instructions, retrieve your certificate and move to step 2.

- -

Step 4: tell openldap to use the right certificate

- -

In Debian:

- - 
nano /etc/ldap/ldap.conf
-
- -

Note that the ldap.conf can also be found in /etc/ldap/ldap.conf, depending on your distro

- -

The content of the file should look like:

- - 
#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE   dc=example,dc=com
-#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
-
-#SIZELIMIT      12
-#TIMELIMIT      15
-#DEREF          never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT      /etc/ssl/certs/cert.crt
-
- -

Edit the line with TLS_CACERT to make it point to the right certificate.

- -

That’s it. It should now work. Go back to step 1 and execute the ldapsearch command again. You should see a -successful connection to your ldaps server happening. If that’s the case, you can get back to Passbolt and try the synchronization again.

- -

Alternatively

- -

If for some obscure reasons openldap was still refusing to cooperate, you can try telling him to ignore the certificate.

- -
-

- Warning: Do this for tests purpose only. This practice is insecure and could make your server prone to MITM attacks. -

- -
- - 
nano /etc/ldap/ldap.conf
-
- -

Then add the line: TLS_REQCERT never, and try again.

- -

If now the connection is going through, it means that there is still an issue with your certificate.

- -
-

Last updated

-

This article was last updated on -February -7th, -2020.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/ldap/setup.html b/docs/configure/ldap/setup.html deleted file mode 100644 index bccdff6fa..000000000 --- a/docs/configure/ldap/setup.html +++ /dev/null @@ -1,679 +0,0 @@ - - - - - Passbolt Help | Configure Ldap plugin - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Configure Ldap plugin

-
-
- -
-
- -

ldap illustration

- -
-

- Important: The LDAP connector will send an invitation email to all the users matching your configuration during a synchronization. If you are simply testing it, make sure not to perform an actual synchronization (use simulate sync instead), or disable the cron job to send emails first. -

- -
- -

Introduction

- -

What is it?

- -

The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passbolt -administrator to synchronize a list of groups and users, as well as the associated group memberships.

- -

Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the future -we will also support other non ldap based user directories such as Google API User Directory.

- -

How does it work?

- -

In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimal -involvement of the administrators and group managers. However if an action is not possible, such as, deleting -a user that is the sole password owner, the process triggers will trigger relevant email notifications so -that a human can solve it manually. An admin can also alternatively tell passbolt to ignore a record in the -next synchronization round, if the issue does not need to be resolved.

- -

Requirements

- -
-

- Important: If you have installed passbolt-pro using our debian and ubuntu packages you can skip this section -

- -
- -

The directory synchronization tools requires the php-ldap extension -to be present on the server. If you built your own server the way you install -php-ldap will depend on your system flavor.

- -

On Debian using nginx for example you can do:

- 
sudo apt-get install php-ldap
-sudo service nginx restart
-
- -

Make sure the ldap extension is present in the php-cli.ini file. -You should add extension=ldap.so if it is not already present:

- 
$ php -i |grep php\.ini
-Configuration File (php.ini) Path => /etc/php/7.4/cli
-Loaded Configuration File => /etc/php/7.4/cli/php.ini
-$ nano /etc/php/7.4/cli/php.ini
-
- -

For testing purpose, it might be handy to have some ldap utilities -installed on your system. On Debian you can use ldapsearch for example to search for and display entries:

- 
sudo apt-get install ldap-utils
-ldapsearch -b'dc=example,dc=com' -x
-
- -

The plugin relies on a 3rd party library called ldaptools which you will need to install as part of your passbolt -update or install. You can get it the same way than other php dependencies using composer:

- 
cd /var/www/passbolt
-git pull origin master
-composer install
-./bin/cake passbolt migrate
-
- -

To run, the ldap plugin needs to have at least one active admin user existing inside passbolt.

- -

Limitations

- -

The Ldap plugin doesn’t support nested groups in the current version. This improvement will be added later, -once groups inside groups is supported by passbolt.

- -

A delegated authentication (such as using a LDAP user password as replacement of the passphrase) is currently -not supported (and is not a trivial problem) but could still be considered in the future. If you are interested -in this feature you can join the discussion on the -community forum.

- -

The following improvements will also be shipped gradually and will be available soon:

-
    -
  • Test mode: the capability to test the configuration and mapping directly from the configuration screen.
    • -
  • Report screens: the synchronization reports will be available in the admin workspace.
    • -
- -

How to use?

- -
-

- Please note: This guide explains how to configure the Ldap connector through the UI. For complex configurations (for example custom field mapping in openldap) you will need to configure ldap directly through the configuration file. -

- -
- -

Activate the plugin

- -

The plugin is deactivated by default. You need to activate it to be able to use it. -While logged in as an admin, click on the administration menu item in the top menu, and then click on “Users Directory”

- -
- Ldap directory settings screen (disabled) - fig. Ldap directory settings screen (disabled) -
- -

Click on the switch next to “Users Directory” to enable the plugin.

- -
- Ldap directory settings screen (enabled) - fig. Ldap directory settings screen (enabled) -
- -

You will need to fill the configuration parameters with your connection details before you can save the settings and -actually activate it.

- -

Configure the plugin

- -

The available options are:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDetailsExample
- Directory Type
- (required) - 		- Choose here the type of your directory. Currently only Active Directory and OpenLdap are supported. - - Active Directory -
- Domain
- (required) - 		- The domain your directory is configured with. - - mydomain.local -
- Server URL
- (required) - 		- The full url to reach your server. - - ldap://198.163.0.1:389 -
- Username and password
- (required) - 		- Username and password to authentify on your directory - -
- Base DN
- (required) - 		- The base DN (default naming context) for the domain. - - OU=OrgUsers,DC=mydomain,DC=local -
- Group path
- (optional) - 		- If your groups are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyGroups
- User path
- (optional) - 		- If your users are located in a different path than your base DN, you can specify here the complementary path. -

Default value: none - 		OU=MyUsers
- Group object class
- (optional) - 		- For OpenLdap only, you can specify here the name of the group object class that you are using in your openldap. -

Default value: groupOfUniqueNames - 		- groupOfUniqueNames -
- User object class
- (optional) - 		- For OpenLdap only, you can specify here the name of the user object class that you are using in your openldap. -

Default value: inetOrgPerson - 		- inetOrgPerson -
- Default admin
- (required) - 		- Choose here the username of the passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. -

You can also create a dedicated admin user in passbolt if you want to be able to track more accurately the actions related to ldap. - 		- passboltadmin@domain.com -
- Default group admin
- (required) - 		- Choose here the username of the default group manager. It is the user that will be assigned as a group manager to all new groups created by ldap. - - passboltadmin@domain.com -
- Groups parent group
- (optional) - 		- Using this filter will list only groups that are part of the given parent group (recursively). Enter the parent group name. - - MyGroupName -
- Users parent group
- (optional) - 		- Using this filter will list only users that are part of the given parent group (recursively). Enter the parent group name. - - MyGroupName -
- Enabled users only
- (optional) - 		- Only for AD. Synchronize only the users that are enabled (=not disabled). - -
- Sync operations
- (optional) - 		- By default, the synchronization will be done for all created / deleted users and groups in your directory and all edited group members. You can enable / disable some tasks here. -

Default value: everything is enabled. - 		-
- -

Save configuration

- -

Once the configuration is entered, do not forget to save it by clicking on the “save settings” at the top. The configuration will be saved -only if passbolt managed to connect to your directory. If not, it will display an error message.

- -
- Ldap directory settings have been saved - fig. Ldap directory settings have been saved -
- -

Test configuration and simulate sync

- -

Once the settings have been saved, the buttons “simulate synchronize” and “synchronize” at the top have become clickable.

- -

Before we actually do a real synchronization, we will first simulate one. Click on “simulate synchronize” and wait a few seconds. Once the simulation is complete, -a report such as the one below will be displayed.

- -
- Ldap directory sync simulation - fig. Ldap directory sync simulation -
- -

In this report, you will be able to see what will actually happen when you will synchronize your directory for real. You will also be -able to take corrective measures before an error actually happens.

- -

First synchronization

- -

To do the first synchronization, repeat the same process as above. Only, click on “synchronize” this time. A similar report to the one that was displayed during a simulate -will appear and let you know what happened exactly.

- -

User synchronization example workflow

- -

When an user is created in LDAP, they are imported in Passbolt using synchronization.

- -

If you delete this user in Passbolt, he will remain present in LDAP but won’t be added back to Passbolt on next synchronization.

- -

If you want to re-sync this user with LDAP, manually re-create him in Passbolt then run synchronization. Passbolt synchronization tool will automatically recreate the link in Passbolt database.

- -

If you delete this user in LDAP, he will be deleted from Passbolt on next synchronization.

-

How to synchronize my directory automatically?

-

To synchronize the changes automatically you will need to add a cron job on your server. We recommend to execute the job once a day, but you can choose as per your preference.

- - 
0 0 * * * su -c "/var/www/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1
-
- -

For debian and ubuntu systems where passbolt is installed through our supported packages:

- - 
0 0 * * * su -c "/usr/share/php/passbolt/bin/cake directory_sync all --persist" -s /bin/bash www-data >> /var/log/cron.log 2>&1
-
- -

Configure ldap with SSL (ldaps)

-

If your configuration doesn’t run out of the box with ldaps, you can refer to the ldap with ssl documentation in order to adjust your config or throubleshoot your issue.

- -
-

Last updated

-

This article was last updated on -October -11th, -2021.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/mfa.html b/docs/configure/mfa.html deleted file mode 100644 index cc1404059..000000000 --- a/docs/configure/mfa.html +++ /dev/null @@ -1,1064 +0,0 @@ - - - - - Passbolt Help | MFA - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-

Configure Multi-Factor Authentication

-
-
-
- - - - - - - - -
- - - - - - How to configure DUO with Passbolt - How to configure passbolt to use DUO - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to configure YubiKey with Passbolt - How to configure passbolt to use Yubikey OTP - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to configure TOTP with Passbolt - How to configure passbolt to use TOTP - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/mfa/duo.html b/docs/configure/mfa/duo.html deleted file mode 100644 index 46aabbc3a..000000000 --- a/docs/configure/mfa/duo.html +++ /dev/null @@ -1,511 +0,0 @@ - - - - - Passbolt Help | How to configure passbolt to use Duo OTP - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure passbolt to use Duo OTP

-
-
- -
-
- -

Passbolt Pro Edition since v2.5 and CE since 3.9 support Duo as a multi factor authentication option. -Duo is a proprietary solution that is free for up to 10 users, and supports a bundle -of authentication channels (such as HOTP, mobile push, phone calls, etc.) configurable -by the Duo account administrator.

- -
- Duo website - fig. Duo website -
- -
-

- Important: Multi Factor Authentication requires HTTPS to work. -

- -
- -

Security considerations

- -

It is important to enable and setup at least one additional multi factor authentication -provider in case Duo service becomes temporarily not available.

- -

In order to authenticate using Duo, the user will be redirected to Duo’s authentication -page. Whether or not the authentication was successful, the user will be redirected back -to passbolt. Make sure your users have access to internet or do -not enable this authentication provider if you are running passbolt on a private network -that is not connected to internet.

- -

Install Duo app

- -

In order to use this authentication provider, each of your users will need to have either:

- - -
-

- Visit the Duo authentication methods page for more information. -

- -
- -
- Duo mobile application - fig. Duo mobile application -
- -

Register a Duo administrator account

- -

If you do not have a Duo admin account, first sign up at https://signup.duo.com/ -Then log in to the Duo Admin panel at https://admin.duosecurity.com/login

- -

Configure your Duo policies as required by your organization.

- -

Add a passbolt application

- -

In order for passbolt to enable onboarding and authentication of new users with Duo, -you will need to create a Web SDK application for passbolt in Duo.

- -

Login to the Duo Admin page. -In the left-hand side menu, click on “Applications”, then click on “Protect an Application”.

- -
- Duo protect application - fig. Duo protect application -
- -

Find the “Web SDK” application and click on the “Protect” button.

- -
- Duo administration - fig. Duo administration -
- -

Note down the Client ID, Client secret, and API hostname details, as you will need them to configure the integration.

- -
-

- Important: Passbolt versions below 3.11 use DUO v3 which means a generated salt is mandatory -

- -
- -

Generate a random salt

- -

Generating a random salt to configure Duo is mandatory, a salt is a random piece of data that is generated and used in the hashing process to protect sentivite information. It is generated and combined with the secret key before hashing it.

- -

To generate a random salt, you can use the passbolt interface, generate a new password as shown below and use it as the generated salt.

- -
- Passbolt - Password Generator - fig. Passbolt - Password Generator -
- -

Set the configuration in passbolt

- -

You can configure Duo OTP using either the admin interface or environment variables. -If multiple settings providers are used the settings in the admin interface will override the one in environment -variables. Note that we recommend using the admin interface, since it is more secure.

- -

Using admin user interface

- -

Since v2.6 a user interface is provided for administrators to setup MFA providers. -Click on “administration” in the top menu, then “multi factor authentication” on the left menu. -You can then enable or disable the Duo provider by providing the API Hostname, the Client ID and the Client Secret that you gathered in the previous steps. If you are running a Passbolt version below 3.11 you will also need the generated salt. Click “save settings” when you are done.

- -
- MFA organization settings for Duo - fig. MFA organization settings for Duo -
- -

Using environment variables

- - - - - - - - - - - - - - - - - - - - - - - - - - -
Variable nameDescriptionType
PASSBOLT_PLUGINS_MFA_DUO_CLIENT_IDClient IDstring
PASSBOLT_PLUGINS_MFA_DUO_CLIENT_SECRETClient Secretstring
PASSBOLT_PLUGINS_MFA_DUO_API_HOSTNAMEAPI Hostnamestring
-


- -

When you using docker to set these environment variable you can pass them as arguments, -like other variables such as the database name, for example:

- - 
$ docker run --name passbolt \
-             -p 80:80 \
-             -p 443:443 \
-             -e PASSBOLT_PLUGINS_MFA_DUO_API_HOSTNAME=api-26e9f2fce.duosecurity.com \
-             -e etc.
-
- -

Setting Duo for a given passbolt user account

- -

Once you have the Duo integration configured and a Duo authentication device, you can proceed -with enabling Duo as MFA provider for your user account. It is important that you test this to -make sure the integration works.

- -

When logged in on passbolt, go to your profile section and click on “Multi factor authentication” -in the sidebar on the left. You should see the list of providers that are enabled for this instance. -Click on the Duo provider.

- -
- Passbolt Duo setup - fig. Passbolt Duo setup -
- -

Then, click on the “Sign-in with Duo” button to start the Duo authentication process. If this is -the first time you are using Duo with this user and this server, you will be asked to link one or -more device(s) to Duo to authenticate with.

- -
- Duo welcome screen - fig. Duo welcome screen -
- -
- Duo authentication options - fig. Duo authentication options -
- -

Follow the instructions provided by Duo and you should be all set. -The next time you try login from a new device, you will be presented with a Duo -authentication prompt.

- -
- Login prompt - fig. Login prompt -
- -
-

Last updated

-

This article was last updated on -February -6th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/mfa/totp.html b/docs/configure/mfa/totp.html deleted file mode 100644 index 270d57b35..000000000 --- a/docs/configure/mfa/totp.html +++ /dev/null @@ -1,383 +0,0 @@ - - - - - Passbolt Help | How to configure passbolt to use TOTP - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure passbolt to use TOTP

-
-
- -
-
- -

Passbolt Pro Edition since v2.4.0 support TOTP (Time-based One Time Password).

- -

TOTP is a type of authentication method that generates a new, unique password at set intervals (such as every 30 seconds) to be used in addition to a static username and password.

- -
-

- Important: Multi Factor Authentication requires HTTPS to work. -

- -
- -

Security considerations

- -

When using Time-based One-time Passwords (TOTP) as a form of multi-factor authentication, it is important to enable and set up at least one additional form of multi-factor authentication as a backup, in case the TOTP service becomes temporarily unavailable.

- -

This will ensure that users are still able to access their accounts even if one form of authentication is not working.

- -

Another consideration is to ensure that the time-synchronization between the server and the client devices is accurate, if not TOTP codes will not match and the authentication will fail.

- -

Install a TOTP application

- -

In order to use this authentication service, each of your users will need to install -an application that supports Time Based One Time Passwords (TOTP) such as Google Authenticator or FreeOTP. Throughout this page, we will take the Google authenticator mobile application which works on smartphones or tablets.

- - - -

Enable TOTP

-

Log in to Passbolt and navigate to the administration page. (Administration > Multi Factor Authentication).

- -

You should be able to enable “Time-based One Time Password”.

- -
- Enable TOTP in Administration settings - fig. Enable TOTP in Administration settings -
- -

Do not forget to save settings.

- -

Configure TOTP

- -

Log in to Passbolt and navigate to the settings page by clicking on your avatar. -Navigate to Settings > Multi Factor Authentication. -You should be able to select a provider.

- -

As mentionned before, troughout this example we will take Google Authenticator TOTP.

- -
- Enable TOTP in User settings - fig. Enable TOTP in User settings -
- -

After you clicked on your provider, you are allowed to go further by clicking on “Get Started!”.

- -

A QR code will be displayed, which you can scan using the Google Authenticator app. The app will generate a six-digit code that changes every 30 seconds. Enter this code into Passbolt to verify that it is working correctly. Save the backup key provided or write it down in a secure place. You will need this key to recover your account if you lose your phone.

- -

Once you have set up TOTP, every time you log in to Passbolt, you will be prompted to enter the six-digit code generated by the Google Authenticator app. This code is unique to your device and changes every 30 seconds, providing an extra layer of security for your Passbolt account.

- -
- TOTP successfully enabled - fig. TOTP successfully enabled -
- -
-

Last updated

-

This article was last updated on -November -15th, -2018.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/mfa/yubikey.html b/docs/configure/mfa/yubikey.html deleted file mode 100644 index fcc8dad29..000000000 --- a/docs/configure/mfa/yubikey.html +++ /dev/null @@ -1,444 +0,0 @@ - - - - - Passbolt Help | How to configure passbolt to use Yubikey OTP - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure passbolt to use Yubikey OTP

-
-
- -
-
- -

Passbolt Pro Edition since v2.5 and CE since 3.9 support Yubikey OTP as a multi factor authentication option. -Yubico OTP is a simple authentication mechanism that is supported by all YubiKeys out of the box.

- -
-

- Please note than only Yubikey 5 Series are supported. Security Keys with FIDO2/U2F/WebAuthN support are currently not supported. -

- -
- -
- Using a Yubikey at login - fig. Using a Yubikey at login -
- -
-

- Important: Multi Factor Authentication requires HTTPS to work. -

- -
- -

Security considerations

- -

It is important to enable and setup at least one additional multi factor authentication provider in -case the user lose its Yubikey or the the Yubicloud service becomes temporarily not available.

- -

During a login attempt the passbolt will check if the key ID used by the user is the same that was -used during setup. To change key (if the key was lost for example) a user will need to first disable -the Yubikey provider in their settings.

- -

Get a Yubikey cloud api key

- -

In order to use Yubikey OTP you need get an API key for Yubicloud, Yubico’s web service for verifying OTPs. -Please note that it is no longer possible to host yourself the OTP validation server.

- -
- Yubicloud registration - fig. Yubicloud registration -
- -

Before using YubiCloud, you need to get an API key from upgrade.yubico.com -in order to prevent misuse of the service. You will need to authenticate yourself using a Yubikey One-Time Password -and provide your e-mail address as a reference, as well as read and accept the terms of service.

- -

Make sure YubiCloud urls are whitelisted

- -

In order to verify a Yubikey OTP passbolt will need to connect to YubiCloud. -If you prevent outgoing connection from Passbolt server to the following domains:

-
    -
  • api.yubico.com
    • -
  • api2.yubico.com
    • -
  • api3.yubico.com
    • -
  • api4.yubico.com
    • -
  • api5.yubico.com
    • -
- -

One or more of these domains may be used to try to validate an OTP.

- -

Set the configuration in passbolt

- -

You can configure Yubikey OTP using either the admin interface or environment variables. If multiple -settings providers are used the settings in the admin interface will override the one used in environment variables.

- -

Using admin user interface

- -

A user interface is provided for administrators to setup MFA providers. -Click on “administration” in the top menu, then “multi-factor authentication” on the left menu. -You can then enable or disable the Yubikey provider by providing the user id and secret key that -you gathered in the previous steps. Click “save settings” when you are done.

- -
- MFA organization settings for Yubikey - fig. MFA organization settings for Yubikey -
- -

Using environment variables

- -

If you are using docker, you can set these environment variables to configure your Yubikey:

- - - - - - - - - - - - - - - - - - - - - -
Variable nameDescriptionType
PASSBOLT_PLUGINS_MFA_YUBIKEY_SECRETKEYYubicloud secret keystring
PASSBOLT_PLUGINS_MFA_YUBIKEY_CLIENTIDYubicloud client idinteger
-


- -

Setting Yubikey for a given passbolt user account

- -

Once you have the Yubikey integration configured and Yubikey plugged in your computer you -can proceed with enabling Yubikey as provider for your user account. It is important you test -this to make sure the integration works.

- -
- MFA provider selection for passbolt user - fig. MFA provider selection for passbolt user -
- -

When logged in passbolt go to your profile section and click on “Multi-factor authentication” -in the left sidebar. You should see the list of providers that are enabled for this instance. -Click on the Yubikey provider. Passbolt will then prompt you to touch your Yubikey -to enter a one time password.

- -

The next time you try login from a new device, you will be presented with a Yubikey -authentication prompt.

- -
- Login prompt - fig. Login prompt -
- -
-

Last updated

-

This article was last updated on -February -2nd, -2022.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/notification/email.htm b/docs/configure/notification/email.htm deleted file mode 100644 index e17a14d18..000000000 --- a/docs/configure/notification/email.htm +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/notification/email.html b/docs/configure/notification/email.html deleted file mode 100644 index 7358688c1..000000000 --- a/docs/configure/notification/email.html +++ /dev/null @@ -1,691 +0,0 @@ - - - - - Passbolt Help | How to configure email notification settings for your organization - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure email notification settings for your organization

-
-
- -
-
- -

Some actions in passbolt, such as a user sharing a password with someone else, trigger an email notification. As passbolt admin, you can control which events result in an email notification and which events are ignored. Similarly you can control whether or not a piece of information is included in those notification emails.

- -

Passbolt events that trigger email notification

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventRecipients
When a comment is posted on a password.All the users having access to the given password.
When a password is created.The user creating the password.
When a password is shared.The users gaining access to the given password.
When a password is updated.All the users having access to the given password.
When a password is deleted.All the users who had access to the given password.
When a new user is invited.The invited user.
When users try to recover their passbolt account.The user trying to recover their account.
When a group is deleted.Group's members.
A user is added to a group.The user getting added.
A user is removed from a group.The user getting removed.
When user roles change in a group.The affected users.
When members of a group change.The group's manager.
- -

Information that can be shown/hidden from the outgoing emails.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ConfigShow / Hide what
UsernameResource username
URIResource URI/URL
Encrypted SecretPGP encrypted password
DescriptionResource description
CommentComment content
- -

Default behavior

- -

By default all the settings are true which means all the notifications are set to be broadcasted and all the information blocks are set to be shown.

- -

Configuring Email Notification Settings

- -

You can configure email notification settings using either the admin interface, config files or environment variables. If multiple settings providers are used the settings in the admin interface will override the one used in files. Similarly the settings in files will override environment variables.

- -

Using admin user interface

- -

Since v2.10 a user interface is provided for administrators to setup email notification settings. Click on “administration” in the top menu, then “Email Notifications” on the left menu.

- -

The settings are divided into two sections.

- -

Email Delivery

-

These settings control whether or not an email is sent on a given event.

- -
- Email Notification Settings - Email Delivery - fig. Email Notification Settings - Email Delivery -
- -

Email content visibility

- -

These settings control whether a piece of information is included in the emails sent.

- -
- Email Notification Settings - Email Content Visibility - fig. Email Notification Settings - Email Content Visibility -
- -

Using Environment variables

- -

You can use the following environment variables to control the email delivery settings. They are all boolean and accepts 1 or 0. Setting the variable to 1 (one) will mean that email will be sent for that event and setting it 0 (zero) will ignore the event.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventEnvironment variable
When a comment is posted on a password.PASSBOLT_EMAIL_SEND_COMMENT_ADD
When a password is created.PASSBOLT_EMAIL_SEND_PASSWORD_CREATE
When a password is shared.PASSBOLT_EMAIL_SEND_PASSWORD_SHARE
When a password is updatedPASSBOLT_EMAIL_SEND_PASSWORD_UPDATE
When a password is deletedPASSBOLT_EMAIL_SEND_PASSWORD_DELETE
When a new user is invited.PASSBOLT_EMAIL_SEND_USER_CREATE
When users try to recover their passbolt account.PASSBOLT_EMAIL_SEND_USER_RECOVER
When a group is deleted.PASSBOLT_EMAIL_SEND_GROUP_DELETE
A user is added to a group.PASSBOLT_EMAIL_SEND_GROUP_USER_ADD
A user is removed from a group.PASSBOLT_EMAIL_SEND_GROUP_USER_DELETE
When user roles change in a group.PASSBOLT_EMAIL_SEND_GROUP_USER_UPDATE
When members of a group change.PASSBOLT_EMAIL_SEND_GROUP_MANAGER_UPDATE
When a folder is created, notify its creator.PASSBOLT_EMAIL_SEND_FOLDER_CREATED
When a folder is updated, notify the users who have access to it.PASSBOLT_EMAIL_SEND_FOLDER_UPDATED
When a folder is deleted, notify the users who had access to it.PASSBOLT_EMAIL_SEND_FOLDER_DELETED
When a folder is shared, notify the users who gain access to it.PASSBOLT_EMAIL_SEND_FOLDER_SHARE_CREATED
When permissions on a folder are removed, notify the users who lost access to it.PASSBOLT_EMAIL_SEND_FOLDER_SHARE_DROPPED
- -

Similarly, for changing the email content visibility, you can use the following environment variables . They are all boolean and accepts 1 or 0. Setting the variable to 1 (one) will mean that information will be included in outgoing mails and setting it to 0 (zero) will result in not including that.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Show/HideEnvironment variable
Resource usernamePASSBOLT_EMAIL_SHOW_USERNAME
Resource URI/URLPASSBOLT_EMAIL_SHOW_URI
PGP encrypted passwordPASSBOLT_EMAIL_SHOW_SECRET
Resource descriptionPASSBOLT_EMAIL_SHOW_DESCRIPTION
Comment contentPASSBOLT_EMAIL_SHOW_COMMENT
- -

When you using docker to set these environment variable you can pass them as arguments, -like other variables such as the database name, for example:

- - 
$ docker run --name passbolt \
-             -p 80:80 \
-             -p 443:443 \
-             -e PASSBOLT_EMAIL_SHOW_COMMENT=0 \
-             -e PASSBOLT_EMAIL_SHOW_DESCRIPTION=0 \
-             -e PASSBOLT_EMAIL_SEND_COMMENT_ADD=0 \
-             -e PASSBOLT_EMAIL_SEND_PASSWORD_CREATE=0 \
-
- -

Using config file

- -

Email notification settings can also be managed by updating the config/passbolt.php file in your install directory. These settings live in the email key under passbolt.

- - 
'passbolt' => [
-    'email' => [
-        // For Email Delivery configs
-        'send' => [
-            'comment' => [
-              'add' => false
-            ],
-            'password' => [
-              'create' => 'false'
-            ]
-        ],
-        // For content visibility configs
-        'show' => [
-            'comment' => false,
-            'description' => false
-        ]
-    ]
-]
-
- -

If a config variable doesn’t exist in your config file, it’s default value will be picked.

- -

You can use the following config variables to control the email delivery settings. They are all boolean and accepts true or false. Setting the variable to true will mean that email will be sent for that event and setting it false will ignore the event.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EventConfig variable
when a comment is posted on a password.passbolt.email.send.comment.add
when a password is created.passbolt.email.send.password.create
when a password is shared.passbolt.email.send.password.share
when a password is updatedpassbolt.email.send.password.update
when a password is deletedpassbolt.email.send.password.delete
when a new user is invited.passbolt.email.send.user.create
when users try to recover their passbolt account.passbolt.email.send.user.recover
when a group is deleted.passbolt.email.send.group.delete
a user is added to a group.passbolt.email.send.group.user.add
a user is removed from a group.passbolt.email.send.group.user.delete
when user roles change in a group.passbolt.email.send.group.user.update
when members of a group change.passbolt.email.send.group.manager.update
- -

Similarly, for changing the email content visibility, you can use the following config variables . They are all boolean and accepts true or false. Setting the variable to true will mean that information will be included in outgoing mails and setting it to false will result in not including that.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Show/HideVariable name
Resource usernamepassbolt.email.show.username
Resource URI/URLpassbolt.email.show.uri
PGP encrypted passwordpassbolt.email.show.secret
Resource descriptionpassbolt.email.show.description
Comment contentpassbolt.email.show.comment
- -
-

Last updated

-

This article was last updated on -May -22nd, -2019.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/notifications/email.html b/docs/configure/notifications/email.html deleted file mode 100644 index e17a14d18..000000000 --- a/docs/configure/notifications/email.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/password-policies.html b/docs/configure/password-policies.html deleted file mode 100644 index fba8360af..000000000 --- a/docs/configure/password-policies.html +++ /dev/null @@ -1,439 +0,0 @@ - - - - - Passbolt Help | How to configure the Password Policies - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure the Password Policies

-
-
- - -
-
- -
-

- Attention: This feature is currently available only in Passbolt Pro Edition. -

- -
- -

Since version 4.2, Passbolt Pro Edition supports the configuration of Password Policies.

- -
- Password Policies administration - fig. Password Policies administration -
- -

How does it work?

- -

This feature allows administrators to define the default secret generator settings and an external service should be used to check if the generated passwords have been leaked or not. -These policies concern only the secrets that are accessible in the resource workspace, it’s not relative to the user’s private key passphrase (for this part, please check the User Passphrase Policies).

- -

Once configured, the secret generators preset their default configuration with these policies. As a consequence, when a secret is generated from the “dice” button or from the in-form menu, generators use the policies as a default configuration. -However, a user still has the possibility to change the configuration on demand to avoid blocking situation when a service asks specific secret patterns.

- -

How to configure the plugin?

- -

The plugin is enabled by default and since the version 4.2.0 of the API, it is possible to configure the plugin to apply these policies in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “Password Policies” section.

- -

At this stage, you can see 2 configurable sections:

- -
    -
  • Password generator default settings
    • -
  • External services
    • -
- -

Configuring the default password generators

- -

With this part, the password generator settings can be changed such that it becomes the default configuration when users generate a new secret or the default configuration set when they need to customize the generation of a secret. -The UI is composed in 3 parts:

- -
    -
  • the default used generator: password or passphrase
    • -
  • a togglable pannel to configure in details the password generator
    • -
  • a togglable pannel to configure in details the passphrase generator
    • -
- -
- Default password generator settings - fig. Default password generator settings -
- -

Configuring the password generator

- -

To configure the password generator in details, open the configuration panel by clicking on “Passwords settings”. Then you can see an interface close to the password generator configuration. -From there you can change:

- -
    -
  • the default length of the generated password
    • -
  • the default set of characters that the password generator should use.
    • -
  • if the set of characters should use or not similar characters
    • -
- -

To help administrators to have an idea of the strength of the generated password, an entropy bar is displayed on the top of the togglable panel.

- -
-

- Most generated password strength match the entropy displayed but notice that some generated password strength might be a bit lower than that. -

- -
- -
- Default passphrase generator settings - fig. Default passphrase generator settings -
- -

Configuring the passphrase generator

- -

To configure the passphrase generator in details, open the configuration panel by clicking on “Passphrase settings”. Then you can see an interface close to the passphrase generator configuration. -From there you can change:

- -
    -
  • the default number of words to generate
    • -
  • the default words separator to use
    • -
  • the default word case to use during passphrase generation
    • -
- -

To help administrators to have an idea of the strength of the generated passphrase, an entropy bar is displayed on the top of the togglable panel. All generated passphrase strength match the entropy displayed.

- -

Configuring the external dictionary check

- -

This option allows the administrators to choose rather if a secret should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user to inform them that the current secret could be leaked in a database but their Passbolt application cannot verify that.

- -

On the contrary, if the option is enabled, requests are made to an external service to check if the current secret is known in some data breach (notice that a hash of the secret is sent to the external service and not the secret itself). -In case of a secret leaked, the user is informed via a warning message.

- -

These warning messages are shown:

- -
    -
  • on the resource creation
    • -
  • on the resource modification
    • -
  • on the generation of an Organisation Recovery Kit
    • -
- -
-

- Notice that these external checks are not done when a user is importing a set of passwords. -

- -
- -
-

Last updated

-

This article was last updated on -September -14th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/rbac.html b/docs/configure/rbac.html deleted file mode 100644 index 1e9339868..000000000 --- a/docs/configure/rbac.html +++ /dev/null @@ -1,372 +0,0 @@ - - - - - Passbolt Help | How to configure Role-Based Access Control - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure Role-Based Access Control

-
-
- - -
-
- -

Since version 4.1.0, all editions of passbolt support Role-Based Access Control.

- -
- Role-Based Access Control - fig. Role-Based Access Control -
- -

Requirements

- -

You can follow this procedure if you are meeting the following requirements:

- -
    -
  • You are running passbolt >= v4.1.0.
    • -
  • You have an active administrator account.
    • -
- -

How does it work?

- -

RBAC is a feature introduced that as for aim to restrict the access of functionalities to users.

- -

According to the administrator choices, users can be restricted to some functionalities. The administrator has only to chose between allow or deny options for the functionalities.

- -

RBAC

- -

In order to configure RBAC for your organisation, go to administration setting workspace Administration > Role-Based Access Control.

- -

Choose to restrict or not a functionality

- -

By default, all functionalities are allowed. To deny one select and restrict the one that suits best your organization.

- -
- RBAC administration settings select permission - fig. RBAC administration settings select permission -
- -

Apply the changes

- -

Once the RBAC is configured as you wish, you can apply the changes. Click on the “save settings” button.

- -
- RBAC administration settings save changes - fig. RBAC administration settings save changes -
- -
-

Last updated

-

This article was last updated on -July -5th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/reference.html b/docs/configure/reference.html deleted file mode 100644 index 6a1769d7a..000000000 --- a/docs/configure/reference.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

Redirecting…

- Click here if you are not redirected. - diff --git a/docs/configure/self-registration.html b/docs/configure/self-registration.html deleted file mode 100644 index 44c902688..000000000 --- a/docs/configure/self-registration.html +++ /dev/null @@ -1,680 +0,0 @@ - - - - - Passbolt Help | User Self Registration Set Up - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- - -
-
- - -
-
-
-
-
-
-
- -
-
-
- - -
-
-

User Self Registration Set Up

-

How to set up user Self Registration

- -

The purpose of this guide is to show you how to set up user Self Registration on your passbolt installation as an admin and for users how to register.

- -

Admin Guide

- -

Step 1. Log in with an administrator account

- -

Step 2. Navigate to the adminstration tab

- -
- Navigate to admin tab - fig. Navigate to admin tab -
- -

Step 3. Select the Self Registration option on the left

- -
- Navigate to self registration - fig. Navigate to self registration -
- -

Step 4. Click the toggle to enable

- -
- Toggle self registration - fig. Toggle self registration -
- -

Step 5. Enter the domains you want to allow to self register.

- -

This section will require that you specify the domains you want to allow self registration on. This is used to only allow users with an email address at that domain to register.

- -
-

- Important: This will allow ANY user with an email address at that domain to register. So, it is recommended to not use a free or common domain such as gmail.com here. -

- -
- -
- Enter domains - fig. Enter domains -
- -

Step 6. Save your settings

- -

Congrats! At this point you have user Self Registration set up and configured and you can let your users know!

- -

User Guide

- -

Step 1. Navigate to your Passbolt URL

- -

Step 2. Enter your email address

- -
- Enter your email address - fig. Enter your email address -
- -

Step 3. Enter your name

- -
- Enter your name - fig. Enter your name -
- -

Step 4. Proceed with the standard sign up process.

- -
- -
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- - -
-
- - -
-
-

Other frequently asked questions in the same category

-
    - - - -
  • - How can I enable or disable import / export plugins -
    • - - - - - -
  • - Some potential performance tweaks -
    • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • - User Self Registration Set Up -
    • - - - - - - - - - - - - - - - - - -
- -
- -
-
- -
- -
- - - -
-
-
- - - - - - - - - - - - - - diff --git a/docs/configure/sso.html b/docs/configure/sso.html deleted file mode 100644 index 5e43312ff..000000000 --- a/docs/configure/sso.html +++ /dev/null @@ -1,1051 +0,0 @@ - - - - - Passbolt Help | SSO - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-

Configure Single Sign-On

-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to configure SSO with Microsoft - Configure SSO with Microsoft Azure AD - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to configure SSO with Google - Configure SSO with Google Cloud Identity - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/sso/azure.html b/docs/configure/sso/azure.html deleted file mode 100644 index 9cf9d9965..000000000 --- a/docs/configure/sso/azure.html +++ /dev/null @@ -1,435 +0,0 @@ - - - - - Passbolt Help | How to configure SSO with Microsoft - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure SSO with Microsoft

-
-
- - -
-
- -
-

- Attention: This feature is currently available only in Passbolt Pro Edition. -

- -
- -

Since version 3.9, Passbolt Pro Edition supports SSO with Microsoft via Azure AD.

- -
- SSO with Azure - fig. SSO with Azure -
- -

How does it work?

- -

In short Passbolt SSO leverages Azure OAuth2/OpenID on top of the existing challenge-based authentication. -The user by logging in Microsoft unlocks a key stored server side needed to decrypt the secret key passphrase twice encrypted -with a non-extractable symetric key stored in the browser extension local storage client side.

- -

To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the -developer documentation.

- -

How to configure the plugin?

- -
-

- Attention: This feature requires HTTPS to work. -

- -
- -

Open both the Azure portal and Passbolt:

-
    -
  • You will need to go the administration section of your Passbolt instance and then to the “Single Sign On” section.
    • -
  • You will need to also login to the Azure Portal.
    • -
- -
- Passbolt administration - fig. Passbolt administration -
- -

You must ensure users are present both in passbolt and Azure AD, the email is used to correlate accounts.

-
    -
  • Users that are not present in Azure AD but are present in passbolt will not be able to use SSO (a message on microsoft side will be shown).
    • -
  • Users that are not present in passbolt but are present in Azure AD will not be able to login in passbolt (a message on passbolt side will be shown).
    • -
- -
- Azure Portal - fig. Azure Portal -
- -

Configure Azure AD

-

In your Azure AD portal:

-
    -
  • Go to Azure Directory service (or set one up) -
      -
    • Make sure your user email in Azure Directory matches the one in [assbolt
      • -
    -
    • -
  • Copy your Tenant ID (a UUID) and paste it in passbolt
    • -
  • Go to App Registrations > New registration OR “+ Add” > “App Registration”
    • -
- -
- Azure AD - fig. Azure AD -
- -

Register a new application

-
    -
  • Give it a Name such as “Passbolt SSO”
    • -
  • Select the supported account type you desire. “Accounts in this organizational directory only” is a good default.
    • -
  • Copy the redirect url from Passbolt to Azure, it should be something like https://yourdomain.com/sso/azure/redirect.
    • -
  • In “Select a platform”, select “Web”
    • -
  • Click register, you should be back on the Azure application page
    • -
  • Copy the application (client) ID back to your passbolt instance
    • -
- -
- App registration - fig. App registration -
- -

Add a secret for the application

-
    -
  • On the Azure application page, click on “Certificate and secrets”
    • -
  • Click on “New client secret”
    • -
  • Choose a name like “Passbolt SSO Secret”
    • -
  • Select an expiry date
    • -
  • Copy the secret value and expiry back to your passbolt instance
    • -
- -
- App secret creation - fig. App secret creation -
- -

In your passbolt instance:

-
    -
  • Click save settings
    • -
  • A dialog will open with Microsoft button, click on it
    • -
  • A popup will open asking you to perform the authentication with Microsoft
    • -
  • Once the authentication is successful you can save the settings
    • -
  • Once the settings have been saved, you can log out, you should then see an SSO option
    • -
- -
- Passbolt SSO test settings - fig. Passbolt SSO test settings -
- -

Please note that users must successfully perform a login using their current passphrase after SSO has been activated -in order for the SSO option to be proposed to them at future logins.

- -
-

Last updated

-

This article was last updated on -March -15th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/sso/google.html b/docs/configure/sso/google.html deleted file mode 100644 index cf15829ef..000000000 --- a/docs/configure/sso/google.html +++ /dev/null @@ -1,455 +0,0 @@ - - - - - Passbolt Help | How to configure SSO with Google - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure SSO with Google

-
-
- - -
-
- -
-

- Attention: This feature is only available in Passbolt Pro Edition. -

- -
- -

Since version 4.0.0, Passbolt Pro Edition supports SSO with Google via Google Cloud Identity.

- -
- Passbolt GUI - SSO Login with Google Cloud Identity - fig. Passbolt GUI - SSO Login with Google Cloud Identity -
- -
-

- Important: Passbolt will request a Google API for authorization, if you have firewall rules setup, you have to allow your server to request the accounts.google.com domain. -

- -
- -

How does it work?

- -

In short Passbolt SSO leverages Google OAuth2/OpenID on top of the existing challenge-based authentication. The user by logging in Google unlocks a key stored server side needed to decrypt the secret key passphrase twice encrypted with a non-extractable symetric key stored in the browser extension local storage client side.

- -

To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the developer documentation.

- -

How to configure the plugin?

- -

Open both the Google API console and Passbolt:

- -

Once the plugin is enabled you will need to go the administration section of your Passbolt instance and then to the “Single Sign On” section.

- -

You will need to also login to the Google API console.

- -
- Passbolt administration - SSO - fig. Passbolt administration - SSO -
- -

With Passbolt v4.0.0, SSO users can self-register themselves if self registration plugin is enabled. Which means that if one of your users is not yet configured in the browser, he can use SSO to self-register. If self registration plugin is not enabled, you must ensure users are present both in Passbolt and Google Cloud, the email is used to correlate accounts.

- -
    -
  • Users that are not present in Google Cloud but are present in Passbolt will not be able to use SSO (a message on google side will be shown).
    • -
  • Users that are not present in Passbolt but are present in Google Cloud will not be able to login in Passbolt (a message on Passbolt side will be shown).
    • -
  • If self registration is enabled, users that are not present in Passbolt but are present in Google Cloud will be able to self-register in Passbolt (a message on Passbolt side will be shown).
    • -
- -

Configure Google SSO

- -

Navigate to your project lists, click on “New project” button

- -
- Google API Console - Projects - fig. Google API Console - Projects -
- -

In the new project screen, you will be prompted to enter a project name, you can edit the project ID or accept the default one, select an organization and the location. After that, click on “Create” button to create the project, it should appear in your project list as shown above.

- -

Set up OAuth

- -

Once the project is create, navigate to APIs & Services > OAuth consent screen

- -
- Google API Console - Burger Menu - fig. Google API Console - Burger Menu -
- -

On this page, choose the user type to “Internal” and click the “Create” button. Read more about user type

- -
- Google API Console - OAuth conset screen - fig. Google API Console - OAuth conset screen -
- -

Note: As the name suggests, the “Internal” type app will only be available to users within your organization. However selecting “External” might work, we do not recommend it to use with Passbolt as it can let any user with a valid google account can sign-in to Passbolt.

- -
    -
  • Fill in required fields like App name, support email, and developer contact information and click the “Save and continue” button. You can also fill in the details of optional fields if you want.
    • -
- -
- Google API Console - OAuth App Information - fig. Google API Console - OAuth App Information -
- -
    -
  • On the Scopes page, you must have to select these three scopes: -
      -
    • auth/userinfo.email
      • -
    • auth/userinfo.profile
      • -
    • openid
      • -
    -
    • -
- -

Once it is done, click on “Save and continue” to go to the next screen.

- -
- Google API Console - OAuth Scopes - fig. Google API Console - OAuth Scopes -
- -
    -
  • Verify and submit the summary of the details you selected.
    • -
- -

Create credentials

- -

Navigate to APIs & Services > Credentials and click on Create credentials > OAuth client ID.

- -
- Google API Console - Create Credentials - fig. Google API Console - Create Credentials -
- -

On the Create OAuth client ID screen, select Application type to “Web application”, then enter the name of your choice, Authorized Javascript origins, Authorized redirect URIs (You can get this from the Passbolt SSO settings page)

- -

Once you’ve entered all the details click on the “Create” button to create the credentials.

- -

When credentials are created, you’ll get Client ID and Client secret. These are the two things you’ll need to add to Passbolt when you configure the Google SSO.

- -
- Google API Console - Credentials Created - fig. Google API Console - Credentials Created -
- -
-

- Things to consider: The Authorized redirect URIs should be the URL given by the passbolt while configuring SSO from administration (https:///app/administration/sso). Google can accept any valid URL in redirect URLs but it might not work with passbolt. -

- -
- -

Configure SSO through the GUI

- -

To finish the configuration, navigate to Administration > Single Sign On

- -

Fill the fields with what we created, such as:

-
    -
  1. Application ID
    2. -
  2. Secret
    3. -
- -
- Passbolt GUI - Google SSO Test Settings - fig. Passbolt GUI - Google SSO Test Settings -
- -

After that, a dialog will open with a “Sign in with Google” button, click on it. -A popup will open asking you to perform the authentication with Microsoft, once the authentication is successful you can save the settings. -Once the settings have been saved, you can log out and you should see an SSO option.

- -

Note: Users must successfully perform a login using their current passphrase after SSO has been activated in order for the SSO option to be proposed to them at future logins.

- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/totp.html b/docs/configure/totp.html deleted file mode 100644 index 87b11c1e7..000000000 --- a/docs/configure/totp.html +++ /dev/null @@ -1,1051 +0,0 @@ - - - - - Passbolt Help | TOTP - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-

Configure TOTP

-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - How to preview a TOTP on the Web UI - How to preview a TOTP on the web interface - -
- - - - - - - - -
- - - - - - How to create a TOTP with Mobile - How to configure passbolt mobile application to create a TOTP - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/configure/totp/time-based-one-time-password-mobile.html b/docs/configure/totp/time-based-one-time-password-mobile.html deleted file mode 100644 index d065b2ee2..000000000 --- a/docs/configure/totp/time-based-one-time-password-mobile.html +++ /dev/null @@ -1,428 +0,0 @@ - - - - - Passbolt Help | How to create a TOTP - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to create a TOTP

-
-
- -
-
- -

Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password).

- -

TOTP is a mechanism that generates a unique and temporary password based on the current time. This dynamic code can be used on its own or in combination with a static password, offering an additional layer of security compared to traditional password-only systems.

- - - -

iOS

-

On the iOS application, there is a new section called “TOTP”

-
- iOS - Empty TOTP - fig. iOS - Empty TOTP -
- -

In order to create a new TOTP, you’d need to click on “Create”

-
- iOS - TOTP Creation - fig. iOS - TOTP Creation -
- -

That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.

- -

For the TOTP manual creation, you will have to fill three fields:

-
    -
  1. Name, which is the label of the resource
    2. -
  2. URL, which is the fullBaseUrl of the resource
    3. -
  3. Secret, the secret from the TOTP provider
    4. -
-
- iOS - TOTP Configuration - fig. iOS - TOTP Configuration -
- -

You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.

-
- iOS - Link TOTP to an existing password - fig. iOS - Link TOTP to an existing password -
- -

There is also an advanced settings part in order to adjust the expiry, length and algorithm

-
-

- WARNING: Advanced settings have to match the TOTP provider settings otherwise it won’t work. -

- -
- -
- iOS - TOTP Advanced Settings - fig. iOS - TOTP Advanced Settings -
- -

Once created, you will see a success message “TOTP has been created.” then you will be able to preview the TOTP code when you need it.

-
- iOS - TOTP Preview - fig. iOS - TOTP Preview -
- -

Android

-

On the Android application, there will be a new section called “TOTP”

-
- Android - Empty TOTP - fig. Android - Empty TOTP -
- -

In order to create a new TOTP, you’d need to click on “+” icon

-
- Android - TOTP Creation - fig. Android - TOTP Creation -
- -

That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.

- -

For the TOTP manual creation, you will have to fill three fields:

-
    -
  1. Name, which is the label of the resource
    2. -
  2. URL, which is the fullBaseUrl of the resource
    3. -
  3. Secret, the secret from the TOTP provider
    4. -
-
- Android - TOTP Configuration - fig. Android - TOTP Configuration -
- -

You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.

-
- Android - Link TOTP to an existing password - fig. Android - Link TOTP to an existing password -
- -

There is also an advanced settings part in order to adjust the expiry, length and algorithm

-
-

- WARNING: Advanced settings have to match the TOTP provider settings otherwise it won’t work. -

- -
- -
- Android - TOTP Advanced Settings - fig. Android - TOTP Advanced Settings -
- -

Once created, you will see a success message then you will be able to preview the TOTP code when you need it.

-
- Android - TOTP Preview - fig. Android - TOTP Preview -
- -
-

Last updated

-

This article was last updated on -October -4th, -2023.

-
- -
-
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/totp/time-based-one-time-password-ui.html b/docs/configure/totp/time-based-one-time-password-ui.html deleted file mode 100644 index 9514edd63..000000000 --- a/docs/configure/totp/time-based-one-time-password-ui.html +++ /dev/null @@ -1,340 +0,0 @@ - - - - - Passbolt Help | How to preview a TOTP - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to preview a TOTP

-
-
- -
-
- -

Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password) via Mobile. However, it is still possible to preview those TOTP from the Web UI

- -
- Web UI - Preview TOTP - fig. Web UI - Preview TOTP -
- -

There are two types of TOTP:

-
    -
  • Standalone -
      -
    • That is the Passbolt Community TOTP resource, this is not linked to any passwords.
      • -
    -
    • -
  • Linked to an existing password -
      -
    • The resource Passbolt was existing before the creation of the TOTP and has been linked to it.
      • -
    -
    • -
- -

From the Web UI, you are able to preview any TOTP shown in the column “TOTP”

- -
-

Last updated

-

This article was last updated on -October -4th, -2023.

-
- -
-
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/user-passphrase-policies.html b/docs/configure/user-passphrase-policies.html deleted file mode 100644 index 7083a1769..000000000 --- a/docs/configure/user-passphrase-policies.html +++ /dev/null @@ -1,389 +0,0 @@ - - - - - Passbolt Help | How to configure User Passphrase Policies - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

How to configure User Passphrase Policies

-
-
- - -
-
- -
-

- Attention: This feature is only available in Passbolt Pro Edition. -

- -
- -

Since version 4.3.0, Passbolt Pro Edition supports User Passphrase Policies.

- -
- Passbolt GUI - User Passphrase Policies administration - fig. Passbolt GUI - User Passphrase Policies administration -
- -

How does it work?

- -

User Passphrase Policies allows administrators to configure minimal strength requirements for the users’ private key passphrase. -When defining a new passphrase, users have to find a passphrase that matches these policies.

- -

Also, it allows to choose rather or not if a user’s passphrase should be check against an external service to know if it has been leaked or not.

- -

How to configure the plugin?

- -

The plugin is enabled by default and since the version 4.3.0 of the browser extension, Passbolt uses this new User Passphrase Policies feature in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “User Passphrase Policies” section.

- -

At this stage, you can see 2 configurable sections:

- -
    -
  • User passphrase minimal entropy
    • -
  • External password dictionary check
    • -
- -

User passphrase minimal entropy

- -

This section allows administrators to choose among a preset of minimal entropy a user’s private key passphrase needs to match. -It concerns only the passphrase of the users’ private key and not the secret generated for the creation of a new password for instance (to change the secret generation behaviour, please refer to the Password Policies configuration page).

- -

As a consequence when a user has to define a passphrase, it will be required that the passphrase strength matches the minimal entropy set. In other words the strength of the passphrase will have to fit the requirements when:

- -
    -
  • a user is changing its private key passphrase
    • -
  • a user is defining a new passphrase during the account recovery process
    • -
  • a user is defining a passphrase during the creation of its Passbolt account
    • -
- -

Notice that on some cases, passphrases does not have to match this requirements but instead the minimal entropy is shown as a recommendation. It’s the case when users import an already existing GPG private key, so when:

- -
    -
  • a user is recovering its account using its recovery kit
    • -
  • a user is creating a new account and imports its own encrypted GPG key
    • -
- -
- Passbolt GUI - Setup process with User Passphrase Policies - fig. Passbolt GUI - Setup process with User Passphrase Policies -
- -

External password dictionary check

- -

This option allows the administrators to choose rather if a passphrase a user is typing should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user that their passphrase could be leaked in a database but their Passbolt application cannot verify that.

- -

On the contrary, if the option is enabled, requests are made to an external service to check if the currently typed passphrase is known in some data breach (notice that a hash of the passphrase is sent to the external service and not the passphrase itself). -In case of the passphrase being known in data breach the user will be informed via a warning message.

- -

This feature impacts the behaviour of the application by:

- -
    -
  • blocking processes if the minimal entropy is required (not just recommended) in that process and the currently typed passphrase is leaked in a database
    • -
  • not blocking processes if the minimal entropy is recommended (not required)
    • -
  • not blocking processes if the external service cannot be called for any reason regardless of the minimal entropy being a requirement or a recommendation
    • -
- -
- Passbolt GUI - Setup process with a leaked password - fig. Passbolt GUI - Setup process with a leaked password -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/configure/windows-app.html b/docs/configure/windows-app.html deleted file mode 100644 index 56aa88aef..000000000 --- a/docs/configure/windows-app.html +++ /dev/null @@ -1,411 +0,0 @@ - - - - - Passbolt Help | Using Windows App - - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- - - - - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
- -
-
-
- -
-
-

Using Windows App

-
-
- -
-
- -

Prerequisites

- -
-

- Important: The Windows application is currently in BETA mode. To use it, you need to enable the ‘desktop’ feature flag. This will allow all your users to access and configure the Passbolt desktop application from their user profiles -

- -
- -

This feature flag can be enabled through different methods:

-
    -
  • -

    Docker: Set the environment variable PASSBOLT_PLUGINS_DESKTOP_ENABLED to true.

    -
    • -
  • -

    Configuration File: In /etc/passbolt/passbolt.php, add the following section:

    -
    • -
- - 
return [
-  "passbolt" => [
-    "plugins" => [
-      "desktop" => [
-        "enabled" => true
-      ]
-    ]
-  ]
-];
-
- -

How to download and install the application

-

Access the application by clicking on the link in your profile space. This link will redirect you to the Windows Store.

- -
- Home Desktop app page from profile - fig. Home Desktop app page from profile -
- -

Import an existing passbolt account

-

To configure your account in the desktop application, you must transfer your private key from the browser extension to the desktop application.

- -

Getting started

-

After installing the application, you will see instructions on how to download your account kit via the web application. By clicking the ‘Next’ button, you will be guided to the process for uploading your account kit.

- -
- How to download account kit - fig. How to download account kit -
- -

Upload your account kit

- -
- Show account import page - fig. Show account import page -
- -

Verify account kit

-

Once the account kit is successfully uploaded, your account information, including your username and the URL of the Passbolt server, will be displayed on the screen.

- -

Please review this information carefully before proceeding. If you find any discrepancies, you can return to the upload screen by clicking on ‘Import another account’.

- -
- How to download account kit - fig. How to download account kit -
- -

Once your passphrase is validated, the setup of your account will be complete, and you will be able to access the password workspace.

- -

How can I reset my windows application

-

To unlink an existing account and set up a new one, first download the current entries from the Credentials Manager. To do this, use the search bar to find ‘Credential Manager’ and select it.

- -
- Remove credentials in Windows Credential Manager - fig. Remove credentials in Windows Credential Manager -
- -

To remove an existing account from the application, delete the ‘account-metadata’ and ‘account-secret’ entries. This action will reset the application, enabling you to import a new account.

- -

Can I Use Windows Hello?

-

Currently, we do not support Windows Hello due to certain security concerns that are under review. We are investigating the most secure implementation methods and will inform you as soon as a plan is established.

- -

How to Report Issues to Help Us Improve the Product

-

As mentioned earlier, the app is currently in beta and is primarily intended for reporting issues that you encounter while using it. To report issues, please visit the following link: Passbolt Community - Windows Application Developer Edition v0.5.0.

- -
-

Last updated

-

This article was last updated on -November -30th, -2023.

-
- -
-
- -
-

Are you experiencing issues with Passbolt Pro Edition?

- Contact Pro support -

or ask the community

- -
- -
-
- -
-
-
-
- - - - -
- - - - - - - - - \ No newline at end of file diff --git a/docs/contribute/index.html b/docs/contribute/index.html index 7ab76badf..dffc23d47 100644 --- a/docs/contribute/index.html +++ b/docs/contribute/index.html @@ -2,7 +2,7 @@ - Passbolt Help | Contribute + Passbolt Help | Contributor Guide - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- -
-
- -
-
-
-
-
-
- -
-
-
- - - -
-
-

Introduction

-
-
-
- - -
- - - - - - Discovery FAQ - Everybody has to start somewhere. - -
- - -
- - - - - - Roadmap - What are the current and upcoming features. - -
- - -
- - - - - - Security - Learn more about the security and threat model. - -
- - -
- - - - - - Release notes - Find out what have changed since last time! - -
- - -
- - - - - - Incident reports - What went wrong and what we did to fix it. - -
- - -
- - - - - - Talk to a human - We are not machines and it's a cold world out there. - -
- -
- - - - - - - - - - - - - - - - - -
-
-
- - - - - -
- - - - - - - - diff --git a/docs/extend/index.html b/docs/extend/index.html index f289d1391..783cbc461 100644 --- a/docs/extend/index.html +++ b/docs/extend/index.html @@ -2,7 +2,7 @@ - Passbolt Help | Extend + Passbolt Help | Developer Guide - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- - -
-
- - -
-
-
-
-
-
-
- -
-
-
- - -
-
-

How can I enable or disable import / export plugins

-

By default, the import and export plugins are enabled for all your users, which can be an issue for some admins.

- -

Toggle the import or export plugin

- -

You can either remove the corresponding entries inside the plugins section, since the plugins are activated by default. -Otherwise, if you prefer it to be explicit, you can add the section below to your /etc/passbolt/passbolt.php file:

- -
return [
-    /* Locate or add the passbolt section */
-    'passbolt' => [
-        /* Locate or add the plugins section */
-        'plugins' => [
-            'import' => [
-                'enabled' => false,
-            ],
-            'export' => [
-                'enabled' => false,
-            ],
-        ]
-    ]
-]
-
- -
- -
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- - -
-
- - -
-
-

Other frequently asked questions in the same category

-
    - - - -
  • - How can I enable or disable import / export plugins -
    • - - - - - -
  • - Some potential performance tweaks -
    • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • - User Self Registration Set Up -
    • - - - - - - - - - - - - - - - - - -
- -
- -
-
- -
- -
- - - -
-
-
- - - - - - - - - - - - - - diff --git a/docs/faq/configure/index.html b/docs/faq/configure/index.html deleted file mode 100644 index c36d780fa..000000000 --- a/docs/faq/configure/index.html +++ /dev/null @@ -1,600 +0,0 @@ - - - - - Passbolt Help | Configuration FAQ - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- - -
-
- - -
-
-
-
-
-
-
- -
-
-
- - -
-
-

Configuration FAQ

-
    - - - -
  • - How can I enable or disable import / export plugins -
    • - - - - - -
  • - Some potential performance tweaks -
    • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • - User Self Registration Set Up -
    • - - - - - - - - - - - - - - - - - -
- - -
- -
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- - -
-
- - - -
-
-
-
- - - - - -
- - - - - - - - diff --git a/docs/faq/configure/performance-tweaks.html b/docs/faq/configure/performance-tweaks.html deleted file mode 100644 index 107b24bb2..000000000 --- a/docs/faq/configure/performance-tweaks.html +++ /dev/null @@ -1,680 +0,0 @@ - - - - - Passbolt Help | Some potential performance tweaks - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- - -
-
- - -
-
-
-
-
-
-
- -
-
-
- - -
-
-

Some potential performance tweaks

-

Table of contents:

- - - -

Introduction

-

At Passbolt, we are constantly striving to enhance performance, introduce new functionality, and refine existing features.

- -

The default settings that come with Passbolt are suitable for the majority of our users. However, if you have a significant number of users or groups who have access to hundreds or thousands of secrets, the defaults may not meet your performance expectations.

- -

To address this, we have created this guide to help you optimize Passbolt’s performance.

- -

If you prefer not to make these adjustments, please let us know which areas of Passbolt are slowing down for you, and we will consider incorporating improvements in future releases.

- -

Database

-
-

- Important: This assumes you are running your database on the same host as your Passbolt installation -

- -
- -

One database improvement that can be made is to skip the reverse DNS lookup in MySQL/MariaDB. To do this you will need to:

- -

Ensure the passbolt user in the database is allowed to connect via 127.0.0.1 and not just localhost:

-
[mysql]> GRANT USAGE ON *.* TO `passboltadmin`@`127.0.0.1` IDENTIFIED BY PASSWORD `<insert password hash here>`;
-[mysql]> GRANT ALL PRIVILEGES ON `passboltdb`.* TO `passboltadmin`@`127.0.0.1`;
-[mysql]> FLUSH PRIVILEGES;
-
- -

You can find the password hash by running:

-
[mysql]> use mysql;
-[mysql]> select user, host, password from user where user = ‘passboltadmin’;
-
- -

Both above samples assume user is named passboltadmin and the database is named passboltdb, actual values may be different depending on what was chosen during installation.

- -

Edit your mysql configuration file, search for [mysqld] block and add:

-
# Skip reverse DNS lookup
-skip-name-resolve
-
- -

Then restart mysql:

-
systemctl restart mysql
-
-

You will then need to adjust your Passbolt configuration to point to 127.0.0.1 instead of localhost if it is set to localhost

- -

PHP FPM

-

There are two values which you can change to increase the resources that PHP is able to use. These are memory_limit and pm.max_children

- -

You can adjust memory_limit by editing the /etc/php/X.X/fpm/php.ini file where X.X is your PHP version.

- -

You can adjust pm.max_children by editing the /etc/php/X.X/fpm/pool.d/www.conf file where X.X is your PHP version.

- -
-

- Since you edited the php configuration, you will need to restart php-fpm to apply those changes. It’s important to run sudo systemctl restart phpX.X-fpm where X.X is your PHP version -

- -
- -

Nginx

-

For Nginx our recommendation is less about making it more performant, but rather increasing a timeout so that your users don’t experience as many errors if they are regularly running into time outs. You can do this by editing the value for keepalive_timeout in your Nginx config file.

- -
- -
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- - -
-
- - -
-
-

Other frequently asked questions in the same category

-
    - - - -
  • - How can I enable or disable import / export plugins -
    • - - - - - -
  • - Some potential performance tweaks -
    • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • - User Self Registration Set Up -
    • - - - - - - - - - - - - - - - - - -
- -
- -
-
- -
- -
- - - -
-
-
- - - - - - - - - - - - - - diff --git a/docs/faq/configure/why-am-i-getting-ldap-synchronization-issues.html b/docs/faq/configure/why-am-i-getting-ldap-synchronization-issues.html deleted file mode 100644 index c9a858af6..000000000 --- a/docs/faq/configure/why-am-i-getting-ldap-synchronization-issues.html +++ /dev/null @@ -1,706 +0,0 @@ - - - - - Passbolt Help | Why am I getting ldap synchronization issues? - - - - - - - - - - - - - - - - - -
-
-
- -
-
-
-
- -
-
-

Help Search

-
-
-
- - -
- -
-
-
-
-
- - Edit on github -
-
-
- - -
-
- - -
-
-
-
-
-
-
- -
-
-
- - -
-
-

Why am I getting ldap synchronization issues?

-

Synchronization issues can come from a variety of reasons, here are the most common ones.

- - -
- -
- -
-

Not finding what you are looking for? You can also ask the community on the forum.

- - Talk to a human - -
- - -
-
- - -
-
-

Other frequently asked questions in the same category

- - -
- -
-
- -
- -
- - - -
-
-
- - - - - - - - - - - - - - diff --git a/docs/faq/contribute/bug-report.html b/docs/faq/contribute/bug-report.html index dca8b5129..fcd04a73b 100644 --- a/docs/faq/contribute/bug-report.html +++ b/docs/faq/contribute/bug-report.html @@ -238,16 +238,6 @@

Other frequently asked questions in the same category

- - - - - - - - - -
  • How can I contribute with code?
    • @@ -323,162 +313,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -523,110 +357,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/code-contribution.html b/docs/faq/contribute/code-contribution.html index a2bb4ae49..2f8303ddb 100644 --- a/docs/faq/contribute/code-contribution.html +++ b/docs/faq/contribute/code-contribution.html @@ -215,16 +215,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -300,162 +290,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -500,110 +334,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/code-of-conduct.html b/docs/faq/contribute/code-of-conduct.html index 11cfd305a..578ccc3a5 100644 --- a/docs/faq/contribute/code-of-conduct.html +++ b/docs/faq/contribute/code-of-conduct.html @@ -252,16 +252,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -337,162 +327,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -537,110 +371,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/design-contribution.html b/docs/faq/contribute/design-contribution.html index 7ed3f0bc2..e775e2f62 100644 --- a/docs/faq/contribute/design-contribution.html +++ b/docs/faq/contribute/design-contribution.html @@ -208,16 +208,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -293,162 +283,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -493,110 +327,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/feature-request.html b/docs/faq/contribute/feature-request.html index a7798b232..5f2470ba8 100644 --- a/docs/faq/contribute/feature-request.html +++ b/docs/faq/contribute/feature-request.html @@ -233,16 +233,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -318,162 +308,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -518,110 +352,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/financial-contribution.html b/docs/faq/contribute/financial-contribution.html index 3202b79eb..db4ba1b22 100644 --- a/docs/faq/contribute/financial-contribution.html +++ b/docs/faq/contribute/financial-contribution.html @@ -200,16 +200,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -285,162 +275,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -485,110 +319,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/index.html b/docs/faq/contribute/index.html index 71d66fa77..de969f285 100644 --- a/docs/faq/contribute/index.html +++ b/docs/faq/contribute/index.html @@ -172,16 +172,6 @@

    Contribute FAQ

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -257,162 +247,6 @@

    Contribute FAQ

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -457,110 +291,6 @@

    Contribute FAQ

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/contribute/support-us.html b/docs/faq/contribute/support-us.html index e39c2dab1..5adcc3cfb 100644 --- a/docs/faq/contribute/support-us.html +++ b/docs/faq/contribute/support-us.html @@ -233,16 +233,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - -
  • How can I contribute with code?
    • @@ -318,162 +308,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -518,110 +352,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/discover/are-we-there-yet.html b/docs/faq/discover/are-we-there-yet.html deleted file mode 100644 index 92a05bd1d..000000000 --- a/docs/faq/discover/are-we-there-yet.html +++ /dev/null @@ -1,648 +0,0 @@ - - - - - Passbolt Help | When will you be releasing feature X or Y? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    When will you be releasing feature X or Y?

    -

    If the feature is on our roadmap we will most likely get to it at some point. -Good things take time and our capacity to add features depends on how many customers and contributors we have.

    - -

    Please consider supporting us!

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/can-i-use-passbolt-as-personal-password-manager.html b/docs/faq/discover/can-i-use-passbolt-as-personal-password-manager.html deleted file mode 100644 index 34a4b9959..000000000 --- a/docs/faq/discover/can-i-use-passbolt-as-personal-password-manager.html +++ /dev/null @@ -1,646 +0,0 @@ - - - - - Passbolt Help | I need a personal password manager, can I use passbolt? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    I need a personal password manager, can I use passbolt?

    -

    Yes, even though passbolt is primarily design for organizations, you can also use it -to store those passwords that you do not want to share with anyone.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/feature-priority.html b/docs/faq/discover/feature-priority.html deleted file mode 100644 index 1d628fded..000000000 --- a/docs/faq/discover/feature-priority.html +++ /dev/null @@ -1,650 +0,0 @@ - - - - - Passbolt Help | How to you prioritize feature development? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to you prioritize feature development?

    -

    Upcoming new funtionalities are advertised on the roadmap. -Passbolt users can propose and upvote for new ideas on the community forum. -The more financial contributors (and supporters in general) the quicker we can develop new functionalities.

    - -

    Security vulnerabilities and bugs fixes are to be given a higher priority than new features. -Core libraries and framework maintenance upgrade also need to be dealt with proactively.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/how-does-it-work.html b/docs/faq/discover/how-does-it-work.html deleted file mode 100644 index baa6b207d..000000000 --- a/docs/faq/discover/how-does-it-work.html +++ /dev/null @@ -1,659 +0,0 @@ - - - - - Passbolt Help | How does it work? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How does it work?

    -
    - password exchange using passbolt - fig. password exchange using passbolt -
    - -

    In a nutshell:

    -
      -
    • Ada has a password to share with betty
      • -
    • Ada encrypts the password using passbolt plugin and Betty public key
      • -
    • The password is sent encrypted over HTTPS to the server
      • -
    • The password is stored on the passbolt server
      • -
    • Betty receives and email notification
      • -
    • Betty logs in to passbolt
      • -
    • Betty using her private key decrypts the password and uses it to login!
      • -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/how-is-different.html b/docs/faq/discover/how-is-different.html deleted file mode 100644 index d47738627..000000000 --- a/docs/faq/discover/how-is-different.html +++ /dev/null @@ -1,649 +0,0 @@ - - - - - Passbolt Help | How is passbolt different from other password managers? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How is passbolt different from other password managers?

    -

    A lot of password solutions focus on personal needs. Passbolt is primarily designed for teams and not individuals. -We built passbolt taking into account the needs of small and medium organisations in mind. -Moreover passbolt is open source and respectful of your privacy. -Passbolt community edition is free. -It is also extensible thanks to its restful API.

    - -
    - -
    - -
    -

    Why (Summary)

    -

    Free & Open source

    -

    Designed for teams

    -

    Extensible API

    -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/index.html b/docs/faq/discover/index.html deleted file mode 100644 index 27a78dba2..000000000 --- a/docs/faq/discover/index.html +++ /dev/null @@ -1,632 +0,0 @@ - - - - - Passbolt Help | Discovering passbolt - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Discovering passbolt

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - - -
    -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/discover/is-sharing-password-a-bad-practice.html b/docs/faq/discover/is-sharing-password-a-bad-practice.html deleted file mode 100644 index af1ac9348..000000000 --- a/docs/faq/discover/is-sharing-password-a-bad-practice.html +++ /dev/null @@ -1,648 +0,0 @@ - - - - - Passbolt Help | Is sharing the same password with multiple users a bad practice? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Is sharing the same password with multiple users a bad practice?

    -

    Indeed, it is. Wherever possible you should try to have one user account and a unique password per person. -However it is not always possible, especially for built-in privileged accounts (like the admin password of a -router, a root password on a linux server, your organization instagram / twitter account password, etc.), -and this is where passbolt can be of most help.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/what-is-passbolt.html b/docs/faq/discover/what-is-passbolt.html deleted file mode 100644 index cde731288..000000000 --- a/docs/faq/discover/what-is-passbolt.html +++ /dev/null @@ -1,654 +0,0 @@ - - - - - Passbolt Help | What is passbolt? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    What is passbolt?

    -

    Passbolt is a free and open source password manager that allows team members to store and share credentials securely. -For instance, the wifi password of your office, the administrator password of a router or your organisation social -media account password, all of them can be secured using passbolt.

    - -

    Um, the TL;DR?

    -
      -
    • Free & Open source
      • -
    • Designed for teams
      • -
    • Extensible API
      • -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/where-can-i-login.html b/docs/faq/discover/where-can-i-login.html deleted file mode 100644 index ae9da68cf..000000000 --- a/docs/faq/discover/where-can-i-login.html +++ /dev/null @@ -1,671 +0,0 @@ - - - - - Passbolt Help | Where can I login? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Where can I login?

    -

    Long story short, it depends on your situation, as passbolt can be hosted -on-premises or in the cloud.

    - -

    Quick clues

    -

    If you have completed the setup

    -

    If you have completed the setup and configured passbolt on your current laptop or desktop, -you can click on the passbolt icon in the top right corner of your browser. If you -then click on the passbolt logo it will take you to your passbolt workspace.

    - -

    Check for passbolt emails in your mailbox

    -

    In most cases you will have received an email notification from passbolt in the past -in your mailbox. So check your inbox and follow one of the links.

    - -

    Ask for help to your administrator

    -

    In doubt you can also ask the person that invited you to passbolt, e.g. the administrator -that setup passbolt for your company.

    - -

    Other clues

    -

    You are using passbolt cloud version

    -

    If you are using passbolt cloud your passwords will be located -in a workspace in https://cloud.passbolt.com/workspace, where -workspace is the name of your organization, like https://cloud.passbolt.com/acme.

    - -

    You are using passbolt self-hosted version

    -

    If you are using the self hosted version of passbolt you can contact your administrator, -as the self hosted version, much like a blog, can be hosted anywhere.

    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/where-to-get-help.html b/docs/faq/discover/where-to-get-help.html deleted file mode 100644 index 911a5db2d..000000000 --- a/docs/faq/discover/where-to-get-help.html +++ /dev/null @@ -1,652 +0,0 @@ - - - - - Passbolt Help | Where can I get help? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Where can I get help?

    -

    For installation issues or an issue specific to your instance -you can request help from the community on the forum.

    - -

    If you have found a bug you can report it on github.

    - -

    If you require professional support or help to customize passbolt you can get in touch with - the team at contact@passbolt.com.

    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/why-an-extension.html b/docs/faq/discover/why-an-extension.html deleted file mode 100644 index 5c4b01ff7..000000000 --- a/docs/faq/discover/why-an-extension.html +++ /dev/null @@ -1,685 +0,0 @@ - - - - - Passbolt Help | Why do I need a browser extension? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why do I need a browser extension?

    -

    A browser extension is needed to provide functionalities such as auto -filling your passwords when visiting known websites, but more importantly to maintain a higher level of security and provide a secure random number generator.

    - -

    More info

    - -

    A regular website serves users content in the form of html, javascript, css assets. It may be cached on a content delivery network (CDN) for speed, but everything is coming from one place. In the event of an attacker accessing the server, they may be able to change these assets, such as showing you modified content, or change the application logic.

    - -

    The solution we opted-for to ensure code integrity was to split the application in two parts:

    - -
      -
    1. Server side: the API who serves encrypted data
      2. -
    2. Client side: the web extension who renders the assets and contains the logic to encrypt/decrypt data.
      3. -
    - -

    The web extension is published on browsers extension marketplaces (Firefox, Chrome, Edge). Each of them requires the extension to be cryptographically signed by Passbolt developers with a secret key, to make sure nobody can change that code while it is being transmitted from the marketplace.

    - -
    - passbolt application and data delivery - fig. passbolt application and data delivery -
    - -

    Some points you must be aware of:

    - -
      -
    • The passbolt login page is rendered by the browser extension. By entering your passphrase, you unlock your PGP private key stored in the local storage of your browser to let the extension communicate with the passbolt API and perform the user authentication with GnuPG protocol.
      • -
    • Most of passbolt application (passwords, users, or profile namespaces) isn’t rendered by the server but by the browser extension.
      • -
    • End-to-end encryption is provided by the browser extension.
      • -
    - -
    - End to end security using OpenPGP - fig. End to end security using OpenPGP -
    - -

    References:

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/discover/why.html b/docs/faq/discover/why.html deleted file mode 100644 index 351136543..000000000 --- a/docs/faq/discover/why.html +++ /dev/null @@ -1,664 +0,0 @@ - - - - - Passbolt Help | Why do I need a password manager? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why do I need a password manager?

    -

    A password manager allows you to comfortably implement best security practices and therefore reduces the risks for -you and your organisation.

    - -

    With a password manager you can prevent your team from reusing the same password on multiple systems. -You can also make sure they generate stronger passwords by default, since they do not have to remember them anymore. -It also makes it easier to rotate credentials, e.g. help you change your passwords regularly, every 40 days for example.

    - -

    Additionally, having an overview of who has access to what, allows you to reset passwords when somebody leaves -your organisation. Reciprocally it can also help facilitate when someone is joining your team, since a new member -can easily be given access to the all the password they need. It also prevents loss of credentials since you can -perform backups.

    - -

    Um, the TL;DR?

    -
      -
    • Decrease password reuse
      • -
    • Implement password rotation
      • -
    • Increase password strength
      • -
    • Help on-boarding new member
      • -
    - -
    - -
    - -
    -

    Why (Summary)

    -

    Decrease password reuse

    -

    Implement password rotation

    -

    Increase password strength

    -

    Help on-boarding new member

    -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/docker-secrets.html b/docs/faq/hosting/docker-secrets.html deleted file mode 100644 index ea7a20019..000000000 --- a/docs/faq/hosting/docker-secrets.html +++ /dev/null @@ -1,879 +0,0 @@ - - - - - Passbolt Help | Docker Secrets - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Docker Secrets

    -

    This page should give you the information necessary to successfully use Docker Secrets with your Passbolt installation.

    - -
    -

    - Notice: For more information you can learn about secrets for Compose and Swarm -

    - -
    - -

    Supported environment variables

    -

    List of environment variables that can be received as Docker secret and the matching Docker secret path environment variable:

    - - - - - - - - - - - - - - - - - - - - - - - - - - -
    PASSBOLT ENV VARDOCKER SECRET ENV VAR
    DATASOURCES_DEFAULT_PASSWORDDATASOURCES_DEFAULT_PASSWORD_FILE
    DATASOURCES_DEFAULT_HOSTDATASOURCES_DEFAULT_HOST_FILE
    DATASOURCES_DEFAULT_USERNAMEDATASOURCES_DEFAULT_USERNAME_FILE
    DATASOURCES_DEFAULT_DATABASEDATASOURCES_DEFAULT_DATABASE_FILE
    - -

    Supported secret files

    -

    List of file that contains secret data and the matching Docker secret path environment variable:

    - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FILE PATHDOCKER SECRET ENV VAR
    etc/passbolt/gpg/serverkey.ascPASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE
    /etc/passbolt/gpg/serverkey_private.ascPASSBOLT_GPG_SERVER_KEY_PRIVATE_FILE
    /etc/ssl/certs/certificate.crtPASSBOLT_SSL_SERVER_CERT_FILE
    /etc/ssl/certs/certificate.keyPASSBOLT_SSL_SERVER_KEY_FILE
    - -

    Examples

    -

    Inject DATASOURCES_DEFAULT_PASSWORD variable usign Docker secrets

    -

    Following the Docker secrets documentation for Docker compose we have the following docker-compose.yaml example:

    -
    services:
-
-   passbolt:
-     ... 
-     environment:
-       DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_password
-     secrets:
-       - db_password
-     ...
-
-secrets:
-   db_password:
-     file: db_password.txt
-
    - -

    In this example we want to inject the contents of ‘db_password.txt’ in the DATASOURCES_DEFAULT_PASSWORD environment variable inside the Passbolt container.

    - -

    To do so we create the secret and call it db_password in this snippet:

    -
    secrets:
-   db_password:
-     file: db_password.txt
-
    - -

    Once we have this, we use this secret on the Passbolt service:

    -
    services:
-   passbolt:
-     ... 
-     secrets:
-       - db_password
-     ...
-
    - -

    Finally, we have to check which environment variable we have to set in order to get the contents of the secret file in the DATASOURCES_DEFAULT_PASSWORD var. So we check in the Supported environment variables section to get the correct variable (DATASOURCES_DEFAULT_PASSWORD_FILE in this case) and set it on the Passbolt container environment with the path that points to the secret name:

    -
    services:
-   passbolt:
-     ... 
-     environment:
-       DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_password
-
    - -

    Inject /etc/ssl/certs/certificate.pem file using Docker secrets

    -
    services:
-
-   passbolt:
-     ... 
-     environment:
-       PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_cert
-     secrets:
-       - ssl_cert
-     ...
-
-secrets:
-   ssl_cert:
-     file: ssl_cert.pem
-
    - -

    In this example we want to inject the contents of ‘ssl_cert.pem’ in the ‘/etc/ssl/certs/certificate.pem’ file inside the Passbolt container.

    - -

    To do so, we create a Docker secret and call it ssl_cert with the contents of ssl_cert.pem:

    -
    secrets:
-   ssl_cert:
-     file: ssl_cert.pem
-
    - -

    Then we inject the secret in the Passbolt service:

    -
    services:
-   passbolt:
-     ... 
-     secrets:
-       - ssl_cert
-     ...
-
    -

    And finally, we go to the supported secret files section to get which environment variable is the one that points to the path I want to fill ( PASSBOLT_SSL_SERVER_CERT_FILE which points to ‘/etc/ssl/certs/certificate.crt’):

    -
    services:
-   passbolt:
-     ... 
-     environment:
-       PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_cert
-
    -

    Create secret outside of compose file

    -

    You can also create secrets directly so that you don’t have to retain the file with the secret. This example will show you how to do that.

    - -

    The first step here is to create the secret:

    -
    docker secret create gpg-public public.key
-
    - -

    You will then need to modify your compose file to designate this as an external secret:

    -
    secrets:
-   gpg-public:
-     external: true
-
    - -

    Finally you will need to make sure this secret is used by the Passbolt service:

    -
    services:
-
-   passbolt:
-     ... 
-     environment:
-       PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE: /run/secrets/gpg-public
-     secrets:
-       - gpg-public
-     ...
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/firewall-rules.html b/docs/faq/hosting/firewall-rules.html deleted file mode 100644 index 741b4aec6..000000000 --- a/docs/faq/hosting/firewall-rules.html +++ /dev/null @@ -1,783 +0,0 @@ - - - - - Passbolt Help | Firewall rules - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Firewall rules

    -

    You must allow these rules to make Passbolt work in a firewalled environment:

    - -

    Inbound rules

    - - - - - - - - - - - - - - - - - - - - - - - - -
    Protocol namePort numberTransport Layer ProtocolComment
    HTTP80TCPOptional, should be used only to redirect to HTTPS
    HTTPS443TCPTo serve Passbolt through HTTPS
    - -

    Outbound rules

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Protocol namePort numberTransport Layer ProtocolComment
    HTTP80TCPTo be able to connect to operating system repositories who don’t use https (Ubuntu)
    HTTPS443TCPTo be able to connect to package repository or bitbucket repository
    SMTPusually 587TCPTo send email notifications, used port depends of your SMTP server configuration, usually 25/TCP, 587/TCP or 465/TCP
    DNS53UDPTo be able to resolve SMTP server name, or download.passbolt.com to check for updates
    NTP123UDPTo make server synchronized to a NTP server. Mandatory to make GPG or MFA/OTP work
    HKPS11371TCPHKPS protocol for receiving GPG keys
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/hosting-requirements.html b/docs/faq/hosting/hosting-requirements.html deleted file mode 100644 index 0f4bbf0c2..000000000 --- a/docs/faq/hosting/hosting-requirements.html +++ /dev/null @@ -1,716 +0,0 @@ - - - - - Passbolt Help | What are the minimum server requirements? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    What are the minimum server requirements?

    -

    Passbolt has been reported to work on a large variety of servers. -However we recommend you run passbolt using the stable version of a major linux distribution such as Debian, -Ubuntu, Centos, etc.

    - -

    The minimum virtual machine specs we recommend:

    -
      -
    • 2 cores
      • -
    • 2GB RAM
      • -
    • 20GB
      • -
    • 10mbps
      • -
    • Internet access
      • -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-backup.html b/docs/faq/hosting/how-to-backup.html deleted file mode 100644 index a6ecc6ce8..000000000 --- a/docs/faq/hosting/how-to-backup.html +++ /dev/null @@ -1,715 +0,0 @@ - - - - - Passbolt Help | How to make passbolt backups - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to make passbolt backups

    -

    You can (and should) make a backup of your secret key during the setup after generating a new key. -You can also do that at any moment when you are logged in the application by going to the profile section.

    - -

    At the moment it is not possible to download a backup of your passwords from the client side. However if you -have email notification enabled you should receive a copy of your encrypted passwords by email, which can act as -a backup.

    - -

    However on the server side you can make a regular backup of the entire database. Several methods are available -and there is plenty of documentation available online.

    - -

    See also How to make passbolt server backup.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-generate-jwt-key-pair-manually.html b/docs/faq/hosting/how-to-generate-jwt-key-pair-manually.html deleted file mode 100644 index f98329f15..000000000 --- a/docs/faq/hosting/how-to-generate-jwt-key-pair-manually.html +++ /dev/null @@ -1,741 +0,0 @@ - - - - - Passbolt Help | How to generate JWT key pair manually - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to generate JWT key pair manually

    -
    -

    - Warning: Replace /usr/share/php by /var/www and - /etc/passbolt by /var/www/passbolt/config if you have installed passbolt from sources. -

    - -
    - -

    Ensure /etc/passbolt/jwt folder exists and is owned by root user and www-data group.

    - -
    sudo mkdir -m=750 /etc/passbolt/jwt
-
    - -

    Create the JWT keys:

    - -
    sudo /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys
-
    - -

    Ensure rights are correct:

    - -
    sudo chown -R root:www-data /etc/passbolt/jwt
-sudo chmod 600 /etc/passbolt/jwt/jwt.key
-sudo chmod 640 /etc/passbolt/jwt/jwt.pem
-
    - -

    Ensure that all is good by executing the healthcheck.

    - -
    sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt" www-data
-
    - -

    You should see this result:

    - -
    JWT Authentication
-[PASS] The JWT Authentication plugin is enabled
-[PASS] The /etc/passbolt/jwt/ directory is not writable.
-[PASS] A valid JWT key pair was found
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-import-ssl-certificate-on-mobile.html b/docs/faq/hosting/how-to-import-ssl-certificate-on-mobile.html deleted file mode 100644 index ed7cf4e6d..000000000 --- a/docs/faq/hosting/how-to-import-ssl-certificate-on-mobile.html +++ /dev/null @@ -1,813 +0,0 @@ - - - - - Passbolt Help | How to import SSL certificate on mobile application - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to import SSL certificate on mobile application

    -

    Your passbolt server must have HTTPS enabled to be able to use passbolt mobile app.

    - -

    If you are using self-signed certificates, you must import your server certificate to your mobile device.

    - -

    The screenshots below assume you are importing a root CA certificate (in case your self-signed certificates are trusted by a local certification authority), but the procedure remains the same in case you import server certificate.

    - -

    Not using iOS ? Click here for importing certificates on Android

    - -

    Import certificate on iOS

    - -

    Put certificate on your device and select it to install. You will be asked to review it in Setting app:

    - -
    - Download profile - fig. Download profile -
    - -

    Go to Settings app and select “Profile Downloaded”

    - -
    - Select Profile Downloaded - fig. Select Profile Downloaded -
    - -

    Your certificate informations will be displayed, select Install to install it:

    - -
    - Install profile - fig. Install profile -
    - -

    Enter your iOS passcode:

    - -
    - Enter your iOS passcode - fig. Enter your iOS passcode -
    - -

    Be warned than certificate won’t be usuable until you have enable it Certificate Trust Settings, select Install

    - -
    - Install profile warning - fig. Install profile warning -
    - -

    Select Install:

    - -
    - Install profile - fig. Install profile -
    - -

    Profile is installed, select Done:

    - -
    - Profile installed - fig. Profile installed -
    - -

    To enable your certificate, go to Setting app > General > About and select Certificate Trust Settings:

    - -
    - Select Certificate trust Settings - fig. Select Certificate trust Settings -
    - -

    Enable your new certificate and confirm by selecting Continue:

    - -
    - Select Certificate trust Settings - fig. Select Certificate trust Settings -
    - -

    Import certificate on Android

    - -

    Go to Settings > Security > Encryption & credentials and select Install a certificate:

    - -
    - Install a certificate - fig. Install a certificate -
    - -

    Select CA certificate:

    - -
    - Select CA certificate - fig. Select CA certificate -
    - -

    A warning is displayed, read it and only if you agree with it, select Install Anyway

    - -
    - Displayed warning - fig. Displayed warning -
    - -

    Select your certificate:

    - -
    - Select your certificate - fig. Select your certificate -
    - -

    Your certificate is installed:

    - -
    - Installed certificate - fig. Installed certificate -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-increase-auto-logout-time.html b/docs/faq/hosting/how-to-increase-auto-logout-time.html deleted file mode 100644 index 50073ffe9..000000000 --- a/docs/faq/hosting/how-to-increase-auto-logout-time.html +++ /dev/null @@ -1,756 +0,0 @@ - - - - - Passbolt Help | How to increase auto logout time? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to increase auto logout time?

    -

    By default passbolt uses the PHP session duration setting to define when the auto logout should -kick in. If the default session timeout is too short for you and your user you can extend it in -the PHP configuration.

    - -

    Currently, the code checks every 15 minutes if the browser is idle, using this browser functionality reserved for extensions, which returns “locked” if the system is locked, “idle” if the user has not generated any input for a specified number of seconds, or “active” otherwise.

    - -

    So if there is no direct interaction with the extension, the extension will not try to keep the session alive, and will just let it timeout. So if you have a long session default normally you would need to fail several checks to get logged out.

    - -
    -

    - Pro tip: If the browser window is closed (even if the browser application is not closed) you will get logged out right away. -

    - -
    - -

    The best way to keep your session active is via the remember me feature as shown here.

    -
    - Remember my password - fig. Remember my password -
    - -

    See the directive -session.gc-maxlifetime

    - -

    In order to change this number you must locate your php.ini file. Its location depends on your -operating system and php versions.

    - -

    For example on Debian or Ubuntu if you are using Nginx and PHP 7.4 it will be in -/etc/php/7.4/fpm/php.ini but the easy way to find it is to execute this command:

    - -
    $ grep -lr session.gc_maxlifetime /etc/ | grep fpm
-/etc/php/7.4/fpm/php.ini
-
    - -

    Once located replace the 1440 timout value in seconds with for example 2700 for 45 minutes:

    -
    ; After this number of seconds, stored data will be seen as 'garbage' and
-; cleaned up by the garbage collection process.
-; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 2700
-
    - -

    Important: It’s really important to note that the browser extension is sending a request to the server in order to keep the session active, that means that any behaviour that is comprometting it will end the session, even if the session lifetime is not ended. We have noticed a short behaviour that will result in a session ended:

    - -
      -
    • Internet connection lost
      • -
    • Browser shutdown
      • -
    • Computer shutdown
      • -
    • Computer’s session inactive (locked)
      • -
    • Changing IP address
      • -
    • Browser’s Confidentiality settings
      • -
    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-install-passbolt-non-interactive.html b/docs/faq/hosting/how-to-install-passbolt-non-interactive.html deleted file mode 100644 index dc96289c6..000000000 --- a/docs/faq/hosting/how-to-install-passbolt-non-interactive.html +++ /dev/null @@ -1,817 +0,0 @@ - - - - - Passbolt Help | How to install passbolt in non-interactive mode? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to install passbolt in non-interactive mode?

    -

    The non-interactive mode is useful for automating passbolt installation and for users with specific needs. It is available only on Debian and Ubuntu operating systems.

    - -

    The commands of this page assume you want to install passbolt CE. Replace ce with pro if you plan to install the PRO version.

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt and install it.

    - -

    Step 1. Download our dependencies installation script:

    - -
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - -
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - -
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Simple mode

    - -

    If you don’t want to install mysql locally or you don’t want to use nginx as http server you can run the non-interactive command with --no-install-recommends parameter.

    - -
    sudo DEBIAN_FRONTEND=noninteractive apt-get install \
-  --no-install-recommends passbolt-ce-server
-
    - -

    Advanced mode

    - -

    You can automate the installation by pre-fill answers with this command (run one command per parameter):

    - -
    echo passbolt-ce-server <parameter> <type> <value> | \
-  sudo debconf-set-selections
-
    - -

    Parameter and type reference table:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription
    passbolt/mysql-configurationbooleanTo enable MySQL, can be true (default) or false
    passbolt/mysql-passbolt-usernamestringPassbolt database username
    passbolt/mysql-passbolt-passwordpasswordPassbolt database password
    passbolt/mysql-passbolt-password-repeatpasswordPassbolt database password confirm (must be the same as passbolt/mysql-passbolt-password)
    passbolt/mysql-passbolt-dbnamestringPassbolt database name
    passbolt/nginx-configurationbooleanTo enable Nginx, can be true (default) or false
    passbolt/nginx-configuration-three-choicesselectSSL configuration: When certbot package is installed, you can choose between auto, manual and none
    passbolt/nginx-configuration-two-choicesselectSSL configuration: When certbot package is not installed, you can choose only between manual and none
    passbolt/nginx-domainstringPassbolt domain name (FQDN)
    passbolt/nginx-certificate-filestringAbsolute path to SSL certificate path (applies only if nginx-configuration-*-choices is manual)
    passbolt/nginx-certificate-key-filestringAbsolute path to SSL key path (applies only if nginx-configuration-*-choices is manual)
    - -

    Once done, run this non-interactive install command:

    - -
    sudo DEBIAN_FRONTEND=noninteractive apt-get install passbolt-ce-server
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-install.html b/docs/faq/hosting/how-to-install.html deleted file mode 100644 index 1edcde1a0..000000000 --- a/docs/faq/hosting/how-to-install.html +++ /dev/null @@ -1,706 +0,0 @@ - - - - - Passbolt Help | How to install passbolt server - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to install passbolt server

    -

    There are multiple way to install passbolt. You can install it using Docker or on your favorite distribution. -Check out the dedicated documentation page for that topic.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-migrate-from-http-to-https.html b/docs/faq/hosting/how-to-migrate-from-http-to-https.html deleted file mode 100644 index 0516f7837..000000000 --- a/docs/faq/hosting/how-to-migrate-from-http-to-https.html +++ /dev/null @@ -1,705 +0,0 @@ - - - - - Passbolt Help | How to migrate from HTTP to HTTPS - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to migrate from HTTP to HTTPS

    -

    You will find documentation about how to configure https by clicking here

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-rotate-server-gpg-keys.html b/docs/faq/hosting/how-to-rotate-server-gpg-keys.html deleted file mode 100644 index c837ab35b..000000000 --- a/docs/faq/hosting/how-to-rotate-server-gpg-keys.html +++ /dev/null @@ -1,808 +0,0 @@ - - - - - Passbolt Help | How to rotate server GPG keys - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to rotate server GPG keys

    -

    Docker installation

    - -

    It is quite simple with docker to rotate your passbolt server GPG keys. Connect yourself inside the passbolt container and delete the keys:

    - -
    rm /etc/passbolt/gpg/serverkey.asc
-rm /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Destroy then recreate passbolt container and new GPG server keys will be generated.

    - -
    docker-compose up -d --force-recreate
-
    - -

    Other installations

    - -

    Create a temporary GPG home folder:

    - -
    mkdir /tmp/gpg-temp
-
    - -

    Generate new GPG keys:

    - -
    gpg --homedir /tmp/gpg-temp --batch --no-tty --gen-key <<EOF
-    Key-Type: default
-    Key-Length: ${PASSBOLT_KEY_LENGTH:-2048}
-    Subkey-Type: default
-    Subkey-Length: ${PASSBOLT_SUBKEY_LENGTH:-2048}
-    Name-Real: ${PASSBOLT_KEY_NAME:-Passbolt default user}
-    Name-Email: ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}
-    Expire-Date: ${PASSBOLT_KEY_EXPIRATION:-0}
-    %no-protection
-    %commit
-EOF
-
    - -

    Replace the current GPG server keys with the new ones:

    - -
    gpg --homedir /tmp/gpg-temp --armor --export ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | sudo tee /etc/passbolt/gpg/serverkey.asc > /dev/null
-gpg --homedir /tmp/gpg-temp --armor --export-secret-key ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | sudo tee /etc/passbolt/gpg/serverkey_private.asc > /dev/null
-
    - -

    Ensure new GPG keys owner and group are correct. Replace www-data with nginx if you are using RPM-based Linux distribution.

    - -
    sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-
    - -

    Get new GPG keys fingerprint from public key:

    - -
    sudo gpg --show-keys /etc/passbolt/gpg/serverkey.asc | grep -Ev "^(pub|sub|uid|$)" | tr -d ' '
-
    - -

    Ensure the fingerprint from private key is the same:

    - -
    sudo gpg --show-keys /etc/passbolt/gpg/serverkey_private.asc | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' '
-
    - -

    CentOS 7 gpg command is quite old and has no –show-keys parameter. Use these commands instead:

    - -
    # public key fingerprint
-sudo cat /etc/passbolt/gpg/serverkey.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$)" | tr -d ' ' | sed 's/Keyfingerprint=//'
-# private key fingerprint
-sudo cat /etc/passbolt/gpg/serverkey_private.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' ' | sed 's/Keyfingerprint=//'
-
    - -

    Open /etc/passbolt/passbolt.php configuration file and replace old fingerprint with the new one in the passbolt section:

    - -
        'passbolt' => [
-        // GPG Configuration.
-        // The keyring must to be owned and accessible by the webserver user.
-        // Example: www-data user on Debian
-        'gpg' => [
-            // Main server key.
-            'serverKey' => [
-                // Server private key fingerprint.
-                'fingerprint' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX',
-                'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc',
-                'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc',
-            ],
-        ],
-
-
    - -

    Launch a healthcheck command to get passbolt GNUPGHOME folder (usually /var/lib/passbolt/.gnupg but can be different if you installed passbolt from sources):

    - -
     sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg" | grep GNUPGHOME
-
    - -

    Delete the current GNUPGHOME folder, it will be automatically recreated.

    - -
    sudo rm -rf /var/lib/passbolt/.gnupg
-
    - -

    On next connection through web interface, you will get a warning that the server key has been changed:

    - -
    - Server key has changed - fig. Server key has changed -
    - -

    You can now delete the temporary GPG home folder:

    - -
    rm -rf /tmp/gpg-temp
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-update.html b/docs/faq/hosting/how-to-update.html deleted file mode 100644 index e7962dcd2..000000000 --- a/docs/faq/hosting/how-to-update.html +++ /dev/null @@ -1,705 +0,0 @@ - - - - - Passbolt Help | How can I update my passbolt server? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How can I update my passbolt server?

    -

    Check out the dedicated documentation page for that topic.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/how-to-use-rootless-images.html b/docs/faq/hosting/how-to-use-rootless-images.html deleted file mode 100644 index cbdd7f934..000000000 --- a/docs/faq/hosting/how-to-use-rootless-images.html +++ /dev/null @@ -1,749 +0,0 @@ - - - - - Passbolt Help | How to use docker rootless images - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to use docker rootless images

    -

    Our docker-compose.yml example uses root images. If you want to use non-root images, choose one from available docker tags as image and update ports option.

    - -

    root images uses 80 and 443 ports:

    - -
    version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    image: passbolt/passbolt:latest-ce
-    ...
-    ports:
-      - 80:80
-      - 443:443
-
    - -

    non-root images uses 8080 and 4433 so you need to map ports 80 and 443 to them:

    - -
    version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    image: passbolt/passbolt:latest-ce-non-root
-    ...
-    ports:
-      - 80:8080
-      - 443:4433
-
    - -

    non-root images also uses a different path to handle ssl certificates:

    - -
    version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
-      - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
-
    - -

    You can know more about how to setup https on docker on the https configuration section.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/index.html b/docs/faq/hosting/index.html deleted file mode 100644 index 3bd6ef6f5..000000000 --- a/docs/faq/hosting/index.html +++ /dev/null @@ -1,692 +0,0 @@ - - - - - Passbolt Help | Hosting FAQ - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Hosting FAQ

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - - -
    -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/hosting/installation-issue-help.html b/docs/faq/hosting/installation-issue-help.html deleted file mode 100644 index 831750de7..000000000 --- a/docs/faq/hosting/installation-issue-help.html +++ /dev/null @@ -1,723 +0,0 @@ - - - - - Passbolt Help | Where can I get help for installation issues? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Where can I get help for installation issues?

    -

    Community support

    -

    If you are experiencing issues during the installation process you can request help from the -community in the forum.

    - -

    Before posting make sure to:

    -
      -
    • read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
      • -
    • read the tutorials and relevant help section on this site
      • -
    • searched for similar issues on the web
      • -
    • provide relevant information about the server (component names and versions, etc.)
      • -
    • provide a copy of my logs and health check
      • -
    • describe the steps you have taken to trouble shoot the problem
      • -
    • describe the steps we can take to be able to reproduce the issue
      • -
    - -

    Professional support

    -

    If you need a more rapid response time and more in depth help you can also contact -Passbolt SARL, the company behind passbolt, to get professional support services at -contact@passbolt.com.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/logs.html b/docs/faq/hosting/logs.html deleted file mode 100644 index 5f8475c90..000000000 --- a/docs/faq/hosting/logs.html +++ /dev/null @@ -1,865 +0,0 @@ - - - - - Passbolt Help | How can I check logs on my server? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How can I check logs on my server?

    -

    The importance of the installation method

    -

    There are three main types of installations for Passbolt, and that’s what you need to know before running one of these commands as they may not work for each installation.

    - - -

    With package installation, the files will be split into two different directories, /etc/passbolt for the configuration files and /usr/share/php/passbolt for every other files and the CakePHP CLI.

    - -

    If you did a from source installation, the whole directory will be in /var/www/passbolt.

    - -

    If you are runnig docker, please, refer to the Troubleshoot Docker guide as all is explained there.

    - -

    API

    -

    Healthcheck

    -

    The healthcheck is used to check whether the Passbolt system is running as expected. It evaluates various aspects of the system to ensure that all components are working properly and configured correctly. It provides a detailed report about important information such as the gpg configuration, the ssl access, database configuration, etc.

    - -
      -
    1. -

      Package Installation

      - - 
       sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data
-
      -
      2. -
    2. -

      From source

      - - 
       sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck" www-data
-
      -
      3. -
    - -
    -

    - Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. -

    - -
    - -

    Datacheck

    -

    The datacheck is a great tool as it aims to have a look at the data integrity for gpg keys, authentication tokens, groups, resources, etc.

    - -
      -
    1. -

      Package Installation

      - - 
       sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck" www-data
-
      -
      2. -
    2. -

      From source

      - - 
       sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt datacheck" www-data
-
      -
      3. -
    - -
    -

    - Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. -

    - -
    - -

    Status Report

    - -

    The status report is in most case the best alternative if you need to gather information from the healthcheck, datacheck, do a cleanup dry-run and retrieve the server logs.

    - -

    On top of executing the healthcheck, datacheck and retrieving the server logs one after the other, it also gives important information about the system itself such as the passbolt edition and version, the version of CakePHP and PHP, composer version etc.

    - -
      -
    1. -

      Package Installation

      - - 
       sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/status-report" www-data
-
      -
      2. -
    2. -

      From source

      - - 
       sudo su -s /bin/bash -c "/var/www/passbolt/bin/status-report" www-data
-
      -
      3. -
    - -
    -

    - Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. -

    - -
    - -

    Server logs

    - -

    The server logs contains mostly error and warnings such as bad request, invalid requests, applications errors, etc.

    - -
      -
    1. -

      Package Installation

      - - 
       sudo su -s /bin/bash -c "cat /var/log/passbolt/error.log" www-data
-
      -
      2. -
    2. -

      From source

      - 
       sudo su -s /bin/bash -c "cat /var/www/passbolt/logs/error.log" www-data
-
      -
      3. -
    - -
    -

    - Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. -

    - -
    - -

    Browser Extension

    -

    Google Chrome

    -
      -
    1. You will need to navigate to your extensions
      2. -
    2. Activate the Developer mode in the top right corner
      3. -
    3. Look for Passbolt and click details button
      4. -
    4. Look for the Inspect views and the index.html link
      5. -
    5. A new window will appear this is the debugger of the browser extension
      6. -
    6. You can see from here, if there is any issue in the console tab
      7. -
    7. Go to the network tab
      8. -
    8. Try to reproduce the error
      9. -
    9. Export the logs by clicking the down arrow
      10. -
    - -
    -

    - Warning: HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can’t check by opening them in a text editor. -

    - -
    - -
    - Browser Extension Network Logs - fig. Browser Extension Network Logs -
    - -

    Firefox

    -
      -
    1. You will need to navigate to your extensions
      2. -
    2. Locate Passbolt and click Inspect
      3. -
    3. A new window will appear this is the debugger of the browser extension
      4. -
    4. You can see from here, if there is any issue in the console tab
      5. -
    5. Go to the network tab
      6. -
    6. Try to reproduce the error
      7. -
    7. Export logs by clicking right on the logs and select Save all As HAR
      8. -
    - -
    -

    - Warning: HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can’t check by opening them in a text editor. -

    - -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/mobile-faq.html b/docs/faq/hosting/mobile-faq.html deleted file mode 100644 index 5c11491d1..000000000 --- a/docs/faq/hosting/mobile-faq.html +++ /dev/null @@ -1,793 +0,0 @@ - - - - - Passbolt Help | iOS / Android Mobile FAQ - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    iOS / Android Mobile FAQ

    -

    Can I use the mobile application without HTTPS configured on my passbolt server ?

    - -

    A valid HTTPS configuration is mandatory for security concerns to be able to use the passbolt with iOS / Android. Mobile app won’t work with plain HTTP.

    - -

    You can get a green padlock aside the url in your browser without a valid configuration for mobile app. A common misconfiguration error is to forget the intermediate certificate. You can check our SSL troubleshooting page for more details.

    - -

    Can I use a self-signed certificate with the mobile application ?

    - -

    The answer is yes. The mandatory part is to generate a certificate with a valid subjectAltName.

    - -

    How to generate a proper Self-signed certificate ?

    - -
    openssl req -x509 \
-    -newkey rsa:4096 \
-    -days 120 \
-    -subj "/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/" \
-    -nodes \
-    -addext "subjectAltName = DNS:passbolt.domain.tld" \
-    -keyout key.pem \
-    -out cert.pem
-
    - -

    This command will output two files: key.pem and cert.pem.

    - -

    Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName.

    - -
    -

    - Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. - If you do that, replace DNS with IP in subjectAltName. -

    - -
    - -

    How to import my self-signed certificate ?

    - -

    Once your self-signed certificate configured, import it in your mobile.

    - -

    Can I use 2FA ?

    - -

    Our mobile application support TOTP and Yubikey.

    - -

    Duo OTP is not supported yet.

    - -

    How to get logs ?

    - -

    Logs are available:

    - -
      -
    • inside top-right (?) button on Login screen and while scanning QRCodes
      • -
    • once logged in inside the settings menu.
      • -
    - -

    You can share them by clicking on the share icon on top-right of your screen.

    - -

    On Android, logs collection must be manually enabled:

    - -
    - Enable Android logs - fig. Enable Android logs -
    - -

    I can’t login using Apache

    - -

    Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your Apache config:

    - -
    RewriteEngine On
-RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
-
    - -

    I can’t login with this error: “gopenpgp: the key contains too many entities”

    - -

    It means the OpenPGP key of your passbolt server contains more than one entity. It should not occur but we seen this issue on some old docker setup.

    - -

    To fix this issue, you can rotate your passbolt server keys following this other FAQ page.

    - -

    How can I check if JWT certificate matches with the JWT key

    - -

    First check if the JWT key format is correct:

    - -
    $ openssl rsa -in /etc/passbolt/jwt/jwt.key -check -noout
-RSA key ok
-
    - -

    You can now check if the certificate matches with the key with the command below:

    - -
    $ if openssl rsa -in /etc/passbolt/jwt/jwt.key -outform PEM -pubout 2>/dev/null | diff /etc/passbolt/jwt/jwt.pem - > /dev/null; then echo "OK: JWT key matches with JWT pem"; else echo "NOT OK: JWT key and pem doesn't match"; fi
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/set-up-ntp.html b/docs/faq/hosting/set-up-ntp.html deleted file mode 100644 index bd6ca8021..000000000 --- a/docs/faq/hosting/set-up-ntp.html +++ /dev/null @@ -1,1045 +0,0 @@ - - - - - Passbolt Help | How to set up NTP - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to set up NTP

    -

    Table of contents:

    - - - -

    Introduction

    -

    This page is intended to give you the resources to set up NTP(or suitable equivalent) on the main distrobutions that we support. NTP is important for two main reasons with Passbolt. The first is in regards to GPG authentication. The other area where this becomes important is if you have MFA enabled as if the server and user device time get out of sync the codes will not work.

    - -

    Ubuntu

    -

    Official Ubuntu Documentation

    - -

    Ubuntu uses chrony for time synchronization. This package is not installed by default so you’ll need to install it.

    - -

    You can check that your server doesn’t have this enabled by running the following:

    -
    timedatectl status
-
    -

    The output should look something like the following:

    -
                   Local time: Tue 2022-12-06 09:26:53 UTC
-           Universal time: Tue 2022-12-06 09:26:53 UTC
-                 RTC time: Tue 2022-12-06 09:26:52
-                Time zone: Etc/UTC (UTC, +0000)
-System clock synchronized: no
-              NTP service: inactive
-          RTC in local TZ: no
-
    - -

    The two most important lines here being:

    -
    System clock synchronized: no
-              NTP service: inactive
-
    - -

    To install chrony you’ll need to run this command:

    -
    sudo apt install chrony
-
    - -

    You can configure which time servers you want to use by editing /etc/chrony/chrony.conf

    - -

    After you are done editing this file run the following to restart chrony

    -
    sudo systemctl restart chrony.service
-
    - -

    To ensure this is running correctly you can once again run:

    -
    timedatectl status
-
    -

    Your output should now be something like:

    -
                   Local time: Tue 2022-12-06 09:30:40 UTC
-           Universal time: Tue 2022-12-06 09:30:40 UTC
-                 RTC time: Tue 2022-12-06 09:30:40
-                Time zone: Etc/UTC (UTC, +0000)
-System clock synchronized: yes
-              NTP service: active
-          RTC in local TZ: no
-
    -

    The important lines are:

    -
    System clock synchronized: yes
-              NTP service: active
-
    -

    If only one of these has changed try running timedatectl status after another minute or two to give it time to be fully correct. -Once those are both correct, congratulations you’ve gotten NTP correctly set up!

    - -

    Debian

    -

    Official Debian Documentation

    - -

    A fresh Debian installation should already be properly configured for this. You can confirm this by running:

    -
    timedatectl status
-
    -

    The output should be something like this:

    -
                   Local time: Tue 2022-12-06 14:30:52 UTC
-           Universal time: Tue 2022-12-06 14:30:52 UTC
-                 RTC time: Tue 2022-12-06 14:30:53
-                Time zone: Etc/UTC (UTC, +0000)
-System clock synchronized: yes
-              NTP service: active
-          RTC in local TZ: no
-
    -

    The important lines are:

    -
    System clock synchronized: yes
-              NTP service: active
-
    - -

    RedHat

    -

    Official RedHat Documentation

    - -

    On Red Hat Entreprise Linux, you have two choices in terms of NTP installation chrony which is installed by default on some version of Red Hat Entreprise Linux 7 or ntpd.

    - -

    Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.

    - -

    The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.

    - -

    Install chrony on RedHat

    - -

    As mentionned previously, chrony suite is installed by default on some versions of Red Hat Entreprise Linux 7, to ensure that it is, run the following command as root:

    - -
    yum install chrony
-
    - -

    The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.

    - -

    To check the status of chrony, issue the following command:

    -
    systemctl status chronyd
-
    - -

    The output should be something like this:

    -
    chronyd.service - NTP client/server
-  Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
-  Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago
-
    - -

    If that is not the case, in order to start chrony, issue the following command as root:

    -
    systemctl start chronyd
-
    - -

    To ensure chrony starts automatically at system start, issue the following command as root:

    -
    systemctl enable chronyd
-
    - -

    To check if chrony is synchronized, make use of the tracking command:

    -
    chronyc tracking
-
    - -

    The output should be something like this:

    -
    Reference ID  : CB00710F (foo.example.net)
-Stratum     : 3
-Ref time (UTC) : Fri Jan 27 09:49:17 2017
-System time   : 0.000006523 seconds slow of NTP time
-Last offset   : -0.000006747 seconds
-RMS offset   : 0.000035822 seconds
-Frequency    : 3.225 ppm slow
-Residual freq  : 0.000 ppm
-Skew      : 0.129 ppm
-Root delay   : 0.013639022 seconds
-Root dispersion : 0.001100737 seconds
-Update interval : 64.2 seconds
-Leap status   : Normal
-
    - -

    Install ntpd on RedHat

    - -

    In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:

    -
    systemctl stop chronyd
-
    - -

    To prevent it restarting at system start, issue the following command as root:

    -
    systemctl disable chronyd
-
    - -

    To check the status of chronyd, issue the following command:

    -
    systemctl status chronyd
-
    - -

    To check if ntpd is istnalled, enter the following command as root:

    -
    yum install ntp
-
    - -

    To enable ntpd at system start, enter the following command as root:

    -
    systemctl enable ntpd
-
    - -

    To check if ntpd is running and configured to run at system start, issue the following command:

    -
    systemctl status ntpd
-
    - -

    To obtain a brief status report from ntpd, issue the following command:

    -
    ntpstat
-
    - -

    The output should be something like this:

    -
    synchronised to NTP server (10.5.26.10) at stratum 2
-  time correct to within 52 ms
-  polling server every 1024 s
-
    - -

    OpenSUSE

    -

    Official OpenSUSE Documentation

    - -

    To configure NTP on OpenSUSE we will need YaST. YaST is featured in the openSUSE Linux distribution.

    - -

    To run yast you will need to run this command:

    -
    sux yast2
-
    - -

    Once it is running, specify when to start the network time protocol service:

    - -
      -
    • Only manually
      • -
    - -

    Start the Network Time Protocol service manually

    - -
      -
    • Synchronize without Daemon
      • -
    - -

    Set the system time periodically without a permanently running Network Time Protocol service. You can set the Interval of the Synchronization in Minutes.

    - -
      -
    • Now and on boot
      • -
    - -

    Start the Network Time Protocol service automatically when the system is booting. This setting is recommended.

    - -

    After this step, you will need to specify the type of configuration source. In the Configuration Source drop-down box, select either Dynamic or Static. Set Static if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick Dynamic.

    - -

    You need to configure time servers. Time servers for the client to query are listed in the lower part of the NTP Configuration window. Modify this list as needed by clicking Add, Edit, and Delete.

    - -

    After you clicked Add to add a new time server in the address field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time (for example, europe.pool.ntp.org). After URL is complete, click on Test to verify that it points to a valid time source.

    - -

    You can active Quick initial Sync to speed up the time synchronization by sending more request at the Network Time Protocol service start or you can active Start Offline to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an internet connection at boot time.

    - -

    Now that we have configured Network Time Protocol with YaST we need to restart and enable chrony with:

    -
    sudo systemctl restart chronyd.service
-sudo systemctl enable chronyd.service
-
    - -

    Oracle Linux

    -

    Official Oracle Documentation

    - -

    To configure Network Time Protocol On Oracle you need to install the NTP package:

    -
    yum install ntp
-
    - -

    Once NTP is installed, you will need to start the service and set it to launch automatically upon boot:

    -
    service ntpd start
-chkconfig ntpd on
-
    - -

    You can check upstream synchronization with the ntpq command:

    -
    ntpq -p
-
    - -

    The output should be something like this:

    -
         remote           refid      st t when poll reach   delay   offset  jitter
-==============================================================================
- lists2.luv.asn. 203.161.12.165  16 u   25   64    3    3.495   -3043.1   0.678
- ns2.novatelbg.n 130.95.179.80   16 u   27   64    3   26.633   -3016.1   0.797
- sp1.mycdn.fr    130.234.255.83  16 u   24   64    3    4.314   -3036.3   1.039
-
    - -

    Fedora

    -

    Official Fedora Documentation

    - -

    The chrony suite is installed by default on some versions of Fedora, but you have two choices the other one being ntpd.

    - -

    Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.

    - -

    The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.

    - -

    Install chrony on Fedora

    - -

    As mentionned previously, chrony suite is installed by default on some versions of Fedora, to ensure that it is, run the following command as root:

    - -
    dnf install chrony
-
    - -

    The default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.

    - -

    To check the status of chrony, issue the following command:

    -
    systemctl status chronyd
-
    - -

    The output should be something like this:

    -
    chronyd.service - NTP client/server
-  Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
-  Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h ago
-
    - -

    If that is not the case, in order to start chrony, issue the following command as root:

    -
    systemctl start chronyd
-
    - -

    To ensure chrony starts automatically at system start, issue the following command as root:

    -
    systemctl enable chronyd
-
    - -

    To check if chrony is synchronized, make use of the tracking command:

    -
    chronyc tracking
-
    - -

    The output should be something like this:

    -
    Reference ID  : CB00710F (foo.example.net)
-Stratum     : 3
-Ref time (UTC) : Fri Jan 27 09:49:17 2017
-System time   : 0.000006523 seconds slow of NTP time
-Last offset   : -0.000006747 seconds
-RMS offset   : 0.000035822 seconds
-Frequency    : 3.225 ppm slow
-Residual freq  : 0.000 ppm
-Skew      : 0.129 ppm
-Root delay   : 0.013639022 seconds
-Root dispersion : 0.001100737 seconds
-Update interval : 64.2 seconds
-Leap status   : Normal
-
    - -

    Install ntpd on Fedora

    - -

    In order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:

    -
    systemctl stop chronyd
-
    - -

    To prevent it restarting at system start, issue the following command as root:

    -
    systemctl disable chronyd
-
    - -

    To check the status of chronyd, issue the following command:

    -
    systemctl status chronyd
-
    - -

    To check if ntpd is istnalled, enter the following command as root:

    -
    dnf install ntp
-
    - -

    To enable ntpd at system start, enter the following command as root:

    -
    systemctl enable ntpd
-
    - -

    To check if ntpd is running and configured to run at system start, issue the following command:

    -
    systemctl status ntpd
-
    - -

    To obtain a brief status report from ntpd, issue the following command:

    -
    ntpstat
-
    - -

    The output should be something like this:

    -
    synchronised to NTP server (10.5.26.10) at stratum 2
-  time correct to within 52 ms
-  polling server every 1024 s
-
    - -

    Docker

    -

    Docker’s time is set via the host’s time. You will need to follow the relevant instructions to configure NTP for the server hosting your Docker container.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/troubleshoot-docker.html b/docs/faq/hosting/troubleshoot-docker.html deleted file mode 100644 index 2643420f9..000000000 --- a/docs/faq/hosting/troubleshoot-docker.html +++ /dev/null @@ -1,755 +0,0 @@ - - - - - Passbolt Help | Troubleshoot Docker - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Troubleshoot Docker

    -

    Connect yourself inside passbolt docker container (replace passbolt-container-name with your own):

    - -
    $ docker exec -ti passbolt-container-name bash
-
    - -

    All troubleshooting commands must be launched as www-data user. It is the case if you are running non-root docker images but for root images, switch as www-data user:

    - -
    su -s /bin/bash www-data
-
    - -

    Then to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable:

    - -
    export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(gpg \
-  --home $GNUPGHOME\
-  --list-keys \
-  ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \
-  grep -Ev "^(pub|sub|uid|^$)" | tr -d ' ')"
-
    - -

    Alternatively if you are using Docker Secrets you’ll need to run the following to access the secrets as environment variables:

    -
    source /etc/environment
-
    - -

    Healthcheck

    - -
    ./bin/cake passbolt healthcheck
-
    - -

    Send a test email

    - -
    ./bin/cake passbolt send_test_email \
-  --recipient=youremail@domain.com
-
    - -

    Datacheck

    - -
    ./bin/cake passbolt datacheck --hide-success-details
-
    - -

    Database migrations status

    - -
    ./bin/cake migrations status
-
    - -

    database container

    - -

    To connect into mysql container console (replace db-container-name with your own):

    - -
    docker exec -ti db-container-name bash -c \
-  'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}'
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/troubleshoot-helm.html b/docs/faq/hosting/troubleshoot-helm.html deleted file mode 100644 index 35b76ef1c..000000000 --- a/docs/faq/hosting/troubleshoot-helm.html +++ /dev/null @@ -1,751 +0,0 @@ - - - - - Passbolt Help | Troubleshoot Helm - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Troubleshoot Helm

    -

    Connect yourself inside passbolt docker container (replace passbolt-container-name with your own):

    - -
    $ kubectl exec -ti passbolt-container-name bash
-
    - -

    All troubleshooting commands must be launched as www-data user. It is the case if you are running non-root docker images but for root images, switch as www-data user:

    - -
    su -s /bin/bash www-data
-
    - -

    Then to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable:

    - -
    export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(gpg \
-  --home $GNUPGHOME\
-  --list-keys \
-  ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \
-  grep -Ev "^(pub|sub|uid|^$)" | tr -d ' ')"
-
    - -

    Healthcheck

    - -
    ./bin/cake passbolt healthcheck
-
    - -

    Send a test email

    - -
    ./bin/cake passbolt send_test_email \
-  --recipient=youremail@domain.com
-
    - -

    Datacheck

    - -
    ./bin/cake passbolt datacheck --hide-success-details
-
    - -

    Database migrations status

    - -
    ./bin/cake migrations status
-
    - -

    database container

    - -

    To connect into mysql container console (replace db-container-name with your own):

    - -
    kubectl exec -ti db-container-name bash -c \
-  'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}'
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/troubleshoot-ssl.html b/docs/faq/hosting/troubleshoot-ssl.html deleted file mode 100644 index a3e6d1b40..000000000 --- a/docs/faq/hosting/troubleshoot-ssl.html +++ /dev/null @@ -1,978 +0,0 @@ - - - - - Passbolt Help | Troubleshoot SSL - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Troubleshoot SSL

    -

    Table of content:

    - - - -

    HTTPS configuration documentation

    - -

    You will find infos about how to set up HTTPS on passbolt here

    - -

    Check certificates content

    - -

    It is a common error to invert certificate and key, so check their content :-)

    - -

    Certificate file

    - -

    Certificate file must start with:

    - -
    -----BEGIN CERTIFICATE-----
-
    - -

    and end with:

    - -
    -----END CERTIFICATE-----
-
    - -

    Key file

    - -

    Key file must start with:

    - -
    -----BEGIN PRIVATE KEY-----
-
    - -

    and end with:

    - -
    -----END PRIVATE KEY-----
-
    - -

    Check if certificate file matches with the key

    - -

    The output of the two below commands must be absolutely the same.

    - -

    Check the certificate:

    - -
    openssl x509 -noout -modulus -in cert.pem | openssl md5
-
    - -

    Check the key:

    - -
    openssl rsa -noout -modulus -in key.pem | openssl md5
-
    - -

    Check if certificate matches your passbolt domain name

    - -

    Another common error is to define a domain name to passbolt and set a certificate valid for another domain.

    - -

    Check the domain name of your local certificate:

    - -
    openssl x509 -text -noout -in cert.pem | grep DNS
-
    - -

    You can also check your instance like this (replace passbolt.domain.tld with your passbolt domain name):

    - -
    openssl s_client -connect passbolt.domain.tld:443 </dev/null 2>/dev/null | openssl x509 -noout -ext subjectAltName
-openssl s_client -connect passbolt.domain.tld:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
-
    - -

    Self-hosted private certificate chain study

    - -

    Some companies don’t rely on public certification authorities. They generate self-signed certificates and trust them with their own Private Key Infrastructure (PKI).

    - -

    To trust SSL certificates signed by the PKI, you have to ensure root certificate of your company’s PKI has been added in your operating system keychain.

    - -

    Chain of trust

    - -

    A certificate chain or certificate CA bundle is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate.

    - -

    An intermediate certificate authority (CA) is an entity that can sign certificates on behalf of the root CA.

    - -

    The root CA is only ever used to create one or more intermediate CAs, which are trusted by the root CA to sign certificates on their behalf. This is best practice.

    - -

    Use-case

    - -

    Let’s assume the following chain of trust:

    - -
    - Chain of Trust - fig. Chain of Trust -
    - -
      -
    • Your passbolt server certificate has been issued by “My Intermediate CA”.
      • -
    • “My Intermediate CA” has been issued by “My Root CA”
      • -
    - -

    To make your passbolt certificate trusted on your system, you have to add the root CA to your operating system keychain.

    - -

    To manually check if your passbolt SSL certificate has been issued by the correct certificate authority, follow the procedure below.

    - -

    Display the chain of trust

    - -

    This command will display the chain of trust for passbolt.domain.tld:

    - -
    openssl s_client -quiet -connect passbolt.domain.tld:443
-
    - -

    It returns:

    - -
    depth=2 CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
-verify return:1
-depth=1 C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld
-verify return:1
-depth=0 CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
-verify return:1
-
    - -

    Where:

    - -
      -
    • depth 2 is your root certificate CN=My Root CA
      • -
    • depth 1 is the intermediate certificate CN=My Intermediate CA
      • -
    • depth 0 is your certificate CN=passbolt.domain.tld
      • -
    - -

    Check the chain of trust

    - -

    This command will display all certificates of the chain of trust:

    - -
    openssl s_client -showcerts -connect passbolt.domain.tld:443
-
    - -
    Certificate chain
- 0 s:CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
-   i:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld
------BEGIN CERTIFICATE-----
-(...)
------END CERTIFICATE-----
- 1 s:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld
-   i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
------BEGIN CERTIFICATE-----
-(...)
------END CERTIFICATE-----
- 2 s:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
-   i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU
------BEGIN CERTIFICATE-----
-(...)
------END CERTIFICATE-----
-
    - -
    -

    - Warning: As it is not mandatory to expose root CA, it can be missing from the above command output. You will have to ask for it to the team who is managing the local PKI. -

    - -
    - -

    Each “depth” is followed by its following certificate. You can now create 3 files:

    - -
      -
    • root certificate rootCA.pem
      • -
    • intermediate certificate: intermediate.pem
      • -
    • passbolt certificate: passbolt.pem
      • -
    - -

    To check if intermediate.pem has been issued by rootCA.pem:

    - -
    $ openssl verify -CAfile rootCA.pem intermediate.pem
-
    - -

    It will return:

    - -
    intermediate.pem: OK
-
    - -

    But if we try to check if passbolt.pem has been issued by intermediate.pem, it fails:

    - -
    $ openssl verify -CAfile intermediate.pem passbolt.pem
-C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld
-error 2 at 1 depth lookup: unable to get issuer certificate
-error passbolt.pem: verification failed
-
    - -

    To correctly check passbolt.pem certificate, you have to check the full chain of trust, aka intermediate.pem + passbolt.pem with the rootCA.pem.

    - -

    Create a bundle certificate:

    - -
    cat intermediate.pem passbolt.pem > bundle.pem
-
    - -

    Then check bundle.pem:

    - -
    $ openssl verify -CAfile rootCA.pem bundle.pem
-bundle.pem: OK
-
    - -

    Congratulations, your certificate is fully trusted !

    - -

    Use online tools to check your SSL configuration

    - -

    In case your passbolt instance is publicly reachable, you can use online tools to validate your SSL configuration.

    -

    SSL Checker

    - -

    https://www.sslshopper.com/

    - -

    This tool will check your server and reports if any misconfiguration found.

    - -
    - SSL Checker Success - fig. SSL Checker Success -
    - -
    - SSL Checker Fail - fig. SSL Checker Fail -
    - -

    What is my chain cert

    - -

    https://whatsmychaincert.com/

    - -

    Typically, the root CA does not sign server or client certificates directly, it is achieved by intermediate certificate and you must include them with your cert.

    - -

    https://whatsmychaincert.com/ will help you to generate the correct certificate chain.

    - -

    If you want to know more about “Root vs Intermediate Certificates” you can read this well-explained external ressource

    - -

    Qualys SSL Labs

    - -

    https://www.ssllabs.com/ssltest/

    - -

    This tool will show you the quality of your SSL configuration. A+ is the highest note.

    - -
    - SSL Test Pass - fig. SSL Test Pass -
    - -

    Mozilla Observatory

    - -

    https://observatory.mozilla.org/

    - -

    Mozilla Observatory is another web tool to show you the quality of your SSL configuration.

    - -
    - SSL Scan Pass - fig. SSL Scan Pass -
    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/update-evaluation-subscription-key.html b/docs/faq/hosting/update-evaluation-subscription-key.html deleted file mode 100644 index ebbfba628..000000000 --- a/docs/faq/hosting/update-evaluation-subscription-key.html +++ /dev/null @@ -1,791 +0,0 @@ - - - - - Passbolt Help | How to update my subscription key - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to update my subscription key

    -

    For Passbolt version 3.2 and higher, you can update your subscription key on the web interface directly, using the administration panel.

    - -

    For Passbolt version prior to 3.2, the command line is the only way to update your subscription key, as described below.

    - -

    Using administration panel

    - -

    Navigate to administration > Subscription and click on the “Update key” button.

    - -
    - Update subscription key administration screen - fig. Update subscription key administration screen -
    - -

    A pop-up will appear and you will be able to import your new subscription key

    - -
    - Choose file popup in subscription key administration screen - fig. Choose file popup in subscription key administration screen -
    - -

    You are now able to see your subscription details:

    - -
    - Subscription details in subscription key administration screen - fig. Subscription details in subscription key administration screen -
    - -

    From command line

    - -

    Get ready

    -

    All the commands provided below should be done from inside your passbolt directory.

    - -
    $ cd /var/www/passbolt
-
    - -
    -

    - Notice: If you installed passbolt using the Debian package, or - are using the passbolt VM (OVA) run the commands from /usr/share/php/passbolt. -

    - -
    - -

    Steps

    -

    Passbolt Pro currently does not provide a UI to manage subscription keys.

    - -

    To update your subscription key, you need to replace your previous subscription key with the new one. -In passbolt, the subscription key is stored in /var/www/passbolt/config/license

    - -

    To replace the existing subscription key with the new one:

    - -
    $ cp -u path_to_your_new_subscription_key config/license
-
    -
    -

    - Notice: If you installed passbolt using the package, or - are using the passbolt VM (OVA) the subscription key file is found here: /etc/passbolt/subscription_key.txt. -

    - -
    - -

    To check if the operation was successful and if the new subscription key is valid:

    - -
    $ bin/cake passbolt license_check
-
    - -

    If your key is valid, this command will display the passbolt logo and the subscription key details, as in the example below:

    - -
    root@c6a4f37958b4:/var/www/passbolt# ./bin/cake passbolt license_check
-
-     ____                  __          ____
-    / __ \____  _____ ____/ /_  ____  / / /_
-   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
-  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
- /_/    \__,_/____/____/_.___/\____/_/\__/
-
- Open source password manager for teams
----------------------------------------------------------------
-
-Thanks for choosing Passbolt Pro
-Below are your subscription key details
-
-Customer id:	xxxxxx
-Users limit:	150 (currently: 43)
-Valid from:	May 6, 2020
-Expires on:	May 6, 2021 (in 385 days)
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/where-to-host.html b/docs/faq/hosting/where-to-host.html deleted file mode 100644 index 2079a3b78..000000000 --- a/docs/faq/hosting/where-to-host.html +++ /dev/null @@ -1,705 +0,0 @@ - - - - - Passbolt Help | Does passbolt provide hosting? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Does passbolt provide hosting?

    -

    Please check out the service page for a list of current professional offers.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/why-email-not-sent.html b/docs/faq/hosting/why-email-not-sent.html deleted file mode 100644 index d0371adec..000000000 --- a/docs/faq/hosting/why-email-not-sent.html +++ /dev/null @@ -1,761 +0,0 @@ - - - - - Passbolt Help | Why are my emails not being sent? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why are my emails not being sent?

    -

    This can come from a variety of reasons, here are the most common ones.

    - -

    Reason 1: Configuration issues

    - -

    There may be an issue with some of the SMTP configuration -items, such as credentials, or the hostname, or the port for the selected protocol.

    - -

    By default passbolt is quite discrete on why a given configuration is not working. You can use the following -command to send a test email and get more debug information (replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using openSUSE):

    - -
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=youremail@domain.com"
-
    - -

    If this fails you should double check what is the recommended configuration in your email provider documentation. -You can also ask on the community forum in case another user have a working configuration for the same provider.

    - -

    Reason 2: Email notifications are disabled in the config

    - -

    Another reason could be because email notifications are disabled in your configuration. -You can review such settings in the administration panel, when you are logged in as an administrator in passbolt.

    - -
    - Email Notification Settings - Email Delivery - fig. Email Notification Settings - Email Delivery -
    - -

    Reason 3: The cron system is stopped

    - -

    Passbolt uses a system of email queue to send email notifications. -A dedicated cron job (located in /etc/cron.d/passbolt-{ce|pro}-server) runs every minute to go through the queue and send emails.

    - -

    So if you manage to send the test email but are not receiving notifications (such as registration emails), -one of the reason may be that the cron service is stopped.

    - -

    You can verify if the service is running by executing this command:

    - -
    sudo systemctl status cron.service
-
    - -

    You can also verify cronjobs activity with this command:

    - -
    sudo journalctl -fu cron.service
-
    - - -

    If after an update you are getting error messages such as:

    -
    Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘EmailQueue.to’ in ‘field list’ ...
-
    - -

    It is possible that the wrong version of the data model is stored in the cache. This can happen -if the cache is not cleared after an install or an update. You can try clearing out the cache to solve this(replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using openSUSE).

    -
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    Reason 5: You are using credentials password instead of application password

    - -

    Some email providers will not let you use the password from your organization account for security purposes. It means that if you’re trying to use the authentication method “Username & Password” it will result in a failure if you are using something other than an application password.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/why-haveged-virtual-env.html b/docs/faq/hosting/why-haveged-virtual-env.html deleted file mode 100644 index d9ccfb724..000000000 --- a/docs/faq/hosting/why-haveged-virtual-env.html +++ /dev/null @@ -1,731 +0,0 @@ - - - - - Passbolt Help | Why should I install haveged on virtual environments? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why should I install haveged on virtual environments?

    -

    Passbolt uses Gnupg as the encryption engine. Encryption operations such as creating a private key require an enough amount of entropy on the system’s entropy pool. -A good and fast source of entropy is important to generate high quality random numbers. Poor quality on the random numbers could lead to weak private keys that -could compromise the security of your setup. -Random number generation is a complex topic that has been discussed widely on the community [1]

    - -

    Virtualisation strongly affects the quantity of produced entropy and. In other words, when you run a virtualised system such as a virtual machine or a container you likely -will find yourself in a situation where the entropy pool is low and it is filling slowly. There are few remediations for this situation:

    - - - -

    As stated in [1] and [2], haveged could lead -to generation of poor entropy so, in order to stay safe, the recommendation would be to:

    - -
      -
    1. Use rng-tools if you trust your hardware random number generator
      2. -
    2. If rng-tools is not enough then use Haveged as well.
      3. -
    - -

    You can check the current available entropy on your system by executing this command:

    - -
    cat /proc/sys/kernel/random/entropy_avail
-
    - -

    A good number of available entropy is usually between 2500 and 4096 bits. Entropy is considered to be low when it is below 1000.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/hosting/why-unsafe.html b/docs/faq/hosting/why-unsafe.html deleted file mode 100644 index 43620264f..000000000 --- a/docs/faq/hosting/why-unsafe.html +++ /dev/null @@ -1,710 +0,0 @@ - - - - - Passbolt Help | Why do I see an unsafe mode banner in the footer? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why do I see an unsafe mode banner in the footer?

    -

    When running the site with debug mode on, or without enforcing https, your passbolt instance can -not be considered secure. These settings can be useful for example when doing some local testing or development, -but should not be used for production.

    - -

    To disable the warning a passbolt administrator can edit your configuration to set debug to false and -passbolt.ssl.force to true.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/index.html b/docs/faq/index.html index e50628d99..adda8230d 100644 --- a/docs/faq/index.html +++ b/docs/faq/index.html @@ -88,49 +88,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • @@ -202,130 +196,6 @@

    Discovering passbolt

    - - - - - - - - - - - - - - - - - - - - - -
  • - What is passbolt? -
    • - - - - - -
  • - Why do I need a password manager? -
    • - - - - - -
  • - How does it work? -
    • - - - - - -
  • - How is passbolt different from other password managers? -
    • - - - - - -
  • - Is sharing the same password with multiple users a bad practice? -
    • - - - - - -
  • - I need a personal password manager, can I use passbolt? -
    • - - - - - -
  • - Why do I need a browser extension? -
    • - - - - - -
  • - When will you be releasing feature X or Y? -
    • - - - - - -
  • - How to you prioritize feature development? -
    • - - - - - -
  • - Where can I login? -
    • - - - - - -
  • - Where can I get help? -
    • - - - - - - - - - - - - - - - - - - - - @@ -399,6 +269,13 @@

    Discovering passbolt

    + + + +
    + +

    Getting started with passbolt

    +
      @@ -494,6 +371,15 @@

      Discovering passbolt

      +
    + +
    + +
    +
    + +

    Hosting passbolt

    +
      @@ -594,41 +480,62 @@

      Discovering passbolt

    -

    Getting started with passbolt

    +

    Contributing to passbolt

    + +
    +
    +
    +
    + +

    Security FAQ

    +
    -
    -
    -
    +
    -

    Hosting passbolt

    + - -
    -
    - -

    Contributing to passbolt

    - - -
    -
    -
    -
    - -

    Security FAQ

    - - -
    -
    - - -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    • - Under which license is passbolt distributed? -
      • - - - - - -
    • - Can I commercially host and distribute Passbolt? -
      • - - - - - -
    • - Can I review, modify and share passbolt source code? -
      • - - - - - -
    • - How do I sign the Contributor Licence Agreement? -
      • - - - - - -
    • - Where can I find the Contributor Licence Agreement? -
      • - - - - - -
    • - Why do we need a Contributor Licence Agreement? -
      • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/faq/legal/commercial-use.html b/docs/faq/legal/commercial-use.html deleted file mode 100644 index bfedada8a..000000000 --- a/docs/faq/legal/commercial-use.html +++ /dev/null @@ -1,634 +0,0 @@ - - - - - Passbolt Help | Can I commercially host and distribute Passbolt? - - - - - - - - - - - - - - - - - -
      -
      -
      - -
      -
      -
      -
      - -
      -
      -

      Help Search

      -
      -
      -
      - - -
      - -
      -
      -
      -
      -
      - - Edit on github -
      -
      -
      - - -
      -
      - - -
      -
      -
      -
      -
      -
      -
      - -
      -
      -
      - - -
      -
      -

      Can I commercially host and distribute Passbolt?

      -

      For Passbolt Community Edition you can if you abide by the AGPL license terms! For the Passbolt Pro Edition -you also need to to abide to the Passbolt subscription terms (tldr: pay the fees, have a valid number of users, etc.).

      - -

      Our goal in selecting the AGPL v3.0, as our default license is to require that the source code is distributed to the -end users, so that enhancements can be released back to the community. Traditional open source licenses such as GPL -often do not achieve this when the software is runs as a web application, e.g. as hosted application available -through a network.

      - -

      If the AGPL v3 does not satisfy your organisation, an alternative open source license (OSI compatible) can be purchased. -Feel free to contact us for more details.

      - -
      - -
      - -
      -

      Not finding what you are looking for? You can also ask the community on the forum.

      - - Talk to a human - -
      - - -
      -
      - - -
      -
      -

      Other frequently asked questions in the same category

      - - -
      - -
      -
      - -
      - -
      - - - -
      -
      -
      - - - - - -
    - - - - - - - - diff --git a/docs/faq/legal/how-to-sign-cla.html b/docs/faq/legal/how-to-sign-cla.html deleted file mode 100644 index 8cb34a39c..000000000 --- a/docs/faq/legal/how-to-sign-cla.html +++ /dev/null @@ -1,627 +0,0 @@ - - - - - Passbolt Help | How do I sign the Contributor Licence Agreement? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How do I sign the Contributor Licence Agreement?

    -

    As part of the pull request process on github you will be asked to electronically sign passbolt CLA, -thanks to the CLA Assistant. You only need to do this once. You can also print it and send it to us -signed by email at contact@passbolt.com.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/legal/index.html b/docs/faq/legal/index.html deleted file mode 100644 index d1ce01d14..000000000 --- a/docs/faq/legal/index.html +++ /dev/null @@ -1,612 +0,0 @@ - - - - - Passbolt Help | Legal FAQ - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Legal FAQ

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - - -
    -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/legal/review-modify-share.html b/docs/faq/legal/review-modify-share.html deleted file mode 100644 index ffcff9b18..000000000 --- a/docs/faq/legal/review-modify-share.html +++ /dev/null @@ -1,634 +0,0 @@ - - - - - Passbolt Help | Can I review, modify and share passbolt source code? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Can I review, modify and share passbolt source code?

    -

    Absolutely. The entire passbolt solution is composed of a free software. Our source code is made available in such a way that all of our users have the rights to:

    - -
      -
    • Use the software for any purpose,
      • -
    • Change the software to suit their needs,
      • -
    • Share the software with their friends and neighbors,
      • -
    • Distribute the software and the changes they make.
      • -
    - -

    You can learn more about free software on the free software foundation website.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/legal/where-is-cla.html b/docs/faq/legal/where-is-cla.html deleted file mode 100644 index 75e096c5d..000000000 --- a/docs/faq/legal/where-is-cla.html +++ /dev/null @@ -1,708 +0,0 @@ - - - - - Passbolt Help | Where can I find the Contributor Licence Agreement? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Where can I find the Contributor Licence Agreement?

    -

    We use the Harmony CLA to protect your rights regarding any -contribution you make to our open source projects. -You can find our version below:

    - -

    Passbolt Contributor License Agreement

    - -

    Thank you for your interest in contribute to Passbolt (“We” or “Us”).

    - -

    This contributor agreement (“Agreement”) documents the rights granted by contributors to Us. To make this document effective, please sign it and send it to Us by email or electronic submission, following the instructions at https://www.passbolt.com/help/legal/cla. This is a legally binding document, so please read it carefully before agreeing to it. The Agreement may cover more than one software project managed by Us.

    - -

    1. Definitions

    - -

    “You” means the the person or legal entity including its affiliates asked to accept this agreement. An affiliate is any entity that controls or is controlled by the legal entity, or is under common control with it.

    - -

    “Contribution” means any work of authorship that is Submitted by You to Us in which You own or assert ownership of the Copyright.

    - -

    “Copyright” means all rights protecting works of authorship owned or controlled by You, including copyright, moral and neighboring rights, as appropriate, for the full term of their existence including any extensions by You.

    - -

    “Material” means the work of authorship which is made available by Us to third parties. When this Agreement covers more than one software project, the Material means the work of authorship to which the Contribution was Submitted. After You Submit the Contribution, it may be included in the Material.

    - -

    “Submit” means any form of electronic, verbal, or written communication sent to Us or our representatives, including but not limited to electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Us for the purpose of discussing and improving the Material, but excluding communication that is conspicuously marked or otherwise designated in writing by You as “Not a Contribution.”

    - -

    “Submission Date” means the date on which You Submit a Contribution to Us.

    - -

    “Effective Date” means the date You execute this Agreement or the date You first Submit a Contribution to Us, whichever is earlier.

    - -

    2. Grant of Rights

    - - -

    (a) You retain ownership of the Copyright in Your Contribution and have the same rights to use or license the Contribution which You would have had without entering into the Agreement.

    - -

    (b) To the maximum extent permitted by the relevant law, You grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license under the Copyright covering the Contribution, with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute the Contribution as part of the Material; provided that this license is conditioned upon compliance with Section 2.3.

    - -

    2.2 Patent License

    - -

    For patent claims including, without limitation, method, process, and apparatus claims which You own, control or have the right to grant, now or in the future, You grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable patent license, with the right to sublicense these rights to multiple tiers of sublicensees, to make, have made, use, sell, offer for sale, import and otherwise transfer the Contribution and the Contribution in combination with the Material (and portions of such combination). This license is granted only to the extent that the exercise of the licensed rights infringes such patent claims; and provided that this license is conditioned upon compliance with Section 2.3.

    - -

    2.3 Outbound License

    - -

    As a condition on the grant of rights in Sections 2.1 and 2.2, We agree to license the Contribution only under the terms of the license or licenses which We are using on the Submission Date for the Material or any licenses which are approved by the Open Source Initiative on or after the Effective Date, including both permissive and copyleft licenses, whether or not such licenses are subsequently disapproved (including any right to adopt any future version of a license if permitted).

    - -

    2.4 Moral Rights.

    - -

    If moral rights apply to the Contribution, to the maximum extent permitted by law, You waive and agree not to assert such moral rights against Us or our successors in interest, or any of our licensees, either direct or indirect.

    - -

    2.5 Our Rights.

    - -

    You acknowledge that We are not obligated to use Your Contribution as part of the Material and may decide to include any Contribution We consider appropriate.

    - -

    2.6 Reservation of Rights.

    -

    Any rights not expressly licensed under this section are expressly reserved by You.

    - -

    3. Agreement

    - -

    You confirm that:

    - -

    (a) You have the legal authority to enter into this Agreement.

    - -

    (b) You own the Copyright and patent claims covering the Contribution which are required to grant the rights under Section 2.

    - -

    (c) The grant of rights under Section 2 does not violate any grant of rights which You have made to third parties, including Your employer. If You are an employee, You have had Your employer approve this Agreement or sign the Entity version of this document. If You are less than eighteen years old, please have Your parents or guardian sign the Agreement.

    - -

    (d) You have followed the instructions in https://www.passbolt.com/help/legal/cla, if You do not own the Copyright in the entire work of authorship Submitted.

    - -

    4. Disclaimer

    - -

    EXCEPT FOR THE EXPRESS WARRANTIES IN SECTION 3, THE CONTRIBUTION IS PROVIDED “AS IS”. MORE PARTICULARLY, ALL EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE EXPRESSLY DISCLAIMED BY YOU TO US. TO THE EXTENT THAT ANY SUCH WARRANTIES CANNOT BE DISCLAIMED, SUCH WARRANTY IS LIMITED IN DURATION TO THE MINIMUM PERIOD PERMITTED BY LAW.

    - -

    5. Consequential Damage Waiver

    - -

    TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL YOU BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF DATA, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL AND EXEMPLARY DAMAGES ARISING OUT OF THIS AGREEMENT REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.

    - -

    6. Miscellaneous

    - -

    6.1 This Agreement will be governed by and construed in accordance with the laws of luxembourg excluding its conflicts of law provisions. Under certain circumstances, the governing law in this section might be superseded by the United Nations Convention on Contracts for the International Sale of Goods (“UN Convention”) and the parties intend to avoid the application of the UN Convention to this Agreement and, thus, exclude the application of the UN Convention in its entirety to this Agreement.

    - -

    6.2 This Agreement sets out the entire agreement between You and Us for Your Contributions to Us and overrides all other agreements or understandings.

    - -

    6.3 If You or We assign the rights or obligations received through this Agreement to a third party, as a condition of the assignment, that third party must agree in writing to abide by all the rights and obligations in the Agreement.

    - -

    6.4 The failure of either party to require performance by the other party of any provision of this Agreement in one situation shall not affect the right of a party to require such performance at any time in the future. A waiver of performance under a provision in one situation shall not be considered a waiver of the performance of the provision in the future or a waiver of the provision in its entirety.

    - -

    6.5 If any provision of this Agreement is found void and unenforceable, such provision will be replaced to the extent possible with a provision that comes closest to the meaning of the original provision and which is enforceable. The terms and conditions set forth in this Agreement shall apply notwithstanding any failure of essential purpose of this Agreement or any limited remedy to the maximum extent possible under law.

    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/legal/which-license.html b/docs/faq/legal/which-license.html deleted file mode 100644 index 9c90a6aad..000000000 --- a/docs/faq/legal/which-license.html +++ /dev/null @@ -1,639 +0,0 @@ - - - - - Passbolt Help | Under which license is passbolt distributed? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Under which license is passbolt distributed?

    -

    Unless stated otherwise in the project’s files distributed on Github, including but not limited to passbolt application and browser extensions, testing and deployment tools, styleguide, documentation and artwork included with the code etc.)

    - - - -

    Unless stated otherwise the text and illustrations on this website are available under:

    - - - -

    For 3rd party libraries the flavor of the open source license will vary (MIT, MPL, etc.), you can check the source for more details.

    - -

    Third party logos (such as Firefox, Docker, JSON, GnuPG, Github, etc.) are the sole property of their respective owners. They are used for illustrative use only. Their respective owners do not endorse passbolt or our use of their products.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/legal/why-cla.html b/docs/faq/legal/why-cla.html deleted file mode 100644 index 4fd0a580e..000000000 --- a/docs/faq/legal/why-cla.html +++ /dev/null @@ -1,630 +0,0 @@ - - - - - Passbolt Help | Why do we need a Contributor Licence Agreement? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Why do we need a Contributor Licence Agreement?

    -

    At passbolt we are required to have agreement with everyone who submit contributions, in order to make sure -that we, and the user of our software, are legally entitled to distribute your contributed code anywhere -in the world.

    - -

    In effect, you still own the copyright but you are giving us a licence. You retain the right to modify your -code and use it in other projects.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/security/authentication.html b/docs/faq/security/authentication.html index 689a40773..f08c98f0d 100644 --- a/docs/faq/security/authentication.html +++ b/docs/faq/security/authentication.html @@ -211,114 +211,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -416,83 +308,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -505,26 +323,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -534,30 +332,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -566,46 +340,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -614,10 +348,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/change-passphrase.html b/docs/faq/security/change-passphrase.html index c6f8783f0..2a244b8ad 100644 --- a/docs/faq/security/change-passphrase.html +++ b/docs/faq/security/change-passphrase.html @@ -235,114 +235,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -440,83 +332,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -529,26 +347,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -558,30 +356,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -590,46 +364,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -638,10 +372,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/code-review.html b/docs/faq/security/code-review.html index 38bf5156f..d0f9039ce 100644 --- a/docs/faq/security/code-review.html +++ b/docs/faq/security/code-review.html @@ -268,114 +268,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -473,83 +365,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -562,26 +380,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -591,30 +389,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -623,46 +397,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -671,10 +405,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/compromised-secret-key.html b/docs/faq/security/compromised-secret-key.html index d77db7e92..a24028111 100644 --- a/docs/faq/security/compromised-secret-key.html +++ b/docs/faq/security/compromised-secret-key.html @@ -214,114 +214,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -419,83 +311,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -508,26 +326,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -537,30 +335,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -569,46 +343,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -617,10 +351,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/encryption-tech.html b/docs/faq/security/encryption-tech.html index 103035d2d..7f6e602e6 100644 --- a/docs/faq/security/encryption-tech.html +++ b/docs/faq/security/encryption-tech.html @@ -213,114 +213,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -418,83 +310,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -507,26 +325,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -536,30 +334,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -568,46 +342,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -616,10 +350,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/how-to-extend-user-expired-key.html b/docs/faq/security/how-to-extend-user-expired-key.html index 055f9441b..7a3d5eb79 100644 --- a/docs/faq/security/how-to-extend-user-expired-key.html +++ b/docs/faq/security/how-to-extend-user-expired-key.html @@ -392,114 +392,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -597,83 +489,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -686,26 +504,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -715,30 +513,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -747,46 +521,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -795,10 +529,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/index.html b/docs/faq/security/index.html index 7ecb1dd74..36c444db0 100644 --- a/docs/faq/security/index.html +++ b/docs/faq/security/index.html @@ -183,114 +183,6 @@

    Security FAQ

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -388,83 +280,9 @@

    Security FAQ

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -477,26 +295,6 @@

    Security FAQ

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -506,30 +304,6 @@

    Security FAQ

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -538,46 +312,6 @@

    Security FAQ

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -586,10 +320,6 @@

    Security FAQ

    - - - - diff --git a/docs/faq/security/is-open-source-secure.html b/docs/faq/security/is-open-source-secure.html index 52eea934b..e8c6733e8 100644 --- a/docs/faq/security/is-open-source-secure.html +++ b/docs/faq/security/is-open-source-secure.html @@ -214,114 +214,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -419,83 +311,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -508,26 +326,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -537,30 +335,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -569,46 +343,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -617,10 +351,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/is-passbolt-secure.html b/docs/faq/security/is-passbolt-secure.html index 1589a80cf..c11beb406 100644 --- a/docs/faq/security/is-passbolt-secure.html +++ b/docs/faq/security/is-passbolt-secure.html @@ -210,114 +210,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -415,83 +307,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -504,26 +322,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -533,30 +331,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -565,46 +339,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -613,10 +347,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/javascript-security.html b/docs/faq/security/javascript-security.html index 5443849eb..3c094c75d 100644 --- a/docs/faq/security/javascript-security.html +++ b/docs/faq/security/javascript-security.html @@ -223,114 +223,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -428,83 +320,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -517,26 +335,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -546,30 +344,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -578,46 +352,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -626,10 +360,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/public-key-trust.html b/docs/faq/security/public-key-trust.html index 5fb7f0e28..8504b2222 100644 --- a/docs/faq/security/public-key-trust.html +++ b/docs/faq/security/public-key-trust.html @@ -210,114 +210,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -415,83 +307,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -504,26 +322,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -533,30 +331,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -565,46 +339,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -613,10 +347,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/revocation-certificate.html b/docs/faq/security/revocation-certificate.html index cda2330ae..725c87f2b 100644 --- a/docs/faq/security/revocation-certificate.html +++ b/docs/faq/security/revocation-certificate.html @@ -210,114 +210,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -415,83 +307,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -504,26 +322,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -533,30 +331,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -565,46 +339,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -613,10 +347,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/security-token.html b/docs/faq/security/security-token.html index 63362d146..25e990311 100644 --- a/docs/faq/security/security-token.html +++ b/docs/faq/security/security-token.html @@ -213,114 +213,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -418,83 +310,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -507,26 +325,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -536,30 +334,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -568,46 +342,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -616,10 +350,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/security-vulnerability.html b/docs/faq/security/security-vulnerability.html index 0d04be11b..0a1ee6f8d 100644 --- a/docs/faq/security/security-vulnerability.html +++ b/docs/faq/security/security-vulnerability.html @@ -217,114 +217,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -422,83 +314,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -511,26 +329,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -540,30 +338,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -572,46 +346,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -620,10 +354,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/security/what-is-encrypted.html b/docs/faq/security/what-is-encrypted.html index 1f4ed6ed2..7025e3dae 100644 --- a/docs/faq/security/what-is-encrypted.html +++ b/docs/faq/security/what-is-encrypted.html @@ -226,114 +226,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -431,83 +323,9 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • How can I change my passphrase?
    • - - - - - - - - - - - - - - - - @@ -520,26 +338,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - -
  • How to extend a user expired key @@ -549,30 +347,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - -
  • Is it secure to use passbolt?
    • @@ -581,46 +355,6 @@

    Other frequently asked questions in the same category

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Has the code been reviewed?
    • @@ -629,10 +363,6 @@

    Other frequently asked questions in the same category

    - - - - diff --git a/docs/faq/start/account-basics.html b/docs/faq/start/account-basics.html deleted file mode 100644 index e914059c1..000000000 --- a/docs/faq/start/account-basics.html +++ /dev/null @@ -1,684 +0,0 @@ - - - - - Passbolt Help | Managing your favorites - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Managing your favorites

    -

    Marking passwords as favorites is easy:

    - -
      -
    1. While logged in, click passwords in the upper left.
      2. -
    2. With All items selected, click on the star next to the passwords you want to favorite. The star will turn red.
      3. -
    3. Click on Favorite to see the passwords you have marked.
      4. -
    4. Just click the star again to unfavorite a password. The star will become grey when unfavorited.
      5. -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/account-recover.html b/docs/faq/start/account-recover.html deleted file mode 100644 index 252426c5a..000000000 --- a/docs/faq/start/account-recover.html +++ /dev/null @@ -1,761 +0,0 @@ - - - - - Passbolt Help | How to recover an account? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to recover an account?

    -

    Recover an account with the recovery kit

    - -

    The recovery kit can be used if you are setting up passbolt on a new machine because you lost, upgraded or reinstalled -the previous one. This procedure can also be used to configure passbolt on an additional machine.

    - -

    Requirements

    - -

    You can follow this procedure if you are meeting the following requirements:

    - -
      -
    • You are in possession of an active account;
      • -
    • You are in possession of your recovery kit, it contains a copy of the private key associated to your account;
      • -
    • You remember your passphrase.
      • -
    - -

    If you lost your recovery kit or your passphrase and you subscribed to the account recovery program, checkout this -documentation.

    - -

    Procedure

    - -

    Step 1. In order to recover you will need to go to your domain URL and add /recover at the end of the url, -for example https://yourpassbolt.com/recover. -Step 2. Complete the form by providing your email address.

    - -

    Step 3. Follow the link in your mailbox.

    - -

    Step 4. Follow the recovery steps, which is much like the initial setup. You will need to import your private key.

    - -

    Step 5. Enter your passphrase to login!

    - -

    Recover an account with the account recovery program

    - -

    Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss. To know more about account recovery, checkout this documentation.

    - -

    Requirements

    - -

    You can follow this procedure if you are meeting the following requirements:

    -
      -
    • You are in possession of an active account;
      • -
    • Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud.
      • -
    • You subscribed to the account recovery program while installing passbolt for the first time or via in your user settings workspace.
      • -
    - -

    Procedure

    - -

    There are 2 ways to start the procedure:

    - -
      -
    1. Assuming the browser extension is configured but the passphrase is lost: users can, at any time, click on the “help, I lost my passphrase” link in the sign in screen. An email will be sent to them to start the procedure.
      2. -
    - -
    - Login screen with the account recovery feature - fig. Login screen with the account recovery feature -
    - -
      -
    1. Assuming users are configuring Passbolt for a new browser or a new browser profile: during the process, they will be prompted to provide a recovery kit and its passphrase. If one of the information is missing, users can click on the “help, I lost my private key” link. Users will receive an email to start the procedure.
      2. -
    - -
    - Recover screen with the help link - fig. Recover screen with the help link -
    - -

    How does the account recovery procedure look like

    - -
      -
    1. -

      Users have asked for an account recovery and just received an email to start. The email contains a link that brings the users to the account recovery request page. Pay attention that at this moment, the browser being used must be the one on which the browser extension has to be configured to access the application. If the browser or profile is changed during the process users will be blocked at some point and might need to restart from the beginning.

      -
      2. -
    2. -

      Users are prompted to provide a new passphrase and set their security token. Please note that the chosen passphrase is not a temporary one and will be the new passphrase to sign in. It’s the same for the security token.

      -
      3. -
    3. -

      After these steps, an email is sent to the administrators to tell them that an account recovery has been requested. Users need to wait for them to accept the account recovery request (they could also reject it if they wish and users won’t be able to finish the recovery process).

      -
      4. -
    4. -

      If they reject or accept the request an email is sent to inform the users about their choice. If it’s accepted, the email contains a link that users can follow to go on with the account recovery procedure.

      -
      5. -
    5. -

      At this step, users are asked to provide the passphrase they chose previously. If they don’t remember it, they’re still able to request for another account recovery from the interface. After entering the right passphrase, the browser extension will sign the users in after ensuring they have downloaded their new recovery kit.

      -
      6. -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/account-recovery/review-request.html b/docs/faq/start/account-recovery/review-request.html deleted file mode 100644 index 3d4129ee8..000000000 --- a/docs/faq/start/account-recovery/review-request.html +++ /dev/null @@ -1,710 +0,0 @@ - - - - - Passbolt Help | How to review an account recovery request - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to review an account recovery request

    -

    Accepting or rejecting an account recovery request

    -

    Administrators might receive account recovery requests from the users who lost their passphrase or recovery kit. Email notifications can be configured for the administrators to receive an email when an account recovery is requested. This email facilitates the account recovery request review by providing a link that redirects to the account recovery request review dialog. -In any case, it’s possible to review account recovery requests without email by accessing the user workspace. With the account recovery feature enabled, a new column “attention required” appears in the list of users. This helps to quickly see or sort users who require administrators to process their account recovery request.

    - -
    - Account recovery request review entry points - fig. Account recovery request review entry points -
    - -

    To process a request there are 4 ways you can choose.

    - -
      -
    1. -

      Using the link in the received email, it will open the application with the corresponding dialog opened.

      -
      2. -
    2. -

      By right-clicking on the user row in the grid and click on “review request” in the contextual menu

      -
      3. -
    3. -

      Having the user selected, by clicking on the “more” button on top of the grid and click on “review request”

      -
      4. -
    4. -

      Using the “review” button accessible in the section “account recovery” from the user details. This section also shows the number of account recovery requests a user made and the state of the last request..

      -
      5. -
    - -

    Administrators are prompted to accept or reject the account recovery request. Some information is provided in the UI, they need to be carefully checked before taking any action by verifying that the user is known and that the fingerprint is the expected one (we’re never too much careful). As a safety check, after making a choice administrators are prompted to provide their passphrase (unless they decided that the extension should remember it).

    - -
    - Account recovery request review dialog - fig. Account recovery request review dialog -
    - -

    At this step, if administrators choose to reject the request, an email will be sent to inform the corresponding user and the procedure stops there. Otherwise the private ORK is asked in order to continue with the procedure. It is necessary for the browser extension as the key will be used to decrypt the user’s private key before re-encrypting iit with the user’s temporary key. Then the user will receive an email to finish the procedure.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/account-recovery/subscribe.html b/docs/faq/start/account-recovery/subscribe.html deleted file mode 100644 index 02322dd25..000000000 --- a/docs/faq/start/account-recovery/subscribe.html +++ /dev/null @@ -1,735 +0,0 @@ - - - - - Passbolt Help | How to subscribe to the account recovery program? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to subscribe to the account recovery program?

    -

    Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts -in case of recovery kit or passphrase loss. To know more about account recovery, checkout this documentation.

    - -

    Requirements

    - -

    You can follow this procedure if you are meeting the following requirements:

    - -
      -
    • You are in possession of an active account;
      • -
    • Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud.
      • -
    - -

    How to subscribe as a new user during the setup process?

    - -

    If the account recovery is enabled for the organisation, all new users will be prompted to join the account recovery program during the setup process.

    - -
    - Account recovery screen during browser extension setup process (Opt-out policy) - fig. Account recovery screen during browser extension setup process (Opt-out policy) -
    - -

    The prompt presents different options depending on the organisation policy:

    - -
      -
    • Mandatory: as its name states, users have to subscribe to the program no mater their preferences. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance;
      • -
    • Opt-out: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference;
      • -
    • Opt-in: as the opt-out option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference.
      • -
    - -

    How to subscribe as an already registered user?

    - -

    If the account recovery is enabled for the organisation, all users can access their account recovery preference from the account recovery section of the user settings workspace.

    - -
    - Account recovery user prompt dialog. - fig. Account recovery user prompt dialog. -
    - -

    If the organisation account recovery policy is set to mandatory or opt-out, users will be prompted to enroll to the program immediately after signing in into passbolt. If they postpone the decision, they could follow the attention crumbs (❗) displayed in the interface to go to the setting screen later.

    - -
    - Account recovery user setting screen. - fig. Account recovery user setting screen. -
    - -

    Users will be then able to enroll to the program by clicking the review button. Similarly to the setup process, the setting screen presents different options depending on the organisation policy:

    - -
      -
    • Mandatory: as its name states, users have no other choice but to subscribe to the program. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance;
      • -
    • Opt-out: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference;
      • -
    • Opt-in: as the opt-out option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference.
      • -
    - -
    - Account recovery subscription dialog - fig. Account recovery subscription dialog -
    - -

    Users will notice additional information relative to the administrator who enabled the account recovery program. For safety reasons, it is highly recommended to verify carefully this information: Is the administrator known? Is the fingerprint matching the administrator public key?

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/account-setup.html b/docs/faq/start/account-setup.html deleted file mode 100644 index 2c162244f..000000000 --- a/docs/faq/start/account-setup.html +++ /dev/null @@ -1,742 +0,0 @@ - - - - - Passbolt Help | How to create and setup an account - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to create and setup an account

    -

    Creating a demo account

    -

    Passbolt requires a server to work. You can either install it on your own machine -or use the demo environment. Here is the procedure to try out the demo:

    - -

    Step 1. Open the demo page: https://demo.passbolt.com.

    - -

    Step 2. An add-on is required to use passbolt, click on the link to install the plugin for Firefox or Chrome.

    - -

    Step 3. You will see a small red key icon in the upper right hand corner of your browser. Click on it.

    - -

    Step 4. Select the demo instance.

    - -

    Step 5. Click the Register button and enter your name and email. Other users will be able to see your email ( -this is to allow testing “sharing” functionality), so you can use a throw-away email account if you are not confortable with this.

    - -

    Step 6. Passbolt sent you an email that contains a link allowing you to login.

    -
    -

    - The link is only valid for a short duration (72h by default, but this can be vary). - If you registration email token expired you can request another one using the recovery feature at https://[your_passbolt]/recover -

    - -
    - -

    Setup the account

    - -

    Step 1. Check your email. When you click this link the setup will start.

    - -

    Step 2. passbolt will ask you to check the URL passbolt is associated with

    - -
    - Validation of the domain - fig. Validation of the domain -
    - -

    Step 3. If you recognize the domain name, check the checkbox and then click Next.

    - -

    Step 4. Passbolt will ask you to create a new key on the following screen:

    -
    - creating a new key - fig. creating a new key -
    - -

    Step 5. Next, passbolt will help you create a new master password. Choose this password wisely, -it will be the gatekeeper to all your other passwords.

    -
    - setting a passphrase - fig. setting a passphrase -
    - -

    Step 6. Once you have chosen your master password and clicked Next, you will be given the opportunity to -download your private key. It is highly recommended that you do so!

    - -

    Step 7. The final step is to create a security token. -Choosing a color and a three character token is a secondary security mechanism that helps you know you are -logging into a real passbolt instance.

    - -

    Set up your profile

    - -
      -
    1. Once you have registered, log in to passbolt for the first time. You will see a welcome screen.
      2. -
    2. You can edit your profile by clicking the user icon in the upper right corner and choosing “my profile”
      3. -
    3. Click the edit button on the left side to edit your name or upload a profile picture.
      4. -
    - -

    Set up profile gif

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/browser-extensions.html b/docs/faq/start/browser-extensions.html deleted file mode 100644 index 27366edd3..000000000 --- a/docs/faq/start/browser-extensions.html +++ /dev/null @@ -1,738 +0,0 @@ - - - - - Passbolt Help | How to install and remove browser extensions - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to install and remove browser extensions

    -

    Chrome

    -

    Install the Chrome add-on

    - -
      -
    1. Go to https://chrome.google.com/webstore/detail/passbolt-extension/didegimhafipceonhjepacocaffmoppf
      2. -
    2. Click on the “Add to Chrome” button
      3. -
    3. Click “Add extension”
      4. -
    - -

    Firefox

    -

    Install the Firefox add-on

    - -
    - -
    fig. Passbolt Add-on - Install on Firefox
    -
    - -
      -
    1. Make sure you Firefox version is up to date. We only support the most recent versions.
      2. -
    2. Go to https://addons.mozilla.org/en-US/firefox/addon/passbolt/
      3. -
    3. Click on the “Add to Firefox” button
      4. -
    4. Wait until the add-on download is complete
      5. -
    5. Click install
      6. -
    6. A passbolt icon should now be visible
      7. -
    - -

    I did this, but it still does not work!

    - -

    Sometimes Firefox does not behave as expected and passbolt will not start. We are aware of the problem and are trying to fix it. In the meantime here is what you try:

    - -
      -
    • Press F5 / refresh the page.
      • -
    • Close firefox and restart it again.
      • -
    • Remove the firefox extension and reinstall it again.
      • -
    - -

    If you are still experiencing issues after trying these options out, feel free to get in touch, we would be happy to know more.

    - -

    contact us!

    - -

    How to remove the Firefox extension

    - -
    - -
    fig. Passbolt Browser Extension - Remove on Firefox
    -
    - -

    Clicking on “remove from toolbar” will only hide passbolt icon and not remove it!

    - -
      -
    1. Open firefox
      2. -
    2. Click on the menu icon on the top right
      3. -
    3. Click on Add-ons
      4. -
    4. You should see passbolt in the list
      5. -
    5. Click on the remove button
      6. -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/copy-to-clipboard.html b/docs/faq/start/copy-to-clipboard.html deleted file mode 100644 index 3023dbcc3..000000000 --- a/docs/faq/start/copy-to-clipboard.html +++ /dev/null @@ -1,689 +0,0 @@ - - - - - Passbolt Help | How to copy a password to clipboard - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to copy a password to clipboard

    -
      -
    • Note: A clipboard in computer terms, is a temporary storage area where material cut or copied from a file is kept -for pasting into another file.*
      • -
    - -
      -
    1. Log in to your passbolt account
      2. -
    2. Select a password you wish to copy to clipboard
      3. -
    3. Click the “more” button” on top of your password list
      4. -
    4. Select option “copy password to clipboard”
      5. -
    5. Enter your master password. Click OK to confirm.
      6. -
    6. Your password will be copied to clipboard.
      7. -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/create-edit-delete-password.html b/docs/faq/start/create-edit-delete-password.html deleted file mode 100644 index 13cdd45aa..000000000 --- a/docs/faq/start/create-edit-delete-password.html +++ /dev/null @@ -1,721 +0,0 @@ - - - - - Passbolt Help | Password basics - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Password basics

    -

    Creating a new password

    - -
      -
    1. Login and/or go to the password workspace
      2. -
    2. Click on create password button (at the top left corner)
      3. -
    3. You should now see a “Create password” dialog
      4. -
    4. Fill in a name, a username and a password. Optionally you can also specify a URL and a description.
      5. -
    5. Press the save button (or enter on your keyboard)
      6. -
    6. Wait until the encryption is done
      7. -
    - -

    Pro Tips:

    -
      -
    • You can switch through the fields using the tab button on your keyboard
      • -
    • You can press on the eye button to see your password in clear
      • -
    • You can press the magic wand button to generate a random password automatically
      • -
    • Make sure to check the complexity. This will be indicated right below the password field.
      • -
    - -

    Editing a password

    - -
      -
    1. Login and/ or go to password workspace
      2. -
    2. Select the password from your list
      3. -
    3. Click the “Edit” button on top of your password list
      4. -
    4. Click in the password field to unlock”
      5. -
    5. Enter your master password to continue. Press “OK” to confirm.
      6. -
    6. Edit your password and press the save button
      7. -
    7. Wait till Encryption is done
      8. -
    - -

    Pro Tip:

    -

    Press on the “Eye” button to check the edits made to your password

    - -

    Deleting a password

    -
      -
    1. Login and/or go to the password workspace
      2. -
    2. In the list, click on the password you wish to delete
      3. -
    3. Click on the “more” button on top of the password list
      4. -
    4. Select the “delete” option.
      5. -
    5. Click “OK” to confirm.
      6. -
    - -

    Pro tip:

    -

    Alternatively you can right click on a password and then choose the delete option in the contextual menu.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/disable-built-in-password-manager.html b/docs/faq/start/disable-built-in-password-manager.html deleted file mode 100644 index 887e2734c..000000000 --- a/docs/faq/start/disable-built-in-password-manager.html +++ /dev/null @@ -1,859 +0,0 @@ - - - - - Passbolt Help | How to disable your browser/mobile built-in password manager - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to disable your browser/mobile built-in password manager

    -

    Most web browsers and mobile devices include built-in password management that prompts you to save passwords for sites that you visit.

    - -

    We will see in this help page how to disable this feature in web browsers and set passbolt as default password manager on iOS / Android to avoid confusion and enhance security.

    - - - -

    Google Chrome

    - -
      -
    • Go to chrome://settings/autofill and select Password Manager
      • -
    • Turn off Offer to save passwords and Auto Sign-in.
      • -
    - -
    - Disable Google Chrome built-in password manager - fig. Disable Google Chrome built-in password manager -
    - -

    Mozilla Firefox

    - -
      -
    • Go to about:preferences#privacy
      • -
    • Scroll down to Logins and Passwords menu
      • -
    • Uncheck Ask to save logins and passwords for web sites
      • -
    - -
    - Disable Mozilla Firefox built-in password manager - fig. Disable Mozilla Firefox built-in password manager -
    - -

    Microsoft Edge

    - -
      -
    • Go to edge://settings/passwords
      • -
    • Turn off Offer to save passwords
      • -
    - -
    - Disable Microsoft Edge built-in password manager - fig. Disable Microsoft Edge built-in password manager -
    - -

    Brave

    - -
      -
    • Go to brave://settings/passwords
      • -
    • Turn off Offer to save passwords and Auto Sign-in.
      • -
    - -
    - Disable Brave built-in password manager - fig. Disable Brave built-in password manager -
    - -

    iOS

    - -

    Disable iCloud Keychain

    - -

    iCloud Keychain keeps informations like your Safari usernames and passwords, credit cards and Wi-Fi passwords up to date on any Apple device you approve.

    - -

    You can disable it if you want these data located only on passbolt.

    - -
      -
    • From settings, tap you name:
      • -
    - -
    - iOS settings - fig. iOS settings -
    - -
      -
    • Select iCloud:
      • -
    - -
    - iCloud - fig. iCloud -
    - -
      -
    • Select Keychain:
      • -
    - -
    - Keychain - fig. Keychain -
    - -
      -
    • Turn off iCloud Keychain
      • -
    - -
    - Turn off iCloud Keychain - fig. Turn off iCloud Keychain -
    - -

    Verify AutoFill settings

    - -
      -
    • Go to Settings > Passwords > AutoFill Passwords
      • -
    • Select Passbolt in Allow filling from
      • -
    - -
    - Configure autofill on iOS - fig. Configure autofill on iOS -
    - -

    Android

    - -
      -
    • From Settings, go to Passwords & accounts
      • -
    - -
    - Passwords & accounts - fig. Passwords & accounts -
    - -
      -
    • Ensure AutoFill setting is set to passbolt
      • -
    - -
    - Verify AutoFill setting - fig. Verify AutoFill setting -
    - -
    - Verify AutoFill setting - fig. Verify AutoFill setting -
    - -
      -
    • Go back and tap on Google:
      • -
    - -
    - Tap on Google logo - fig. Tap on Google logo -
    - -
      -
    • Select the account you want to manage. If you have multiple accounts, you will have to execute the next steps for each account.
      • -
    - -
    - Select your google account - fig. Select your google account -
    - -
      -
    • Tap the setting icon:
      • -
    - -
    - Android password manager - fig. Android password manager -
    - -
      -
    • Turn off Offer to save passwords and Auto Sign-in:
      • -
    - -
    - Android password manager - fig. Android password manager -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/export-passwords.html b/docs/faq/start/export-passwords.html deleted file mode 100644 index ba10cf74a..000000000 --- a/docs/faq/start/export-passwords.html +++ /dev/null @@ -1,717 +0,0 @@ - - - - - Passbolt Help | How to export passwords in a csv or kdbx file - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to export passwords in a csv or kdbx file

    -

    How to export passwords in passbolt

    - -
    - -
    fig. Passbolt GUI - Export passwords
    -
    - -

    Steps

    -
      -
    1. Select the password(s) or the folder(s) you’d like to export. -
        -
      • If you want to export all the passwords you have access to, you can click on the menu next to “Folders”.
        • -
      -
      2. -
    2. Click on the “Export” or “Export all” button.
      3. -
    3. Choose the right format for the export.
      4. -
    4. You will be prompted to enter your passphrase.
      5. -
    5. The download will start and you will be able to open the file.
      6. -
    - -

    Supported file formats

    -

    Passbolt export system supports the following file formats:

    - -
      -
    • Csv - Lastpass export
      • -
    • Csv - 1password export
      • -
    • Csv - Keepass export
      • -
    • Csv - Dashlane export
      • -
    • Csv - Nordpass export
      • -
    • Csv - LogMeOnce export
      • -
    • Csv - BitWarden export
      • -
    • Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…)
      • -
    • Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …)
      • -
    • Csv - Safari
      • -
    • Kdbx (file format used by Keepass 2.x, you’ll need to specify a keepass passphrase for the encryption)
      • -
    - -

    If you’d like to request the support of a specific format, you can open a request on the community forum.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/generate-openpgp-key.html b/docs/faq/start/generate-openpgp-key.html deleted file mode 100644 index 0705f8b62..000000000 --- a/docs/faq/start/generate-openpgp-key.html +++ /dev/null @@ -1,745 +0,0 @@ - - - - - Passbolt Help | How to generate an OpenPGP key - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to generate an OpenPGP key

    -

    Requirements

    - -

    In order to follow this procedure, ensure you meet with the following minimum requirements:

    - -
      -
    • An access to a linux terminal machine;
      • -
    • The OpenPGP package installed on the linux machine;
      • -
    • The OpenPGP key to generate requirements: Algorithm, strength …
      • -
    - -

    Generate a new OpenPGP key pair

    - -

    - Passphrase or no?
    - Whether or not you need to set a passphrase will depend on why you are making this keypair.
    - Organization Account Recovery: In this case you want to set a passphrase.
    - Server GPG keys: In this case you do not want to set a passphrase.
    -

    - -

    Execute the following command to generate a new OpenPGP key pair.

    - -
    gpg --full-generate-key
-
    - -

    This command will run an interactive wizard that will help you define the key settings:

    - -
      -
    1. Select the key type, by instance: RSA.
      2. -
    2. If RSA was chosen, select the keysize, by instance for a strong key: 3072.
      3. -
    3. Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing.
      4. -
    4. Confirm the key type information.
      5. -
    5. Enter a name, by instance: Ada Lovelace.
      6. -
    6. Enter an email, by instance: ada.lovelace@mydomain.tld.
      7. -
    7. Enter a comment, it is optional. It will only help you to identify a key in the keyring if similar name or email chosen.
      8. -
    8. Confirm the key meta information.
      9. -
    9. If you are creating an Organization Account Recovery key pair set a passphrase, if this is for the server GPG key pair do not set a passphrase
      10. -
    - -

    Once the key generated, the key will be stored in the keyring of the user you authenticated with and OpenPGP will -output the details of the newly generated key.

    - -
    public and secret key created and signed.
-
-pub   rsa3072 2022-08-04 [SC]
-      F5B94A730D636A18815046C1408B779FE1951A9A
-uid                      Ada Lovelace <ada.lovelace@mydomain.tld>
-sub   rsa3072 2022-07-28 [E]
-
    - -

    The output contains a 40 characters long identifier (F5B94A730D636A18815046C1408B779FE1951A9A) that represents the key fingerprint, -note it down, it will be useful later to identify the key in the keyring.

    - -

    Export an OpenPGP key pair

    - -

    Export an OpenPGP public key

    - -

    Execute the following command to export a public key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from -the OpenPGP keyring into a file in armor format.

    - -
    gpg --armor --export F5B94A730D636A18815046C1408B779FE1951A9A > public.key
-
    - -

    Export an OpenPGP private key

    - -

    Execute the following command to export a private key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from -the OpenPGP keyring into a file in armor format.

    - -
    gpg --armor --export-secret-keys F5B94A730D636A18815046C1408B779FE1951A9A > private.key
-
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/how-to-use-tags.html b/docs/faq/start/how-to-use-tags.html deleted file mode 100644 index 3c832bd32..000000000 --- a/docs/faq/start/how-to-use-tags.html +++ /dev/null @@ -1,799 +0,0 @@ - - - - - Passbolt Help | How to use tags (PRO) - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to use tags (PRO)

    -

    Sharing passwords using groups is already possible in passbolt and can help organise the passwords. It is often not enough for small teams or users with a lot of passwords, who often need another way to organise their data.

    - -

    How are tags different than categories?

    - -

    The major difference between categories and tags is that, in most systems using folders, a given item only belongs to one folder. Inversely, when tagging, one item can be linked to many tags. Also while it is possible to have a hierarchical tag structure it is also less common.

    - -
    - Tags mental models - fig. Tags mental models -
    - -

    User experience and use cases

    - -

    You will find tags in the passwords workspace:

    - -
    - Tags in passwords workspace - fig. Tags in passwords workspace -
    - -
    - Tags use cases - fig. Tags use cases -
    - -

    View tags

    - -

    A user can view the tags applied to a resource from the tag section in the passwords workspace secondary sidebar.

    - -
    - View tags - fig. View tags -
    - -

    Edit tags

    - -

    Tag / Untag a resource via the tags editor

    - -

    Users can tag a resource by clicking on the “Tags editor” in the passwords workspace secondary sidebar.

    - -

    Users will see an autocomplete with a list of proposed tags when adding/editing tags to promote tag reuse. This autocomplete is updated for each letter typed starting with the first one. When clicking on an autocomplete list item, the tag is added. It is possible to select autocomplete list items using keyboard keys.

    - -

    By default, tags are set to be personal. It is a way for users to organize their passwords (their own and shared ones) following their own personal classification. Any resource can be tagged by users as personal.

    - -

    If using the prefix “#” a tag can be shared to everyone with access to this password. Users must be able to update a resource to be able to create a shared tag on it.

    - -
    - Add tags - fig. Add tags -
    - -

    Tag a resource by dragging it on a tag

    - -

    A user can tag a resource by dragging a resource from the grid on a tag in the “Filter by tags” section in the primary sidebar.

    - -

    Rename tag

    - -

    A user can rename a tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar.

    - -
    - Tags contextual menu - fig. Tags contextual menu -
    - -

    By clicking on “Edit Tag”, a dialog will therefore be shown to the user.

    - -
    - Rename tags - fig. Rename tags -
    - -

    Delete tag

    - -

    A user can delete a personal tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar. To prevent someone from removing a tag by mistake, we request the user to confirm the delete action.

    - -
    - Delete personal tag confirmation window - fig. Delete personal tag confirmation window -
    - -

    You cannot delete shared tags from contextual menu of the “Filter by Tags” section. On each resource of the shared tag you want to delete, you have to manually remove it from the tags editor.

    - -
    - Delete a shared tag from tags editor - fig. Delete a shared tag from tags editor -
    - -

    Filter resources

    - -

    Filter resources from the user tags list

    - -

    Users can filter resources by tag via the “Filter by tags” section in the passwords workspace primary sidebar.

    - -
    - Filter tags - fig. Filter tags -
    - -

    Filter resources from the resource details sidebar

    - -

    Users can filter the resources by clicking on a tag in the “Tags” section of the resource details sidebar.

    - -
    - Click on a tag to filter on this tag - fig. Click on a tag to filter on this tag -
    - -

    Filter resources by personal or shared tags

    - -

    By clicking on the funnel icon, you can filter by personal or shared tags:

    - -
    - Filter by personal or shared tags - fig. Filter by personal or shared tags -
    - -

    Filter resources from the search form

    - -

    You can type a tag slug in the password search form to display tagged resources.

    - -

    Email notifications

    - -

    Editing or deleting a tag does not trigger any email notifications.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/import-passwords.html b/docs/faq/start/import-passwords.html deleted file mode 100644 index bf6a33c6a..000000000 --- a/docs/faq/start/import-passwords.html +++ /dev/null @@ -1,791 +0,0 @@ - - - - - Passbolt Help | How to import passwords from a csv or kdbx file - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to import passwords from a csv or kdbx file

    -

    How to import passwords in passbolt

    - -
    - -
    fig. Passbolt GUI - Import passwords
    -
    - -

    Steps

    -
      -
    1. Click on the “import” button at the top left, next to the “create” button.
      2. -
    2. Select a file (supported files are kdbx or csv. More details below.)
      3. -
    3. Click on “continue import”
      4. -
    4. For kdbx files, you might need to enter a password. Enter it and click “Ok”.
      5. -
    5. The import will start. You will see a progress bar.
      6. -
    6. At the end of the import, you will see a report. After closing this window, you will see the passwords imported in your workspace.
      7. -
    - -

    Supported file formats

    -

    Passbolt import system supports the following file formats:

    -
      -
    • Csv - Lastpass export
      • -
    • Csv - 1password export
      • -
    • Csv - Keepass export
      • -
    • Csv - Dashlane export
      • -
    • Csv - Nordpass export
      • -
    • Csv - LogMeOnce export
      • -
    • Csv - BitWarden export
      • -
    • Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…)
      • -
    • Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …)
      • -
    • Csv - Safari
      • -
    • Kdbx (file format used by Keepass 2.x)
      • -
    - -

    If you’d like to request the support of a specific format, you can open a request on the community forum.

    - -

    File format examples

    - -

    Csv (Lastpass)

    -
    url,username,password,extra,name,grouping,fav
-https://test.url,account1,P4ssw0Rd!,,Account1,,0
-https://test.url,account1,P4ssw0Rd!,,Account2,,0
-,,P4ssw0Rd!,,Account3,,1
-
    - -

    Csv (1Password)

    -
    Title,Username,URL,Password,Notes,Type
-Account1,account1,https://test.url,P4ssw0Rd!,Notes Account2,server
-Account2,account2,https://test.url,P4ssw0Rd!,Notes Account2,shell
-Account3,,,P4ssw0Rd!,Notes Account3,server
-
    - -

    Csv (Keepass / KeepassX)

    -
    "Group","Title","Username","Password","URL","Notes"
-"My Servers","Account1","account1","P4ssw0Rd!","https://test.url","this is the description"
-"My Servers","Account2","account2","P4ssw0Rd!","https://test.url","this is the description"
-"My Servers","Account2","","P4ssw0Rd!","https://test.url",""
-
    - -

    Csv (Dashlane)

    -
    username,username2,username3,title,password,note,url,category,otpSecret
-account1,,,Account 1,P4ssw0Rd,"this is the description",https:///test.url,,
-account2@domain.tld,,,Account 2,P4ssw0Rd,"this is the description",https://test.url,,
-account3@domain.tld,,,Account 3,P4ssw0Rd,,https://test.url,,
-
    - -

    Csv (Nordpass)

    -
    name,url,username,password,note,folder
-Account1,https://test.url,account1,P4ssw0RD!,this is a description,PasswordFolder
-Account2,https://test.url,account2,P4ssw0RD!,this is a description,PasswordFolder
-Account3,https://test.url,account3,P4ssw0RD!,,,
-
    - -

    Csv (LogMeOnce)

    -
    "name","url","note","group","username","password","extra"
-"Account1","https://test.url","this is the description","My servers","account1","P4ssw0Rd!",""
-"Account2","https://test.url","","My servers","account2","P4ssw0Rd!",""
-"Account3","https://test.url","this is the description","My servers","account3","P4ssw0Rd!",""
-
    - -

    Csv (BitWarden)

    -
    folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totp
-My Servers,1,login,Account1,,,0,https://test.url,account1,P4ssw0Rd!,
-My Servers,,login,Account2,,,,https://test.url,account2,P4ssw0Rd!,TOTPSEED1337
-My Servers,,login,Account3,This is a description with field,"Field: 1337",,https://test.url,account3,P4ssw0Rd!,
-My Servers,,note,Description Name,"This is a description.",,,,,
-
    - -

    Csv (Firefox platforms browsers)

    -
    "url","username","password"
-"https://test.url","Account1",,"P4ssw0Rd!"
-"https://test.url","Account2",,"P4ssw0Rd!"
-"https://test.url","Account3",,"P4ssw0Rd!"
-
    - -

    Csv (Chromium browsers)

    -
    name,url,username,password
-Account1,https://test.url,account1,P4ssw0Rd!
-Account2,https://test.url,account2,P4ssw0Rd!
-Account3,https://test.url,account3,P4ssw0Rd!
-
    - -

    Csv (Safari)

    -
    Title,URL,Username,Password,Notes
-Account1,https://test.url,account1,P4ssw0Rd!,this is the description
-Account2,https://test.url,account2,P4ssw0Rd!,this is the description
-Account3,https://test.url,account3,P4ssw0Rd!,,
-
    - -

    Keepass file

    - -

    download example (the file is not password protected)

    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/index.html b/docs/faq/start/index.html deleted file mode 100644 index 947236ed7..000000000 --- a/docs/faq/start/index.html +++ /dev/null @@ -1,664 +0,0 @@ - - - - - Passbolt Help | Get started using passbolt - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Get started using passbolt

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - - -
    -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/faq/start/passphrase-recovery.html b/docs/faq/start/passphrase-recovery.html deleted file mode 100644 index 370f6c038..000000000 --- a/docs/faq/start/passphrase-recovery.html +++ /dev/null @@ -1,683 +0,0 @@ - - - - - Passbolt Help | How to recover my passphrase? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to recover my passphrase?

    -

    Unfortunately it is not possible to reset your private key passphrase if you do not remember the original. -Similarly if you have lost your private key and you do not have a backup, you cannot decrypt your passwords anymore.

    - -

    Sadly, you have lost access to the passwords that you have not yet shared. If you have shared your password with -somebody you can create a new account and ask them to share your password back with you.

    - -

    If you can’t remember your passphrase, the best thing to do is to start anew.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/profile-picture.html b/docs/faq/start/profile-picture.html deleted file mode 100644 index cf71a8995..000000000 --- a/docs/faq/start/profile-picture.html +++ /dev/null @@ -1,703 +0,0 @@ - - - - - Passbolt Help | How can I change the profile picture - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How can I change the profile picture

    -

    Changing the profile picture is easy:

    - -
      -
    1. While logged into your passbolt account…
      2. -
    2. Click the drop down button on your username icon on the top right corner of your screen.
      3. -
    3. Click on “my profile”
      4. -
    4. Select “Click here to upload a new picture”
      5. -
    5. Click “Browse”
      6. -
    6. Select a picture from your computer that you would like to upload
      7. -
    7. Click “Save” once you have selected a picture
      8. -
    8. Wait a moment till your profile picture is updated.
      9. -
    - -

    Caution!

    -
    -

    - Please note that if your file size and picture quality are heavy you may be unable to upload your picture. -

    - -
    - -

    When you upload a picture be mindful of the following compatibilities:

    -
      -
    • The height and width of the picture
      • -
    • The file size
      • -
    • The file extension
      • -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/registration-token-expired.html b/docs/faq/start/registration-token-expired.html deleted file mode 100644 index e8ace0e53..000000000 --- a/docs/faq/start/registration-token-expired.html +++ /dev/null @@ -1,683 +0,0 @@ - - - - - Passbolt Help | What can I do if my registration token expired? - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    What can I do if my registration token expired?

    -

    By default when you (or an administrator) create an account you will receive an email to verify your address. -This email contains a link that is only valid for a short duration. -By default it is valid for 72h, but this value can be changed by your passbolt server administrator.

    - -

    Since passbolt v2.0.0, if your registration email token expired and you still want to register, you can request -another one using the account recovery feature at /recover (e.g. https://[your_passbolt]/recover).

    - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/roles-and-permissions-faq.html b/docs/faq/start/roles-and-permissions-faq.html deleted file mode 100644 index 0cfc12d44..000000000 --- a/docs/faq/start/roles-and-permissions-faq.html +++ /dev/null @@ -1,718 +0,0 @@ - - - - - Passbolt Help | Roles and permissions FAQ - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Roles and permissions FAQ

    -

    What are the main differences between passbolt resource permissions?

    - -

    Passbolt offers three permissions at the resource level:

    - -
      -
    • Owner: can manage share settings, delete, update, read.
      • -
    • Update: can update the record and delete.
      • -
    • Read: can only read and use the password metadata and secret.
      • -
    - -
    -

    - Warning: A User with Update right is able to delete a resource. The main difference between Owner and Update right is the ability for the Owner - to share a resource. -

    - -
    - -

    What happens when you delete a user who is sole owner of a resource shared with a group or user? Does the group/user keeps access to this resource or is it deleted?

    - -

    When a user, sole owner of a resource, is about to be deleted, a popup window is displayed and passbolt admin will be asked to transfer ownership of the resource to the group or user.

    - -
    - Shared password ownership transfer - fig. Shared password ownership transfer -
    - -

    If the deleted user was also the sole group manager, passbolt admin will promote another user of the group as group manager.

    - -

    What happens when you delete a user who owns non-shared resources?

    - -

    Unlike shared ones, non-shared resources of a deleted user will be deleted as well.

    - -

    What is the difference between a group manager and group member?

    - -

    The group manager is a group member who can add or delete users to a given group, and promote them as another group manager. No more, no less.

    - -

    It is possible for a group member to share a resource he owns in “read-only” mode with the group. Group manager doesn’t have extra-rights to edit resources ownership.

    - -

    Who can create a group in passbolt?

    - -

    Only a passbolt administrator can create groups on passbolt.

    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/roles-and-permissions.html b/docs/faq/start/roles-and-permissions.html deleted file mode 100644 index 73b50b88e..000000000 --- a/docs/faq/start/roles-and-permissions.html +++ /dev/null @@ -1,1062 +0,0 @@ - - - - - Passbolt Help | Roles and permissions - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Roles and permissions

    -

    System-wide roles

    - -

    Passbolt proposes two system roles “admin” and “user”. This system is the first line of the authorization mechanism performing checks directly for each user’s actions.

    - -

    In a nutshell, an administrator manages the instance. In practice it means that they can manage organization-wide settings such as the content of the email notifications or which multiple factor authentication provider is enabled. Another responsibility is to create or delete users, manage groups and group managers, perform synchronization with a user directory, etc.

    - -

    Settings

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ActionAdminUser
    Manage email notification settingsYesNo
    Manage MFA settingsYesNo
    Manage LDAP settings / syncYesNo
    Choose organization default languageYesNo
    - -

    Users

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ActionAdminUser
    Create usersYesNo
    Rename userYesYes (if own)
    Update email addressYesNo
    Delete usersYesNo
    Promote/Demote adminYesNo
    View usersYesYes
    Select user preferred languageYesYes (if own)
    - -

    Groups

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ActionAdminUser
    Create groupsYesNo
    Rename groupsYesNo
    Add user to groupSee. “Group level roles”See. “Group level roles”
    Delete groupsYesNo
    View groupsYesYes
    View group compositionYesYes
    - -

    Others

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Resources / ActionAdminUser
    Create resourcesYesYes
    Manage resourcesSee “Resource level roles”See “Resource level roles”
    Create commentsYesYes
    Delete commentsYesYes (if own)
    Manage foldersSee “Folder level roles”See “Folder level roles”
    Manage tagsSee “Folder level roles”See “Folder level roles”
    - -

    Group level roles

    - -

    Each group must have at least one group manager in charge of adding and removing group members. The administrators can appoint themselves as group administrator or appoint a regular user.

    - -
    - Groups workflow - fig. Groups workflow -
    - -

    Due to the nature of the encryption in passbolt, only someone with access to the secrets of a given group can add a member to that group (as they need to be able to decrypt and encrypt the secret for the new member).

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ActionGroup managerGroup member
    Rename groupYesNo
    Add user to groupYesNo
    Remove user to groupYesNo
    Promote/Demote group managerYesNo
    - -

    Additional resources:

    - - - -

    Resource level roles

    - -

    Passbolt offers three permissions on the resource level:

    - -
      -
    • Owner: can manage share settings, delete, update, read.
      • -
    • Update: can update the record and delete.
      • -
    • Read: can only read and use the password metadata and secret.
      • -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Operation / Folder PermissionOwnerUpdateRead
    View resource metadata and secretYesYesYes
    Edit resource metadata and secretYesYesNo
    Delete resourceYesYesNo
    Share resource, e.g. edit permissionsYesNoNo
    - -

    Folder Level roles

    - -

    Behind the scenes, permissions for folders will reuse the same permissions system than the one available for the resources. This will allow the user to associate a set of permissions to one or more folders, while reusing the metaphors the users are already accustomed to.

    - -

    Like resources, a folder must have an owner permission defined in the folder permissions. Two other permissions types are available: update and read. Each permission type give access to operations as described in the grid below:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Operation / Folder PermissionOwnerUpdateRead
    View folder permissionsYesYesYes
    View folderYesYesYes
    Rename folderYesYesNo
    Delete folderYesYesNo
    Create an item inside a folderYesYesNo
    Move an item inside a folderYesYesNo
    Edit folder permissionsYesNoNo
    - -

    Once an item is inside a folder what can be done with the items does not depend on the folder permission but the item itself, like on a regular file system. For a user to move an item that is inside a folder they must generally at least have update rights on the item and the destination folder.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Operation / Enclosed Item PermissionOwnerUpdateRead
    Move an item outside the folderYesYesOnly in some cases. See Approach to personal & shared folder organizations
    Edit the resourceYesYesNo
    Delete the resourceYesYesNo
    - -

    Approach to folder permissions inheritance

    - -

    One of the key requirements is to be able to apply a given folder permission to the items inside it. For example when a user “share” a folder or create a new item in that folder, or drop an existing resource in a folder, the folder permissions will be applied to the items where possible.

    - -

    The “where possible” is important here. While folders in passbolt can be used to organize resources and apply permissions, folders do not enforce the permission on its enclosed content at all times, but serve as a guide when an operation such as create or move is performed. As we have seen exceptions can be created, i.e. it is possible for a user to have more rights on an item than they have on a given folder. The opposite is also possible, the same way it is possible to create a hidden or restricted file in a shared folder in a traditional filesystem.

    - -

    One should picture a folder permission list as a permission mask, i.e. a predefined set of group/user rights, that could be applied to the folder content whenever a user is interacting with it. Applying permissions on a folder is the equivalent of selecting all the resources the user has the right to share inside the given folder and apply a new set of permission to this selection. Items where the user does not have access to (or cannot edit the permissions) will be ignored.

    - -

    This approach is also needed to work with the limitation of the end to end encryption scheme. Indeed only a user that has access to a secret can provide such access to another user.

    - -

    A user with can update as a permission is able to move a secret from one folder to another folder. In this case if the new folder is shared with more users these users won’t have the secret shared with them. This is because to share a secret a user needs to have the owner permission on the secret. To ensure a secret inherits the permissions you expect it is best to have a user with the owner permission move the secret to the new folder.

    - -

    Additional resources

    - - - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/faq/start/share-password.html b/docs/faq/start/share-password.html deleted file mode 100644 index 3b0506a0c..000000000 --- a/docs/faq/start/share-password.html +++ /dev/null @@ -1,702 +0,0 @@ - - - - - Passbolt Help | How to share passwords - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - - -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    How to share passwords

    -

    Sharing a password

    -
      -
    1. Login and/ or go to password workspace
      2. -
    2. Select the password you would like to share
      3. -
    3. Click the “share” button
      4. -
    4. Type the name of a user you would like to share this password with. Optionally, you can select the permissions you wish to give to a user
      5. -
    5. Press the save button (or enter on your keyboard)
      6. -
    6. Enter your master password. Press OK to continue.
      7. -
    7. Wait until encryption is done
      8. -
    - -
    -

    - Make sure you press the save button every time you make changes -

    - -
    - -

    Removing yourself from a password shared with you

    -
      -
    1. Log in to your passbolt account.
      2. -
    2. Click on “Shared with me” from the menu on the left
      3. -
    3. Select a password you wish to remove yourself from
      4. -
    4. Remove yourself from the list of users with whom the password is shared
      5. -
    5. The password will no longer be shared with you
      6. -
    - -
    - -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - - -
    -
    - - -
    -
    -

    Other frequently asked questions in the same category

    - - -
    - -
    -
    - -
    - -
    - - - -
    -
    -
    - - - - - - - - - - - - - - diff --git a/docs/feed.xml b/docs/feed.xml index bbab332f6..072987c6c 100644 --- a/docs/feed.xml +++ b/docs/feed.xml @@ -1,1333 +1 @@ -Jekyll2024-03-15T15:52:30+01:00https://help.passbolt.com/feed.xmlPassbolt | HelpThe help site for passbolt, the open source password manager for teams. This site contains frequently asked questions, article to troubleshoot common issues, installation tutorials, blueprints for developers, and more!Using Windows App2023-11-30T01:00:00+01:002023-11-30T01:00:00+01:00https://help.passbolt.com/configure/windows-app<div class="row"> - <div class="col7"> - - <h2 id="prerequisites">Prerequisites</h2> - - <div class="message warning"> - <p> - <strong>Important:</strong> The Windows application is currently in <strong>BETA</strong> mode. To use it, you need to enable the ‘desktop’ feature flag. This will allow all your users to access and configure the Passbolt desktop application from their user profiles - </p> - -</div> - - <p>This feature flag can be enabled through different methods:</p> - <ul> - <li> - <p>Docker: Set the environment variable <code class="language-plaintext highlighter-rouge">PASSBOLT_PLUGINS_DESKTOP_ENABLED</code> to true.</p> - </li> - <li> - <p>Configuration File: In <code class="language-plaintext highlighter-rouge">/etc/passbolt/passbolt.php</code>, add the following section:</p> - </li> - </ul> - - <div class="language-php highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">return</span> <span class="p">[</span> - <span class="s2">"passbolt"</span> <span class="o">=&gt;</span> <span class="p">[</span> - <span class="s2">"plugins"</span> <span class="o">=&gt;</span> <span class="p">[</span> - <span class="s2">"desktop"</span> <span class="o">=&gt;</span> <span class="p">[</span> - <span class="s2">"enabled"</span> <span class="o">=&gt;</span> <span class="kc">true</span> - <span class="p">]</span> - <span class="p">]</span> - <span class="p">]</span> -<span class="p">];</span> -</code></pre></div> </div> - - <h2 id="how-to-download-and-install-the-application">How to download and install the application</h2> - <p>Access the application by clicking on the link in your profile space. This <a href="https://apps.microsoft.com/detail/9PFXS2WVKVPB?hl=en-US&amp;gl=US" target="_blank">link</a> will redirect you to the Windows Store.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/12/desktop-app-profile.png" alt="Home Desktop app page from profile" style="max-width:660px;" /> - <span class="legend">fig. Home Desktop app page from profile</span> -</figure> - - <h2 id="import-an-existing-passbolt-account">Import an existing passbolt account</h2> - <p>To configure your account in the desktop application, you must transfer your private key from the browser extension to the desktop application.</p> - - <h3 id="getting-started">Getting started</h3> - <p>After installing the application, you will see instructions on how to download your account kit via the web application. By clicking the ‘Next’ button, you will be guided to the process for uploading your account kit.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/12/desktop-app-get-started.png" alt="How to download account kit" style="max-width:660px;" /> - <span class="legend">fig. How to download account kit</span> -</figure> - - <h3 id="upload-your-account-kit">Upload your account kit</h3> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/12/desktop-app-import.png" alt="Show account import page" style="max-width:660px;" /> - <span class="legend">fig. Show account import page</span> -</figure> - - <h3 id="verify-account-kit">Verify account kit</h3> - <p>Once the account kit is successfully uploaded, your account information, including your username and the URL of the Passbolt server, will be displayed on the screen.</p> - - <p>Please review this information carefully before proceeding. If you find any discrepancies, you can return to the upload screen by clicking on ‘Import another account’.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/12/desktop-app-import-verif.png" alt="How to download account kit" style="max-width:660px;" /> - <span class="legend">fig. How to download account kit</span> -</figure> - - <p>Once your passphrase is validated, the setup of your account will be complete, and you will be able to access the password workspace.</p> - - <h3 id="how-can-i-reset-my-windows-application">How can I reset my windows application</h3> - <p>To unlink an existing account and set up a new one, first download the current entries from the Credentials Manager. To do this, use the search bar to find ‘Credential Manager’ and select it.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/12/desktop-app-import-rename.png" alt="Remove credentials in Windows Credential Manager" style="max-width:660px;" /> - <span class="legend">fig. Remove credentials in Windows Credential Manager</span> -</figure> - - <p>To remove an existing account from the application, delete the ‘account-metadata’ and ‘account-secret’ entries. This action will reset the application, enabling you to import a new account.</p> - - <h3 id="can-i-use-windows-hello">Can I Use Windows Hello?</h3> - <p>Currently, we do not support Windows Hello due to certain security concerns that are under review. We are investigating the most secure implementation methods and will inform you as soon as a plan is established.</p> - - <h3 id="how-to-report-issues-to-help-us-improve-the-product">How to Report Issues to Help Us Improve the Product</h3> - <p>As mentioned earlier, the app is currently in beta and is primarily intended for reporting issues that you encounter while using it. To report issues, please visit the following link: Passbolt Community - Windows Application Developer Edition v0.5.0.</p> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -November -30th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues with Passbolt Pro Edition?</p> - <a href="mailto:contact@passbolt.com" class="button primary">Contact Pro support</a> - <p>or <a href="https://community.passbolt.com">ask the community</a></p> - -</div> - - </div> -</div>Using LDAP Filters2023-11-30T01:00:00+01:002023-11-30T01:00:00+01:00https://help.passbolt.com/configure/ldap/ldap-filters<div class="row"> - <div class="col7"> - - <div class="message warning"> - <p> - <strong>Important:</strong> The Ldap plugin is part of <a href="https://www.passbolt.com/pricing/pro">Passbolt Pro</a> only and is not available in the Community Edition. - </p> - -</div> - - <h2 id="introduction">Introduction</h2> - <p>As part of the Users Directory feature passbolt offers two ways to help filter your Active Directory/OpenLDAP users and groups so you have more control over which users and groups are synchronized. This page will go over how to use both of these options.</p> - - <h2 id="groups--users-parent-group">Groups &amp; Users Parent Group</h2> - <p>One of the options for filtering users and groups is to use the Groups Parent Group or the Users Parent Group option. This can be found under the Synchronization options section of the Users Directory configuration page.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/11/LDAP_parent_group.png" alt="Ldap settings parent group fields" style="max-width:660px;" /> - <span class="legend">fig. Ldap settings parent group fields</span> -</figure> - - <p>This option will allow you to specify a Parent Group for your users or groups. Passbolt will then only look for Users or Groups which are part of that Parent group and use those for synchronization. This is most useful if you have directory set up where the Users or Groups you want to synchronize are all under the same group. For this field you can use just the name of the group, for example:</p> - <ul> - <li>admins</li> - <li>testers</li> - <li>Passbolt_Users</li> - <li>Passbolt Groups</li> - </ul> - - <h2 id="group--user-custom-filters">Group &amp; User custom filters</h2> - <p>The other option we have is to use custom filters for users or groups. This can be found under the Directory configuration section of the Users Directory configuration page.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/11/LDAP_custom_filter.png" alt="Ldap settings custom filter fields" style="max-width:660px;" /> - <span class="legend">fig. Ldap settings custom filter fields</span> -</figure> - - <p>These fields will accept standard LDAP query syntax. This is useful if you need just a few groups/users or wish to exclude one which may have normally been synchronized. These fields provide more flexibility when interacting with more complicated directory structures. Some examples of the expected syntax are:</p> - - <ul> - <li><code class="language-plaintext highlighter-rouge">(memberof=cn=somegroup)</code> - <ul> - <li>This would be for the users filter for members of “somegroup”</li> - </ul> - </li> - <li><code class="language-plaintext highlighter-rouge">(|(cn=admins)(cn=testers))</code> - <ul> - <li>This would be for the groups “admins” or “testers”</li> - </ul> - </li> - <li><code class="language-plaintext highlighter-rouge">(uid=*smith*)</code> - <ul> - <li>This would be for any user with “smith” in their uid</li> - </ul> - </li> - </ul> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -November -30th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues with Passbolt Pro Edition?</p> - <a href="mailto:contact@passbolt.com" class="button primary">Contact Pro support</a> - <p>or <a href="https://community.passbolt.com">ask the community</a></p> - -</div> - - </div> -</div>How to preview a TOTP2023-10-04T02:00:00+02:002023-10-04T02:00:00+02:00https://help.passbolt.com/configure/totp/time-based-one-time-password-ui<div class="row"> - <div class="col7"> - - <p>Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password) via <a href="/configure/totp/time-based-one-time-password-mobile.html">Mobile</a>. However, it is still possible to preview those TOTP from the Web UI</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_web_preview.png" alt="Web UI - Preview TOTP" style="max-width:850px;" /> - <span class="legend">fig. Web UI - Preview TOTP</span> -</figure> - - <p>There are two types of TOTP:</p> - <ul> - <li>Standalone - <ul> - <li>That is the <strong>Passbolt Community TOTP</strong> resource, this is not linked to any passwords.</li> - </ul> - </li> - <li>Linked to an existing password - <ul> - <li>The resource <strong>Passbolt</strong> was existing before the creation of the TOTP and has been linked to it.</li> - </ul> - </li> - </ul> - - <p>From the Web UI, you are able to preview any TOTP shown in the column “TOTP”</p> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -October -4th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Not finding what you are looking for? You can also ask the community on the forum.</p> - - <a href="https://community.passbolt.com" class="button ">Talk to a human</a> - -</div> - - </div> -</div>How to create a TOTP2023-10-04T02:00:00+02:002023-10-04T02:00:00+02:00https://help.passbolt.com/configure/totp/time-based-one-time-password-mobile<div class="row"> - <div class="col7"> - - <p>Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password).</p> - - <p>TOTP is a mechanism that generates a unique and temporary password based on the current time. This dynamic code can be used on its own or in combination with a static password, offering an additional layer of security compared to traditional password-only systems.</p> - - <ul> - <li><a href="#ios">iOS</a></li> - <li><a href="#android">Android</a></li> - </ul> - - <h3 id="ios">iOS</h3> - <p>On the iOS application, there is a new section called “TOTP”</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_menu.png" alt="iOS - Empty TOTP" style="max-width:400px;" /> - <span class="legend">fig. iOS - Empty TOTP</span> -</figure> - - <p>In order to create a new TOTP, you’d need to click on “Create”</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_creation.png" alt="iOS - TOTP Creation" style="max-width:400px;" /> - <span class="legend">fig. iOS - TOTP Creation</span> -</figure> - - <p>That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.</p> - - <p>For the TOTP manual creation, you will have to fill three fields:</p> - <ol> - <li>Name, which is the label of the resource</li> - <li>URL, which is the fullBaseUrl of the resource</li> - <li>Secret, the secret from the TOTP provider</li> - </ol> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_manual_configuration.png" alt="iOS - TOTP Configuration" style="max-width:400px;" /> - <span class="legend">fig. iOS - TOTP Configuration</span> -</figure> - - <p>You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_linked_to_password.png" alt="iOS - Link TOTP to an existing password" style="max-width:400px;" /> - <span class="legend">fig. iOS - Link TOTP to an existing password</span> -</figure> - - <p>There is also an advanced settings part in order to adjust the <strong>expiry, length and algorithm</strong></p> - <div class="message warning"> - <p> - <strong>WARNING:</strong> Advanced settings have to match the TOTP provider settings otherwise it won’t work. - </p> - -</div> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_advanced_settings.png" alt="iOS - TOTP Advanced Settings" style="max-width:400px;" /> - <span class="legend">fig. iOS - TOTP Advanced Settings</span> -</figure> - - <p>Once created, you will see a success message “TOTP has been created.” then you will be able to preview the TOTP code when you need it.</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_code_preview.png" alt="iOS - TOTP Preview" style="max-width:400px;" /> - <span class="legend">fig. iOS - TOTP Preview</span> -</figure> - - <h3 id="android">Android</h3> - <p>On the Android application, there will be a new section called “TOTP”</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_empty_totp.jpg" alt="Android - Empty TOTP" style="max-width:400px;" /> - <span class="legend">fig. Android - Empty TOTP</span> -</figure> - - <p>In order to create a new TOTP, you’d need to click on “+” icon</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_creation.jpg" alt="Android - TOTP Creation" style="max-width:400px;" /> - <span class="legend">fig. Android - TOTP Creation</span> -</figure> - - <p>That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.</p> - - <p>For the TOTP manual creation, you will have to fill three fields:</p> - <ol> - <li>Name, which is the label of the resource</li> - <li>URL, which is the fullBaseUrl of the resource</li> - <li>Secret, the secret from the TOTP provider</li> - </ol> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_configuration.jpg" alt="Android - TOTP Configuration" style="max-width:400px;" /> - <span class="legend">fig. Android - TOTP Configuration</span> -</figure> - - <p>You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_link_to_password.jpg" alt="Android - Link TOTP to an existing password" style="max-width:400px;" /> - <span class="legend">fig. Android - Link TOTP to an existing password</span> -</figure> - - <p>There is also an advanced settings part in order to adjust the <strong>expiry, length and algorithm</strong></p> - <div class="message warning"> - <p> - <strong>WARNING:</strong> Advanced settings have to match the TOTP provider settings otherwise it won’t work. - </p> - -</div> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_advanced_settings.jpg" alt="Android - TOTP Advanced Settings" style="max-width:400px;" /> - <span class="legend">fig. Android - TOTP Advanced Settings</span> -</figure> - - <p>Once created, you will see a success message then you will be able to preview the TOTP code when you need it.</p> - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/10/totp_android_code_preview.jpg" alt="Android - TOTP Preview" style="max-width:400px;" /> - <span class="legend">fig. Android - TOTP Preview</span> -</figure> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -October -4th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Not finding what you are looking for? You can also ask the community on the forum.</p> - - <a href="https://community.passbolt.com" class="button ">Talk to a human</a> - -</div> - - </div> -</div>How to configure the Password Policies2023-09-14T02:00:00+02:002023-09-14T02:00:00+02:00https://help.passbolt.com/configure/password-policies<div class="row"> - <div class="col7"> - - <div class="message warning"> - <p> - <strong>Attention</strong>: This feature is currently available only in Passbolt Pro Edition. - </p> - -</div> - - <p>Since version 4.2, Passbolt Pro Edition supports the configuration of Password Policies.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/password-policies-administration.png" alt="Password Policies administration" style="max-width:;" /> - <span class="legend">fig. Password Policies administration</span> -</figure> - - <h2 id="how-does-it-work">How does it work?</h2> - - <p>This feature allows administrators to define the default secret generator settings and an external service should be used to check if the generated passwords have been leaked or not. -These policies concern only the secrets that are accessible in the resource workspace, it’s not relative to the user’s private key passphrase (for this part, please check the User Passphrase Policies).</p> - - <p>Once configured, the secret generators preset their default configuration with these policies. As a consequence, when a secret is generated from the “dice” button or from the in-form menu, generators use the policies as a default configuration. -However, a user still has the possibility to change the configuration on demand to avoid blocking situation when a service asks specific secret patterns.</p> - - <h2 id="how-to-configure-the-plugin">How to configure the plugin?</h2> - - <p>The plugin is enabled by default and since the version 4.2.0 of the API, it is possible to configure the plugin to apply these policies in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “Password Policies” section.</p> - - <p>At this stage, you can see 2 configurable sections:</p> - - <ul> - <li>Password generator default settings</li> - <li>External services</li> - </ul> - - <h3 id="configuring-the-default-password-generators">Configuring the default password generators</h3> - - <p>With this part, the password generator settings can be changed such that it becomes the default configuration when users generate a new secret or the default configuration set when they need to customize the generation of a secret. -The UI is composed in 3 parts:</p> - - <ul> - <li>the default used generator: password or passphrase</li> - <li>a togglable pannel to configure in details the password generator</li> - <li>a togglable pannel to configure in details the passphrase generator</li> - </ul> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/password-generator-settings.png" alt="Default password generator settings" style="max-width:450px;" /> - <span class="legend">fig. Default password generator settings</span> -</figure> - - <h4 id="configuring-the-password-generator">Configuring the password generator</h4> - - <p>To configure the password generator in details, open the configuration panel by clicking on “Passwords settings”. Then you can see an interface close to the password generator configuration. -From there you can change:</p> - - <ul> - <li>the default length of the generated password</li> - <li>the default set of characters that the password generator should use.</li> - <li>if the set of characters should use or not similar characters</li> - </ul> - - <p>To help administrators to have an idea of the strength of the generated password, an entropy bar is displayed on the top of the togglable panel.</p> - - <div class="message warning"> - <p> - Most generated password strength match the entropy displayed but notice that some generated password strength might be a bit lower than that. - </p> - -</div> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/passphrase-generator-settings.png" alt="Default passphrase generator settings" style="max-width:450px;" /> - <span class="legend">fig. Default passphrase generator settings</span> -</figure> - - <h4 id="configuring-the-passphrase-generator">Configuring the passphrase generator</h4> - - <p>To configure the passphrase generator in details, open the configuration panel by clicking on “Passphrase settings”. Then you can see an interface close to the passphrase generator configuration. -From there you can change:</p> - - <ul> - <li>the default number of words to generate</li> - <li>the default words separator to use</li> - <li>the default word case to use during passphrase generation</li> - </ul> - - <p>To help administrators to have an idea of the strength of the generated passphrase, an entropy bar is displayed on the top of the togglable panel. All generated passphrase strength match the entropy displayed.</p> - - <h3 id="configuring-the-external-dictionary-check">Configuring the external dictionary check</h3> - - <p>This option allows the administrators to choose rather if a secret should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user to inform them that the current secret could be leaked in a database but their Passbolt application cannot verify that.</p> - - <p>On the contrary, if the option is enabled, requests are made to an external service to check if the current secret is known in some data breach (notice that a hash of the secret is sent to the external service and not the secret itself). -In case of a secret leaked, the user is informed via a warning message.</p> - - <p>These warning messages are shown:</p> - - <ul> - <li>on the resource creation</li> - <li>on the resource modification</li> - <li>on the generation of an Organisation Recovery Kit</li> - </ul> - - <div class="message warning"> - <p> - Notice that these external checks are <strong>not</strong> done when a user is importing a set of passwords. - </p> - -</div> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -September -14th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues with Passbolt Pro Edition?</p> - <a href="mailto:contact@passbolt.com" class="button primary">Contact Pro support</a> - <p>or <a href="https://community.passbolt.com">ask the community</a></p> - -</div> - - </div> -</div>How to configure User Passphrase Policies2023-09-13T02:00:00+02:002023-09-13T02:00:00+02:00https://help.passbolt.com/configure/user-passphrase-policies<div class="row"> - <div class="col7"> - - <div class="message notice"> - <p> - <strong>Attention</strong>: This feature is only available in Passbolt Pro Edition. - </p> - -</div> - - <p>Since version 4.3.0, Passbolt Pro Edition supports User Passphrase Policies.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/passbolt-user-passphrase-policies.png" alt="Passbolt GUI - User Passphrase Policies administration" style="max-width:;" /> - <span class="legend">fig. Passbolt GUI - User Passphrase Policies administration</span> -</figure> - - <h2 id="how-does-it-work">How does it work?</h2> - - <p>User Passphrase Policies allows administrators to configure minimal strength requirements for the users’ private key passphrase. -When defining a new passphrase, users have to find a passphrase that matches these policies.</p> - - <p>Also, it allows to choose rather or not if a user’s passphrase should be check against an external service to know if it has been leaked or not.</p> - - <h2 id="how-to-configure-the-plugin">How to configure the plugin?</h2> - - <p>The plugin is enabled by default and since the version 4.3.0 of the browser extension, Passbolt uses this new User Passphrase Policies feature in all concerned UI. -To configure it though, you need to go the administration of your Passbolt instance and then go to the “User Passphrase Policies” section.</p> - - <p>At this stage, you can see 2 configurable sections:</p> - - <ul> - <li>User passphrase minimal entropy</li> - <li>External password dictionary check</li> - </ul> - - <h3 id="user-passphrase-minimal-entropy">User passphrase minimal entropy</h3> - - <p>This section allows administrators to choose among a preset of minimal entropy a user’s private key passphrase needs to match. -It concerns only the passphrase of the users’ private key and not the secret generated for the creation of a new password for instance (to change the secret generation behaviour, please refer to the Password Policies configuration page).</p> - - <p>As a consequence when a user has to define a passphrase, it will be required that the passphrase strength matches the minimal entropy set. In other words the strength of the passphrase will have to fit the requirements when:</p> - - <ul> - <li>a user is changing its private key passphrase</li> - <li>a user is defining a new passphrase during the account recovery process</li> - <li>a user is defining a passphrase during the creation of its Passbolt account</li> - </ul> - - <p>Notice that on some cases, passphrases does not have to match this requirements but instead the minimal entropy is shown as a recommendation. It’s the case when users import an already existing GPG private key, so when:</p> - - <ul> - <li>a user is recovering its account using its recovery kit</li> - <li>a user is creating a new account and imports its own encrypted GPG key</li> - </ul> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/passbolt-user-passphrase-policies_setup.png" alt="Passbolt GUI - Setup process with User Passphrase Policies" style="max-width:423px;" /> - <span class="legend">fig. Passbolt GUI - Setup process with User Passphrase Policies</span> -</figure> - - <h3 id="external-password-dictionary-check">External password dictionary check</h3> - - <p>This option allows the administrators to choose rather if a passphrase a user is typing should be checked against an external service or not. -If this option is disabled, a warning message is shown to the user that their passphrase could be leaked in a database but their Passbolt application cannot verify that.</p> - - <p>On the contrary, if the option is enabled, requests are made to an external service to check if the currently typed passphrase is known in some data breach (notice that a hash of the passphrase is sent to the external service and not the passphrase itself). -In case of the passphrase being known in data breach the user will be informed via a warning message.</p> - - <p>This feature impacts the behaviour of the application by:</p> - - <ul> - <li>blocking processes if the minimal entropy is required (not just recommended) in that process and the currently typed passphrase is leaked in a database</li> - <li>not blocking processes if the minimal entropy is recommended (not required)</li> - <li>not blocking processes if the external service cannot be called for any reason regardless of the minimal entropy being a requirement or a recommendation</li> - </ul> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/09/passbolt-user-passphrase-policies_leaked.png" alt="Passbolt GUI - Setup process with a leaked password" style="max-width:423px;" /> - <span class="legend">fig. Passbolt GUI - Setup process with a leaked password</span> -</figure> - - </div> -</div>How to configure Role-Based Access Control2023-07-05T02:00:00+02:002023-07-05T02:00:00+02:00https://help.passbolt.com/configure/rbac<div class="row"> - <div class="col7"> - - <p>Since version 4.1.0, all editions of passbolt support Role-Based Access Control.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/06/rbac.png" alt="Role-Based Access Control" style="max-width:850px;" /> - <span class="legend">fig. Role-Based Access Control</span> -</figure> - - <h2 id="requirements">Requirements</h2> - - <p>You can follow this procedure if you are meeting the following requirements:</p> - - <ul> - <li>You are running passbolt &gt;= v4.1.0.</li> - <li>You have an active administrator account.</li> - </ul> - - <h2 id="how-does-it-work">How does it work?</h2> - - <p>RBAC is a feature introduced that as for aim to restrict the access of functionalities to users.</p> - - <p>According to the administrator choices, users can be restricted to some functionalities. The administrator has only to chose between allow or deny options for the functionalities.</p> - - <h2 id="rbac">RBAC</h2> - - <p>In order to configure RBAC for your organisation, go to administration setting workspace <em>Administration</em> &gt; <em>Role-Based Access Control</em>.</p> - - <h3 id="choose-to-restrict-or-not-a-functionality">Choose to restrict or not a functionality</h3> - - <p>By default, all functionalities are allowed. To deny one select and restrict the one that suits best your organization.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/06/rbac-select-permission.png" alt="RBAC administration settings select permission" style="max-width:550px;" /> - <span class="legend">fig. RBAC administration settings select permission</span> -</figure> - - <h3 id="apply-the-changes">Apply the changes</h3> - - <p>Once the RBAC is configured as you wish, you can apply the changes. Click on the “save settings” button.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2023/06/rbac-save.png" alt="RBAC administration settings save changes" style="max-width:550px;" /> - <span class="legend">fig. RBAC administration settings save changes</span> -</figure> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -July -5th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues with Passbolt Pro Edition?</p> - <a href="mailto:contact@passbolt.com" class="button primary">Contact Pro support</a> - <p>or <a href="https://community.passbolt.com">ask the community</a></p> - -</div> - - </div> -</div>Install Passbolt Pro on Debian 12 (Bookworm)2023-06-29T02:00:00+02:002023-06-29T02:00:00+02:00https://help.passbolt.com/hosting/install/pro/debian/Debian<div class="row"> - <div class="col7"> - - <h2 id="prerequisites">Prerequisites</h2> - - <p>For this tutorial, you will need:</p> - - <ul> - <li> - <p>A minimal Debian 12 server.</p> - </li> - <li>A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.</li> - <li>a working SMTP server for email notifications</li> - <li>a working NTP service to avoid GPG authentication issues</li> - </ul> - - <p>The recommended server requirements are:</p> - <ul> - <li>2 cores</li> - <li>2GB of RAM</li> - </ul> - - <p>FAQ pages:</p> - - <ul> - <li><a href="/faq/hosting/set-up-ntp">Set up NTP</a></li> - <li><a href="/faq/hosting/firewall-rules" target="_blank">Firewall rules</a></li> - </ul> - - <div class="message warning"> - <p> - <strong>Please note:</strong> It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. - </p> - -</div> - - <div class="message notice"> - <p> - <b>Pro tip:</b> If you are going to manually provision SSL certificates you may want to do that before beginning! - </p> - -</div> - - <h2 id="package-repository-setup">Package repository setup</h2> - - <p>For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.</p> - - <p><strong>Step 1.</strong> Download our dependencies installation script:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh" -</code></pre></div> </div> - - <p><strong>Step 2.</strong> Download our SHA512SUM for the installation script:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt -</code></pre></div> </div> - - <p><strong>Step 3.</strong> Ensure that the script is valid and execute it:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sha512sum -c passbolt-pro-SHA512SUM.txt &amp;&amp; sudo bash ./passbolt-repo-setup.pro.sh || echo \"Bad checksum. Aborting\" &amp;&amp; rm -f passbolt-repo-setup.pro.sh -</code></pre></div> </div> - - <h2 id="install-passbolt-official-linux-package">Install passbolt official linux package</h2> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install passbolt-pro-server -</code></pre></div> </div> - - <h4 id="configure-mariadb">Configure mariadb</h4> - - <p>If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/configure_mysql_pro.png" alt="Configure database dialog" style="max-width:450px;" /> - <span class="legend">fig. Configure database dialog</span> -</figure> - - <p>The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be <code class="language-plaintext highlighter-rouge">root</code> and the password would be empty.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/mysql_admin_user_pro.png" alt="Database admin user dialog" style="max-width:450px;" /> - <span class="legend">fig. Database admin user dialog</span> -</figure> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/mysql_admin_user_pass_pro.png" alt="Database admin user pass dialog" style="max-width:450px;" /> - <span class="legend">fig. Database admin user pass dialog</span> -</figure> - - <p>Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/passbolt_db_user_name_pro.png" alt="Database passbolt user dialog" style="max-width:450px;" /> - <span class="legend">fig. Database passbolt user dialog</span> -</figure> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/passbolt_db_user_pass_pro.png" alt="Database passbolt user pass dialog" style="max-width:450px;" /> - <span class="legend">fig. Database passbolt user pass dialog</span> -</figure> - - <p>Lastly we need to create a database for passbolt to use, for that we need to name it:</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2020/05/debian-package/db_name_pro.png" alt="Database name dialog" style="max-width:450px;" /> - <span class="legend">fig. Database name dialog</span> -</figure> - - <h4 id="configure-nginx-for-serving-https">Configure nginx for serving HTTPS</h4> - - <p>Depending on your needs there are two different options to setup nginx and SSL using the Debian package:</p> - - <ul> - <li><a href="/configure/https/pro/debian/auto.html">Auto (Using Let’s Encrypt)</a></li> - <li><a href="/configure/https/pro/debian/manual.html">Manual (Using user-provided SSL certificates)</a></li> - </ul> - - <h2 id="configure-passbolt">2. Configure passbolt</h2> - - <p>Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/web-installer-getting-started.png" alt="passbolt welcome page before configuration" style="max-width:586px;" /> - <span class="legend">fig. passbolt welcome page before configuration</span> -</figure> - - <h3 id="healthcheck">2.1. Healthcheck</h3> - - <p>The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-healthcheck.png" alt="wizard - healthcheck" style="max-width:586px;" /> - <span class="legend">fig. wizard - healthcheck</span> -</figure> - - <h3 id="subscription-key">2.2. Subscription key</h3> - - <p>At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-subscription-key.png" alt="wizard - subscription key" style="max-width:586px;" /> - <span class="legend">fig. wizard - subscription key</span> -</figure> - - <h3 id="database">2.3. Database</h3> - - <p>This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/web-installer-pro-database.png" alt="wizard - database" style="max-width:586px;" /> - <span class="legend">fig. wizard - database</span> -</figure> - - <h3 id="gpg-key">2.4. GPG key</h3> - - <p>In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.</p> - - <p>Generate a key if you don’t have one.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-server-key-generate.png" alt="wizard - generate a key pair" style="max-width:586px;" /> - <span class="legend">fig. wizard - generate a key pair</span> -</figure> - - <p><strong>Optional</strong>: Import a key if you already have one and you want your server to use it.</p> - - <p><div class="message warning"> - <strong>Do not set a passphrase or an expiration date</strong> - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -</div></p> - - <p>To create a new GnuPG key without passphrase:</p> - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gpg --batch --no-tty --gen-key &lt;&lt;EOF - Key-Type: default - Key-Length: 2048 - Subkey-Type: default - Subkey-Length: 2048 - Name-Real: John Doe - Name-Email: email@domain.tld - Expire-Date: 0 - %no-protection - %commit -EOF -</code></pre></div> </div> - - <p>Feel free to replace <strong>Name-Real</strong> and <strong>Name-Email</strong> with your own.</p> - - <p>To display your new key:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gpg --armor --export-secret-keys email@domain.tld -</code></pre></div> </div> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-server-key-import.png" alt="wizard - import a key pair" style="max-width:586px;" /> - <span class="legend">fig. wizard - import a key pair</span> -</figure> - - <h3 id="mail-server-smtp">2.5. Mail server (SMTP)</h3> - - <p>At this stage, the wizard will ask you to enter the details of your SMTP server.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-email.png" alt="wizard - smtp mail server details" style="max-width:586px;" /> - <span class="legend">fig. wizard - smtp mail server details</span> -</figure> - - <p>You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/04/wizard-test-email.png" alt="wizard - test smtp settings" style="max-width:300px;" /> - <span class="legend">fig. wizard - test smtp settings</span> -</figure> - - <h3 id="preferences">2.6. Preferences</h3> - - <p>The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-options.png" alt="wizard - preferences" style="max-width:586px;" /> - <span class="legend">fig. wizard - preferences</span> -</figure> - - <h3 id="first-user-creation">2.7. First user creation</h3> - - <p>You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-first-user.png" alt="wizard - first user" style="max-width:586px;" /> - <span class="legend">fig. wizard - first user</span> -</figure> - - <h3 id="installation">2.8. Installation</h3> - - <p>That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-install.png" alt="wizard - installation" style="max-width:586px;" /> - <span class="legend">fig. wizard - installation</span> -</figure> - - <p>Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2018/11/web-installer-pro-completed.png" alt="wizard - completion and redirection" style="max-width:586px;" /> - <span class="legend">fig. wizard - completion and redirection</span> -</figure> - - <h2 id="configure-your-administrator-account">3. Configure your administrator account</h2> - - <h3 id="download-the-plugin">3.1. Download the plugin</h3> - - <p>Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/user-setup-download-browser-extension.png" alt="download the browser extension" style="max-width:586px;" /> - <span class="legend">fig. download the browser extension</span> -</figure> - - <h3 id="create-a-new-key">3.2. Create a new key</h3> - - <p>Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/user-setup-generate-key.png" alt="generate a key" style="max-width:586px;" /> - <span class="legend">fig. generate a key</span> -</figure> - - <h3 id="download-your-recovery-kit">3.3. Download your recovery kit</h3> - - <p>This step is essential. Your key is the only way to access your account and passwords.</p> - - <div class="message warning"> - <p> - <strong>WARNING:</strong> If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. - </p> - -</div> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/user-setup-download-recovery-kit.png" alt="download the recovery kit" style="max-width:586px;" /> - <span class="legend">fig. download the recovery kit</span> -</figure> - - <h3 id="define-your-security-token">3.4. Define your security token</h3> - - <p>Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.</p> - - <figure> - <img src="https://help.passbolt.com/assets/img/help/2021/02/user-setup-security-token.png" alt="define your security token" style="max-width:586px;" /> - <span class="legend">fig. define your security token</span> -</figure> - - <h3 id="thats-it">3.5. That’s it!</h3> - - <p>Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!</p> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -June -29th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues with Passbolt Pro Edition?</p> - <a href="mailto:contact@passbolt.com" class="button primary">Contact Pro support</a> - <p>or <a href="https://community.passbolt.com">ask the community</a></p> - -</div> - - <div class="message tldr"> - <p>Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!</p> - - <a href="https://www.github.com/passbolt/passbolt_help" class="button ">View on github</a> - -</div> - - </div> -</div>Upgrade from Debian 11 to Debian 122023-06-29T02:00:00+02:002023-06-29T02:00:00+02:00https://help.passbolt.com/hosting/upgrade/ce/from-debian-11-to-debian-12-ce<div class="row"> - <div class="col7"> - - <h2 id="prerequisites">Prerequisites</h2> - - <p>For this tutorial, you will need:</p> - <ul> - <li>A Debian 11 server.</li> - <li>Passbolt Debian package installed.</li> - <li>Ensure you have sufficient space for the upgrade.</li> - </ul> - - <p>This manual has for aim to help you upgrade your distribution, but it does not replace -<a href="https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html">the official Debian guide</a>, please refer to it if you have any doubt.</p> - - <h2 id="take-down-your-site">1. Take down your site</h2> - - <p>It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl stop nginx -</code></pre></div> </div> - - <h2 id="backup-your-instance">2. Backup your instance</h2> - - <p>First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our <a href="/hosting/backup">backup process</a>.</p> - - <h2 id="prepare-repositories">3. Prepare repositories</h2> - - <h3 id="upgrade-the-os-and-other-third-party-repositories">3.1. Upgrade the OS and other third party repositories</h3> - - <p>Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 12. This can be easily done with sed:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list -</code></pre></div> </div> - - <p>Please, take a moment with: <em>cat /etc/apt/sources.list</em> to ensure that there is not any bullseye left on this file. You should expect something like what’s shown below.</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main</span> - -<span class="c">#deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main</span> - -deb http://httpredir.debian.org/debian/ bookworm main -deb-src http://httpredir.debian.org/debian/ bookworm main - -deb http://security.debian.org/debian-security bookworm-security main contrib -deb-src http://security.debian.org/debian-security bookworm-security main contrib - -<span class="c"># bookworm-updates, to get updates before a point release is made;</span> -<span class="c"># see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports</span> -deb http://httpredir.debian.org/debian/ bookworm-updates main contrib -deb-src http://httpredir.debian.org/debian/ bookworm-updates main contrib - -</code></pre></div> </div> - - <h2 id="upgrade-your-system">4. Upgrade your system</h2> - - <p>Update the apt indexes :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt update -</code></pre></div> </div> - - <p>Upgrade Passbolt PRO :</p> - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt --only-upgrade install passbolt-pro-server -</code></pre></div> </div> - - <div class="message warning"> - <p> - You are using Passbolt CE? Run <code class="language-plaintext highlighter-rouge">sudo apt --only-upgrade install passbolt-ce-server</code> - </p> - -</div> - - <p>You can now upgrade your system :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Upgrade first -sudo apt upgrade - -# Then perform the dist-upgrade -sudo apt dist-upgrade -</code></pre></div> </div> - - <h3 id="ensure-that-you-are-running-the-correct-distributions">4.1. Ensure that you are running the correct distributions</h3> - - <p>In order to verify the distribution :</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lsb_release <span class="nt">-a</span> -</code></pre></div> </div> - - <h3 id="ensure-that-you-are-running-the-correct-php-82-version">4.2. Ensure that you are running the correct PHP 8.2 version</h3> - - <p>To verify the PHP version :</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>php <span class="nt">-v</span> -</code></pre></div> </div> - - <h2 id="update-passbolt-nginx-configuration">5. Update passbolt nginx configuration</h2> - - <p>As php-fpm has been upgraded from 7.4 to 8.2, nginx configuration has to be updated accordingly.</p> - - <p>It can easily be done with sed :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sed -i 's/php7.4-fpm/php8.2-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf -</code></pre></div> </div> - - <p>Check if you have no configuration issue :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nginx -t -</code></pre></div> </div> - - <p>It should return:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -</code></pre></div> </div> - - <p>You can now safely restart the nginx web server and php-fpm:</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>systemctl restart nginx -<span class="nb">sudo </span>systemctl restart php8.2-fpm -</code></pre></div> </div> - - <h2 id="reboot-your-server">6. Reboot your server</h2> - - <p>With Debian 12 comes a new Linux kernel, you must reboot your server.</p> - - <h2 id="clean-useless-packages">7. Clean useless packages</h2> - - <p>Once the server rebooted on the new kernel, you can now remove useless packages:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt autoremove --purge -sudo apt autoclean -</code></pre></div> </div> - - <h2 id="troubleshooting">8. Troubleshooting</h2> - - <h3 id="mariadb-went-missing">MariaDB went missing</h3> - - <p>It is possible your MariaDB instance has been uninstalled. You can install it back:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install default-mysql-server -</code></pre></div> </div> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -June -29th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues when updating passbolt?</p> - - <a href="https://community.passbolt.com/c/installation-issues" class="button primary">Ask the community!</a> - -</div> - - <div class="message "> - <p></p> - -</div> - - <div class="message tldr"> - <p>Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!</p> - - <a href="https://www.github.com/passbolt/passbolt_help" class="button ">View on github</a> - -</div> - - </div> -</div>Upgrade from Debian 11 to Debian 122023-06-29T02:00:00+02:002023-06-29T02:00:00+02:00https://help.passbolt.com/hosting/upgrade/pro/from-debian-11-to-debian-12-pro<div class="row"> - <div class="col7"> - - <h2 id="prerequisites">Prerequisites</h2> - - <p>For this tutorial, you will need:</p> - <ul> - <li>A Debian 11 server.</li> - <li>Passbolt Debian package installed.</li> - <li>Ensure you have sufficient space for the upgrade.</li> - </ul> - - <p>This manual has for aim to help you upgrade your distribution, but it does not replace -<a href="https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html">the official Debian guide</a>, please refer to it if you have any doubt.</p> - - <h2 id="take-down-your-site">1. Take down your site</h2> - - <p>It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl stop nginx -</code></pre></div> </div> - - <h2 id="backup-your-instance">2. Backup your instance</h2> - - <p>First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our <a href="/hosting/backup">backup process</a>.</p> - - <h2 id="prepare-repositories">3. Prepare repositories</h2> - - <h3 id="upgrade-the-os-and-other-third-party-repositories">3.1. Upgrade the OS and other third party repositories</h3> - - <p>Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 12. This can be easily done with sed:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list -</code></pre></div> </div> - - <p>Please, take a moment with: <em>cat /etc/apt/sources.list</em> to ensure that there is not any bullseye left on this file. You should expect something like what’s shown below.</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main</span> - -<span class="c">#deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main</span> - -deb http://httpredir.debian.org/debian/ bookworm main -deb-src http://httpredir.debian.org/debian/ bookworm main - -deb http://security.debian.org/debian-security bookworm-security main contrib -deb-src http://security.debian.org/debian-security bookworm-security main contrib - -<span class="c"># bookworm-updates, to get updates before a point release is made;</span> -<span class="c"># see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports</span> -deb http://httpredir.debian.org/debian/ bookworm-updates main contrib -deb-src http://httpredir.debian.org/debian/ bookworm-updates main contrib - -</code></pre></div> </div> - - <h2 id="upgrade-your-system">4. Upgrade your system</h2> - - <p>Update the apt indexes :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt update -</code></pre></div> </div> - - <p>Upgrade Passbolt PRO :</p> - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt --only-upgrade install passbolt-pro-server -</code></pre></div> </div> - - <div class="message warning"> - <p> - You are using Passbolt CE? Run <code class="language-plaintext highlighter-rouge">sudo apt --only-upgrade install passbolt-ce-server</code> - </p> - -</div> - - <p>You can now upgrade your system :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Upgrade first -sudo apt upgrade - -# Then perform the dist-upgrade -sudo apt dist-upgrade -</code></pre></div> </div> - - <h3 id="ensure-that-you-are-running-the-correct-distributions">4.1. Ensure that you are running the correct distributions</h3> - - <p>In order to verify the distribution :</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lsb_release <span class="nt">-a</span> -</code></pre></div> </div> - - <h3 id="ensure-that-you-are-running-the-correct-php-82-version">4.2. Ensure that you are running the correct PHP 8.2 version</h3> - - <p>To verify the PHP version :</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>php <span class="nt">-v</span> -</code></pre></div> </div> - - <h2 id="update-passbolt-nginx-configuration">5. Update passbolt nginx configuration</h2> - - <p>As php-fpm has been upgraded from 7.4 to 8.2, nginx configuration has to be updated accordingly.</p> - - <p>It can easily be done with sed :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sed -i 's/php7.4-fpm/php8.2-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf -</code></pre></div> </div> - - <p>Check if you have no configuration issue :</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nginx -t -</code></pre></div> </div> - - <p>It should return:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok -nginx: configuration file /etc/nginx/nginx.conf test is successful -</code></pre></div> </div> - - <p>You can now safely restart the nginx web server and php-fpm:</p> - - <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>systemctl restart nginx -<span class="nb">sudo </span>systemctl restart php8.2-fpm -</code></pre></div> </div> - - <h2 id="reboot-your-server">6. Reboot your server</h2> - - <p>With Debian 12 comes a new Linux kernel, you must reboot your server.</p> - - <h2 id="clean-useless-packages">7. Clean useless packages</h2> - - <p>Once the server rebooted on the new kernel, you can now remove useless packages:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt autoremove --purge -sudo apt autoclean -</code></pre></div> </div> - - <h2 id="troubleshooting">8. Troubleshooting</h2> - - <h3 id="mariadb-went-missing">MariaDB went missing</h3> - - <p>It is possible your MariaDB instance has been uninstalled. You can install it back:</p> - - <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install default-mysql-server -</code></pre></div> </div> - - <div class="last-updated"> - <h3>Last updated</h3> - <p>This article was last updated on -June -29th, -2023.</p> - </div> - - </div> - <div class="col4 last push1"> - - <div class="message tldr notice"> - <p>Are you experiencing issues when updating passbolt?</p> - - <a href="https://community.passbolt.com/c/installation-issues" class="button primary">Ask the community!</a> - -</div> - - <div class="message "> - <p></p> - -</div> - - <div class="message tldr"> - <p>Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!</p> - - <a href="https://www.github.com/passbolt/passbolt_help" class="button ">View on github</a> - -</div> - - </div> -</div> \ No newline at end of file +Jekyll2024-03-20T17:06:34+01:00https://help.passbolt.com/feed.xmlPassbolt | HelpThe help site for passbolt, the open source password manager for teams. This site contains frequently asked questions, article to troubleshoot common issues, installation tutorials, blueprints for developers, and more! \ No newline at end of file diff --git a/docs/hosting/backup.html b/docs/hosting/backup.html deleted file mode 100644 index 6b4afb500..000000000 --- a/docs/hosting/backup.html +++ /dev/null @@ -1,1032 +0,0 @@ - - - - - Passbolt Help | Backup - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Backup your passbolt instance

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - From source - Backing up a from source passbolt installation - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - DEB/RPM package - Backing up a Passbolt package installation - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Docker - Backing up a docker passbolt installation - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/hosting/backup/backup-v1.html b/docs/hosting/backup/backup-v1.html deleted file mode 100644 index b00f6d470..000000000 --- a/docs/hosting/backup/backup-v1.html +++ /dev/null @@ -1,309 +0,0 @@ - - - - - Passbolt Help | Backing up a passbolt installation (v1) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Backing up a passbolt installation (v1)

    -
    -
    - -
    -
    -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    1. The database

    - -

    This can be easily scripted using mysqldump for example:

    - 
    mysqldump -u[user] -p[pass] db > /path/to/backup.sql
-
    - -

    2. The avatars

    - -

    The images in app/webroot/img/public also need to be backed up, otherwise profile images will be lost.

    - -

    3. The server public and private keys

    - 
    gpg --export-secret-key -a "passbolt user" > private.key
-
    -

    4. The application configuration

    - -

    The files located in app/Config such as core.php, app.php, email.php, database.php. It is optional, but it can save you some time if you need to rebuild a new instance.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -June -15th, -2017.

    -
    - -
    -
    - -
    -

    This article is for passbolt v1, make sure you check the newest version of this article if you are using a more recent version.

    - - See latest version - -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/backup/debian.html b/docs/hosting/backup/debian.html deleted file mode 100644 index 787b2fe7c..000000000 --- a/docs/hosting/backup/debian.html +++ /dev/null @@ -1,357 +0,0 @@ - - - - - Passbolt Help | Debian package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Debian package

    -
    -
    - - -
    -
    - -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    1. The database

    - -

    We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.

    - -

    Replace WEB_SERVER_USER with the correct one. Depending on your OS, it could be nginx, www-data, etc.

    - - 
    sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER
-
    - -

    2. The server public and private keys

    - -

    The GPG server keys are stored under /etc/passbolt/gpg/ folder:

    - -
      -
    • private key is serverkey_private.asc
      • -
    • public key is serverkey.asc
      • -
    - -

    3. The application configuration

    - -

    Passbolt debian package stores all configuration files under /etc/passbolt/* but the one you need is /etc/passbolt/passbolt.php

    - -

    4. The avatars (for Passbolt version prior to 3.2)

    - -
    -

    - Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database. -

    - -
    - -

    Back up /usr/share/php/passbolt/webroot/img/avatar to avoid losing -the profile images.

    - - 
    sudo tar cvfzp passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ webroot/img/avatar
-
    - -

    Backup list

    - -

    At the end of the backup process you should have:

    - -
      -
    • a dump of your database
      • -
    • the server public and private GPG keys
      • -
    • a copy of your config/passbolt.php configuration file
      • -
    • a copy of your avatar folder (only if Passbolt version < 3.2)
      • -
    - -

    Migrate the back-up to the new server

    - -

    We will still consider that the backup files are in your user home directory ~/backup

    - -

    On the original server

    - -

    Use a tool such as tar to compress the backup directory

    - 
    tar -cvzf /home/backup.tar.gz /home/backup
-
    - -

    You should copy the compressed backup file to the new server. Use a tool such as scp to do it

    - 
    scp /home/backup.tar.gz new_server_username@server_ip:/home
-
    - -

    On the new server

    - -

    The compressed backup file should appears inside your home directory, we will extract using a tool such as tar

    - 
    tar -xzvf /home/backup.tar.gz -C /home/backup
-
    - -

    The uncompressed backup file are now available inside your home directory.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -February -10th, -2021.

    -
    - -
    -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/backup/docker.html b/docs/hosting/backup/docker.html deleted file mode 100644 index c3e8a465e..000000000 --- a/docs/hosting/backup/docker.html +++ /dev/null @@ -1,382 +0,0 @@ - - - - - Passbolt Help | Docker - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Docker

    -
    -
    - - -
    -
    - -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    We assume here Passbolt container is named “passbolt-container” and MariaDB -container “database-container”. -Please replace these names with your own. You can use docker ps for this.

    - -
    -

    - Many docker users use “-ti”, “-it” or “-t -i” arguments to execute commands on docker containers. To get reliable backups on docker, please use only -i, as -t will create a pseudo-tty and make your backup files unusuable. -

    - -
    - -

    1. The database

    - -

    This can be easily scripted using mysqldump. -Use docker exec to connect to the Passbolt database container and write mysqldump output to a local file.

    - -

    Be sure to use simple-quotes for the bash -c argument to be able to use MYSQL_USER, MYSQL_PASSWORD and MYSQL_DATABASE environment variables.

    - - 
    docker exec -i database-container bash -c \
-'mysqldump -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}' \
-> /path/to/backup.sql
-
    - -

    2. The server public and private keys

    - -

    You can use docker cp to backup the Passbolt GPG keys:

    - - 
    docker cp passbolt-container:/etc/passbolt/gpg/serverkey_private.asc \
-    /path/to/backup/serverkey_private.asc
-docker cp passbolt-container:/etc/passbolt/gpg/serverkey.asc \
-    /path/to/backup/serverkey.asc
-
    - -

    3. The application configuration

    - -

    Passbolt docker stores its configuration as environment variables.

    - -

    If you are using docker-compose, environment variables are on the env folder:

    - -
      -
    • env/passbolt.env
      • -
    • env/mysql.env
      • -
    - -

    If you are running docker container, you should have passed these variables through the command line. -Please check the -passbolt env variable reference

    - -

    4. The avatars (for Passbolt version prior to 3.2)

    - -
    -

    - Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database. -

    - -
    - - 
    docker exec -i passbolt-container \
-    tar cvfzp - -C /usr/share/php/passbolt/ webroot/img/avatar \
-    > passbolt-avatars.tar.gz
-
    - -

    Backup list

    - -

    At the end of the backup process you should have:

    - -
      -
    • a dump of your database
      • -
    • the server public and private GPG keys
      • -
    • a copy of your config/passbolt.php configuration file
      • -
    • a copy of your avatar folder (only if Passbolt version < 3.2)
      • -
    - -

    Migrate the back-up to the new server

    - -

    We will still consider that the backup files are in your user home directory ~/backup

    - -

    On the original server

    - -

    Use a tool such as tar to compress the backup directory

    - 
    tar -cvzf /home/backup.tar.gz /home/backup
-
    - -

    You should copy the compressed backup file to the new server. Use a tool such as scp to do it

    - 
    scp /home/backup.tar.gz new_server_username@server_ip:/home
-
    - -

    On the new server

    - -

    The compressed backup file should appears inside your home directory, we will extract using a tool such as tar

    - 
    tar -xzvf /home/backup.tar.gz -C /home/backup
-
    - -

    The uncompressed backup file are now available inside your home directory.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -October -1st, -2021.

    -
    - -
    -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/backup/from-source.html b/docs/hosting/backup/from-source.html deleted file mode 100644 index 70acd2933..000000000 --- a/docs/hosting/backup/from-source.html +++ /dev/null @@ -1,382 +0,0 @@ - - - - - Passbolt Help | Backing up a passbolt installation - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Backing up a passbolt installation

    -
    -
    - -
    -
    - -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    1. The database

    - -

    We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.

    - -

    Replace WEB_SERVER_USER with the correct one. Depending on your OS, it could be nginx, www-data, etc.

    - - 
    sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER
-
    - -

    2. The server public and private keys

    - -

    The easiest way is copy the server OpenPGP key in config/gpg.

    - -
      -
    • private key is serverkey_private.asc
      • -
    • public key is serverkey.asc
      • -
    - -

    Another method is to export it using GnuPG. You can use the email attached to your keys to identify them or use the fingerprint. -In order to find the fingerprint if you do not know the email attached to your keys:

    - - 
    sudo -H -u www-data /bin/bash -c "gpg --list-keys"
-
    - -

    If you know the email attached to your keys you can use it to export your keys as follows:

    - - 
    sudo -H -u www-data /bin/bash -c "gpg --export-secret-keys <identifier> > /var/www/passbolt/config/gpg/private.asc" www-data
-sudo -H -u www-data /bin/bash -c "gpg --export <identifier> > /var/www/passbolt/config/gpg/public.asc" www-data
-
    -

    Where can be the key fingerprint or the email associated with the key you want to export.

    - -
    -

    - Be sure to remove the expiration time before importing the keys at backup restore. While restoring the backup, the imported keys cannot have an expiry date. -

    - -
    - -

    3. The application configuration

    - -

    Passbolt configuration file is located in config/passbolt.php.

    - -

    4. The avatars (for Passbolt version prior to 3.2)

    - -
    -

    - Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database. -

    - -
    - -

    Back up webroot/img/public to avoid losing the profile images.

    - - 
    sudo tar cvfzp passbolt-avatars.tar.gz -C /var/www/passbolt/ webroot/img/avatar
-
    - -

    Backup list

    - -

    At the end of the backup process you should have:

    - -
      -
    • a dump of your database
      • -
    • the server public and private GPG keys
      • -
    • a copy of your config/passbolt.php configuration file
      • -
    • a copy of your avatar folder (only if Passbolt version < 3.2)
      • -
    - -

    Migrate the back-up to the new server

    - -

    We will still consider that the backup files are in your user home directory ~/backup

    - -

    On the original server

    - -

    Use a tool such as tar to compress the backup directory

    - 
    tar -cvzf /home/backup.tar.gz /home/backup
-
    - -

    You should copy the compressed backup file to the new server. Use a tool such as scp to do it

    - 
    scp /home/backup.tar.gz new_server_username@server_ip:/home
-
    - -

    On the new server

    - -

    The compressed backup file should appears inside your home directory, we will extract using a tool such as tar

    - 
    tar -xzvf /home/backup.tar.gz -C /home/backup
-
    - -

    The uncompressed backup file are now available inside your home directory.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -March -14th, -2018.

    -
    - -
    -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    Are you still using passbolt v1? Check out the previous version of this article.

    - - See previous version - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/backup/package.html b/docs/hosting/backup/package.html deleted file mode 100644 index 289e76ab0..000000000 --- a/docs/hosting/backup/package.html +++ /dev/null @@ -1,356 +0,0 @@ - - - - - Passbolt Help | Backing up a Passbolt package installation - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Backing up a Passbolt package installation

    -
    -
    - -
    -
    - -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    1. The database

    - -

    We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.

    - -

    Replace WEB_SERVER_USER with the correct one. Depending on your OS, it could be nginx, www-data, etc.

    - - 
    sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER
-
    - -

    2. The server public and private keys

    - -

    The GPG server keys are stored under /etc/passbolt/gpg/ folder:

    - -
      -
    • private key is serverkey_private.asc
      • -
    • public key is serverkey.asc
      • -
    - -

    3. The application configuration

    - -

    Passbolt package stores all configuration files under /etc/passbolt/* but the one you need is /etc/passbolt/passbolt.php

    - -

    4. The avatars (for Passbolt version prior to 3.2)

    - -
    -

    - Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database. -

    - -
    - -

    Back up /usr/share/php/passbolt/webroot/img/avatar to avoid losing -the profile images.

    - - 
    sudo tar cvfzp passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ webroot/img/avatar
-
    - -

    Backup list

    - -

    At the end of the backup process you should have:

    - -
      -
    • a dump of your database
      • -
    • the server public and private GPG keys
      • -
    • a copy of your config/passbolt.php configuration file
      • -
    • a copy of your avatar folder (only if Passbolt version < 3.2)
      • -
    - -

    Migrate the back-up to the new server

    - -

    We will still consider that the backup files are in your user home directory ~/backup

    - -

    On the original server

    - -

    Use a tool such as tar to compress the backup directory

    - 
    tar -cvzf /home/backup.tar.gz /home/backup
-
    - -

    You should copy the compressed backup file to the new server. Use a tool such as scp to do it

    - 
    scp /home/backup.tar.gz new_server_username@server_ip:/home
-
    - -

    On the new server

    - -

    The compressed backup file should appears inside your home directory, we will extract using a tool such as tar

    - 
    tar -xzvf /home/backup.tar.gz -C /home/backup
-
    - -

    The uncompressed backup file are now available inside your home directory.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/backup/ubuntu.html b/docs/hosting/backup/ubuntu.html deleted file mode 100644 index 35e2cb07e..000000000 --- a/docs/hosting/backup/ubuntu.html +++ /dev/null @@ -1,357 +0,0 @@ - - - - - Passbolt Help | Ubuntu package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Ubuntu package

    -
    -
    - - -
    -
    - -

    Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important -information, it is equally important to have a backup strategy in place.

    - -

    As a passbolt administrator it is your responsibility to define how often and when to perform backups. -Please automate and customize this process to match the needs and policies of your organization.

    - -

    Here are some best practices to keep in mind:

    - -
      -
    • Ensure that the backups are taken at intervals that match your usage
      • -
    • Take these backups off-site, or to another environment than the live one
      • -
    • Make sure the backup is encrypted and stored in a safe location
      • -
    • Practice drills and test the backups to make sure they work
      • -
    - -

    What to backup?

    - -

    If you are a PRO user, ensure you have a backup of your subscription key.

    - -

    There are also several elements you need to backup:

    - -

    1. The database

    - -

    We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.

    - -

    Replace WEB_SERVER_USER with the correct one. Depending on your OS, it could be nginx, www-data, etc.

    - - 
    sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER
-
    - -

    2. The server public and private keys

    - -

    The GPG server keys are stored under /etc/passbolt/gpg/ folder:

    - -
      -
    • private key is serverkey_private.asc
      • -
    • public key is serverkey.asc
      • -
    - -

    3. The application configuration

    - -

    Passbolt ubuntu package stores all configuration files under /etc/passbolt/* but the one you need is /etc/passbolt/passbolt.php

    - -

    4. The avatars (for Passbolt version prior to 3.2)

    - -
    -

    - Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database. -

    - -
    - -

    Back up /usr/share/php/passbolt/webroot/img/avatar to avoid losing -the profile images.

    - - 
    sudo tar cvfzp passbolt-avatars.tar.gz -C /usr/share/php/passbolt/ webroot/img/avatar
-
    - -

    Backup list

    - -

    At the end of the backup process you should have:

    - -
      -
    • a dump of your database
      • -
    • the server public and private GPG keys
      • -
    • a copy of your config/passbolt.php configuration file
      • -
    • a copy of your avatar folder (only if Passbolt version < 3.2)
      • -
    - -

    Migrate the back-up to the new server

    - -

    We will still consider that the backup files are in your user home directory ~/backup

    - -

    On the original server

    - -

    Use a tool such as tar to compress the backup directory

    - 
    tar -cvzf /home/backup.tar.gz /home/backup
-
    - -

    You should copy the compressed backup file to the new server. Use a tool such as scp to do it

    - 
    scp /home/backup.tar.gz new_server_username@server_ip:/home
-
    - -

    On the new server

    - -

    The compressed backup file should appears inside your home directory, we will extract using a tool such as tar

    - 
    tar -xzvf /home/backup.tar.gz -C /home/backup
-
    - -

    The uncompressed backup file are now available inside your home directory.

    - -

    What about the secret keys of my collaborators?

    - -

    Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.

    - -

    As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.

    - -

    It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.

    - -
    -

    Last updated

    -

    This article was last updated on -September -16th, -2021.

    -
    - -
    -
    - -
    -

    Do you have a question about backups? Do you want to share your experience and best practices?

    - - Get in touch! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/index.html b/docs/hosting/index.html deleted file mode 100644 index ab80b2849..000000000 --- a/docs/hosting/index.html +++ /dev/null @@ -1,299 +0,0 @@ - - - - - Passbolt Help | Hosting - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - - - - - - - - -
    -
    -

    Hosting

    -
    -
    -
    - - -
    - - - - - - Hosting FAQ - Frequently asked questions about hosting - -
    - - -
    - - - - - - Installation - How to install passbolt on your own server - -
    - - -
    - - - - - - Update - How to update a self-hosted passbolt instance - -
    - - -
    - - - - - - Upgrade - How to upgrade passbolt. - -
    - - -
    - - - - - - Backup - Guidelines to backup a passbolt instance - -
    - - -
    - - - - - - Installation issues - Do you need help installing passbolt? - -
    - -
    - - - - - - - - - - - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/hosting/install-v1.html b/docs/hosting/install-v1.html deleted file mode 100644 index 24743e87f..000000000 --- a/docs/hosting/install-v1.html +++ /dev/null @@ -1,513 +0,0 @@ - - - - - Passbolt Help | Install passbolt API version 1 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install passbolt API version 1

    -
    -
    - -
    -
    - -

    Passbolt is reported to work on a large variety of operating system configurations. Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, please check the forum. Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -

    Other community guides

    - -

    If you are looking for more system specific step by step guides please check out the following resources:

    - - - -

    Environment setup and baseline requirements

    - -

    Operating system

    - -

    We recommend you install passbolt on stable Unix-like operating system distributions such as Debian, Centos or FreeBSD. We have not tested passbolt on Windows (please do let us know if you tried).

    - -

    Web server requirements

    - -
      -
    • Apache or Nginx web server with SSL enabled.
      • -
    • Pretty urls: with mod_rewrite for apache, and a site-available configuration for nginx.
      • -
    - -

    A word about SSL

    - -

    By default passbolt is configured to force SSL connections, which means that whoever tries to access your passbolt instance without an https connection will automatically be redirected to https. For this reason, if https is not enabled on your host at the time of the installation, passbolt will not be able to work.

    - -

    However, if you know what you are doing, and wish to disable https, you can change this setting by editing /app/Config/app.php and set the parameter App.force_ssl to false. Keep in mind that this setting will make your installation unsecure and should be used for development or testing only.

    - -

    PHP requirements

    - -
      -
    • PHP >= 5.4.
      • -
    • Either one of these image manipulation libraries (to manipulate avatars): - -
      • -
    • GnuPG for PHP: for key verification and authentication.
      • -
    • PHP extensions (that may or may not come by default): PDO, intl, openssl, ctype, filter, hash, phar.
      • -
    - - - -
      -
    • Memcached: to store sessions. If you are using memcached: json, session, pecl-memcached are also required as dependencies.
      • -
    - -

    Database requirements

    - -
    -

    - Currently passbolt only works with Mysql due to the view we use to check permissions. If you want to help us make it work on postgresql, do get in touch! -

    - -
    - -
      -
    • MySQL >= 5.0.
      • -
    - -

    Generate the GPG server key

    - -

    The main authentication method of passbolt is based on GPG. For this reason, it is required that you generate a GPG server key, and add it to the configuration.

    - -

    Generate a new key

    - 
    gpg --gen-key
-
    - -

    Answer the few questions asked by GPG, and do not enter a passphrase. Due to limitations of PHP GnuPG, passbolt can not work with a key that has a passphrase.

    - -

    When key generation is complete, make sure you note down the key fingerprint. It is a 40 char in length string, displayed at the end of the command output. For example:

    - 
    pub   4096R/573EE67E 2015-10-26 [expires: 2019-10-26]
-      Key fingerprint = 2FC8 9458 33C5 1946 E937  F9FE D47B 0811 573E E67E
-uid   Passbolt Server Test Key <no-reply@passbolt.com>
-
    -

    Export the newly created key

    - -

    Export the public and private key

    - 
    gpg --armor --export-secret-keys your_email@domain.com > /var/www/passbolt/app/Config/gpg/private.key
-gpg --armor --export your_email@domain.com > /var/www/passbolt/app/Config/gpg/public.key
-
    -

    Store both these files in a secure location on the server. They should be accessible by the web server user. In this example, we are storing them in the Config directory of passbolt.

    - -

    Get the code

    - -

    Get the passbolt code from the github repository:

    - 
    git clone https://github.com/passbolt/passbolt.git
-
    -

    Set the file permissions

    - -

    Make sure the app/tmp and app/webroot/img/public are writable by the webserver user (www-data or similar).

    - 
    chmod +w -R app/tmp
-chmod +w app/webroot/img/public
-
    -

    Configure the php application

    - -

    The configuration of your passbolt instance is a crucial step to make it work as per your needs and to ensure an optimal level of security. Pay a close attention to the steps described below.

    - -

    core.php (core settings)

    - -

    The CakePHP core configuration file (located in app/Config/core.php) is the base configuration file. It contains the settings that determine the application behavior (debug mode, cache, sessions, etc..).

    - -

    Copy the default core configuration file:

    - 
    cp app/Config/core.php.default app/Config/core.php
-
    -

    However, you need to modify the cypherseed and salt. Passbolt do not actually use these, but it is part of the standard Cakephp installation to change these values.

    - 
    Configure::write('Security.salt', 'put your own salt here');
-Configure::write('Security.cipherSeed', 'put your own cipher seed here');
-
    -

    Also for images that are sent in emails to work, we need to tell cakephp what is the base url. To fix this, uncomment and edit this line in app/Config/core.php:

    - 
    Configure::write('App.fullBaseUrl', 'http://{your domain without slash}');
-
    -

    The rest of the default version of core.php is good enough to be used as it is.

    - -

    database.php (database connection settings)

    - -

    The database configuration file (located in app/Config/database.php) file contains the database connection settings.

    - -

    Copy the default database configuration file :

    - 
    cp app/Config/database.php.default app/Config/database.php
-
    - -

    Then edit it. You will need to provide the name of your database, the username and password of the mysql user that passbolt can use to connect. For example:

    - - 
    public $default = array(
-    'datasource' => 'Database/Mysql',
-    'persistent' => false,
-    'host' => 'localhost',
-    'login' => 'username',
-    'password' => 'password',
-    'database' => 'passbolt'
-);
-
    -

    app.php (application settings)

    - -

    The passbolt application configuration (located in app/Config/app.php) contains the application settings. Copy the app.php.default configuration file to create one for your instance:

    - 
    cp app/Config/app.php.default app/Config/app.php
-
    - -

    You will need to specify the details of the GPG servery key, e.g. the location of the public and private key and the fingerprint. You also need to make sure that the webserver can access the gpg keyring. You can either add set it manually with $GNUPGHOME or in your config as follow:

    - 
    $config = [
-    'GPG' => [
-        'env' => [
-            'setenv' => true,
-            'home' => '/usr/share/httpd/.gnupg'
-        ],
-        'serverKey' => [
-            'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67D',
-            'public' => APP . 'Config' . DS . 'gpg' . DS . 'public.key',
-            'private' => APP . 'Config' . DS . 'gpg' . DS . 'private.key',
-
-        ]
-    ]
-]
-
    -

    The default file is good to be used as it is. However, you might want to look at these interesting options :

    - -
      -
    • App.ssl.force (true or false, default: true): Defines if passbolt should force ssl connections.
      • -
    • App.registration.public (true or false, default: true): Defines if users can self register, or if only the administrator can create new accounts.
      • -
    • App.meta.robots.index (true or false, default: false): Defines if you want search engines to find and index your instance.
      • -
    • App.selenium.active (true or false, default:false): Do not change this to true unless you want to run the selenium tests. It is to be used in development environment only, and setting this option to true will compromise the security of your installation.
      • -
    - -

    email.php (email settings)

    - -

    The app/Config/email.php configuration file defines your email settings to enable passbolt send emails to the world. Make sure you provide the correct settings. Without this, passbolt will not be able to send notifications email.

    - 
    public $default = array(
-    'transport' => 'Smtp',
-    'from' => array('passbolt@yourdomain.com' => 'Passbolt'),
-    'host' => 'smtp.yourserver.com',
-    'port' => 587,
-    'timeout' => 30,
-    'username' => 'your@email.com',
-    'password' => 'password',
-);
-
    -

    You only need to modify the default variable, and leave the other sections of this file alone.

    - -

    Run the install script

    - -

    The configuration is all set! We can now install passbolt.

    - -

    Passbolt can be installed via a command line installation script.

    - 
    app/Console/cake install --no-admin
-
    -

    In this command, we also mention that we do not want a default administrator. We will create one explicitely at the next step.

    - -

    Note : To avoid any permission issues, mostly with the keyring, it is recommended to execute the PHP cli with the webserver rights. For instance:

    - 
    su -s /bin/bash -c "app/Console/cake install --no-admin" www-data
-
    -

    Create the first admin account

    - -

    An admin user will be able to manage the other users on passbolt. You will need at least one:

    - 
    app/Console/cake passbolt register_user -u me@domain.com -f myFirtsname -l myLastname -r admin
-
    -

    After the admin user creation, the command line tool will give you a setup link which will also be sent to you by email (if your emails are properly configured). Follow the link given to setup your account.

    - -

    Enabling emails

    - -

    Emails are placed in a queue that needs to be processed by a CakePhp Shell. You can add a cron call to the script so the emails will be sent every minute. Add the following line to you crontab:

    - 
     * * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log
-
    -

    And you are done!

    - -

    Troubleshooting

    - -

    The healthcheck is a tool that can help you identify what are the problems with your install. It is accessible from the command line:

    - 
    ./app/Console/cake passbolt healthcheck
-
    -

    When the application is on debug mode (or if you are logged in as an administrator), a simplified dashboard version is also accessible directly in the browser at the url : /healthcheck

    - -
    - example /healthcheck screen - fig. example /healthcheck screen -
    - -

    You will find below a list of common errors, and how to solve them.

    - -

    I get the error GPG Keyring is not available or not writable at install

    - -

    It is possible that your $GNUPGHOME is not set or not available to either the php CLI or Apache users thus causing a segmentation fault.

    - -
      -
    • Check app/Config/app.php. If you don’t have ssh access, it can be set at run time with GPG.env.home variable.
      • -
    • Make sure the directory is accessible and writable for the PHP CLI and Apache users.
      • -
    - -

    It is commonly solved by executing this command:

    - 
    chown -R www-data:www-data /home/www-data/.gnupg
-
    -

    I get an error saying the GPG Server key defined in the config is not found

    - -

    If you are running passbolt on FreeBSD make sure the $PATH for the www user include /usr/local/{s,}bin. Otherwise Apache won’t be able to find the gpg modules. Something like this should do:

    - 
    PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
-
    -

    I get the error that the GPG key fingerprint is not found in the keyring

    - -

    It is possible that the keyring location specified by the app.php is not writable for the web application, or that you made a mistake in specifying $GNUPGHOME. You can check if the fingerprint exist in a given keyring for a given user as follow.

    - 
    sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /home/www-data/.gnupg" www-data | grep -i -B 2 'Passbolt Server'
-pub   4096R/573EE67E 2015-10-26 [expires: 2019-10-26]
-      Key fingerprint = 2FC8 9458 33C5 1946 E937  F9FE D47B 0811 573E E67E
-uid   Passbolt Server Test Key <no-reply@passbolt.com>
-
    -

    At the end of the setup I get an error saying “Invalid request method, should be PUT”

    - -

    Make sure your webserver config is not rewriting the PUT method to POST. See. Issue #52.

    - -

    Passbolt emails are not being sent by GMail

    - -

    If you have two step verification enabled on your google account you will need to create an App Password. See. Issue #51.

    - -

    When trying to login I’m stuck on “loading, please wait”

    - -

    This can indicate that the fullBaseUrl is not set right in the app/Config/core.php, like the url is correct but not the SSL scheme (e.g. http instead of https). See. Issue #47.

    - -

    Last updated

    - -
    -

    Last updated

    -

    This article was last updated on -March -20th, -2017.

    -
    - -
    -
    - -
    -

    This article is about passbolt v1 and is kept for archival. Please install passbolt version 2 instead.

    - - Install passbolt version 2 - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install.html b/docs/hosting/install.html deleted file mode 100644 index ae25aa0ef..000000000 --- a/docs/hosting/install.html +++ /dev/null @@ -1,2165 +0,0 @@ - - - - - Passbolt Help | Installation - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Community edition

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    POPULAR
    - - - Debian 12 - Step by step guide to install Passbolt CE on Debian -     -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Ubuntu 22.04 - Step by step guide to install passbolt CE on Ubuntu 22.04 - -
    - - - - - - - - - - - - - -
    - - - - -
    NEW !
    - - - Helm - Step by step guide to install passbolt CE using Helm. -     -
    - - - - - - - - - - - - - -
    - - - - - - Docker - Install passbolt CE using docker - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Raspberry PI - Step by step guide to install passbolt CE on Raspberry PI - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - AWS AMI - Use passbolt CE on AWS - -
    - - - - - - - - -
    - - - - - - Digital Ocean - Step by step guide to install passbolt CE on Digital Ocean - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - RockyLinux 8 - Install passbolt CE on RockyLinux - -
    - - - - - - - - -
    - - - - - - Red Hat 8 - Install passbolt CE on Red Hat - -
    - - - - - - - - -
    - - - - - - OracleLinux 8 - Install passbolt CE on OracleLinux - -
    - - - - - - - - -
    - - - - - - CentOS 7 - Install passbolt CE on CentOS - -
    - - - - - - - - -
    - - - - - - AlmaLinux 8 - Install passbolt CE on AlmaLinux - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Fedora - Install passbolt CE on Fedora - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - openSUSE Leap 15 - Install passbolt CE on openSUSE - -
    - - - - - - - - - - - - - - - - - - -
    - - - - - - From source code - Guide to install passbolt CE from the source code. - -
    - - - - - - - - - - - - - - - - - - -
    - - -
    -
    -

    Pro edition

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    POPULAR
    - - - Debian 12 - Step by step guide to install Passbolt Pro on Debian -     -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Ubuntu 22.04 - Step by step guide to install passbolt Pro on Ubuntu 22.04 - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Docker - Step by step guide to install passbolt Pro using Docker. - -
    - - - - - - - - - - - - - - - - - - -
    - - - - -
    NEW !
    - - - Helm - Step by step guide to install passbolt Pro using Helm. -     -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Raspberry PI - Step by step guide to install passbolt PRO on Raspberry PI - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Virtual machine - Step by step guide to install passbolt Pro virtual appliance. - -
    - - - - - - - - - - - - - -
    - - - - - - AWS AMI - Use passbolt Pro on AWS - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - OracleLinux 8 - Install passbolt PRO on OracleLinux - -
    - - - - - - - - -
    - - - - - - AlmaLinux 8 - Install passbolt PRO on AlmaLinux - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Fedora - Install passbolt PRO on Fedora - -
    - - - - - - - - - - - - - -
    - - - - - - openSUSE Leap 15 - Install passbolt PRO on openSUSE - -
    - - - - - - - - -
    - - - - - - RockyLinux 8 - Install passbolt PRO on RockyLinux - -
    - - - - - - - - -
    - - - - - - Red Hat 8 - Install passbolt PRO on Red Hat - -
    - - - - - - - - -
    - - - - - - CentOS 7 - Install passbolt PRO on CentOS - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/hosting/install/ce/almalinux.html b/docs/hosting/install/ce/almalinux.html deleted file mode 100644 index 6b0042b30..000000000 --- a/docs/hosting/install/ce/almalinux.html +++ /dev/null @@ -1,626 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on AlmaLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on AlmaLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal AlmaLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on AlmaLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/aws.html b/docs/hosting/install/ce/aws.html deleted file mode 100644 index e5c0271bf..000000000 --- a/docs/hosting/install/ce/aws.html +++ /dev/null @@ -1,535 +0,0 @@ - - - - - Passbolt Help | Using Passbolt CE AWS AMI - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Using Passbolt CE AWS AMI

    -
    -
    - - -
    -
    -

    Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you can -use for free on your Amazon Web Services infrastructure. -The AMI includes the following software:

    - -
      -
    • Debian 11
      • -
    • Nginx
      • -
    • Php-fpm
      • -
    • Mariadb
      • -
    • Passbolt CE preinstalled
      • -
    • certbot
      • -
    - -

    This AMI does not provide an email server preinstalled so users can manually install it or -leverage on third party email providers.

    - -

    1. Getting started with passbolt CE AMI

    - -

    You can subscribe to passbolt CE on the following AWS marketplace listing. Just -click on “continue to subscribe” button on the listing page.

    - -
    - Subscribe to passbolt marketplace - fig. Subscribe to passbolt marketplace -
    - -

    The EULA for the passbolt CE is the AGPL license you have to accept that in order -to use this image by just clicking on the “Accept terms” button.

    - -
    - Accept AMI terms - fig. Accept AMI terms -
    - -

    Once the terms are accepted you can click on “Continue to configuration” button. In the next -screen you will be able to select which version of the AMI you want to use as well as in which AWS region -you want the instance to be launched. -Once you have selected your desired configuration just click on “Continue to Launch” button.

    - -
    - Configure instance region and version - fig. Configure instance region and version -
    - -

    On the launch screen you will be able to select:

    -
      -
    • How to launch the instance
      • -
    • Instance type
      • -
    • VPC
      • -
    • Subnet settings
      • -
    • Security group settings
      • -
    • Key pair settings
      • -
    - -

    If you do not know what this fields mean just rely on the defaults making sure that they key pair -is available on your local machine so you can connect through SSH to the instance. -If all the values are good just click on “Launch” button.

    - -
    - Launch instance - fig. Launch instance -
    - - - -

    If you are planning to use this AWS instance in production, it is highly recommended to setup SSL. There are two main methods described below:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    Passbolt AWS AMI comes with a preinstalled mariadb database. The credentials for -this database are randomly generated on the first boot and the webinstaller autofills -those credentials for you. The autogenerated database credentials will be -available for later use by administrators in /etc/passbolt/passbolt.php file.

    - -

    If you decide to use the autogenerated credentials you -can click the “Next” button and move to the next step on this tutorial.

    - -
    - wizard - database - fig. wizard - database -
    - -

    Optional: in case you do not want to use the autogenerated mariadb -credentials you could connect through ssh to your instance -and use the mariadb root credentials to create a new -user, password and database for passbolt to use:

    - - 
    ssh admin@<your_domain|instance_ip>
-
    - -

    You can find the root database credentials in /root/.mysql_credentials file:

    - - 
    sudo cat /root/.mysql_credentials
-
    - -

    Once you have the root database credentials you can connect to the local mariadb -and create any database and user you want to use to install passbolt.

    - -

    2.2. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.3. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.4. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.5. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.6. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -August -7th, -2019.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/centos-7-from-source.html b/docs/hosting/install/ce/centos-7-from-source.html deleted file mode 100644 index 414d28763..000000000 --- a/docs/hosting/install/ce/centos-7-from-source.html +++ /dev/null @@ -1,602 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on CentOS 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on CentOS 7

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt CE on a minimal CentOS 7 server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS 7 server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    curl -L -o passbolt-ce-installer-centos-7.tar.gz https://www.passbolt.com/ce/download/installers/centos/latest
-curl -L -o passbolt-installer-checksum https://www.passbolt.com/ce/download/installers/centos/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-ce-installer-centos-7.tar.gz
-sudo ./passbolt_ce_centos_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -

    Don't want the hassle of a manual installation? Passbolt Pro comes with an out of the box ready-to-use VM.

    - Get Passbolt Pro - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/centos-8.html b/docs/hosting/install/ce/centos-8.html deleted file mode 100644 index 323440ddd..000000000 --- a/docs/hosting/install/ce/centos-8.html +++ /dev/null @@ -1,633 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on CentOS 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on CentOS 8

    -
    -
    - - -
    -
    - -
    -

    - Warning: CentOS 8 is not one of our supported distributions. Please see our install page to see which distributions we support. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal CentOS 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on CentOS 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/centos.html b/docs/hosting/install/ce/centos.html deleted file mode 100644 index 509b93b3b..000000000 --- a/docs/hosting/install/ce/centos.html +++ /dev/null @@ -1,632 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on CentOS 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on CentOS 7

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal CentOS 7 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on CentOS 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/debian-10-buster.html b/docs/hosting/install/ce/debian-10-buster.html deleted file mode 100644 index 5756039c0..000000000 --- a/docs/hosting/install/ce/debian-10-buster.html +++ /dev/null @@ -1,524 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Debian 10 (Buster) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Debian 10 (Buster)

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Debian 10 (Buster) latest server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo  install passbolt-ce-server
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -22nd, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest Debian

    - - Read install manual - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -

    Don't want the hassle of a manual installation? Passbolt Pro comes with an out of the box ready-to-use VM.

    - Get Passbolt Pro - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/debian-9-stretch.html b/docs/hosting/install/ce/debian-9-stretch.html deleted file mode 100644 index ec926ca41..000000000 --- a/docs/hosting/install/ce/debian-9-stretch.html +++ /dev/null @@ -1,623 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Debian 9 (Stretch) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Debian 9 (Stretch)

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt CE on a minimal Debian 9 (Stretch) server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    Any doubt? Check out this step by step video of the installation.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian 9 (Stretch) server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    wget -O passbolt-ce-installer-debian-9.tar.gz https://www.passbolt.com/ce/download/installers/debian/9/latest
-wget -O passbolt-installer-checksum https://www.passbolt.com/ce/download/installers/debian/9/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-ce-installer-debian-9.tar.gz
-sudo ./passbolt_ce_debian_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Please note: This article is for an old version of debian, please consider upgrading.

    - - How to upgrade debian - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -

    Don't want the hassle of a manual installation? Passbolt Pro comes with an out of the box ready-to-use VM.

    - Get Passbolt Pro - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/debian/debian.html b/docs/hosting/install/ce/debian/debian.html deleted file mode 100644 index 6b4d6fc16..000000000 --- a/docs/hosting/install/ce/debian/debian.html +++ /dev/null @@ -1,559 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Debian 12 (Bookworm) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Debian 12 (Bookworm)

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Debian 12 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -June -29th, -2023.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/digital-ocean.html b/docs/hosting/install/ce/digital-ocean.html deleted file mode 100644 index 1b6b94cf4..000000000 --- a/docs/hosting/install/ce/digital-ocean.html +++ /dev/null @@ -1,534 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE Digital Ocean - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE Digital Ocean

    -
    -
    - - -
    -
    - -

    Since march 2019 it is possible to install passbolt easily directly from Digital Ocean. -Digital Ocean is an hosting provider based in the USA. In order to run passbolt -you will need the following:

    -
      -
    • A Digital Ocean account
      • -
    • A domain name for example passbolt.yourdomain.com
      • -
    • Some level of access to point your DNS records to the new passbolt server
      • -
    - -

    1. Create the droplet in Digital Ocean

    - -

    The first step is to login in Digital Ocean (or create and setup an account). -You can then head to Marketplace and search for passbolt.

    - -

    It is recommended at the point that you have domain name (or subdomain). It is not mandatory but -highly encouraged. Since passbolt web extension is tied to a domain name it will be easier to get -it right upfront rather than using the IP address and changing the proper domain name later.

    - -

    Go to the marketplace and search for passbolt, select the card and click on create -droplet.

    - -
    - Create droplet - fig. Create droplet -
    - -

    Choose a plan and the associated server matching at least the following requirements:

    -
      -
    • 1 GB
      • -
    • 1 CPU
      • -
    - -
    - Create droplet - fig. Create droplet -
    - -

    Select your preferred datacenter region, and select additional options. -You can upload your SSH keys to login into the machine once it’s created. -Choose a hostname and click create.

    - -

    Grab a cup of coffee and get ready.

    - -

    Once created you can see the droplet was assigned an IP address. -You can copy it and check if it is reachable and up and running.

    - -
    - Copy the IP address - fig. Copy the IP address -
    - -

    1.1. Setup your DNS to point to the droplet

    - -

    Next you need to point your domain DNS to this machine IP address. Please check -Digital Ocean DNS documentation -or your domain name provider help for this.

    - -

    Wait until the DNS propagation is done. To check if it is done, ping your domain and it should -resolve to this droplet IP. You can also check the propagation using -online tools.

    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    Passbolt Digital Ocean comes with a preinstalled mariadb database. The credentials for -this database are randomly generated on the first boot and the webinstaller autofills -those credentials for you. The autogenerated database credentials will be -available for later use by administrators in /etc/passbolt/passbolt.php file.

    - -

    If you decide to use the autogenerated credentials you -can click the “Next” button and move to the next step on this tutorial.

    - -
    - wizard - database - fig. wizard - database -
    - -

    Optional: in case you do not want to use the autogenerated mariadb -credentials you could connect through ssh to your instance -and use the mariadb root credentials to create a new -user, password and database for passbolt to use:

    - - 
    ssh admin@<your_domain|instance_ip>
-
    - -

    You can find the root database credentials in /root/.mysql_credentials file:

    - - 
    sudo cat /root/.mysql_credentials
-
    - -

    Once you have the root database credentials you can connect to the local mariadb -and create any database and user you want to use to install passbolt.

    - -

    2.2. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.3. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.4. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.5. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.6. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - - - -

    If you are planning to use this droplet instance in production, it is highly recommended to setup SSL. There are two main methods described below:

    - - - -
    -

    Last updated

    -

    This article was last updated on -March -1st, -2019.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/docker.html b/docs/hosting/install/ce/docker.html deleted file mode 100644 index 4dcac945b..000000000 --- a/docs/hosting/install/ce/docker.html +++ /dev/null @@ -1,425 +0,0 @@ - - - - - Passbolt Help | Docker passbolt installation - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Docker passbolt installation

    -
    -
    - - -
    -
    - -
    -

    - Important: Installing Passbolt with Docker is considered a somewhat advanced method. Using this method assumes you are familiar with Docker and have run other applications with Docker. If you do not have experience working with Docker we recommend you use another of our installation methods. -

    - -
    - -

    System requirements

    - - - -

    FAQ pages:

    - - - -

    docker-compose

    - -

    The easiest and recommended way to deploy your passbolt stack is to use docker-compose.

    - -

    Step 1. Download our docker-compose.yml example file

    - - 
    wget https://download.passbolt.com/ce/docker/docker-compose-ce.yaml
-wget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-ce-SHA512SUM.txt
-
    - -

    Step 2. Ensure the file has not been corrupted by verifying its shasum

    - - 
    $ sha512sum -c docker-compose-ce-SHA512SUM.txt
-
-
    - -

    Must return:

    - - 
    docker-compose-ce.yaml: OK
-
    - -
    -

    - Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask for support on our community forum. -

    - -
    - -

    Step 3. Configure environment variables in docker-compose-ce.yaml file to customize your instance.

    - -
    -

    - Notice: By default the docker-compose.yaml file is set to latest. We strongly recommend - changing that to the tag for the version you want to install. -

    - -
    - -

    The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

    - -

    Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

    - -

    You must configure also SMTP settings to be able to receive notifications and recovery emails. Please find below -the most used environment variables for this purpose:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Variable nameDescriptionDefault value
    EMAIL_DEFAULT_FROM_NAMEFrom email username'Passbolt'
    EMAIL_DEFAULT_FROMFrom email address'you@localhost'
    EMAIL_TRANSPORT_DEFAULT_HOSTServer hostname'localhost'
    EMAIL_TRANSPORT_DEFAULT_PORTServer port25
    EMAIL_TRANSPORT_DEFAULT_USERNAMEUsername for email server authnull
    EMAIL_TRANSPORT_DEFAULT_PASSWORDPassword for email server authnull
    EMAIL_TRANSPORT_DEFAULT_TLSSet tlsnull
    - -

    For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.

    - -

    Step 4. Start your containers

    - - 
    docker-compose -f docker-compose-ce.yaml up -d
-
    - -

    Step 5. Create first admin user

    - - 
    $ docker-compose -f docker-compose-ce.yaml exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
-                                passbolt register_user \
-                                -u <your@email.com> \
-                                -f <yourname> \
-                                -l <surname> \
-                                -r admin" -s /bin/sh www-data
-
    - -

    It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

    - - 
    https://my.domain.tld/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc
-
    - -

    At this point, you should have a working docker setup running on the latest tag. However, it is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.

    - -

    Going further

    - -

    Docker FAQs:

    - - - -

    Passbolt docker repository:

    - - - -
    -

    Last updated

    -

    This article was last updated on -February -6th, -2023.

    -
    - -
    -
    - -
    -

    Available on docker hub

    -

    - - Docker Logo - -

    - - Get passbolt container! - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/fedora.html b/docs/hosting/install/ce/fedora.html deleted file mode 100644 index 4b008e820..000000000 --- a/docs/hosting/install/ce/fedora.html +++ /dev/null @@ -1,626 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Fedora - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Fedora

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Fedora 37 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on Fedora 37 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/from-source.html b/docs/hosting/install/ce/from-source.html deleted file mode 100644 index 4ee41a574..000000000 --- a/docs/hosting/install/ce/from-source.html +++ /dev/null @@ -1,985 +0,0 @@ - - - - - Passbolt Help | Install passbolt API from source - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install passbolt API from source

    -
    -
    - -
    -
    - -

    Introduction

    -

    This tutorial is distribution agnostic. It details the installation steps at a high level, without -taking into account the specifics related to each and every linux distribution.

    - -
    -

    - Please note: This is not the recommended way to install passbolt. You will find guides to install passbolt on your distribution here. - You should only attempt this if you are advanced in terms of server configuration -

    - -
    - -

    System requirements

    - -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.4.0
      • -
    -
    -

    - WARNING: PHP 8.1.0 will be required in the next major release -

    - -
    - - - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • FastCGI Process Manager (FPM)
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Installation steps

    - -

    1. Create a web server matching the system requirements.

    - -

    Spin up a new fresh server with your favorite distribution, install a database server -and a webserver with a TLS certificate. If you are using apache as web server make sure you -have mod_rewrite module enabled.

    - -

    Find out your web server user. Some commands need to be run as the same user running the web server. Generally on Debian -systems it will be www-data but on other distributions like Centos it could be for example nginx or http. -For the rest of this tutorial we will assume that the user named www-data.

    - -
    -

    - We highly recommend that you install https on your server. You can get a free SSL certificate with the let’s encrypt initiative. -

    - - let's encrypt! - -
    - -

    2. Database configuration

    -

    Create an empty database

    - -

    Connect to your mysql server and create new database. Make sure it is in the utf8mb4 char set to -support non latin characters and emojis. 👏

    - - 
    /var/www$ mysql -u[user] -p[password]
-mysql> CREATE DATABASE passbolt CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-
    - -

    Create a non-root user with according privilege

    - -

    The database user should not be root, create a non-root user that have privileges on the passbolt database that has been created.

    - - 
    mysql> CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password';
-mysql> GRANT ALL PRIVILEGES ON passbolt.* TO 'your_user'@'localhost';
-mysql> FLUSH PRIVILEGES;
-mysql> exit;
-
    - -

    3. Clone the repository

    - -

    Cloning the code using git will allow you to keep the source under version control and facilitate -subsequent updates.

    - - 
    /var/www$ git clone https://github.com/passbolt/passbolt_api.git
-/var/www$ mv passbolt_api passbolt
-
    - -

    4. Generate an OpenPGP key

    - -

    Passbolt API uses an OpenPGP key for the server in order to authenticate and sign the outgoing JSON requests. -For improved compatibility we recommend that you use the same GnuPG version for generating the keys and for the -php module.

    - -

    WARNING: Some of the following commands such as the GnuPG parts need to be run as www-data. In order to do that, we recommend using

    - - 
    $ sudo su -s /bin/bash -c "run the command here" www-data
-
    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    After creating the key make sure you note down the fingerprint, it will be requested later in the install process. -You can get the server key fingerprint as follow:

    - - 
    $ gpg --list-keys --fingerprint | grep -i -B 2 'email@domain.tld'
-
    - -

    Copy the public and private keys to the passbolt config location:

    - - 
    $ gpg --armor --export-secret-keys email@domain.tld > /var/www/passbolt/config/gpg/serverkey_private.asc
-$ gpg --armor --export email@domain.tld > /var/www/passbolt/config/gpg/serverkey.asc
-
    - -

    5. Initialize the gpg keyring

    - -

    You no longer need to be connected as www-data from now. In order for passbolt authentication to work your server key needs to be in the keyring used by the web server.

    - - 
    $ sudo su -s /bin/bash -c "gpg --list-keys" www-data
-pub   4096R/573EE67E 2015-10-26 [expires: 2019-10-26]
-      Key fingerprint = 2FC8 9458 33C5 1946 E937  F9FE D47B 0811 573E E67E
-uid   Passbolt Server Test Key <no-reply@passbolt.com>
-
    - -

    6. Install the dependencies

    - -

    The project dependencies such as the plugin to manage the images, emails, etc. are not included anymore -in the code on the official repository. Fret not, composer will manage this for us.

    - - 
    /var/www/passbolt$ composer install --no-dev
-
    - -

    Depending on your setup it is possible that your composer command is named composer and not composer.phar.

    - -

    If for some reason the command above fails because you don’t have composer installed, -you can check the composer installation instructions.

    - -

    7. Create a passbolt configuration file

    - -

    The name and values in the main configuration file have changed. Everything is now located in one file called -config/passbolt.php. Do not copy your v1 configuration files, instead you need to create a new one:

    - - 
    $ cp config/passbolt.default.php config/passbolt.php
-$ nano config/passbolt.php
-
    - -

    Even if the format has changed the information needed are pretty much the same than v1. -You will need to set at least the following:

    -
      -
    • Application full base url
      • -
    • Database configuration
      • -
    • Email settings
      • -
    • Server OpenPGP key fingerprint.
      • -
    - -

    WARNING: The OpenPGP key fingerprint has to be written with no spaces and the application full base url should match the ssl configuration.

    - -

    You can also set your configuration using environment variables. -Check config/default.php to get the names of the environment variables.

    - -

    8. Run the install script

    - -

    Make sure you run the installation script as the web server user:

    - - 
    $ sudo su -s /bin/bash -c "./bin/cake passbolt install" www-data
-
    - -

    Optionally you can also run the health check to see if everything is fine.

    - - 
    $ sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data
-
    - -

    9. Configure Nginx

    - -

    Configure Nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL :

    - - - -

    Be sure to write down the full path to your cert/key combo, it will be needed later in the Nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Configure Nginx to serve passbolt

    - -

    For Nginx to serve passbolt, you will need to set up a server block file :

    - - 
    $ nano /etc/nginx/sites-enabled/passbolt.conf
-
    - -

    You can use this default configuration sample (do not forget to replace PLACEHOLDERS with your values):

    -
      -
    • SERVER_NAME with your localhost/virtualhost address
      • -
    • CERTIFICATE_PATH with the path where cert.pem is located
      • -
    • KEY_PATH with the path where key.pem is located
      • -
    • PHP_VERSION with the PHP version you are using
      • -
    - - 
    server {
-  listen [::]:443 ssl http2;
-  listen 443 ssl http2;
-
-  server_name SERVER_NAME;
-
-  client_body_buffer_size     100K;
-  client_header_buffer_size   1k;
-  client_max_body_size        5M;
-  client_body_timeout   10;
-  client_header_timeout 10;
-  keepalive_timeout     5 5;
-  send_timeout          10;
-
-  ssl_certificate     CERTIFICATE_PATH;
-  ssl_certificate_key KEY_PATH;
-  ssl_session_timeout 1d;
-  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
-  ssl_session_tickets off;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_prefer_server_ciphers off;
-  root /var/www/passbolt/webroot;
-  index index.php;
-  location / {
-    try_files $uri $uri/ /index.php?$args;
-  }
-  location ~ \.php$ {
-    try_files                $uri =404;
-    include                  fastcgi_params;
-    fastcgi_pass             unix:/run/php/PHP_VERSION-fpm.sock;
-    fastcgi_index            index.php;
-    fastcgi_intercept_errors on;
-    fastcgi_split_path_info  ^(.+\.php)(.+)$;
-    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param            SERVER_NAME $http_host;
-    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
-  }
-}
-
    - -

    Then, reload the Nginx process so that it takes your new configuration into account :

    - - 
    $ sudo systemctl reload nginx
-
    - -

    10. Setup the emails

    - -

    WARNING: If you are running Passbolt 3.8.0 or higher version, you are able to configure your email server through the UI, any changes made will override the config/passbolt.php

    - -

    You are running Passbolt CE < 3.8.0 ?

    -

    For passbolt to be able to send emails, you must first configure properly the “EmailTransport” section in the -config/passbolt.php file to match your provider smtp details.

    - -

    Emails are placed in a queue that needs to be processed by the following shell.

    - 
    $ ./bin/cake EmailQueue.sender
-
    - -

    In order to have your emails sent automatically, you can add a cron call to the script so the emails -will be sent every minute. Run the following command to edit the crontab for the www-data user:

    - 
    $ crontab -u www-data -e
-
    - -

    You can add a cron call to the script so the emails will be sent every minute. -Add the following line to you crontab:

    - 
     * * * * * /var/www/passbolt/bin/cron >> /var/log/passbolt.log
-
    - -

    If the log file does not yet exist, you can create it with the following command:

    - 
    $ touch /var/log/passbolt.log && chown www-data:www-data /var/log/passbolt.log
-
    - -

    And you are done!

    - -

    Troubleshooting

    - -

    Here are some frequently asked questions related to passbolt installation:

    -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    • - Why do I see an unsafe mode banner in the footer? -
      • - - - - - - - - - -
    • - Why are my emails not being sent? -
      • - - - - - - - - - - - - - -
    • - Why should I install haveged on virtual environments? -
      • - - - - - - - - - - - - - -
    • - Why am I getting ldap synchronization issues? -
      • - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - -

    Feel free to ask for help on the community forum.

    - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -

    Don't want the hassle of a manual installation? Passbolt Pro comes with an out of the box ready-to-use VM.

    - Get Passbolt Pro - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/helm.html b/docs/hosting/install/ce/helm.html deleted file mode 100644 index 755defe0a..000000000 --- a/docs/hosting/install/ce/helm.html +++ /dev/null @@ -1,388 +0,0 @@ - - - - - Passbolt Help | Helm passbolt installation - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Helm passbolt installation

    -
    -
    - - -
    -
    - -
    -

    - Important: Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods. -

    - -
    - -

    System requirements

    - - - -

    FAQ pages:

    - - - -

    Helm install

    - -

    The easiest and recommended way to deploy your Passbolt Helm chart is to use helm install.

    - -

    Step 1. Set up our Helm repo

    - - 
    helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt
-
    - -

    Step 2. Get a copy of the values file

    - - 
    wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml
-
    - -

    Step 3. Configure values file to customize your instance .

    - -

    The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

    - -

    Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

    - -

    If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects.

    - - 
    gpg --armor --export-secret-keys <email you created keys with>  | base64 -w 0
-gpg --armor --export <email you created keys with> | base64 -w 0
-
    - -

    You must configure also SMTP settings to be able to receive notifications and recovery emails.

    - -

    For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.

    - -
    -

    - Important: By default we have the ingress set to false, you’ll need to decide how you want to handle this to access the web page. -

    - -
    - -

    Additionally the following charts are used by Passbolt and you can adjust the values under their respective headings in values.yaml

    - - - - - - - - - - - - - - - - - - - - - - - - - - -
    RepositoryNameVersion
    https://charts.bitnami.com/bitnamimariadb11.3.5
    https://charts.bitnami.com/bitnamiredis17.3.8
    https://passbolt.gitlab.io/passbolt-ops/passbolt-helm-librarypassbolt-library0.2.1
    - -

    Step 4. Run helm install

    - - 
    helm install -f values.yaml my-passbolt passbolt-repo/passbolt
-
    - -

    At this point, you should have a working Passbolt setup via Helm running on the most up to date CE version of Passbolt.

    - -

    Manually creating first admin user

    - -

    Once the Helm chart is deployed, you can create your first user by running the following command:

    - - 
    kubectl exec -it  <passbolt-pod-name> -- /bin/bash -c "su -s /bin/bash -c \"bin/cake passbolt register_user -u <email> -f <firstname> -l <lastname> -r admin\" www-data"
-
    - -

    It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

    - 
    https://mydomain.com/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc
-
    - -

    Going further

    - -

    Helm FAQs:

    - - - -

    Passbolt docker repository:

    - - - -
    -

    Last updated

    -

    This article was last updated on -February -6th, -2023.

    -
    - -
    -
    - -
    -

    Available on ????

    -

    - - Helm Logo - -

    - - Get passbolt Helm chart! - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/opensuse.html b/docs/hosting/install/ce/opensuse.html deleted file mode 100644 index fc4155f83..000000000 --- a/docs/hosting/install/ce/opensuse.html +++ /dev/null @@ -1,647 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on openSUSE Leap 15 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on openSUSE Leap 15

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal openSUSE Leap 15 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo zypper install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
      Repository:       Passbolt Server
-  Key Fingerprint:  3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
-  Key Name:         Passbolt SA package signing key <contact@passbolt.com>
-  Key Algorithm:    RSA 2048
-
    - -

    If the fingerprint matches, trust always by answering a to this question:

    - - 
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
-
    - -

    Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

    - - 
      Repository:       php
-  Key Fingerprint:  55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
-  Key Name:         devel:languages:php OBS Project <devel:languages:php@build.opensuse.org>
-  Key Algorithm:    DSA 1024
-
    - -

    Finally, verify and trust openSUSE PHP extensions repository GPG key:

    - - 
      Repository:       php-extensions-x86_64
-  Key Fingerprint:  A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
-  Key Name:         server:php:extensions OBS Project <server:php:extensions@build.opensuse.org>
-  Key Algorithm:    RSA 2048
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on openSUSE Leap 15 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -February -7th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/oraclelinux-7.html b/docs/hosting/install/ce/oraclelinux-7.html deleted file mode 100644 index 80dbabf8f..000000000 --- a/docs/hosting/install/ce/oraclelinux-7.html +++ /dev/null @@ -1,633 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on OracleLinux 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on OracleLinux 7

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal OracleLinux 7 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on OracleLinux 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest OracleLinux

    - - Read install manual - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/oraclelinux.html b/docs/hosting/install/ce/oraclelinux.html deleted file mode 100644 index f03f964a6..000000000 --- a/docs/hosting/install/ce/oraclelinux.html +++ /dev/null @@ -1,626 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on OracleLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on OracleLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal OracleLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on OracleLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/raspberry.html b/docs/hosting/install/ce/raspberry.html deleted file mode 100644 index df0ad8723..000000000 --- a/docs/hosting/install/ce/raspberry.html +++ /dev/null @@ -1,560 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Raspberry PI - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Raspberry PI

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • Any Raspberry PI from zero to 4
      • -
    • -

      A minimal Raspberry Pi OS Lite (formerly called Raspbian) server or any OS based on Debian 11 Bullseye.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Raspberry package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -January -6th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/redhat-7.html b/docs/hosting/install/ce/redhat-7.html deleted file mode 100644 index 28e4480a0..000000000 --- a/docs/hosting/install/ce/redhat-7.html +++ /dev/null @@ -1,633 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Red Hat 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Red Hat 7

    -
    -
    - - -
    -
    -

    distributionPackage

    -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Red Hat 7 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on Red Hat 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest Red Hat

    - - Read install manual - -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/redhat.html b/docs/hosting/install/ce/redhat.html deleted file mode 100644 index 5f90caecf..000000000 --- a/docs/hosting/install/ce/redhat.html +++ /dev/null @@ -1,626 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Red Hat 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Red Hat 8

    -
    -
    - - -
    -
    -

    distributionPackage

    -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Red Hat 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on Red Hat 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/rockylinux.html b/docs/hosting/install/ce/rockylinux.html deleted file mode 100644 index b5357f6fd..000000000 --- a/docs/hosting/install/ce/rockylinux.html +++ /dev/null @@ -1,626 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on RockyLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on RockyLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal RockyLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on RockyLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/ubuntu-18-04-bionic-beaver.html b/docs/hosting/install/ce/ubuntu-18-04-bionic-beaver.html deleted file mode 100644 index e33b93222..000000000 --- a/docs/hosting/install/ce/ubuntu-18-04-bionic-beaver.html +++ /dev/null @@ -1,615 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Ubuntu 18.04 (Bionic Beaver) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Ubuntu 18.04 (Bionic Beaver)

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt CE on a minimal Ubuntu 18.04 (Bionic Beaver) server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu 18.04 (Bionic Beaver) server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    If you are using ubuntu server image make sure the universe repository is present.

    - 
    sudo add-apt-repository universe
-sudo apt-get update
-
    - -

    In doubt you can check as follow:

    - 
    sudo cat /etc/apt/sources.list
-
-deb http://archive.ubuntu.com/ubuntu bionic main universe
-deb http://archive.ubuntu.com/ubuntu bionic-security main universe
-deb http://archive.ubuntu.com/ubuntu bionic-updates main universe
-
    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    wget -O passbolt-ce-installer-ubuntu-18.04.tar.gz https://www.passbolt.com/ce/download/installers/ubuntu/latest
-wget -O passbolt-installer-checksum https://www.passbolt.com/ce/download/installers/ubuntu/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-ce-installer-ubuntu-18.04.tar.gz
-sudo ./passbolt_ce_ubuntu_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -

    Don't want the hassle of a manual installation? Passbolt Pro comes with an out of the box ready-to-use VM.

    - Get Passbolt Pro - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/ubuntu/ubuntu-20-04.html b/docs/hosting/install/ce/ubuntu/ubuntu-20-04.html deleted file mode 100644 index 2d1a935a0..000000000 --- a/docs/hosting/install/ce/ubuntu/ubuntu-20-04.html +++ /dev/null @@ -1,560 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Ubuntu 20.04 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Ubuntu 20.04

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Ubuntu 20.04 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    - -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/ce/ubuntu/ubuntu.html b/docs/hosting/install/ce/ubuntu/ubuntu.html deleted file mode 100644 index 63448c7e3..000000000 --- a/docs/hosting/install/ce/ubuntu/ubuntu.html +++ /dev/null @@ -1,560 +0,0 @@ - - - - - Passbolt Help | Install Passbolt CE on Ubuntu 22.04 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt CE on Ubuntu 22.04

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Ubuntu 22.04 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -July -11th, -2022.

    -
    - -
    -
    - -
    -

    Not finding what you are looking for? You can also ask the community on the forum.

    - - Talk to a human - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    - -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/almalinux.html b/docs/hosting/install/pro/almalinux.html deleted file mode 100644 index 292ea5fe4..000000000 --- a/docs/hosting/install/pro/almalinux.html +++ /dev/null @@ -1,636 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on AlmaLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on AlmaLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal AlmaLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on AlmaLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/aws.html b/docs/hosting/install/pro/aws.html deleted file mode 100644 index cf302d859..000000000 --- a/docs/hosting/install/pro/aws.html +++ /dev/null @@ -1,545 +0,0 @@ - - - - - Passbolt Help | Using Passbolt PRO AWS AMI - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Using Passbolt PRO AWS AMI

    -
    -
    - - -
    -
    -

    Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you can -use for free on your Amazon Web Services infrastructure. -The AMI includes the following software:

    - -
      -
    • Debian 11
      • -
    • Nginx
      • -
    • Php-fpm
      • -
    • Mariadb
      • -
    • Passbolt PRO preinstalled
      • -
    • certbot
      • -
    - -

    This AMI does not provide an email server preinstalled so users can manually install it or -leverage on third party email providers.

    - -

    1. Getting started with passbolt PRO AMI

    - -

    You can subscribe to passbolt PRO on the following AWS marketplace listing. Just -click on “continue to subscribe” button on the listing page.

    - -
    - Subscribe to passbolt marketplace - fig. Subscribe to passbolt marketplace -
    - -

    The EULA for the passbolt PRO is the AGPL license you have to accept that in order -to use this image by just clicking on the “Accept terms” button.

    - -
    - Accept AMI terms - fig. Accept AMI terms -
    - -

    Once the terms are accepted you can click on “Continue to configuration” button. In the next -screen you will be able to select which version of the AMI you want to use as well as in which AWS region -you want the instance to be launched. -Once you have selected your desired configuration just click on “Continue to Launch” button.

    - -
    - Configure instance region and version - fig. Configure instance region and version -
    - -

    On the launch screen you will be able to select:

    -
      -
    • How to launch the instance
      • -
    • Instance type
      • -
    • VPC
      • -
    • Subnet settings
      • -
    • Security group settings
      • -
    • Key pair settings
      • -
    - -

    If you do not know what this fields mean just rely on the defaults making sure that they key pair -is available on your local machine so you can connect through SSH to the instance. -If all the values are good just click on “Launch” button.

    - -
    - Launch instance - fig. Launch instance -
    - - - -

    If you are planning to use this AWS instance in production, it is highly recommended to setup SSL. There are two main methods described below:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    Passbolt AWS AMI comes with a preinstalled mariadb database. The credentials for -this database are randomly generated on the first boot and the webinstaller autofills -those credentials for you. The autogenerated database credentials will be -available for later use by administrators in /etc/passbolt/passbolt.php file.

    - -

    If you decide to use the autogenerated credentials you -can click the “Next” button and move to the next step on this tutorial.

    - -
    - wizard - database - fig. wizard - database -
    - -

    Optional: in case you do not want to use the autogenerated mariadb -credentials you could connect through ssh to your instance -and use the mariadb root credentials to create a new -user, password and database for passbolt to use:

    - - 
    ssh admin@<your_domain|instance_ip>
-
    - -

    You can find the root database credentials in /root/.mysql_credentials file:

    - - 
    sudo cat /root/.mysql_credentials
-
    - -

    Once you have the root database credentials you can connect to the local mariadb -and create any database and user you want to use to install passbolt.

    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -August -11th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/centos-7-from-source.html b/docs/hosting/install/pro/centos-7-from-source.html deleted file mode 100644 index 0e2e11131..000000000 --- a/docs/hosting/install/pro/centos-7-from-source.html +++ /dev/null @@ -1,599 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on CentOS 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on CentOS 7

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt PRO on a minimal CentOS 7 server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS 7 server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    curl -L -o passbolt-pro-installer-centos-7.tar.gz https://www.passbolt.com/pro/download/installers/centos/latest
-curl -L -o passbolt-installer-checksum https://www.passbolt.com/pro/download/installers/centos/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-pro-installer-centos-7.tar.gz
-sudo ./passbolt_pro_centos_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/centos-8.html b/docs/hosting/install/pro/centos-8.html deleted file mode 100644 index 1bad5784b..000000000 --- a/docs/hosting/install/pro/centos-8.html +++ /dev/null @@ -1,643 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on CentOS 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on CentOS 8

    -
    -
    - - -
    -
    - -
    -

    - Warning: CentOS 8 is not one of our supported distributions. Please see our install page to see which distributions we support. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal CentOS 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on CentOS 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/centos.html b/docs/hosting/install/pro/centos.html deleted file mode 100644 index 52c451f37..000000000 --- a/docs/hosting/install/pro/centos.html +++ /dev/null @@ -1,266 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on CentOS 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on CentOS 7

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/debian-10-buster.html b/docs/hosting/install/pro/debian-10-buster.html deleted file mode 100644 index 9c189e575..000000000 --- a/docs/hosting/install/pro/debian-10-buster.html +++ /dev/null @@ -1,521 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Debian 10 (Buster) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Debian 10 (Buster)

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Debian 10 (Buster) latest server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo  install passbolt-pro-server
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -22nd, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest Debian

    - - Read install manual - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/debian-9-stretch.html b/docs/hosting/install/pro/debian-9-stretch.html deleted file mode 100644 index eb2f0d840..000000000 --- a/docs/hosting/install/pro/debian-9-stretch.html +++ /dev/null @@ -1,601 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Debian 9 (Stretch) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Debian 9 (Stretch)

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt PRO on a minimal Debian 9 (Stretch) server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    Any doubt? Check out this step by step video of the installation.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian 9 (Stretch) server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    wget -O passbolt-pro-installer-debian-9.tar.gz https://www.passbolt.com/pro/download/installers/debian/9/latest
-wget -O passbolt-installer-checksum https://www.passbolt.com/pro/download/installers/debian/9/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-pro-installer-debian-9.tar.gz
-sudo ./passbolt_pro_debian_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -August -9th, -2019.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/debian/debian.html b/docs/hosting/install/pro/debian/debian.html deleted file mode 100644 index 3a2534809..000000000 --- a/docs/hosting/install/pro/debian/debian.html +++ /dev/null @@ -1,569 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Debian 12 (Bookworm) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Debian 12 (Bookworm)

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Debian 12 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -June -29th, -2023.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/docker.html b/docs/hosting/install/pro/docker.html deleted file mode 100644 index 0dd4e2c89..000000000 --- a/docs/hosting/install/pro/docker.html +++ /dev/null @@ -1,427 +0,0 @@ - - - - - Passbolt Help | Docker install - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Docker install

    -
    -
    - - -
    -
    - -
    -

    - Important: Installing Passbolt with Docker is considered a somewhat advanced method. Using this method assumes you are familiar with Docker and have run other applications with Docker. If you do not have experience working with Docker we recommend you use another of our installation methods. -

    - -
    - -

    System requirements

    - - - -

    FAQ pages:

    - - - -

    docker-compose

    - -

    The easiest and recommended way to deploy your passbolt stack is to use docker-compose.

    - -

    Step 1. Download our docker-compose.yml example file

    - - 
    wget https://download.passbolt.com/pro/docker/docker-compose-pro.yaml
-wget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-pro-SHA512SUM.txt
-
    - -

    Step 2. Ensure the file has not been corrupted by verifying its shasum

    - - 
    $ sha512sum -c docker-compose-pro-SHA512SUM.txt
-
-
    - -

    Must return:

    - - 
    docker-compose-pro.yaml: OK
-
    - -
    -

    - Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask for support on our community forum. -

    - -
    - -

    Step 3. Create a subscription_key.txt file containing your subscription key.

    - -

    Step 4. Configure environment variables in docker-compose-pro.yaml file to customize your instance.

    - -
    -

    - Notice: By default the docker-compose.yaml file is set to latest. We strongly recommend - changing that to the tag for the version you want to install. -

    - -
    - -

    The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

    - -

    Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

    - -

    You must configure also SMTP settings to be able to receive notifications and recovery emails. Please find below -the most used environment variables for this purpose:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Variable nameDescriptionDefault value
    EMAIL_DEFAULT_FROM_NAMEFrom email username'Passbolt'
    EMAIL_DEFAULT_FROMFrom email address'you@localhost'
    EMAIL_TRANSPORT_DEFAULT_HOSTServer hostname'localhost'
    EMAIL_TRANSPORT_DEFAULT_PORTServer port25
    EMAIL_TRANSPORT_DEFAULT_USERNAMEUsername for email server authnull
    EMAIL_TRANSPORT_DEFAULT_PASSWORDPassword for email server authnull
    EMAIL_TRANSPORT_DEFAULT_TLSSet tlsnull
    - -

    For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.

    - -

    Step 5. Start your containers

    - - 
    docker-compose -f docker-compose-pro.yaml up -d
-
    - -

    Step 6. Create first admin user

    - - 
    $ docker-compose -f docker-compose-pro.yaml exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
-                                passbolt register_user \
-                                -u <your@email.com> \
-                                -f <yourname> \
-                                -l <surname> \
-                                -r admin" -s /bin/sh www-data
-
    - -

    It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

    - - 
    https://my.domain.tld/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc
-
    - -

    At this point, you should have a working docker setup running on the latest tag. However, it is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.

    - -

    Going further

    - -

    Docker FAQs:

    - - - -

    Passbolt docker repository:

    - - - -
    -

    Last updated

    -

    This article was last updated on -February -6th, -2023.

    -
    - -
    -
    - -
    -

    Available on docker hub

    -

    - - Docker Logo - -

    - - Get passbolt container! - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/fedora.html b/docs/hosting/install/pro/fedora.html deleted file mode 100644 index a5a785c2c..000000000 --- a/docs/hosting/install/pro/fedora.html +++ /dev/null @@ -1,636 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on Fedora - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on Fedora

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Fedora 37 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on Fedora 37 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/helm.html b/docs/hosting/install/pro/helm.html deleted file mode 100644 index 0594033ea..000000000 --- a/docs/hosting/install/pro/helm.html +++ /dev/null @@ -1,404 +0,0 @@ - - - - - Passbolt Help | Helm install - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Helm install

    -
    -
    - - -
    -
    - -
    -

    - Important: Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods. -

    - -
    - -

    System requirements

    - - - -

    FAQ pages:

    - - - -

    Helm install

    - -

    The easiest and recommended way to deploy your Passbolt Helm chart is to use helm install.

    - -

    Step 1. Set up our Helm repo

    - - 
    helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt
-
    - -

    Step 2. Get a copy of the values file

    - - 
    wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml
-
    - -

    Step 3. Configure values file to customize your instance and enable the Pro install .

    - -

    The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

    - -

    Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

    - -

    As the values.yaml file is set up for CE by default you’ll need to adjust the tag for the Passbolt image to pro. You can find this on line 59 of values.yaml.

    - 
        # -- Overrides the image tag whose default is the chart appVersion.
-    tag: 3.11.1-1-pro
-
    -

    It is recommended to just change ce to pro but you can use any of the tags that you want to.

    - -

    The next thing you will need to do is uncomment the two lines dealing with the subscription key. You can find these on lines 88 and 90.

    - - 
    
-# -- Pro subscription key in base64 only if you are using pro version
-subscriptionKey:
-# -- Configure passbolt subscription key path
-subscription_keyPath: /etc/passbolt/subscription_key.txt
-
    -

    For subscription key it expects the key to be base64 encoded. Yes, the one supplied to you by us is already base64 encoded once, but you’ll need to do that again and put that in as the value for subscriptionKey.

    - -

    If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects.

    - - 
    gpg --armor --export-secret-keys <email you created keys with>  | base64 -w 0
-gpg --armor --export <email you created keys with> | base64 -w 0
-
    - -

    You must configure also SMTP settings to be able to receive notifications and recovery emails.

    - -

    For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference.

    - -
    -

    - Important: By default we have the ingress set to false, you’ll need to decide how you want to handle this to access the web page. -

    - -
    - -

    Additionally the following charts are used by Passbolt and you can adjust the values under their respective headings in values.yaml

    - - - - - - - - - - - - - - - - - - - - - - - - - - -
    RepositoryNameVersion
    https://charts.bitnami.com/bitnamimariadb11.3.5
    https://charts.bitnami.com/bitnamiredis17.3.8
    https://passbolt.gitlab.io/passbolt-ops/passbolt-helm-librarypassbolt-library0.2.1
    - -

    Step 4. Run helm install

    - - 
    helm install -f values.yaml my-passbolt passbolt-repo/passbolt
-
    - -

    At this point, you should have a working Passbolt setup via Helm running on the most up to date CE version of Passbolt.

    - -

    Manually creating first admin user

    - -

    Once the Helm chart is deployed, you can create your first user by running the following command:

    - - 
    kubectl exec -it  <passbolt-pod-name> -- /bin/bash -c "su -s /bin/bash -c \"bin/cake passbolt register_user -u <email> -f <firstname> -l <lastname> -r admin\" www-data"
-
    - -

    It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

    - 
    https://mydomain.com/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc
-
    - -

    Going further

    - -

    Helm FAQs:

    - - - -

    Passbolt docker repository:

    - - - -
    -

    Last updated

    -

    This article was last updated on -February -6th, -2022.

    -
    - -
    -
    - -
    -

    Available on ????

    -

    - - Helm Logo - -

    - - Get passbolt Helm chart! - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/install-scripts.html b/docs/hosting/install/pro/install-scripts.html deleted file mode 100644 index 50a2a9f71..000000000 --- a/docs/hosting/install/pro/install-scripts.html +++ /dev/null @@ -1,259 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro

    -
    -
    - -
    -
    - -

    Choose the guide corresponding to your distribution

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/opensuse.html b/docs/hosting/install/pro/opensuse.html deleted file mode 100644 index 2b1ab0e37..000000000 --- a/docs/hosting/install/pro/opensuse.html +++ /dev/null @@ -1,657 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on openSUSE Leap 15 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on openSUSE Leap 15

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal openSUSE Leap 15 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo zypper install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
      Repository:       Passbolt Server
-  Key Fingerprint:  3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
-  Key Name:         Passbolt SA package signing key <contact@passbolt.com>
-  Key Algorithm:    RSA 2048
-
    - -

    If the fingerprint matches, trust always by answering a to this question:

    - - 
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
-
    - -

    Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

    - - 
      Repository:       php
-  Key Fingerprint:  55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
-  Key Name:         devel:languages:php OBS Project <devel:languages:php@build.opensuse.org>
-  Key Algorithm:    DSA 1024
-
    - -

    Finally, verify and trust openSUSE PHP extensions repository GPG key:

    - - 
      Repository:       php-extensions-x86_64
-  Key Fingerprint:  A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
-  Key Name:         server:php:extensions OBS Project <server:php:extensions@build.opensuse.org>
-  Key Algorithm:    RSA 2048
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on openSUSE Leap 15 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/oraclelinux-7.html b/docs/hosting/install/pro/oraclelinux-7.html deleted file mode 100644 index 0bd65fae3..000000000 --- a/docs/hosting/install/pro/oraclelinux-7.html +++ /dev/null @@ -1,643 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on OracleLinux 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on OracleLinux 7

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal OracleLinux 7 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on OracleLinux 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest OracleLinux

    - - Read install manual - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/oraclelinux.html b/docs/hosting/install/pro/oraclelinux.html deleted file mode 100644 index 57282d0a4..000000000 --- a/docs/hosting/install/pro/oraclelinux.html +++ /dev/null @@ -1,636 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on OracleLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on OracleLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal OracleLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on OracleLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/raspberry.html b/docs/hosting/install/pro/raspberry.html deleted file mode 100644 index d2defe1f3..000000000 --- a/docs/hosting/install/pro/raspberry.html +++ /dev/null @@ -1,570 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on Raspberry PI - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on Raspberry PI

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • Any Raspberry PI from zero to 4
      • -
    • -

      A minimal Raspberry Pi OS Lite (formerly called Raspbian) server or any OS based on Debian 11 Bullseye.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Raspberry package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -January -6th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Stay informed of the next releases!

    - - Star Passbolt CE on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/redhat-7.html b/docs/hosting/install/pro/redhat-7.html deleted file mode 100644 index 8592b9e7c..000000000 --- a/docs/hosting/install/pro/redhat-7.html +++ /dev/null @@ -1,643 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on Red Hat 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on Red Hat 7

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Red Hat 7 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on Red Hat 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    This documentation is relative to an old distribution, please consider installing passbolt on the latest Red Hat

    - - Read install manual - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/redhat.html b/docs/hosting/install/pro/redhat.html deleted file mode 100644 index c7b6b40b5..000000000 --- a/docs/hosting/install/pro/redhat.html +++ /dev/null @@ -1,636 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on Red Hat 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on Red Hat 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Red Hat 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on Red Hat 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/rockylinux.html b/docs/hosting/install/pro/rockylinux.html deleted file mode 100644 index 1057408fd..000000000 --- a/docs/hosting/install/pro/rockylinux.html +++ /dev/null @@ -1,636 +0,0 @@ - - - - - Passbolt Help | Install Passbolt PRO on RockyLinux 8 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt PRO on RockyLinux 8

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal RockyLinux 8 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on RockyLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/ubuntu-18-04-bionic-beaver.html b/docs/hosting/install/pro/ubuntu-18-04-bionic-beaver.html deleted file mode 100644 index b6cb8ffa9..000000000 --- a/docs/hosting/install/pro/ubuntu-18-04-bionic-beaver.html +++ /dev/null @@ -1,612 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Ubuntu 18.04 (Bionic Beaver) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Ubuntu 18.04 (Bionic Beaver)

    -
    -
    - - -
    -
    - - - -

    This tutorial describes how to install Passbolt PRO on a minimal Ubuntu 18.04 (Bionic Beaver) server. The installation procedure is based on install scripts that will do -the heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the web -server (Nginx), database (MariaDb), PHP, SSL and GPG keyring.

    - -

    Installation time: 10 minutes.

    - -

    If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source.

    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu 18.04 (Bionic Beaver) server.
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -

    1. Configure your server

    - -

    If you are using ubuntu server image make sure the universe repository is present.

    - 
    sudo add-apt-repository universe
-sudo apt-get update
-
    - -

    In doubt you can check as follow:

    - 
    sudo cat /etc/apt/sources.list
-
-deb http://archive.ubuntu.com/ubuntu bionic main universe
-deb http://archive.ubuntu.com/ubuntu bionic-security main universe
-deb http://archive.ubuntu.com/ubuntu bionic-updates main universe
-
    - -

    Download and execute the installation script

    - -

    Note that you can find the source code of the install scripts on our git repository.

    - -

    The script will take care of installing all the services required by passbolt. -It will ask you a few questions in order to adapt the environment to your needs.

    - - 
    wget -O passbolt-pro-installer-ubuntu-18.04.tar.gz https://www.passbolt.com/pro/download/installers/ubuntu/latest
-wget -O passbolt-installer-checksum https://www.passbolt.com/pro/download/installers/ubuntu/latest-checksum
-sha512sum -c passbolt-installer-checksum
-tar -xzf passbolt-pro-installer-ubuntu-18.04.tar.gz
-sudo ./passbolt_pro_ubuntu_installer.sh
-
    - -
    - execute the install script - fig. execute the install script -
    - -

    Do you want to install a local mariadb server on this machine?

    - -
      -
    • Yes: if you are not planning on using an external mysql / mariadb server.
      • -
    • No: if you have a mysql / mariadb server installed somewhere else and want to use it for passbolt.
      • -
    - -

    The script will then ask you for the database details: root user password, non-root user name, non-root user password, database name, and database password.

    - -

    Hostname

    - -

    To configure your webserver, the script needs to know under which hostname or ip it is going to run. Enter here -the address (domain, hostname or ip) at which you are planning to access your passbolt after installation.

    - -

    example: my-passbolt.acme.com

    - -

    SSL Setup

    -

    Because passbolt is designed to run with HTTPS by default it is best to try to setup passbolt -with SSL even if this is just a test instance.

    - -
      -
    • manual: (recommended) choose manual if you have your own ssl certificates.
      • -
    • auto: this option will issue a SSL certificate automatically through Let’s Encrypt. -Use this option only if you have a domain name that is reachable by the outside world, or it will not work.
      • -
    • none: choose this option if you don’t want your webserver to run https. This is not recommended.
      • -
    - -

    Important: if you choose ‘none’ and want to test the MFA, later on you will need to set -PASSBOLT_SECURITY_COOKIE_SECURE environment variable to false. This is to prevent a misconfigured -server with both HTTP and HTTPS enabled from leaking sensitive cookie.

    - -

    Common GnuPG issues

    - -

    On virtualized environments GnuPG will most likely not be able to find enough entropy to generate a key. -Therefore, Passbolt will not run properly. The script needs to know if you want to help fix this issue by installing - Haveged.

    - -

    Haveged is a useful tool to fix entropy issues, however it can have security implications. Make sure you understand -the risks before answering yes to this question.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -

    For each question, depending on your answer, some more precisions can be asked. Just answer the questions and go -with the flow.

    - -

    Your environment is now ready to support passbolt.

    - -
    - completion of the install script - fig. completion of the install script -
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -

    Frequently asked questions

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/ubuntu/ubuntu-20-04.html b/docs/hosting/install/pro/ubuntu/ubuntu-20-04.html deleted file mode 100644 index c15f6f980..000000000 --- a/docs/hosting/install/pro/ubuntu/ubuntu-20-04.html +++ /dev/null @@ -1,570 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Ubuntu 20.04 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Ubuntu 20.04

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Ubuntu 20.04 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -November -24th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    - -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/ubuntu/ubuntu.html b/docs/hosting/install/pro/ubuntu/ubuntu.html deleted file mode 100644 index c45b6f35b..000000000 --- a/docs/hosting/install/pro/ubuntu/ubuntu.html +++ /dev/null @@ -1,570 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro on Ubuntu 22.04 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro on Ubuntu 22.04

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal Ubuntu 22.04 server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -By default in most installations the admin username would be root and the password would be empty.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.4. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.5. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.6. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.7. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.8. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -July -11th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    - -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/vm.html b/docs/hosting/install/pro/vm.html deleted file mode 100644 index 4bd814cd7..000000000 --- a/docs/hosting/install/pro/vm.html +++ /dev/null @@ -1,524 +0,0 @@ - - - - - Passbolt Help | Using Passbolt pro virtual machine appliance - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Using Passbolt pro virtual machine appliance

    -
    -
    - - -
    -
    - -

    Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and start enjoying Passbolt Pro. -The VM includes the following software:

    -
      -
    • Debian 12
      • -
    • Nginx
      • -
    • Php-fpm
      • -
    • Mariadb
      • -
    • Passbolt Pro preinstalled
      • -
    • certbot
      • -
    - -

    1. Getting started with Passbolt Pro VM

    - -

    1.1 Download

    - -

    Download the ova and the SHA512SUM.txt:

    - - - -

    Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files.

    - -

    Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM’s settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process.

    - -

    1.2 Credentials

    - -

    The appliance performs some actions on the first boot:

    -
      -
    • Creates ssh host keys
      • -
    • Enables ssh
      • -
    • Creates a set of random mariadb credentials for the mariadb server installed on the appliance
      • -
    • Creates an empty database where passbolt can be installed.
      • -
    - -

    For the first login the appliance comes with the following ssh default credentials:

    - - 
    VM login credentials:
-username: passbolt
-password: admin
-
    - -

    The passbolt user is part of sudo group. There is no root password, so you cannot -login in as root. You can however create a shell as root with the default user:

    - 
    sudo -s
-
    - -

    1.3. HTTPS setup process:

    - -

    Passbolt Pro VM uses passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the debian package:

    - - - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Subscription key

    - -

    At this step, the wizard will ask you for your subscription key. You should have received it by email soon after -your online purchase. Enter it in the box.

    - -
    - wizard - subscription key - fig. wizard - subscription key -
    - -

    2.3. Database

    - -

    Passbolt Virtual machine comes with a preinstalled mariadb database. The credentials for -this database are randomly generated on the first boot and the webinstaller autofills -those credentials for you. The autogenerated database credentials will be -available for later use by administrators in /etc/passbolt/passbolt.php file.

    - -

    If you decide to use the autogenerated credentials you -can click the “Next” button and move to the next step on this tutorial.

    - -
    - wizard - database - fig. wizard - database -
    - -

    Optional: in case you do not want to use the autogenerated mariadb -credentials you could connect through ssh to your instance -and use the mariadb root credentials to create a new -user, password and database for passbolt to use:

    - - 
    ssh admin@<your_domain|instance_ip>
-
    - -

    You can find the root database credentials in /root/.mysql_credentials file:

    - - 
    sudo cat /root/.mysql_credentials
-
    - -

    Once you have the root database credentials you can connect to the local mariadb -and create any database and user you want to use to install passbolt.

    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    - 
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - - 
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -

    Last updated

    -

    This article was last updated on -February -2nd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/install/pro/wizard.html b/docs/hosting/install/pro/wizard.html deleted file mode 100644 index 5301ad9e1..000000000 --- a/docs/hosting/install/pro/wizard.html +++ /dev/null @@ -1,259 +0,0 @@ - - - - - Passbolt Help | Install Passbolt Pro - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Install Passbolt Pro

    -
    -
    - -
    -
    - -

    Choose the guide corresponding to your distribution

    - - -
    -

    Last updated

    -

    This article was last updated on -November -13th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update.html b/docs/hosting/update.html deleted file mode 100644 index 781346601..000000000 --- a/docs/hosting/update.html +++ /dev/null @@ -1,1188 +0,0 @@ - - - - - Passbolt Help | Update - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Update your passbolt instance

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for Debian - Guide for instances installed using Debian package. - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for Ubuntu - Guide for instances installed using Ubuntu package. - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for Docker - Guide for instances using docker container. - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for Raspberry Pi - Guide for instances installed using Debian package. - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for AlmaLinux - Guide for instances installed using AlmaLinux package. - -
    - - - - - - - - -
    - - - - - - Update for CentOS - Guide for instances installed using CentOS package. - -
    - - - - - - - - -
    - - - - - - Update for OracleLinux - Guide for instances installed using OracleLinux package. - -
    - - - - - - - - -
    - - - - - - Update for Red Hat - Guide for instances installed using Red Hat package. - -
    - - - - - - - - -
    - - - - - - Update for RockyLinux - Guide for instances installed using RockyLinux package. - -
    - - - - - - - - -
    - - - - - - Update for openSUSE - Guide for instances installed using openSUSE package. - -
    - - - - - - - - -
    - - - - - - Update for Fedora - Guide for instances installed using Fedora package. - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for VM - Update passbolt Pro virtual machine appliance. - -
    - - - - - - - - - - - - - - - - - - -
    - - - - - - Update for AWS ami - Update passbolt CE AWS ami. - -
    - - - - - - - - -
    - - - - - - Update for Digital Ocean - Update passbolt CE digital ocean appliance. - -
    - - - - - - - - -
    - - - - - - Update for source install - Guide for instances installed from source. - -
    - - - -
    - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/hosting/update/almalinux.html b/docs/hosting/update/almalinux.html deleted file mode 100644 index afe521805..000000000 --- a/docs/hosting/update/almalinux.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on AlmaLinux - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on AlmaLinux

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal AlmaLinux server.
      • -
    • Passbolt AlmaLinux package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole AlmaLinux system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/ami-update.html b/docs/hosting/update/ami-update.html deleted file mode 100644 index bd0d946f9..000000000 --- a/docs/hosting/update/ami-update.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

    Redirecting…

    - Click here if you are not redirected. - diff --git a/docs/hosting/update/centos-7.html b/docs/hosting/update/centos-7.html deleted file mode 100644 index 76247cbe5..000000000 --- a/docs/hosting/update/centos-7.html +++ /dev/null @@ -1,120 +0,0 @@ - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS server.
      • -
    • Passbolt CentOS package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole CentOS system:

    - - 
    $ sudo yum update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Your installation is not based on a debian package?

    - - Migrate passbolt to debian package - -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    diff --git a/docs/hosting/update/centos.html b/docs/hosting/update/centos.html deleted file mode 100644 index fa2258728..000000000 --- a/docs/hosting/update/centos.html +++ /dev/null @@ -1,348 +0,0 @@ - - - - - Passbolt Help | Update passbolt on CentOS - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on CentOS

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS server.
      • -
    • Passbolt CentOS package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole CentOS system:

    - - 
    $ sudo yum update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/debian-package.html b/docs/hosting/update/debian-package.html deleted file mode 100644 index dbd8887af..000000000 --- a/docs/hosting/update/debian-package.html +++ /dev/null @@ -1,370 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Debian - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Debian

    -
    -
    - - -
    -
    - -
    -

    - Pro tip: These instructions are also used for updates to the virtual machine. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian server.
      • -
    • Passbolt Debian package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Debian system:

    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-ce-server
-sudo apt upgrade
-
    - -
    -

    - You are running Passbolt PRO? ↓ -

    - -
    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-pro-server
-sudo apt upgrade
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Your installation is not based on a debian package?

    - - Migrate passbolt to debian package - -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/do-update.html b/docs/hosting/update/do-update.html deleted file mode 100644 index bd0d946f9..000000000 --- a/docs/hosting/update/do-update.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

    Redirecting…

    - Click here if you are not redirected. - diff --git a/docs/hosting/update/docker.html b/docs/hosting/update/docker.html deleted file mode 100644 index b1b34a7e2..000000000 --- a/docs/hosting/update/docker.html +++ /dev/null @@ -1,276 +0,0 @@ - - - - - Passbolt Help | Update for docker container - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update for docker container

    -
    -
    - -
    -
    - -

    It is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing.

    - -

    To update passbolt, you would just need to change the image tag in your docker-compose.yml file:

    - - 
     image: passbolt/passbolt:<IMAGE_TAG>
-
    - -

    Then relaunch your docker containers:

    - - 
    $ docker-compose up -d
-
    - -

    By doing this:

    - -
      -
    • a new passbolt docker image will be pulled and a new container created
      • -
    • your passbolt database schema will be updated
      • -
    - -
    -

    Last updated

    -

    This article was last updated on -February -21st, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/fedora.html b/docs/hosting/update/fedora.html deleted file mode 100644 index 95af13f13..000000000 --- a/docs/hosting/update/fedora.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Fedora - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Fedora

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Fedora server.
      • -
    • Passbolt Fedora package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Fedora system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/install-scripts.html b/docs/hosting/update/install-scripts.html deleted file mode 100644 index fd7b6dd51..000000000 --- a/docs/hosting/update/install-scripts.html +++ /dev/null @@ -1,406 +0,0 @@ -
    -

    - Important: This page has been depreciated, CentOS is not supported anymore. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    - -
      -
    • -

      A minimal server.

      -
      • -
    • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
      • -
    • a working SMTP server for email notifications
      • -
    • a working NTP service to avoid GPG authentication issues
      • -
    - -

    The recommended server requirements are:

    -
      -
    • 2 cores
      • -
    • 2GB of RAM
      • -
    - -

    FAQ pages:

    - - - -
    -

    - Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. -

    - -
    - -
    -

    - Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! -

    - -
    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt and install it.

    - -

    Step 1. Download our dependencies installation script:

    - -
    wget "https://download.passbolt.com//installer/passbolt-repo-setup..sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - -
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt--SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - -
    sha512sum -c passbolt--SHA512SUM.txt && sudo bash ./passbolt-repo-setup..sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup..sh
-
    - -

    Install passbolt official linux package

    - -
    sudo  install passbolt--server
-
    - -

    2. Configure passbolt

    - -

    Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt -can be reached. You will reach a getting started page.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -

    2.1. Healthcheck

    - -

    The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on -“Start configuration” when ready.

    - -
    - wizard - healthcheck - fig. wizard - healthcheck -
    - -

    2.2. Database

    - -

    This step is about telling passbolt which database to use. Enter the host name, port number, database name, username -and password.

    - -
    - wizard - database - fig. wizard - database -
    - -

    2.3. GPG key

    - -

    In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to -authenticate itself during the login handshake process.

    - -

    Generate a key if you don’t have one.

    - -
    - wizard - generate a key pair - fig. wizard - generate a key pair -
    - -

    Optional: Import a key if you already have one and you want your server to use it.

    - -

    - Do not set a passphrase or an expiration date - The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. - Similarly do not set an expiration date. Otherwise all your users will need to - perform an account recovery when you will eventually need to update the key. -

    - -

    To create a new GnuPG key without passphrase:

    -
    gpg --batch --no-tty --gen-key <<EOF
-  Key-Type: default
-  Key-Length: 2048
-  Subkey-Type: default
-  Subkey-Length: 2048
-  Name-Real: John Doe
-  Name-Email: email@domain.tld
-  Expire-Date: 0
-  %no-protection
-  %commit
-EOF
-
    - -

    Feel free to replace Name-Real and Name-Email with your own.

    - -

    To display your new key:

    - -
    gpg --armor --export-secret-keys email@domain.tld
-
    - -
    - wizard - import a key pair - fig. wizard - import a key pair -
    - -

    2.4. Mail server (SMTP)

    - -

    At this stage, the wizard will ask you to enter the details of your SMTP server.

    - -
    - wizard - smtp mail server details - fig. wizard - smtp mail server details -
    - -

    You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter -the email address at which you want the wizard to send you a test email and click on “Send test email”.

    - -
    - wizard - test smtp settings - fig. wizard - test smtp settings -
    - -

    2.5. Preferences

    - -

    The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated -but you can also change them if you know what you are doing.

    - -
    - wizard - preferences - fig. wizard - preferences -
    - -

    2.6. First user creation

    - -

    You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

    - -
    - wizard - first user - fig. wizard - first user -
    - -

    2.7. Installation

    - -

    That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while -the configuration process is going on.

    - -
    - wizard - installation - fig. wizard - installation -
    - -

    Your user account is now created. You will see a redirection page for a few second and then will be redirected -to the user setup process so that you can configure your user account.

    - -
    - wizard - completion and redirection - fig. wizard - completion and redirection -
    - -

    3. Configure your administrator account

    - -

    3.1. Download the plugin

    - -

    Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the -next step.

    - -
    - download the browser extension - fig. download the browser extension -
    - -

    3.2. Create a new key

    - -

    Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. -Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

    - -
    - generate a key - fig. generate a key -
    - -

    3.3. Download your recovery kit

    - -

    This step is essential. Your key is the only way to access your account and passwords.

    - -
    -

    - WARNING: If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase. -

    - -
    - -
    - download the recovery kit - fig. download the recovery kit -
    - -

    3.4. Define your security token

    - -

    Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing -attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

    - -
    - define your security token - fig. define your security token -
    - -

    3.5. That’s it!

    - -

    Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

    - -
    -
    - -
    -

    - Important: This is no longer a recommended installation method. You may want to consider migrating to the package. -

    - -
    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS 7 server.
      • -
    • Passbolt installed with the CentOS install script.
      • -
    - -

    Updating passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. For example if you are using nginx as a -webserver:

    - 
    $ sudo systemctl stop nginx
-
    - -

    If you feel a bit more fancy, you can change your web server configuration to point to an “under maintenance” page. -It is a good practice to announce such maintenance window to your users in advance, so that they can also -plan for the update, for example by downloading some key passwords they may need.

    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Get the latest code version

    - -

    Pull the latest version directly from master:

    - 
    $ cd /var/www/passbolt
-$ sudo -H -u nginx bash -c "git pull origin master"
-
    - -

    4. Update the dependencies

    - -

    Some libraries are not packaged with the software but need to be updated using composer, based on -what is recommended in the composer.lock. This file is provided by passbolt.

    - -

    Passbolt requires composer v2, check the version you have already installed:

    - - 
    $ sudo -H -u nginx bash -c "composer.phar --version"
-> Composer version 2.0.9 2021-01-27 16:09:27
-
    - -

    To get the latest version of composer, you can check the -composer installation instructions.

    - -

    Update the dependencies:

    - - 
    $ sudo -H -u nginx bash -c "php -d allow_url_fopen=on composer.phar install --no-dev -n -o"
-
    - -

    5. Migrate your data

    - -

    A new version can come with a data structure change. You can run the migration scripts as follow:

    - 
    $ sudo -H -u nginx bash -c "./bin/cake passbolt migrate"
-
    - -

    6. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - 
    $ sudo -H -u nginx bash -c "./bin/cake cache clear_all"
-
    - -

    7. Bring your site back online

    - -

    Almost done:

    - 
    $ sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u  bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -October -19th, -2021.

    -
    - -
    -
    - -
    -

    Have you installed passbolt from source instead?

    - - Update passbolt on from source installation - -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    diff --git a/docs/hosting/update/opensuse.html b/docs/hosting/update/opensuse.html deleted file mode 100644 index ac5ce0a7c..000000000 --- a/docs/hosting/update/opensuse.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on openSUSE - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on openSUSE

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal openSUSE server.
      • -
    • Passbolt openSUSE package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole openSUSE system:

    - - 
    $ sudo zypper update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/oraclelinux-7.html b/docs/hosting/update/oraclelinux-7.html deleted file mode 100644 index 4efb27155..000000000 --- a/docs/hosting/update/oraclelinux-7.html +++ /dev/null @@ -1,349 +0,0 @@ - - - - - Passbolt Help | Update passbolt on OracleLinux 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on OracleLinux 7

    -
    -
    - - -
    -
    - -
    -

    - Important: This page has been depreciated, see the Oracle Linux update page for instructions. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal OracleLinux server.
      • -
    • Passbolt OracleLinux package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole OracleLinux system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/oraclelinux.html b/docs/hosting/update/oraclelinux.html deleted file mode 100644 index 0befa9f4d..000000000 --- a/docs/hosting/update/oraclelinux.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on OracleLinux - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on OracleLinux

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal OracleLinux server.
      • -
    • Passbolt OracleLinux package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole OracleLinux system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/raspberry.html b/docs/hosting/update/raspberry.html deleted file mode 100644 index c61334a2c..000000000 --- a/docs/hosting/update/raspberry.html +++ /dev/null @@ -1,363 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Raspberry Pi - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Raspberry Pi

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian server.
      • -
    • Passbolt Debian package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Debian system:

    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-ce-server
-sudo apt upgrade
-
    - -
    -

    - You are running Passbolt PRO? ↓ -

    - -
    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-pro-server
-sudo apt upgrade
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Your installation is not based on a debian package?

    - - Migrate passbolt to debian package - -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/redhat-7.html b/docs/hosting/update/redhat-7.html deleted file mode 100644 index d919cf3dd..000000000 --- a/docs/hosting/update/redhat-7.html +++ /dev/null @@ -1,349 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Red Hat 7 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Red Hat 7

    -
    -
    - - -
    -
    - -
    -

    - Important: This page has been depreciated, see the Red Hat update page for instructions. -

    - -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Red Hat server.
      • -
    • Passbolt Red Hat package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Red Hat system:

    - - 
    $ sudo yum update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/redhat.html b/docs/hosting/update/redhat.html deleted file mode 100644 index 39274b668..000000000 --- a/docs/hosting/update/redhat.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Red Hat - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Red Hat

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Red Hat server.
      • -
    • Passbolt Red Hat package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Red Hat system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/rockylinux.html b/docs/hosting/update/rockylinux.html deleted file mode 100644 index 7cb35cd43..000000000 --- a/docs/hosting/update/rockylinux.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - Passbolt Help | Update passbolt on RockyLinux - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on RockyLinux

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal RockyLinux server.
      • -
    • Passbolt RockyLinux package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole RockyLinux system:

    - - 
    $ sudo dnf update
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/source.html b/docs/hosting/update/source.html deleted file mode 100644 index e35003294..000000000 --- a/docs/hosting/update/source.html +++ /dev/null @@ -1,501 +0,0 @@ - - - - - Passbolt Help | Update passbolt source install - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt source install

    -
    -
    - -
    -
    - -

    Pre-requisites

    - -

    System requirements

    -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.4.0
      • -
    • MariaDB >= 10.3 /Mysql >= 5.7
      • -
    • Composer >= 2
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Find out where is your passbolt directory

    - -

    All the commands hereafter should be done from inside your passbolt directory:

    - 
    $ cd /var/www/passbolt
-
    - -

    By default passbolt should be installed under /var/www/passbolt but it could be different if you -installed from source manually. We will assume for the rest of this tutorial that it is located -in /var/www/passbolt.

    - -

    Find out the name of your webserver user

    - -

    Some commands need to be run as the same user running the web server. Generally on Debian systems it will be -www-data but on other distributions like Centos it could be for example nginx or http. -For the rest of this tutorial we will assume that the user named www-data.

    - -

    Generally it is not possible to login as this user, so in order to run the command as this user, -you can execute something like this:

    - - 
    $ sudo -H -u www-data bash -c "./bin/cake passbolt healthcheck"
-
    - -

    This command for example, will run the healthcheck command as www-data data user. -It is a good idea to start with running a healthcheck prior to updating, to make sure everything is in order.

    - -

    Make sure the permissions are right for your current user

    - -
    -

    - Do not run the commands as root when updating passbolt. It can render your installation unusable. -

    - -
    - -

    Running commands as root can make your installation unusable until the permissions are repaired. -We recommend you use another user for this purpose. The whoami command will let you know which user you are logged -in as. In our case below, it is the user passbolt.

    - 
    $ whoami
-passbolt
-
    - -

    You need to make sure that this user have access to the passbolt directory. -The easiest way to do this would be to add such user to the www-data and sudo groups, -so for example for a passbolt user, you could execute as root:

    - - 
    $ sudo usermod -a -G www-data passbolt
-$ sudo usermod -a -G sudo passbolt
-
    - -

    You can check if the user is included in the group (you may need to logout / login again for the permissions to be -applied):

    - 
    $ groups passbolt
-passbolt : passbolt www-data sudo
-
    - -

    Make sure the passbolt directory is owned by the passbolt user and accessible to the www-data group. -You can set the permissions as follow:

    - - 
    $ sudo chown -R passbolt:www-data .
-$ sudo chmod -R o-rwx .
-$ sudo find . -type d -print0 | xargs -0 sudo chmod g-w
-$ sudo find . -type f -print0 | xargs -0 sudo chmod g-wx
-$ sudo chmod g+x ./bin/cake
-$ sudo find ./tmp -type d -print0 | xargs -0 sudo chmod 770
-$ sudo find ./tmp -type f -print0 | xargs -0 sudo chmod 660
-$ sudo find ./logs -type d -print0 | xargs -0 sudo chmod 770
-$ sudo find ./logs -type f -print0 | xargs -0 sudo chmod 660
-$ sudo find ./webroot/img/public -type d -print0 | xargs -0 sudo chmod 770
-$ sudo find ./webroot/img/public -type f -print0 | xargs -0 sudo chmod 660
-
    - -

    Check that the permissions are set as expected.

    - 
    $ ls -la .
-drwxr-x--- 2 passbolt www-data  .
-drwx------ 6 root root          ..
-drwxr-x--- 6 passbolt www-data  config
-
    - -

    Make sure the passbolt directory doesn’t contain any changes. If you have altered the passbolt code, stash your changes -before executing the following command.

    - 
    $ git checkout HEAD .
-
    - -

    Check if git is present on your system

    - -

    By default you should have git installed:

    - 
    $ which git
-/usr/bin/git
-
    - -

    If not install the relative distribution package.

    - -

    Check if composer is present on your system

    - -

    You should also already have composer installed.

    - 
    $ which composer.phar
-/usr/bin/composer.phar
-
    - -

    Depending on your setup it is possible that your composer command is named composer and not composer.phar.

    - -

    If for some reason the command above fails because you don’t have composer installed, -you can check the composer installation instructions.

    - -

    Passbolt requires composer v2, check the version you have already installed:

    - - 
    composer.phar --version
-> Composer version 2.0.9 2021-01-27 16:09:27
-
    - -

    To get the latest version of composer, you can check the -composer installation instructions.

    - -

    Updating passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade. For example if you are using nginx as a -webserver:

    - 
    $ sudo systemctl stop nginx
-
    - -

    If you feel a bit more fancy, you can change your web server configuration to point to an “under maintenance” page. -It is a good practice to announce such maintenance window to your users in advance, so that they can also -plan for the update, for example by downloading some key passwords they may need.

    - -

    2. Get the latest code version

    - -

    You can pull the latest version directly from master:

    - 
    $ git pull origin master
-
    - -

    To pull a specific version you can do:

    - 
    $ git fetch origin tags/v2.13.0
-$ git checkout tags/v2.13.0
-
    - -

    On installations based on install scripts or in the VM appliance you are in a shallow clone state so to change -the branch you will need to:

    - - 
    $ git remote set-branches origin "*"
-$ git fetch origin tags/v2.13.0
-$ git checkout tags/v2.13.0
-
    - -

    3. Update the dependencies

    - -

    Some libraries are not packaged with the software but need to be updated using composer, based on -what is recommended in the composer.lock. This file is provided by passbolt.

    - - 
    $ php -d allow_url_fopen=on /usr/bin/composer.phar install --no-dev -n -o
-
    - -

    4. Run the migration script

    - -

    You can run the database migration scripts as follow:

    - 
    $ sudo -H -u www-data bash -c "./bin/cake passbolt migrate --backup"
-
    - -

    As you can see with the command above you can optional ask the application to create a database backup. -This is useful in case you run into any issues with the new version and need to revert to an old but working one.

    - -

    This backup will be placed in ./tmp/cache/database/backup/backup_timestamp.sql.

    - -

    5. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - 
    $ sudo -H -u www-data bash -c "./bin/cake cache clear_all"
-
    - -

    6. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u www-data bash -c "./bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -February -8th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/ubuntu-package.html b/docs/hosting/update/ubuntu-package.html deleted file mode 100644 index 54a0d636f..000000000 --- a/docs/hosting/update/ubuntu-package.html +++ /dev/null @@ -1,363 +0,0 @@ - - - - - Passbolt Help | Update passbolt on Ubuntu - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt on Ubuntu

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu server.
      • -
    • Passbolt Ubuntu package installed.
      • -
    - -

    Update passbolt

    -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your database

    - -

    It is recommended to always perform a backup of your passbolt installation. Please check the backup article

    - -

    3. Upgrade your system

    - -
    -

    - Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade -

    - -
    - -

    This commands will trigger an upgrade on your whole Ubuntu system:

    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-ce-server
-sudo apt upgrade
-
    - -
    -

    - You are running Passbolt PRO? ↓ -

    - -
    - - 
    sudo apt update
-sudo apt --only-upgrade install passbolt-pro-server
-sudo apt upgrade
-
    - -

    4. Clear the cache

    - -

    Finally make sure you clear the application cache, to make sure any changes in the database structure are -reflected in model cache files:

    - - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    5. Bring your site back online

    - -

    Almost done:

    - 
    sudo systemctl start nginx
-
    - -

    Troubleshooting

    - -

    Verifying the status of the application

    -

    Optionally, you can login as an administrator and check the status on the healthcheck page:

    - -
    - Example of healthcheck screen - fig. Example of healthcheck screen -
    - -

    You can also run the following command:

    - 
    $ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -

    If you run into some issues

    - -

    If you run into some issues:

    -
      -
    • Make a copy or screenshot of the errors messages displayed on the screen
      • -
    • Check for error message in the logs directory
      • -
    • Check for error message in the browser console
      • -
    • Checkout the previous working version using git
      • -
    • Drop the database and load your backup data to restore to a previously working version
      • -
    • Note down the the details of you environment: your OS, php, mysql environment versions.
      • -
    - -

    Where to get help:

    -
      -
    • If you are a Passbolt Pro Edition subscriber send us an email with the details.
      • -
    • If you are a Passbolt Community Edition user you can open new thread on the community forum.
      • -
    - -

    The more information you provide about what you did, what you tried, how your environment look like, -the easiest it will be for people to help you.

    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Your installation is not based on a Ubuntu package?

    - - Migrate passbolt to Ubuntu package - -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/update-v1.html b/docs/hosting/update/update-v1.html deleted file mode 100644 index 6248bb53e..000000000 --- a/docs/hosting/update/update-v1.html +++ /dev/null @@ -1,370 +0,0 @@ - - - - - Passbolt Help | Update passbolt server component (v1) - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Update passbolt server component (v1)

    -
    -
    - -
    -
    - -

    Which update process to follow?

    - -

    Each passbolt release follows the concept of Semantic Versioning. Given a version number MAJOR.MINOR.PATCH, we increment as follow:

    - -
      -
    • PATCH version when we make backwards-compatible bug fixes. So let’s say you are running passbolt v1.3.2 and the latest one available is v1.3.7 you will need to perform a patch update.
      • -
    • MINOR version when we add functionality in a backwards-compatible manner. Similarly say you have passbolt v1.2.0 installed and the latest version available is v1.3.2, you will need to perform a minor version update.
      • -
    • MAJOR version when incompatible API changes are made. You get the deal for major version update: that would mean going from v1.3.7 to v2.0.0 for example.
      • -
    - -

    Where to find the latest release version number?

    - -

    You can find information about which version is the latest in the release notes. It is generally a good idea to check these notes before running an update. You can also find it on the official GIT repository.

    - -

    Where to find the version number for a given installation?

    - -

    You can check app/Config/version.php to know the version number for your local instance. You can also hover on the heart icon at the bottom right corner of any passbolt screen. The first item is the server version, the second the one from the browser extension.

    - -
    - footer version helper - fig. footer version helper -
    - -

    Major update

    - -

    Please see the following documentation to Update from v1 to v2

    - -

    Minor update

    - -

    Every now and again some releases will introduce some database and/or configuration files changes. Here is a step by step guide on how to perform a minor update.

    - -

    1. Take your site down

    -

    Create a temporary webserver configuration to redirect all the requests to a maintenance page. You can find resources how to do this online: here is an example for apache .

    - -

    2. Get the latest release

    - 
    $ git fetch
-$ git checkout tags/v1.x.x
-
    - -

    3. Review the configuration files

    - -

    While we try to provide backward compatibility by providing safe fallbacks for new configuration files items, -it is recommended that you review your configuration files when the default changes.

    - -

    For example let’s take the scenario where you are running v1.1.0 and you want to upgrade to v1.3.2. -We can check that both the app and core files have changed as follow:

    - - 
    $ git diff --name-status v1.3.2 v1.1.0 | grep 'php.default'
-M	app/Config/app.php.default
-M	app/Config/core.php.default
-
    - -

    4. Make a backup of your database

    - -

    Prior to running a database migration script it is very important that you perform a backup, in case something -goes wrong. You can do this using mysqldump, with for example:

    - - 
    $ mysqldump -u[user] -p[pass] db > /path/to/backup.sql
-
    - -

    5. Run the migration script

    - -

    To see if a database schema migration script is available you can run the following command:

    - - 
    $ ./app/Console/cake Migrations.migration status
-Cake Migration Shell
----------------------------------------------------------------
-Application
-
-Current version:
-  #1465367816 1465367816_Migration_1.1.0
-Latest version:
-  #1479926461 1479926461_Migration_1.3.0
----------------------------------------------------------------
-
    - -

    In this case we can see that a migration is needed, so we run the following:

    - - 
    $ ./app/Console/cake Migrations.migration run all
-Cake Migration Shell
----------------------------------------------------------------
-Running migrations:
-  [1474629203] 1474629203_Migration_1.2.0 (2016-09-23 16:43:23)
-      > Changing field "uri" from table "resources".
-
-  [1479926461] 1479926461_Migration_1.3.0 (2016-11-24 00:11:01)
-
-Allow sending anonymous usage statistics? (y/n)
-[n] > y
----------------------------------------------------------------
-All migrations have completed.
-
    - -

    As you can see above, the migration script for v1.2.0 will also be applied automatically. Sometimes also, -for example with the introduction of the anonymous usage statistics, the migration script can prompt you for input.

    - -

    6. Put your site back online!

    - -

    As an administrator (or as any user in debug mode) you can go and check on the /healthcheck page to see if -your instance configuration is looking good.

    - -

    Patch update

    - -

    Performing a patch update is the easiest. All you need to do is checkout the latest version.

    - 
    $ git pull origin master
-
    - -

    You can also checkout a specific version and use branches to switch versions. For example for version 1.0.9:

    - - 
    $ git fetch --tags
-$ git checkout tags/v1.0.9 -b tags/v1.0.9
-
    - -
    -

    Last updated

    -

    This article was last updated on -January -20th, -2017.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/update/vm-update.html b/docs/hosting/update/vm-update.html deleted file mode 100644 index bd0d946f9..000000000 --- a/docs/hosting/update/vm-update.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Redirecting… - - - - -

    Redirecting…

    - Click here if you are not redirected. - diff --git a/docs/hosting/upgrade.html b/docs/hosting/upgrade.html deleted file mode 100644 index 5e9c476ca..000000000 --- a/docs/hosting/upgrade.html +++ /dev/null @@ -1,2183 +0,0 @@ - - - - - Passbolt Help | Upgrade - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -

    Community edition

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to CentOS 7 package - Migrate from install script to CentOS 7 package - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to Debian package - Migrate from install script to Debian package - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to Ubuntu package - Migrate from install script to Ubuntu package - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new Debian server - Migrate an existing Passbolt CE to a new Debian server - -
    - - - - - - - - -
    - - - - - - Migrate to new Ubuntu server - Migrate an existing Passbolt CE to a new Ubuntu server - -
    - - - - - - - - -
    - - - - - - Migrate to new RockyLinux server - Migrate an existing Passbolt CE to a new RockyLinux server - -
    - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new openSUSE server - Migrate an existing Passbolt CE to a new openSUSE server - -
    - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new Fedora server - Migrate an existing Passbolt CE to a new Fedora server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new CentOS server - Migrate an existing Passbolt CE to a new CentOS server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new AlmaLinux server - Migrate an existing Passbolt CE to a new AlmaLinux server - -
    - - - - - - - - -
    - - - - - - Migrate to new Red Hat server - Migrate an existing Passbolt CE to a new Red Hat server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new Docker - Migrate an existing Passbolt CE to a new Docker - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new OracleLinux server - Migrate an existing Passbolt CE to a new OracleLinux server - -
    - - - - - - - - - - - - - - - - - - - - - - - -
    - - -
    -
    -

    Pro edition

    -
    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to CentOS 7 package - Migrate from install script to CentOS 7 package - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to Debian package - Migrate from install script to Debian package - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to Ubuntu package - Migrate from install script to Ubuntu package - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - From CE on Debian - Upgrade Passbolt from CE to Pro on Debian - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - From CE on Ubuntu - Upgrade Passbolt from CE to Pro on Ubuntu - -
    - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - From CE with Docker - Upgrade from CE to Pro using docker - -
    - - - - - - - - - - - - - -
    - - - - - - From CE source install - Upgrade from CE source install to Pro - -
    - - - - - - - - -
    - - - - - - Migrate to new Debian server - Migrate an existing Passbolt PRO to a new Debian server - -
    - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new AlmaLinux server - Migrate an existing Passbolt PRO to a new AlmaLinux server - -
    - - - - - - - - -
    - - - - - - Migrate to new OracleLinux server - Migrate an existing Passbolt PRO to a new OracleLinux server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new Red Hat server - Migrate an existing Passbolt PRO to a new Red Hat server - -
    - - - - - - - - -
    - - - - - - Migrate to new RockyLinux server - Migrate an existing Passbolt PRO to new RockyLinux server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new Fedora server - Migrate an existing Passbolt PRO to new Fedora server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new CentOS server - Migrate an existing Passbolt PRO to new CentOS server - -
    - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new openSUSE server - Migrate an existing Passbolt PRO to new openSUSE server - -
    - - - - - - - - - - - - - -
    - - - - - - Migrate to new Virtual Machine - Migrate an existing Passbolt PRO to Virtual Machine - -
    - - - - - - - - -
    - - - - - - Migrate to new Ubuntu server - Migrate an existing Passbolt PRO to a new Ubuntu server - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - Migrate to new Docker - Migrate an existing Passbolt PRO to a new Docker - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/hosting/upgrade/ce/from-debian-10-to-debian-11-ce.html b/docs/hosting/upgrade/ce/from-debian-10-to-debian-11-ce.html deleted file mode 100644 index 5163b7c8b..000000000 --- a/docs/hosting/upgrade/ce/from-debian-10-to-debian-11-ce.html +++ /dev/null @@ -1,424 +0,0 @@ - - - - - Passbolt Help | Upgrade from Debian 10 to Debian 11 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from Debian 10 to Debian 11

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A Debian 10 server.
      • -
    • Passbolt Debian package installed.
      • -
    • Ensure you have sufficient space for the upgrade.
      • -
    - -

    This manual has for aim to help you upgrade your distribution, but it does not replace -the official Debian guide, please refer to it if you have any doubt.

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Prepare repositories

    - -

    3.1. Upgrade the OS and other third party repositories

    - -

    Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 11. This can be easily done with sed:

    - - 
    sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list
-sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/*.list
-
    - -

    Take care of the debian security repository !! The format has changed and the correct one is now, edit the file -/etc/apt/sources.list and update the security repositories as following:

    - - 
    deb https://security.debian.org/debian-security bullseye-security main
-deb-src https://security.debian.org/debian-security bullseye-security main
-
    - -

    3.2. Remove the old passbolt repository source

    - -

    With Debian 11 apt-key is now deprecated and with this change let’s migrate to -the new source-file format (DEB822).

    - -

    Remove the old passbolt source-file:

    - - 
    sudo rm /etc/apt/sources.list.d/passbolt.list
-
    - -

    Remove the passbolt GnuPG key from apt-key:

    - - 
    sudo apt-key del 0xDE8B853FC155581D
-
    - -

    3.3. Retrieve and store the passbolt GnuPG repository key

    - -

    Retrieve passbolt repository package official GnuPG key from hkps://keys.mailvelope.com, hkps://pgp.mit.edu or hkps://keys.gnupg.net:

    - - 
    gpg --keyserver hkps://keys.mailvelope.com --receive-keys 0xDE8B853FC155581D 
-
    - -

    Check that the GPG fingerprint matches 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D:

    - - 
    gpg --list-key --with-fingerprint 0xDE8B853FC155581D
-
    - -

    It must return:

    - - 
    pub   rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
-      3D1A 0346 C8E1 802F 774A  EF21 DE8B 853F C155 581D
-uid           [ unknown] Passbolt SA package signing key <contact@passbolt.com>
-sub   rsa2048 2020-05-18 [E] [expires: 2022-05-18]
-
    - -

    Stock the passbolt GnuPG key on disk for later use:

    - - 
    gpg --export 0xDE8B853FC155581D | sudo tee \
-  /usr/share/keyrings/passbolt-repository.gpg >/dev/null
-
    - -

    3.4. Add the new passbolt repository source

    - -

    Create a new repository source-file following the format DEB822 for passbolt.

    - - 
    cat << EOF | sudo tee /etc/apt/sources.list.d/passbolt.sources > /dev/null
-Types: deb
-URIs: https://download.passbolt.com/ce/debian
-Suites: buster
-Components: stable
-Signed-By: /usr/share/keyrings/passbolt-repository.gpg
-EOF
-
    - -

    4. Upgrade your system

    - -

    Update the apt indexes :

    - - 
    sudo apt update
-
    - -

    You can now upgrade your system :

    - - 
    # Upgrade first
-sudo apt upgrade
-
-# Then perform the dist-upgrade
-sudo apt dist-upgrade
-
    - -

    5. Update passbolt nginx configuration

    - -

    As php-fpm has been upgraded from 7.3 to 7.4, nginx configuration has to be updated accordingly.

    - -

    It can easily be done with sed :

    - - 
    sudo sed -i 's/php7.3-fpm/php-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf
-
    - -

    Check if you have no configuration issue :

    - - 
    sudo nginx -t
-
    - -

    It should return:

    - - 
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
    - -

    You can now safely reload the nginx web server:

    - - 
    sudo systemctl reload nginx.service
-
    - -

    6. Reboot your server

    - -

    With Debian 11 comes a new Linux kernel, you must reboot your server.

    - -

    7. Clean useless packages

    - -

    Once the server rebooted on the new kernel, you can now remove useless packages:

    - - 
    sudo apt autoremove --purge
-sudo apt autoclean
-
    - -

    8. Troubleshooting

    - -

    MariaDB went missing

    - -

    It is possible your MariaDB instance has been uninstalled. You can install it back:

    - - 
    sudo apt install default-mysql-server
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -3rd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/from-debian-11-to-debian-12-ce.html b/docs/hosting/upgrade/ce/from-debian-11-to-debian-12-ce.html deleted file mode 100644 index fc9e7abb4..000000000 --- a/docs/hosting/upgrade/ce/from-debian-11-to-debian-12-ce.html +++ /dev/null @@ -1,407 +0,0 @@ - - - - - Passbolt Help | Upgrade from Debian 11 to Debian 12 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from Debian 11 to Debian 12

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A Debian 11 server.
      • -
    • Passbolt Debian package installed.
      • -
    • Ensure you have sufficient space for the upgrade.
      • -
    - -

    This manual has for aim to help you upgrade your distribution, but it does not replace -the official Debian guide, please refer to it if you have any doubt.

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Prepare repositories

    - -

    3.1. Upgrade the OS and other third party repositories

    - -

    Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 12. This can be easily done with sed:

    - - 
    sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
-
    - -

    Please, take a moment with: cat /etc/apt/sources.list to ensure that there is not any bullseye left on this file. You should expect something like what’s shown below.

    - - 
    # deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main
-
-#deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main
-
-deb http://httpredir.debian.org/debian/ bookworm main
-deb-src http://httpredir.debian.org/debian/ bookworm main
-
-deb http://security.debian.org/debian-security bookworm-security main contrib
-deb-src http://security.debian.org/debian-security bookworm-security main contrib
-
-# bookworm-updates, to get updates before a point release is made;
-# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
-deb http://httpredir.debian.org/debian/ bookworm-updates main contrib
-deb-src http://httpredir.debian.org/debian/ bookworm-updates main contrib
-
-
    - -

    4. Upgrade your system

    - -

    Update the apt indexes :

    - - 
    sudo apt update
-
    - -

    Upgrade Passbolt PRO :

    - 
    sudo apt --only-upgrade install passbolt-pro-server
-
    - -
    -

    - You are using Passbolt CE? Run sudo apt --only-upgrade install passbolt-ce-server -

    - -
    - -

    You can now upgrade your system :

    - - 
    # Upgrade first
-sudo apt upgrade
-
-# Then perform the dist-upgrade
-sudo apt dist-upgrade
-
    - -

    4.1. Ensure that you are running the correct distributions

    - -

    In order to verify the distribution :

    - - 
    lsb_release -a
-
    - -

    4.2. Ensure that you are running the correct PHP 8.2 version

    - -

    To verify the PHP version :

    - - 
    php -v
-
    - -

    5. Update passbolt nginx configuration

    - -

    As php-fpm has been upgraded from 7.4 to 8.2, nginx configuration has to be updated accordingly.

    - -

    It can easily be done with sed :

    - - 
    sudo sed -i 's/php7.4-fpm/php8.2-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf
-
    - -

    Check if you have no configuration issue :

    - - 
    sudo nginx -t
-
    - -

    It should return:

    - - 
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
    - -

    You can now safely restart the nginx web server and php-fpm:

    - - 
    sudo systemctl restart nginx
-sudo systemctl restart php8.2-fpm
-
    - -

    6. Reboot your server

    - -

    With Debian 12 comes a new Linux kernel, you must reboot your server.

    - -

    7. Clean useless packages

    - -

    Once the server rebooted on the new kernel, you can now remove useless packages:

    - - 
    sudo apt autoremove --purge
-sudo apt autoclean
-
    - -

    8. Troubleshooting

    - -

    MariaDB went missing

    - -

    It is possible your MariaDB instance has been uninstalled. You can install it back:

    - - 
    sudo apt install default-mysql-server
-
    - -
    -

    Last updated

    -

    This article was last updated on -June -29th, -2023.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-almalinux-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-almalinux-server.html deleted file mode 100644 index 3d9cd4597..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-almalinux-server.html +++ /dev/null @@ -1,485 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new AlmaLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new AlmaLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new AlmaLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal AlmaLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new AlmaLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on AlmaLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new AlmaLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-centos-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-centos-server.html deleted file mode 100644 index 09618f261..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-centos-server.html +++ /dev/null @@ -1,491 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new CentOS server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new CentOS server

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    This document describes how to migrate an existing passbolt to a new CentOS server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal CentOS 7 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new CentOS server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on CentOS 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new CentOS server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-debian-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-debian-server.html deleted file mode 100644 index 50aed10e9..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-debian-server.html +++ /dev/null @@ -1,421 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new Debian server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new Debian server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Debian server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Debian 12 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Debian server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -You will find the root password on the server in the file /root/.mysql_credentials.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

    - - - -

    Migrate data

    - -

    Load the backup files into the new Debian server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown www-data:www-data /etc/passbolt/passbolt.php
-sudo chown www-data:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  www-data
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -2nd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-docker.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-docker.html deleted file mode 100644 index c4b28024f..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-docker.html +++ /dev/null @@ -1,395 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new Docker - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new Docker

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A new server with Docker
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new server

    - -

    Create a fresh new Passbolt instance on Docker following this documentation.

    - -

    Migrate the data

    - -

    Stop running containers

    - -

    At this step, you should have a running empty Passbolt instance running on your server. We will now stop it and delete the database volume.

    - -

    If you have chosen the docker-compose install, you just have to delete the volumes you created with this command (don’t forget the -v):

    - - 
    docker-compose -f docker-compose-ce.yaml down -v
-
    - -

    If you have chosen to run docker containers, stop them and delete the database volume:

    - - 
    docker stop passbolt-container-name
-docker stop passbolt-database-name
-docker volume rm passbolt-database-volume-name
-
    - -

    Of course, replace containers and volume name with your own !

    - -

    Restore your database

    - -

    According to MariaDB documentation on Docker Hub:

    - - 
    When a container is started for the first time, a new database with the specified name will be created and initialized with the provided configuration variables.
-
-Furthermore, it will execute files with extensions .sh, .sql, .sql.gz, and .sql.xz that are found in /docker-entrypoint-initdb.d. Files will be executed in alphabetical order. .sh files without file execute permission are sourced rather than executed.
-
-You can easily populate your mariadb services by mounting a SQL dump into that directory and provide custom images with contributed data. SQL files will be imported by default to the database specified by the MARIADB_DATABASE / MYSQL_DATABASE variable.
-
    - -

    This means you just have to mount your database backup file on /docker-entrypoint-initdb.d folder of the database container.

    - -

    Edit your docker-compose-ce.yaml file and add a volume mount in the db service:

    - - 
    volumes:
-  - database_volume:/var/lib/mysql
-  - ./path/to/your/database/dump.sql:/docker-entrypoint-initdb.d/dump.sql
-
    - -

    Set your GPG server keys fingerprint and email

    - -

    In the scope of a migration to docker, you need to add 2 environment variables to the passbolt service -related to the GPG server keys fingerprint and email address.

    - -

    Get them from your backed up keys:

    - - 
    $ gpg --show-keys /path/to/serverkey.asc
-pub   rsa2048 2022-01-20 [SC]
-      43F978AFF88B53F5ABBD12C87D5E40A4C43926ED
-uid                      Passbolt default user <passbolt@yourdomain.com>
-sub   rsa2048 2022-01-20 [E]
-
    - -

    In the above output, fingerprint is 43F978AFF88B53F5ABBD12C87D5E40A4C43926ED and email address is passbolt@yourdomain.com.

    - -

    Add the environment variables in your docker-compose-ce.yaml file (replace with your own values):

    - - 
    services:
-  passbolt:
-    environment:
-      PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "43F978AFF88B53F5ABBD12C87D5E40A4C43926ED"
-      PASSBOLT_KEY_EMAIL: "passbolt@yourdomain.com"
-
    - -

    Start your containers

    - -

    You can now start your database and passbolt containers, your database will be restored at the database container start.

    - -

    Restore GPG server keys

    - -

    Copy the GPG you backed up in your container:

    - - 
    docker cp serverkey_private.asc your-passbolt-container:/etc/passbolt/gpg/serverkey_private.asc
-docker cp serverkey.asc your-passbolt-container:/etc/passbolt/gpg/serverkey.asc
-
    - -

    Then set correct rights:

    - - 
    docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey.asc
-docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Restore avatars (if you are coming from prior 3.2)

    - -
    -

    - This step is needed only if you come from Passbolt version prior to 3.2. Since 3.2, avatars are stored in database -

    - -
    - -

    Extract the avatars to the Passbolt docker container:

    - - 
    cat passbolt-avatars.tar.gz | docker exec -i your-passbolt-container tar -C /usr/share/php/passbolt/ -xzf -
-
    - -

    Then set correct rights to the avatars:

    - - 
    docker exec -it your-passbolt-container chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/avatar
-
    - -

    That’s it

    - -

    If your passbolt URL has changed, you will have to proceed to an account recovery.

    - -
    -

    Last updated

    -

    This article was last updated on -September -29th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-fedora-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-fedora-server.html deleted file mode 100644 index d2f6c6975..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-fedora-server.html +++ /dev/null @@ -1,485 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new Fedora server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new Fedora server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Fedora server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Fedora 37 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Fedora server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on Fedora 37 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new Fedora server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-opensuse-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-opensuse-server.html deleted file mode 100644 index f86c96453..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-opensuse-server.html +++ /dev/null @@ -1,506 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new openSUSE server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new openSUSE server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new openSUSE server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal openSUSE Leap 15 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new openSUSE server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo zypper install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
      Repository:       Passbolt Server
-  Key Fingerprint:  3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
-  Key Name:         Passbolt SA package signing key <contact@passbolt.com>
-  Key Algorithm:    RSA 2048
-
    - -

    If the fingerprint matches, trust always by answering a to this question:

    - - 
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
-
    - -

    Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

    - - 
      Repository:       php
-  Key Fingerprint:  55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
-  Key Name:         devel:languages:php OBS Project <devel:languages:php@build.opensuse.org>
-  Key Algorithm:    DSA 1024
-
    - -

    Finally, verify and trust openSUSE PHP extensions repository GPG key:

    - - 
      Repository:       php-extensions-x86_64
-  Key Fingerprint:  A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
-  Key Name:         server:php:extensions OBS Project <server:php:extensions@build.opensuse.org>
-  Key Algorithm:    RSA 2048
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on openSUSE Leap 15 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new openSUSE server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown wwwrun:wwwrun /etc/passbolt/passbolt.php
-sudo chown wwwrun:wwwrun /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown wwwrun:wwwrun /etc/passbolt/gpg/serverkey_private.asc
-sudo chown wwwrun:wwwrun /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R wwwrun:wwwrun /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  wwwrun
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u wwwrun /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u wwwrun /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -February -11th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-oraclelinux-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-oraclelinux-server.html deleted file mode 100644 index d68b6f6ba..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-oraclelinux-server.html +++ /dev/null @@ -1,485 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new OracleLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new OracleLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new OracleLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal OracleLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new OracleLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on OracleLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new OracleLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-redhat-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-redhat-server.html deleted file mode 100644 index e3e1fd900..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-redhat-server.html +++ /dev/null @@ -1,485 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new Red Hat server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new Red Hat server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Red Hat server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Red Hat 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Red Hat server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on Red Hat 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new Red Hat server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-rockylinux-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-rockylinux-server.html deleted file mode 100644 index e0af54b75..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-rockylinux-server.html +++ /dev/null @@ -1,485 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new RockyLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new RockyLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new RockyLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal RockyLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new RockyLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt CE RPM package on RockyLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new RockyLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-existing-ce-to-ubuntu-server.html b/docs/hosting/upgrade/ce/migrate-existing-ce-to-ubuntu-server.html deleted file mode 100644 index 8b3cba09a..000000000 --- a/docs/hosting/upgrade/ce/migrate-existing-ce-to-ubuntu-server.html +++ /dev/null @@ -1,421 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt CE to a new Ubuntu server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt CE to a new Ubuntu server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Ubuntu server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Ubuntu 22.04 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Ubuntu server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -You will find the root password on the server in the file /root/.mysql_credentials.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    Migrate data

    - -

    Load the backup files into the new Ubuntu server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown www-data:www-data /etc/passbolt/passbolt.php
-sudo chown www-data:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 4. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 5. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  www-data
-
    - -

    Step 6. Migrate passbolt to the latest version

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 7. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -September -16th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-to-centos.html b/docs/hosting/upgrade/ce/migrate-to-centos.html deleted file mode 100644 index 311e7fba2..000000000 --- a/docs/hosting/upgrade/ce/migrate-to-centos.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - - Passbolt Help | Migrate passbolt CE from install scripts to CentOS 7 package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate passbolt CE from install scripts to CentOS 7 package

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    A CentOS package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS 7 server.
      • -
    • Passbolt installed with the CentOS install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to CentOS 7 is necessary before installing the passbolt CentOS package.

    - - 
    sudo yum upgrade
-
    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-ce-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:nginx /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:nginx /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    6. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the CentOS package using:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    Answer the following way:

    - -
      -
    • No to configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    7. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    8. Cleanup

    - -

    After you have checked you can access your new setup with the CentOS package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u nginx -e
-
    - -

    9. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-to-debian.html b/docs/hosting/upgrade/ce/migrate-to-debian.html deleted file mode 100644 index cc5df9279..000000000 --- a/docs/hosting/upgrade/ce/migrate-to-debian.html +++ /dev/null @@ -1,433 +0,0 @@ - - - - - Passbolt Help | Migrate passbolt CE from install scripts to Debian package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate passbolt CE from install scripts to Debian package

    -
    -
    - - -
    -
    - -

    A Debian package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian 12 server.
      • -
    • Passbolt installed with the Debian install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to Debian 12 is necessary before installing the passbolt Debian package.

    - -

    Here is the official Debian guide to -upgrade your system with a step by step tutorial.

    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    It is recommended at this point to select:

    - -
      -
    • No for mariadb configuration as it is already configured
      • -
    • No to nginx configuration as we will do it at the end
      • -
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:www-data /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:www-data /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    6. PHP-FPM

    - -

    Edit /etc/php/7.4/fpm/pool.d/www.conf and look for the line that looks like this:

    - - 
    listen = 127.0.0.1:9000
-
    - -

    Change it to look like this:

    - - 
    listen = /run/php/php7.4-fpm.sock
-
    - -

    Due to a bug on the install scripts some installations might need to do an additional substitution on /etc/php/7.4/fpm/pool.d/www.conf:

    - -

    Look for the line containing:

    - - 
    listen.group = _WWW_GROUP_
-
    - -

    And change it to look like:

    - - 
    listen.group = www-data
-
    - -

    7. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the Debian package using:

    - - 
    sudo dpkg-reconfigure passbolt-ce-server
-
    - -

    Answer the following way:

    - -
      -
    • No to mariadb configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    8. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    9. Cleanup

    - -

    After you have checked you can access your new setup with the Debian package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u www-data -e
-
    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php7.4-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -2nd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/migrate-to-ubuntu.html b/docs/hosting/upgrade/ce/migrate-to-ubuntu.html deleted file mode 100644 index 293e1bc7b..000000000 --- a/docs/hosting/upgrade/ce/migrate-to-ubuntu.html +++ /dev/null @@ -1,433 +0,0 @@ - - - - - Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate passbolt CE from install scripts to Ubuntu package

    -
    -
    - - -
    -
    - -

    A Ubuntu package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu 20.04 server.
      • -
    • Passbolt installed with the Ubuntu install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to Ubuntu 20.04 is necessary before installing the passbolt Ubuntu package.

    - -

    Here is the official Ubuntu guide to -upgrade your system with a step by step tutorial.

    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt CE and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.ce.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-ce-server
-
    - -

    It is recommended at this point to select:

    - -
      -
    • No for mysql configuration as it is already configured
      • -
    • No to nginx configuration as we will do it at the end
      • -
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:www-data /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:www-data /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    6. PHP-FPM

    - -

    Edit /etc/php/7.4/fpm/pool.d/www.conf and look for the line that looks like this:

    - - 
    listen = 127.0.0.1:9000
-
    - -

    Change it to look like this:

    - - 
    listen = /run/php/php7.4-fpm.sock
-
    - -

    Due to a bug on the install scripts some installations might need to do an additional substitution on /etc/php/7.4/fpm/pool.d/www.conf:

    - -

    Look for the line containing:

    - - 
    listen.group = _WWW_GROUP_
-
    - -

    And change it to look like:

    - - 
    listen.group = www-data
-
    - -

    7. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the Ubuntu package using:

    - - 
    sudo dpkg-reconfigure passbolt-ce-server
-
    - -

    Answer the following way:

    - -
      -
    • No to mysql configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    8. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    9. Cleanup

    - -

    After you have checked you can access your new setup with the Ubuntu package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u www-data -e
-
    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php7.4-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -February -12th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/upgrade-ce.html b/docs/hosting/upgrade/ce/upgrade-ce.html deleted file mode 100644 index 282c1a1e8..000000000 --- a/docs/hosting/upgrade/ce/upgrade-ce.html +++ /dev/null @@ -1,426 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt CE from v1 to v2 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt CE from v1 to v2

    -
    -
    - -
    -
    - -
    -

    - WARNING This involves outdated versions, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING -

    - -
    - -

    This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into passbolt CE v2.x.

    - -
    -

    - Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -

    System requirements

    - -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.3.0
      • -
    • MariaDB/Mysql >= 5.5.59
      • -
    • Composer
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Upgrade with a new server

    - -

    Considering that the system requirements haved it may make sense for you to upgrade on a fresh server. -If that is what you want to do, copy the v1 backup files to your new server, import your passbolt -database into your new server and proceed like you were upgrading on the same server, with the process described below.

    - -

    Upgrade from the same server

    - -

    In the following examples we assume you are running passbolt v1 using apache in the /var/www/passbolt -directory. You will need to replace these values with your local environment settings.

    - -

    1. Make sure you have the latest v1.x version

    -

    If you do not have the latest version, please follow the regular v1 udpate process. -We’ll also assume you have a web server that match the system requirements.

    - - 
    /var/www/passbolt$ cat app/Config/version.php  | grep number
-'number' => '1.6.10'
-
    - -

    2. Take your site offline

    -

    There are multiple ways of doing that, the simplest is sending a notice by email to your users -and stopping your webserver. The better approach would be to create a temporary html file and -redirect your passbolt user there.

    - -

    3. Download the v2

    -

    Open a shell with the same user as your web server user. (usually, www-data for apache, nginx for nginx)

    - - 
    /var/www$ su -s /bin/bash www-data
-
    - -

    Replace the previous passbolt by the new version.

    - - 
    /var/www$ mv ./passbolt ./passbolt_old
-/var/www$ git clone https://github.com/passbolt/passbolt_api.git ./passbolt
-
    - -

    4. Install the dependencies

    - 
    /var/www$ cd ./passbolt
-/var/www/passbolt$ composer install --no-dev
-
    - -

    5. Copy the avatar folder

    - 
    /var/www/passbolt$ cp -R ../passbolt_old/app/webroot/img/public/* ./webroot/img/public/.
-/var/www/passbolt$ mv ./webroot/img/public/images/ProfileAvatar ./webroot/img/public/images/Avatar
-
    - -

    6. Copy the server gpg key

    - 
    /var/www/passbolt$ cp ../passbolt_old/app/Config/gpg/* config/gpg/.
-
    - -

    7. Create a passbolt configuration file

    - -

    The name and values in the main configuration file have changed. Everything is now located in one file called -config/passbolt.php. Do not copy your v1 configuration files, instead you need to create a new one:

    - - 
    /var/www/passbolt$ cp config/passbolt.default.php config/passbolt.php
-/var/www/passbolt$ nano config/passbolt.php
-
    - -

    Even if the format has changed the information needed are pretty much the same than v1. -You will need to set at least the following:

    -
      -
    • Application full base url
      • -
    • Database configuration
      • -
    • Email settings
      • -
    • Server OpenPGP key fingerprint.
      • -
    - -

    You can also set your configuration using environment variables. -Check config/default.php to get the names of the environment variables.

    - -

    8. Run the migration script

    - -

    The structure of the database changed in version 2. Make sure you run the following script to migrate your -data to the new format.

    - - 
    /var/www/passbolt$ ./bin/cake passbolt migrate
-
    - -

    Optionally you can also run the health check to see if everything is fine.

    - - 
    $ sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data
-
    - -

    9. Modify the cron job to send emails

    - -

    Modify the cronjob entry you had added for passbolt CE v1 :

    - 
    * * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log
-
    - -

    into this one:

    - 
    * * * * * /var/www/passbolt/bin/cake EmailQueue.sender > /var/log/passbolt.log
-
    - -

    10. Get your service back online

    - -

    Edit your apache or nginx to point to the new directory and bring your service back online.

    - 
    $ nano /etc/apache2/sites-enabled/001-default.conf
-$ service apache2 restart
-
    - -
    -

    Last updated

    -

    This article was last updated on -March -14th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Available on docker hub

    -

    - - Docker Logo - -

    - - Get passbolt container! - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -

    We highly recommend that you install https on your server. You can get a free SSL certificate with the let's encrypt initiative.

    - - let's encrypt! - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/ce/upgrade-docker-ce.html b/docs/hosting/upgrade/ce/upgrade-docker-ce.html deleted file mode 100644 index 28487f2df..000000000 --- a/docs/hosting/upgrade/ce/upgrade-docker-ce.html +++ /dev/null @@ -1,428 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt docker from v1 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt docker from v1

    -
    -
    - -
    -
    - -

    This tutorial covers the case where you want to upgrade your current docker installation of passbolt CE v1.x into passbolt CE v2.x.

    - -
    -

    - Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -

    Upgrade from v1.6.10-debian

    - -

    Passbolt v2 introduces several changes that are important to keep in mind when upgrading:

    - -

    Changes: Environment variables

    - -

    The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables:

    - - 
    DB_USER is now DATASOURCES_DEFAULT_USERNAME
-DB_HOST is now DATASOURCES_DEFAULT_HOST
-
    -

    There is a more detailed list in passbolt_docker README file.

    - -

    Changes: Configuration files

    - -

    No more core.php, email.php or database.php. -Any user that does not want to use environment variables must configure passbolt using:

    - 
    /var/www/passbolt/config/passbolt.php
-
    -

    Passbolt will look for for configuration values in passbolt.php. Wether passbolt.php does not exist or the configuration section is not defined on it, passbolt will then look for configuration details in default.php which relies on environment variables/default values. -Gpg config directory has changed slightly its path from:

    - - 
    /var/www/passbolt/app/Config/gpg/ to /var/www/passbolt/config/gpg
-
    - -

    Gpg default server key file names also changed:

    - - 
    serverkey.private.asc to serverkey_private.asc
-
    - -

    Changes: www user

    - -

    Passbolt container is now running under the www-data user

    - -

    Changes: images directory

    - -

    Path to the images directory is different:

    - - 
    /var/www/passbolt/app/webroot/img/public/images to /var/www/passbolt/webroot/img/public/images
-
    - -

    Users must also rename ProfileAvatar to Avatar directory inside public/images in order to see images in passbolt v2

    - -

    Changes: supervisor

    - -

    In order to manage the running process in passbolt container we introduced supervisord. Users are now able to restart passbolt container processes using:

    - - 
    $ docker exec passbolt supervisorctl restart <php-fpm|nginx|cron>
-
    - -

    Now that we have a better overview of the changes let’s start with the upgrading process!

    - -

    Backup MariaDB database

    - -

    First of all is encouraged to backup all the relevant data that is:

    -
      -
    • Database
      • -
    • Images
      • -
    • Server public and private keys
      • -
    - -

    You might want to check the detailed backup list for v1

    - -

    There are multiple ways to backup your database following there is an example using the passbolt container:

    - 
    $ docker exec passbolt mysqldump -h <db_host> \
-                                 -u passbolt \
-                                 -pP4ssb0lt \
-                                 passbolt > dump.sql
-
    - -

    This will output a dump.sql file on the host machine.

    - -

    Backup images directory

    - -

    If you are mounting the images directory using a bind mount just copy the host image directory in a safe location. -If you are using docker volumes to persist your images directory, or not persisting the images directory at all, you can execute the following to copy your images to the host machine.

    - - 
    $ docker cp passbolt:/var/www/app/webroot/img/public public_images_backup
-
    -

    This will output a public_images_directory with the images stored in the passbolt container.

    - -

    Backup gpg keys

    - -

    As with the previous section you can proceed exactly the same with the gpg keys:

    - - 
    $ docker cp passbolt:/var/www/app/Config/gpg/ gpg_keys_backup
-
    - -

    This will output a gpg_keys_backup directory with the contents of the gpg configuration folder of passbolt.

    - -

    Upgrade using latest v1 version (1.6.10)

    - -

    Passbolt v2 will run the database migrations if needed when starting up. Users just need to provide the gpg keys, configuration files/env variables and images. -Following some examples:

    - -

    Using host bind mounts

    - -

    Users that use host bind mounts from host machine into docker file must adjust paths of the mounted files:

    - -

    In the following snippet:

    -
      -
    • passbolt_images_dir: path to a host directory that contains passbolt images Avatar directory.
      • -
    • gpg_host_dir: path to a host directory that contains serverkey.asc and serverkey_private.asc
      • -
    - - 
    $ docker run --name passbolt --net passbolt_network \
-             --mount type=bind, \
-               source=<passbolt_images_dir>,\
-               target=/var/www/passbolt/webroot/img \
-             --mount type=bind, \
-               source=<gpg_host_dir>, \
-               target=/var/www/passbolt/config/gpg \
-             -p 443:443 \
-             -p 80:80 \
-             -e DATASOURCES_DEFAULT_HOST=mariadb \
-             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
-             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
-             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
-             -e APP_FULL_BASE_URL=https://mydomain.com \
-             passbolt/passbolt:latest
-
    - -

    Using docker volumes

    - -

    Users that use docker volumes should adjust their volumes paths.

    - - 
    $ docker run --name passbolt --net passbolt_network \
-             --mount source=<passbolt_images_volume>,\
-               target=/var/www/passbolt/webroot/img \
-             --mount source=<gpg_keys_volume>, \
-               target=/var/www/passbolt/config/gpg \
-             -p 443:443 \
-             -p 80:80 \
-             -e DATASOURCES_DEFAULT_HOST=mariadb \
-             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
-             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
-             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
-             -e APP_FULL_BASE_URL=https://mydomain.com \
-             passbolt/passbolt:latest
-
    - -
    -

    Last updated

    -

    This article was last updated on -April -10th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when installing passbolt?

    - - Ask the community! - -
    - -
    -

    Available on docker hub

    -

    - - Docker Logo - -

    - - Get passbolt container! - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -

    We highly recommend that you install https on your server. You can get a free SSL certificate with the let's encrypt initiative.

    - - let's encrypt! - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/from-debian-10-to-debian-11-pro.html b/docs/hosting/upgrade/pro/from-debian-10-to-debian-11-pro.html deleted file mode 100644 index f52da6e2b..000000000 --- a/docs/hosting/upgrade/pro/from-debian-10-to-debian-11-pro.html +++ /dev/null @@ -1,424 +0,0 @@ - - - - - Passbolt Help | Upgrade from Debian 10 to Debian 11 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from Debian 10 to Debian 11

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A Debian 10 server.
      • -
    • Passbolt Debian package installed.
      • -
    • Ensure you have sufficient space for the upgrade.
      • -
    - -

    This manual has for aim to help you upgrade your distribution, but it does not replace -the official Debian guide, please refer to it if you have any doubt.

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Prepare repositories

    - -

    3.1. Upgrade the OS and other third party repositories

    - -

    Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 11. This can be easily done with sed:

    - - 
    sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list
-sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/*.list
-
    - -

    Take care of the debian security repository !! The format has changed and the correct one is now, edit the file -/etc/apt/sources.list and update the security repositories as following:

    - - 
    deb https://security.debian.org/debian-security bullseye-security main
-deb-src https://security.debian.org/debian-security bullseye-security main
-
    - -

    3.2. Remove the old passbolt repository source

    - -

    With Debian 11 apt-key is now deprecated and with this change let’s migrate to -the new source-file format (DEB822).

    - -

    Remove the old passbolt source-file:

    - - 
    sudo rm /etc/apt/sources.list.d/passbolt.list
-
    - -

    Remove the passbolt GnuPG key from apt-key:

    - - 
    sudo apt-key del 0xDE8B853FC155581D
-
    - -

    3.3. Retrieve and store the passbolt GnuPG repository key

    - -

    Retrieve passbolt repository package official GnuPG key from hkps://keys.mailvelope.com, hkps://pgp.mit.edu or hkps://keys.gnupg.net:

    - - 
    gpg --keyserver hkps://keys.mailvelope.com --receive-keys 0xDE8B853FC155581D 
-
    - -

    Check that the GPG fingerprint matches 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D:

    - - 
    gpg --list-key --with-fingerprint 0xDE8B853FC155581D
-
    - -

    It must return:

    - - 
    pub   rsa2048 2020-05-18 [SC] [expires: 2022-05-18]
-      3D1A 0346 C8E1 802F 774A  EF21 DE8B 853F C155 581D
-uid           [ unknown] Passbolt SA package signing key <contact@passbolt.com>
-sub   rsa2048 2020-05-18 [E] [expires: 2022-05-18]
-
    - -

    Stock the passbolt GnuPG key on disk for later use:

    - - 
    gpg --export 0xDE8B853FC155581D | sudo tee \
-  /usr/share/keyrings/passbolt-repository.gpg >/dev/null
-
    - -

    3.4. Add the new passbolt repository source

    - -

    Create a new repository source-file following the format DEB822 for passbolt.

    - - 
    cat << EOF | sudo tee /etc/apt/sources.list.d/passbolt.sources > /dev/null
-Types: deb
-URIs: https://download.passbolt.com/pro/debian
-Suites: buster
-Components: stable
-Signed-By: /usr/share/keyrings/passbolt-repository.gpg
-EOF
-
    - -

    4. Upgrade your system

    - -

    Update the apt indexes :

    - - 
    sudo apt update
-
    - -

    You can now upgrade your system :

    - - 
    # Upgrade first
-sudo apt upgrade
-
-# Then perform the dist-upgrade
-sudo apt dist-upgrade
-
    - -

    5. Update passbolt nginx configuration

    - -

    As php-fpm has been upgraded from 7.3 to 7.4, nginx configuration has to be updated accordingly.

    - -

    It can easily be done with sed :

    - - 
    sudo sed -i 's/php7.3-fpm/php-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf
-
    - -

    Check if you have no configuration issue :

    - - 
    sudo nginx -t
-
    - -

    It should return:

    - - 
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
    - -

    You can now safely reload the nginx web server:

    - - 
    sudo systemctl reload nginx.service
-
    - -

    6. Reboot your server

    - -

    With Debian 11 comes a new Linux kernel, you must reboot your server.

    - -

    7. Clean useless packages

    - -

    Once the server rebooted on the new kernel, you can now remove useless packages:

    - - 
    sudo apt autoremove --purge
-sudo apt autoclean
-
    - -

    8. Troubleshooting

    - -

    MariaDB went missing

    - -

    It is possible your MariaDB instance has been uninstalled. You can install it back:

    - - 
    sudo apt install default-mysql-server
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -3rd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/from-debian-11-to-debian-12-pro.html b/docs/hosting/upgrade/pro/from-debian-11-to-debian-12-pro.html deleted file mode 100644 index 8dfa4f802..000000000 --- a/docs/hosting/upgrade/pro/from-debian-11-to-debian-12-pro.html +++ /dev/null @@ -1,407 +0,0 @@ - - - - - Passbolt Help | Upgrade from Debian 11 to Debian 12 - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from Debian 11 to Debian 12

    -
    -
    - - -
    -
    - -

    Prerequisites

    - -

    For this tutorial, you will need:

    -
      -
    • A Debian 11 server.
      • -
    • Passbolt Debian package installed.
      • -
    • Ensure you have sufficient space for the upgrade.
      • -
    - -

    This manual has for aim to help you upgrade your distribution, but it does not replace -the official Debian guide, please refer to it if you have any doubt.

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Prepare repositories

    - -

    3.1. Upgrade the OS and other third party repositories

    - -

    Prior to upgrading the system, ensure the OS as well as the third party repositories ar now targeting -Debian 12. This can be easily done with sed:

    - - 
    sudo sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
-
    - -

    Please, take a moment with: cat /etc/apt/sources.list to ensure that there is not any bullseye left on this file. You should expect something like what’s shown below.

    - - 
    # deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main
-
-#deb cdrom:[Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-1 20221217-10:40]/ bookworm contrib main
-
-deb http://httpredir.debian.org/debian/ bookworm main
-deb-src http://httpredir.debian.org/debian/ bookworm main
-
-deb http://security.debian.org/debian-security bookworm-security main contrib
-deb-src http://security.debian.org/debian-security bookworm-security main contrib
-
-# bookworm-updates, to get updates before a point release is made;
-# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
-deb http://httpredir.debian.org/debian/ bookworm-updates main contrib
-deb-src http://httpredir.debian.org/debian/ bookworm-updates main contrib
-
-
    - -

    4. Upgrade your system

    - -

    Update the apt indexes :

    - - 
    sudo apt update
-
    - -

    Upgrade Passbolt PRO :

    - 
    sudo apt --only-upgrade install passbolt-pro-server
-
    - -
    -

    - You are using Passbolt CE? Run sudo apt --only-upgrade install passbolt-ce-server -

    - -
    - -

    You can now upgrade your system :

    - - 
    # Upgrade first
-sudo apt upgrade
-
-# Then perform the dist-upgrade
-sudo apt dist-upgrade
-
    - -

    4.1. Ensure that you are running the correct distributions

    - -

    In order to verify the distribution :

    - - 
    lsb_release -a
-
    - -

    4.2. Ensure that you are running the correct PHP 8.2 version

    - -

    To verify the PHP version :

    - - 
    php -v
-
    - -

    5. Update passbolt nginx configuration

    - -

    As php-fpm has been upgraded from 7.4 to 8.2, nginx configuration has to be updated accordingly.

    - -

    It can easily be done with sed :

    - - 
    sudo sed -i 's/php7.4-fpm/php8.2-fpm/g' /etc/nginx/sites-enabled/nginx-passbolt.conf
-
    - -

    Check if you have no configuration issue :

    - - 
    sudo nginx -t
-
    - -

    It should return:

    - - 
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
    - -

    You can now safely restart the nginx web server and php-fpm:

    - - 
    sudo systemctl restart nginx
-sudo systemctl restart php8.2-fpm
-
    - -

    6. Reboot your server

    - -

    With Debian 12 comes a new Linux kernel, you must reboot your server.

    - -

    7. Clean useless packages

    - -

    Once the server rebooted on the new kernel, you can now remove useless packages:

    - - 
    sudo apt autoremove --purge
-sudo apt autoclean
-
    - -

    8. Troubleshooting

    - -

    MariaDB went missing

    - -

    It is possible your MariaDB instance has been uninstalled. You can install it back:

    - - 
    sudo apt install default-mysql-server
-
    - -
    -

    Last updated

    -

    This article was last updated on -June -29th, -2023.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-almalinux-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-almalinux-server.html deleted file mode 100644 index df95a6deb..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-almalinux-server.html +++ /dev/null @@ -1,494 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new AlmaLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new AlmaLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new AlmaLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal AlmaLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new AlmaLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on AlmaLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new AlmaLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-centos-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-centos-server.html deleted file mode 100644 index 02b43a198..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-centos-server.html +++ /dev/null @@ -1,500 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new CentOS server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new CentOS server

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    This document describes how to migrate an existing passbolt to a new CentOS server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal CentOS 7 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new CentOS server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on CentOS 7 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new CentOS server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-debian-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-debian-server.html deleted file mode 100644 index 97f85da6e..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-debian-server.html +++ /dev/null @@ -1,430 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new Debian server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new Debian server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Debian server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Debian 12 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Debian server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -You will find the root password on the server in the file /root/.mysql_credentials.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

    - - - -

    Migrate data

    - -

    Load the backup files into the new Debian server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown www-data:www-data /etc/passbolt/passbolt.php
-sudo chown www-data:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  www-data
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -2nd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-docker.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-docker.html deleted file mode 100644 index 057d8a0be..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-docker.html +++ /dev/null @@ -1,395 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new Docker - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new Docker

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A new server with Docker
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new server

    - -

    Create a fresh new Passbolt instance on Docker following this documentation.

    - -

    Migrate the data

    - -

    Stop running containers

    - -

    At this step, you should have a running empty Passbolt instance running on your server. We will now stop it and delete the database volume.

    - -

    If you have chosen the docker-compose install, you just have to delete the volumes you created with this command (don’t forget the -v):

    - - 
    docker-compose -f docker-compose-pro.yaml down -v
-
    - -

    If you have chosen to run docker containers, stop them and delete the database volume:

    - - 
    docker stop passbolt-container-name
-docker stop passbolt-database-name
-docker volume rm passbolt-database-volume-name
-
    - -

    Of course, replace containers and volume name with your own !

    - -

    Restore your database

    - -

    According to MariaDB documentation on Docker Hub:

    - - 
    When a container is started for the first time, a new database with the specified name will be created and initialized with the provided configuration variables.
-
-Furthermore, it will execute files with extensions .sh, .sql, .sql.gz, and .sql.xz that are found in /docker-entrypoint-initdb.d. Files will be executed in alphabetical order. .sh files without file execute permission are sourced rather than executed.
-
-You can easily populate your mariadb services by mounting a SQL dump into that directory and provide custom images with contributed data. SQL files will be imported by default to the database specified by the MARIADB_DATABASE / MYSQL_DATABASE variable.
-
    - -

    This means you just have to mount your database backup file on /docker-entrypoint-initdb.d folder of the database container.

    - -

    Edit your docker-compose-pro.yaml file and add a volume mount in the db service:

    - - 
    volumes:
-  - database_volume:/var/lib/mysql
-  - ./path/to/your/database/dump.sql:/docker-entrypoint-initdb.d/dump.sql
-
    - -

    Set your GPG server keys fingerprint and email

    - -

    In the scope of a migration to docker, you need to add 2 environment variables to the passbolt service -related to the GPG server keys fingerprint and email address.

    - -

    Get them from your backed up keys:

    - - 
    $ gpg --show-keys /path/to/serverkey.asc
-pub   rsa2048 2022-01-20 [SC]
-      43F978AFF88B53F5ABBD12C87D5E40A4C43926ED
-uid                      Passbolt default user <passbolt@yourdomain.com>
-sub   rsa2048 2022-01-20 [E]
-
    - -

    In the above output, fingerprint is 43F978AFF88B53F5ABBD12C87D5E40A4C43926ED and email address is passbolt@yourdomain.com.

    - -

    Add the environment variables in your docker-compose-pro.yaml file (replace with your own values):

    - - 
    services:
-  passbolt:
-    environment:
-      PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "43F978AFF88B53F5ABBD12C87D5E40A4C43926ED"
-      PASSBOLT_KEY_EMAIL: "passbolt@yourdomain.com"
-
    - -

    Start your containers

    - -

    You can now start your database and passbolt containers, your database will be restored at the database container start.

    - -

    Restore GPG server keys

    - -

    Copy the GPG you backed up in your container:

    - - 
    docker cp serverkey_private.asc your-passbolt-container:/etc/passbolt/gpg/serverkey_private.asc
-docker cp serverkey.asc your-passbolt-container:/etc/passbolt/gpg/serverkey.asc
-
    - -

    Then set correct rights:

    - - 
    docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-docker exec -it your-passbolt-container chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey.asc
-docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Restore avatars (if you are coming from prior 3.2)

    - -
    -

    - This step is needed only if you come from Passbolt version prior to 3.2. Since 3.2, avatars are stored in database -

    - -
    - -

    Extract the avatars to the Passbolt docker container:

    - - 
    cat passbolt-avatars.tar.gz | docker exec -i your-passbolt-container tar -C /usr/share/php/passbolt/ -xzf -
-
    - -

    Then set correct rights to the avatars:

    - - 
    docker exec -it your-passbolt-container chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/avatar
-
    - -

    That’s it

    - -

    If your passbolt URL has changed, you will have to proceed to an account recovery.

    - -
    -

    Last updated

    -

    This article was last updated on -September -29th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-fedora-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-fedora-server.html deleted file mode 100644 index eafa3d2a5..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-fedora-server.html +++ /dev/null @@ -1,494 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new Fedora server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new Fedora server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Fedora server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Fedora 37 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Fedora server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on Fedora 37 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new Fedora server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-opensuse-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-opensuse-server.html deleted file mode 100644 index e2c0c7d35..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-opensuse-server.html +++ /dev/null @@ -1,515 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new openSUSE server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new openSUSE server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new openSUSE server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal openSUSE Leap 15 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new openSUSE server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo zypper install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
      Repository:       Passbolt Server
-  Key Fingerprint:  3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
-  Key Name:         Passbolt SA package signing key <contact@passbolt.com>
-  Key Algorithm:    RSA 2048
-
    - -

    If the fingerprint matches, trust always by answering a to this question:

    - - 
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
-
    - -

    Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

    - - 
      Repository:       php
-  Key Fingerprint:  55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
-  Key Name:         devel:languages:php OBS Project <devel:languages:php@build.opensuse.org>
-  Key Algorithm:    DSA 1024
-
    - -

    Finally, verify and trust openSUSE PHP extensions repository GPG key:

    - - 
      Repository:       php-extensions-x86_64
-  Key Fingerprint:  A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
-  Key Name:         server:php:extensions OBS Project <server:php:extensions@build.opensuse.org>
-  Key Algorithm:    RSA 2048
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on openSUSE Leap 15 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new openSUSE server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown wwwrun:wwwrun /etc/passbolt/passbolt.php
-sudo chown wwwrun:wwwrun /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown wwwrun:wwwrun /etc/passbolt/gpg/serverkey_private.asc
-sudo chown wwwrun:wwwrun /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R wwwrun:wwwrun /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  wwwrun
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u wwwrun /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u wwwrun /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -February -11th, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-oraclelinux-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-oraclelinux-server.html deleted file mode 100644 index 6165b5553..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-oraclelinux-server.html +++ /dev/null @@ -1,494 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new OracleLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new OracleLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new OracleLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal OracleLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new OracleLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on OracleLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new OracleLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-redhat-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-redhat-server.html deleted file mode 100644 index ce4d46e81..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-redhat-server.html +++ /dev/null @@ -1,494 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new Red Hat server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new Red Hat server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Red Hat server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Red Hat 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Red Hat server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on Red Hat 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new Red Hat server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-rockylinux-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-rockylinux-server.html deleted file mode 100644 index 93f8cbb9e..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-rockylinux-server.html +++ /dev/null @@ -1,494 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new RockyLinux server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new RockyLinux server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new RockyLinux server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal RockyLinux 8 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new RockyLinux server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo dnf install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    MariaDB / Nginx / SSL settings

    - -

    Passbolt PRO RPM package on RockyLinux 8 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

    - -

    You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

    - -

    Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

    - -

    Launch passbolt-configure tool and answer to the questions:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    MariaDB

    - - 
    ================================================================
-Do you want to configure a local mariadb server on this machine?
-================================================================
-1) yes
-2) no
-#?
-
    - -

    Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

    - -

    If you chose yes, answer the questions:

    - - 
    =======================================================
-Please enter a new password for the root database user:
-=======================================================
-MariaDB Root Password: ****
-MariaDB Root Password (verify): ****
-======================================================
-Please enter a name for the passbolt database username
-======================================================
-Passbolt database user name:passboltuser
-=======================================================
-Please enter a new password for the mysql passbolt user
-=======================================================
-MariaDB passbolt user password: ****
-MariaDB passbolt user password (verify): ****
-==============================================
-Please enter a name for the passbolt database:
-==============================================
-Passbolt database name:passboltdb
-
    - -

    Haveged

    - -

    On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

    - -

    You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

    - - 
    ==================
-Install Haveged ?
-==================
-1) yes
-2) no
-#?
-
    - -

    Nginx

    - -

    Please enter the domain name under which passbolt will run.

    - -

    Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

    - -

    If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

    - - 
    =========
-Hostname: passbolt.domain.tld
-=========
-
    - -

    SSL configuration

    - -

    3 available choices for SSL configuration:

    - -
      -
    • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
      • -
    • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
      • -
    • none: Do not setup HTTPS at all
      • -
    - - 
    ==================
-Setting up SSL...
-==================
-1) manual
-2) auto
-3) none
-#?
-
    - -

    If you choose 1, you will be prompted for the full path of your certificates:

    - - 
    Enter the path to the SSL certificate: /path/to/certs/cert.pem
-Enter the path to the SSL privkey: /path/to/certs/key.pem
-
    - -

    Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

    - - 
    ===============================================================
-Installation is almost complete. Please point your browser to
-  https://passbolt.domain.tld to complete the process
-===============================================================
-
    - -

    Migrate data

    - -

    Load the backup files into the new RockyLinux server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown nginx:nginx /etc/passbolt/passbolt.php
-sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
-sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  nginx
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-ubuntu-server.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-ubuntu-server.html deleted file mode 100644 index d99981c60..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-ubuntu-server.html +++ /dev/null @@ -1,430 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to a new Ubuntu server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to a new Ubuntu server

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Ubuntu server.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    • A minimal Ubuntu 22.04 new server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the new Ubuntu server

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    Configure mysql

    - -

    If not instructed otherwise passbolt ubuntu package will install mysql-server locally. This step will help you create -an empty mysql database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mysql admin user to create a new database. -You will find the root password on the server in the file /root/.mysql_credentials.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mysql user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Configure nginx for serving HTTPS

    - -

    Depending on your needs there are two different options to setup nginx and SSL using the Ubuntu package:

    - - - -

    Migrate data

    - -

    Load the backup files into the new Ubuntu server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown www-data:www-data /etc/passbolt/passbolt.php
-sudo chown www-data:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  www-data
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    - -
    -

    Last updated

    -

    This article was last updated on -September -16th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-existing-pro-to-virtual-machine.html b/docs/hosting/upgrade/pro/migrate-existing-pro-to-virtual-machine.html deleted file mode 100644 index b4e8fbecd..000000000 --- a/docs/hosting/upgrade/pro/migrate-existing-pro-to-virtual-machine.html +++ /dev/null @@ -1,468 +0,0 @@ - - - - - Passbolt Help | Migrate an existing Passbolt PRO to Virtual Machine - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate an existing Passbolt PRO to Virtual Machine

    -
    -
    - - -
    -
    - -

    This document describes how to migrate an existing passbolt to a new Virtual Machine Appliance.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • Passbolt installed on an old server
      • -
    - -

    Backup the existing data

    - -

    Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

    - -

    Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

    - -

    Don’t delete the existing instance yet!

    - -

    Prepare the Virtual Machine Appliance for migration

    - -
    -

    - While configuring the database ensure you are configuring the database as it was on your previous server, check the backup of the file passbolt.php for the configuration details. -

    - -
    - -

    Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and start enjoying Passbolt Pro. -The VM includes the following software:

    -
      -
    • Debian 12
      • -
    • Nginx
      • -
    • Php-fpm
      • -
    • Mariadb
      • -
    • Passbolt Pro preinstalled
      • -
    • certbot
      • -
    - -

    1. Getting started with Passbolt Pro VM

    - -

    1.1 Download

    - -

    Download the ova and the SHA512SUM.txt:

    - - - -

    Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files.

    - -

    Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM’s settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process.

    - -

    1.2 Credentials

    - -

    The appliance performs some actions on the first boot:

    -
      -
    • Creates ssh host keys
      • -
    • Enables ssh
      • -
    • Creates a set of random mariadb credentials for the mariadb server installed on the appliance
      • -
    • Creates an empty database where passbolt can be installed.
      • -
    - -

    For the first login the appliance comes with the following ssh default credentials:

    - - 
    VM login credentials:
-username: passbolt
-password: admin
-
    - -

    The passbolt user is part of sudo group. There is no root password, so you cannot -login in as root. You can however create a shell as root with the default user:

    - 
    sudo -s
-
    - -

    Configure the OVA Services

    - -

    Reconfigure the Passbolt package:

    - - 
    sudo dpkg-reconfigure passbolt-pro-server
-
    - -

    Configure mariadb

    - -

    If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create -an empty mariadb database for passbolt to use.

    - -
    - Configure database dialog - fig. Configure database dialog -
    - -

    The configuration process will ask you for the credentials of the mariadb admin user to create a new database. -You will find the root password on the server in the file /root/.mysql_credentials.

    - -
    - Database admin user dialog - fig. Database admin user dialog -
    - -
    - Database admin user pass dialog - fig. Database admin user pass dialog -
    - -

    Now we need to create a mariadb user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

    - -
    - Database passbolt user dialog - fig. Database passbolt user dialog -
    - -
    - Database passbolt user pass dialog - fig. Database passbolt user pass dialog -
    - -

    Lastly we need to create a database for passbolt to use, for that we need to name it:

    - -
    - Database name dialog - fig. Database name dialog -
    - -

    Depending on your needs there are two different options to setup nginx and SSL using the debian package:

    - - - -

    Once you’re done, restart the nginx server:

    - - 
    sudo systemctl restart nginx
-
    - -

    Migrate data

    - -

    Load the backup files into the new Debian server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

    - -

    You should have:

    - -
      -
    • -

      Your subscription key

      -
      • -
    • the private and public GPG key
      • -
    • Your database dump
      • -
    • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2
      • -
    - -

    Step 1. Create the subscription key file

    - -

    You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

    - 
    nano /etc/passbolt/subscription_key.txt
-
    - -

    Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/passbolt.php /etc/passbolt
-sudo chown www-data:www-data /etc/passbolt/passbolt.php
-sudo chown www-data:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 440 /etc/passbolt/passbolt.php
-
    - -

    Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

    - - 
    sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
-sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
-sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
-sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
-
    - -

    Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

    - - 
    sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
-sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public
-
    - -

    Step 5. Load the database

    - - 
    mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
-
    - -

    Step 6. Import the server key

    - - 
    sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc"  www-data
-
    - -

    Step 7. Migrate passbolt to the latest version

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    Step 8. Test passbolt

    - -

    Try to access your passbolt application with your browser.

    - -

    If you are encountering any issues, you can run the following command to assess the status of your instance:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
-
    -
    -

    Last updated

    -

    This article was last updated on -September -16th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-to-centos.html b/docs/hosting/upgrade/pro/migrate-to-centos.html deleted file mode 100644 index 4a7662520..000000000 --- a/docs/hosting/upgrade/pro/migrate-to-centos.html +++ /dev/null @@ -1,425 +0,0 @@ - - - - - Passbolt Help | Migrate passbolt PRO from install scripts to CentOS 7 package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate passbolt PRO from install scripts to CentOS 7 package

    -
    -
    - - -
    -
    -
    -

    - Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. -

    - -
    - -

    A CentOS package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal CentOS 7 server.
      • -
    • Passbolt installed with the CentOS install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to CentOS 7 is necessary before installing the passbolt CentOS package.

    - - 
    sudo yum upgrade
-
    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo yum install passbolt-pro-server
-
    - -

    During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

    - - 
    Importing GPG key 0xC155581D:
- Userid     : "Passbolt SA package signing key <contact@passbolt.com>"
- Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
- From       : https://download.passbolt.com/pub.key
-
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:nginx /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:nginx /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    5.4. Copy the subscription key

    - -

    Copy subscription key as following:

    - - 
    sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt
-sudo chown root:nginx /etc/passbolt/subscription_key.txt
-sudo chmod g-w /etc/passbolt/subscription_key.txt
-
    - -

    6. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the CentOS package using:

    - - 
    sudo /usr/local/bin/passbolt-configure
-
    - -

    Answer the following way:

    - -
      -
    • No to configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    7. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    8. Cleanup

    - -

    After you have checked you can access your new setup with the CentOS package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u nginx -e
-
    - -

    9. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -26th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues when updating passbolt?

    - - Ask the community! - -
    - -
    -

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-to-debian.html b/docs/hosting/upgrade/pro/migrate-to-debian.html deleted file mode 100644 index abe43c949..000000000 --- a/docs/hosting/upgrade/pro/migrate-to-debian.html +++ /dev/null @@ -1,437 +0,0 @@ - - - - - Passbolt Help | Migrate from install scripts to Debian package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate from install scripts to Debian package

    -
    -
    - - -
    -
    - -

    A Debian package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian 12 server.
      • -
    • Passbolt installed with the Debian install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to Debian 12 is necessary before installing the passbolt Debian package.

    - -

    Here is the official Debian guide to -upgrade your system with a step by step tutorial.

    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    It is recommended at this point to select:

    - -
      -
    • No for mariadb configuration as it is already configured
      • -
    • No to nginx configuration as we will do it at the end
      • -
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:www-data /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:www-data /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    5.4. Copy the subscription key

    - -

    Copy subscription key as following:

    - - 
    sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt
-sudo chown root:www-data /etc/passbolt/subscription_key.txt
-sudo chmod g-w /etc/passbolt/subscription_key.txt
-
    - -

    6. PHP-FPM

    - -

    Edit /etc/php/7.4/fpm/pool.d/www.conf and look for the line that looks like this:

    - - 
    listen = 127.0.0.1:9000
-
    - -

    Change it to look like this:

    - - 
    listen = /run/php/php7.4-fpm.sock
-
    - -

    Due to a bug on the install scripts some installations might need to do an additional substitution on /etc/php/7.4/fpm/pool.d/www.conf:

    - -

    Look for the line containing:

    - - 
    listen.group = _WWW_GROUP_
-
    - -

    And change it to look like:

    - - 
    listen.group = www-data
-
    - -

    7. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the Debian package using:

    - - 
    sudo dpkg-reconfigure passbolt-pro-server
-
    - -

    Answer the following way:

    - -
      -
    • No to mariadb configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    8. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    9. Cleanup

    - -

    After you have checked you can access your new setup with the Debian package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u www-data -e
-
    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php7.4-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -2nd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/migrate-to-ubuntu.html b/docs/hosting/upgrade/pro/migrate-to-ubuntu.html deleted file mode 100644 index 085ea57eb..000000000 --- a/docs/hosting/upgrade/pro/migrate-to-ubuntu.html +++ /dev/null @@ -1,437 +0,0 @@ - - - - - Passbolt Help | Migrate from install scripts to Ubuntu package - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Migrate from install scripts to Ubuntu package

    -
    -
    - - -
    -
    - -

    A Ubuntu package has been created to increase the ease of installing and upgrading passbolt.

    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu 22.04 server.
      • -
    • Passbolt installed with the Ubuntu install script.
      • -
    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    sudo systemctl stop nginx
-
    - -

    2. Backup your instance

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upgrade your system

    - -

    Passbolt requires PHP 7.4 and supports PHP 8.2.

    - -

    A full system upgrade to Ubuntu 22.04 is necessary before installing the passbolt Ubuntu package.

    - -

    Here is the official Ubuntu guide to -upgrade your system with a step by step tutorial.

    - -

    4. Install the package

    - -

    Package repository setup

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    Install passbolt official linux package

    - - 
    sudo apt install passbolt-pro-server
-
    - -

    It is recommended at this point to select:

    - -
      -
    • No for mysql configuration as it is already configured
      • -
    • No to nginx configuration as we will do it at the end
      • -
    - -

    5. Copy existing configuration to the new location

    - -

    5.1. Copy the server keys

    - -

    Copy the GPG server keys as following:

    - 
    sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
-sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
-sudo chown -R root:www-data /etc/passbolt/gpg
-sudo chmod g-w /etc/passbolt/gpg
-
    - -

    5.2. Copy the passbolt configuration

    - -

    Copy passbolt configuration as following:

    - 
    sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
-sudo chown root:www-data /etc/passbolt/passbolt.php
-sudo chmod g-w /etc/passbolt/passbolt.php
-
    - -

    If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

    - - 
    'quoteIdentifiers' => true
-
    - -

    5.3. Copy the avatars

    - -

    If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

    - - 
    sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
-
    - -

    5.4. Copy the subscription key

    - -

    Copy subscription key as following:

    - - 
    sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt
-sudo chown root:www-data /etc/passbolt/subscription_key.txt
-sudo chmod g-w /etc/passbolt/subscription_key.txt
-
    - -

    6. PHP-FPM

    - -

    Edit /etc/php/7.4/fpm/pool.d/www.conf and look for the line that looks like this:

    - - 
    listen = 127.0.0.1:9000
-
    - -

    Change it to look like this:

    - - 
    listen = /run/php/php7.4-fpm.sock
-
    - -

    Due to a bug on the install scripts some installations might need to do an additional substitution on /etc/php/7.4/fpm/pool.d/www.conf:

    - -

    Look for the line containing:

    - - 
    listen.group = _WWW_GROUP_
-
    - -

    And change it to look like:

    - - 
    listen.group = www-data
-
    - -

    7. Nginx

    - -

    Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

    - 
    sudo rm /etc/nginx/conf.d/passbolt.conf
-sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
-
    -

    Then you can reconfigure the Ubuntu package using:

    - - 
    sudo dpkg-reconfigure passbolt-pro-server
-
    - -

    Answer the following way:

    - -
      -
    • No to mysql configuration
      • -
    • Yes to nginx configuration
      • -
    - -

    You can then select the SSL method that suits best your needs.

    - -

    8. Run the database migrations

    - -

    Now it is time to run the migrations to upgrade the database schemas:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    9. Cleanup

    - -

    After you have checked you can access your new setup with the Ubuntu package make a backup of /var/www/passbolt and then -you can delete it:

    - - 
    sudo rm -rf /var/www/passbolt
-
    - -

    You may also want to check for the old CRON job that may need to be removed:

    - 
    sudo crontab -u www-data -e
-
    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-sudo systemctl restart php7.4-fpm
-
    - -
    -

    Last updated

    -

    This article was last updated on -February -3rd, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -

    Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

    - - View on github - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-debian.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-debian.html deleted file mode 100644 index 63973a2f7..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-debian.html +++ /dev/null @@ -1,384 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from CE to Pro on Debian - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt from CE to Pro on Debian

    -
    -
    - - -
    -
    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Debian server.
      • -
    • Passbolt CE Debian package installed.
      • -
    - -

    Upgrading passbolt

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup passbolt

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upload your subscription key

    - -

    You should copy your subscription key to /etc/passbolt/subscription_key.txt and ensure the permissions are correct.

    - - 
    sudo chown root:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 640 /etc/passbolt/subscription_key.txt
-
    - -

    4. Uninstall passbolt CE

    - -

    Passbolt CE package should be removed prior to installing passbolt Pro.

    - - 
    sudo apt-get remove passbolt-ce-server
-
    - -

    5. Update passbolt package repository

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    6. Install passbolt Pro

    - -

    Now you can install the passbolt Pro package.

    - - 
    sudo apt-get install passbolt-pro-server
-
    - -

    As you have already configured passbolt CE, and passbolt Pro relies on the same configuration, you should reply:

    - -
      -
    • No for mariadb configuration
      • -
    • No to nginx configuration
      • -
    - -

    7. Migrate the data

    - -

    Once the package installed, run the following command to migrate the data to passbolt Pro:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    8. Clear the cache

    - -

    Make sure you clear the application cache, to make sure any changes in the database structure are reflected in -model cache files:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    9. Ensure you don’t have duplicate cron jobs

    - -

    As you are upgrading from CE to Pro you will need to make sure you don’t have duplicate cronjobs.

    - -

    You can do this by checking /etc/cron.d/

    - -

    You may see:

    - 
    /etc/cron.d/passbolt-ce-server
-/etc/cron.d/passbolt-pro-server 
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/cron.d/passbolt-ce-server
-
    - -

    As this will clear out the no longer needed CE job to send emails. If you leave this you may experience receiving duplicate emails.

    - -

    The other regularly occuring job which you can remove will be under /etc/logrotate.d/

    - -

    You may see:

    - 
    /etc/logrotate.d/passbolt-ce-server
-/etc/logrotate.d/passbolt-pro-server
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/logrotate.d/passbolt-ce-server
-
    - -

    This will clean up the no longer needed log rotation job.

    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-
    - -
    -

    Last updated

    -

    This article was last updated on -November -2nd, -2021.

    -
    - -
    -
    - -
    -

    Your installation is not based on a debian package?

    - - Migrate passbolt to debian package - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-docker.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-docker.html deleted file mode 100644 index e4f2e497b..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-docker.html +++ /dev/null @@ -1,291 +0,0 @@ - - - - - Passbolt Help | Upgrade from CE to Pro using docker - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from CE to Pro using docker

    -
    -
    - -
    -
    - -
    -

    - Important: Please take a full backup of your passbolt before proceeding with the upgrade. -

    - -
    - -

    In order to upgrade from CE to PRO, open your docker-compose.yaml file and search for the passbolt CE image definition:

    - - 
    image: passbolt/passbolt:<IMAGE_TAG>
-
    - -

    And replace the CE <IMAGE_TAG> with a PRO <IMAGE_TAG>.

    - -

    In the same location of your docker-compose.yaml file, create a subscription_key.txt file containing your passbolt subscription key, and add a new volume definition in your docker-compose.yaml file:

    - - 
    version: '3.7'
-services:
-  db:
-    ...
-  passbolt:
-    ...
-    volumes:
-      ...
-      - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro
-
    - -

    Then relaunch your docker containers:

    - - 
    $ docker-compose up -d
-
    - -

    By doing this:

    - -
      -
    • a new passbolt docker image will be pulled and a new container created
      • -
    • your passbolt database schema will be updated
      • -
    - -
    -

    Last updated

    -

    This article was last updated on -February -21st, -2022.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-source.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-source.html deleted file mode 100644 index 60ac995d4..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-source.html +++ /dev/null @@ -1,397 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from CE source install to Pro - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt from CE source install to Pro

    -
    -
    - -
    -
    - -

    This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro.

    - -
    -

    - Important: Please take a full backup of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -
    -

    - You may want to consider moving to one of our packages before upgrading to Pro. -

    - -
    - -

    System requirements

    -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.4.0
      • -
    • MariaDB >= 10.3 /Mysql >= 5.7
      • -
    • Composer >= 2
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Upgrade to Passbolt Pro

    -

    In the following examples we assume you are running passbolt using apache in the /var/www/passbolt -directory. You will need to replace these values with your local environment settings.

    - -

    1. Take your site offline & install the required modules

    -

    There are multiple ways of doing that, the simplest is sending a notice by email to your users -and stopping your webserver. The better approach would be to create a temporary html file and -redirect your passbolt user there.

    - -

    If you are planning to use LDAP integration you will need to make sure the PHP extension for LDAP -is installed and enabled (for example: apt-get install php-ldap). Make sure you restart your webserver -when you add new PHP extensions (for example with: sudo service restart php-fpm).

    - -

    2. Download Passbolt Pro

    -

    Open a shell with the same user as your web server user. (usually, www-data for apache, nginx for nginx)

    - - 
    /var/www$ su -s /bin/bash www-data
-
    - -

    Replace the previous passbolt by the new version.

    - - 
    /var/www$ mv ./passbolt ./passbolt_old
-/var/www$ git clone https://bitbucket.org/passbolt_pro/passbolt_pro_api.git ./passbolt
-
    - -

    3. Install the dependencies

    - 
    /var/www$ cd ./passbolt
-/var/www/passbolt$ composer install --no-dev
-
    - -

    4. Copy the avatar folder

    - 
    /var/www/passbolt$ cp -R ../passbolt_old/webroot/img/public/* ./webroot/img/public/.
-
    - -

    5. Configure Passbolt Pro

    -

    To configure Passbolt Pro, the easiest way is to use the in-built configuration wizard. -Just point your browser to your passbolt url.

    - -

    You will be greeted by a welcome screen. Click on the Configure with wizard option and follow the instructions.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -
    -

    - Note: Enter the same configuration details as the the ones that were used for your Passbolt CE. - This includes your database, smtp details, as well as your server GPG key that you’ll need to import (Do not generate a new one). -

    - -
    - -
    - Wizard - import key screen - fig. Wizard - import key screen -
    - -

    6. Your server is now ready to run passbolt

    - -

    Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in.

    - -

    7. Ensure you don’t have duplicate cron jobs

    - -

    As you are upgrading from CE to Pro you will need to make sure you don’t have duplicate cronjobs.

    - -

    You can do this by checking /etc/cron.d/

    - -

    You may see:

    - 
    /etc/cron.d/passbolt-ce-server
-/etc/cron.d/passbolt-pro-server 
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/cron.d/passbolt-ce-server
-
    - -

    As this will clear out the no longer needed CE job to send emails. If you leave this you may experience receiving duplicate emails.

    - -

    The other regularly occuring job which you can remove will be under /etc/logrotate.d/

    - -

    You may see:

    - 
    /etc/logrotate.d/passbolt-ce-server
-/etc/logrotate.d/passbolt-pro-server
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/logrotate.d/passbolt-ce-server
-
    - -

    This will clean up the no longer needed log rotation job.

    - -

    That’s it!

    - -

    At this stage, Passbolt Pro should be working perfectly.

    - -

    Any issue? Do contact us on the Passbolt Pro support with the email provided during your purchase.

    - -
    -

    Last updated

    -

    This article was last updated on -April -3rd, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-ubuntu.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-ubuntu.html deleted file mode 100644 index 1fa933283..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-ubuntu.html +++ /dev/null @@ -1,384 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from CE to Pro on Ubuntu - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt from CE to Pro on Ubuntu

    -
    -
    - - -
    -
    - -

    Pre-requisites

    - -

    For this tutorial, you will need:

    -
      -
    • A minimal Ubuntu 22.04 server.
      • -
    • Passbolt CE Ubuntu package installed.
      • -
    - -

    Upgrading passbolt

    - -

    1. Take down your site

    - -

    It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects -such as active users corrupting the data in the middle of an upgrade.

    - - 
    $ sudo systemctl stop nginx
-
    - -

    2. Backup passbolt

    - -

    First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. -You can follow our backup process.

    - -

    3. Upload your subscription key

    - -

    You should copy your subscription key to /etc/passbolt/subscription_key.txt and ensure the permissions are correct.

    - - 
    sudo chown root:www-data /etc/passbolt/subscription_key.txt
-sudo chmod 640 /etc/passbolt/subscription_key.txt
-
    - -

    4. Uninstall passbolt CE

    - -

    Passbolt CE package should be removed prior to installing passbolt Pro.

    - - 
    sudo apt-get remove passbolt-ce-server
-
    - -

    5. Update passbolt package repository

    - -

    For easier installation and update tasks Passbolt provides a package repository that you need to setup -before you download Passbolt PRO and install it.

    - -

    Step 1. Download our dependencies installation script:

    - - 
    wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"
-
    - -

    Step 2. Download our SHA512SUM for the installation script:

    - - 
    wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
-
    - -

    Step 3. Ensure that the script is valid and execute it:

    - - 
    sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh
-
    - -

    6. Install passbolt Pro

    - -

    Now you can install the passbolt Pro package.

    - - 
    sudo apt-get install passbolt-pro-server
-
    - -

    As you have already configured passbolt CE, and passbolt Pro relies on the same configuration, you should reply:

    - -
      -
    • No for mysql configuration
      • -
    • No to nginx configuration
      • -
    - -

    7. Migrate the data

    - -

    Once the package installed, run the following command to migrate the data to passbolt Pro:

    - - 
    sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
-
    - -

    8. Clear the cache

    - -

    Make sure you clear the application cache, to make sure any changes in the database structure are reflected in -model cache files:

    - - 
    sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
-
    - -

    9. Ensure you don’t have duplicate cron jobs

    - -

    As you are upgrading from CE to Pro you will need to make sure you don’t have duplicate cronjobs.

    - -

    You can do this by checking /etc/cron.d/

    - -

    You may see:

    - 
    /etc/cron.d/passbolt-ce-server
-/etc/cron.d/passbolt-pro-server 
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/cron.d/passbolt-ce-server
-
    - -

    As this will clear out the no longer needed CE job to send emails. If you leave this you may experience receiving duplicate emails.

    - -

    The other regularly occuring job which you can remove will be under /etc/logrotate.d/

    - -

    You may see:

    - 
    /etc/logrotate.d/passbolt-ce-server
-/etc/logrotate.d/passbolt-pro-server
-
    - -

    If this is the case you’ll want to run:

    - 
    rm /etc/logrotate.d/passbolt-ce-server
-
    - -

    This will clean up the no longer needed log rotation job.

    - -

    10. Bring your site back online

    - -

    Finally take passbolt back up:

    - - 
    sudo systemctl start nginx
-
    - -
    -

    Last updated

    -

    This article was last updated on -February -10th, -2021.

    -
    - -
    -
    - -
    -

    Is your installation not based on the Ubuntu package?

    - - Migrate passbolt to Ubuntu package - -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-docker.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-docker.html deleted file mode 100644 index 63764eee4..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-docker.html +++ /dev/null @@ -1,393 +0,0 @@ - - - - - Passbolt Help | Upgrade from CE v1 to Pro using docker - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade from CE v1 to Pro using docker

    -
    -
    - -
    -
    - -

    This tutorial covers the case where you want to upgrade from your passbolt CE v1.x into Passbolt Pro when using docker.

    - -
    -

    - Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -

    The upgrading process is very similar to the one listed in the ce section. The main difference is that Passbolt Pro requires a subscription key to -work.

    - -

    Upgrade from v1.6.10-debian

    - -

    Passbolt v2 introduces several changes that are important to keep in mind when upgrading:

    - -

    Changes: Environment variables

    - -

    The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables:

    - - 
    DB_USER is now DATASOURCES_DEFAULT_USERNAME
-DB_HOST is now DATASOURCES_DEFAULT_HOST
-
    -

    There is a more detailed list in passbolt_docker README file.

    - -

    Changes: Configuration files

    - -

    No more core.php, email.php or database.php. -Any user that does not want to use environment variables must configure passbolt using:

    - 
    /var/www/passbolt/config/passbolt.php
-
    -

    Passbolt will look for for configuration values in passbolt.php. Wether passbolt.php does not exist or the configuration section is not defined on it, passbolt will then look for configuration details in default.php which relies on environment variables/default values. -Gpg config directory has changed slightly its path from:

    - - 
    /var/www/passbolt/app/Config/gpg/ to /var/www/passbolt/config/gpg
-
    - -

    Gpg default server key file names also changed:

    - - 
    serverkey.private.asc to serverkey_private.asc
-
    - -

    Changes: www user

    - -

    Passbolt container is now running under the www-data user

    - -

    Changes: images directory

    - -

    Path to the images directory is different:

    - - 
    /var/www/passbolt/app/webroot/img/public/images to /var/www/passbolt/webroot/img/public/images
-
    - -

    Users must also rename ProfileAvatar to Avatar directory inside public/images in order to see images in passbolt v2

    - -

    Changes: supervisor

    - -

    In order to manage the running process in passbolt container we introduced supervisord. Users are now able to restart passbolt container processes using:

    - - 
    $ docker exec passbolt supervisorctl restart <php-fpm|nginx|cron>
-
    - -

    Now that we have a better overview of the changes let’s start with the upgrading process!

    - -

    Backup MariaDB database

    - -

    First of all is encouraged to backup all the relevant data that is:

    -
      -
    • Database
      • -
    • Images
      • -
    • Server public and private keys
      • -
    - -

    You might want to check the detailed backup list for v1

    - -

    There are multiple ways to backup your database following there is an example using the passbolt container:

    - 
    $ docker exec passbolt mysqldump -h <db_host> \
-                                 -u passbolt \
-                                 -pP4ssb0lt \
-                                 passbolt > dump.sql
-
    - -

    This will output a dump.sql file on the host machine.

    - -

    Backup images directory

    - -

    If you are mounting the images directory using a bind mount just copy the host image directory in a safe location. -If you are using docker volumes to persist your images directory, or not persisting the images directory at all, you can execute the following to copy your images to the host machine.

    - - 
    $ docker cp passbolt:/var/www/app/webroot/img/public public_images_backup
-
    -

    This will output a public_images_directory with the images stored in the passbolt container.

    - -

    Backup gpg keys

    - -

    As with the previous section you can proceed exactly the same with the gpg keys:

    - - 
    $ docker cp passbolt:/var/www/app/Config/gpg/ gpg_keys_backup
-
    - -

    This will output a gpg_keys_backup directory with the contents of the gpg configuration folder of passbolt.

    - -

    Upgrade using latest v1 version (1.6.10)

    - -

    Passbolt Pro v2 will run the database migrations if needed when starting up. Users just need to provide the gpg keys, configuration files/env variables and images. -Following some examples:

    - -

    Using host bind mounts

    - -

    Users that use host bind mounts from host machine into docker file must adjust paths of the mounted files:

    - -

    In the following snippet:

    -
      -
    • passbolt_images_dir: path to a host directory that contains passbolt images Avatar directory.
      • -
    • gpg_host_dir: path to a host directory that contains serverkey.asc and serverkey_private.asc
      • -
    - - 
    $ docker run --name passbolt-pro --net passbolt_network \
-             --mount type=bind, \
-               source=<passbolt_images_dir>,\
-               target=/var/www/passbolt/webroot/img \
-             --mount type=bind,\
-               source=<path_subscription>,\
-               target=/var/www/passbolt/config/license \
-             --mount type=bind, \
-               source=<gpg_host_dir>, \
-               target=/var/www/passbolt/config/gpg \
-             -p 443:443 \
-             -p 80:80 \
-             -e DATASOURCES_DEFAULT_HOST=mariadb \
-             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
-             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
-             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
-             -e APP_FULL_BASE_URL=https://mydomain.com \
-             passbolt/passbolt:latest-pro
-
    - -

    Using docker volumes

    - -

    Users that use docker volumes should adjust their volumes paths.

    - - 
    $ docker run --name passbolt-pro --net passbolt_network \
-             --mount source=<passbolt_images_volume>,\
-               target=/var/www/passbolt/webroot/img \
-             --mount type=bind,\
-               source=<path_subscription>,\
-               target=/var/www/passbolt/config/license \
-             --mount source=<gpg_keys_volume>, \
-               target=/var/www/passbolt/config/gpg \
-             -p 443:443 \
-             -p 80:80 \
-             -e DATASOURCES_DEFAULT_HOST=mariadb \
-             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
-             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
-             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
-             -e APP_FULL_BASE_URL=https://mydomain.com \
-             passbolt/passbolt:latest-pro
-
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-new-server.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-new-server.html deleted file mode 100644 index 46d778fd7..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-new-server.html +++ /dev/null @@ -1,254 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from v1 to Pro on a new server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-same-server.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-same-server.html deleted file mode 100644 index 6216e0174..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v1-same-server.html +++ /dev/null @@ -1,386 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from v1 to Pro on the same server - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt from v1 to Pro on the same server

    -
    -
    - -
    -
    - -
    -

    - WARNING This involves an outdated version, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING -

    - -
    - -

    This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into Passbolt Pro on -the same server.

    - -

    If you want to use a new server, follow this link.

    - -
    -

    - Important: Please take a full backup of your Passbolt CE before proceeding - with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -

    System requirements

    -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.3.0
      • -
    • MariaDB/Mysql >= 5.5.59
      • -
    • Composer
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Upgrade to Passbolt Pro

    -

    In the following examples we assume you are running passbolt CE v1 using apache in the /var/www/passbolt -directory. You will need to replace these values with your local environment settings.

    - -

    1. Make sure you have the latest v1.x version

    -

    If you do not have the latest version, please follow the regular v1 udpate process. -We’ll also assume you have a web server that match the system requirements.

    - - 
    /var/www/passbolt$ cat app/Config/version.php  | grep number
-'number' => '1.6.10'
-
    - -

    2. Take your site offline

    -

    There are multiple ways of doing that, the simplest is sending a notice by email to your users -and stopping your webserver. The better approach would be to create a temporary html file and -redirect your passbolt user there.

    - -

    3. Download Passbolt Pro

    -

    Open a shell with the same user as your web server user. (usually, www-data for apache, nginx for nginx)

    - - 
    /var/www$ su -s /bin/bash www-data
-
    - -

    Replace the previous passbolt by the new version.

    - - 
    /var/www$ mv ./passbolt ./passbolt_old
-/var/www$ git clone https://bitbucket.org/passbolt_pro/passbolt_pro_api.git ./passbolt
-
    - -

    4. Install the dependencies

    - 
    /var/www$ cd ./passbolt
-/var/www/passbolt$ composer install --no-dev
-
    - -

    5. Copy the avatar folder

    - 
    /var/www/passbolt$ cp -R ../passbolt_old/app/webroot/img/public/* ./webroot/img/public/.
-/var/www/passbolt$ mv ./webroot/img/public/images/ProfileAvatar ./webroot/img/public/images/Avatar
-
    - -

    6. Configure Passbolt Pro

    -

    To configure Passbolt Pro, the easiest way is to use the in-built configuration wizard. -Just point your browser to your passbolt url.

    - -

    You will be greeted by a welcome screen. Click on the Configure with wizard option and follow the instructions.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -
    -

    - Note: Enter the same configuration details as the the ones that were used for your Passbolt CE. - This includes your database, smtp details, as well as your server GPG key that you’ll need to import (Do not generate a new one). -

    - -
    - -
    - Wizard - import key screen - fig. Wizard - import key screen -
    - -

    7. Your server is now ready to run passbolt

    - -

    Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in.

    - -

    8. Final step: modify the cron job to send emails

    - -

    Modify the cronjob entry you had added for passbolt CE v1 :

    - 
    * * * * * /var/www/passbolt/app/Console/cake EmailQueue.sender > /var/log/passbolt.log
-
    - -

    into this one:

    - 
    * * * * * /var/www/passbolt/bin/cake EmailQueue.sender > /var/log/passbolt.log
-
    - -

    That’s it!

    - -

    At this stage, Passbolt Pro should be working perfectly.

    - -

    Any issue? Do contact us on the Passbolt Pro support with the email provided during your purchase.

    - -
    -

    Last updated

    -

    This article was last updated on -April -9th, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v2.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v2.html deleted file mode 100644 index 7622c7a27..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce-v2.html +++ /dev/null @@ -1,367 +0,0 @@ - - - - - Passbolt Help | Upgrade Passbolt from community edition v2 to Pro - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade Passbolt from community edition v2 to Pro

    -
    -
    - -
    -
    - -
    -

    - WARNING This involves an outdated version, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING -

    - -
    - -

    This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro.

    - -
    -

    - Important: Please take a full backup of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database. -

    - -
    - -

    System requirements

    -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.3.0
      • -
    • MariaDB/Mysql >= 5.5.59
      • -
    • Composer
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -

    Upgrade to Passbolt Pro

    -

    In the following examples we assume you are running passbolt using apache in the /var/www/passbolt -directory. You will need to replace these values with your local environment settings.

    - -

    1. Take your site offline & install the required modules

    -

    There are multiple ways of doing that, the simplest is sending a notice by email to your users -and stopping your webserver. The better approach would be to create a temporary html file and -redirect your passbolt user there.

    - -

    If you are planning to use LDAP integration you will need to make sure the PHP extension for LDAP -is installed and enabled (for example: apt-get install php-ldap). Make sure you restart your webserver -when you add new PHP extensions (for example with: sudo service restart php-fpm).

    - -

    2. Download Passbolt Pro

    -

    Open a shell with the same user as your web server user. (usually, www-data for apache, nginx for nginx)

    - - 
    /var/www$ su -s /bin/bash www-data
-
    - -

    Replace the previous passbolt by the new version.

    - - 
    /var/www$ mv ./passbolt ./passbolt_old
-/var/www$ git clone https://bitbucket.org/passbolt_pro/passbolt_pro_api.git ./passbolt
-
    - -

    3. Install the dependencies

    - 
    /var/www$ cd ./passbolt
-/var/www/passbolt$ composer install --no-dev
-
    - -

    4. Copy the avatar folder

    - 
    /var/www/passbolt$ cp -R ../passbolt_old/webroot/img/public/* ./webroot/img/public/.
-
    - -

    5. Configure Passbolt Pro

    -

    To configure Passbolt Pro, the easiest way is to use the in-built configuration wizard. -Just point your browser to your passbolt url.

    - -

    You will be greeted by a welcome screen. Click on the Configure with wizard option and follow the instructions.

    - -
    - passbolt welcome page before configuration - fig. passbolt welcome page before configuration -
    - -
    -

    - Note: Enter the same configuration details as the the ones that were used for your Passbolt CE. - This includes your database, smtp details, as well as your server GPG key that you’ll need to import (Do not generate a new one). -

    - -
    - -
    - Wizard - import key screen - fig. Wizard - import key screen -
    - -

    6. Your server is now ready to run passbolt

    - -

    Once you have followed all the steps of the wizard, Passbolt Pro is ready to run. You will be redirected -automatically to the login page where you can log in.

    - -

    That’s it!

    - -

    At this stage, Passbolt Pro should be working perfectly.

    - -

    Any issue? Do contact us on the Passbolt Pro support with the email provided during your purchase.

    - -
    -

    Last updated

    -

    This article was last updated on -April -3rd, -2018.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/hosting/upgrade/pro/upgrade-pro-from-ce.html b/docs/hosting/upgrade/pro/upgrade-pro-from-ce.html deleted file mode 100644 index 5512cfbe8..000000000 --- a/docs/hosting/upgrade/pro/upgrade-pro-from-ce.html +++ /dev/null @@ -1,299 +0,0 @@ - - - - - Passbolt Help | Upgrade to Passbolt Pro - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Upgrade to Passbolt Pro

    -
    -
    - -
    -
    - -
    -

    - Important: This page is depreciated. For up to date upgrade instructions please see our help site page on upgrades. -

    - -
    - -

    There are many ways you can upgrade your version 2 Community Edition (CE) to Passbolt Pro. -This page list the options and will point you to the right manual.

    - -

    Upgrade from CE v2

    - - - -

    Requirements

    -

    Passbolt is reported to work on a large variety of operating system configurations. -Therefore this help page is a generic guide that should work for most environments.

    - -

    If you run into any issues with your particular configuration, -please check the forum. -Maybe someone else has had your issue. If not, make a post and the community will try to help you.

    - -
      -
    • Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD)
      • -
    • A webserver (Apache or Nginx)
      • -
    • A TLS server certificate for HTTPS
      • -
    • PHP >= 7.3.0
      • -
    • MariaDB/Mysql >= 5.5.59
      • -
    • Composer
      • -
    • GnuPG
      • -
    • Git
      • -
    - -

    The following PHP extensions (that may or may not come by default):

    -
      -
    • PHP-GNUPG: for key verification and authentication.
      • -
    • Cakephp default requirements: Intl, mbstring, simplexml
      • -
    • Image manipulation: gd or imagick
      • -
    • Database: Mysqlnd, pdo, pdo_mysql
      • -
    • Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json.
      • -
    • Ldap
      • -
    • & more depending on your configuration (for example if you want to use memcache for sessions).
      • -
    - -
    -

    Last updated

    -

    This article was last updated on -February -10th, -2021.

    -
    - -
    -
    - -
    -

    Are you experiencing issues with Passbolt Pro Edition?

    - Contact Pro support -

    or ask the community

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/index.html b/docs/index.html index f06142998..85687e5e4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -87,49 +87,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • @@ -161,114 +155,22 @@

    Help Search

    - -
    -
    -

    Introduction

    -
    -
    -
    - - -
    - - - - - - Discovery FAQ - Everybody has to start somewhere. - -
    - - -
    - - - - - - Roadmap - What are the current and upcoming features. - -
    - - -
    - - - - - - Security - Learn more about the security and threat model. - -
    - - -
    - - - - - - Release notes - Find out what have changed since last time! - -
    - - -
    - - - - - - Incident reports - What went wrong and what we did to fix it. - -
    - - -
    - - - - - - Talk to a human - We are not machines and it's a cold world out there. - -
    +

    Welcome!

    +
    +

    + Welcome help.passbolt.com the historical place for the product documentation. + The content of this website is currently being migrated here.
    + Thank you for your patience! +

    - - - - - - - - - - - - - - - - - - - -
    -

    Getting started

    +

    Introduction

    @@ -276,191 +178,96 @@

    Getting started

    - + - Get started using passbolt - Frequently asked questions during first time use. - -
    - - -
    - - - - - - Browser extension - How to install and remove the browser extensions. - -
    - - -
    - - - - - - Password basics - Creating, editing, sharing and deleting passwords - -
    - - -
    - - - - - - Sharing passwords - Sharing is caring (but only if you really have to). + User Guide + How to get started and basic functionalities explained.
    - + - - Roles and permissions - Information about the roles and permissions system of passbolt. + + Admin Guide + A guide on how to configuration passbolt.
    - + - - Forum - When in doubt, you can also ask the community! + + Hosting Guide + A guide to install and run a passbolt server.
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    -
    -

    Hosting

    -
    -
    -
    -
    - + - - Hosting FAQ - Frequently asked questions about hosting + + Developer Guide + A guide to call the passbolt API.
    - + - - Installation - How to install passbolt on your own server + + Contributor Guide + A guide to contribute to the project.
    - + - - Update - How to update a self-hosted passbolt instance + + Release notes + Find out what have changed since last time!
    - + - - Upgrade - How to upgrade passbolt. + + Incident reports + What went wrong and what we did to fix it.
    - - - - - Backup - Guidelines to backup a passbolt instance - -
    - - -
    - - + - - Installation issues - Do you need help installing passbolt? + + Talk to a human + We are not machines and it's a cold world out there.
    @@ -476,536 +283,8 @@

    Hosting

    - - - - - - - - -
    -
    -

    Configure

    -
    -
    -
    - - -
    - - - - - - Configure HTTPS - How to setup HTTPS for secure communications - -
    - - -
    - - - - -
    PRO
    - - - Configure LDAP - How to configure the directory sync plugin -     -
    - - -
    - - - - -
    PRO
    - - - Configure Account Recovery - How to configure Account Recovery -     -
    - - -
    - - - - -
    PRO
    - - - Configure SSO - How to configure Single Sign-On -     -
    - - -
    - - - - - - Configure Windows App - How to configure Windows App - -
    - - -
    - - - - -
    PRO
    - - - Configure Password Policies - How to configure Password Policies -     -
    - - -
    - - - - -
    PRO
    - - - Configure User Passphrase Policies - How to configure User Passphrase Policies -     -
    - - -
    - - - - - - Configure RBAC - How to configure Role-Based Access Control - -
    - - -
    - - - - -
    PRO
    - - - Configure LDAP with ssl - How to configure the LDAP plugin with ssl (ldaps) -     -
    - - -
    - - - - -
    PRO
    - - - Using LDAP Filters - How to use the filters to configure your Users Directory -     -
    - - -
    - - - - -
    PRO
    - - - Troubleshoot LDAP sync errors - Common ldap synchronization errors and their meaning -     -
    - - -
    - - - - - - Configure MFA - How to configure Multi Factor Authentication - -
    - - -
    - - - - - - Configure TOTP - How to configure Time-based One Time Password - -
    - - -
    - - - - - - Configure Email Notifications - How to manage email notification settings - -
    - - -
    - - - - - - Configure Email providers - How to setup email providers - -
    - - -
    - - - - - - Configure Email authentication - How to configure your authentication method - -
    - - -
    - - - - - - Troobleshoot Email config - Common issues with emails - -
    - - -
    - - - - - - Environment variable reference - Reference list of all environment variables - -
    - - -
    - - - - - - Update database credentials - Update database credentials - -
    - -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -

    Extend

    -
    -
    -
    - - -
    - - - - - - API Documentation - Build on top of passbolt - -
    - - -
    - - - - - - API Reference - Browse API in Swagger UI - -
    - - -
    - - - - - - Authentication - How does GPG Authentication work? - -
    - - -
    - - - - - - Github - Want to see the code? This way! - -
    - -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -

    Contribute

    -
    -
    -
    - - -
    - - - - - - Contributor FAQ - How to get started as a contributor - -
    - - -
    - - - - - - Feature requests - Propose and vote for new ideas! - -
    - - -
    - - - - - - Bug report - Who knows, maybe it is a feature? - -
    - - -
    - - - - - - Translation - Your language is missing or you discovered an error - -
    - - -
    - - - - - - Get a job! - Careers opportunity at passbolt. - -
    - -
    - - - - - - - - - - - - - - - - - - - - - -
    -
    -

    Small print

    -
    -
    -
    - - -
    - - - - - - Terms of service - Did you read the small print? - -
    - - -
    - - - - - - Privacy policy - What we do with your data. - -
    - - -
    - - - - - - CLA Policy - Contributor licence agreement - -
    - - -
    - - - - - - Code of conduct - Because everyone should feel welcome - -
    - - -
    - - - - - - Credits - Passbolt would not be possible without... - -
    - - -
    - - - - - - Legal FAQ - Frequently asked questions about legal matters - -
    - -
    -
    diff --git a/docs/legal/index.html b/docs/legal/index.html deleted file mode 100644 index afe333deb..000000000 --- a/docs/legal/index.html +++ /dev/null @@ -1,299 +0,0 @@ - - - - - Passbolt Help | The small print - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - - - - - - - - - - - - - - - - -
    -
    -

    Small print

    -
    -
    -
    - - -
    - - - - - - Terms of service - Did you read the small print? - -
    - - -
    - - - - - - Privacy policy - What we do with your data. - -
    - - -
    - - - - - - CLA Policy - Contributor licence agreement - -
    - - -
    - - - - - - Code of conduct - Because everyone should feel welcome - -
    - - -
    - - - - - - Credits - Passbolt would not be possible without... - -
    - - -
    - - - - - - Legal FAQ - Frequently asked questions about legal matters - -
    - -
    - - - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/redirects.json b/docs/redirects.json index 9c4f645f6..422089843 100644 --- a/docs/redirects.json +++ b/docs/redirects.json @@ -1 +1 @@ -{"/configure/ldap-configuration-from-file":"https://help.passbolt.com/configure/ldap/ldap-from-configuration-file.html","/configure/notification/email.htm":"https://help.passbolt.com/configure/notification/email","/configure/notifications/email":"https://help.passbolt.com/configure/notification/email","/configure/ldap-with-ssl":"https://help.passbolt.com/configure/ldap/ldap-with-ssl.html","/configure/email":"https://help.passbolt.com/configure/email/setup.html","/hosting/update/vm-update.html":"https://help.passbolt.com/hosting/update/debian-package.html","/hosting/update/ami-update.html":"https://help.passbolt.com/hosting/update/debian-package.html","/hosting/update/do-update.html":"https://help.passbolt.com/hosting/update/debian-package.html","/configure/ldap":"https://help.passbolt.com/configure/ldap/setup.html","/configure/reference":"https://help.passbolt.com/configure/environment/reference.html","/releases/ce/v281-blue-monday":"https://help.passbolt.com/releases/ce/v283-blue-monday","/releases/ce/v282-blue-monday":"https://help.passbolt.com/releases/ce/v283-blue-monday","/releases/pro/v281-blue-monday":"https://help.passbolt.com/releases/pro/v283-blue-monday","/releases/pro/v282-blue-monday":"https://help.passbolt.com/releases/pro/v283-blue-monday"} \ No newline at end of file +{"/releases/ce/v281-blue-monday":"https://help.passbolt.com/releases/ce/v283-blue-monday","/releases/ce/v282-blue-monday":"https://help.passbolt.com/releases/ce/v283-blue-monday","/releases/pro/v281-blue-monday":"https://help.passbolt.com/releases/pro/v283-blue-monday","/releases/pro/v282-blue-monday":"https://help.passbolt.com/releases/pro/v283-blue-monday"} \ No newline at end of file diff --git a/docs/releases/ce/index.html b/docs/releases/ce/index.html index ef32c7c14..c055eb747 100644 --- a/docs/releases/ce/index.html +++ b/docs/releases/ce/index.html @@ -87,49 +87,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • diff --git a/docs/releases/index.html b/docs/releases/index.html index 4fa4fc5b2..0bc83dc37 100644 --- a/docs/releases/index.html +++ b/docs/releases/index.html @@ -87,49 +87,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • diff --git a/docs/releases/pro/index.html b/docs/releases/pro/index.html index 488d9080b..c344ca127 100644 --- a/docs/releases/pro/index.html +++ b/docs/releases/pro/index.html @@ -87,49 +87,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • diff --git a/docs/search.html b/docs/search.html index c6c42eca6..ee42e695f 100644 --- a/docs/search.html +++ b/docs/search.html @@ -88,49 +88,43 @@

    Help Search

  • - Introduction + Introduction
  • - Installation + User Guide
  • - Getting started + Admin Guide
  • - Hosting + Hosting guide
  • - Configure + Developer Guide
  • - Extend + Contributor Guide
  • - Contribute - -
    • - -
  • - - Small print + Small print
    • @@ -261,11 +255,6 @@

    Oh, no! Your search did not match any documents...

    "category": "api,authentication", "content": "GPGAuth-based authenticationPassbolt’s API uses the GPGAuth protocol for authenticating the users.This page details the process.ExamplesFor a practical implementation example, you can also have a look at the following: PHP Javascript PythonWhat is GPGAuth?GPGAuth is a protocol that uses OpenPGP keys to authenticate users. In short the server generate a challenge thatmust be decrypted and returned by the user. It also contains a challenge to verify the user server key.Challenge based authentication is different that form based authentication, you can learn more about the differenceon this page.Sequence diagramThe authentication process works by the two-way exchange of encrypted and signed tokens(nonces) between the user andthe server. The authentication process is as follows: fig. Sequence diagram of a GPGAuth-based authenticationCustom response headersThe server uses a set of custom HTTP headers to send information to the client related to the authentication.It will be easier to understand their use in the steps that follow, but a brief description of some of them isprovided here: Header Description X-GPGAuth-Verify-Response The challenge response, e.g. the secret the server needed to decrypt. The client compares it with the one stored locally and confirms server’s identity. X-GPGAuth-Progress The current login stage number. Possible values are verify, stage0, stage1, complete and logout. X-GPGAuth-User-Auth-Token An encrypted token sent from the server for the client to decrypt in order to confirm its identity. X-GPGAuth-Refer URI of the last location which triggered the login process. Used to redirect back after a successful login. X-GPGAuth-Error Any information with regards to an authentication error X-GPGAuth-Pubkey The server public key url X-GPGAuth-Logout-Url The logout URL X-GPGAuth-Version GPGAuth version Authentication sequence detailsVerify StepThe verify step is used to verify your passbolt server identity. It is useful in some security cases such aswhen a domain name is seized. This server identity verification should not be understood as an end-to-end serverauthentication, e.g. it does not protect against an attacker performing a man in the middle attack.Though this step is optional, it is recommended for a client to verify the server key. It involves: The client generates a token(nonce) in a specific format. It must have the pattern of version, UUID length,v4 UUID, and version (separated with pipes): gpgauthv1.3.0|36|10e2074b-f610-42be-8525-100d4e68c481|gpgauthv1.3.0 The client then encrypts the token with the server’s broadcasted public keyand stores the unencrypted version of the token locally, for future use. The encrypted token is sent to the server along with the user key fingerprint.Make a POST request to /auth/verify.json and send the token in the request body under gpg_auth[‘server_verify_token’]: 'data' => [ 'gpg_auth' => [ 'keyid' => <fingerprint_of_the_user>, 'server_verify_token' => <Encrypted_token> ]] Based on the user key fingerprint the server checks if the user exists and is active. If the fingerprint is verified, the server decrypts the token and checks if it is in the valid format. If in a valid format, the server sends back the decrypted token: in the response look for the X-GPGAuth-Verify-Response header. The client checks if the token matches the unencrypted one stored locally. If it does not match the client warns the user that the server identity cannot be verified. The client proceeds to the login step only if the local unencrypted token matches the server’s decrypted token.Login StepSteps Overview The client sends the user key fingerprint to the server. The server checks to see if the fingerprint is valid and if the user associated with it is active. It then generates a token of random data, stores an unencrypted version locally, and then creates an encrypted version of the token as well. The server sends the encrypted token to the client. The client prompts the user to enter their private key passphrase, the client decrypts the encrypted server token and checks the token format. The client sends back the decrypted token along with the user key fingerprint again. The server compares the decrypted token sent from the client to make sure it matches its locally stored unencrypted token from step 2. If the server is satisfied, the authentication is completed as with a normal form-based login: a session is started.Step 1 detailTo get your GPG key fingerprint, you can use the gpg --fingerprint command. It will output a list of fingerprint thecurrent user has access to.$ gpg --fingerprint/home/ada/.gnupg/pubring.kbx-----------------------------pub rsa4096 2015-10-26 [SC] [expires: 2019-10-26] 03F6 0E95 8F4C B297 23AC  DF76 1353 B5B1 5D9B 054Fuid [ unknown] Ada Lovelace <ada@passbolt.com>sub rsa4096 2015-10-26 [E] [expires: 2019-10-26]It is also possible to retrieve your fingerprint via the passbolt app. Once logged in, navigate to your user’s Profile, and selectKeys Inspector (URL path: /app/settings/keys).The client sends the fingerprint of the user’s key via a POST request.POST /auth/login.json'data' => [ 'gpg_auth' => [ 'keyid' => <fingerprint_of_the_user> ]]Step 2 detailStep 2a: A matching key is found on the server, and the user is active. The server then generates a random token,stores it locally and then encrypts it with the user’s public key.Step 2b: A matching key is not found, or one is found but it belongs to an inactive user. The server returns aHTTP 404 NOT FOUND response meaning the user with the given fingerprint is not granted access to your passbolt server.Step 3 detailThe encrypted token is then sent in theX-GPGAuth-User-Auth-Token header to the client. An example response looks like this.X-GPGAuth-Authenticated: falseX-GPGAuth-Login-URL: /auth/loginX-GPGAuth-Logout-URL: /auth/logoutX-GPGAuth-Progress: stage1X-GPGAuth-Pubkey-URL: /auth/verify.jsonX-GPGAuth-User-Auth-Token: -----BEGIN\\+PGP\\+MESSAGE-----X-GPGAuth-Verify-URL: /auth/verifyX-GPGAuth-Version: 1.3.0 For readability the usual response headers like Cache-Control, Content-Type, Date, Expires etc. are omitted above. Step 4 detailThe client asks the user the private key passphrase. Then with the private key, the client decrypts the token given by the server and verifies its format.Step 5 detailThe token is returned encoded as a url. To be used, it first needs to be decoded.Decode token with PHPIf you have php installed, you can use this command:echo \"<token>\" | php -r \"echo stripslashes(urldecode(file_get_contents('php://stdin')));\"Decode token using a browser consoleAlternatively, you could use the console of your browser with Javascript to decode the key:var uri = \"-----BEGIN\\+PGP\\+MESSAGE----- ...\"decodeURIComponent(uri)Using this browser console approach will still leave plus(+) signs in the header and footer which must be replacedwith spaces.Decrypt tokenNow that the token has been decoded, the client then decrypts the encrypted token:echo \"<encrypted_token_from_server>\" | gpg -dThe user’s private key passphrase will be required for decryption while also serving to verify the ownership of thefingerprint sent in step 1.The client must verify the token for proper format. Otherwise, there is a risk than an attacker uses this channel todecrypt othercontent. The token format must look like:gpgauthv1.3.0|36|10e2074b-f610-42be-8525-100d4e68c481|gpgauthv1.3.0After decrypting, the client will send the decrypted (plaintext) data back to the server for verification.POST /auth/login.json'data' => [ 'gpg_auth' => [ 'keyid' => <same_fingerprint_as_step1>, 'user_token_result' => <decrypted_token_in_plaintext> ]]Step 6 detailFinally, the server verifies the plaintext token against the one stored locally in step 2 and upon success: Initiates a session Logs the user in Generates a secure token and sends to the client as a cookie called “csrfToken”Working with CSRF tokenTo prevent Cross Site Request Forgery (“CSRF attacks”) aCSRF token must be included in all future requests that affect the integrity of the data (e.g. a resource edit, auser delete action). This makes sure that an attacker cannot create a malicious website that wouldtrigger an action in passbolt (e.g. preventing “clickjacking”). Currently the csrfToken cookie is not returned in the same Success response in Step 5 above. A simple GET call to /users/me.json will allow for the client to receive the cookie. This cookie can then be submitted through a special X-CSRF-Token header. Using a header often makes it easier to integrate a CSRF token with applications consuming the API. Working with MFAPassbolt Pro Edition currently supports logging in using multi factor authentication (MFA). Your script will need tocater for these scenarios if the account you are using has MFA enabled. After login, or when the current MFAauthorization session expires, if MFA is required the current request will be redirected using the HTTP 403 FORBIDDENcode.{ \"header\": { \"id\": \"b90fc548-236c-4e69-a6f6-27137e3acd0f\", \"status\": \"error\", \"servertime\": 1555513784, \"action\": \"af9aa2c6-7355-514d-a4a0-3e74de4c0fdb\", \"message\": \"MFA authentication is required.\", \"url\": \"/mfa/verify/error.json\", \"code\": 403 }, \"body\": { \"providers\": { \"totp\": \"https://my.passbolt.io/mfa/verify/totp.json\" } }}The response lists the available options. It is possible to redirect the user there or for some providers, such asTOTP (Google Authenticator) or HOTP (Yubikey), to implement this logic directly inside yourapplication with additional interactions.For example you can post the MFA credentials for TOTP provider as follow:fetch('/mfa/verify/totp.json', { method: 'POST', headers: { 'Content-Type': 'application/json; charset=utf-8', 'X-CSRF-Token': crsfToken }, body: {'totp': otp}});For some other providers like Duo, it requires you to have the ability to embed an iframe.", "url": "https://help.passbolt.com/api/authentication" -},"hosting-backup": { -"title": "Backup", -"category": "hosting", -"content": " Hosting Hosting FAQ Installation Update Upgrade Backup Installation issues home help hosting backup Backup your passbolt instance From source Backing up a from source passbolt installation DEB/RPM package Backing up a Passbolt package installation Docker Backing up a docker passbolt installation ", -"url": "https://help.passbolt.com/hosting/backup" },"api-comments-create": { "title": "Create a comment", "category": "api,comments,create", @@ -396,51 +385,31 @@

    Oh, no! Your search did not match any documents...

    "category": "api,groups", "content": "Groups are logical collection of users. They can be used for example to represents departments or projects in an organization. They are especially useful when you want to share Resources with multiple Users at once.The Group object Attribute Type Description Format id String Unique ID of the group in UUID format. UUID created String Datetime when the group was created ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 created_by String UUID of the user who created the group UUID deleted Boolean Whether the group has been deleted true/false modified String Datetime when the group was last modified ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 modified_by String UUID of the user who last modified the group UUID name String Group Name ", "url": "https://help.passbolt.com/api/groups" -},"configure-https": { -"title": "HTTPS", -"category": "configure", -"content": " Configure Configure HTTPS Configure LDAP Configure Account Recovery Configure SSO Configure Windows App Configure Password Policies Configure User Passphrase Policies Configure RBAC Configure LDAP with ssl Using LDAP Filters Troubleshoot LDAP sync errors Configure MFA Configure TOTP Configure Email Notifications Configure Email providers Configure Email authentication Troobleshoot Email config Environment variable reference Update database credentials home help configure https Community edition Debian/Ubuntu auto configure HTTPS Auto configure HTTPS with Let's Encrypt Debian/Ubuntu manual HTTPS configuration Configure HTTPS with user provided certificates Docker auto configure HTTPS Auto configure HTTPS with Let's Encrypt Docker manual HTTPS configuration Configure HTTPS with user provided certificates How to configure HTTPS with RPM package Configure HTTPS with RPM package AWS auto configure HTTPS Auto configure HTTPS with Let's Encrypt on AWS Digital Ocean auto configure HTTPS Auto configure HTTPS with Let's Encrypt on Digital Ocean Pro edition Debian/Ubuntu auto configure HTTPS Auto configure HTTPS with Let's Encrypt Debian/Ubuntu manual HTTPS configuration Configure HTTPS with user provided certificates Docker auto configure HTTPS Auto configure HTTPS with Let's Encrypt Docker manual HTTPS configuration Configure HTTPS with user provided certificates How to configure HTTPS with RPM package Configure HTTPS with RPM package OVA auto configure HTTPS Auto configure HTTPS with Let's Encrypt on OVA AWS auto configure HTTPS Auto configure HTTPS with Let's Encrypt on AWS ", -"url": "https://help.passbolt.com/configure/https" +},"extend-index-html": { +"title": "Developer Guide", +"category": "", +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print home help extend Developer Guide API Documentation Build on top of passbolt API Reference Browse API in Swagger UI Authentication How does GPG Authentication work? Github Want to see the code? This way! ", +"url": "https://help.passbolt.com/extend/index.html" +},"releases-pro-index-html": { +"title": "Release notes", +"category": "", +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", +"url": "https://help.passbolt.com/releases/pro/index.html" },"releases-ce-index-html": { "title": "Release notes", "category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", "url": "https://help.passbolt.com/releases/ce/index.html" -},"legal-index-html": { -"title": "The small print", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help legal Small print Terms of service Did you read the small print? Privacy policy What we do with your data. CLA Policy Contributor licence agreement Code of conduct Because everyone should feel welcome Credits Passbolt would not be possible without... Legal FAQ Frequently asked questions about legal matters ", -"url": "https://help.passbolt.com/legal/index.html" },"releases-index-html": { "title": "Release notes", "category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", "url": "https://help.passbolt.com/releases/index.html" -},"discover-index-html": { -"title": "Discover passbolt", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help discover Introduction Discovery FAQ Everybody has to start somewhere. Roadmap What are the current and upcoming features. Security Learn more about the security and threat model. Release notes Find out what have changed since last time! Incident reports What went wrong and what we did to fix it. Talk to a human We are not machines and it's a cold world out there. ", -"url": "https://help.passbolt.com/discover/index.html" -},"configure-docker-index-html": { -"title": "Configure", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help configure Configure Configure HTTPS How to setup HTTPS for secure communications PRO Configure LDAP How to configure the directory sync plugin PRO Configure Account Recovery How to configure Account Recovery PRO Configure SSO How to configure Single Sign-On Configure Windows App How to configure Windows App PRO Configure Password Policies How to configure Password Policies PRO Configure User Passphrase Policies How to configure User Passphrase Policies Configure RBAC How to configure Role-Based Access Control PRO Configure LDAP with ssl How to configure the LDAP plugin with ssl (ldaps) PRO Using LDAP Filters How to use the filters to configure your Users Directory PRO Troubleshoot LDAP sync errors Common ldap synchronization errors and their meaning Configure MFA How to configure Multi Factor Authentication Configure TOTP How to configure Time-based One Time Password Configure Email Notifications How to manage email notification settings Configure Email providers How to setup email providers Configure Email authentication How to configure your authentication method Troobleshoot Email config Common issues with emails Environment variable reference Reference list of all environment variables Update database credentials Update database credentials ", -"url": "https://help.passbolt.com/configure/docker/index.html" -},"configure-index-html": { -"title": "Configure", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help configure Configure Configure HTTPS How to setup HTTPS for secure communications PRO Configure LDAP How to configure the directory sync plugin PRO Configure Account Recovery How to configure Account Recovery PRO Configure SSO How to configure Single Sign-On Configure Windows App How to configure Windows App PRO Configure Password Policies How to configure Password Policies PRO Configure User Passphrase Policies How to configure User Passphrase Policies Configure RBAC How to configure Role-Based Access Control PRO Configure LDAP with ssl How to configure the LDAP plugin with ssl (ldaps) PRO Using LDAP Filters How to use the filters to configure your Users Directory PRO Troubleshoot LDAP sync errors Common ldap synchronization errors and their meaning Configure MFA How to configure Multi Factor Authentication Configure TOTP How to configure Time-based One Time Password Configure Email Notifications How to manage email notification settings Configure Email providers How to setup email providers Configure Email authentication How to configure your authentication method Troobleshoot Email config Common issues with emails Environment variable reference Reference list of all environment variables Update database credentials Update database credentials ", -"url": "https://help.passbolt.com/configure/index.html" -},"tech-index-html": { -"title": "All tech articles", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help tech More coming soon! ", -"url": "https://help.passbolt.com/tech/index.html" -},"hosting-index-html": { -"title": "Hosting", +},"contribute-index-html": { +"title": "Contributor Guide", "category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help hosting Hosting Hosting FAQ Frequently asked questions about hosting Installation How to install passbolt on your own server Update How to update a self-hosted passbolt instance Upgrade How to upgrade passbolt. Backup Guidelines to backup a passbolt instance Installation issues Do you need help installing passbolt? ", -"url": "https://help.passbolt.com/hosting/index.html" +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print home help contribute Contributor Guide Contributor FAQ How to get started as a contributor Feature requests Propose and vote for new ideas! Bug report Who knows, maybe it is a feature? Translation Your language is missing or you discovered an error Get a job! Careers opportunity at passbolt. ", +"url": "https://help.passbolt.com/contribute/index.html" },"incidents-index-html": { "title": "Incidents", "category": "", @@ -449,53 +418,23 @@

    Oh, no! Your search did not match any documents...

    },"": { "title": "Help homepage", "category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help Introduction Discovery FAQ Everybody has to start somewhere. Roadmap What are the current and upcoming features. Security Learn more about the security and threat model. Release notes Find out what have changed since last time! Incident reports What went wrong and what we did to fix it. Talk to a human We are not machines and it's a cold world out there. Getting started Get started using passbolt Frequently asked questions during first time use. Browser extension How to install and remove the browser extensions. Password basics Creating, editing, sharing and deleting passwords Sharing passwords Sharing is caring (but only if you really have to). Roles and permissions Information about the roles and permissions system of passbolt. Forum When in doubt, you can also ask the community! Hosting Hosting FAQ Frequently asked questions about hosting Installation How to install passbolt on your own server Update How to update a self-hosted passbolt instance Upgrade How to upgrade passbolt. Backup Guidelines to backup a passbolt instance Installation issues Do you need help installing passbolt? Configure Configure HTTPS How to setup HTTPS for secure communications PRO Configure LDAP How to configure the directory sync plugin PRO Configure Account Recovery How to configure Account Recovery PRO Configure SSO How to configure Single Sign-On Configure Windows App How to configure Windows App PRO Configure Password Policies How to configure Password Policies PRO Configure User Passphrase Policies How to configure User Passphrase Policies Configure RBAC How to configure Role-Based Access Control PRO Configure LDAP with ssl How to configure the LDAP plugin with ssl (ldaps) PRO Using LDAP Filters How to use the filters to configure your Users Directory PRO Troubleshoot LDAP sync errors Common ldap synchronization errors and their meaning Configure MFA How to configure Multi Factor Authentication Configure TOTP How to configure Time-based One Time Password Configure Email Notifications How to manage email notification settings Configure Email providers How to setup email providers Configure Email authentication How to configure your authentication method Troobleshoot Email config Common issues with emails Environment variable reference Reference list of all environment variables Update database credentials Update database credentials Extend API Documentation Build on top of passbolt API Reference Browse API in Swagger UI Authentication How does GPG Authentication work? Github Want to see the code? This way! Contribute Contributor FAQ How to get started as a contributor Feature requests Propose and vote for new ideas! Bug report Who knows, maybe it is a feature? Translation Your language is missing or you discovered an error Get a job! Careers opportunity at passbolt. Small print Terms of service Did you read the small print? Privacy policy What we do with your data. CLA Policy Contributor licence agreement Code of conduct Because everyone should feel welcome Credits Passbolt would not be possible without... Legal FAQ Frequently asked questions about legal matters ", +"content": " Passbolt Help Introduction User Guide Admin Guide Hosting guide Developer Guide Contributor Guide Small print home help Welcome! Welcome help.passbolt.com the historical place for the product documentation. The content of this website is currently being migrated here. Thank you for your patience! Introduction User Guide How to get started and basic functionalities explained. Admin Guide A guide on how to configuration passbolt. Hosting Guide A guide to install and run a passbolt server. Developer Guide A guide to call the passbolt API. Contributor Guide A guide to contribute to the project. Release notes Find out what have changed since last time! Incident reports What went wrong and what we did to fix it. Talk to a human We are not machines and it's a cold world out there. ", "url": "https://help.passbolt.com/" -},"contribute-index-html": { -"title": "Contribute", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help contribute Contribute Contributor FAQ How to get started as a contributor Feature requests Propose and vote for new ideas! Bug report Who knows, maybe it is a feature? Translation Your language is missing or you discovered an error Get a job! Careers opportunity at passbolt. ", -"url": "https://help.passbolt.com/contribute/index.html" -},"extend-index-html": { -"title": "Extend", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help extend Extend API Documentation Build on top of passbolt API Reference Browse API in Swagger UI Authentication How does GPG Authentication work? Github Want to see the code? This way! ", -"url": "https://help.passbolt.com/extend/index.html" -},"releases-pro-index-html": { -"title": "Release notes", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print All the releases Passbolt Pro Edition v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.3 - Borders August4th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Passbolt Community Edition (CE) v4.6.0 - Purple Haze March14th,2024 v4.5.2 - Marching The Hate Machines February14th,2024 v4.5.1 - The Times They Are A-Changin February9th,2024 v4.5.0 - Summer is ending February8th,2024 v4.4.2 - Is It Because I'm Black November29th,2023 v4.4.1 - Gimme Shelter November21st,2023 v4.4.0 - Zombie November7th,2023 v4.3.0 - No One Knows September26th,2023 v4.2.0 - The man who sold the world August24th,2023 v4.1.2 - Bella ciao July26th,2023 v4.1.1 - Insane in the Brain July13th,2023 v4.1.0 - War Pig July5th,2023 v4.0.4 - The One Percent June7th,2023 v4.0.3 - What's Going On June5th,2023 v4.0.2 - Creep June1st,2023 v4.0.1 - Under Pressure May30th,2023 v4.0.0 - Get Up, Stand Up May17th,2023 Older versions Passbolt Pro Edition v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.4 - Ya Amar December15th,2022 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 Passbolt Community Edition (CE) v3.12.2 - Stille Einfuegen April26th,2023 v3.12.1 - Mental Wave March29th,2023 v3.12.0 - Introspective March15th,2023 v3.11.1 - Birdie March3rd,2023 v3.11.0 - Regular March1st,2023 v3.10.0 - Glue February14th,2023 v3.9.0 - Bunny January18th,2023 v3.8.3 - Up Down Jumper December1st,2022 v3.8.2 - Trechter November28th,2022 v3.8.1 - Nana November17th,2022 v3.8.0 - Syria November10th,2022 v3.7.3 - Breathing September26th,2022 v3.7.2 - Knight Of The Jaguar September13th,2022 v3.7.1 - Last Day August12th,2022 v3.7.0 - Epikur July27th,2022 v3.6.0 - New Morning May25th,2022 v3.5.0-2 - Wide Open April13th,2022 v3.5.0 - Wide Open January18th,2022 v3.4.0 - Black Sunrise December7th,2021 v3.3.0 - Senior Elfo October27th,2021 v3.2.0 - La Clé Des Champs May31st,2021 v3.1.0 - Sea March18th,2021 v3.0.0 - Our House March10th,2021 ", -"url": "https://help.passbolt.com/releases/pro/index.html" -},"start-index-html": { -"title": "Get started with passbolt", -"category": "", -"content": " Passbolt Help Introduction Installation Getting started Hosting Configure Extend Contribute Small print home help start Getting started Get started using passbolt Frequently asked questions during first time use. Browser extension How to install and remove the browser extensions. Password basics Creating, editing, sharing and deleting passwords Sharing passwords Sharing is caring (but only if you really have to). Roles and permissions Information about the roles and permissions system of passbolt. Forum When in doubt, you can also ask the community! ", -"url": "https://help.passbolt.com/start/index.html" },"api": { "title": "Passbolt API Documentation", "category": "api", "content": "IntroductionThis document describes passbolt server component API. The API works over HTTPS in a REST fashion, so it islanguage framework agnostic. You can integrate passbolt services into your existing workflow using thetoolset of your choice.Getting StartedTo get started with the passbolt REST API (hereafter referred to as “The API”) you need at least: A running passbolt server instance. A passbolt user account if you want to access protected data. Some basic understanding of how public key cryptography works. An OpenPGP-compliant library to build with.Base URLThe API is served over HTTPS. All URLs referenced in the documentation omit the base urlof your passbolt installation domain such as:https://<passbolt.your-organization.com>.Response formatResponse envelopeThe API returns data in an envelope with “header” and “body” properties.The “header” contains response metadata like response code, server_time, error messages etc.The “body” contains the actual payload.For example, requesting a single resource by id will result in something like:{ \"header\": { \"id\": \"799c69c7-1789-4d87-9fbf-02529b0d21dc\", \"status\": \"success\", \"servertime\": 1554909967, \"action\": \"ad71952e-7842-599e-a19e-3a82e6974b23\", \"message\": \"The operation was successful.\", \"url\": \"\\/secrets\\/resource\\/8e3874ae-4b40-590b-968a-418f704b9d9a.json\", \"code\": 200 }, \"body\": { \"id\": \"eede75ff-316a-511c-8317-51e8339b6dcc\", \"user_id\": \"f848277c-5398-58f8-a82a-72397af2d450\", \"resource_id\": \"8e3874ae-4b40-590b-968a-418f704b9d9a\", \"resource_type_id\": \"e2aa01a9-84ec-55f8-aaed-24ee23259339\", \"data\": \"-----BEGIN PGP MESSAGE-----\", \"created\": \"2019-04-04T12:06:50+00:00\", \"modified\": \"2019-04-04T12:06:50+00:00\" }} Notice: The title under header is deprecated and will be removed in future release. Similarly, the code is only indicated to improve readability for an administrator when debugging and should not be relied on. Error responsesAn unsuccessful operation will result in an error response. The error response will follow the same scheme as abovewith the presence of both “header” and “body” properties, only this time the status in the header will be set toerror instead of success. The response body will contain the error details.{ \"header\": { \"id\": \"965c9f17-18ae-48fd-a36e-e42f04a30442\", \"status\": \"error\", \"servertime\": 1554907648, \"action\": \"ad8bbc35-6435-538e-b1a7-80b87bcedb6a\", \"message\": \"Could not validate resource data.\", \"url\": \"\\/resources.json\", \"code\": 400 }, \"body\": { \"name\": { \"_required\": \"A name is required.\" }, \"secrets\": { \"_required\": \"A secret is required.\" } }}As you can see, for validation errors, the response body contains two keys, “name” and “secrets” as they failedsome validation rules. Further, they also have their own json object with a key (“_required”) that represents thevalidation rule that failed and a value with the actual error message (“A name is required”).API VersionsHistorically, passbolt supported two different formats for interacting with the API. API version 1 is now deprecated.The passbolt server component supports only API version 2 and all calls are assumed to be version 2 - no parameter is neededto designate this.You can see the complete changelog on the officialthe repository.Encryption and decryptionSecurity and privacy are the biggest concerns for a password manager and passbolt is no exception.Passbolt’s solution uses end-to-end encryption and the encryption and decryption is always done on the client. The serveris mainly used to take care of relational data integrity and storage.Passbolt uses public key cryptographyand OpenPGP specifically. This guide will assume you are familiar with these concepts. fig. password exchange using passboltWhich OpenPGP implementation should I use?There are several ways you can use OpenPGP. The most popular option is to use GnuPG(directly or via GPGME) or another implementation in yourfavorite language.There are various language libraries available such as: OpenPGP.js: JavaScript alone (used by passbolt extension / cli) PHP GnuPG: PHP with GnuPG (used by passbolt server) OpenPGP.php: PHP alone (used by passbolt server). gpgme.js: JavaScript for GPGME GPGME Python: Python with GnuPG. PGPy: Python alone.You can find additional libraries on openpgp.org.Working with OpenPGP KeysAt the time of installation the passbolt server administrator generates an OpenPGP key pair and stores it inthe server keyring. Similarly, clients (such as the passbolt browser extension) generate a pair of keys during the setup.At the end of the setup the client stores its secret key locally and send the public key to the server.When authenticated, it is possible for a user to gather other user’s public keys, in order to share passwords with them.Prior to sending sensitive data, secrets must be encrypted using the recipient’s public key (e.g. another user, for example) and signed using the sender’s public key.This serves two purposes: Privacy by encrypting the data and Authenticity by confirming the identity of the sender.Accessing passbolt server public keyThe passbolt server public key is required during the “verify” step of the authentication. This step allows theclient to verify the server identity, for example to prevent the unlikely scenario where the domain was seized.Your passbolt server broadcasts its public key at /auth/verify.json:GET /auth/verify.json{ \"header\": { \"id\": \"6f416b88-8062-4e94-ab00-259a4cd2e085\", \"status\": \"success\", \"servertime\": 1554898043, \"action\": \"748dcd10-7d15-5498-9aa6-d26de348ff02\", \"message\": \"The operation was successful.\", \"url\": \"\\/auth\\/verify.json\", \"code\": 200 }, \"body\": { \"fingerprint\": \"2FC8945833C51946E937F9FED47B0811573EE67E\", \"keydata\": \"-----BEGIN PGP PUBLIC KEY BLOCK-----\" }}", "url": "https://help.passbolt.com/api" -},"hosting-install": { -"title": "Installation", -"category": "hosting", -"content": " Hosting Hosting FAQ Installation Update Upgrade Backup Installation issues home help hosting install Community edition POPULAR Debian 12 Step by step guide to install Passbolt CE on Debian Ubuntu 22.04 Step by step guide to install passbolt CE on Ubuntu 22.04 NEW ! Helm Step by step guide to install passbolt CE using Helm. Docker Install passbolt CE using docker Raspberry PI Step by step guide to install passbolt CE on Raspberry PI AWS AMI Use passbolt CE on AWS Digital Ocean Step by step guide to install passbolt CE on Digital Ocean RockyLinux 8 Install passbolt CE on RockyLinux Red Hat 8 Install passbolt CE on Red Hat OracleLinux 8 Install passbolt CE on OracleLinux CentOS 7 Install passbolt CE on CentOS AlmaLinux 8 Install passbolt CE on AlmaLinux Fedora Install passbolt CE on Fedora openSUSE Leap 15 Install passbolt CE on openSUSE From source code Guide to install passbolt CE from the source code. Pro edition POPULAR Debian 12 Step by step guide to install Passbolt Pro on Debian Ubuntu 22.04 Step by step guide to install passbolt Pro on Ubuntu 22.04 Docker Step by step guide to install passbolt Pro using Docker. NEW ! Helm Step by step guide to install passbolt Pro using Helm. Raspberry PI Step by step guide to install passbolt PRO on Raspberry PI Virtual machine Step by step guide to install passbolt Pro virtual appliance. AWS AMI Use passbolt Pro on AWS OracleLinux 8 Install passbolt PRO on OracleLinux AlmaLinux 8 Install passbolt PRO on AlmaLinux Fedora Install passbolt PRO on Fedora openSUSE Leap 15 Install passbolt PRO on openSUSE RockyLinux 8 Install passbolt PRO on RockyLinux Red Hat 8 Install passbolt PRO on Red Hat CentOS 7 Install passbolt PRO on CentOS ", -"url": "https://help.passbolt.com/hosting/install" -},"configure-mfa": { -"title": "MFA", -"category": "configure", -"content": " Configure Configure HTTPS Configure LDAP Configure Account Recovery Configure SSO Configure Windows App Configure Password Policies Configure User Passphrase Policies Configure RBAC Configure LDAP with ssl Using LDAP Filters Troubleshoot LDAP sync errors Configure MFA Configure TOTP Configure Email Notifications Configure Email providers Configure Email authentication Troobleshoot Email config Environment variable reference Update database credentials Configure Multi-Factor Authentication How to configure DUO with Passbolt How to configure passbolt to use DUO How to configure YubiKey with Passbolt How to configure passbolt to use Yubikey OTP How to configure TOTP with Passbolt How to configure passbolt to use TOTP ", -"url": "https://help.passbolt.com/configure/mfa" -},"releases-ce-rss": { -"title": "Passbolt Community Edition Release notes", -"category": "", -"content": "Passbolt Community Edition Release noteshttps://help.passbolt.com/releases/ce.rssMost recent release notes.en-us v4.6.0 | Purple Haze https://help.passbolt.com/releases/ce/purple_haze https://help.passbolt.com/releases/ce/purple_haze Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal The Passbolt Community Edition 4.6.0 release “Purple Haze”, brings enhancements that focus primarily on the administrative aspect and overall system health. This update introduces the Health Check feature within the Admin workspace, designed to offer administrators a comprehensive tool for system assessment and upkeep. In addition, this... Thu, 14 Mar 2024 00:00:00 +0100 v4.5.2 | Marching The Hate Machines https://help.passbolt.com/releases/ce/marching_the_hate_machines https://help.passbolt.com/releases/ce/marching_the_hate_machines Release song: https://youtu.be/53YYph6Edd0 Passbolt is pleased to announce the immediate availability of version 4.5.2. This is a maintenance update that contains important fixes for both the API and browser extension, addressing issues reported by the community since version 4.5.0. Most notably this update fixes a problem that previously prevented the... Wed, 14 Feb 2024 00:00:00 +0100 v4.5.1 | The Times They Are A-Changin https://help.passbolt.com/releases/ce/the-times-they-are-a-changin https://help.passbolt.com/releases/ce/the-times-they-are-a-changin Version 4.5.1 is exclusively a Passbolt browser extension maintenance release designed to address a problem that emerged with the earlier 4.5.0 release. This issue prevented Chrome users who run the Passbolt API from a subdirectory from establishing a connection. We would like to express our sincere thanks to the community... Fri, 09 Feb 2024 01:00:00 +0100 v4.5.0 | Summer is ending https://help.passbolt.com/releases/ce/summer_is_ending https://help.passbolt.com/releases/ce/summer_is_ending Passbolt v4.5.0 named “Summer is Ending” brings a host of new features and improvements, all designed to make your password management experience more secure, efficient, and user-friendly. At the heart of this release is the introduction of the Password Expiry feature, a much-anticipated functionality that allows administrators to enable the... Thu, 08 Feb 2024 00:00:00 +0100 v4.4.2 | Is It Because I'm Black https://help.passbolt.com/releases/ce/is_it_because_i_m_black https://help.passbolt.com/releases/ce/is_it_because_i_m_black Passbolt version 4.4.2 has been released, primarily as a maintenance update to address specific issues reported by users. This version includes two main fixes. The first fix concerns the Time-based One-Time Password (TOTP) feature. In the previous version, there was an issue where users could accidentally delete the TOTP secret... Wed, 29 Nov 2023 00:00:00 +0100 v4.4.1 | Gimme Shelter https://help.passbolt.com/releases/ce/gimme_shelter https://help.passbolt.com/releases/ce/gimme_shelter Release song: https://youtu.be/RbmS3tQJ7Os?si=lp8QM5B-R65C8Jek Passbolt v4.4.1 is a maintenance release aimed at addressing issues reported by the community, which were introduced in the previous release. The update addresses an issue concerning user roles in email notifications. Previously, administrators received notifications when another administrator was deleted. However, the deletion of any user,... Tue, 21 Nov 2023 00:00:00 +0100 v4.4.0 | Zombie https://help.passbolt.com/releases/ce/zombie https://help.passbolt.com/releases/ce/zombie Version 4.4 of the Community Edition has launched with new capabilities and improvements. With this release, users are able to manage TOTPs directly from the browser, providing an extended TOTP experience across all their devices. They can now be created, deleted, organised and shared with others just like any other... Tue, 07 Nov 2023 00:00:00 +0100 v4.3.0 | No One Knows https://help.passbolt.com/releases/ce/no_one_knows https://help.passbolt.com/releases/ce/no_one_knows Introducing the newest release of passbolt – get to know version 4.3 This update extends the portability of TOTP (Time Based One Time Password) content. You can now access TOTP items from passbolt’s mobile app and web interface. While the ability to create a TOTP is still limited to mobile,... Tue, 26 Sep 2023 00:00:00 +0200 v4.2.0 | The man who sold the world https://help.passbolt.com/releases/ce/the-man-who-sold-the-world https://help.passbolt.com/releases/ce/the-man-who-sold-the-world Version 4.2 of the Community Edition introduces a number of enhancements and fixes to the passbolt experience. One of the highlights of this release is the first brick of grid modernization. With it, you’re in control of what’s shown on the password grid. You can decide which columns you want... Thu, 24 Aug 2023 02:00:00 +0200 v4.1.2 | Bella ciao https://help.passbolt.com/releases/ce/bella-ciao https://help.passbolt.com/releases/ce/bella-ciao Version 4.1.2 of passbolt is a maintenance release mainly solving small bugs reported by the community on the API as well as the browser extension. The API ships with a fix that restores email notifications for organisations using NTLM to authenticate against their SMTP server. On the client side, the... Wed, 26 Jul 2023 02:00:00 +0200 v4.1.1 | Insane in the Brain https://help.passbolt.com/releases/ce/insane-in-the-brain https://help.passbolt.com/releases/ce/insane-in-the-brain Version 4.1.1 of Passbolt is a fix release solving two false-fails on the healthcheck. These were reported by our community members on the forum here and here. Thank you for helping us make Passbolt better! API Fixed PB-25304 As an administrator the application healthcheck should compare passbolt version with the... Thu, 13 Jul 2023 02:00:00 +0200 v4.1.0 | War Pig https://help.passbolt.com/releases/ce/war-pig https://help.passbolt.com/releases/ce/war-pig Version 4.1 of Passbolt introduces the long-awaited Role-Based Access Control (RBAC) feature. In its first version, RBAC provides admins with the ability to control the capabilities offered to users through the user interface (UI). As passbolt evolves, subsequent releases will expand on this, eventually providing control over API capabilities. On... Wed, 05 Jul 2023 02:00:00 +0200 v4.0.4 | The One Percent https://help.passbolt.com/releases/ce/the-one-percent https://help.passbolt.com/releases/ce/the-one-percent This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the web integrated in-form menu.Browser extensionFixed PB-24932 Fix: As a user I want to be able to sign-in through SSO from the inform menu Wed, 07 Jun 2023 02:00:00 +0200 v4.0.3 | What's Going On https://help.passbolt.com/releases/ce/what-s-going-on https://help.passbolt.com/releases/ce/what-s-going-on This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the quickaccess.Browser extensionFixed PB-24734 Fix As a registered user I would like to be able to use SSO login via the quickaccess Mon, 05 Jun 2023 02:00:00 +0200 v4.0.2 | Creep https://help.passbolt.com/releases/ce/creep https://help.passbolt.com/releases/ce/creep Presenting the latest update of passbolt, version 4.0.2. This release revises a previous fix for a community-reported bug. The bug impacts 32-bit operating systems. Find out more about the reported issue on the community forum. API Fixed PB-24644 As an admin I should be able to run migrations on a... Thu, 01 Jun 2023 02:00:00 +0200 v4.0.1 | Under Pressure https://help.passbolt.com/releases/ce/under-pressure https://help.passbolt.com/releases/ce/under-pressure Introducing the latest update of Passbolt CE, release v4.0.1. This release update fixes a bug reported by the community impacting 32 bit operating systems. The issue reported can be found on the community forum. API Added PB-24644 As an admin I should be able to run migrations on a 32... Tue, 30 May 2023 02:00:00 +0200 v4.0.0 | Get Up, Stand Up https://help.passbolt.com/releases/ce/get-up-stand-up https://help.passbolt.com/releases/ce/get-up-stand-up Introducing the latest update of passbolt Pro, release v4. This update includes some significant enhancements to the platform’s functionality and overall user experience. Attention: This is a major change, so make sure you check the platform requirements, and do a test upgrade, before you update your live systems to the... Wed, 17 May 2023 02:00:00 +0200 v3.12.2 | Stille Einfuegen https://help.passbolt.com/releases/ce/stille-einfuegen https://help.passbolt.com/releases/ce/stille-einfuegen This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database. If you want to... Wed, 26 Apr 2023 02:00:00 +0200 v3.12.1 | Mental Wave https://help.passbolt.com/releases/ce/mental-wave https://help.passbolt.com/releases/ce/mental-wave This release is a small maintenance release of the browser extension only. It fixes issues reported by the community relative to users email validation and the latest introduced SSO. A big thank you to the community members who are reporting issues and help us investigate them. Browser extension Fix PB-23930... Wed, 29 Mar 2023 02:00:00 +0200 v3.12.0 | Introspective https://help.passbolt.com/releases/ce/introspective https://help.passbolt.com/releases/ce/introspective Release 3.12 includes a number of new features and enhancements, including the much-anticipated addition of folders in the Community Edition, which allows users to better organise resources. Another notable new feature is the ability to customise passbolt to output the action logs in syslog or a file, giving administrators more... Wed, 15 Mar 2023 01:00:00 +0100 v3.11.1 | Birdie https://help.passbolt.com/releases/ce/birdie https://help.passbolt.com/releases/ce/birdie This is a small maintenance release addressing community reported issues related to the recently introduced Duo v4 support. This release also includes a security fix for the browser extension to mitigate clickjacking attacks discovered during an independent security audit of the API and browser extension by Cure53. As always, detailed... Fri, 03 Mar 2023 01:00:00 +0100 v3.11.0 | Regular https://help.passbolt.com/releases/ce/regular https://help.passbolt.com/releases/ce/regular Community Edition v3.11 introduces new features and enhancements to your passbolt experience. Duo v4 MFA support is now available in the browser, an update from the previously supported v2. The API also now features a new endpoint that allows administrators to get paginated action logs, to make it easier to... Wed, 01 Mar 2023 01:00:00 +0100 v3.10.0 | Glue https://help.passbolt.com/releases/ce/glue https://help.passbolt.com/releases/ce/glue The passbolt team is excited to share the latest improvements in release 3.10. With the help of our contributors and the community’s input, passbolt is proud to present the release of self-registration. Users can now self-register if their email domain matches the administrator-defined policy. This will make the registration process... Tue, 14 Feb 2023 01:00:00 +0100 v3.9.0 | Bunny https://help.passbolt.com/releases/ce/v390-bunny https://help.passbolt.com/releases/ce/v390-bunny The team at passbolt is thrilled to announce the release of v3.9 for immediate availability! Passbolt CE v3.9 ships with Multi Factor Authentication (MFA) for all community edition users! Users can now set up MFA using various methods, including Duo, TOTP (Google Authenticator, Authy), and YubiKey (with Yubico Cloud). Important:... Wed, 18 Jan 2023 01:00:00 +0100 v3.8.3 | Up Down Jumper https://help.passbolt.com/releases/ce/up-down-jumper https://help.passbolt.com/releases/ce/up-down-jumper This release is a small maintenance release of the API only fixing issues reported by the community relative to the latest introduced SMTP settings feature. It also adds additional information to try to improve the debug process when dealing with Gnupg integration issues. A big thank you to the community... Thu, 01 Dec 2022 01:00:00 +0100 v3.8.2 | Trechter https://help.passbolt.com/releases/ce/trechter https://help.passbolt.com/releases/ce/trechter This release is a small maintenance release fixing issues reported by the community relative to the session expiry. Additionally it was the opportunity to ship a long time requested improvement also relative to the session expiry. When signing in to passbolt and checking the “remember until sign out” checkbox, users... Mon, 28 Nov 2022 01:00:00 +0100 v3.8.1 | Nana https://help.passbolt.com/releases/ce/nana https://help.passbolt.com/releases/ce/nana This release is a small maintenance release fixing issues reported by the community relative to the just introduced SMTP settings feature. This version should support more authentication use cases and be more flexible while editing an existing configuration. Thanks to the community members who reported issues and helped us fix... Thu, 17 Nov 2022 01:00:00 +0100 v3.8.0 | Syria https://help.passbolt.com/releases/ce/syria https://help.passbolt.com/releases/ce/syria The team is pleased to announce the v3.8 immediate availability. This release ships with two new themes, a light and dark Solarized themes. Along with the redesign that occurred earlier this year, these themes served as a foundation to propose additional look and feel, but also welcome your contributions. If... Thu, 10 Nov 2022 09:00:00 +0100 v3.7.3 | Breathing https://help.passbolt.com/releases/ce/breathing https://help.passbolt.com/releases/ce/breathing This release is a security release fixing a spell-jacking security flaw discovered by otto-js.You can learn more about this flaw on the dedicated security incident page.Browser extensionSecurity PB-19090 Protect forms from spell-jacking attackAPISecurity PB-19090 Protect forms from spell-jacking attack Mon, 26 Sep 2022 10:00:00 +0200 v3.7.2 | Knight Of The Jaguar https://help.passbolt.com/releases/ce/knight-of-the-jaguar https://help.passbolt.com/releases/ce/knight-of-the-jaguar This release is small maintenance release mainly fixing bugs reported by the community. The API and the browser extension have also been prepared to welcome new themes. If you wish to contribute and propose your theme, checkout the blog article: How to create a custom passbolt theme with the UI... Tue, 13 Sep 2022 10:00:00 +0200 v3.7.1 | Last Day https://help.passbolt.com/releases/ce/last-day https://help.passbolt.com/releases/ce/last-day This release is a maintenance release fixing some compatibility problem with Postgresql and ironing out some of the bugs reported by the community. We wish you a good end of the summer. Browser extension Fixed PB-18420 As AN completing the setup I should understand what information the account recovery feature... Fri, 12 Aug 2022 10:00:00 +0200 v3.7.0 | Epikur https://help.passbolt.com/releases/ce/epikur https://help.passbolt.com/releases/ce/epikur This release is a minor maintenance release focused on security, performance and compatibility optimization. It includes some security fixes related to a security audit that was performed by Cure53 on the new account recovery feature. Long story short, while the security researchers found some weaknesses, no exploitable vulnerability was found.... Wed, 27 Jul 2022 10:00:00 +0200 v3.6.0 | New Morning https://help.passbolt.com/releases/ce/new-morning https://help.passbolt.com/releases/ce/new-morning The team is pleased to announce the v3.6 immediate availability which, as you may already have seen, includes a design refresh of the application. On top of that, this release ships with some more improvements and fixes. Performance boost on the client cryptographic operations; Additional key validations on setup for... Wed, 25 May 2022 14:00:00 +0200 v3.5.0-2 | Wide Open https://help.passbolt.com/releases/ce/wide-open-2 https://help.passbolt.com/releases/ce/wide-open-2 This release contains some important package changes that needs to be done before the 18th of May 2022. Make sure your follow the guide below. This release contains some important changes to the packages for Passbolt API. If you installed passbolt from source or using docker, you are not affected.... Wed, 13 Apr 2022 02:00:00 +0200 v3.5.0 | Wide Open https://help.passbolt.com/releases/ce/wide-open https://help.passbolt.com/releases/ce/wide-open This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.5 immediate availability which includes the most awaited launch of the iOS and Android Mobile applications (currently pending... Tue, 18 Jan 2022 01:00:00 +0100 v3.4.0 | Black Sunrise https://help.passbolt.com/releases/ce/black-sunrise https://help.passbolt.com/releases/ce/black-sunrise This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.4 immediate availability which includes new features as well as some fixes requested by the community. In a... Tue, 07 Dec 2021 01:00:00 +0100 v3.3.0 | Senior Elfo https://help.passbolt.com/releases/ce/senior-elfo https://help.passbolt.com/releases/ce/senior-elfo This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the much awaited v3.3 which includes new features as well as some fixes requested by the community. It’s been... Wed, 27 Oct 2021 02:00:00 +0200 v3.2.0 | La Clé Des Champs https://help.passbolt.com/releases/ce/la-cle-des-champs https://help.passbolt.com/releases/ce/la-cle-des-champs This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce that the much awaited “Internationalisation” feature is available to Passbolt Pro, Passbolt Cloud (in progress) as well as Passbolt... Mon, 31 May 2021 14:00:00 +0200 v3.1.0 | Sea https://help.passbolt.com/releases/ce/love-over-entropy-sea https://help.passbolt.com/releases/ce/love-over-entropy-sea This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3.1. This release introduces several new features, most notably the ability to update... Thu, 18 Mar 2021 13:00:00 +0100 v3.0.0 | Our House https://help.passbolt.com/releases/ce/v300-our-house https://help.passbolt.com/releases/ce/v300-our-house This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3. As you may have noticed with the earlier release in January and... Wed, 10 Mar 2021 13:00:00 +0100 v2.13.5 | Stomp (Remix) https://help.passbolt.com/releases/ce/v2135-stomp https://help.passbolt.com/releases/ce/v2135-stomp This is a small maintenance release. It ships with a few bug fixes and improvements for the web extension. Changelog API [2.13.5] 2019-07-29 Fixed Fix display a validation error when db password contains a quote or db name contain a dash Fix email notification settings bootstrap messes up non persistent... Wed, 22 Jul 2020 14:00:00 +0200 v2.13.1 | Stomp https://help.passbolt.com/releases/ce/v2131-stomp https://help.passbolt.com/releases/ce/v2131-stomp This is a small maintenance release. It fixes a bug introduced with the latest release. Thank you to everyone who helped us test and iron out the last kinks! In other news, we just published an article on the blog to explain why passbolt requires an extension. Changelog API Fixed... Tue, 07 Jul 2020 10:00:00 +0200 v2.13.0 | Hammer to Fall https://help.passbolt.com/releases/ce/v2130-hammer-to-fall https://help.passbolt.com/releases/ce/v2130-hammer-to-fall This release introduces some database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc The team is pleased to announce the availability of Passbolt CE v2.13. This release includes new functionalities, most notably the email digest functionality. Email digest The email... Wed, 24 Jun 2020 18:55:00 +0200 v2.12.1 | Never Gonna Give You Up https://help.passbolt.com/releases/ce/v2121-never-gonna-give-you-up https://help.passbolt.com/releases/ce/v2121-never-gonna-give-you-up This release contains a security fix, please update your server as soon as possible. Make sure you follow the minor update documentation to roll out this new version. Read the doc This is a small maintenance release in order to update to jQuery v3.5. The library released an important security... Tue, 14 Apr 2020 18:30:00 +0200 v2.12.0 | Call Me https://help.passbolt.com/releases/ce/v2120-call-me https://help.passbolt.com/releases/ce/v2120-call-me This release is mainly a maintenance release. It ships with several fixes, mainly regarding the web extension. The previously published extension version contained some security fix for an issue in the quick access suggestion system reported by security researcher Rene Kroka. You can learn more about it on the incident... Fri, 06 Dec 2019 12:05:00 +0100 v2.11.0 | Don't You (Forget about me) https://help.passbolt.com/releases/ce/v2110-dont-you https://help.passbolt.com/releases/ce/v2110-dont-you Passbolt1 v2.11 is maintenance release containing security fixes. Extension update will be rolled out automatically to your users like usual, but as an administrator you will need to update your server. This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new... Wed, 07 Aug 2019 08:30:00 +0200 v2.10.0 | Owner of a Lonely Heart https://help.passbolt.com/releases/ce/v2100-owner-of-a-lonely-heart https://help.passbolt.com/releases/ce/v2100-owner-of-a-lonely-heart This release ships with some nice improvements, notably the apparition of the administration dashboard for the Community Edition. This dashboard only contains one section for now: email notification settings. However, some more sections will appear in the next releases as the idea is to remove completely the pain point of... Thu, 16 May 2019 14:00:00 +0200 v2.9.0 | Paint it black https://help.passbolt.com/releases/ce/v290-paint-it-black https://help.passbolt.com/releases/ce/v290-paint-it-black This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation This release introduces the ability to create entries directly from the quickaccess menu, in the browser toolbar. fig. Creating an entry from quickaccess It... Wed, 24 Apr 2019 14:00:00 +0200 v2.8.4 | Where is my mind https://help.passbolt.com/releases/ce/v284-where-is-my-mind https://help.passbolt.com/releases/ce/v284-where-is-my-mind This release is mainly a maintenance release. It ships with more performance improvements and fixes a few bugs reported by the community. The API has also now been fully documented. It is in 2 parts: the API documentation which is available on our help website, and the API reference which... Wed, 17 Apr 2019 19:00:00 +0200 v2.8.3 | Blue Monday https://help.passbolt.com/releases/ce/v283-blue-monday https://help.passbolt.com/releases/ce/v283-blue-monday This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release ships with the much awaited “quick access” and “auto-fill” features. It is now possible to access your passwords directly from the browser... Mon, 01 Apr 2019 02:00:00 +0200 v2.7.1 | Welcome To The Jungle https://help.passbolt.com/releases/ce/v271-welcome-to-the-jungle https://help.passbolt.com/releases/ce/v271-welcome-to-the-jungle This release contains one fix, a regression in the web installer shipped with v2.7.0. PASSBOLT-3416: Fix the uses of php short tags in the webinstaller template files Wed, 13 Feb 2019 01:00:00 +0100 v2.7.0 | Jump https://help.passbolt.com/releases/ce/v270-jump https://help.passbolt.com/releases/ce/v270-jump This release introduces some security fixes, new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation The main focus of this release was to improve the performance and reactivity of the application, as well as... Mon, 11 Feb 2019 01:00:00 +0100 v2.5.0 | Thunderstruck https://help.passbolt.com/releases/ce/v250-thunderstruck https://help.passbolt.com/releases/ce/v250-thunderstruck This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release greatly simplifies the passbolt installation process. It ships with automated scripts for your favorite distributions (Debian 9, CentOS 7 and Ubuntu 18.04)... Thu, 15 Nov 2018 01:00:00 +0100 v2.4.0 | Final Countdown https://help.passbolt.com/releases/ce/v240-final-countdown https://help.passbolt.com/releases/ce/v240-final-countdown This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release introduce the ability for users to select multiple passwords and perform a bulk action such as delete or share. This was a... Thu, 11 Oct 2018 13:11:11 +0200 v2.3.0 | Shine On You Crazy Diamond https://help.passbolt.com/releases/ce/v230-shine-on-you-crazy-diamond https://help.passbolt.com/releases/ce/v230-shine-on-you-crazy-diamond This release introduces a much awaited improvement which now allows when deleting a user to transfer blocking permissions. This release brings a few small user interfaces and improvements, such as placeholder labels when something, like the resource description, is empty. fig. Example of user delete screen with permissions transfer Thanks... Wed, 05 Sep 2018 02:00:00 +0200 v2.2.0 | I want to break free https://help.passbolt.com/releases/ce/v220-i-want-to-break-free https://help.passbolt.com/releases/ce/v220-i-want-to-break-free Please note that Passbolt API V1.x will be officially unmaintained from 1st of September 2018. If you haven’t upgraded to V2.x yet, it is strongly advised to do it now since the next versions of the browser extension will not be compatible anymore with V1.x branch. This release is mainly... Mon, 13 Aug 2018 02:00:00 +0200 v2.1.0 | Loungin https://help.passbolt.com/releases/ce/v210-loungin https://help.passbolt.com/releases/ce/v210-loungin This release includes a major rewrite of the javascript front-end code with an upgrade to CanJS version 3. We are very pleased by this upgrade as it will also us to ship features faster in the future. Another simple but notable improvement is the ability to copy the username to... Thu, 14 Jun 2018 02:00:00 +0200 v2.0.9 | Cold Vein https://help.passbolt.com/releases/ce/v209-cold-vein https://help.passbolt.com/releases/ce/v209-cold-vein This is a maintenance release for passbolt web extension that fixes issues reported by the community. Web Extension Bug fixes Fix content scripts should not be inserted if they are already present. Fix auth pagemod should insert script when a redirection is set in url Fix json.headers should be json.header... Wed, 09 May 2018 02:00:00 +0200 v2.0.8 | They Reminisce https://help.passbolt.com/releases/ce/v208-untitled https://help.passbolt.com/releases/ce/v208-untitled This is a maintenance release for passbolt web extension that fixes issues reported by the community.Web ExtensionBug fixes Fix backward compatibility issue with search user API v1. Wed, 09 May 2018 02:00:00 +0200 v2.0.7 | Struggle https://help.passbolt.com/releases/ce/v207-struggle https://help.passbolt.com/releases/ce/v207-struggle Security notice: Nginx user, please review your configuration file to make sure you are using the correct application root. It should be: /var/www/passbolt/webroot Read more This release fixes issues introduced by the v2.0.5 both in the webextension and in the API. As you can see version v2.0.6 is skipped in... Wed, 09 May 2018 02:00:00 +0200 v2.0.5 | Everyday struggle https://help.passbolt.com/releases/ce/v205-everydaystruggle https://help.passbolt.com/releases/ce/v205-everydaystruggle This is a maintenance for both Passbolt Pro and Community edition. It fixes issues reported by the community such as the vulnerability reported by Matthias vd Meent, considering the use of an unsecure pseudo random number generator when generating passwords. You can learn more about the issue on the dedicated... Tue, 08 May 2018 02:00:00 +0200 v2.0.4 | Something we all adore https://help.passbolt.com/releases/ce/v204-somethingwealladore https://help.passbolt.com/releases/ce/v204-somethingwealladore This is a maintenance release that fixes issues reported by the community.Passbolt APIFixed COMMUNITY-599: Make email MX validation optional and not enabled by default GITHUB-247: Fix secrets are not deleted when deleting a group or a user Thu, 26 Apr 2018 02:00:00 +0200 v2.0.3 | Definition https://help.passbolt.com/releases/ce/v203-definition https://help.passbolt.com/releases/ce/v203-definition This is a maintenance release that improves compatibility with CentOS 7.Passbolt APIFixed PASSBOLT-2849: Fix issue with the permissions query and MariaDB 5.5 PASSBOLT-2848: Fix unsafe mode and ssl offloading Fri, 20 Apr 2018 02:00:00 +0200 v2.0.2 | Mass Appeal https://help.passbolt.com/releases/ce/v202-mass-appeal https://help.passbolt.com/releases/ce/v202-mass-appeal This is a maintenance release that fixes a bug related to the v1 database migration. Thanks to @shochdoerfer for his contribution. Passbolt API Improved GITHUB-242: Add Auto-Submitted header to the email notifications Fixed PASSBOLT-2806: Force database columns charset and collation PASSBOLT-2781: Increase length of resource uri field in model validation... Tue, 17 Apr 2018 02:00:00 +0200 v2.0.1 | Knock You Out https://help.passbolt.com/releases/ce/v201-knock-you-out https://help.passbolt.com/releases/ce/v201-knock-you-out This is a maintenance release that fixes a regression introduced in v2.0.0. Many thanks to @odyx for his blazing fast reaction at reporting the bug and submitting a fix. Passbolt API Improved PASSBOLT-2511: Improve healthcheck tables list so that tables are listed per major version Fixed GITHUB-239: Fix unsafe mode... Tue, 10 Apr 2018 02:00:00 +0200 v2.0.0 | Insomnia https://help.passbolt.com/releases/ce/v200-insomnia https://help.passbolt.com/releases/ce/v200-insomnia This is not an April fool! Passbolt v2.0.0 is ready and available for download. Kindly note that this is a major version release. If you are still running on the v1.x branch, you will need to follow a specific upgrade procedure. The main aspect of this release is the upgrade... Tue, 10 Apr 2018 02:00:00 +0200 v2.0.0-rc2 | Planète mars https://help.passbolt.com/releases/ce/v200-rc2-planete-mars https://help.passbolt.com/releases/ce/v200-rc2-planete-mars This releases fixes a few issues reported by the passbolt users that have switched to the v2.0.0-RC1. It also ships with a few cosmetic improvements as well as new healthchecks and debug tools to ease the installation process. For example you can now call the following command to send a... Tue, 20 Feb 2018 01:00:00 +0100 v2.0.0-rc1 | The Message https://help.passbolt.com/releases/ce/v200-rc1-the-messsage https://help.passbolt.com/releases/ce/v200-rc1-the-messsage The main aspect of this release is the upgrade of the passbolt api code base to CakePHP v3. It also ships with improvements such as a simplified configuration system, a better XSS protection and more tolerant validation rules. See the full list below. This release is a complete rewrite of... Sat, 13 Jan 2018 01:00:00 +0100 v1.0.12 | Brick House https://help.passbolt.com/releases/ce/v1012-brickhouse https://help.passbolt.com/releases/ce/v1012-brickhouse This release brings an interesting new feature: the possibility to see the list of the users a password is shared with at a glance, directly from the sidebar. v1.0.12 also comes with its fair share of bug fixes, and some UI improvements. As usual, we have also worked on increasing... Tue, 31 May 2016 02:00:00 +0200 v1.0.11 | Soul Makossa https://help.passbolt.com/releases/ce/v1011-soulmakossa https://help.passbolt.com/releases/ce/v1011-soulmakossa This release brings some new email notifications. Until now you could only receive a notification when someone was sharing a password with you. With this new set of features you will also receive a nudge when someone comment, edit or delete a password that you own (or that is shared... Mon, 16 May 2016 02:00:00 +0200 v1.0.10 | Sittin' on the dock https://help.passbolt.com/releases/ce/v1010-dockofthebay https://help.passbolt.com/releases/ce/v1010-dockofthebay This release most notable improvement is a health-check page that can help administrators diagnose what is the status of their installation. This week we are still ironing out a few bugs and environment related issues. fig. example /healthcheck screen A big thank you to Alexis Vachette and Ebrahim Imami who... Tue, 03 May 2016 02:00:00 +0200 v1.0.9 | Let's stay together https://help.passbolt.com/releases/ce/v109-letsstaytogether https://help.passbolt.com/releases/ce/v109-letsstaytogether This release was mainly about bug fixes. Also, thanks to an article in the awesome magazine LinuxFR more people are trying to install passbolt on their own machine, so we published a new page containing updated installation instructions. Passbolt API Added improvements PASSBOLT-1495: Update installation instructions in README file. Passbolt... Mon, 25 Apr 2016 02:00:00 +0200 v1.0.8 | Lovely Day https://help.passbolt.com/releases/ce/v108-lovelyday https://help.passbolt.com/releases/ce/v108-lovelyday This is a small release, as we are busy collecting feedbacks from all of our early users. Thanks for all the positive vibes! Passbolt API Fixed bugs PASSBOLT-1445: As a LU viewing someone else comment I should not see the delete comment button. PASSBOLT-1402: As LU, In the comment thread... Fri, 15 Apr 2016 02:00:00 +0200 v1.0.7 | Ring my bell https://help.passbolt.com/releases/ce/v107-ringmybell https://help.passbolt.com/releases/ce/v107-ringmybell This week we rolled out a new homepage as you may have noticed. We also revamped the password workspace when no password are present. The nest illustration you can now see in place of the original void is a courtesy of our beloved Arthur Duarte. Check out his work. A... Tue, 05 Apr 2016 02:00:00 +0200 v1.0.6 | Boogie Wonderland https://help.passbolt.com/releases/ce/v106-boogiewonderland https://help.passbolt.com/releases/ce/v106-boogiewonderland Another release mostly focusing on bug fixes. Big shout out to our testers: Lilian, Nikki, Marcin and Vrindha! The only major new functionality is the release of a first version of a slack plugin for passbolt. You can now track the signup in slack. Get in touch with us if... Tue, 29 Mar 2016 02:00:00 +0200 v1.0.5 | Move On Up https://help.passbolt.com/releases/ce/v105-moveonup https://help.passbolt.com/releases/ce/v105-moveonup That’s one small release for both the browser add-on and the API but a giant leap for the project. Passbolt officially in Private Alpha and the first testers are starting to give us feedback. A big thank you to our first testers: Karthik, Lilian, Amitav and Parbhjot! It is also... Tue, 22 Mar 2016 01:00:00 +0100", -"url": "https://help.passbolt.com/releases/ce.rss" },"releases-pro-rss": { "title": "Passbolt Pro Edition Release notes", "category": "", "content": "Passbolt Pro Edition Release noteshttps://help.passbolt.com/releases/pro.rssMost recent release notes.en-us v4.6.0 | Purple Haze https://help.passbolt.com/releases/pro/purple_haze https://help.passbolt.com/releases/pro/purple_haze Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal The Passbolt Pro 4.6.0 release “Purple Haze”, brings a new SSO provider and improves administrative aspects and overall system health. A major addition in this release is the Beta implementation of SSO AD FS (Active Directory Federation Services), enabling streamlined single sign-on capabilities for improved user access... Thu, 14 Mar 2024 00:00:00 +0100 v4.5.2 | Marching The Hate Machines https://help.passbolt.com/releases/pro/marching_the_hate_machines https://help.passbolt.com/releases/pro/marching_the_hate_machines Release song: https://youtu.be/53YYph6Edd0 Passbolt is pleased to announce the immediate availability of version 4.5.2. This is a maintenance update that contains important fixes for both the API and browser extension, addressing issues reported by the community since version 4.5.0. Most notably this update fixes a problem that previously prevented the... Wed, 14 Feb 2024 00:00:00 +0100 v4.5.1 | The Times They Are A-Changin https://help.passbolt.com/releases/pro/the-times-they-are-a-changin https://help.passbolt.com/releases/pro/the-times-they-are-a-changin Version 4.5.1 is exclusively a Passbolt browser extension maintenance release designed to address a problem that emerged with the earlier 4.5.0 release. This issue prevented Chrome users who run the Passbolt API from a subdirectory from establishing a connection. We would like to express our sincere thanks to the community... Fri, 09 Feb 2024 01:00:00 +0100 v4.5.0 | Summer is ending https://help.passbolt.com/releases/pro/summer_is_ending https://help.passbolt.com/releases/pro/summer_is_ending Passbolt v4.5.0, named “Summer is Ending”, introduces exclusive features for Pro users, alongside enhancements available to everyone. These updates are geared towards empowering teams with even more control and flexibility over their password management practices. At the heart of this release is the introduction of the Password Expiry feature, a... Thu, 08 Feb 2024 00:00:00 +0100 v4.4.2 | Is It Because I'm Black https://help.passbolt.com/releases/pro/is_it_because_i_m_black https://help.passbolt.com/releases/pro/is_it_because_i_m_black Passbolt version 4.4.2 has been released, primarily as a maintenance update to address specific issues reported by users. This version includes two main fixes. The first fix concerns the Time-based One-Time Password (TOTP) feature. In the previous version, there was an issue where users could accidentally delete the TOTP secret... Wed, 29 Nov 2023 00:00:00 +0100 v4.4.1 | Gimme Shelter https://help.passbolt.com/releases/pro/gimme_shelter https://help.passbolt.com/releases/pro/gimme_shelter Release song: https://youtu.be/RbmS3tQJ7Os?si=lp8QM5B-R65C8Jek Passbolt v4.4.1 is a maintenance release aimed at addressing issues reported by the community, which were introduced in the previous release. The update addresses an issue concerning user roles in email notifications. Previously, administrators received notifications when another administrator was deleted. However, the deletion of any user,... Tue, 21 Nov 2023 00:00:00 +0100 v4.4.0 | Zombie https://help.passbolt.com/releases/pro/zombie https://help.passbolt.com/releases/pro/zombie Version 4.4 of Passbolt Pro is now available, packed full of improvements and new functionalities. With this release, users are able to manage TOTPs directly from the browser, providing an extended TOTP experience across all their devices. They can now be created, deleted, organised and shared with others just like... Tue, 07 Nov 2023 00:00:00 +0100 v4.3.0 | No One Knows https://help.passbolt.com/releases/pro/no_one_knows https://help.passbolt.com/releases/pro/no_one_knows The latest version of Pro is here – take a look at what’s new in 4.3. One enhancement is improved portability of TOTP (Time Based One Time Password). TOTP can now be conveniently viewed across both the web and mobile applications. Although the creation of TOTP remains mobile-centric, version 4.3... Tue, 26 Sep 2023 00:00:00 +0200 v4.2.0 | The man who sold the world https://help.passbolt.com/releases/pro/the-man-who-sold-the-world https://help.passbolt.com/releases/pro/the-man-who-sold-the-world Passbolt’s latest release, Pro version 4.2, introduces some new functionalities and fixes. One of the highlights of this release is the first brick of grid modernization. With it, you’re in control of what’s shown on the password grid. You can decide which columns you want to see, as well as... Thu, 24 Aug 2023 02:00:00 +0200 v4.1.3 | Borders https://help.passbolt.com/releases/pro/borders https://help.passbolt.com/releases/pro/borders Version 4.1.3 of passbolt is a maintenance & security release targeting mainly the LDAP & Active Directory connector. On one hand, administrators using Active Directory will now be able to map passbolt username with their directory field of preference (userPrincipalName by instance) via the administration section in the UI. While... Fri, 04 Aug 2023 02:00:00 +0200 v4.1.2 | Bella ciao https://help.passbolt.com/releases/pro/bella-ciao https://help.passbolt.com/releases/pro/bella-ciao Version 4.1.2 of passbolt is a maintenance release mainly solving small bugs reported by the community on the API as well as the browser extension. The API ships with a fix that restores email notifications for organisations using NTLM to authenticate against their SMTP server. On the client side, the... Wed, 26 Jul 2023 02:00:00 +0200 v4.1.1 | Insane in the Brain https://help.passbolt.com/releases/pro/insane-in-the-brain https://help.passbolt.com/releases/pro/insane-in-the-brain Version 4.1.1 of Passbolt is a fix release solving two false-fails on the healthcheck. These were reported by our community members on the forum here and here. Thank you for helping us make Passbolt better! API Fixed PB-25304 As an administrator the application healthcheck should compare passbolt version with the... Thu, 13 Jul 2023 02:00:00 +0200 v4.1.0 | War Pig https://help.passbolt.com/releases/pro/war-pig https://help.passbolt.com/releases/pro/war-pig Version 4.1 of Passbolt introduces the long-awaited Role-Based Access Control (RBAC) feature. In its first version, RBAC provides admins with the ability to control the capabilities offered to users through the user interface (UI). As passbolt evolves, subsequent releases will expand on this, eventually providing control over API capabilities. On... Wed, 05 Jul 2023 02:00:00 +0200 v4.0.4 | The One Percent https://help.passbolt.com/releases/pro/the-one-percent https://help.passbolt.com/releases/pro/the-one-percent This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the web integrated in-form menu.Browser extensionFixed PB-24932 Fix: As a user I want to be able to sign-in through SSO from the inform menu Wed, 07 Jun 2023 02:00:00 +0200 v4.0.3 | What's Going On https://help.passbolt.com/releases/pro/what-s-going-on https://help.passbolt.com/releases/pro/what-s-going-on This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the quickaccess.Browser extensionFixed PB-24734 Fix As a registered user I would like to be able to use SSO login via the quickaccess Mon, 05 Jun 2023 02:00:00 +0200 v4.0.2 | Creep https://help.passbolt.com/releases/pro/creep https://help.passbolt.com/releases/pro/creep Presenting the latest update of passbolt Pro, version 4.0.2. This release revises a previous fix for a community-reported bug which impacts 32-bit operating systems. It also includes a fix for a bug where the triage page wasn’t displayed if SSO was misconfigured. Find out more about the reported issue on... Thu, 01 Jun 2023 02:00:00 +0200 v4.0.1 | Under Pressure https://help.passbolt.com/releases/pro/under-pressure https://help.passbolt.com/releases/pro/under-pressure Introducing the latest update of Passbolt PRO, release v4.0.1. This release update fixes a bug reported by the community impacting 32 bit operating systems. The issue reported can be found on the community forum. API Added PB-24644 As an admin I should be able to run migrations on a 32... Tue, 30 May 2023 02:00:00 +0200 v4.0.0 | Get Up, Stand Up https://help.passbolt.com/releases/pro/get-up-stand-up https://help.passbolt.com/releases/pro/get-up-stand-up Introducing the latest update of passbolt Pro, release v4. This update includes some significant enhancements to the platform’s functionality and overall user experience. Attention: This is a major change, so make sure you check the platform requirements, and do a test upgrade, before you update your live systems to the... Wed, 17 May 2023 02:00:00 +0200 v3.12.2 | Stille Einfuegen https://help.passbolt.com/releases/pro/stille-einfuegen https://help.passbolt.com/releases/pro/stille-einfuegen This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database. If you want to... Wed, 26 Apr 2023 02:00:00 +0200 v3.12.1 | Mental Wave https://help.passbolt.com/releases/pro/mental-wave https://help.passbolt.com/releases/pro/mental-wave This release is a small maintenance release of the browser extension only. It fixes issues reported by the community relative to users email validation and the latest introduced SSO. A big thank you to the community members who are reporting issues and help us investigate them. Browser extension Fix PB-23930... Wed, 29 Mar 2023 02:00:00 +0200 v3.12.0 | Introspective https://help.passbolt.com/releases/pro/introspective https://help.passbolt.com/releases/pro/introspective Release 3.12 for passbolt includes several new features and enhancements. Starting with Microsoft Azure being enabled by default for SSO capabilities. The feature has been thoroughly audited by Cure53, and the issues identified by the community have been fixed, so the feature is officially out of Beta! Another notable new... Wed, 15 Mar 2023 01:00:00 +0100 v3.11.1 | Birdie https://help.passbolt.com/releases/pro/birdie https://help.passbolt.com/releases/pro/birdie This is a small maintenance release that addresses community reported issues related to the recently introduced Duo v4 support and SSO features. Also shipped with this release, is a security fix to the browser extension to prevent clickjacking attacks. With the upcoming SSO feature, both the passbolt API and browser... Fri, 03 Mar 2023 01:00:00 +0100 v3.11.0 | Regular https://help.passbolt.com/releases/pro/regular https://help.passbolt.com/releases/pro/regular With the release of 3.11, passbolt is pleased to deliver new features and fixes for issues discovered in the alpha version of SSO. A significant addition to v3.11 is the ability to start the account recovery or browser extension reconfiguration using SSO. This release also includes more helpful error messages,... Wed, 01 Mar 2023 01:00:00 +0100 v3.10.0 | Glue https://help.passbolt.com/releases/pro/glue https://help.passbolt.com/releases/pro/glue With the help of our contributors and community, passbolt is proud to present the release of the self-registration feature and the introduction of MFA policies. Implementing self-registration makes the registration processes smoother and more efficient. Users can now self-register if their email domain matches the policies defined by the admin.... Tue, 14 Feb 2023 01:00:00 +0100 v3.9.0 | Bunny https://help.passbolt.com/releases/pro/v390-bunny https://help.passbolt.com/releases/pro/v390-bunny The team at passbolt is thrilled to announce the release of v3.9 for immediate availability! Passbolt Pro v3.9 ships with Single Sign On (SSO) in Alpha for all Pro users. This will allow authentication and onboarding via Azure SSO (via OAuth2 and OpenID Connect). fig. SSO with Azure Learn more... Wed, 18 Jan 2023 01:00:00 +0100 v3.8.4 | Ya Amar https://help.passbolt.com/releases/pro/ya-amar https://help.passbolt.com/releases/pro/ya-amar This maintenance release involves the Pro and Cloud versions of passbolt. It includes two minor fixes that resolve an issue reported by the community regarding the folders functionality: Users were unable to move passwords out of folders under particular circumstances. In addition to the fix, the command line cleanup script... Thu, 15 Dec 2022 01:00:00 +0100 v3.8.3 | Up Down Jumper https://help.passbolt.com/releases/pro/up-down-jumper https://help.passbolt.com/releases/pro/up-down-jumper This release is a small maintenance release of the API only fixing issues reported by the community relative to the latest introduced SMTP settings feature. It also adds additional information to try to improve the debug process when dealing with Gnupg integration issues. A big thank you to the community... Thu, 01 Dec 2022 01:00:00 +0100 v3.8.2 | Trechter https://help.passbolt.com/releases/pro/trechter https://help.passbolt.com/releases/pro/trechter This release is a small maintenance release fixing issues reported by the community relative to the session expiry. Additionally it was the opportunity to ship a long time requested improvement also relative to the session expiry. When signing in to passbolt and checking the “remember until sign out” checkbox, users... Mon, 28 Nov 2022 01:00:00 +0100 v3.8.1 | Nana https://help.passbolt.com/releases/pro/nana https://help.passbolt.com/releases/pro/nana This release is a small maintenance release fixing issues reported by the community relative to the just introduced SMTP settings feature. This version should support more authentication use cases and be more flexible while editing an existing configuration. Thanks to the community members who reported issues and helped us fix... Thu, 17 Nov 2022 01:00:00 +0100 v3.8.0 | Syria https://help.passbolt.com/releases/pro/syria https://help.passbolt.com/releases/pro/syria The team is pleased to announce the v3.8 immediate availability. This release ships with two new themes, a light and dark Solarized themes. Along with the redesign that occurred earlier this year, these themes served as a foundation to propose additional look and feel, but also welcome your contributions. If... Thu, 10 Nov 2022 09:00:00 +0100 v3.7.3 | Breathing https://help.passbolt.com/releases/pro/breathing https://help.passbolt.com/releases/pro/breathing This release is a security release fixing a spell-jacking security flaw discovered by otto-js.You can learn more about this flaw on the dedicated security incident page.Browser extensionSecurity PB-19090 Protect forms from spell-jacking attackAPISecurity PB-19090 Protect forms from spell-jacking attack Mon, 26 Sep 2022 10:00:00 +0200 v3.7.2 | Knight Of The Jaguar https://help.passbolt.com/releases/pro/knight-of-the-jaguar https://help.passbolt.com/releases/pro/knight-of-the-jaguar This release is small maintenance release mainly fixing bugs reported by the community. The API and the browser extension have also been prepared to welcome new themes. If you wish to contribute and propose your theme, checkout the blog article: How to create a custom passbolt theme with the UI... Tue, 13 Sep 2022 10:00:00 +0200 v3.7.1 | Last Day https://help.passbolt.com/releases/pro/last-day https://help.passbolt.com/releases/pro/last-day This release is a maintenance release fixing some compatibility problem with Postgresql and ironing out some of the bugs reported by the community. We wish you a good end of the summer. Browser extension Fixed PB-18420 As AN completing the setup I should understand what information the account recovery feature... Fri, 12 Aug 2022 10:00:00 +0200 v3.7.0 | Epikur https://help.passbolt.com/releases/pro/epikur https://help.passbolt.com/releases/pro/epikur This release is a minor maintenance release focused on security, performance and compatibility optimization. It includes some security fixes related to a security audit that was performed by Cure53 on the new account recovery feature. Long story short, while the security researchers found some weaknesses, no exploitable vulnerability was found.... Wed, 27 Jul 2022 10:00:00 +0200 v3.6.0 | New Morning https://help.passbolt.com/releases/pro/new-morning https://help.passbolt.com/releases/pro/new-morning The team is pleased to announce the v3.6 immediate availability which, as you may already have seen, includes a design refresh of the application. The Pro Edition also includes the most awaiting account recovery feature, also known as secret key escrow. This feature is available in “Beta”. While it is... Wed, 25 May 2022 14:00:00 +0200 v3.5.0-2 | Wide Open https://help.passbolt.com/releases/pro/wide-open-2 https://help.passbolt.com/releases/pro/wide-open-2 This release contains some important package changes that needs to be done before the 18th of May 2022. Make sure your follow the guide below. This release contains some important changes to the packages for Passbolt API. If you installed passbolt from source or using docker, you are not affected.... Wed, 13 Apr 2022 02:00:00 +0200 v3.5.0 | Wide Open https://help.passbolt.com/releases/pro/wide-open https://help.passbolt.com/releases/pro/wide-open This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.5 immediate availability which includes the most awaited launch of the iOS and Android Mobile applications (currently pending... Tue, 18 Jan 2022 01:00:00 +0100 v3.4.0 | Black Sunrise https://help.passbolt.com/releases/pro/black-sunrise https://help.passbolt.com/releases/pro/black-sunrise This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.4 immediate availability which includes new features as well as some fixes requested by the community. In a... Tue, 07 Dec 2021 01:00:00 +0100 v3.3.0 | Senior Elfo https://help.passbolt.com/releases/pro/senior-elfo https://help.passbolt.com/releases/pro/senior-elfo This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the much awaited v3.3 which includes new features as well as some fixes requested by the community. It’s been... Wed, 27 Oct 2021 02:00:00 +0200 v3.2.0 | La Clé Des Champs https://help.passbolt.com/releases/pro/la-cle-des-champs https://help.passbolt.com/releases/pro/la-cle-des-champs This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce that the much awaited “Internationalisation” feature is available to Passbolt Pro, Passbolt Cloud (in progress) as well as Passbolt... Mon, 31 May 2021 14:00:00 +0200 v3.1.0 | Sea https://help.passbolt.com/releases/pro/love-over-entropy-sea https://help.passbolt.com/releases/pro/love-over-entropy-sea This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3.1. This release introduces several new features, most notably the ability to update... Thu, 18 Mar 2021 13:00:00 +0100 v3.0.0 | Our House https://help.passbolt.com/releases/pro/v300-our-house https://help.passbolt.com/releases/pro/v300-our-house This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3. As you may have noticed with the earlier release in January and... Wed, 10 Mar 2021 13:00:00 +0100 v2.14.0 | Sunshine https://help.passbolt.com/releases/pro/v2140-sunshine https://help.passbolt.com/releases/pro/v2140-sunshine This is a maintenance release. It ships with a some bug fixes and improvements for the server, mainly performance improvements for activity logs and better feedback for LDAP error messages. Changelog API [2.14.0] 2020-08-25 Added Add an option to the migrate shell task to avoid clearing the cache after the... Tue, 25 Aug 2020 14:00:00 +0200 v2.13.5 | Stomp (Remix) https://help.passbolt.com/releases/pro/v2135-stomp https://help.passbolt.com/releases/pro/v2135-stomp This is a small maintenance release. It ships with a few bug fixes and improvements for the web extension. Changelog API [2.13.5] 2019-07-29 Fixed Fix display a validation error when db password contains a quote or db name contain a dash Fix email notification settings bootstrap messes up non persistent... Wed, 22 Jul 2020 14:00:00 +0200 v2.13.1 | Stomp https://help.passbolt.com/releases/pro/v2131-stomp https://help.passbolt.com/releases/pro/v2131-stomp This is a small maintenance release. It ships with performance improvements and fixes a bug introduced with the latest release. Thank you to everyone who helped us test and iron out the last kinks! In other news, we just published an article on the blog to explain why passbolt requires... Tue, 07 Jul 2020 10:00:00 +0200 v2.13.0 | Hammer to Fall https://help.passbolt.com/releases/pro/v2130-hammer-to-fall https://help.passbolt.com/releases/pro/v2130-hammer-to-fall We just published an article on the blog to give a quick overview of this new ‘Folders’ feature. Discover the 'Folders' feature The team is pleased to announce that the much awaited “Folders” feature is available to Passbolt Pro and Passbolt Cloud subscribers as part of this release. Most of... Wed, 24 Jun 2020 18:55:00 +0200 v2.13.0-RC1 | In The Air Tonight https://help.passbolt.com/releases/pro/v2130-in-the-air-tonight https://help.passbolt.com/releases/pro/v2130-in-the-air-tonight The team is pleased to announce that the much awaited folders feature is available for testing as part of this release candidate. The goal of folders is to provide a tool for passbolt users to easily organize passwords. The users will be able to use nested folders (or directories), in... Fri, 29 May 2020 16:30:00 +0200 v2.12.1 | Never Gonna Give You Up https://help.passbolt.com/releases/pro/v2121-never-gonna-give-you-up https://help.passbolt.com/releases/pro/v2121-never-gonna-give-you-up This release contains a security fix, please update your server as soon as possible. Make sure you follow the minor update documentation to roll out this new version. Read the doc This is a small maintenance release in order to update to jQuery v3.5. The library released an important security... Tue, 14 Apr 2020 18:30:00 +0200 v2.12.0 | Call Me https://help.passbolt.com/releases/pro/v2120-call-me https://help.passbolt.com/releases/pro/v2120-call-me This release is mainly a maintenance release. It ships with several fixes, mainly regarding the web extension. The previously published extension version contained some security fix for an issue in the quick access suggestion system reported by security researcher Rene Kroka. You can learn more about it on the incident... Fri, 06 Dec 2019 11:05:00 +0100 v2.11.0 | Don't You (Forget about me) https://help.passbolt.com/releases/pro/v2110-dont-you https://help.passbolt.com/releases/pro/v2110-dont-you Passbolt v2.11 is maintenance release containing security fixes. Extension update will be rolled out automatically to your users like usual, but as an administrator you will need to update your server. This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new... Wed, 07 Aug 2019 08:30:00 +0200 v2.10.0 | Owner of a Lonely Heart https://help.passbolt.com/releases/pro/v2100-owner-of-a-lonely-heart https://help.passbolt.com/releases/pro/v2100-owner-of-a-lonely-heart This release ships with some nice improvements on the LDAP connector, administration interface and quick access features. The Ldap connector configuration UI and mapping rules have been revamped to provide a better experience, mainly for OpenLdap and FreeIPA users. The connector should now be compatible with most cases and configurations.... Thu, 16 May 2019 14:00:00 +0200 v2.9.0 | Paint it black https://help.passbolt.com/releases/pro/v290-paint-it-black https://help.passbolt.com/releases/pro/v290-paint-it-black This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation This release introduces the ability to create entries directly from the quickaccess menu, in the browser toolbar. fig. Creating an entry from quickaccess It... Wed, 24 Apr 2019 14:00:00 +0200 v2.8.4 | Where is my mind https://help.passbolt.com/releases/pro/v284-where-is-my-mind https://help.passbolt.com/releases/pro/v284-where-is-my-mind This release is mainly a maintenance release. It ships with more performance improvements and fixes a few bugs reported by the community. The API has also now been fully documented. It is in 2 parts: the API documentation which is available on our help website, and the API reference which... Wed, 17 Apr 2019 19:00:00 +0200 v2.8.3 | Blue Monday https://help.passbolt.com/releases/pro/v283-blue-monday https://help.passbolt.com/releases/pro/v283-blue-monday This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This new release of Passbolt Pro Edition ships with “passwords activity”, which takes care of providing the activity history corresponding to a password. With... Mon, 01 Apr 2019 02:00:00 +0200 v2.7.2 | Welcome To The Jungle https://help.passbolt.com/releases/pro/v272-welcome-to-the-jungle https://help.passbolt.com/releases/pro/v272-welcome-to-the-jungle This release contains two fixes, regressions shipped with v2.7.0. PASSBOLT-3417: LDAP: fix regression “settings cannot be saved through the UI”. PASSBOLT-3416: Fix the uses of php short tags in the webinstaller template files Wed, 13 Feb 2019 01:00:00 +0100 v2.7.0 | Jump https://help.passbolt.com/releases/pro/v270-jump https://help.passbolt.com/releases/pro/v270-jump This release introduces some security fixes, new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation The main focus of this release was to improve the performance and reactivity of the application, as well as... Mon, 11 Feb 2019 01:00:00 +0100 v2.6.1 | Stairway to Heaven https://help.passbolt.com/releases/pro/v261-stairway-to-heaven https://help.passbolt.com/releases/pro/v261-stairway-to-heaven This is a maintenance release that fixes some issues introduced by the previous release. It also gives more flexibility during the installation to skip providing some email settings. A big thank you to Julius Haake, Alain Devarieux and Nate Curry for reporting these issues. Passbolt API (Pro Edition) Improved PASSBOLT-3273:... Thu, 06 Dec 2018 01:00:00 +0100 v2.6.0 | Start Me Up https://help.passbolt.com/releases/pro/v260-start-me-up https://help.passbolt.com/releases/pro/v260-start-me-up This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This new release of Passbolt Pro Edition introduces a new workspace for administrators. In this workspace it is now possible for an admin to... Tue, 04 Dec 2018 01:00:00 +0100 v2.5.1 | Thunderstruck https://help.passbolt.com/releases/pro/v251-thunderstruck https://help.passbolt.com/releases/pro/v251-thunderstruck This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This new release of Passbolt Pro Edition introduces new multi factor authentication providers: Yubikey and Duo. These functionality relies on third party services to... Thu, 15 Nov 2018 01:00:00 +0100 v2.4.0 | Final Countdown https://help.passbolt.com/releases/pro/v240-final-countdown https://help.passbolt.com/releases/pro/v240-final-countdown This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release introduce the ability for users to select multiple passwords and perform a bulk action such as delete or share. This was a... Thu, 11 Oct 2018 13:11:11 +0200 v2.3.0 | Shine On You Crazy Diamond https://help.passbolt.com/releases/pro/v230-shine-on-you-crazy-diamond https://help.passbolt.com/releases/pro/v230-shine-on-you-crazy-diamond We are happy to announce the availability of passbolt directory synchronization feature. With this feature you can add and remove groups and users directly from your OpenLDAP or Active Directory and the changes will be reflected in passbolt. It is currently available as an experimental plugin for Passbolt Pro Edition... Wed, 05 Sep 2018 02:00:00 +0200 v2.2.0 | I want to break free https://help.passbolt.com/releases/pro/v220-i-want-to-break-free https://help.passbolt.com/releases/pro/v220-i-want-to-break-free Please note that Passbolt API V1.x will be officially unmaintained from 1st of September 2018. If you haven’t upgraded to V2.x yet, it is strongly advised to do it now since the next versions of the browser extension will not be compatible anymore with V1.x branch. This release is mainly... Mon, 13 Aug 2018 02:00:00 +0200 v2.1.1 | Loungin https://help.passbolt.com/releases/pro/v211-loungin https://help.passbolt.com/releases/pro/v211-loungin fig. Passbolt night mode This release introduces a new dark theme that you can use in the place of the black on white default theme. The goal for this theme was to be easier on the eye for people who stare at the screen for a long period of time... Thu, 14 Jun 2018 02:00:00 +0200 v2.0.9 | Cold Vein https://help.passbolt.com/releases/pro/v209-cold-vein https://help.passbolt.com/releases/pro/v209-cold-vein This is a maintenance release for passbolt web extension that fixes issues reported by the community. Web Extension Bug fixes Fix content scripts should not be inserted if they are already present. Fix auth pagemod should insert script when a redirection is set in url Fix json.headers should be json.header... Wed, 09 May 2018 02:00:00 +0200 v2.0.8 | They Reminisce https://help.passbolt.com/releases/pro/v208-untitled https://help.passbolt.com/releases/pro/v208-untitled This is a maintenance release for passbolt web extension that fixes issues reported by the community.Web ExtensionBug fixes Fix backward compatibility issue with search user API v1. Wed, 09 May 2018 02:00:00 +0200 v2.0.7 | Struggle https://help.passbolt.com/releases/pro/v207-struggle https://help.passbolt.com/releases/pro/v207-struggle Security notice: Nginx user, please review your configuration file to make sure you are using the correct application root. It should be: /var/www/passbolt/webroot Read more This release fixes issues introduced by the v2.0.5 both in the webextension and in the API. As you can see version v2.0.6 is skipped in... Wed, 09 May 2018 02:00:00 +0200 v2.0.5 | Everyday struggle https://help.passbolt.com/releases/pro/v205-everydaystruggle https://help.passbolt.com/releases/pro/v205-everydaystruggle This is a maintenance for both Passbolt Pro and Community edition. It fixes issues reported by the community such as the vulnerability reported by Matthias vd Meent, considering the use of an unsecure pseudo random number generator when generating passwords. You can learn more about the issue on the dedicated... Tue, 08 May 2018 02:00:00 +0200 v2.0.4 | Something we all adore https://help.passbolt.com/releases/pro/v204-somethingwealladore https://help.passbolt.com/releases/pro/v204-somethingwealladore This is a maintenance release that fixes issues reported by the community.Passbolt APIFixed COMMUNITY-599: Make email MX validation optional and not enabled by default GITHUB-247: Fix secrets are not deleted when deleting a group or a user Thu, 26 Apr 2018 02:00:00 +0200 v2.0.3 | Definition https://help.passbolt.com/releases/pro/v203-definition https://help.passbolt.com/releases/pro/v203-definition This is a maintenance release that improves compatibility with CentOS 7.Passbolt APIFixed PASSBOLT-2849: Fix issue with the permissions query and MariaDB 5.5 PASSBOLT-2848: Fix unsafe mode and ssl offloading Fri, 20 Apr 2018 02:00:00 +0200 v2.0.2 | Mass Appeal https://help.passbolt.com/releases/pro/v202-mass-appeal https://help.passbolt.com/releases/pro/v202-mass-appeal This is a maintenance release that fixes a bug related to the v1 database migration. Thanks to @shochdoerfer for his contribution. Passbolt API Improved GITHUB-242: Add Auto-Submitted header to the email notifications Fixed PASSBOLT-2806: Force database columns charset and collation PASSBOLT-2781: Increase length of resource uri field in model validation... Tue, 17 Apr 2018 02:00:00 +0200 v2.0.1 | Knock You Out https://help.passbolt.com/releases/pro/v201-knock-you-out https://help.passbolt.com/releases/pro/v201-knock-you-out This is a maintenance release that fixes a regression introduced in v2.0.0. Many thanks to @odyx for his blazing fast reaction at reporting the bug and submitting a fix. Passbolt API Improved PASSBOLT-2511: Improve healthcheck tables list so that tables are listed per major version Fixed GITHUB-239: Fix unsafe mode... Tue, 10 Apr 2018 02:00:00 +0200", "url": "https://help.passbolt.com/releases/pro.rss" +},"releases-ce-rss": { +"title": "Passbolt Community Edition Release notes", +"category": "", +"content": "Passbolt Community Edition Release noteshttps://help.passbolt.com/releases/ce.rssMost recent release notes.en-us v4.6.0 | Purple Haze https://help.passbolt.com/releases/ce/purple_haze https://help.passbolt.com/releases/ce/purple_haze Release song: https://youtu.be/Ub0NtPOj7es?si=3IL4HKS4-g17uPal The Passbolt Community Edition 4.6.0 release “Purple Haze”, brings enhancements that focus primarily on the administrative aspect and overall system health. This update introduces the Health Check feature within the Admin workspace, designed to offer administrators a comprehensive tool for system assessment and upkeep. In addition, this... Thu, 14 Mar 2024 00:00:00 +0100 v4.5.2 | Marching The Hate Machines https://help.passbolt.com/releases/ce/marching_the_hate_machines https://help.passbolt.com/releases/ce/marching_the_hate_machines Release song: https://youtu.be/53YYph6Edd0 Passbolt is pleased to announce the immediate availability of version 4.5.2. This is a maintenance update that contains important fixes for both the API and browser extension, addressing issues reported by the community since version 4.5.0. Most notably this update fixes a problem that previously prevented the... Wed, 14 Feb 2024 00:00:00 +0100 v4.5.1 | The Times They Are A-Changin https://help.passbolt.com/releases/ce/the-times-they-are-a-changin https://help.passbolt.com/releases/ce/the-times-they-are-a-changin Version 4.5.1 is exclusively a Passbolt browser extension maintenance release designed to address a problem that emerged with the earlier 4.5.0 release. This issue prevented Chrome users who run the Passbolt API from a subdirectory from establishing a connection. We would like to express our sincere thanks to the community... Fri, 09 Feb 2024 01:00:00 +0100 v4.5.0 | Summer is ending https://help.passbolt.com/releases/ce/summer_is_ending https://help.passbolt.com/releases/ce/summer_is_ending Passbolt v4.5.0 named “Summer is Ending” brings a host of new features and improvements, all designed to make your password management experience more secure, efficient, and user-friendly. At the heart of this release is the introduction of the Password Expiry feature, a much-anticipated functionality that allows administrators to enable the... Thu, 08 Feb 2024 00:00:00 +0100 v4.4.2 | Is It Because I'm Black https://help.passbolt.com/releases/ce/is_it_because_i_m_black https://help.passbolt.com/releases/ce/is_it_because_i_m_black Passbolt version 4.4.2 has been released, primarily as a maintenance update to address specific issues reported by users. This version includes two main fixes. The first fix concerns the Time-based One-Time Password (TOTP) feature. In the previous version, there was an issue where users could accidentally delete the TOTP secret... Wed, 29 Nov 2023 00:00:00 +0100 v4.4.1 | Gimme Shelter https://help.passbolt.com/releases/ce/gimme_shelter https://help.passbolt.com/releases/ce/gimme_shelter Release song: https://youtu.be/RbmS3tQJ7Os?si=lp8QM5B-R65C8Jek Passbolt v4.4.1 is a maintenance release aimed at addressing issues reported by the community, which were introduced in the previous release. The update addresses an issue concerning user roles in email notifications. Previously, administrators received notifications when another administrator was deleted. However, the deletion of any user,... Tue, 21 Nov 2023 00:00:00 +0100 v4.4.0 | Zombie https://help.passbolt.com/releases/ce/zombie https://help.passbolt.com/releases/ce/zombie Version 4.4 of the Community Edition has launched with new capabilities and improvements. With this release, users are able to manage TOTPs directly from the browser, providing an extended TOTP experience across all their devices. They can now be created, deleted, organised and shared with others just like any other... Tue, 07 Nov 2023 00:00:00 +0100 v4.3.0 | No One Knows https://help.passbolt.com/releases/ce/no_one_knows https://help.passbolt.com/releases/ce/no_one_knows Introducing the newest release of passbolt – get to know version 4.3 This update extends the portability of TOTP (Time Based One Time Password) content. You can now access TOTP items from passbolt’s mobile app and web interface. While the ability to create a TOTP is still limited to mobile,... Tue, 26 Sep 2023 00:00:00 +0200 v4.2.0 | The man who sold the world https://help.passbolt.com/releases/ce/the-man-who-sold-the-world https://help.passbolt.com/releases/ce/the-man-who-sold-the-world Version 4.2 of the Community Edition introduces a number of enhancements and fixes to the passbolt experience. One of the highlights of this release is the first brick of grid modernization. With it, you’re in control of what’s shown on the password grid. You can decide which columns you want... Thu, 24 Aug 2023 02:00:00 +0200 v4.1.2 | Bella ciao https://help.passbolt.com/releases/ce/bella-ciao https://help.passbolt.com/releases/ce/bella-ciao Version 4.1.2 of passbolt is a maintenance release mainly solving small bugs reported by the community on the API as well as the browser extension. The API ships with a fix that restores email notifications for organisations using NTLM to authenticate against their SMTP server. On the client side, the... Wed, 26 Jul 2023 02:00:00 +0200 v4.1.1 | Insane in the Brain https://help.passbolt.com/releases/ce/insane-in-the-brain https://help.passbolt.com/releases/ce/insane-in-the-brain Version 4.1.1 of Passbolt is a fix release solving two false-fails on the healthcheck. These were reported by our community members on the forum here and here. Thank you for helping us make Passbolt better! API Fixed PB-25304 As an administrator the application healthcheck should compare passbolt version with the... Thu, 13 Jul 2023 02:00:00 +0200 v4.1.0 | War Pig https://help.passbolt.com/releases/ce/war-pig https://help.passbolt.com/releases/ce/war-pig Version 4.1 of Passbolt introduces the long-awaited Role-Based Access Control (RBAC) feature. In its first version, RBAC provides admins with the ability to control the capabilities offered to users through the user interface (UI). As passbolt evolves, subsequent releases will expand on this, eventually providing control over API capabilities. On... Wed, 05 Jul 2023 02:00:00 +0200 v4.0.4 | The One Percent https://help.passbolt.com/releases/ce/the-one-percent https://help.passbolt.com/releases/ce/the-one-percent This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the web integrated in-form menu.Browser extensionFixed PB-24932 Fix: As a user I want to be able to sign-in through SSO from the inform menu Wed, 07 Jun 2023 02:00:00 +0200 v4.0.3 | What's Going On https://help.passbolt.com/releases/ce/what-s-going-on https://help.passbolt.com/releases/ce/what-s-going-on This is a small maintenance release of the browser extension only. It fixes a bug that prevented users from authenticating with SSO from the quickaccess.Browser extensionFixed PB-24734 Fix As a registered user I would like to be able to use SSO login via the quickaccess Mon, 05 Jun 2023 02:00:00 +0200 v4.0.2 | Creep https://help.passbolt.com/releases/ce/creep https://help.passbolt.com/releases/ce/creep Presenting the latest update of passbolt, version 4.0.2. This release revises a previous fix for a community-reported bug. The bug impacts 32-bit operating systems. Find out more about the reported issue on the community forum. API Fixed PB-24644 As an admin I should be able to run migrations on a... Thu, 01 Jun 2023 02:00:00 +0200 v4.0.1 | Under Pressure https://help.passbolt.com/releases/ce/under-pressure https://help.passbolt.com/releases/ce/under-pressure Introducing the latest update of Passbolt CE, release v4.0.1. This release update fixes a bug reported by the community impacting 32 bit operating systems. The issue reported can be found on the community forum. API Added PB-24644 As an admin I should be able to run migrations on a 32... Tue, 30 May 2023 02:00:00 +0200 v4.0.0 | Get Up, Stand Up https://help.passbolt.com/releases/ce/get-up-stand-up https://help.passbolt.com/releases/ce/get-up-stand-up Introducing the latest update of passbolt Pro, release v4. This update includes some significant enhancements to the platform’s functionality and overall user experience. Attention: This is a major change, so make sure you check the platform requirements, and do a test upgrade, before you update your live systems to the... Wed, 17 May 2023 02:00:00 +0200 v3.12.2 | Stille Einfuegen https://help.passbolt.com/releases/ce/stille-einfuegen https://help.passbolt.com/releases/ce/stille-einfuegen This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database. If you want to... Wed, 26 Apr 2023 02:00:00 +0200 v3.12.1 | Mental Wave https://help.passbolt.com/releases/ce/mental-wave https://help.passbolt.com/releases/ce/mental-wave This release is a small maintenance release of the browser extension only. It fixes issues reported by the community relative to users email validation and the latest introduced SSO. A big thank you to the community members who are reporting issues and help us investigate them. Browser extension Fix PB-23930... Wed, 29 Mar 2023 02:00:00 +0200 v3.12.0 | Introspective https://help.passbolt.com/releases/ce/introspective https://help.passbolt.com/releases/ce/introspective Release 3.12 includes a number of new features and enhancements, including the much-anticipated addition of folders in the Community Edition, which allows users to better organise resources. Another notable new feature is the ability to customise passbolt to output the action logs in syslog or a file, giving administrators more... Wed, 15 Mar 2023 01:00:00 +0100 v3.11.1 | Birdie https://help.passbolt.com/releases/ce/birdie https://help.passbolt.com/releases/ce/birdie This is a small maintenance release addressing community reported issues related to the recently introduced Duo v4 support. This release also includes a security fix for the browser extension to mitigate clickjacking attacks discovered during an independent security audit of the API and browser extension by Cure53. As always, detailed... Fri, 03 Mar 2023 01:00:00 +0100 v3.11.0 | Regular https://help.passbolt.com/releases/ce/regular https://help.passbolt.com/releases/ce/regular Community Edition v3.11 introduces new features and enhancements to your passbolt experience. Duo v4 MFA support is now available in the browser, an update from the previously supported v2. The API also now features a new endpoint that allows administrators to get paginated action logs, to make it easier to... Wed, 01 Mar 2023 01:00:00 +0100 v3.10.0 | Glue https://help.passbolt.com/releases/ce/glue https://help.passbolt.com/releases/ce/glue The passbolt team is excited to share the latest improvements in release 3.10. With the help of our contributors and the community’s input, passbolt is proud to present the release of self-registration. Users can now self-register if their email domain matches the administrator-defined policy. This will make the registration process... Tue, 14 Feb 2023 01:00:00 +0100 v3.9.0 | Bunny https://help.passbolt.com/releases/ce/v390-bunny https://help.passbolt.com/releases/ce/v390-bunny The team at passbolt is thrilled to announce the release of v3.9 for immediate availability! Passbolt CE v3.9 ships with Multi Factor Authentication (MFA) for all community edition users! Users can now set up MFA using various methods, including Duo, TOTP (Google Authenticator, Authy), and YubiKey (with Yubico Cloud). Important:... Wed, 18 Jan 2023 01:00:00 +0100 v3.8.3 | Up Down Jumper https://help.passbolt.com/releases/ce/up-down-jumper https://help.passbolt.com/releases/ce/up-down-jumper This release is a small maintenance release of the API only fixing issues reported by the community relative to the latest introduced SMTP settings feature. It also adds additional information to try to improve the debug process when dealing with Gnupg integration issues. A big thank you to the community... Thu, 01 Dec 2022 01:00:00 +0100 v3.8.2 | Trechter https://help.passbolt.com/releases/ce/trechter https://help.passbolt.com/releases/ce/trechter This release is a small maintenance release fixing issues reported by the community relative to the session expiry. Additionally it was the opportunity to ship a long time requested improvement also relative to the session expiry. When signing in to passbolt and checking the “remember until sign out” checkbox, users... Mon, 28 Nov 2022 01:00:00 +0100 v3.8.1 | Nana https://help.passbolt.com/releases/ce/nana https://help.passbolt.com/releases/ce/nana This release is a small maintenance release fixing issues reported by the community relative to the just introduced SMTP settings feature. This version should support more authentication use cases and be more flexible while editing an existing configuration. Thanks to the community members who reported issues and helped us fix... Thu, 17 Nov 2022 01:00:00 +0100 v3.8.0 | Syria https://help.passbolt.com/releases/ce/syria https://help.passbolt.com/releases/ce/syria The team is pleased to announce the v3.8 immediate availability. This release ships with two new themes, a light and dark Solarized themes. Along with the redesign that occurred earlier this year, these themes served as a foundation to propose additional look and feel, but also welcome your contributions. If... Thu, 10 Nov 2022 09:00:00 +0100 v3.7.3 | Breathing https://help.passbolt.com/releases/ce/breathing https://help.passbolt.com/releases/ce/breathing This release is a security release fixing a spell-jacking security flaw discovered by otto-js.You can learn more about this flaw on the dedicated security incident page.Browser extensionSecurity PB-19090 Protect forms from spell-jacking attackAPISecurity PB-19090 Protect forms from spell-jacking attack Mon, 26 Sep 2022 10:00:00 +0200 v3.7.2 | Knight Of The Jaguar https://help.passbolt.com/releases/ce/knight-of-the-jaguar https://help.passbolt.com/releases/ce/knight-of-the-jaguar This release is small maintenance release mainly fixing bugs reported by the community. The API and the browser extension have also been prepared to welcome new themes. If you wish to contribute and propose your theme, checkout the blog article: How to create a custom passbolt theme with the UI... Tue, 13 Sep 2022 10:00:00 +0200 v3.7.1 | Last Day https://help.passbolt.com/releases/ce/last-day https://help.passbolt.com/releases/ce/last-day This release is a maintenance release fixing some compatibility problem with Postgresql and ironing out some of the bugs reported by the community. We wish you a good end of the summer. Browser extension Fixed PB-18420 As AN completing the setup I should understand what information the account recovery feature... Fri, 12 Aug 2022 10:00:00 +0200 v3.7.0 | Epikur https://help.passbolt.com/releases/ce/epikur https://help.passbolt.com/releases/ce/epikur This release is a minor maintenance release focused on security, performance and compatibility optimization. It includes some security fixes related to a security audit that was performed by Cure53 on the new account recovery feature. Long story short, while the security researchers found some weaknesses, no exploitable vulnerability was found.... Wed, 27 Jul 2022 10:00:00 +0200 v3.6.0 | New Morning https://help.passbolt.com/releases/ce/new-morning https://help.passbolt.com/releases/ce/new-morning The team is pleased to announce the v3.6 immediate availability which, as you may already have seen, includes a design refresh of the application. On top of that, this release ships with some more improvements and fixes. Performance boost on the client cryptographic operations; Additional key validations on setup for... Wed, 25 May 2022 14:00:00 +0200 v3.5.0-2 | Wide Open https://help.passbolt.com/releases/ce/wide-open-2 https://help.passbolt.com/releases/ce/wide-open-2 This release contains some important package changes that needs to be done before the 18th of May 2022. Make sure your follow the guide below. This release contains some important changes to the packages for Passbolt API. If you installed passbolt from source or using docker, you are not affected.... Wed, 13 Apr 2022 02:00:00 +0200 v3.5.0 | Wide Open https://help.passbolt.com/releases/ce/wide-open https://help.passbolt.com/releases/ce/wide-open This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.5 immediate availability which includes the most awaited launch of the iOS and Android Mobile applications (currently pending... Tue, 18 Jan 2022 01:00:00 +0100 v3.4.0 | Black Sunrise https://help.passbolt.com/releases/ce/black-sunrise https://help.passbolt.com/releases/ce/black-sunrise This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the v3.4 immediate availability which includes new features as well as some fixes requested by the community. In a... Tue, 07 Dec 2021 01:00:00 +0100 v3.3.0 | Senior Elfo https://help.passbolt.com/releases/ce/senior-elfo https://help.passbolt.com/releases/ce/senior-elfo This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the much awaited v3.3 which includes new features as well as some fixes requested by the community. It’s been... Wed, 27 Oct 2021 02:00:00 +0200 v3.2.0 | La Clé Des Champs https://help.passbolt.com/releases/ce/la-cle-des-champs https://help.passbolt.com/releases/ce/la-cle-des-champs This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce that the much awaited “Internationalisation” feature is available to Passbolt Pro, Passbolt Cloud (in progress) as well as Passbolt... Mon, 31 May 2021 14:00:00 +0200 v3.1.0 | Sea https://help.passbolt.com/releases/ce/love-over-entropy-sea https://help.passbolt.com/releases/ce/love-over-entropy-sea This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3.1. This release introduces several new features, most notably the ability to update... Thu, 18 Mar 2021 13:00:00 +0100 v3.0.0 | Our House https://help.passbolt.com/releases/ce/v300-our-house https://help.passbolt.com/releases/ce/v300-our-house This release introduces some new dependencies and database changes. Make sure you follow the update documentation to roll out this new version. Read the doc The team is pleased to announce the immediate availability of Passbolt version 3. As you may have noticed with the earlier release in January and... Wed, 10 Mar 2021 13:00:00 +0100 v2.13.5 | Stomp (Remix) https://help.passbolt.com/releases/ce/v2135-stomp https://help.passbolt.com/releases/ce/v2135-stomp This is a small maintenance release. It ships with a few bug fixes and improvements for the web extension. Changelog API [2.13.5] 2019-07-29 Fixed Fix display a validation error when db password contains a quote or db name contain a dash Fix email notification settings bootstrap messes up non persistent... Wed, 22 Jul 2020 14:00:00 +0200 v2.13.1 | Stomp https://help.passbolt.com/releases/ce/v2131-stomp https://help.passbolt.com/releases/ce/v2131-stomp This is a small maintenance release. It fixes a bug introduced with the latest release. Thank you to everyone who helped us test and iron out the last kinks! In other news, we just published an article on the blog to explain why passbolt requires an extension. Changelog API Fixed... Tue, 07 Jul 2020 10:00:00 +0200 v2.13.0 | Hammer to Fall https://help.passbolt.com/releases/ce/v2130-hammer-to-fall https://help.passbolt.com/releases/ce/v2130-hammer-to-fall This release introduces some database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc The team is pleased to announce the availability of Passbolt CE v2.13. This release includes new functionalities, most notably the email digest functionality. Email digest The email... Wed, 24 Jun 2020 18:55:00 +0200 v2.12.1 | Never Gonna Give You Up https://help.passbolt.com/releases/ce/v2121-never-gonna-give-you-up https://help.passbolt.com/releases/ce/v2121-never-gonna-give-you-up This release contains a security fix, please update your server as soon as possible. Make sure you follow the minor update documentation to roll out this new version. Read the doc This is a small maintenance release in order to update to jQuery v3.5. The library released an important security... Tue, 14 Apr 2020 18:30:00 +0200 v2.12.0 | Call Me https://help.passbolt.com/releases/ce/v2120-call-me https://help.passbolt.com/releases/ce/v2120-call-me This release is mainly a maintenance release. It ships with several fixes, mainly regarding the web extension. The previously published extension version contained some security fix for an issue in the quick access suggestion system reported by security researcher Rene Kroka. You can learn more about it on the incident... Fri, 06 Dec 2019 12:05:00 +0100 v2.11.0 | Don't You (Forget about me) https://help.passbolt.com/releases/ce/v2110-dont-you https://help.passbolt.com/releases/ce/v2110-dont-you Passbolt1 v2.11 is maintenance release containing security fixes. Extension update will be rolled out automatically to your users like usual, but as an administrator you will need to update your server. This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new... Wed, 07 Aug 2019 08:30:00 +0200 v2.10.0 | Owner of a Lonely Heart https://help.passbolt.com/releases/ce/v2100-owner-of-a-lonely-heart https://help.passbolt.com/releases/ce/v2100-owner-of-a-lonely-heart This release ships with some nice improvements, notably the apparition of the administration dashboard for the Community Edition. This dashboard only contains one section for now: email notification settings. However, some more sections will appear in the next releases as the idea is to remove completely the pain point of... Thu, 16 May 2019 14:00:00 +0200 v2.9.0 | Paint it black https://help.passbolt.com/releases/ce/v290-paint-it-black https://help.passbolt.com/releases/ce/v290-paint-it-black This release introduces some security fixes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation This release introduces the ability to create entries directly from the quickaccess menu, in the browser toolbar. fig. Creating an entry from quickaccess It... Wed, 24 Apr 2019 14:00:00 +0200 v2.8.4 | Where is my mind https://help.passbolt.com/releases/ce/v284-where-is-my-mind https://help.passbolt.com/releases/ce/v284-where-is-my-mind This release is mainly a maintenance release. It ships with more performance improvements and fixes a few bugs reported by the community. The API has also now been fully documented. It is in 2 parts: the API documentation which is available on our help website, and the API reference which... Wed, 17 Apr 2019 19:00:00 +0200 v2.8.3 | Blue Monday https://help.passbolt.com/releases/ce/v283-blue-monday https://help.passbolt.com/releases/ce/v283-blue-monday This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release ships with the much awaited “quick access” and “auto-fill” features. It is now possible to access your passwords directly from the browser... Mon, 01 Apr 2019 02:00:00 +0200 v2.7.1 | Welcome To The Jungle https://help.passbolt.com/releases/ce/v271-welcome-to-the-jungle https://help.passbolt.com/releases/ce/v271-welcome-to-the-jungle This release contains one fix, a regression in the web installer shipped with v2.7.0. PASSBOLT-3416: Fix the uses of php short tags in the webinstaller template files Wed, 13 Feb 2019 01:00:00 +0100 v2.7.0 | Jump https://help.passbolt.com/releases/ce/v270-jump https://help.passbolt.com/releases/ce/v270-jump This release introduces some security fixes, new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version as soon as possible. Update documentation The main focus of this release was to improve the performance and reactivity of the application, as well as... Mon, 11 Feb 2019 01:00:00 +0100 v2.5.0 | Thunderstruck https://help.passbolt.com/releases/ce/v250-thunderstruck https://help.passbolt.com/releases/ce/v250-thunderstruck This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release greatly simplifies the passbolt installation process. It ships with automated scripts for your favorite distributions (Debian 9, CentOS 7 and Ubuntu 18.04)... Thu, 15 Nov 2018 01:00:00 +0100 v2.4.0 | Final Countdown https://help.passbolt.com/releases/ce/v240-final-countdown https://help.passbolt.com/releases/ce/v240-final-countdown This release introduces some new dependencies and database changes. Make sure you follow the minor update documentation to roll out this new version. Read the doc This release introduce the ability for users to select multiple passwords and perform a bulk action such as delete or share. This was a... Thu, 11 Oct 2018 13:11:11 +0200 v2.3.0 | Shine On You Crazy Diamond https://help.passbolt.com/releases/ce/v230-shine-on-you-crazy-diamond https://help.passbolt.com/releases/ce/v230-shine-on-you-crazy-diamond This release introduces a much awaited improvement which now allows when deleting a user to transfer blocking permissions. This release brings a few small user interfaces and improvements, such as placeholder labels when something, like the resource description, is empty. fig. Example of user delete screen with permissions transfer Thanks... Wed, 05 Sep 2018 02:00:00 +0200 v2.2.0 | I want to break free https://help.passbolt.com/releases/ce/v220-i-want-to-break-free https://help.passbolt.com/releases/ce/v220-i-want-to-break-free Please note that Passbolt API V1.x will be officially unmaintained from 1st of September 2018. If you haven’t upgraded to V2.x yet, it is strongly advised to do it now since the next versions of the browser extension will not be compatible anymore with V1.x branch. This release is mainly... Mon, 13 Aug 2018 02:00:00 +0200 v2.1.0 | Loungin https://help.passbolt.com/releases/ce/v210-loungin https://help.passbolt.com/releases/ce/v210-loungin This release includes a major rewrite of the javascript front-end code with an upgrade to CanJS version 3. We are very pleased by this upgrade as it will also us to ship features faster in the future. Another simple but notable improvement is the ability to copy the username to... Thu, 14 Jun 2018 02:00:00 +0200 v2.0.9 | Cold Vein https://help.passbolt.com/releases/ce/v209-cold-vein https://help.passbolt.com/releases/ce/v209-cold-vein This is a maintenance release for passbolt web extension that fixes issues reported by the community. Web Extension Bug fixes Fix content scripts should not be inserted if they are already present. Fix auth pagemod should insert script when a redirection is set in url Fix json.headers should be json.header... Wed, 09 May 2018 02:00:00 +0200 v2.0.8 | They Reminisce https://help.passbolt.com/releases/ce/v208-untitled https://help.passbolt.com/releases/ce/v208-untitled This is a maintenance release for passbolt web extension that fixes issues reported by the community.Web ExtensionBug fixes Fix backward compatibility issue with search user API v1. Wed, 09 May 2018 02:00:00 +0200 v2.0.7 | Struggle https://help.passbolt.com/releases/ce/v207-struggle https://help.passbolt.com/releases/ce/v207-struggle Security notice: Nginx user, please review your configuration file to make sure you are using the correct application root. It should be: /var/www/passbolt/webroot Read more This release fixes issues introduced by the v2.0.5 both in the webextension and in the API. As you can see version v2.0.6 is skipped in... Wed, 09 May 2018 02:00:00 +0200 v2.0.5 | Everyday struggle https://help.passbolt.com/releases/ce/v205-everydaystruggle https://help.passbolt.com/releases/ce/v205-everydaystruggle This is a maintenance for both Passbolt Pro and Community edition. It fixes issues reported by the community such as the vulnerability reported by Matthias vd Meent, considering the use of an unsecure pseudo random number generator when generating passwords. You can learn more about the issue on the dedicated... Tue, 08 May 2018 02:00:00 +0200 v2.0.4 | Something we all adore https://help.passbolt.com/releases/ce/v204-somethingwealladore https://help.passbolt.com/releases/ce/v204-somethingwealladore This is a maintenance release that fixes issues reported by the community.Passbolt APIFixed COMMUNITY-599: Make email MX validation optional and not enabled by default GITHUB-247: Fix secrets are not deleted when deleting a group or a user Thu, 26 Apr 2018 02:00:00 +0200 v2.0.3 | Definition https://help.passbolt.com/releases/ce/v203-definition https://help.passbolt.com/releases/ce/v203-definition This is a maintenance release that improves compatibility with CentOS 7.Passbolt APIFixed PASSBOLT-2849: Fix issue with the permissions query and MariaDB 5.5 PASSBOLT-2848: Fix unsafe mode and ssl offloading Fri, 20 Apr 2018 02:00:00 +0200 v2.0.2 | Mass Appeal https://help.passbolt.com/releases/ce/v202-mass-appeal https://help.passbolt.com/releases/ce/v202-mass-appeal This is a maintenance release that fixes a bug related to the v1 database migration. Thanks to @shochdoerfer for his contribution. Passbolt API Improved GITHUB-242: Add Auto-Submitted header to the email notifications Fixed PASSBOLT-2806: Force database columns charset and collation PASSBOLT-2781: Increase length of resource uri field in model validation... Tue, 17 Apr 2018 02:00:00 +0200 v2.0.1 | Knock You Out https://help.passbolt.com/releases/ce/v201-knock-you-out https://help.passbolt.com/releases/ce/v201-knock-you-out This is a maintenance release that fixes a regression introduced in v2.0.0. Many thanks to @odyx for his blazing fast reaction at reporting the bug and submitting a fix. Passbolt API Improved PASSBOLT-2511: Improve healthcheck tables list so that tables are listed per major version Fixed GITHUB-239: Fix unsafe mode... Tue, 10 Apr 2018 02:00:00 +0200 v2.0.0 | Insomnia https://help.passbolt.com/releases/ce/v200-insomnia https://help.passbolt.com/releases/ce/v200-insomnia This is not an April fool! Passbolt v2.0.0 is ready and available for download. Kindly note that this is a major version release. If you are still running on the v1.x branch, you will need to follow a specific upgrade procedure. The main aspect of this release is the upgrade... Tue, 10 Apr 2018 02:00:00 +0200 v2.0.0-rc2 | Planète mars https://help.passbolt.com/releases/ce/v200-rc2-planete-mars https://help.passbolt.com/releases/ce/v200-rc2-planete-mars This releases fixes a few issues reported by the passbolt users that have switched to the v2.0.0-RC1. It also ships with a few cosmetic improvements as well as new healthchecks and debug tools to ease the installation process. For example you can now call the following command to send a... Tue, 20 Feb 2018 01:00:00 +0100 v2.0.0-rc1 | The Message https://help.passbolt.com/releases/ce/v200-rc1-the-messsage https://help.passbolt.com/releases/ce/v200-rc1-the-messsage The main aspect of this release is the upgrade of the passbolt api code base to CakePHP v3. It also ships with improvements such as a simplified configuration system, a better XSS protection and more tolerant validation rules. See the full list below. This release is a complete rewrite of... Sat, 13 Jan 2018 01:00:00 +0100 v1.0.12 | Brick House https://help.passbolt.com/releases/ce/v1012-brickhouse https://help.passbolt.com/releases/ce/v1012-brickhouse This release brings an interesting new feature: the possibility to see the list of the users a password is shared with at a glance, directly from the sidebar. v1.0.12 also comes with its fair share of bug fixes, and some UI improvements. As usual, we have also worked on increasing... Tue, 31 May 2016 02:00:00 +0200 v1.0.11 | Soul Makossa https://help.passbolt.com/releases/ce/v1011-soulmakossa https://help.passbolt.com/releases/ce/v1011-soulmakossa This release brings some new email notifications. Until now you could only receive a notification when someone was sharing a password with you. With this new set of features you will also receive a nudge when someone comment, edit or delete a password that you own (or that is shared... Mon, 16 May 2016 02:00:00 +0200 v1.0.10 | Sittin' on the dock https://help.passbolt.com/releases/ce/v1010-dockofthebay https://help.passbolt.com/releases/ce/v1010-dockofthebay This release most notable improvement is a health-check page that can help administrators diagnose what is the status of their installation. This week we are still ironing out a few bugs and environment related issues. fig. example /healthcheck screen A big thank you to Alexis Vachette and Ebrahim Imami who... Tue, 03 May 2016 02:00:00 +0200 v1.0.9 | Let's stay together https://help.passbolt.com/releases/ce/v109-letsstaytogether https://help.passbolt.com/releases/ce/v109-letsstaytogether This release was mainly about bug fixes. Also, thanks to an article in the awesome magazine LinuxFR more people are trying to install passbolt on their own machine, so we published a new page containing updated installation instructions. Passbolt API Added improvements PASSBOLT-1495: Update installation instructions in README file. Passbolt... Mon, 25 Apr 2016 02:00:00 +0200 v1.0.8 | Lovely Day https://help.passbolt.com/releases/ce/v108-lovelyday https://help.passbolt.com/releases/ce/v108-lovelyday This is a small release, as we are busy collecting feedbacks from all of our early users. Thanks for all the positive vibes! Passbolt API Fixed bugs PASSBOLT-1445: As a LU viewing someone else comment I should not see the delete comment button. PASSBOLT-1402: As LU, In the comment thread... Fri, 15 Apr 2016 02:00:00 +0200 v1.0.7 | Ring my bell https://help.passbolt.com/releases/ce/v107-ringmybell https://help.passbolt.com/releases/ce/v107-ringmybell This week we rolled out a new homepage as you may have noticed. We also revamped the password workspace when no password are present. The nest illustration you can now see in place of the original void is a courtesy of our beloved Arthur Duarte. Check out his work. A... Tue, 05 Apr 2016 02:00:00 +0200 v1.0.6 | Boogie Wonderland https://help.passbolt.com/releases/ce/v106-boogiewonderland https://help.passbolt.com/releases/ce/v106-boogiewonderland Another release mostly focusing on bug fixes. Big shout out to our testers: Lilian, Nikki, Marcin and Vrindha! The only major new functionality is the release of a first version of a slack plugin for passbolt. You can now track the signup in slack. Get in touch with us if... Tue, 29 Mar 2016 02:00:00 +0200 v1.0.5 | Move On Up https://help.passbolt.com/releases/ce/v105-moveonup https://help.passbolt.com/releases/ce/v105-moveonup That’s one small release for both the browser add-on and the API but a giant leap for the project. Passbolt officially in Private Alpha and the first testers are starting to give us feedback. A big thank you to our first testers: Karthik, Lilian, Amitav and Parbhjot! It is also... Tue, 22 Mar 2016 01:00:00 +0100", +"url": "https://help.passbolt.com/releases/ce.rss" },"api-permissions-read": { "title": "View resource permissions", "category": "api,permissions,read", @@ -571,26 +510,6 @@

    Oh, no! Your search did not match any documents...

    "category": "api,secrets,read", "content": "Secret endpoints are used to manage secrets on a Resource.## The Secret object Attribute Type Description Format id String Unique ID of the secret object in UUID format. UUID user_id String The target user id in UUID format. This is the user whose public key was used to encrypt the plaintext password. UUID resource_id String The target resource id in UUID format. UUID data String PGP encrypted plaintext password. ASCII Armored binary to textual format. created String Datetime when the resource was created ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 modified String Datetime when the resource was last modified ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 ## View a resource's secretTo get a resource’s secret you can make the following request:```GET /secrets/resource/.json```### Possible responses Code Description 200 OK Response includes the Secret object. 400 Bad Request The resource id is not valid. 403 Authentication Failure The user making the request is not authenticated. 404 Not Found The secret does not exist. ### Example RequestSo a request to get secret for a resource identified by `8e3874ae-4b40-590b-968a-418f704b9d9a` will look like ```https://www.passbolt.test/secrets/resource/8e3874ae-4b40-590b-968a-418f704b9d9a.json```Upon success this will return a payload like this{% include api/json/secrets/secrets-view-success.md %}### Retrieving the plaintext passwordPlease note that the returned secret is encrypted using the public key of the user making the request. To retrieve the plaintext password, you must decrypt it using the associated secret key.{% include messages/notice.html content=\"The plaintext password is encrypted using the user's public key it's shared with. So to decrypt it, you must have secret/private key of that user in your keyring.\"%}In the example above, the string under the key `data` is the encrypted plaintext password. To decrypt it to retrieve the plaintext password, you can use `gpg -d` or `gpg --decrypt` command. Here is an example```bash$ echo \"\" | gpg -d```It should output the plaintext password on the console.```bash$ echo \"\" | gpg -dgpg: encrypted with 4096-bit RSA key, ID 7A8E6D66F5DC4C49, created 2019-03-13 \"Abhinav Kumar \"hello ``` In the example above \"hello\" is the plaintext password.", "url": "https://help.passbolt.com/api/secrets" -},"configure-sso": { -"title": "SSO", -"category": "configure", -"content": " {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} {% assign proCategories = \"configure|sso\" | split: \"|\" %} {% include cards/jmy-section-cards.html section='configure' sub='sso' title='Configure Single Sign-On' categories=proCategories %} ", -"url": "https://help.passbolt.com/configure/sso" -},"configure-totp": { -"title": "TOTP", -"category": "configure", -"content": " {% include sidebar/sub-section-home.html section='configure' sub=page.slug %} {% assign proCategories = \"configure|totp\" | split: \"|\" %} {% include cards/jmy-section-cards.html section='configure' sub='totp' title='Configure TOTP' categories=proCategories %} ", -"url": "https://help.passbolt.com/configure/totp" -},"hosting-update": { -"title": "Update", -"category": "hosting", -"content": " {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} {% include breadcrumbs/default.html slug=page.slug %} {% assign debCategories = \"hosting|update\" | split: \"|\" %} {% include cards/jmy-section-cards.html section='hosting' sub='update' title='Update your passbolt instance' categories=debCategories %} ", -"url": "https://help.passbolt.com/hosting/update" -},"hosting-upgrade": { -"title": "Upgrade", -"category": "hosting", -"content": " {% include sidebar/sub-section-home.html section='hosting' sub=page.slug %} {% include breadcrumbs/default.html slug=page.slug %} {% assign ceCategories = \"hosting|upgrade|ce\" | split: \"|\" %} {% include cards/jmy-section-cards.html section='hosting' sub='upgrade' title='Community edition' categories=ceCategories %} {% assign proCategories = \"hosting|upgrade|pro\" | split: \"|\" %} {% include cards/jmy-section-cards.html section='hosting' sub='upgrade' title='Pro edition' categories=proCategories %} ", -"url": "https://help.passbolt.com/hosting/upgrade" },"api-users-create": { "title": "Users Create", "category": "api,users,create", @@ -626,41 +545,6 @@

    Oh, no! Your search did not match any documents...

    "category": "api,users", "content": "User are entities with the ability to interact with the application.They are usually represented by one person and have a unique username. The User object returned by the API hence contains the relevant associated fields like [Gpgkeys](/api/gpgkeys), [Roles](/api/roles), `profile`, `avatar`, etc.## The User object Attribute Type Description Format id String Unique ID of the user in UUID format. UUID created String Datetime when the user was created ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 active Boolean Whether the user is active true/false deleted Boolean Whether the user has been deleted true/false modified String Datetime when the user was last modified ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 username String User's username/email Email role_id String UUID of user's role UUID profile Object User's profile object Check Profile object role Object User's role object Check Role object gpgKey Object User's key object Check GPGKey object last_logged_in String Datetime of last successful login ISO 8601 Datetime format 2014-02-01T09:28:56.321-10:00 ## Example```jsonn{ \"id\": \"f848277c-5398-58f8-a82a-72397af2d450\", \"role_id\": \"a58de6d3-f52c-5080-b79b-a601a647ac85\", \"username\": \"ada@passbolt.com\", \"active\": true, \"deleted\": false, \"created\": \"2019-02-17T14:45:22+00:00\", \"modified\": \"2019-03-17T14:45:22+00:00\", \"profile\": { \"id\": \"99522cc9-0acc-5ae2-b996-d03bded3c0a6\", \"user_id\": \"f848277c-5398-58f8-a82a-72397af2d450\", \"first_name\": \"Ada\", \"last_name\": \"Lovelace\", \"created\": \"2019-04-17T14:45:23+00:00\", \"modified\": \"2019-04-17T14:45:23+00:00\", \"avatar\": { \"id\": \"6727ccef-a6c4-4c38-ac57-a1152784e0a1\", \"user_id\": \"f848277c-5398-58f8-a82a-72397af2d450\", \"foreign_key\": \"99522cc9-0acc-5ae2-b996-d03bded3c0a6\", \"model\": \"Avatar\", \"filename\": \"ada.png\", \"filesize\": 170049, \"mime_type\": \"image\\/png\", \"extension\": \"png\", \"hash\": \"97e36ab6528e26e3b9f988444ef490f125f49a39\", \"path\": \"Avatar\\/f4\\/18\\/05\\/6727ccefa6c44c38ac57a1152784e0a1\\/6727ccefa6c44c38ac57a1152784e0a1.png\", \"adapter\": \"Local\", \"created\": \"2019-04-15T14:11:46+00:00\", \"modified\": \"2019-04-15T14:11:46+00:00\", \"url\": { \"medium\": \"img\\/public\\/Avatar\\/f4\\/18\\/05\\/6727ccefa6c44c38ac57a1152784e0a1\\/6727ccefa6c44c38ac57a1152784e0a1.a99472d5.png\", \"small\": \"img\\/public\\/Avatar\\/f4\\/18\\/05\\/6727ccefa6c44c38ac57a1152784e0a1\\/6727ccefa6c44c38ac57a1152784e0a1.65a0ba70.png\" } } }, \"groups_users\": [], \"role\": { \"id\": \"a58de6d3-f52c-5080-b79b-a601a647ac85\", \"name\": \"user\", \"description\": \"Logged in user\", \"created\": \"2012-07-04T13:39:25+00:00\", \"modified\": \"2012-07-04T13:39:25+00:00\" }, \"gpgkey\": { \"id\": \"04481719-5d9d-5e22-880a-a6b9270601d2\", \"user_id\": \"f848277c-5398-58f8-a82a-72397af2d450\", \"armored_key\": \"-----BEGIN PGP PUBLIC KEY BLOCK-----\", \"bits\": 4096, \"uid\": \"Ada Lovelace \\u003Cada@passbolt.com\\u003E\", \"key_id\": \"5D9B054F\", \"fingerprint\": \"03F60E958F4CB29723ACDF761353B5B15D9B054F\", \"type\": \"RSA\", \"expires\": \"2019-08-09T12:48:31+00:00\", \"key_created\": \"2015-08-09T12:48:31+00:00\", \"deleted\": false, \"created\": \"2019-04-17T14:45:26+00:00\", \"modified\": \"2019-04-17T14:45:26+00:00\" }}```", "url": "https://help.passbolt.com/api/users" -},"configure-ldap-configuration-from-file": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/ldap-configuration-from-file" -},"configure-notification-email-htm": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/notification/email.htm" -},"configure-notifications-email": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/notifications/email" -},"configure-ldap-with-ssl": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/ldap-with-ssl" -},"configure-email": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/email" -},"configure-ldap": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/ldap" -},"configure-reference": { -"title": "", -"category": "", -"content": "", -"url": "https://help.passbolt.com/configure/reference" },"releases-ce-v281-blue-monday": { "title": "", "category": "", @@ -684,7 +568,7 @@

    Oh, no! Your search did not match any documents...

    },"redirects-json": { "title": "", "category": "", -"content": "{\"/configure/ldap-configuration-from-file\":\"https://help.passbolt.com/configure/ldap/ldap-from-configuration-file.html\",\"/configure/notification/email.htm\":\"https://help.passbolt.com/configure/notification/email\",\"/configure/notifications/email\":\"https://help.passbolt.com/configure/notification/email\",\"/configure/ldap-with-ssl\":\"https://help.passbolt.com/configure/ldap/ldap-with-ssl.html\",\"/configure/email\":\"https://help.passbolt.com/configure/email/setup.html\",\"/hosting/update/vm-update.html\":\"https://help.passbolt.com/hosting/update/debian-package.html\",\"/hosting/update/ami-update.html\":\"https://help.passbolt.com/hosting/update/debian-package.html\",\"/hosting/update/do-update.html\":\"https://help.passbolt.com/hosting/update/debian-package.html\",\"/configure/ldap\":\"https://help.passbolt.com/configure/ldap/setup.html\",\"/configure/reference\":\"https://help.passbolt.com/configure/environment/reference.html\",\"/releases/ce/v281-blue-monday\":\"https://help.passbolt.com/releases/ce/v283-blue-monday\",\"/releases/ce/v282-blue-monday\":\"https://help.passbolt.com/releases/ce/v283-blue-monday\",\"/releases/pro/v281-blue-monday\":\"https://help.passbolt.com/releases/pro/v283-blue-monday\",\"/releases/pro/v282-blue-monday\":\"https://help.passbolt.com/releases/pro/v283-blue-monday\"}", +"content": "{\"/releases/ce/v281-blue-monday\":\"https://help.passbolt.com/releases/ce/v283-blue-monday\",\"/releases/ce/v282-blue-monday\":\"https://help.passbolt.com/releases/ce/v283-blue-monday\",\"/releases/pro/v281-blue-monday\":\"https://help.passbolt.com/releases/pro/v283-blue-monday\",\"/releases/pro/v282-blue-monday\":\"https://help.passbolt.com/releases/pro/v283-blue-monday\"}", "url": "https://help.passbolt.com/redirects.json" },"feed-xml": { "title": "", @@ -702,18 +586,6 @@

    Oh, no! Your search did not match any documents...

    "content": "Sitemap: {{ \"sitemap.xml\" | absolute_url }}", "url": "https://help.passbolt.com/robots.txt" }, -"faq-configure-enable-disable-import-export-plugins": { -"title": "How can I enable or disable import / export plugins", -"category": "configure", -"content": "By default, the import and export plugins are enabled for all your users, which can be an issue for some admins.Toggle the import or export pluginYou can either remove the corresponding entries inside the plugins section, since the plugins are activated by default.Otherwise, if you prefer it to be explicit, you can add the section below to your /etc/passbolt/passbolt.php file:return [ /* Locate or add the passbolt section */ 'passbolt' => [ /* Locate or add the plugins section */ 'plugins' => [ 'import' => [ 'enabled' => false, ], 'export' => [ 'enabled' => false, ], ] ]]", -"url": "https://help.passbolt.com/faq/configure/enable-disable-import-export-plugins" -}, -"faq-configure-performance-tweaks": { -"title": "Some potential performance tweaks", -"category": "configure", -"content": "Table of contents: Table of contents: Introduction Database PHP FPM NginxIntroductionAt Passbolt, we are constantly striving to enhance performance, introduce new functionality, and refine existing features.The default settings that come with Passbolt are suitable for the majority of our users. However, if you have a significant number of users or groups who have access to hundreds or thousands of secrets, the defaults may not meet your performance expectations.To address this, we have created this guide to help you optimize Passbolt’s performance.If you prefer not to make these adjustments, please let us know which areas of Passbolt are slowing down for you, and we will consider incorporating improvements in future releases.Database Important: This assumes you are running your database on the same host as your Passbolt installation One database improvement that can be made is to skip the reverse DNS lookup in MySQL/MariaDB. To do this you will need to:Ensure the passbolt user in the database is allowed to connect via 127.0.0.1 and not just localhost:[mysql]> GRANT USAGE ON *.* TO `passboltadmin`@`127.0.0.1` IDENTIFIED BY PASSWORD `<insert password hash here>`;[mysql]> GRANT ALL PRIVILEGES ON `passboltdb`.* TO `passboltadmin`@`127.0.0.1`;[mysql]> FLUSH PRIVILEGES;You can find the password hash by running:[mysql]> use mysql;[mysql]> select user, host, password from user where user = ‘passboltadmin’;Both above samples assume user is named passboltadmin and the database is named passboltdb, actual values may be different depending on what was chosen during installation.Edit your mysql configuration file, search for [mysqld] block and add:# Skip reverse DNS lookupskip-name-resolveThen restart mysql:systemctl restart mysqlYou will then need to adjust your Passbolt configuration to point to 127.0.0.1 instead of localhost if it is set to localhostPHP FPMThere are two values which you can change to increase the resources that PHP is able to use. These are memory_limit and pm.max_childrenYou can adjust memory_limit by editing the /etc/php/X.X/fpm/php.ini file where X.X is your PHP version.You can adjust pm.max_children by editing the /etc/php/X.X/fpm/pool.d/www.conf file where X.X is your PHP version. Since you edited the php configuration, you will need to restart php-fpm to apply those changes. It’s important to run sudo systemctl restart phpX.X-fpm where X.X is your PHP version NginxFor Nginx our recommendation is less about making it more performant, but rather increasing a timeout so that your users don’t experience as many errors if they are regularly running into time outs. You can do this by editing the value for keepalive_timeout in your Nginx config file.", -"url": "https://help.passbolt.com/faq/configure/performance-tweaks" -}, "faq-contribute-code-contribution": { "title": "How can I contribute with code?", "category": "contribute", @@ -756,144 +628,6 @@

    Oh, no! Your search did not match any documents...

    "content": "You can find the code of conduct below.Code of conductThis Code of Conduct applies to all of us: Passbolt staff, contributors, maintainers and participants in any campaigns, projects, and communities under the Passbolt name.We expect this Code of Conduct to be followed in any ticketing system, social network, forum, mailing list, IRC channel, wiki, web site, private correspondence, online and offline event or meeting.Gender policyPassbolt is committed to creating a community that is safe, welcoming, and inclusive for everyone, regardless of gender or gender identity. We recognize that gender-based discrimination, harassment, and prejudice can have a negative impact on individuals and the community as a whole, and we strive to prevent such behavior.Inclusion and DiversityWe value diversity and recognize the importance of having a community that reflects a variety of perspectives and experiences. We are committed to creating an environment that welcomes and embraces individuals of all genders, including those who identify as non-binary, genderqueer, or transgender. We actively encourage the participation of individuals of all genders in our community.Anti-DiscriminationWe do not tolerate discrimination based on gender, gender identity or expression, or any other characteristic protected by applicable law. We will not accept any form of derogatory remarks, images, or exclusion from activities or opportunities.AccommodationsWe strive to create an environment that is accessible and accommodating to all individuals, regardless of gender or gender identity. We will work with individuals to ensure that they have access to the resources and accommodations they need to participate fully in our community.Anti-harassment policyWe pledge to respect everyone who contributes to this project in any way.We welcome contributions from everyone regardless of geographical location, age, culture, ethnicity, gender, gender-identity, language, disability, physical appearance, sexual orientation and religious views.We do not tolerate harassment of participants in any form. Personal attacks, hate speech, trolling, baiting, spamming, any intentional form of discrimination, unwelcome sexual attention or imagery, deliberate intimidation, physical threats, stalking or any other kind of bad behaviour will be dealt with decisively.Offenders will be temporarily or permanently banned from communicating through Passbolt’s systems and events or otherwise penalised. These rules may be enforced at the discretion of Passbolt staff by removing issues, comments, blocking or reporting accounts and banning from online or public meetings.Interaction principlesWe pledge to adhere to following principles when interacting with each other:Be respectful: there will always be people with whom we may disagree or find it difficult to cooperate. We will, however, take a deep breath if we need to and then remain respectful.Agree to disagree: decisions are often a difficult choice between competing priorities and there are many ways of reaching our common goals. If we disagree, we will do so politely.Assume good faith: when we disagree we do not assume the worst, it is unlikely a participant is intentionally trying to degrade the quality of a discussion or product. We will assume best intentions in our interactions.Welcome other perspectives: we actively seek to be open to ideas that make our own ideas better. We empower others to speak and will strive to make diversity and inclusion intentional. We welcome contributions from everyone as long as they interact constructively with our community.Be concise: we try to be concise and avoid repeating what has already been said. We try to stay on topic, especially in discussions that are already fairly large.Be transparent: we are open about what we are working on to allow others to participate. We are also transparent about our mistakes to allow others tolearn and avoid repeating them.Handling issuesIf you are subject to or witness unacceptable behavior, or have any other concerns, please email us at contact@passbolt.comDate of Last UpdateThis code of conduct was last updated on November 21st, 2017.", "url": "https://help.passbolt.com/faq/contribute/code-of-conduct" }, -"faq-discover-what-is-passbolt": { -"title": "What is passbolt?", -"category": "discover", -"content": "Passbolt is a free and open source password manager that allows team members to store and share credentials securely.For instance, the wifi password of your office, the administrator password of a router or your organisation socialmedia account password, all of them can be secured using passbolt.Um, the TL;DR? Free & Open source Designed for teams Extensible API", -"url": "https://help.passbolt.com/faq/discover/what-is-passbolt" -}, -"faq-discover-why": { -"title": "Why do I need a password manager?", -"category": "discover", -"content": "A password manager allows you to comfortably implement best security practices and therefore reduces the risks foryou and your organisation.With a password manager you can prevent your team from reusing the same password on multiple systems.You can also make sure they generate stronger passwords by default, since they do not have to remember them anymore.It also makes it easier to rotate credentials, e.g. help you change your passwords regularly, every 40 days for example.Additionally, having an overview of who has access to what, allows you to reset passwords when somebody leavesyour organisation. Reciprocally it can also help facilitate when someone is joining your team, since a new membercan easily be given access to the all the password they need. It also prevents loss of credentials since you canperform backups.Um, the TL;DR? Decrease password reuse Implement password rotation Increase password strength Help on-boarding new member", -"url": "https://help.passbolt.com/faq/discover/why" -}, -"faq-discover-how-does-it-work": { -"title": "How does it work?", -"category": "discover", -"content": " fig. password exchange using passboltIn a nutshell: Ada has a password to share with betty Ada encrypts the password using passbolt plugin and Betty public key The password is sent encrypted over HTTPS to the server The password is stored on the passbolt server Betty receives and email notification Betty logs in to passbolt Betty using her private key decrypts the password and uses it to login!", -"url": "https://help.passbolt.com/faq/discover/how-does-it-work" -}, -"faq-discover-how-is-different": { -"title": "How is passbolt different from other password managers?", -"category": "discover", -"content": "A lot of password solutions focus on personal needs. Passbolt is primarily designed for teams and not individuals.We built passbolt taking into account the needs of small and medium organisations in mind. Moreover passbolt is open source and respectful of your privacy.Passbolt community edition is free.It is also extensible thanks to its restful API.", -"url": "https://help.passbolt.com/faq/discover/how-is-different" -}, -"faq-discover-is-sharing-password-a-bad-practice": { -"title": "Is sharing the same password with multiple users a bad practice?", -"category": "discover", -"content": "Indeed, it is. Wherever possible you should try to have one user account and a unique password per person. However it is not always possible, especially for built-in privileged accounts (like the admin password of a router, a root password on a linux server, your organization instagram / twitter account password, etc.), and this is where passbolt can be of most help.", -"url": "https://help.passbolt.com/faq/discover/is-sharing-password-a-bad-practice" -}, -"faq-discover-can-i-use-passbolt-as-personal-password-manager": { -"title": "I need a personal password manager, can I use passbolt?", -"category": "discover", -"content": "Yes, even though passbolt is primarily design for organizations, you can also use it to store those passwords that you do not want to share with anyone.", -"url": "https://help.passbolt.com/faq/discover/can-i-use-passbolt-as-personal-password-manager" -}, -"faq-discover-why-an-extension": { -"title": "Why do I need a browser extension?", -"category": "discover", -"content": "A browser extension is needed to provide functionalities such as auto filling your passwords when visiting known websites, but more importantly to maintain a higher level of security and provide a secure random number generator.More infoA regular website serves users content in the form of html, javascript, css assets. It may be cached on a content delivery network (CDN) for speed, but everything is coming from one place. In the event of an attacker accessing the server, they may be able to change these assets, such as showing you modified content, or change the application logic.The solution we opted-for to ensure code integrity was to split the application in two parts: Server side: the API who serves encrypted data Client side: the web extension who renders the assets and contains the logic to encrypt/decrypt data.The web extension is published on browsers extension marketplaces (Firefox, Chrome, Edge). Each of them requires the extension to be cryptographically signed by Passbolt developers with a secret key, to make sure nobody can change that code while it is being transmitted from the marketplace. fig. passbolt application and data deliverySome points you must be aware of: The passbolt login page is rendered by the browser extension. By entering your passphrase, you unlock your PGP private key stored in the local storage of your browser to let the extension communicate with the passbolt API and perform the user authentication with GnuPG protocol. Most of passbolt application (passwords, users, or profile namespaces) isn’t rendered by the server but by the browser extension. End-to-end encryption is provided by the browser extension. fig. End to end security using OpenPGPReferences: Why does passbolt require an extension? (Blog post 2020) API Authentication sequence diagram Security white paper", -"url": "https://help.passbolt.com/faq/discover/why-an-extension" -}, -"faq-discover-are-we-there-yet": { -"title": "When will you be releasing feature X or Y?", -"category": "discover", -"content": "If the feature is on our roadmap we will most likely get to it at some point. Good things take time and our capacity to add features depends on how many customers and contributors we have.Please consider supporting us!", -"url": "https://help.passbolt.com/faq/discover/are-we-there-yet" -}, -"faq-discover-feature-priority": { -"title": "How to you prioritize feature development?", -"category": "discover", -"content": "Upcoming new funtionalities are advertised on the roadmap.Passbolt users can propose and upvote for new ideas on the community forum.The more financial contributors (and supporters in general) the quicker we can develop new functionalities.Security vulnerabilities and bugs fixes are to be given a higher priority than new features.Core libraries and framework maintenance upgrade also need to be dealt with proactively.", -"url": "https://help.passbolt.com/faq/discover/feature-priority" -}, -"faq-discover-where-can-i-login": { -"title": "Where can I login?", -"category": "discover", -"content": "Long story short, it depends on your situation, as passbolt can be hostedon-premises or in the cloud.Quick cluesIf you have completed the setupIf you have completed the setup and configured passbolt on your current laptop or desktop,you can click on the passbolt icon in the top right corner of your browser. If youthen click on the passbolt logo it will take you to your passbolt workspace.Check for passbolt emails in your mailboxIn most cases you will have received an email notification from passbolt in the pastin your mailbox. So check your inbox and follow one of the links.Ask for help to your administratorIn doubt you can also ask the person that invited you to passbolt, e.g. the administratorthat setup passbolt for your company.Other cluesYou are using passbolt cloud versionIf you are using passbolt cloud your passwords will be locatedin a workspace in https://cloud.passbolt.com/workspace, whereworkspace is the name of your organization, like https://cloud.passbolt.com/acme.You are using passbolt self-hosted versionIf you are using the self hosted version of passbolt you can contact your administrator,as the self hosted version, much like a blog, can be hosted anywhere.", -"url": "https://help.passbolt.com/faq/discover/where-can-i-login" -}, -"faq-discover-where-to-get-help": { -"title": "Where can I get help?", -"category": "discover", -"content": "For installation issues or an issue specific to your instanceyou can request help from the community on the forum.If you have found a bug you can report it on github.If you require professional support or help to customize passbolt you can get in touch with the team at contact@passbolt.com.", -"url": "https://help.passbolt.com/faq/discover/where-to-get-help" -}, -"faq-hosting-how-to-install": { -"title": "How to install passbolt server", -"category": "hosting", -"content": "There are multiple way to install passbolt. You can install it using Docker or on your favorite distribution.Check out the dedicated documentation page for that topic.", -"url": "https://help.passbolt.com/faq/hosting/how-to-install" -}, -"faq-hosting-how-to-backup": { -"title": "How to make passbolt backups", -"category": "hosting", -"content": "You can (and should) make a backup of your secret key during the setup after generating a new key. You can also do that at any moment when you are logged in the application by going to the profile section.At the moment it is not possible to download a backup of your passwords from the client side. However if you have email notification enabled you should receive a copy of your encrypted passwords by email, which can act as a backup.However on the server side you can make a regular backup of the entire database. Several methods are available and there is plenty of documentation available online.See also How to make passbolt server backup.", -"url": "https://help.passbolt.com/faq/hosting/how-to-backup" -}, -"faq-hosting-how-to-update": { -"title": "How can I update my passbolt server?", -"category": "hosting", -"content": "Check out the dedicated documentation page for that topic.", -"url": "https://help.passbolt.com/faq/hosting/how-to-update" -}, -"faq-hosting-hosting-requirements": { -"title": "What are the minimum server requirements?", -"category": "hosting", -"content": "Passbolt has been reported to work on a large variety of servers.However we recommend you run passbolt using the stable version of a major linux distribution such as Debian,Ubuntu, Centos, etc.The minimum virtual machine specs we recommend: 2 cores 2GB RAM 20GB 10mbps Internet access", -"url": "https://help.passbolt.com/faq/hosting/hosting-requirements" -}, -"faq-hosting-where-to-host": { -"title": "Does passbolt provide hosting?", -"category": "hosting", -"content": "Please check out the service page for a list of current professional offers.", -"url": "https://help.passbolt.com/faq/hosting/where-to-host" -}, -"faq-hosting-installation-issue-help": { -"title": "Where can I get help for installation issues?", -"category": "hosting", -"content": "Community supportIf you are experiencing issues during the installation process you can request help from thecommunity in the forum.Before posting make sure to: read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12 read the tutorials and relevant help section on this site searched for similar issues on the web provide relevant information about the server (component names and versions, etc.) provide a copy of my logs and health check describe the steps you have taken to trouble shoot the problem describe the steps we can take to be able to reproduce the issueProfessional supportIf you need a more rapid response time and more in depth help you can also contactPassbolt SARL, the company behind passbolt, to get professional support services atcontact@passbolt.com.", -"url": "https://help.passbolt.com/faq/hosting/installation-issue-help" -}, -"faq-legal-which-license": { -"title": "Under which license is passbolt distributed?", -"category": "legal", -"content": "Unless stated otherwise in the project’s files distributed on Github, including but not limited to passbolt application and browser extensions, testing and deployment tools, styleguide, documentation and artwork included with the code etc.) Free Software Foundation’s GNU AGPL v3.0.Unless stated otherwise the text and illustrations on this website are available under: Creative Commons BY SA 4.0.For 3rd party libraries the flavor of the open source license will vary (MIT, MPL, etc.), you can check the source for more details.Third party logos (such as Firefox, Docker, JSON, GnuPG, Github, etc.) are the sole property of their respective owners. They are used for illustrative use only. Their respective owners do not endorse passbolt or our use of their products.", -"url": "https://help.passbolt.com/faq/legal/which-license" -}, -"faq-legal-commercial-use": { -"title": "Can I commercially host and distribute Passbolt?", -"category": "legal", -"content": "For Passbolt Community Edition you can if you abide by the AGPL license terms! For the Passbolt Pro Editionyou also need to to abide to the Passbolt subscription terms (tldr: pay the fees, have a valid number of users, etc.).Our goal in selecting the AGPL v3.0, as our default license is to require that the source code is distributed to the end users, so that enhancements can be released back to the community. Traditional open source licenses such as GPL often do not achieve this when the software is runs as a web application, e.g. as hosted application available through a network.If the AGPL v3 does not satisfy your organisation, an alternative open source license (OSI compatible) can be purchased.Feel free to contact us for more details.", -"url": "https://help.passbolt.com/faq/legal/commercial-use" -}, -"faq-legal-review-modify-share": { -"title": "Can I review, modify and share passbolt source code?", -"category": "legal", -"content": "Absolutely. The entire passbolt solution is composed of a free software. Our source code is made available in such a way that all of our users have the rights to: Use the software for any purpose, Change the software to suit their needs, Share the software with their friends and neighbors, Distribute the software and the changes they make.You can learn more about free software on the free software foundation website.", -"url": "https://help.passbolt.com/faq/legal/review-modify-share" -}, -"faq-legal-how-to-sign-cla": { -"title": "How do I sign the Contributor Licence Agreement?", -"category": "legal", -"content": "As part of the pull request process on github you will be asked to electronically sign passbolt CLA, thanks to the CLA Assistant. You only need to do this once. You can also print it and send it to us signed by email at contact@passbolt.com.", -"url": "https://help.passbolt.com/faq/legal/how-to-sign-cla" -}, -"faq-legal-where-is-cla": { -"title": "Where can I find the Contributor Licence Agreement?", -"category": "legal", -"content": "We use the Harmony CLA to protect your rights regarding any contribution you make to our open source projects. You can find our version below:Passbolt Contributor License AgreementThank you for your interest in contribute to Passbolt (“We” or “Us”).This contributor agreement (“Agreement”) documents the rights granted by contributors to Us. To make this document effective, please sign it and send it to Us by email or electronic submission, following the instructions at https://www.passbolt.com/help/legal/cla. This is a legally binding document, so please read it carefully before agreeing to it. The Agreement may cover more than one software project managed by Us.1. Definitions“You” means the the person or legal entity including its affiliates asked to accept this agreement. An affiliate is any entity that controls or is controlled by the legal entity, or is under common control with it.“Contribution” means any work of authorship that is Submitted by You to Us in which You own or assert ownership of the Copyright.“Copyright” means all rights protecting works of authorship owned or controlled by You, including copyright, moral and neighboring rights, as appropriate, for the full term of their existence including any extensions by You.“Material” means the work of authorship which is made available by Us to third parties. When this Agreement covers more than one software project, the Material means the work of authorship to which the Contribution was Submitted. After You Submit the Contribution, it may be included in the Material.“Submit” means any form of electronic, verbal, or written communication sent to Us or our representatives, including but not limited to electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Us for the purpose of discussing and improving the Material, but excluding communication that is conspicuously marked or otherwise designated in writing by You as “Not a Contribution.”“Submission Date” means the date on which You Submit a Contribution to Us.“Effective Date” means the date You execute this Agreement or the date You first Submit a Contribution to Us, whichever is earlier.2. Grant of Rights2.1 Copyright License(a) You retain ownership of the Copyright in Your Contribution and have the same rights to use or license the Contribution which You would have had without entering into the Agreement.(b) To the maximum extent permitted by the relevant law, You grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license under the Copyright covering the Contribution, with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute the Contribution as part of the Material; provided that this license is conditioned upon compliance with Section 2.3.2.2 Patent LicenseFor patent claims including, without limitation, method, process, and apparatus claims which You own, control or have the right to grant, now or in the future, You grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable patent license, with the right to sublicense these rights to multiple tiers of sublicensees, to make, have made, use, sell, offer for sale, import and otherwise transfer the Contribution and the Contribution in combination with the Material (and portions of such combination). This license is granted only to the extent that the exercise of the licensed rights infringes such patent claims; and provided that this license is conditioned upon compliance with Section 2.3.2.3 Outbound LicenseAs a condition on the grant of rights in Sections 2.1 and 2.2, We agree to license the Contribution only under the terms of the license or licenses which We are using on the Submission Date for the Material or any licenses which are approved by the Open Source Initiative on or after the Effective Date, including both permissive and copyleft licenses, whether or not such licenses are subsequently disapproved (including any right to adopt any future version of a license if permitted).2.4 Moral Rights.If moral rights apply to the Contribution, to the maximum extent permitted by law, You waive and agree not to assert such moral rights against Us or our successors in interest, or any of our licensees, either direct or indirect.2.5 Our Rights.You acknowledge that We are not obligated to use Your Contribution as part of the Material and may decide to include any Contribution We consider appropriate.2.6 Reservation of Rights.Any rights not expressly licensed under this section are expressly reserved by You.3. AgreementYou confirm that:(a) You have the legal authority to enter into this Agreement.(b) You own the Copyright and patent claims covering the Contribution which are required to grant the rights under Section 2.(c) The grant of rights under Section 2 does not violate any grant of rights which You have made to third parties, including Your employer. If You are an employee, You have had Your employer approve this Agreement or sign the Entity version of this document. If You are less than eighteen years old, please have Your parents or guardian sign the Agreement.(d) You have followed the instructions in https://www.passbolt.com/help/legal/cla, if You do not own the Copyright in the entire work of authorship Submitted.4. DisclaimerEXCEPT FOR THE EXPRESS WARRANTIES IN SECTION 3, THE CONTRIBUTION IS PROVIDED “AS IS”. MORE PARTICULARLY, ALL EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE EXPRESSLY DISCLAIMED BY YOU TO US. TO THE EXTENT THAT ANY SUCH WARRANTIES CANNOT BE DISCLAIMED, SUCH WARRANTY IS LIMITED IN DURATION TO THE MINIMUM PERIOD PERMITTED BY LAW.5. Consequential Damage WaiverTO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL YOU BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF DATA, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL AND EXEMPLARY DAMAGES ARISING OUT OF THIS AGREEMENT REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.6. Miscellaneous6.1 This Agreement will be governed by and construed in accordance with the laws of luxembourg excluding its conflicts of law provisions. Under certain circumstances, the governing law in this section might be superseded by the United Nations Convention on Contracts for the International Sale of Goods (“UN Convention”) and the parties intend to avoid the application of the UN Convention to this Agreement and, thus, exclude the application of the UN Convention in its entirety to this Agreement.6.2 This Agreement sets out the entire agreement between You and Us for Your Contributions to Us and overrides all other agreements or understandings.6.3 If You or We assign the rights or obligations received through this Agreement to a third party, as a condition of the assignment, that third party must agree in writing to abide by all the rights and obligations in the Agreement.6.4 The failure of either party to require performance by the other party of any provision of this Agreement in one situation shall not affect the right of a party to require such performance at any time in the future. A waiver of performance under a provision in one situation shall not be considered a waiver of the performance of the provision in the future or a waiver of the provision in its entirety.6.5 If any provision of this Agreement is found void and unenforceable, such provision will be replaced to the extent possible with a provision that comes closest to the meaning of the original provision and which is enforceable. The terms and conditions set forth in this Agreement shall apply notwithstanding any failure of essential purpose of this Agreement or any limited remedy to the maximum extent possible under law.", -"url": "https://help.passbolt.com/faq/legal/where-is-cla" -}, -"faq-legal-why-cla": { -"title": "Why do we need a Contributor Licence Agreement?", -"category": "legal", -"content": "At passbolt we are required to have agreement with everyone who submit contributions, in order to make sure that we, and the user of our software, are legally entitled to distribute your contributed code anywherein the world.In effect, you still own the copyright but you are giving us a licence. You retain the right to modify your code and use it in other projects.", -"url": "https://help.passbolt.com/faq/legal/why-cla" -}, "faq-security-security-vulnerability": { "title": "How can I report a security vulnerability?", "category": "security", @@ -948,90 +682,6 @@

    Oh, no! Your search did not match any documents...

    "content": "This token is used to prevent malicious web pages to trick you by mimicking passbolt dialogs in order to steal your data, e.g. to protect your from phishing attacks. fig. example of security tokenThis cue will be shown whenever we ask you for your master password and other sensitive places to help make sure you are dealing with an authentic passbolt dialog and not a fake one!", "url": "https://help.passbolt.com/faq/security/security-token" }, -"faq-start-browser-extensions": { -"title": "How to install and remove browser extensions", -"category": "start", -"content": "ChromeInstall the Chrome add-on Go to https://chrome.google.com/webstore/detail/passbolt-extension/didegimhafipceonhjepacocaffmoppf Click on the “Add to Chrome” button Click “Add extension”FirefoxInstall the Firefox add-on Your browser does not support the video tag. fig. Passbolt Add-on - Install on Firefox Make sure you Firefox version is up to date. We only support the most recent versions. Go to https://addons.mozilla.org/en-US/firefox/addon/passbolt/ Click on the “Add to Firefox” button Wait until the add-on download is complete Click install A passbolt icon should now be visibleI did this, but it still does not work!Sometimes Firefox does not behave as expected and passbolt will not start. We are aware of the problem and are trying to fix it. In the meantime here is what you try: Press F5 / refresh the page. Close firefox and restart it again. Remove the firefox extension and reinstall it again.If you are still experiencing issues after trying these options out, feel free to get in touch, we would be happy to know more.contact us!How to remove the Firefox extension Your browser does not support the video tag. fig. Passbolt Browser Extension - Remove on Firefox Clicking on “remove from toolbar” will only hide passbolt icon and not remove it! Open firefox Click on the menu icon on the top right Click on Add-ons You should see passbolt in the list Click on the remove button", -"url": "https://help.passbolt.com/faq/start/browser-extensions" -}, -"faq-start-account-setup": { -"title": "How to create and setup an account", -"category": "start", -"content": "Creating a demo accountPassbolt requires a server to work. You can either install it on your own machineor use the demo environment. Here is the procedure to try out the demo:Step 1. Open the demo page: https://demo.passbolt.com.Step 2. An add-on is required to use passbolt, click on the link to install the plugin for Firefox or Chrome.Step 3. You will see a small red key icon in the upper right hand corner of your browser. Click on it.Step 4. Select the demo instance.Step 5. Click the Register button and enter your name and email. Other users will be able to see your email (this is to allow testing “sharing” functionality), so you can use a throw-away email account if you are not confortable with this.Step 6. Passbolt sent you an email that contains a link allowing you to login. The link is only valid for a short duration (72h by default, but this can be vary). If you registration email token expired you can request another one using the recovery feature at https://[your_passbolt]/recover Setup the accountStep 1. Check your email. When you click this link the setup will start.Step 2. passbolt will ask you to check the URL passbolt is associated with fig. Validation of the domainStep 3. If you recognize the domain name, check the checkbox and then click Next.Step 4. Passbolt will ask you to create a new key on the following screen: fig. creating a new keyStep 5. Next, passbolt will help you create a new master password. Choose this password wisely, it will be the gatekeeper to all your other passwords. fig. setting a passphraseStep 6. Once you have chosen your master password and clicked Next, you will be given the opportunity to download your private key. It is highly recommended that you do so!Step 7. The final step is to create a security token. Choosing a color and a three character token is a secondary security mechanism that helps you know you are logging into a real passbolt instance.Set up your profile Once you have registered, log in to passbolt for the first time. You will see a welcome screen. You can edit your profile by clicking the user icon in the upper right corner and choosing “my profile” Click the edit button on the left side to edit your name or upload a profile picture.", -"url": "https://help.passbolt.com/faq/start/account-setup" -}, -"faq-start-registration-token-expired": { -"title": "What can I do if my registration token expired?", -"category": "start", -"content": "By default when you (or an administrator) create an account you will receive an email to verify your address.This email contains a link that is only valid for a short duration.By default it is valid for 72h, but this value can be changed by your passbolt server administrator.Since passbolt v2.0.0, if your registration email token expired and you still want to register, you can request another one using the account recovery feature at /recover (e.g. https://[your_passbolt]/recover).", -"url": "https://help.passbolt.com/faq/start/registration-token-expired" -}, -"faq-start-profile-picture": { -"title": "How can I change the profile picture", -"category": "start", -"content": "Changing the profile picture is easy: While logged into your passbolt account… Click the drop down button on your username icon on the top right corner of your screen. Click on “my profile” Select “Click here to upload a new picture” Click “Browse” Select a picture from your computer that you would like to upload Click “Save” once you have selected a picture Wait a moment till your profile picture is updated.Caution! Please note that if your file size and picture quality are heavy you may be unable to upload your picture. When you upload a picture be mindful of the following compatibilities: The height and width of the picture The file size The file extension", -"url": "https://help.passbolt.com/faq/start/profile-picture" -}, -"faq-start-copy-to-clipboard": { -"title": "How to copy a password to clipboard", -"category": "start", -"content": " Note: A clipboard in computer terms, is a temporary storage area where material cut or copied from a file is kept for pasting into another file.* Log in to your passbolt account Select a password you wish to copy to clipboard Click the “more” button” on top of your password list Select option “copy password to clipboard” Enter your master password. Click OK to confirm. Your password will be copied to clipboard.", -"url": "https://help.passbolt.com/faq/start/copy-to-clipboard" -}, -"faq-start-create-edit-delete-password": { -"title": "Password basics", -"category": "start", -"content": "Creating a new password Login and/or go to the password workspace Click on create password button (at the top left corner) You should now see a “Create password” dialog Fill in a name, a username and a password. Optionally you can also specify a URL and a description. Press the save button (or enter on your keyboard) Wait until the encryption is donePro Tips: You can switch through the fields using the tab button on your keyboard You can press on the eye button to see your password in clear You can press the magic wand button to generate a random password automatically Make sure to check the complexity. This will be indicated right below the password field.Editing a password Login and/ or go to password workspace Select the password from your list Click the “Edit” button on top of your password list Click in the password field to unlock” Enter your master password to continue. Press “OK” to confirm. Edit your password and press the save button Wait till Encryption is donePro Tip:Press on the “Eye” button to check the edits made to your passwordDeleting a password Login and/or go to the password workspace In the list, click on the password you wish to delete Click on the “more” button on top of the password list Select the “delete” option. Click “OK” to confirm.Pro tip:Alternatively you can right click on a password and then choose the delete option in the contextual menu.", -"url": "https://help.passbolt.com/faq/start/create-edit-delete-password" -}, -"faq-start-account-basics": { -"title": "Managing your favorites", -"category": "start", -"content": "Marking passwords as favorites is easy: While logged in, click passwords in the upper left. With All items selected, click on the star next to the passwords you want to favorite. The star will turn red. Click on Favorite to see the passwords you have marked. Just click the star again to unfavorite a password. The star will become grey when unfavorited.", -"url": "https://help.passbolt.com/faq/start/account-basics" -}, -"faq-start-share-password": { -"title": "How to share passwords", -"category": "start", -"content": "Sharing a password Login and/ or go to password workspace Select the password you would like to share Click the “share” button Type the name of a user you would like to share this password with. Optionally, you can select the permissions you wish to give to a user Press the save button (or enter on your keyboard) Enter your master password. Press OK to continue. Wait until encryption is done Make sure you press the save button every time you make changes Removing yourself from a password shared with you Log in to your passbolt account. Click on “Shared with me” from the menu on the left Select a password you wish to remove yourself from Remove yourself from the list of users with whom the password is shared The password will no longer be shared with you", -"url": "https://help.passbolt.com/faq/start/share-password" -}, -"faq-hosting-why-unsafe": { -"title": "Why do I see an unsafe mode banner in the footer?", -"category": "hosting", -"content": "When running the site with debug mode on, or without enforcing https, your passbolt instance cannot be considered secure. These settings can be useful for example when doing some local testing or development,but should not be used for production.To disable the warning a passbolt administrator can edit your configuration to set debug to false and passbolt.ssl.force to true.", -"url": "https://help.passbolt.com/faq/hosting/why-unsafe" -}, -"faq-hosting-why-email-not-sent": { -"title": "Why are my emails not being sent?", -"category": "hosting", -"content": "This can come from a variety of reasons, here are the most common ones.Reason 1: Configuration issuesThere may be an issue with some of the SMTP configurationitems, such as credentials, or the hostname, or the port for the selected protocol.By default passbolt is quite discrete on why a given configuration is not working. You can use the followingcommand to send a test email and get more debug information (replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using openSUSE):$ sudo -H -u www-data bash -c \"/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=youremail@domain.com\"If this fails you should double check what is the recommended configuration in your email provider documentation.You can also ask on the community forum in case another user have a working configuration for the same provider.Reason 2: Email notifications are disabled in the configAnother reason could be because email notifications are disabled in your configuration.You can review such settings in the administration panel, when you are logged in as an administrator in passbolt. fig. Email Notification Settings - Email DeliveryReason 3: The cron system is stoppedPassbolt uses a system of email queue to send email notifications.A dedicated cron job (located in /etc/cron.d/passbolt-{ce|pro}-server) runs every minute to go through the queue and send emails.So if you manage to send the test email but are not receiving notifications (such as registration emails),one of the reason may be that the cron service is stopped.You can verify if the service is running by executing this command:sudo systemctl status cron.serviceYou can also verify cronjobs activity with this command:sudo journalctl -fu cron.serviceReason 4: There is an issue with the database schema related to the email queueIf after an update you are getting error messages such as:Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column ‘EmailQueue.to’ in ‘field list’ ...It is possible that the wrong version of the data model is stored in the cache. This can happenif the cache is not cleared after an install or an update. You can try clearing out the cache to solve this(replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using openSUSE).sudo -H -u www-data bash -c \"/usr/share/php/passbolt/bin/cake cache clear_all\"Reason 5: You are using credentials password instead of application passwordSome email providers will not let you use the password from your organization account for security purposes. It means that if you’re trying to use the authentication method “Username & Password” it will result in a failure if you are using something other than an application password.", -"url": "https://help.passbolt.com/faq/hosting/why-email-not-sent" -}, -"faq-start-import-passwords": { -"title": "How to import passwords from a csv or kdbx file", -"category": "start", -"content": "How to import passwords in passbolt Your browser does not support the video tag. fig. Passbolt GUI - Import passwords Steps Click on the “import” button at the top left, next to the “create” button. Select a file (supported files are kdbx or csv. More details below.) Click on “continue import” For kdbx files, you might need to enter a password. Enter it and click “Ok”. The import will start. You will see a progress bar. At the end of the import, you will see a report. After closing this window, you will see the passwords imported in your workspace.Supported file formatsPassbolt import system supports the following file formats: Csv - Lastpass export Csv - 1password export Csv - Keepass export Csv - Dashlane export Csv - Nordpass export Csv - LogMeOnce export Csv - BitWarden export Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) Csv - Safari Kdbx (file format used by Keepass 2.x)If you’d like to request the support of a specific format, you can open a request on the community forum.File format examplesCsv (Lastpass)url,username,password,extra,name,grouping,favhttps://test.url,account1,P4ssw0Rd!,,Account1,,0https://test.url,account1,P4ssw0Rd!,,Account2,,0,,P4ssw0Rd!,,Account3,,1Csv (1Password)Title,Username,URL,Password,Notes,TypeAccount1,account1,https://test.url,P4ssw0Rd!,Notes Account2,serverAccount2,account2,https://test.url,P4ssw0Rd!,Notes Account2,shellAccount3,,,P4ssw0Rd!,Notes Account3,serverCsv (Keepass / KeepassX)\"Group\",\"Title\",\"Username\",\"Password\",\"URL\",\"Notes\"\"My Servers\",\"Account1\",\"account1\",\"P4ssw0Rd!\",\"https://test.url\",\"this is the description\"\"My Servers\",\"Account2\",\"account2\",\"P4ssw0Rd!\",\"https://test.url\",\"this is the description\"\"My Servers\",\"Account2\",\"\",\"P4ssw0Rd!\",\"https://test.url\",\"\"Csv (Dashlane)username,username2,username3,title,password,note,url,category,otpSecretaccount1,,,Account 1,P4ssw0Rd,\"this is the description\",https:///test.url,,account2@domain.tld,,,Account 2,P4ssw0Rd,\"this is the description\",https://test.url,,account3@domain.tld,,,Account 3,P4ssw0Rd,,https://test.url,,Csv (Nordpass)name,url,username,password,note,folderAccount1,https://test.url,account1,P4ssw0RD!,this is a description,PasswordFolderAccount2,https://test.url,account2,P4ssw0RD!,this is a description,PasswordFolderAccount3,https://test.url,account3,P4ssw0RD!,,,Csv (LogMeOnce)\"name\",\"url\",\"note\",\"group\",\"username\",\"password\",\"extra\"\"Account1\",\"https://test.url\",\"this is the description\",\"My servers\",\"account1\",\"P4ssw0Rd!\",\"\"\"Account2\",\"https://test.url\",\"\",\"My servers\",\"account2\",\"P4ssw0Rd!\",\"\"\"Account3\",\"https://test.url\",\"this is the description\",\"My servers\",\"account3\",\"P4ssw0Rd!\",\"\"Csv (BitWarden)folder,favorite,type,name,notes,fields,reprompt,login_uri,login_username,login_password,login_totpMy Servers,1,login,Account1,,,0,https://test.url,account1,P4ssw0Rd!,My Servers,,login,Account2,,,,https://test.url,account2,P4ssw0Rd!,TOTPSEED1337My Servers,,login,Account3,This is a description with field,\"Field: 1337\",,https://test.url,account3,P4ssw0Rd!,My Servers,,note,Description Name,\"This is a description.\",,,,,Csv (Firefox platforms browsers)\"url\",\"username\",\"password\"\"https://test.url\",\"Account1\",,\"P4ssw0Rd!\"\"https://test.url\",\"Account2\",,\"P4ssw0Rd!\"\"https://test.url\",\"Account3\",,\"P4ssw0Rd!\"Csv (Chromium browsers)name,url,username,passwordAccount1,https://test.url,account1,P4ssw0Rd!Account2,https://test.url,account2,P4ssw0Rd!Account3,https://test.url,account3,P4ssw0Rd!Csv (Safari)Title,URL,Username,Password,NotesAccount1,https://test.url,account1,P4ssw0Rd!,this is the descriptionAccount2,https://test.url,account2,P4ssw0Rd!,this is the descriptionAccount3,https://test.url,account3,P4ssw0Rd!,,Keepass filedownload example (the file is not password protected)", -"url": "https://help.passbolt.com/faq/start/import-passwords" -}, -"faq-hosting-why-haveged-virtual-env": { -"title": "Why should I install haveged on virtual environments?", -"category": "hosting", -"content": "Passbolt uses Gnupg as the encryption engine. Encryption operations such as creating a private key require an enough amount of entropy on the system’s entropy pool.A good and fast source of entropy is important to generate high quality random numbers. Poor quality on the random numbers could lead to weak private keys thatcould compromise the security of your setup.Random number generation is a complex topic that has been discussed widely on the community [1]Virtualisation strongly affects the quantity of produced entropy and. In other words, when you run a virtualised system such as a virtual machine or a container you likelywill find yourself in a situation where the entropy pool is low and it is filling slowly. There are few remediations for this situation: Use a hardware random number generation and use rng-tools Use HavegedAs stated in [1] and [2], haveged could leadto generation of poor entropy so, in order to stay safe, the recommendation would be to: Use rng-tools if you trust your hardware random number generator If rng-tools is not enough then use Haveged as well.You can check the current available entropy on your system by executing this command:cat /proc/sys/kernel/random/entropy_availA good number of available entropy is usually between 2500 and 4096 bits. Entropy is considered to be low when it is below 1000.", -"url": "https://help.passbolt.com/faq/hosting/why-haveged-virtual-env" -}, -"faq-hosting-update-evaluation-subscription-key": { -"title": "How to update my subscription key", -"category": "hosting", -"content": "For Passbolt version 3.2 and higher, you can update your subscription key on the web interface directly, using the administration panel.For Passbolt version prior to 3.2, the command line is the only way to update your subscription key, as described below.Using administration panelNavigate to administration > Subscription and click on the “Update key” button. fig. Update subscription key administration screenA pop-up will appear and you will be able to import your new subscription key fig. Choose file popup in subscription key administration screenYou are now able to see your subscription details: fig. Subscription details in subscription key administration screenFrom command lineGet readyAll the commands provided below should be done from inside your passbolt directory.$ cd /var/www/passbolt Notice: If you installed passbolt using the Debian package, or are using the passbolt VM (OVA) run the commands from /usr/share/php/passbolt. StepsPassbolt Pro currently does not provide a UI to manage subscription keys.To update your subscription key, you need to replace your previous subscription key with the new one.In passbolt, the subscription key is stored in /var/www/passbolt/config/licenseTo replace the existing subscription key with the new one:$ cp -u path_to_your_new_subscription_key config/license Notice: If you installed passbolt using the package, or are using the passbolt VM (OVA) the subscription key file is found here: /etc/passbolt/subscription_key.txt. To check if the operation was successful and if the new subscription key is valid:$ bin/cake passbolt license_checkIf your key is valid, this command will display the passbolt logo and the subscription key details, as in the example below:root@c6a4f37958b4:/var/www/passbolt# ./bin/cake passbolt license_check ____ __ ____ / __ \\____ _____ ____/ /_ ____ / / /_ / /_/ / __ `/ ___/ ___/ __ \\/ __ \\/ / __/ / ____/ /_/ (__ |__ ) /_/ / /_/ / / / /_/ \\__,_/____/____/_.___/\\____/_/\\__/ Open source password manager for teams---------------------------------------------------------------Thanks for choosing Passbolt ProBelow are your subscription key detailsCustomer id:\txxxxxxUsers limit:\t150 (currently: 43)Valid from:\tMay 6, 2020Expires on:\tMay 6, 2021 (in 385 days)", -"url": "https://help.passbolt.com/faq/hosting/update-evaluation-subscription-key" -}, -"faq-configure-why-am-i-getting-ldap-synchronization-issues": { -"title": "Why am I getting ldap synchronization issues?", -"category": "hosting", -"content": "Synchronization issues can come from a variety of reasons, here are the most common ones.", -"url": "https://help.passbolt.com/faq/configure/why-am-i-getting-ldap-synchronization-issues" -}, "contribute-translation": { "title": "How can I contribute to the translation?", "category": "contribute", @@ -1044,1116 +694,31 @@

    Oh, no! Your search did not match any documents...

    "content": "Since version 3.1, you can change your passphrase from passbolt itself.Before getting started, please note that your passphrase is stored on your device and never sent server side. Changing your passphrase will only change it locally. If you have multiple devices configured, the passphrase will need to be changed in all places individually.In order to change your passphrase, navigate to Profile Settings > Passphrase. Confirm that you understand what you have to do and press “Start”. fig. Update passphrase - step 1Enter your current passphrase. fig. Update passphrase - step 2Then enter your new passphrase, if possible follow all our recommendations, and press the “Update” button. You can ensure the new passphrase is correct by pressing the eye icon. fig. Update passphrase - step 3Your passphrase is now updated, and you will be prompted to download a backup of your private key encrypted with it. Be sure to keep it in a safe place, it will be needed in case of an account recovery. fig. Update passphrase - step 4", "url": "https://help.passbolt.com/faq/security/change-passphrase" }, -"faq-hosting-how-to-increase-auto-logout-time": { -"title": "How to increase auto logout time?", -"category": "hosting", -"content": "By default passbolt uses the PHP session duration setting to define when the auto logout shouldkick in. If the default session timeout is too short for you and your user you can extend it in the PHP configuration.Currently, the code checks every 15 minutes if the browser is idle, using this browser functionality reserved for extensions, which returns “locked” if the system is locked, “idle” if the user has not generated any input for a specified number of seconds, or “active” otherwise.So if there is no direct interaction with the extension, the extension will not try to keep the session alive, and will just let it timeout. So if you have a long session default normally you would need to fail several checks to get logged out. Pro tip: If the browser window is closed (even if the browser application is not closed) you will get logged out right away. The best way to keep your session active is via the remember me feature as shown here. fig. Remember my passwordSee the directive session.gc-maxlifetimeIn order to change this number you must locate your php.ini file. Its location depends on youroperating system and php versions.For example on Debian or Ubuntu if you are using Nginx and PHP 7.4 it will be in/etc/php/7.4/fpm/php.ini but the easy way to find it is to execute this command:$ grep -lr session.gc_maxlifetime /etc/ | grep fpm/etc/php/7.4/fpm/php.iniOnce located replace the 1440 timout value in seconds with for example 2700 for 45 minutes:; After this number of seconds, stored data will be seen as 'garbage' and; cleaned up by the garbage collection process.; http://php.net/session.gc-maxlifetimesession.gc_maxlifetime = 2700Important: It’s really important to note that the browser extension is sending a request to the server in order to keep the session active, that means that any behaviour that is comprometting it will end the session, even if the session lifetime is not ended. We have noticed a short behaviour that will result in a session ended: Internet connection lost Browser shutdown Computer shutdown Computer’s session inactive (locked) Changing IP address Browser’s Confidentiality settings", -"url": "https://help.passbolt.com/faq/hosting/how-to-increase-auto-logout-time" -}, -"faq-hosting-firewall-rules": { -"title": "Firewall rules", -"category": "hosting", -"content": "You must allow these rules to make Passbolt work in a firewalled environment:Inbound rules Protocol name Port number Transport Layer Protocol Comment HTTP 80 TCP Optional, should be used only to redirect to HTTPS HTTPS 443 TCP To serve Passbolt through HTTPS Outbound rules Protocol name Port number Transport Layer Protocol Comment HTTP 80 TCP To be able to connect to operating system repositories who don’t use https (Ubuntu) HTTPS 443 TCP To be able to connect to package repository or bitbucket repository SMTP usually 587 TCP To send email notifications, used port depends of your SMTP server configuration, usually 25/TCP, 587/TCP or 465/TCP DNS 53 UDP To be able to resolve SMTP server name, or download.passbolt.com to check for updates NTP 123 UDP To make server synchronized to a NTP server. Mandatory to make GPG or MFA/OTP work HKPS 11371 TCP HKPS protocol for receiving GPG keys ", -"url": "https://help.passbolt.com/faq/hosting/firewall-rules" -}, -"faq-hosting-how-to-generate-jwt-key-pair-manually": { -"title": "How to generate JWT key pair manually", -"category": "hosting", -"content": " Warning: Replace /usr/share/php by /var/www and /etc/passbolt by /var/www/passbolt/config if you have installed passbolt from sources. Ensure /etc/passbolt/jwt folder exists and is owned by root user and www-data group.sudo mkdir -m=750 /etc/passbolt/jwtCreate the JWT keys:sudo /usr/share/php/passbolt/bin/cake passbolt create_jwt_keysEnsure rights are correct:sudo chown -R root:www-data /etc/passbolt/jwtsudo chmod 600 /etc/passbolt/jwt/jwt.keysudo chmod 640 /etc/passbolt/jwt/jwt.pemEnsure that all is good by executing the healthcheck.sudo su -s /bin/bash -c \"/usr/share/php/passbolt/bin/cake passbolt healthcheck --jwt\" www-dataYou should see this result:JWT Authentication[PASS] The JWT Authentication plugin is enabled[PASS] The /etc/passbolt/jwt/ directory is not writable.[PASS] A valid JWT key pair was found", -"url": "https://help.passbolt.com/faq/hosting/how-to-generate-jwt-key-pair-manually" -}, -"faq-hosting-troubleshoot-docker": { -"title": "Troubleshoot Docker", -"category": "hosting", -"content": "Connect yourself inside passbolt docker container (replace passbolt-container-name with your own):$ docker exec -ti passbolt-container-name bashAll troubleshooting commands must be launched as www-data user. It is the case if you are running non-root docker images but for root images, switch as www-data user:su -s /bin/bash www-dataThen to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable:export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=\"$(gpg \\ --home $GNUPGHOME\\ --list-keys \\ ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \\ grep -Ev \"^(pub|sub|uid|^$)\" | tr -d ' ')\"Alternatively if you are using Docker Secrets you’ll need to run the following to access the secrets as environment variables:source /etc/environmentHealthcheck./bin/cake passbolt healthcheckSend a test email./bin/cake passbolt send_test_email \\ --recipient=youremail@domain.comDatacheck./bin/cake passbolt datacheck --hide-success-detailsDatabase migrations status./bin/cake migrations statusdatabase containerTo connect into mysql container console (replace db-container-name with your own):docker exec -ti db-container-name bash -c \\ 'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}'", -"url": "https://help.passbolt.com/faq/hosting/troubleshoot-docker" -}, "faq-security-compromised-secret-key": { "title": "My secret key and passphrase are compromised, what do I do?", "category": "security", "content": " Warning: Use of a revocation certificate is not yet implemented. The secret key is in itself encrypted with a passphrase and cannot be used without it.If your passphrase has also been compromised, you will need to start a new with a fresh key and use your revocation certificate (see other FAQ in this section).", "url": "https://help.passbolt.com/faq/security/compromised-secret-key" }, -"faq-hosting-how-to-migrate-from-http-to-https": { -"title": "How to migrate from HTTP to HTTPS", -"category": "hosting", -"content": "You will find documentation about how to configure https by clicking here", -"url": "https://help.passbolt.com/faq/hosting/how-to-migrate-from-http-to-https" -}, -"faq-hosting-how-to-use-rootless-images": { -"title": "How to use docker rootless images", -"category": "hosting", -"content": "Our docker-compose.yml example uses root images. If you want to use non-root images, choose one from available docker tags as image and update ports option.root images uses 80 and 443 ports:version: '3.7'services: db: ... passbolt: image: passbolt/passbolt:latest-ce ... ports: - 80:80 - 443:443non-root images uses 8080 and 4433 so you need to map ports 80 and 443 to them:version: '3.7'services: db: ... passbolt: image: passbolt/passbolt:latest-ce-non-root ... ports: - 80:8080 - 443:4433non-root images also uses a different path to handle ssl certificates:version: '3.7'services: db: ... passbolt: ... volumes: ... - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro - ./certs/key.pem:/etc/passbolt/certs/certificate.key:roYou can know more about how to setup https on docker on the https configuration section.", -"url": "https://help.passbolt.com/faq/hosting/how-to-use-rootless-images" -}, -"faq-hosting-how-to-import-ssl-certificate-on-mobile": { -"title": "How to import SSL certificate on mobile application", -"category": "hosting", -"content": "Your passbolt server must have HTTPS enabled to be able to use passbolt mobile app.If you are using self-signed certificates, you must import your server certificate to your mobile device.The screenshots below assume you are importing a root CA certificate (in case your self-signed certificates are trusted by a local certification authority), but the procedure remains the same in case you import server certificate.Not using iOS ? Click here for importing certificates on AndroidImport certificate on iOSPut certificate on your device and select it to install. You will be asked to review it in Setting app: fig. Download profileGo to Settings app and select “Profile Downloaded” fig. Select Profile DownloadedYour certificate informations will be displayed, select Install to install it: fig. Install profileEnter your iOS passcode: fig. Enter your iOS passcodeBe warned than certificate won’t be usuable until you have enable it Certificate Trust Settings, select Install fig. Install profile warningSelect Install: fig. Install profileProfile is installed, select Done: fig. Profile installedTo enable your certificate, go to Setting app > General > About and select Certificate Trust Settings: fig. Select Certificate trust SettingsEnable your new certificate and confirm by selecting Continue: fig. Select Certificate trust SettingsImport certificate on AndroidGo to Settings > Security > Encryption & credentials and select Install a certificate: fig. Install a certificateSelect CA certificate: fig. Select CA certificateA warning is displayed, read it and only if you agree with it, select Install Anyway fig. Displayed warningSelect your certificate: fig. Select your certificateYour certificate is installed: fig. Installed certificate", -"url": "https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile" -}, -"faq-hosting-troubleshoot-ssl": { -"title": "Troubleshoot SSL", -"category": "hosting", -"content": "Table of content: HTTPS configuration documentation Check certificates content Certificate file Key file Check if certificate file matches with the key Self-hosted private certificate chain study Chain of trust Use case Display the chain of trust Check the chain of trust Use online tools to check your SSL configuration SSL Checker What is my chain cert Qualys SSL Labs Mozilla Observatory HTTPS configuration documentationYou will find infos about how to set up HTTPS on passbolt hereCheck certificates contentIt is a common error to invert certificate and key, so check their content :-)Certificate fileCertificate file must start with:-----BEGIN CERTIFICATE-----and end with:-----END CERTIFICATE-----Key fileKey file must start with:-----BEGIN PRIVATE KEY-----and end with:-----END PRIVATE KEY-----Check if certificate file matches with the keyThe output of the two below commands must be absolutely the same.Check the certificate:openssl x509 -noout -modulus -in cert.pem | openssl md5Check the key:openssl rsa -noout -modulus -in key.pem | openssl md5Check if certificate matches your passbolt domain nameAnother common error is to define a domain name to passbolt and set a certificate valid for another domain.Check the domain name of your local certificate:openssl x509 -text -noout -in cert.pem | grep DNSYou can also check your instance like this (replace passbolt.domain.tld with your passbolt domain name):openssl s_client -connect passbolt.domain.tld:443 </dev/null 2>/dev/null | openssl x509 -noout -ext subjectAltNameopenssl s_client -connect passbolt.domain.tld:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:Self-hosted private certificate chain studySome companies don’t rely on public certification authorities. They generate self-signed certificates and trust them with their own Private Key Infrastructure (PKI).To trust SSL certificates signed by the PKI, you have to ensure root certificate of your company’s PKI has been added in your operating system keychain.Chain of trustA certificate chain or certificate CA bundle is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate.An intermediate certificate authority (CA) is an entity that can sign certificates on behalf of the root CA.The root CA is only ever used to create one or more intermediate CAs, which are trusted by the root CA to sign certificates on their behalf. This is best practice.Use-caseLet’s assume the following chain of trust: fig. Chain of Trust Your passbolt server certificate has been issued by “My Intermediate CA”. “My Intermediate CA” has been issued by “My Root CA”To make your passbolt certificate trusted on your system, you have to add the root CA to your operating system keychain.To manually check if your passbolt SSL certificate has been issued by the correct certificate authority, follow the procedure below.Display the chain of trustThis command will display the chain of trust for passbolt.domain.tld:openssl s_client -quiet -connect passbolt.domain.tld:443It returns:depth=2 CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LUverify return:1depth=1 C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tldverify return:1depth=0 CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LUverify return:1Where: depth 2 is your root certificate CN=My Root CA depth 1 is the intermediate certificate CN=My Intermediate CA depth 0 is your certificate CN=passbolt.domain.tldCheck the chain of trustThis command will display all certificates of the chain of trust:openssl s_client -showcerts -connect passbolt.domain.tld:443Certificate chain 0 s:CN = passbolt.domain.tld, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU i:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE----- 1 s:C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE----- 2 s:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU i:CN = My Root CA, emailAddress = it@domain.tld, O = Your Company, OU = Your Company IT Team, L = Esch-Sur-Alzette, ST = Luxembourg, C = LU-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE----- Warning: As it is not mandatory to expose root CA, it can be missing from the above command output. You will have to ask for it to the team who is managing the local PKI. Each “depth” is followed by its following certificate. You can now create 3 files: root certificate rootCA.pem intermediate certificate: intermediate.pem passbolt certificate: passbolt.pemTo check if intermediate.pem has been issued by rootCA.pem:$ openssl verify -CAfile rootCA.pem intermediate.pemIt will return:intermediate.pem: OKBut if we try to check if passbolt.pem has been issued by intermediate.pem, it fails:$ openssl verify -CAfile intermediate.pem passbolt.pemC = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tlderror 2 at 1 depth lookup: unable to get issuer certificateerror passbolt.pem: verification failedTo correctly check passbolt.pem certificate, you have to check the full chain of trust, aka intermediate.pem + passbolt.pem with the rootCA.pem.Create a bundle certificate:cat intermediate.pem passbolt.pem > bundle.pemThen check bundle.pem:$ openssl verify -CAfile rootCA.pem bundle.pembundle.pem: OKCongratulations, your certificate is fully trusted !Use online tools to check your SSL configurationIn case your passbolt instance is publicly reachable, you can use online tools to validate your SSL configuration.SSL Checkerhttps://www.sslshopper.com/This tool will check your server and reports if any misconfiguration found. fig. SSL Checker Success fig. SSL Checker FailWhat is my chain certhttps://whatsmychaincert.com/Typically, the root CA does not sign server or client certificates directly, it is achieved by intermediate certificate and you must include them with your cert.https://whatsmychaincert.com/ will help you to generate the correct certificate chain.If you want to know more about “Root vs Intermediate Certificates” you can read this well-explained external ressourceQualys SSL Labshttps://www.ssllabs.com/ssltest/This tool will show you the quality of your SSL configuration. A+ is the highest note. fig. SSL Test PassMozilla Observatoryhttps://observatory.mozilla.org/Mozilla Observatory is another web tool to show you the quality of your SSL configuration. fig. SSL Scan Pass", -"url": "https://help.passbolt.com/faq/hosting/troubleshoot-ssl" -}, -"faq-hosting-how-to-rotate-server-gpg-keys": { -"title": "How to rotate server GPG keys", -"category": "hosting", -"content": "Docker installationIt is quite simple with docker to rotate your passbolt server GPG keys. Connect yourself inside the passbolt container and delete the keys:rm /etc/passbolt/gpg/serverkey.ascrm /etc/passbolt/gpg/serverkey_private.ascDestroy then recreate passbolt container and new GPG server keys will be generated.docker-compose up -d --force-recreateOther installationsCreate a temporary GPG home folder:mkdir /tmp/gpg-tempGenerate new GPG keys:gpg --homedir /tmp/gpg-temp --batch --no-tty --gen-key <<EOF Key-Type: default Key-Length: ${PASSBOLT_KEY_LENGTH:-2048} Subkey-Type: default Subkey-Length: ${PASSBOLT_SUBKEY_LENGTH:-2048} Name-Real: ${PASSBOLT_KEY_NAME:-Passbolt default user} Name-Email: ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} Expire-Date: ${PASSBOLT_KEY_EXPIRATION:-0} %no-protection %commitEOFReplace the current GPG server keys with the new ones:gpg --homedir /tmp/gpg-temp --armor --export ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | sudo tee /etc/passbolt/gpg/serverkey.asc > /dev/nullgpg --homedir /tmp/gpg-temp --armor --export-secret-key ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | sudo tee /etc/passbolt/gpg/serverkey_private.asc > /dev/nullEnsure new GPG keys owner and group are correct. Replace www-data with nginx if you are using RPM-based Linux distribution.sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.ascsudo chown www-data:www-data /etc/passbolt/gpg/serverkey.ascGet new GPG keys fingerprint from public key:sudo gpg --show-keys /etc/passbolt/gpg/serverkey.asc | grep -Ev \"^(pub|sub|uid|$)\" | tr -d ' 'Ensure the fingerprint from private key is the same:sudo gpg --show-keys /etc/passbolt/gpg/serverkey_private.asc | grep -Ev \"^(pub|sub|uid|$|sec|ssb)\" | tr -d ' 'CentOS 7 gpg command is quite old and has no –show-keys parameter. Use these commands instead:# public key fingerprintsudo cat /etc/passbolt/gpg/serverkey.asc | gpg --with-fingerprint - | grep -Ev \"^(pub|sub|uid|$)\" | tr -d ' ' | sed 's/Keyfingerprint=//'# private key fingerprintsudo cat /etc/passbolt/gpg/serverkey_private.asc | gpg --with-fingerprint - | grep -Ev \"^(pub|sub|uid|$|sec|ssb)\" | tr -d ' ' | sed 's/Keyfingerprint=//'Open /etc/passbolt/passbolt.php configuration file and replace old fingerprint with the new one in the passbolt section: 'passbolt' => [ // GPG Configuration. // The keyring must to be owned and accessible by the webserver user. // Example: www-data user on Debian 'gpg' => [ // Main server key. 'serverKey' => [ // Server private key fingerprint. 'fingerprint' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc', 'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc', ], ],Launch a healthcheck command to get passbolt GNUPGHOME folder (usually /var/lib/passbolt/.gnupg but can be different if you installed passbolt from sources): sudo -H -u www-data bash -c \"/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg\" | grep GNUPGHOMEDelete the current GNUPGHOME folder, it will be automatically recreated.sudo rm -rf /var/lib/passbolt/.gnupgOn next connection through web interface, you will get a warning that the server key has been changed: fig. Server key has changedYou can now delete the temporary GPG home folder:rm -rf /tmp/gpg-temp", -"url": "https://help.passbolt.com/faq/hosting/how-to-rotate-server-gpg-keys" -}, "faq-security-how-to-extend-user-expired-key": { "title": "How to extend a user expired key", "category": "security", "content": "While setting up an account on passbolt, you can let the wizard generate OpenPGP keys for you or upload ones generated on your computer.Passbolt wizard OpenPGP keys has no expiration date. In case you generated OpenPGP keys with an expiry date, you won’t be able to authenticate to passbolt once the expiry date passed.We will explain in this FAQ page how to extend your passbolt OpenPGP key if you are in this case.Remove expiration date of your passbolt private OpenPGP keyImport your private expired key:gpg --import private.ascAs you can see, this key has an expiration date:pub ed25519 2022-01-21 [SC] [expires: 2024-01-21] B35F66C2B587EC54DB71A547C9FDEB2DC5EB9F9Cuid John Doe <johndoe@domain.tld>sub cv25519 2022-01-21 [E] [expires: 2024-01-21]Edit the key by selecting its fingerprintgpg --edit-key B35F66C2B587EC54DB71A547C9FDEB2DC5EB9F9CYou will get the below output:gpg (GnuPG) 2.3.4; Copyright (C) 2021 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec ed25519/C9FDEB2DC5EB9F9C created: 2022-01-21 expires: 2024-01-21 usage: SC trust: ultimate validity: ultimatessb cv25519/54A4FF74028F12AF created: 2022-01-21 expires: 2024-01-21 usage: E[ultimate] (1). John Doe <johndoe@domain.tld>Where: sec is the SECret key ssb is the Secret SuBkeyDisable the expiration date for the secret key with the expire command:gpg> expireChanging expiration time for the primary key.Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0) 0Key does not expire at allIs this correct? (y/N) ysec ed25519/C9FDEB2DC5EB9F9C created: 2022-01-21 expires: never usage: SC trust: ultimate validity: ultimatessb cv25519/54A4FF74028F12AF created: 2022-01-21 expires: 2024-01-21 usage: E[ultimate] (1). John Doe <johndoe@domain.tld>As you can see, the expires is now never for secret key but remains 2024-01-21 for the secret subkey.Select the subkey with the key 1 command (you will see an asterisk next to it):gpg> key 1sec ed25519/C9FDEB2DC5EB9F9C created: 2022-01-21 expires: never usage: SC trust: ultimate validity: ultimatessb* cv25519/54A4FF74028F12AF created: 2022-01-21 expires: 2024-01-21 usage: E[ultimate] (1). John Doe <johndoe@domain.tld>Execute again the expire command:gpg> expireChanging expiration time for a subkey.Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0) 0Key does not expire at allIs this correct? (y/N) ysec ed25519/C9FDEB2DC5EB9F9C created: 2022-01-21 expires: never usage: SC trust: ultimate validity: ultimatessb* cv25519/54A4FF74028F12AF created: 2022-01-21 expires: never usage: E[ultimate] (1). John Doe <johndoe@domain.tld>Once done, execute the save command to save your changes:gpg> saveExport your new extended key and save it in a safe place:gpg --armor --export B35F66C2B587EC54DB71A547C9FDEB2DC5EB9F9C > public.ascgpg --armor --export-secret-keys B35F66C2B587EC54DB71A547C9FDEB2DC5EB9F9C > private.ascUpdate the key in passboltPassbolt server side, you need to update public key in gpgkeys table of passbolt database and delete it from the passbolt keyring.Database updateFirst identify your user ID. Replace johndoe@domain.tld with email of your user:SELECT id, username FROM users WHERE username = johndoe@domain.tld;The returned ID should be something like 02aa768a-df59-4247-ab52-328373880016Confirm now you have one unique row for the below request (replace 02aa768a-df59-4247-ab52-328373880016 with ID of your user, \\G is to display results vertically)SELECT * FROM gpgkeys WHERE user_id = '02aa768a-df59-4247-ab52-328373880016' \\GIf you got exactly one row, you can replace the current public OpenPGP key with the new one (replace user_id with your user’s ID and put your new OpenPGP public key as armored_key):UPDATE gpgkeys SET armored_key = \"-----BEGIN PGP PUBLIC KEY BLOCK-----mQGNBGHSrQEBDADES5YK8aSSg7sIWF/GvilOYBhjYzpz1Q+mbtxZI1oZHwT0z4H5a/tDu821EdSkrmrK1j+VUqlZr4n0wjf5NMKITvU6UioBP6QeYgtriCKZ5DOk1VOi(....)-----END PGP PUBLIC KEY BLOCK-----\", modified = now(), expires = now() WHERE user_id = \"02aa768a-df59-4247-ab52-328373880016\";Update the expires value of the old key with NULL (replace 02aa768a-df59-4247-ab52-328373880016 with ID of your user):UPDATE gpgkeys SET expires = NULL WHERE user_id = \"02aa768a-df59-4247-ab52-328373880016\";You can quit MySQL console.Passbolt GPG keyring updateCheck path of your GPG keyring from the healthcheck page of passbolt: https://url-of-your-passbolt/healthcheck, you should see /var/lib/passbolt/.gnupg/ but it can be different depending on your setup: fig. passbolt healthcheckYou have now to remove the old OpenPGP public key from passbolt keyring. Connect as www-data user if you are using Debian or Ubuntu, or nginx if you are using CentOS:sudo su -s /bin/bash www-dataList keys and find the one you want to delete (replace /var/lib/passbolt/.gnupg with your own).gpg --homedir /var/lib/passbolt/.gnupg --list-keysOnce ID of the key found, delete it (replace /var/lib/passbolt/.gnupg with your own and 444F0E2FDD421119F69368E23F1C70EE1C10B10F with the ID of the key you want to delete):gpg --homedir /var/lib/passbolt/.gnupg --delete-key 444F0E2FDD421119F69368E23F1C70EE1C10B10FRecover your accountStep 1. In order to recover you will need to go to your domain URL and add /recover at the end of the url,for example https://yourpassbolt.com/recover.Step 2. Complete the form by providing your email address.Step 3. Follow the link in your mailbox.Step 4. Follow the recovery steps, which is much like the initial setup. You will need to import your private key.Step 5. Enter your passphrase to login!", "url": "https://help.passbolt.com/faq/security/how-to-extend-user-expired-key" }, -"faq-hosting-mobile-faq": { -"title": "iOS / Android Mobile FAQ", -"category": "hosting", -"content": "Can I use the mobile application without HTTPS configured on my passbolt server ?A valid HTTPS configuration is mandatory for security concerns to be able to use the passbolt with iOS / Android. Mobile app won’t work with plain HTTP.You can get a green padlock aside the url in your browser without a valid configuration for mobile app. A common misconfiguration error is to forget the intermediate certificate. You can check our SSL troubleshooting page for more details.Can I use a self-signed certificate with the mobile application ?The answer is yes. The mandatory part is to generate a certificate with a valid subjectAltName.How to generate a proper Self-signed certificate ?openssl req -x509 \\ -newkey rsa:4096 \\ -days 120 \\ -subj \"/C=LU/ST=Luxembourg/L=Esch-Sur-Alzette/O=Passbolt SA/OU=Passbolt IT Team/CN=passbolt.domain.tld/\" \\ -nodes \\ -addext \"subjectAltName = DNS:passbolt.domain.tld\" \\ -keyout key.pem \\ -out cert.pemThis command will output two files: key.pem and cert.pem.Of course, replace -subj values with your own. It is important to set your passbolt FQDN in both CN and subjectAltName. Pro tip: You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName. How to import my self-signed certificate ?Once your self-signed certificate configured, import it in your mobile.Can I use 2FA ?Our mobile application support TOTP and Yubikey.Duo OTP is not supported yet.How to get logs ?Logs are available: inside top-right (?) button on Login screen and while scanning QRCodes once logged in inside the settings menu.You can share them by clicking on the share icon on top-right of your screen.On Android, logs collection must be manually enabled: fig. Enable Android logsI can’t login using ApacheApache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your Apache config:RewriteEngine OnRewriteCond %{HTTP:Authorization} ^(.*)RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]I can’t login with this error: “gopenpgp: the key contains too many entities”It means the OpenPGP key of your passbolt server contains more than one entity. It should not occur but we seen this issue on some old docker setup.To fix this issue, you can rotate your passbolt server keys following this other FAQ page.How can I check if JWT certificate matches with the JWT keyFirst check if the JWT key format is correct:$ openssl rsa -in /etc/passbolt/jwt/jwt.key -check -nooutRSA key okYou can now check if the certificate matches with the key with the command below:$ if openssl rsa -in /etc/passbolt/jwt/jwt.key -outform PEM -pubout 2>/dev/null | diff /etc/passbolt/jwt/jwt.pem - > /dev/null; then echo \"OK: JWT key matches with JWT pem\"; else echo \"NOT OK: JWT key and pem doesn't match\"; fi", -"url": "https://help.passbolt.com/faq/hosting/mobile-faq" -}, -"faq-hosting-how-to-install-passbolt-non-interactive": { -"title": "How to install passbolt in non-interactive mode?", -"category": "hosting", -"content": "The non-interactive mode is useful for automating passbolt installation and for users with specific needs. It is available only on Debian and Ubuntu operating systems.The commands of this page assume you want to install passbolt CE. Replace ce with pro if you plan to install the PRO version.Package repository setupFor easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt and install it.Step 1. Download our dependencies installation script:wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\"Step 2. Download our SHA512SUM for the installation script:wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txtStep 3. Ensure that the script is valid and execute it:sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh || echo \\\"Bad checksum. Aborting\\\" && rm -f passbolt-repo-setup.ce.shSimple modeIf you don’t want to install mysql locally or you don’t want to use nginx as http server you can run the non-interactive command with --no-install-recommends parameter.sudo DEBIAN_FRONTEND=noninteractive apt-get install \\ --no-install-recommends passbolt-ce-serverAdvanced modeYou can automate the installation by pre-fill answers with this command (run one command per parameter):echo passbolt-ce-server <parameter> <type> <value> | \\ sudo debconf-set-selectionsParameter and type reference table: Parameter Type Description passbolt/mysql-configuration boolean To enable MySQL, can be true (default) or false passbolt/mysql-passbolt-username string Passbolt database username passbolt/mysql-passbolt-password password Passbolt database password passbolt/mysql-passbolt-password-repeat password Passbolt database password confirm (must be the same as passbolt/mysql-passbolt-password) passbolt/mysql-passbolt-dbname string Passbolt database name passbolt/nginx-configuration boolean To enable Nginx, can be true (default) or false passbolt/nginx-configuration-three-choices select SSL configuration: When certbot package is installed, you can choose between auto, manual and none passbolt/nginx-configuration-two-choices select SSL configuration: When certbot package is not installed, you can choose only between manual and none passbolt/nginx-domain string Passbolt domain name (FQDN) passbolt/nginx-certificate-file string Absolute path to SSL certificate path (applies only if nginx-configuration-*-choices is manual) passbolt/nginx-certificate-key-file string Absolute path to SSL key path (applies only if nginx-configuration-*-choices is manual) Once done, run this non-interactive install command:sudo DEBIAN_FRONTEND=noninteractive apt-get install passbolt-ce-server", -"url": "https://help.passbolt.com/faq/hosting/how-to-install-passbolt-non-interactive" -}, -"faq-start-disable-built-in-password-manager": { -"title": "How to disable your browser/mobile built-in password manager", -"category": "start", -"content": "Most web browsers and mobile devices include built-in password management that prompts you to save passwords for sites that you visit.We will see in this help page how to disable this feature in web browsers and set passbolt as default password manager on iOS / Android to avoid confusion and enhance security. Google Chrome Mozilla Firefox Microsoft Edge Brave iOS Disable iCloud Keychain Verify AutoFill settings AndroidGoogle Chrome Go to chrome://settings/autofill and select Password Manager Turn off Offer to save passwords and Auto Sign-in. fig. Disable Google Chrome built-in password managerMozilla Firefox Go to about:preferences#privacy Scroll down to Logins and Passwords menu Uncheck Ask to save logins and passwords for web sites fig. Disable Mozilla Firefox built-in password managerMicrosoft Edge Go to edge://settings/passwords Turn off Offer to save passwords fig. Disable Microsoft Edge built-in password managerBrave Go to brave://settings/passwords Turn off Offer to save passwords and Auto Sign-in. fig. Disable Brave built-in password manageriOSDisable iCloud KeychainiCloud Keychain keeps informations like your Safari usernames and passwords, credit cards and Wi-Fi passwords up to date on any Apple device you approve.You can disable it if you want these data located only on passbolt. From settings, tap you name: fig. iOS settings Select iCloud: fig. iCloud Select Keychain: fig. Keychain Turn off iCloud Keychain fig. Turn off iCloud KeychainVerify AutoFill settings Go to Settings > Passwords > AutoFill Passwords Select Passbolt in Allow filling from fig. Configure autofill on iOSAndroid From Settings, go to Passwords & accounts fig. Passwords & accounts Ensure AutoFill setting is set to passbolt fig. Verify AutoFill setting fig. Verify AutoFill setting Go back and tap on Google: fig. Tap on Google logo Select the account you want to manage. If you have multiple accounts, you will have to execute the next steps for each account. fig. Select your google account Tap the setting icon: fig. Android password manager Turn off Offer to save passwords and Auto Sign-in: fig. Android password manager", -"url": "https://help.passbolt.com/faq/start/disable-built-in-password-manager" -}, -"faq-start-how-to-use-tags": { -"title": "How to use tags (PRO)", -"category": "start", -"content": "Sharing passwords using groups is already possible in passbolt and can help organise the passwords. It is often not enough for small teams or users with a lot of passwords, who often need another way to organise their data.How are tags different than categories?The major difference between categories and tags is that, in most systems using folders, a given item only belongs to one folder. Inversely, when tagging, one item can be linked to many tags. Also while it is possible to have a hierarchical tag structure it is also less common. fig. Tags mental modelsUser experience and use casesYou will find tags in the passwords workspace: fig. Tags in passwords workspace fig. Tags use casesView tagsA user can view the tags applied to a resource from the tag section in the passwords workspace secondary sidebar. fig. View tagsEdit tagsTag / Untag a resource via the tags editorUsers can tag a resource by clicking on the “Tags editor” in the passwords workspace secondary sidebar.Users will see an autocomplete with a list of proposed tags when adding/editing tags to promote tag reuse. This autocomplete is updated for each letter typed starting with the first one. When clicking on an autocomplete list item, the tag is added. It is possible to select autocomplete list items using keyboard keys.By default, tags are set to be personal. It is a way for users to organize their passwords (their own and shared ones) following their own personal classification. Any resource can be tagged by users as personal.If using the prefix “#” a tag can be shared to everyone with access to this password. Users must be able to update a resource to be able to create a shared tag on it. fig. Add tagsTag a resource by dragging it on a tagA user can tag a resource by dragging a resource from the grid on a tag in the “Filter by tags” section in the primary sidebar.Rename tagA user can rename a tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar. fig. Tags contextual menuBy clicking on “Edit Tag”, a dialog will therefore be shown to the user. fig. Rename tagsDelete tagA user can delete a personal tag by opening the contextual menu of a tag in the “Filter by Tags” section of the primary sidebar. To prevent someone from removing a tag by mistake, we request the user to confirm the delete action. fig. Delete personal tag confirmation windowYou cannot delete shared tags from contextual menu of the “Filter by Tags” section. On each resource of the shared tag you want to delete, you have to manually remove it from the tags editor. fig. Delete a shared tag from tags editorFilter resourcesFilter resources from the user tags listUsers can filter resources by tag via the “Filter by tags” section in the passwords workspace primary sidebar. fig. Filter tagsFilter resources from the resource details sidebarUsers can filter the resources by clicking on a tag in the “Tags” section of the resource details sidebar. fig. Click on a tag to filter on this tagFilter resources by personal or shared tagsBy clicking on the funnel icon, you can filter by personal or shared tags: fig. Filter by personal or shared tagsFilter resources from the search formYou can type a tag slug in the password search form to display tagged resources.Email notificationsEditing or deleting a tag does not trigger any email notifications.", -"url": "https://help.passbolt.com/faq/start/how-to-use-tags" -}, -"faq-start-roles-and-permissions-faq": { -"title": "Roles and permissions FAQ", -"category": "start", -"content": "What are the main differences between passbolt resource permissions?Passbolt offers three permissions at the resource level: Owner: can manage share settings, delete, update, read. Update: can update the record and delete. Read: can only read and use the password metadata and secret. Warning: A User with Update right is able to delete a resource. The main difference between Owner and Update right is the ability for the Owner to share a resource. What happens when you delete a user who is sole owner of a resource shared with a group or user? Does the group/user keeps access to this resource or is it deleted?When a user, sole owner of a resource, is about to be deleted, a popup window is displayed and passbolt admin will be asked to transfer ownership of the resource to the group or user. fig. Shared password ownership transferIf the deleted user was also the sole group manager, passbolt admin will promote another user of the group as group manager.What happens when you delete a user who owns non-shared resources?Unlike shared ones, non-shared resources of a deleted user will be deleted as well.What is the difference between a group manager and group member?The group manager is a group member who can add or delete users to a given group, and promote them as another group manager. No more, no less.It is possible for a group member to share a resource he owns in “read-only” mode with the group. Group manager doesn’t have extra-rights to edit resources ownership.Who can create a group in passbolt?Only a passbolt administrator can create groups on passbolt.", -"url": "https://help.passbolt.com/faq/start/roles-and-permissions-faq" -}, -"faq-start-roles-and-permissions": { -"title": "Roles and permissions", -"category": "start", -"content": "System-wide rolesPassbolt proposes two system roles “admin” and “user”. This system is the first line of the authorization mechanism performing checks directly for each user’s actions.In a nutshell, an administrator manages the instance. In practice it means that they can manage organization-wide settings such as the content of the email notifications or which multiple factor authentication provider is enabled. Another responsibility is to create or delete users, manage groups and group managers, perform synchronization with a user directory, etc.Settings Action Admin User Manage email notification settings Yes No Manage MFA settings Yes No Manage LDAP settings / sync Yes No Choose organization default language Yes No Users Action Admin User Create users Yes No Rename user Yes Yes (if own) Update email address Yes No Delete users Yes No Promote/Demote admin Yes No View users Yes Yes Select user preferred language Yes Yes (if own) Groups Action Admin User Create groups Yes No Rename groups Yes No Add user to group See. “Group level roles” See. “Group level roles” Delete groups Yes No View groups Yes Yes View group composition Yes Yes Others Resources / Action Admin User Create resources Yes Yes Manage resources See “Resource level roles” See “Resource level roles” Create comments Yes Yes Delete comments Yes Yes (if own) Manage folders See “Folder level roles” See “Folder level roles” Manage tags See “Folder level roles” See “Folder level roles” Group level rolesEach group must have at least one group manager in charge of adding and removing group members. The administrators can appoint themselves as group administrator or appoint a regular user. fig. Groups workflowDue to the nature of the encryption in passbolt, only someone with access to the secrets of a given group can add a member to that group (as they need to be able to decrypt and encrypt the secret for the new member). Action Group manager Group member Rename group Yes No Add user to group Yes No Remove user to group Yes No Promote/Demote group manager Yes No Additional resources: Blog post: How passbolt will implement groups (2017) Groups functional specifications (2020)Resource level rolesPassbolt offers three permissions on the resource level: Owner: can manage share settings, delete, update, read. Update: can update the record and delete. Read: can only read and use the password metadata and secret. Operation / Folder Permission Owner Update Read View resource metadata and secret Yes Yes Yes Edit resource metadata and secret Yes Yes No Delete resource Yes Yes No Share resource, e.g. edit permissions Yes No No Folder Level rolesBehind the scenes, permissions for folders will reuse the same permissions system than the one available for the resources. This will allow the user to associate a set of permissions to one or more folders, while reusing the metaphors the users are already accustomed to.Like resources, a folder must have an owner permission defined in the folder permissions. Two other permissions types are available: update and read. Each permission type give access to operations as described in the grid below: Operation / Folder Permission Owner Update Read View folder permissions Yes Yes Yes View folder Yes Yes Yes Rename folder Yes Yes No Delete folder Yes Yes No Create an item inside a folder Yes Yes No Move an item inside a folder Yes Yes No Edit folder permissions Yes No No Once an item is inside a folder what can be done with the items does not depend on the folder permission but the item itself, like on a regular file system. For a user to move an item that is inside a folder they must generally at least have update rights on the item and the destination folder. Operation / Enclosed Item Permission Owner Update Read Move an item outside the folder Yes Yes Only in some cases. See Approach to personal & shared folder organizations Edit the resource Yes Yes No Delete the resource Yes Yes No Approach to folder permissions inheritanceOne of the key requirements is to be able to apply a given folder permission to the items inside it. For example when a user “share” a folder or create a new item in that folder, or drop an existing resource in a folder, the folder permissions will be applied to the items where possible.The “where possible” is important here. While folders in passbolt can be used to organize resources and apply permissions, folders do not enforce the permission on its enclosed content at all times, but serve as a guide when an operation such as create or move is performed. As we have seen exceptions can be created, i.e. it is possible for a user to have more rights on an item than they have on a given folder. The opposite is also possible, the same way it is possible to create a hidden or restricted file in a shared folder in a traditional filesystem.One should picture a folder permission list as a permission mask, i.e. a predefined set of group/user rights, that could be applied to the folder content whenever a user is interacting with it. Applying permissions on a folder is the equivalent of selecting all the resources the user has the right to share inside the given folder and apply a new set of permission to this selection. Items where the user does not have access to (or cannot edit the permissions) will be ignored.This approach is also needed to work with the limitation of the end to end encryption scheme. Indeed only a user that has access to a secret can provide such access to another user.A user with can update as a permission is able to move a secret from one folder to another folder. In this case if the new folder is shared with more users these users won’t have the secret shared with them. This is because to share a secret a user needs to have the owner permission on the secret. To ensure a secret inherits the permissions you expect it is best to have a user with the owner permission move the secret to the new folder.Additional resources Blog post: Introducing the new “Folders” feature (2020) Folders functional specifications (2020)", -"url": "https://help.passbolt.com/faq/start/roles-and-permissions" -}, "faq-security-is-passbolt-secure": { "title": "Is it secure to use passbolt?", "category": "security", "content": "Passbolt is considered as stable and has already undergone several security audits, like SOC2 Type II.It is used by thousands of companies that trust it for storing their passwords. The strict end-to-end and asymmetric encryption model, associated with the robustness of OpenPGP ensure that the solution implements some of the best known standards in terms of security.We have published a security white paper, explaining passbolt security model in depth.You are welcome to contact us directly if you have further questions, we will be happy to answer.", "url": "https://help.passbolt.com/faq/security/is-passbolt-secure" }, -"faq-start-account-recovery-subscribe": { -"title": "How to subscribe to the account recovery program?", -"category": "start", -"content": "Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accountsin case of recovery kit or passphrase loss. To know more about account recovery, checkout this documentation.RequirementsYou can follow this procedure if you are meeting the following requirements: You are in possession of an active account; Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud.How to subscribe as a new user during the setup process?If the account recovery is enabled for the organisation, all new users will be prompted to join the account recovery program during the setup process. fig. Account recovery screen during browser extension setup process (Opt-out policy)The prompt presents different options depending on the organisation policy: Mandatory: as its name states, users have to subscribe to the program no mater their preferences. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance; Opt-out: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference; Opt-in: as the opt-out option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference.How to subscribe as an already registered user?If the account recovery is enabled for the organisation, all users can access their account recovery preference from the account recovery section of the user settings workspace. fig. Account recovery user prompt dialog.If the organisation account recovery policy is set to mandatory or opt-out, users will be prompted to enroll to the program immediately after signing in into passbolt. If they postpone the decision, they could follow the attention crumbs (❗) displayed in the interface to go to the setting screen later. fig. Account recovery user setting screen.Users will be then able to enroll to the program by clicking the review button. Similarly to the setup process, the setting screen presents different options depending on the organisation policy: Mandatory: as its name states, users have no other choice but to subscribe to the program. The screen role here is mainly to inform the users about the private key transfer that is going to happen, it is useful if they prefer not to use their personal private key by instance; Opt-out: users have the choice to join or reject the program, and they are subscribed by default as per the organisation preference; Opt-in: as the opt-out option, users have the choice to join or reject the program, but they are not subscribed by default as per the organisation preference. fig. Account recovery subscription dialogUsers will notice additional information relative to the administrator who enabled the account recovery program. For safety reasons, it is highly recommended to verify carefully this information: Is the administrator known? Is the fingerprint matching the administrator public key?", -"url": "https://help.passbolt.com/faq/start/account-recovery/subscribe" -}, -"faq-start-account-recovery-review-request": { -"title": "How to review an account recovery request", -"category": "start", -"content": "Accepting or rejecting an account recovery requestAdministrators might receive account recovery requests from the users who lost their passphrase or recovery kit. Email notifications can be configured for the administrators to receive an email when an account recovery is requested. This email facilitates the account recovery request review by providing a link that redirects to the account recovery request review dialog.In any case, it’s possible to review account recovery requests without email by accessing the user workspace. With the account recovery feature enabled, a new column “attention required” appears in the list of users. This helps to quickly see or sort users who require administrators to process their account recovery request. fig. Account recovery request review entry pointsTo process a request there are 4 ways you can choose. Using the link in the received email, it will open the application with the corresponding dialog opened. By right-clicking on the user row in the grid and click on “review request” in the contextual menu Having the user selected, by clicking on the “more” button on top of the grid and click on “review request” Using the “review” button accessible in the section “account recovery” from the user details. This section also shows the number of account recovery requests a user made and the state of the last request.. Administrators are prompted to accept or reject the account recovery request. Some information is provided in the UI, they need to be carefully checked before taking any action by verifying that the user is known and that the fingerprint is the expected one (we’re never too much careful). As a safety check, after making a choice administrators are prompted to provide their passphrase (unless they decided that the extension should remember it). fig. Account recovery request review dialogAt this step, if administrators choose to reject the request, an email will be sent to inform the corresponding user and the procedure stops there. Otherwise the private ORK is asked in order to continue with the procedure. It is necessary for the browser extension as the key will be used to decrypt the user’s private key before re-encrypting iit with the user’s temporary key. Then the user will receive an email to finish the procedure.", -"url": "https://help.passbolt.com/faq/start/account-recovery/review-request" -}, -"faq-start-generate-openpgp-key": { -"title": "How to generate an OpenPGP key", -"category": "start", -"content": "RequirementsIn order to follow this procedure, ensure you meet with the following minimum requirements: An access to a linux terminal machine; The OpenPGP package installed on the linux machine; The OpenPGP key to generate requirements: Algorithm, strength …Generate a new OpenPGP key pair Passphrase or no? Whether or not you need to set a passphrase will depend on why you are making this keypair. Organization Account Recovery: In this case you want to set a passphrase. Server GPG keys: In this case you do not want to set a passphrase. Execute the following command to generate a new OpenPGP key pair.gpg --full-generate-keyThis command will run an interactive wizard that will help you define the key settings: Select the key type, by instance: RSA. If RSA was chosen, select the keysize, by instance for a strong key: 3072. Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing. Confirm the key type information. Enter a name, by instance: Ada Lovelace. Enter an email, by instance: ada.lovelace@mydomain.tld. Enter a comment, it is optional. It will only help you to identify a key in the keyring if similar name or email chosen. Confirm the key meta information. If you are creating an Organization Account Recovery key pair set a passphrase, if this is for the server GPG key pair do not set a passphraseOnce the key generated, the key will be stored in the keyring of the user you authenticated with and OpenPGP willoutput the details of the newly generated key.public and secret key created and signed.pub rsa3072 2022-08-04 [SC] F5B94A730D636A18815046C1408B779FE1951A9Auid Ada Lovelace <ada.lovelace@mydomain.tld>sub rsa3072 2022-07-28 [E]The output contains a 40 characters long identifier (F5B94A730D636A18815046C1408B779FE1951A9A) that represents the key fingerprint,note it down, it will be useful later to identify the key in the keyring.Export an OpenPGP key pairExport an OpenPGP public keyExecute the following command to export a public key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint fromthe OpenPGP keyring into a file in armor format.gpg --armor --export F5B94A730D636A18815046C1408B779FE1951A9A > public.keyExport an OpenPGP private keyExecute the following command to export a private key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint fromthe OpenPGP keyring into a file in armor format.gpg --armor --export-secret-keys F5B94A730D636A18815046C1408B779FE1951A9A > private.key", -"url": "https://help.passbolt.com/faq/start/generate-openpgp-key" -}, -"faq-start-passphrase-recovery": { -"title": "How to recover my passphrase?", -"category": "start", -"content": "Unfortunately it is not possible to reset your private key passphrase if you do not remember the original. Similarly if you have lost your private key and you do not have a backup, you cannot decrypt your passwords anymore.Sadly, you have lost access to the passwords that you have not yet shared. If you have shared your password with somebody you can create a new account and ask them to share your password back with you.If you can’t remember your passphrase, the best thing to do is to start anew.", -"url": "https://help.passbolt.com/faq/start/passphrase-recovery" -}, -"faq-start-account-recover": { -"title": "How to recover an account?", -"category": "start", -"content": "Recover an account with the recovery kitThe recovery kit can be used if you are setting up passbolt on a new machine because you lost, upgraded or reinstalled the previous one. This procedure can also be used to configure passbolt on an additional machine.RequirementsYou can follow this procedure if you are meeting the following requirements: You are in possession of an active account; You are in possession of your recovery kit, it contains a copy of the private key associated to your account; You remember your passphrase.If you lost your recovery kit or your passphrase and you subscribed to the account recovery program, checkout thisdocumentation.ProcedureStep 1. In order to recover you will need to go to your domain URL and add /recover at the end of the url,for example https://yourpassbolt.com/recover.Step 2. Complete the form by providing your email address.Step 3. Follow the link in your mailbox.Step 4. Follow the recovery steps, which is much like the initial setup. You will need to import your private key.Step 5. Enter your passphrase to login! Recover an account with the account recovery programAccount recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accountsin case of recovery kit or passphrase loss. To know more about account recovery, checkout this documentation.RequirementsYou can follow this procedure if you are meeting the following requirements: You are in possession of an active account; Your organisation is running passbolt Pro > v3.6.0 or Passbolt Cloud. You subscribed to the account recovery program while installing passbolt for the first time or via in your user settings workspace.ProcedureThere are 2 ways to start the procedure: Assuming the browser extension is configured but the passphrase is lost: users can, at any time, click on the “help, I lost my passphrase” link in the sign in screen. An email will be sent to them to start the procedure. fig. Login screen with the account recovery feature Assuming users are configuring Passbolt for a new browser or a new browser profile: during the process, they will be prompted to provide a recovery kit and its passphrase. If one of the information is missing, users can click on the “help, I lost my private key” link. Users will receive an email to start the procedure. fig. Recover screen with the help linkHow does the account recovery procedure look like Users have asked for an account recovery and just received an email to start. The email contains a link that brings the users to the account recovery request page. Pay attention that at this moment, the browser being used must be the one on which the browser extension has to be configured to access the application. If the browser or profile is changed during the process users will be blocked at some point and might need to restart from the beginning. Users are prompted to provide a new passphrase and set their security token. Please note that the chosen passphrase is not a temporary one and will be the new passphrase to sign in. It’s the same for the security token. After these steps, an email is sent to the administrators to tell them that an account recovery has been requested. Users need to wait for them to accept the account recovery request (they could also reject it if they wish and users won’t be able to finish the recovery process). If they reject or accept the request an email is sent to inform the users about their choice. If it’s accepted, the email contains a link that users can follow to go on with the account recovery procedure. At this step, users are asked to provide the passphrase they chose previously. If they don’t remember it, they’re still able to request for another account recovery from the interface. After entering the right passphrase, the browser extension will sign the users in after ensuring they have downloaded their new recovery kit. ", -"url": "https://help.passbolt.com/faq/start/account-recover" -}, -"faq-hosting-troubleshoot-helm": { -"title": "Troubleshoot Helm", -"category": "hosting", -"content": "Connect yourself inside passbolt docker container (replace passbolt-container-name with your own):$ kubectl exec -ti passbolt-container-name bashAll troubleshooting commands must be launched as www-data user. It is the case if you are running non-root docker images but for root images, switch as www-data user:su -s /bin/bash www-dataThen to be able to launch some commands, you must retrieve PASSBOLT_GPG_SERVER_KEY_FINGERPRINT environment variable:export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=\"$(gpg \\ --home $GNUPGHOME\\ --list-keys \\ ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} | \\ grep -Ev \"^(pub|sub|uid|^$)\" | tr -d ' ')\"Healthcheck./bin/cake passbolt healthcheckSend a test email./bin/cake passbolt send_test_email \\ --recipient=youremail@domain.comDatacheck./bin/cake passbolt datacheck --hide-success-detailsDatabase migrations status./bin/cake migrations statusdatabase containerTo connect into mysql container console (replace db-container-name with your own):kubectl exec -ti db-container-name bash -c \\ 'mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}'", -"url": "https://help.passbolt.com/faq/hosting/troubleshoot-helm" -}, -"faq-hosting-set-up-ntp": { -"title": "How to set up NTP", -"category": "hosting", -"content": "Table of contents: Table of contents: Introduction Ubuntu Debian RedHat OpenSUSE Oracle Linux Fedora DockerIntroductionThis page is intended to give you the resources to set up NTP(or suitable equivalent) on the main distrobutions that we support. NTP is important for two main reasons with Passbolt. The first is in regards to GPG authentication. The other area where this becomes important is if you have MFA enabled as if the server and user device time get out of sync the codes will not work.UbuntuOfficial Ubuntu DocumentationUbuntu uses chrony for time synchronization. This package is not installed by default so you’ll need to install it.You can check that your server doesn’t have this enabled by running the following:timedatectl statusThe output should look something like the following: Local time: Tue 2022-12-06 09:26:53 UTC Universal time: Tue 2022-12-06 09:26:53 UTC RTC time: Tue 2022-12-06 09:26:52 Time zone: Etc/UTC (UTC, +0000)System clock synchronized: no NTP service: inactive RTC in local TZ: noThe two most important lines here being:System clock synchronized: no NTP service: inactiveTo install chrony you’ll need to run this command:sudo apt install chronyYou can configure which time servers you want to use by editing /etc/chrony/chrony.confAfter you are done editing this file run the following to restart chronysudo systemctl restart chrony.serviceTo ensure this is running correctly you can once again run:timedatectl statusYour output should now be something like: Local time: Tue 2022-12-06 09:30:40 UTC Universal time: Tue 2022-12-06 09:30:40 UTC RTC time: Tue 2022-12-06 09:30:40 Time zone: Etc/UTC (UTC, +0000)System clock synchronized: yes NTP service: active RTC in local TZ: noThe important lines are:System clock synchronized: yes NTP service: activeIf only one of these has changed try running timedatectl status after another minute or two to give it time to be fully correct.Once those are both correct, congratulations you’ve gotten NTP correctly set up!DebianOfficial Debian DocumentationA fresh Debian installation should already be properly configured for this. You can confirm this by running:timedatectl statusThe output should be something like this: Local time: Tue 2022-12-06 14:30:52 UTC Universal time: Tue 2022-12-06 14:30:52 UTC RTC time: Tue 2022-12-06 14:30:53 Time zone: Etc/UTC (UTC, +0000)System clock synchronized: yes NTP service: active RTC in local TZ: noThe important lines are:System clock synchronized: yes NTP service: activeRedHatOfficial RedHat DocumentationOn Red Hat Entreprise Linux, you have two choices in terms of NTP installation chrony which is installed by default on some version of Red Hat Entreprise Linux 7 or ntpd.Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.Install chrony on RedHatAs mentionned previously, chrony suite is installed by default on some versions of Red Hat Entreprise Linux 7, to ensure that it is, run the following command as root:yum install chronyThe default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.To check the status of chrony, issue the following command:systemctl status chronydThe output should be something like this:chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h agoIf that is not the case, in order to start chrony, issue the following command as root:systemctl start chronydTo ensure chrony starts automatically at system start, issue the following command as root:systemctl enable chronydTo check if chrony is synchronized, make use of the tracking command:chronyc trackingThe output should be something like this:Reference ID : CB00710F (foo.example.net)Stratum : 3Ref time (UTC) : Fri Jan 27 09:49:17 2017System time : 0.000006523 seconds slow of NTP timeLast offset : -0.000006747 secondsRMS offset : 0.000035822 secondsFrequency : 3.225 ppm slowResidual freq : 0.000 ppmSkew : 0.129 ppmRoot delay : 0.013639022 secondsRoot dispersion : 0.001100737 secondsUpdate interval : 64.2 secondsLeap status : NormalInstall ntpd on RedHatIn order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:systemctl stop chronydTo prevent it restarting at system start, issue the following command as root:systemctl disable chronydTo check the status of chronyd, issue the following command:systemctl status chronydTo check if ntpd is istnalled, enter the following command as root:yum install ntpTo enable ntpd at system start, enter the following command as root:systemctl enable ntpdTo check if ntpd is running and configured to run at system start, issue the following command:systemctl status ntpdTo obtain a brief status report from ntpd, issue the following command:ntpstatThe output should be something like this:synchronised to NTP server (10.5.26.10) at stratum 2 time correct to within 52 ms polling server every 1024 sOpenSUSEOfficial OpenSUSE DocumentationTo configure NTP on OpenSUSE we will need YaST. YaST is featured in the openSUSE Linux distribution.To run yast you will need to run this command:sux yast2Once it is running, specify when to start the network time protocol service: Only manuallyStart the Network Time Protocol service manually Synchronize without DaemonSet the system time periodically without a permanently running Network Time Protocol service. You can set the Interval of the Synchronization in Minutes. Now and on bootStart the Network Time Protocol service automatically when the system is booting. This setting is recommended.After this step, you will need to specify the type of configuration source. In the Configuration Source drop-down box, select either Dynamic or Static. Set Static if your server uses only a fixed set of (public) NTP servers. If your internal network offers NTP servers via DHCP, pick Dynamic.You need to configure time servers. Time servers for the client to query are listed in the lower part of the NTP Configuration window. Modify this list as needed by clicking Add, Edit, and Delete.After you clicked Add to add a new time server in the address field, type the URL of the time server or pool of time servers with which you want to synchronize the machine time (for example, europe.pool.ntp.org). After URL is complete, click on Test to verify that it points to a valid time source.You can active Quick initial Sync to speed up the time synchronization by sending more request at the Network Time Protocol service start or you can active Start Offline to speed up the boot time on systems that start the Network Time Protocol service automatically and may not have an internet connection at boot time.Now that we have configured Network Time Protocol with YaST we need to restart and enable chrony with:sudo systemctl restart chronyd.servicesudo systemctl enable chronyd.serviceOracle LinuxOfficial Oracle DocumentationTo configure Network Time Protocol On Oracle you need to install the NTP package:yum install ntpOnce NTP is installed, you will need to start the service and set it to launch automatically upon boot:service ntpd startchkconfig ntpd onYou can check upstream synchronization with the ntpq command:ntpq -pThe output should be something like this: remote refid st t when poll reach delay offset jitter============================================================================== lists2.luv.asn. 203.161.12.165 16 u 25 64 3 3.495 -3043.1 0.678 ns2.novatelbg.n 130.95.179.80 16 u 27 64 3 26.633 -3016.1 0.797 sp1.mycdn.fr 130.234.255.83 16 u 24 64 3 4.314 -3036.3 1.039FedoraOfficial Fedora DocumentationThe chrony suite is installed by default on some versions of Fedora, but you have two choices the other one being ntpd.Chrony should be considered as best match for the systems which are frequently suspended or otherwise intermittently disconnected from a network.The NTP daemon (ntpd) should be considered for systems which are normally kept permanently on.Install chrony on FedoraAs mentionned previously, chrony suite is installed by default on some versions of Fedora, to ensure that it is, run the following command as root:dnf install chronyThe default location for the chrony daemon is /usr/sbin/chronyd. The command line utility will be installed to /usr/bin/chronyc.To check the status of chrony, issue the following command:systemctl status chronydThe output should be something like this:chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled) Active: active (running) since Wed 2013-06-12 22:23:16 CEST; 11h agoIf that is not the case, in order to start chrony, issue the following command as root:systemctl start chronydTo ensure chrony starts automatically at system start, issue the following command as root:systemctl enable chronydTo check if chrony is synchronized, make use of the tracking command:chronyc trackingThe output should be something like this:Reference ID : CB00710F (foo.example.net)Stratum : 3Ref time (UTC) : Fri Jan 27 09:49:17 2017System time : 0.000006523 seconds slow of NTP timeLast offset : -0.000006747 secondsRMS offset : 0.000035822 secondsFrequency : 3.225 ppm slowResidual freq : 0.000 ppmSkew : 0.129 ppmRoot delay : 0.013639022 secondsRoot dispersion : 0.001100737 secondsUpdate interval : 64.2 secondsLeap status : NormalInstall ntpd on FedoraIn order to use ntpd the default user space daemon, chrony, must be stopped and disable. Issue the following commands as root:systemctl stop chronydTo prevent it restarting at system start, issue the following command as root:systemctl disable chronydTo check the status of chronyd, issue the following command:systemctl status chronydTo check if ntpd is istnalled, enter the following command as root:dnf install ntpTo enable ntpd at system start, enter the following command as root:systemctl enable ntpdTo check if ntpd is running and configured to run at system start, issue the following command:systemctl status ntpdTo obtain a brief status report from ntpd, issue the following command:ntpstatThe output should be something like this:synchronised to NTP server (10.5.26.10) at stratum 2 time correct to within 52 ms polling server every 1024 sDockerDocker’s time is set via the host’s time. You will need to follow the relevant instructions to configure NTP for the server hosting your Docker container.", -"url": "https://help.passbolt.com/faq/hosting/set-up-ntp" -}, -"faq-hosting-docker-secrets": { -"title": "Docker Secrets", -"category": "hosting", -"content": "This page should give you the information necessary to successfully use Docker Secrets with your Passbolt installation. Notice: For more information you can learn about secrets for Compose and Swarm Supported environment variablesList of environment variables that can be received as Docker secret and the matching Docker secret path environment variable: PASSBOLT ENV VAR DOCKER SECRET ENV VAR DATASOURCES_DEFAULT_PASSWORD DATASOURCES_DEFAULT_PASSWORD_FILE DATASOURCES_DEFAULT_HOST DATASOURCES_DEFAULT_HOST_FILE DATASOURCES_DEFAULT_USERNAME DATASOURCES_DEFAULT_USERNAME_FILE DATASOURCES_DEFAULT_DATABASE DATASOURCES_DEFAULT_DATABASE_FILE Supported secret filesList of file that contains secret data and the matching Docker secret path environment variable: FILE PATH DOCKER SECRET ENV VAR etc/passbolt/gpg/serverkey.asc PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE /etc/passbolt/gpg/serverkey_private.asc PASSBOLT_GPG_SERVER_KEY_PRIVATE_FILE /etc/ssl/certs/certificate.crt PASSBOLT_SSL_SERVER_CERT_FILE /etc/ssl/certs/certificate.key PASSBOLT_SSL_SERVER_KEY_FILE ExamplesInject DATASOURCES_DEFAULT_PASSWORD variable usign Docker secretsFollowing the Docker secrets documentation for Docker compose we have the following docker-compose.yaml example:services: passbolt: ... environment: DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_password secrets: - db_password ...secrets: db_password: file: db_password.txtIn this example we want to inject the contents of ‘db_password.txt’ in the DATASOURCES_DEFAULT_PASSWORD environment variable inside the Passbolt container.To do so we create the secret and call it db_password in this snippet:secrets: db_password: file: db_password.txtOnce we have this, we use this secret on the Passbolt service:services: passbolt: ... secrets: - db_password ...Finally, we have to check which environment variable we have to set in order to get the contents of the secret file in the DATASOURCES_DEFAULT_PASSWORD var. So we check in the Supported environment variables section to get the correct variable (DATASOURCES_DEFAULT_PASSWORD_FILE in this case) and set it on the Passbolt container environment with the path that points to the secret name:services: passbolt: ... environment: DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/db_passwordInject /etc/ssl/certs/certificate.pem file using Docker secretsservices: passbolt: ... environment: PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_cert secrets: - ssl_cert ...secrets: ssl_cert: file: ssl_cert.pemIn this example we want to inject the contents of ‘ssl_cert.pem’ in the ‘/etc/ssl/certs/certificate.pem’ file inside the Passbolt container.To do so, we create a Docker secret and call it ssl_cert with the contents of ssl_cert.pem:secrets: ssl_cert: file: ssl_cert.pemThen we inject the secret in the Passbolt service:services: passbolt: ... secrets: - ssl_cert ...And finally, we go to the supported secret files section to get which environment variable is the one that points to the path I want to fill ( PASSBOLT_SSL_SERVER_CERT_FILE which points to ‘/etc/ssl/certs/certificate.crt’):services: passbolt: ... environment: PASSBOLT_SSL_SERVER_CERT_FILE: /run/secrets/ssl_certCreate secret outside of compose fileYou can also create secrets directly so that you don’t have to retain the file with the secret. This example will show you how to do that.The first step here is to create the secret:docker secret create gpg-public public.keyYou will then need to modify your compose file to designate this as an external secret:secrets: gpg-public: external: trueFinally you will need to make sure this secret is used by the Passbolt service:services: passbolt: ... environment: PASSBOLT_GPG_SERVER_KEY_PUBLIC_FILE: /run/secrets/gpg-public secrets: - gpg-public ...", -"url": "https://help.passbolt.com/faq/hosting/docker-secrets" -}, -"configure-self-registration": { -"title": "User Self Registration Set Up", -"category": "configure", -"content": "How to set up user Self RegistrationThe purpose of this guide is to show you how to set up user Self Registration on your passbolt installation as an admin and for users how to register.Admin GuideStep 1. Log in with an administrator accountStep 2. Navigate to the adminstration tab fig. Navigate to admin tabStep 3. Select the Self Registration option on the left fig. Navigate to self registrationStep 4. Click the toggle to enable fig. Toggle self registrationStep 5. Enter the domains you want to allow to self register.This section will require that you specify the domains you want to allow self registration on. This is used to only allow users with an email address at that domain to register. Important: This will allow ANY user with an email address at that domain to register. So, it is recommended to not use a free or common domain such as gmail.com here. fig. Enter domainsStep 6. Save your settingsCongrats! At this point you have user Self Registration set up and configured and you can let your users know!User GuideStep 1. Navigate to your Passbolt URLStep 2. Enter your email address fig. Enter your email addressStep 3. Enter your name fig. Enter your nameStep 4. Proceed with the standard sign up process.", -"url": "https://help.passbolt.com/configure/self-registration" -}, -"faq-hosting-logs": { -"title": "How can I check logs on my server?", -"category": "hosting", -"content": "The importance of the installation methodThere are three main types of installations for Passbolt, and that’s what you need to know before running one of these commands as they may not work for each installation. Package installation (Debian, Ubuntu, OracleLinux, and so on.) From source DockerWith package installation, the files will be split into two different directories, /etc/passbolt for the configuration files and /usr/share/php/passbolt for every other files and the CakePHP CLI.If you did a from source installation, the whole directory will be in /var/www/passbolt.If you are runnig docker, please, refer to the Troubleshoot Docker guide as all is explained there.APIHealthcheckThe healthcheck is used to check whether the Passbolt system is running as expected. It evaluates various aspects of the system to ensure that all components are working properly and configured correctly. It provides a detailed report about important information such as the gpg configuration, the ssl access, database configuration, etc. Package Installation sudo su -s /bin/bash -c \"/usr/share/php/passbolt/bin/cake passbolt healthcheck\" www-data From source sudo su -s /bin/bash -c \"/var/www/passbolt/bin/cake passbolt healthcheck\" www-data Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. DatacheckThe datacheck is a great tool as it aims to have a look at the data integrity for gpg keys, authentication tokens, groups, resources, etc. Package Installation sudo su -s /bin/bash -c \"/usr/share/php/passbolt/bin/cake passbolt datacheck\" www-data From source sudo su -s /bin/bash -c \"/var/www/passbolt/bin/cake passbolt datacheck\" www-data Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. Status ReportThe status report is in most case the best alternative if you need to gather information from the healthcheck, datacheck, do a cleanup dry-run and retrieve the server logs.On top of executing the healthcheck, datacheck and retrieving the server logs one after the other, it also gives important information about the system itself such as the passbolt edition and version, the version of CakePHP and PHP, composer version etc. Package Installation sudo su -s /bin/bash -c \"/usr/share/php/passbolt/bin/status-report\" www-data From source sudo su -s /bin/bash -c \"/var/www/passbolt/bin/status-report\" www-data Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. Server logsThe server logs contains mostly error and warnings such as bad request, invalid requests, applications errors, etc. Package Installation sudo su -s /bin/bash -c \"cat /var/log/passbolt/error.log\" www-data From source sudo su -s /bin/bash -c \"cat /var/www/passbolt/logs/error.log\" www-data Pro tip: While running web server commands, it’s common to use www-data. However, this can vary based on your distribution. For example, nginx is used in distributions like CentOS, and httpd is used in distributions like Fedora. Always double-check what’s applicable for your specific setup to avoid errors. Browser ExtensionGoogle Chrome You will need to navigate to your extensions Activate the Developer mode in the top right corner Look for Passbolt and click details button Look for the Inspect views and the index.html link A new window will appear this is the debugger of the browser extension You can see from here, if there is any issue in the console tab Go to the network tab Try to reproduce the error Export the logs by clicking the down arrow Warning: HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can’t check by opening them in a text editor. fig. Browser Extension Network LogsFirefox You will need to navigate to your extensions Locate Passbolt and click Inspect A new window will appear this is the debugger of the browser extension You can see from here, if there is any issue in the console tab Go to the network tab Try to reproduce the error Export logs by clicking right on the logs and select Save all As HAR Warning: HAR files are text files in json format. They contain sensitive data such as your Passbolt main url or your browser version. You can’t check by opening them in a text editor. ", -"url": "https://help.passbolt.com/faq/hosting/logs" -}, "faq-security-code-review": { "title": "Has the code been reviewed?", "category": "security", "content": "Since 2021, Cure53 performed a series of nine audits in order to provide a 360 degree review of the passbolt ecosystem as a whole. Each audit involved several security researchers and each lasted for about a week.In the meantime, passbolt has successfully completed SOC2 Type II audit, a well established and recognized standard of information security compliance.Code and Infrastructure security auditsJuly 2023: User directory integration & DirectoryTree LdapRecord libraryPBL-09 Cure53 report: This report describes the results of a security assessment of the passbolt complex, spanning the external DirectoryTree LdapRecord library and related backend API.March 2023: Passbolt SSOPBL-08 Cure53 report: This report describes the results of a security assessment of the passbolt complex, spanning the passbolt SSO feature, related backend API and browser extensions.July 2022: Passbolt Crypto and Account recoveryPBL-07 Cure53 report: This report describes the results of a security assessment of the passbolt complex, spanning several of the newer passbolt features, including the account recovery feature and the ECC key support.December 2021: Mobile applications and go-passbolt-cliPBL-06 Cure53 report: This report describes the results of a security assessment of the passbolt complex, spanning the passbolt mobile application, related backend API and CLI tool.August 2021: Browser integration and WebExtension API usagePBL-05 Cure53 report: This report details the scope, results and conclusory summaries of a penetration test and security assessment against the passbolt browser extension with a particular focus on the browser integration and WebExtension API usageJuly 2021: Passbolt cloud infrastructurePBL-04 Cure53 report: For security reasons this report is not public. No major issue was found, only hardening suggestions who have been implemented during the course of the summer.June 2021: Backend and pluginsPBL-03 Cure53 report: This report describes the results of a security assessment of the passbolt complex, spanning the passbolt backend, API and a selection of passbolt plugins.April 2021: Browser extensionsPBL-02 Cure53 report: This report describes the results of a comprehensive security assessment targeting the passbolt browser extensions for Chrome and Firefox.February 2021: Security White PaperPBL-01 Cure53 report: This report describes the results of a review of a cryptography & security white-paper, detailing on the security properties and architecture for passbolt.Incidents reportsAll incidents are listed on this dedicated page.Older reviews Passbolt Web Extension: reviewed several times by Mozilla Add-on reviewers in the course of 2017 as part of the original AMO extension approval process, leading to several improvements in versions 1.6.3, 1.6.4 and 1.6.5. Passbolt API: the v2.0.0-RC branch was reviewed by CakeDC in December 2018. You can learn more about the findingshere. Openpgp.js code base has undergone two complete security audits from Cure53. Reports can be found here Cakephp was reviewed by NCC Group, you can browse the full report here Report a security issueThe code review work will never be done, feel free to contact us if you want to contribute atsecurity@passbolt.com.", "url": "https://help.passbolt.com/faq/security/code-review" }, -"faq-start-export-passwords": { -"title": "How to export passwords in a csv or kdbx file", -"category": "start", -"content": "How to export passwords in passbolt Your browser does not support the video tag. fig. Passbolt GUI - Export passwords Steps Select the password(s) or the folder(s) you’d like to export. If you want to export all the passwords you have access to, you can click on the menu next to “Folders”. Click on the “Export” or “Export all” button. Choose the right format for the export. You will be prompted to enter your passphrase. The download will start and you will be able to open the file.Supported file formatsPassbolt export system supports the following file formats: Csv - Lastpass export Csv - 1password export Csv - Keepass export Csv - Dashlane export Csv - Nordpass export Csv - LogMeOnce export Csv - BitWarden export Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) Csv - Safari Kdbx (file format used by Keepass 2.x, you’ll need to specify a keepass passphrase for the encryption)If you’d like to request the support of a specific format, you can open a request on the community forum.", -"url": "https://help.passbolt.com/faq/start/export-passwords" -}, -"configure-windows-app-html": { -"title": "Using Windows App", -"category": "", -"content": "Prerequisites Important: The Windows application is currently in BETA mode. To use it, you need to enable the ‘desktop’ feature flag. This will allow all your users to access and configure the Passbolt desktop application from their user profiles This feature flag can be enabled through different methods: Docker: Set the environment variable PASSBOLT_PLUGINS_DESKTOP_ENABLED to true. Configuration File: In /etc/passbolt/passbolt.php, add the following section: return [ \"passbolt\" => [ \"plugins\" => [ \"desktop\" => [ \"enabled\" => true ] ] ]]; How to download and install the application Access the application by clicking on the link in your profile space. This link will redirect you to the Windows Store. fig. Home Desktop app page from profile Import an existing passbolt account To configure your account in the desktop application, you must transfer your private key from the browser extension to the desktop application. Getting started After installing the application, you...", -"url": "https://help.passbolt.com/configure/windows-app.html" -}, -"configure-ldap-ldap-filters-html": { -"title": "Using LDAP Filters", -"category": "", -"content": "Important: The Ldap plugin is part of Passbolt Pro only and is not available in the Community Edition. Introduction As part of the Users Directory feature passbolt offers two ways to help filter your Active Directory/OpenLDAP users and groups so you have more control over which users and groups are synchronized. This page will go over how to use both of these options. Groups & Users Parent Group One of the options for filtering users and groups is to use the Groups Parent Group or the Users Parent Group option. This can be found under the Synchronization options section of the Users Directory configuration page. fig. Ldap settings parent group fields This option will allow you to specify a Parent Group for your users or groups. Passbolt will then only look for Users or Groups which are part of that Parent group and use those for synchronization. This is most...", -"url": "https://help.passbolt.com/configure/ldap/ldap-filters.html" -}, -"configure-totp-time-based-one-time-password-ui-html": { -"title": "How to preview a TOTP", -"category": "", -"content": " Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password) via Mobile. However, it is still possible to preview those TOTP from the Web UI fig. Web UI - Preview TOTP There are two types of TOTP: Standalone That is the Passbolt Community TOTP resource, this is not linked to any passwords. Linked to an existing password The resource Passbolt was existing before the creation of the TOTP and has been linked to it. From the Web UI, you are able to preview any TOTP shown in the column “TOTP” Last updated This article was last updated on October4th,2023. Not finding what you are looking for? You can also ask the community on the forum. Talk to a human ", -"url": "https://help.passbolt.com/configure/totp/time-based-one-time-password-ui.html" -}, -"configure-totp-time-based-one-time-password-mobile-html": { -"title": "How to create a TOTP", -"category": "", -"content": "Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password). TOTP is a mechanism that generates a unique and temporary password based on the current time. This dynamic code can be used on its own or in combination with a static password, offering an additional layer of security compared to traditional password-only systems. iOS Android iOS On the iOS application, there is a new section called “TOTP” fig. iOS - Empty TOTP In order to create a new TOTP, you’d need to click on “Create” fig. iOS - TOTP Creation That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually. For the TOTP manual creation, you will have to fill three fields: Name, which is the label of the resource URL, which is the fullBaseUrl of...", -"url": "https://help.passbolt.com/configure/totp/time-based-one-time-password-mobile.html" -}, -"configure-password-policies-html": { -"title": "How to configure the Password Policies", -"category": "", -"content": "Attention: This feature is currently available only in Passbolt Pro Edition. Since version 4.2, Passbolt Pro Edition supports the configuration of Password Policies. fig. Password Policies administration How does it work? This feature allows administrators to define the default secret generator settings and an external service should be used to check if the generated passwords have been leaked or not.These policies concern only the secrets that are accessible in the resource workspace, it’s not relative to the user’s private key passphrase (for this part, please check the User Passphrase Policies). Once configured, the secret generators preset their default configuration with these policies. As a consequence, when a secret is generated from the “dice” button or from the in-form menu, generators use the policies as a default configuration.However, a user still has the possibility to change the configuration on demand to avoid blocking situation when a service asks specific secret patterns....", -"url": "https://help.passbolt.com/configure/password-policies.html" -}, -"configure-user-passphrase-policies-html": { -"title": "How to configure User Passphrase Policies", -"category": "", -"content": "Attention: This feature is only available in Passbolt Pro Edition. Since version 4.3.0, Passbolt Pro Edition supports User Passphrase Policies. fig. Passbolt GUI - User Passphrase Policies administration How does it work? User Passphrase Policies allows administrators to configure minimal strength requirements for the users’ private key passphrase.When defining a new passphrase, users have to find a passphrase that matches these policies. Also, it allows to choose rather or not if a user’s passphrase should be check against an external service to know if it has been leaked or not. How to configure the plugin? The plugin is enabled by default and since the version 4.3.0 of the browser extension, Passbolt uses this new User Passphrase Policies feature in all concerned UI.To configure it though, you need to go the administration of your Passbolt instance and then go to the “User Passphrase Policies” section. At this stage, you can see...", -"url": "https://help.passbolt.com/configure/user-passphrase-policies.html" -}, -"configure-rbac-html": { -"title": "How to configure Role-Based Access Control", -"category": "", -"content": "Since version 4.1.0, all editions of passbolt support Role-Based Access Control. fig. Role-Based Access Control Requirements You can follow this procedure if you are meeting the following requirements: You are running passbolt >= v4.1.0. You have an active administrator account. How does it work? RBAC is a feature introduced that as for aim to restrict the access of functionalities to users. According to the administrator choices, users can be restricted to some functionalities. The administrator has only to chose between allow or deny options for the functionalities. RBAC In order to configure RBAC for your organisation, go to administration setting workspace Administration > Role-Based Access Control. Choose to restrict or not a functionality By default, all functionalities are allowed. To deny one select and restrict the one that suits best your organization. fig. RBAC administration settings select permission Apply the changes Once the RBAC is configured as you wish, you...", -"url": "https://help.passbolt.com/configure/rbac.html" -}, -"hosting-upgrade-pro-from-debian-11-to-debian-12-pro-html": { -"title": "Upgrade from Debian 11 to Debian 12", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A Debian 11 server. Passbolt Debian package installed. Ensure you have sufficient space for the upgrade. This manual has for aim to help you upgrade your distribution, but it does not replace the official Debian guide, please refer to it if you have any doubt. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process. 3. Prepare repositories 3.1. Upgrade the OS and other third party repositories Prior to upgrading the system, ensure the OS as well...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/from-debian-11-to-debian-12-pro.html" -}, -"hosting-upgrade-ce-from-debian-11-to-debian-12-ce-html": { -"title": "Upgrade from Debian 11 to Debian 12", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A Debian 11 server. Passbolt Debian package installed. Ensure you have sufficient space for the upgrade. This manual has for aim to help you upgrade your distribution, but it does not replace the official Debian guide, please refer to it if you have any doubt. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process. 3. Prepare repositories 3.1. Upgrade the OS and other third party repositories Prior to upgrading the system, ensure the OS as well...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/from-debian-11-to-debian-12-ce.html" -}, -"hosting-install-pro-debian-debian-html": { -"title": "Install Passbolt Pro on Debian 12 (Bookworm)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 12 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/pro/debian/debian.html" -}, -"hosting-install-ce-debian-debian-html": { -"title": "Install Passbolt CE on Debian 12 (Bookworm)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 12 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/ce/debian/debian.html" -}, -"configure-sso-azure-html": { -"title": "How to configure SSO with Microsoft", -"category": "", -"content": "Attention: This feature is currently available only in Passbolt Pro Edition. Since version 3.9, Passbolt Pro Edition supports SSO with Microsoft via Azure AD. fig. SSO with Azure How does it work? In short Passbolt SSO leverages Azure OAuth2/OpenID on top of the existing challenge-based authentication.The user by logging in Microsoft unlocks a key stored server side needed to decrypt the secret key passphrase twice encryptedwith a non-extractable symetric key stored in the browser extension local storage client side. To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the developer documentation. How to configure the plugin? Attention: This feature requires HTTPS to work. Open both the Azure portal and Passbolt: You will need to go the administration section of your Passbolt instance and then to the “Single Sign On” section. You will need to also login to the Azure Portal....", -"url": "https://help.passbolt.com/configure/sso/azure.html" -}, -"configure-email-smtp-authentication-html": { -"title": "Configure Email authentication", -"category": "", -"content": "Table of contents: Table of contents: Introduction Google Office 365 ElasticEmail MailGun Mailjet Mailchimp Sendgrid Sendinblue Zoho AWS SES Other Introduction This page is dedicated to providing you with valuable resources to help you configure an authentication method based on the email provider you choose. Authentication is an essential security measure that verifies the identity of users and ensures that only authorized individuals have access to sensitive information. In order to follow this guide, you will need an email provider.If you want to know how to configure your email provider, please follow this link. Google Passbolt provides two different options for Google: Google Workspace and Google Email. Google Workspace is a paid productivity suite that includes business email, cloud storage, video conferencing, and other collaboration tools. It is designed for use by businesses and organizations of all sizes, and provides additional features such as custom email addresses, shared calendars, and...", -"url": "https://help.passbolt.com/configure/email/smtp-authentication.html" -}, -"hosting-install-ce-helm-html": { -"title": "Helm passbolt installation", -"category": "", -"content": "Important: Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods. System requirements Kubernetes cluster (>1.19): https://kubernetes.io/docs/setup/ kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl Helm (3.X): https://helm.sh/docs/intro/install/ a working SMTP server for email notifications FAQ pages: Firewall rules Helm install The easiest and recommended way to deploy your Passbolt Helm chart is to use helm install. Step 1. Set up our Helm repo helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt Step 2. Get a copy of the values file wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml Step 3. Configure values file to customize your instance . The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate. Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how...", -"url": "https://help.passbolt.com/hosting/install/ce/helm.html" -}, -"hosting-install-pro-docker-html": { -"title": "Docker install", -"category": "", -"content": "Important: Installing Passbolt with Docker is considered a somewhat advanced method. Using this method assumes you are familiar with Docker and have run other applications with Docker. If you do not have experience working with Docker we recommend you use another of our installation methods. System requirements docker: https://docs.docker.com/get-docker/ docker-compose: https://docs.docker.com/compose/install/ A Linux user able to run docker commands without sudo a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues FAQ pages: Set up NTP Firewall rules docker-compose The easiest and recommended way to deploy your passbolt stack is to use docker-compose. Step 1. Download our docker-compose.yml example file wget https://download.passbolt.com/pro/docker/docker-compose-pro.yamlwget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-pro-SHA512SUM.txt Step 2. Ensure the file has not been corrupted by verifying its shasum $ sha512sum -c docker-compose-pro-SHA512SUM.txt Must return: docker-compose-pro.yaml: OK Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask...", -"url": "https://help.passbolt.com/hosting/install/pro/docker.html" -}, -"hosting-install-ce-docker-html": { -"title": "Docker passbolt installation", -"category": "", -"content": "Important: Installing Passbolt with Docker is considered a somewhat advanced method. Using this method assumes you are familiar with Docker and have run other applications with Docker. If you do not have experience working with Docker we recommend you use another of our installation methods. System requirements docker: https://docs.docker.com/get-docker/ docker-compose: https://docs.docker.com/compose/install/ A Linux user able to run docker commands without sudo a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues FAQ pages: Set up NTP Firewall rules docker-compose The easiest and recommended way to deploy your passbolt stack is to use docker-compose. Step 1. Download our docker-compose.yml example file wget https://download.passbolt.com/ce/docker/docker-compose-ce.yamlwget https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-ce-SHA512SUM.txt Step 2. Ensure the file has not been corrupted by verifying its shasum $ sha512sum -c docker-compose-ce-SHA512SUM.txt Must return: docker-compose-ce.yaml: OK Warning: If the shasum command output is not correct, the downloaded file has been corrupted. Retry step 1 or ask...", -"url": "https://help.passbolt.com/hosting/install/ce/docker.html" -}, -"configure-mfa-duo-html": { -"title": "How to configure passbolt to use Duo OTP", -"category": "", -"content": "Passbolt Pro Edition since v2.5 and CE since 3.9 support Duo as a multi factor authentication option.Duo is a proprietary solution that is free for up to 10 users, and supports a bundleof authentication channels (such as HOTP, mobile push, phone calls, etc.) configurableby the Duo account administrator. fig. Duo website Important: Multi Factor Authentication requires HTTPS to work. Security considerations It is important to enable and setup at least one additional multi factor authentication provider in case Duo service becomes temporarily not available. In order to authenticate using Duo, the user will be redirected to Duo’s authenticationpage. Whether or not the authentication was successful, the user will be redirected backto passbolt. Make sure your users have access to internet or donot enable this authentication provider if you are running passbolt on a private networkthat is not connected to internet. Install Duo app In order to use this authentication provider,...", -"url": "https://help.passbolt.com/configure/mfa/duo.html" -}, -"configure-sso-google-html": { -"title": "How to configure SSO with Google", -"category": "", -"content": "Attention: This feature is only available in Passbolt Pro Edition. Since version 4.0.0, Passbolt Pro Edition supports SSO with Google via Google Cloud Identity. fig. Passbolt GUI - SSO Login with Google Cloud Identity Important: Passbolt will request a Google API for authorization, if you have firewall rules setup, you have to allow your server to request the accounts.google.com domain. How does it work? In short Passbolt SSO leverages Google OAuth2/OpenID on top of the existing challenge-based authentication. The user by logging in Google unlocks a key stored server side needed to decrypt the secret key passphrase twice encrypted with a non-extractable symetric key stored in the browser extension local storage client side. To understand which user flows are supported currently, the risk analysis, and how it works in practice please read the developer documentation. How to configure the plugin? Open both the Google API console and Passbolt: Once the...", -"url": "https://help.passbolt.com/configure/sso/google.html" -}, -"configure-account-recovery-html": { -"title": "How to configure Account Recovery", -"category": "", -"content": "Requirements You can follow this procedure if you are meeting the following requirements: You are running passbolt Pro > v3.6.0 or Passbolt Cloud. You have an active administrator account How does it work? Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accountsin case of recovery kit or passphrase loss. Depending on the organisation policy, all users will be able to deposit an encrypted backup of their private keys inpassbolt. Backups that can only be unlocked cryptographically by the organisation administrators having in their possessionthe organisation recovery key. Enable account recovery In order to configure account recovery for your organisation, go to administration setting workspace Administration > Account recovery. Choose the organisation policy By default, account recovery is disabled. To enable it choose among the proposed policies the one that suits best your organization. fig. Account recovery administration settings choose...", -"url": "https://help.passbolt.com/configure/account-recovery.html" -}, -"hosting-install-pro-ubuntu-ubuntu-html": { -"title": "Install Passbolt Pro on Ubuntu 22.04", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Ubuntu 22.04 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/pro/ubuntu/ubuntu.html" -}, -"hosting-install-ce-ubuntu-ubuntu-html": { -"title": "Install Passbolt CE on Ubuntu 22.04", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Ubuntu 22.04 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu.html" -}, -"configure-https-ce-digital-ocean-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on Digital Ocean", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Edit nginx configuration file By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name. Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line: server_name _; Replace the...", -"url": "https://help.passbolt.com/configure/https/ce/digital-ocean/auto.html" -}, -"configure-https-pro-aws-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on AWS", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Edit nginx configuration file By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name. Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line: server_name _; Replace the...", -"url": "https://help.passbolt.com/configure/https/pro/aws/auto.html" -}, -"configure-https-ce-aws-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on AWS", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Edit nginx configuration file By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name. Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line: server_name _; Replace the...", -"url": "https://help.passbolt.com/configure/https/ce/aws/auto.html" -}, -"configure-https-pro-ova-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on OVA", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Edit nginx configuration file By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name. Open /etc/nginx/sites-enabled/nginx-passbolt.conf and search for this line: server_name _; Replace the...", -"url": "https://help.passbolt.com/configure/https/pro/ova/auto.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-docker-html": { -"title": "Upgrade from CE to Pro using docker", -"category": "", -"content": " Important: Please take a full backup of your passbolt before proceeding with the upgrade. In order to upgrade from CE to PRO, open your docker-compose.yaml file and search for the passbolt CE image definition: image: passbolt/passbolt:<IMAGE_TAG> And replace the CE <IMAGE_TAG> with a PRO <IMAGE_TAG>. In the same location of your docker-compose.yaml file, create a subscription_key.txt file containing your passbolt subscription key, and add a new volume definition in your docker-compose.yaml file: version: '3.7'services: db: ... passbolt: ... volumes: ... - ./subscription_key.txt:/etc/passbolt/subscription_key.txt:ro Then relaunch your docker containers: $ docker-compose up -d By doing this: a new passbolt docker image will be pulled and a new container created your passbolt database schema will be updated Last updated This article was last updated on February21st,2022. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community ", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-docker.html" -}, -"hosting-update-docker-html": { -"title": "Update for docker container", -"category": "", -"content": " It is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing. To update passbolt, you would just need to change the image tag in your docker-compose.yml file: image: passbolt/passbolt:<IMAGE_TAG> Then relaunch your docker containers: $ docker-compose up -d By doing this: a new passbolt docker image will be pulled and a new container created your passbolt database schema will be updated Last updated This article was last updated on February21st,2022. Are you experiencing issues when updating passbolt? Ask the community! ", -"url": "https://help.passbolt.com/hosting/update/docker.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-opensuse-server-html": { -"title": "Migrate an existing Passbolt PRO to a new openSUSE server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new openSUSE server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal openSUSE Leap 15 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new openSUSE server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script:...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-opensuse-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-opensuse-server-html": { -"title": "Migrate an existing Passbolt CE to a new openSUSE server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new openSUSE server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal openSUSE Leap 15 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new openSUSE server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script:...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-opensuse-server.html" -}, -"hosting-install-ce-opensuse-html": { -"title": "Install Passbolt CE on openSUSE Leap 15", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal openSUSE Leap 15 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it....", -"url": "https://help.passbolt.com/hosting/install/ce/opensuse.html" -}, -"hosting-install-pro-helm-html": { -"title": "Helm install", -"category": "", -"content": "Important: Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods. System requirements Kubernetes cluster (>1.19): https://kubernetes.io/docs/setup/ kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl Helm (3.X): https://helm.sh/docs/intro/install/ a working SMTP server for email notifications FAQ pages: Firewall rules Helm install The easiest and recommended way to deploy your Passbolt Helm chart is to use helm install. Step 1. Set up our Helm repo helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt Step 2. Get a copy of the values file wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml Step 3. Configure values file to customize your instance and enable the Pro install . The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate. Update this variable with the server name you plan to use. You will find at the bottom of...", -"url": "https://help.passbolt.com/hosting/install/pro/helm.html" -}, -"configure-mfa-yubikey-html": { -"title": "How to configure passbolt to use Yubikey OTP", -"category": "", -"content": "Passbolt Pro Edition since v2.5 and CE since 3.9 support Yubikey OTP as a multi factor authentication option.Yubico OTP is a simple authentication mechanism that is supported by all YubiKeys out of the box. Please note than only Yubikey 5 Series are supported. Security Keys with FIDO2/U2F/WebAuthN support are currently not supported. fig. Using a Yubikey at login Important: Multi Factor Authentication requires HTTPS to work. Security considerations It is important to enable and setup at least one additional multi factor authentication provider in case the user lose its Yubikey or the the Yubicloud service becomes temporarily not available. During a login attempt the passbolt will check if the key ID used by the user is the same that was used during setup. To change key (if the key was lost for example) a user will need to first disable the Yubikey provider in their settings. Get a Yubikey cloud api key...", -"url": "https://help.passbolt.com/configure/mfa/yubikey.html" -}, -"hosting-install-pro-raspberry-html": { -"title": "Install Passbolt PRO on Raspberry PI", -"category": "", -"content": "Prerequisites For this tutorial, you will need: Any Raspberry PI from zero to 4 A minimal Raspberry Pi OS Lite (formerly called Raspbian) server or any OS based on Debian 11 Bullseye. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt...", -"url": "https://help.passbolt.com/hosting/install/pro/raspberry.html" -}, -"hosting-install-ce-raspberry-html": { -"title": "Install Passbolt CE on Raspberry PI", -"category": "", -"content": "Prerequisites For this tutorial, you will need: Any Raspberry PI from zero to 4 A minimal Raspberry Pi OS Lite (formerly called Raspbian) server or any OS based on Debian 11 Bullseye. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt...", -"url": "https://help.passbolt.com/hosting/install/ce/raspberry.html" -}, -"configure-environment-reference-html": { -"title": "Passbolt reference environment variables", -"category": "", -"content": "Following there is a list of the environment variables supported in passbolt both PRO and CE editions with their default values. Variable name Description Default value APP_BASE it allows people to specify the base subdir the application is running in null APP_ENCODING Set text encoding 'UTF-8' APP_FULL_BASE_URL Passbolt base url 'false' DATASOURCES_DEFAULT_DATABASE Database name '' DATASOURCES_DEFAULT_HOST Database hostname 'localhost' DATASOURCES_DEFAULT_PORT Database port 3306 DATASOURCES_DEFAULT_URL Database url '' DATASOURCES_DEFAULT_PASSWORD Database password '' DATASOURCES_DEFAULT_SSL_KEY Database SSL Key '' DATASOURCES_DEFAULT_SSL_CERT Database SSL Cert '' DATASOURCES_DEFAULT_SSL_CA Database SSL CA '' DATASOURCES_DEFAULT_USERNAME Database username '' DEBUG Debug mode 'false' EMAIL_TRANSPORT_DEFAULT_CLASS_NAME Email classname 'Smtp' EMAIL_DEFAULT_FROM_NAME From email username 'Passbolt' EMAIL_DEFAULT_FROM From email address 'you@localhost' EMAIL_DEFAULT_TRANSPORT Sets transport method 'default' EMAIL_TRANSPORT_DEFAULT_HOST Server hostname 'localhost' EMAIL_TRANSPORT_DEFAULT_PORT Server port 25 EMAIL_TRANSPORT_DEFAULT_TIMEOUT Timeout 30 EMAIL_TRANSPORT_DEFAULT_USERNAME Username for email server auth null EMAIL_TRANSPORT_DEFAULT_PASSWORD Password for email server auth null EMAIL_TRANSPORT_DEFAULT_CLIENT Client null EMAIL_TRANSPORT_DEFAULT_TLS Set tls null EMAIL_TRANSPORT_DEFAULT_URL Set url null GNUPGHOME...", -"url": "https://help.passbolt.com/configure/environment/reference.html" -}, -"configure-https-ce-docker-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on Docker", -"category": "", -"content": "If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key. As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. Requirements docker setup with docker-compose A domain name reachable over the internet Add traefik service to handle https If you have followed our installation documentation, you should have defined db and passbolt services for your passbolt stack. To handle HTTPS setup with Let’s Encrypt, add a traefik service as follow: version: '3.7'services: db: ... passbolt: ... traefik: image: traefik:2.6 restart: always ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yaml:/traefik.yaml:ro - ./conf/:/etc/traefik/conf - ./shared/:/shared Traefik will: act as a proxy in front of passbolt service, that’s...", -"url": "https://help.passbolt.com/configure/https/ce/docker/auto.html" -}, -"configure-https-pro-docker-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on Docker", -"category": "", -"content": "If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key. As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. Requirements docker setup with docker-compose A domain name reachable over the internet Add traefik service to handle https If you have followed our installation documentation, you should have defined db and passbolt services for your passbolt stack. To handle HTTPS setup with Let’s Encrypt, add a traefik service as follow: version: '3.7'services: db: ... passbolt: ... traefik: image: traefik:2.6 restart: always ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yaml:/traefik.yaml:ro - ./conf/:/etc/traefik/conf - ./shared/:/shared Traefik will: act as a proxy in front of passbolt service, that’s...", -"url": "https://help.passbolt.com/configure/https/pro/docker/auto.html" -}, -"configure-database-credentials-html": { -"title": "Update my database credentials", -"category": "", -"content": " With package installation (Debian, Ubuntu, RPM) Open /etc/passbolt/passbolt.php file and edit the Datasources block: (...) // Database configuration. 'Datasources' => [ 'default' => [ 'host' => '127.0.0.1', 'port' => '3306', 'username' => 'passbolt', 'password' => 'password', 'database' => 'passboltdb', ], ],(...) Save and quit. From source installation It is the same block to edit than the package installation, but passbolt configuration file is located on /var/www/passbolt/config/passbolt.php With docker installation Database credentials are set in environment variables and you need to edit them for each container: For mariadb container: MYSQL_DATABASE: \"passboltdb\"MYSQL_USER: \"passbolt\"MYSQL_PASSWORD: \"very-strong-password\" For passbolt container: DATASOURCES_DEFAULT_DATABASE: \"passboltdb\"DATASOURCES_DEFAULT_USERNAME: \"passbolt\"DATASOURCES_DEFAULT_PASSWORD: \"very-strong-password\" Last updated This article was last updated on December16th,2021. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community ", -"url": "https://help.passbolt.com/configure/database/credentials.html" -}, -"configure-https-ce-rpm-html": { -"title": "How to configure HTTPS with RPM package", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup MariaDB / Nginx / SSL settings Passbolt CE RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings. You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process. Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. Launch passbolt-configure tool and answer to the questions: sudo /usr/local/bin/passbolt-configure Nginx Please...", -"url": "https://help.passbolt.com/configure/https/ce/rpm.html" -}, -"configure-https-pro-rpm-html": { -"title": "How to configure HTTPS with RPM package", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup MariaDB / Nginx / SSL settings Passbolt PRO RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings. You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process. Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. Launch passbolt-configure tool and answer to the questions: sudo /usr/local/bin/passbolt-configure Nginx Please...", -"url": "https://help.passbolt.com/configure/https/pro/rpm.html" -}, -"configure-https-ce-docker-manual-html": { -"title": "Manual HTTPS configuration on Docker", -"category": "", -"content": "If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key. As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. Requirements docker setup with docker-compose HTTPS configuration You need to bind-mount your certificates inside passbolt container to use them. Create a certs folder and put your certificates there: mkdir certsmv /path/to/your/certificate.crt certs/cert.pemmv /path/to/your/certificate.key certs/key.pem The bind-mount configuration will differ depending which passbolt image you are using. standard images If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped: version: '3.7'services: db: ... passbolt: ... volumes: ... - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro ports: - 80:80 - 443:443 Ensure your APP_FULL_BASE_URL environment variable starts with https:// rootless images If you are using rootless images, tagged as...", -"url": "https://help.passbolt.com/configure/https/ce/docker/manual.html" -}, -"configure-https-pro-docker-manual-html": { -"title": "Manual HTTPS configuration on Docker", -"category": "", -"content": "If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key. As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery. Requirements docker setup with docker-compose HTTPS configuration You need to bind-mount your certificates inside passbolt container to use them. Create a certs folder and put your certificates there: mkdir certsmv /path/to/your/certificate.crt certs/cert.pemmv /path/to/your/certificate.key certs/key.pem The bind-mount configuration will differ depending which passbolt image you are using. standard images If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped: version: '3.7'services: db: ... passbolt: ... volumes: ... - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro ports: - 80:80 - 443:443 Ensure your APP_FULL_BASE_URL environment variable starts with https:// rootless images If you are using rootless images, tagged as...", -"url": "https://help.passbolt.com/configure/https/pro/docker/manual.html" -}, -"configure-https-ce-debian-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Install or reconfigure passbolt If you don’t have passbolt installed please check on the hosting section for more informationon how to install passbolt on debian. If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL: sudo dpkg-reconfigure passbolt-ce-server You most...", -"url": "https://help.passbolt.com/configure/https/ce/debian/auto.html" -}, -"configure-https-ce-debian-manual-html": { -"title": "Manual HTTPS configuration on Debian and Ubuntu with user provided certificates", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: Serve passbolt on port 80 (http) Serve passbolt on port 443 (https) On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference withthe ‘auto’ method where Let’s Encrypt will issue the SSL certificate for you. This manual method is often useful on private network installations with private CA wherethe system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used withself-signed SSL certificates for test installations. On this example we will...", -"url": "https://help.passbolt.com/configure/https/ce/debian/manual.html" -}, -"configure-https-pro-debian-manual-html": { -"title": "Manual HTTPS configuration on Debian and Ubuntu with user provided certificates", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: Serve passbolt on port 80 (http) Serve passbolt on port 443 (https) On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference withthe ‘auto’ method where Let’s Encrypt will issue the SSL certificate for you. This manual method is often useful on private network installations with private CA wherethe system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used withself-signed SSL certificates for test installations. On this example we will...", -"url": "https://help.passbolt.com/configure/https/pro/debian/manual.html" -}, -"configure-https-pro-debian-auto-html": { -"title": "Auto configure HTTPS with Let's Encrypt on Debian and Ubuntu", -"category": "", -"content": "If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users.Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account. Important requirement: This tutorial assumes your machine has a valid domain name assigned in order to work with let’s encrypt. If you want to use user provided certificates or self-signed certificates skip to the next section Note: the configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default Install or reconfigure passbolt If you don’t have passbolt installed please check on the hosting section for more informationon how to install passbolt on debian. If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL: sudo dpkg-reconfigure passbolt-pro-server You most...", -"url": "https://help.passbolt.com/configure/https/pro/debian/auto.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-centos-server-html": { -"title": "Migrate an existing Passbolt PRO to a new CentOS server", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. This document describes how to migrate an existing passbolt to a new CentOS server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal CentOS 7 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new CentOS server Package repository setup For easier installation and update tasks Passbolt provides...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-centos-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-centos-server-html": { -"title": "Migrate an existing Passbolt CE to a new CentOS server", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. This document describes how to migrate an existing passbolt to a new CentOS server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal CentOS 7 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new CentOS server Package repository setup For easier installation and update tasks Passbolt provides...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-centos-server.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-fedora-server-html": { -"title": "Migrate an existing Passbolt PRO to a new Fedora server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Fedora server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Fedora 37 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Fedora server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-fedora-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-fedora-server-html": { -"title": "Migrate an existing Passbolt CE to a new Fedora server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Fedora server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Fedora 37 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Fedora server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-fedora-server.html" -}, -"hosting-upgrade-ce-migrate-to-centos-html": { -"title": "Migrate passbolt CE from install scripts to CentOS 7 package", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. A CentOS package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal CentOS 7 server. Passbolt installed with the CentOS install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-to-centos.html" -}, -"hosting-upgrade-pro-migrate-to-centos-html": { -"title": "Migrate passbolt PRO from install scripts to CentOS 7 package", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. A CentOS package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal CentOS 7 server. Passbolt installed with the CentOS install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-to-centos.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-rockylinux-server-html": { -"title": "Migrate an existing Passbolt PRO to a new RockyLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new RockyLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal RockyLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new RockyLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-rockylinux-server.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-redhat-server-html": { -"title": "Migrate an existing Passbolt PRO to a new Red Hat server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Red Hat server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Red Hat 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Red Hat server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-redhat-server.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-oraclelinux-server-html": { -"title": "Migrate an existing Passbolt PRO to a new OracleLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new OracleLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal OracleLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new OracleLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-oraclelinux-server.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-almalinux-server-html": { -"title": "Migrate an existing Passbolt PRO to a new AlmaLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new AlmaLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal AlmaLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new AlmaLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-almalinux-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-rockylinux-server-html": { -"title": "Migrate an existing Passbolt CE to a new RockyLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new RockyLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal RockyLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new RockyLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-rockylinux-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-redhat-server-html": { -"title": "Migrate an existing Passbolt CE to a new Red Hat server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Red Hat server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Red Hat 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Red Hat server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-redhat-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-oraclelinux-server-html": { -"title": "Migrate an existing Passbolt CE to a new OracleLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new OracleLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal OracleLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new OracleLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-oraclelinux-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-almalinux-server-html": { -"title": "Migrate an existing Passbolt CE to a new AlmaLinux server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new AlmaLinux server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal AlmaLinux 8 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new AlmaLinux server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-almalinux-server.html" -}, -"hosting-update-fedora-html": { -"title": "Update passbolt on Fedora", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Fedora server. Passbolt Fedora package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Fedora system: $ sudo dnf update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/fedora.html" -}, -"hosting-update-opensuse-html": { -"title": "Update passbolt on openSUSE", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal openSUSE server. Passbolt openSUSE package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole openSUSE system: $ sudo zypper update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/opensuse.html" -}, -"hosting-update-raspberry-html": { -"title": "Update passbolt on Raspberry Pi", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian server. Passbolt Debian package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Debian system: sudo apt updatesudo apt --only-upgrade install passbolt-ce-serversudo apt upgrade You are running Passbolt PRO? ↓ sudo apt updatesudo...", -"url": "https://help.passbolt.com/hosting/update/raspberry.html" -}, -"hosting-update-rockylinux-html": { -"title": "Update passbolt on RockyLinux", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal RockyLinux server. Passbolt RockyLinux package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole RockyLinux system: $ sudo dnf update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/rockylinux.html" -}, -"hosting-update-redhat-html": { -"title": "Update passbolt on Red Hat", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Red Hat server. Passbolt Red Hat package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Red Hat system: $ sudo dnf update 4. Clear the cache Finally make sure you clear the application...", -"url": "https://help.passbolt.com/hosting/update/redhat.html" -}, -"hosting-update-oraclelinux-html": { -"title": "Update passbolt on OracleLinux", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal OracleLinux server. Passbolt OracleLinux package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole OracleLinux system: $ sudo dnf update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/oraclelinux.html" -}, -"hosting-update-centos-html": { -"title": "Update passbolt on CentOS", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. Prerequisites For this tutorial, you will need: A minimal CentOS server. Passbolt CentOS package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade...", -"url": "https://help.passbolt.com/hosting/update/centos.html" -}, -"hosting-update-almalinux-html": { -"title": "Update passbolt on AlmaLinux", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal AlmaLinux server. Passbolt AlmaLinux package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole AlmaLinux system: $ sudo dnf update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/almalinux.html" -}, -"hosting-update-debian-package-html": { -"title": "Update passbolt on Debian", -"category": "", -"content": "Pro tip: These instructions are also used for updates to the virtual machine. Prerequisites For this tutorial, you will need: A minimal Debian server. Passbolt Debian package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Debian system: sudo apt updatesudo apt --only-upgrade...", -"url": "https://help.passbolt.com/hosting/update/debian-package.html" -}, -"hosting-update-ubuntu-package-html": { -"title": "Update passbolt on Ubuntu", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Ubuntu server. Passbolt Ubuntu package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Ubuntu system: sudo apt updatesudo apt --only-upgrade install passbolt-ce-serversudo apt upgrade You are running Passbolt PRO? ↓ sudo apt updatesudo...", -"url": "https://help.passbolt.com/hosting/update/ubuntu-package.html" -}, -"hosting-update-redhat-7-html": { -"title": "Update passbolt on Red Hat 7", -"category": "", -"content": "Important: This page has been depreciated, see the Red Hat update page for instructions. Prerequisites For this tutorial, you will need: A minimal Red Hat server. Passbolt Red Hat package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole Red Hat system: $...", -"url": "https://help.passbolt.com/hosting/update/redhat-7.html" -}, -"hosting-update-oraclelinux-7-html": { -"title": "Update passbolt on OracleLinux 7", -"category": "", -"content": "Important: This page has been depreciated, see the Oracle Linux update page for instructions. Prerequisites For this tutorial, you will need: A minimal OracleLinux server. Passbolt OracleLinux package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole OracleLinux system: $ sudo dnf update...", -"url": "https://help.passbolt.com/hosting/update/oraclelinux-7.html" -}, -"hosting-update-centos-7-html": { -"title": "Update passbolt on CentOS 7", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal CentOS server. Passbolt CentOS package installed. Update passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your database It is recommended to always perform a backup of your passbolt installation. Please check the backup article 3. Upgrade your system Pro tip: Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That’s why we are suggesting to manually upgrade passbolt prior to system upgrade This commands will trigger an upgrade on your whole CentOS system: $ sudo yum update 4. Clear the cache Finally make sure you clear the application cache, to make...", -"url": "https://help.passbolt.com/hosting/update/centos-7.html" -}, -"hosting-install-pro-fedora-html": { -"title": "Install Passbolt PRO on Fedora", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Fedora 37 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/pro/fedora.html" -}, -"hosting-install-ce-fedora-html": { -"title": "Install Passbolt CE on Fedora", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Fedora 37 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/ce/fedora.html" -}, -"hosting-install-pro-opensuse-html": { -"title": "Install Passbolt PRO on openSUSE Leap 15", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal openSUSE Leap 15 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it....", -"url": "https://help.passbolt.com/hosting/install/pro/opensuse.html" -}, -"hosting-install-pro-rockylinux-html": { -"title": "Install Passbolt PRO on RockyLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal RockyLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/pro/rockylinux.html" -}, -"hosting-install-pro-redhat-html": { -"title": "Install Passbolt PRO on Red Hat 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Red Hat 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it....", -"url": "https://help.passbolt.com/hosting/install/pro/redhat.html" -}, -"hosting-install-pro-oraclelinux-html": { -"title": "Install Passbolt PRO on OracleLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal OracleLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/pro/oraclelinux.html" -}, -"hosting-install-pro-centos-html": { -"title": "Install Passbolt PRO on CentOS 7", -"category": "", -"content": " Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. Last updated This article was last updated on November24th,2021. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests! View on github ", -"url": "https://help.passbolt.com/hosting/install/pro/centos.html" -}, -"hosting-install-pro-almalinux-html": { -"title": "Install Passbolt PRO on AlmaLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal AlmaLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/pro/almalinux.html" -}, -"hosting-install-ce-rockylinux-html": { -"title": "Install Passbolt CE on RockyLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal RockyLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/ce/rockylinux.html" -}, -"hosting-install-ce-redhat-html": { -"title": "Install Passbolt CE on Red Hat 8", -"category": "", -"content": "distributionPackage Prerequisites For this tutorial, you will need: A minimal Red Hat 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install...", -"url": "https://help.passbolt.com/hosting/install/ce/redhat.html" -}, -"hosting-install-ce-oraclelinux-html": { -"title": "Install Passbolt CE on OracleLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal OracleLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/ce/oraclelinux.html" -}, -"hosting-install-ce-centos-html": { -"title": "Install Passbolt CE on CentOS 7", -"category": "", -"content": "Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then. Prerequisites For this tutorial, you will need: A minimal CentOS 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you...", -"url": "https://help.passbolt.com/hosting/install/ce/centos.html" -}, -"hosting-install-ce-almalinux-html": { -"title": "Install Passbolt CE on AlmaLinux 8", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal AlmaLinux 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/ce/almalinux.html" -}, -"2021-11-24-debian11-html": { -"title": "Install Passbolt Pro on Debian 11 (Bullseye)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 11 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/2021/11/24/Debian11.html" -}, -"2021-11-24-debian11-ce-html": { -"title": "Install Passbolt CE on Debian 11 (Bullseye)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 11 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/2021/11/24/Debian11-ce.html" -}, -"hosting-backup-package-html": { -"title": "Backing up a Passbolt package installation", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: 1. The database We made a dedicated command in...", -"url": "https://help.passbolt.com/hosting/backup/package.html" -}, -"hosting-install-pro-redhat-7-html": { -"title": "Install Passbolt PRO on Red Hat 7", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Red Hat 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it....", -"url": "https://help.passbolt.com/hosting/install/pro/redhat-7.html" -}, -"hosting-install-pro-oraclelinux-7-html": { -"title": "Install Passbolt PRO on OracleLinux 7", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal OracleLinux 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/pro/oraclelinux-7.html" -}, -"hosting-install-pro-centos-8-html": { -"title": "Install Passbolt PRO on CentOS 8", -"category": "", -"content": "Warning: CentOS 8 is not one of our supported distributions. Please see our install page to see which distributions we support. Prerequisites For this tutorial, you will need: A minimal CentOS 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation...", -"url": "https://help.passbolt.com/hosting/install/pro/centos-8.html" -}, -"hosting-install-ce-redhat-7-html": { -"title": "Install Passbolt CE on Red Hat 7", -"category": "", -"content": "distributionPackage Prerequisites For this tutorial, you will need: A minimal Red Hat 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install...", -"url": "https://help.passbolt.com/hosting/install/ce/redhat-7.html" -}, -"hosting-install-ce-oraclelinux-7-html": { -"title": "Install Passbolt CE on OracleLinux 7", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal OracleLinux 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step...", -"url": "https://help.passbolt.com/hosting/install/ce/oraclelinux-7.html" -}, -"hosting-install-ce-centos-8-html": { -"title": "Install Passbolt CE on CentOS 8", -"category": "", -"content": "Warning: CentOS 8 is not one of our supported distributions. Please see our install page to see which distributions we support. Prerequisites For this tutorial, you will need: A minimal CentOS 8 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation...", -"url": "https://help.passbolt.com/hosting/install/ce/centos-8.html" -}, -"hosting-install-pro-ubuntu-ubuntu-20-04-html": { -"title": "Install Passbolt Pro on Ubuntu 20.04", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Ubuntu 20.04 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/pro/ubuntu/ubuntu-20-04.html" -}, -"hosting-install-ce-ubuntu-ubuntu-20-04-html": { -"title": "Install Passbolt CE on Ubuntu 20.04", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Ubuntu 20.04 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our...", -"url": "https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu-20-04.html" -}, -"hosting-install-pro-debian-10-buster-html": { -"title": "Install Passbolt Pro on Debian 10 (Buster)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 10 (Buster) latest server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install...", -"url": "https://help.passbolt.com/hosting/install/pro/debian-10-buster.html" -}, -"hosting-install-ce-debian-10-buster-html": { -"title": "Install Passbolt CE on Debian 10 (Buster)", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A minimal Debian 10 (Buster) latest server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install...", -"url": "https://help.passbolt.com/hosting/install/ce/debian-10-buster.html" -}, -"hosting-upgrade-pro-from-debian-10-to-debian-11-pro-html": { -"title": "Upgrade from Debian 10 to Debian 11", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A Debian 10 server. Passbolt Debian package installed. Ensure you have sufficient space for the upgrade. This manual has for aim to help you upgrade your distribution, but it does not replace the official Debian guide, please refer to it if you have any doubt. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process. 3. Prepare repositories 3.1. Upgrade the OS and other third party repositories Prior to upgrading the system, ensure the OS as well...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/from-debian-10-to-debian-11-pro.html" -}, -"hosting-upgrade-ce-from-debian-10-to-debian-11-ce-html": { -"title": "Upgrade from Debian 10 to Debian 11", -"category": "", -"content": "Prerequisites For this tutorial, you will need: A Debian 10 server. Passbolt Debian package installed. Ensure you have sufficient space for the upgrade. This manual has for aim to help you upgrade your distribution, but it does not replace the official Debian guide, please refer to it if you have any doubt. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process. 3. Prepare repositories 3.1. Upgrade the OS and other third party repositories Prior to upgrading the system, ensure the OS as well...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/from-debian-10-to-debian-11-ce.html" -}, -"hosting-upgrade-ce-migrate-to-debian-html": { -"title": "Migrate passbolt CE from install scripts to Debian package", -"category": "", -"content": "A Debian package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal Debian 12 server. Passbolt installed with the Debian install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4 and supports PHP 8.2. A full system upgrade to Debian 12 is necessary before installing the passbolt Debian package. Here is the official Debian guide toupgrade your system with a step by step tutorial....", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-to-debian.html" -}, -"hosting-upgrade-pro-migrate-to-debian-html": { -"title": "Migrate from install scripts to Debian package", -"category": "", -"content": "A Debian package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal Debian 12 server. Passbolt installed with the Debian install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4 and supports PHP 8.2. A full system upgrade to Debian 12 is necessary before installing the passbolt Debian package. Here is the official Debian guide toupgrade your system with a step by step tutorial....", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-to-debian.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-debian-server-html": { -"title": "Migrate an existing Passbolt PRO to a new Debian server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Debian server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Debian 12 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Debian server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-debian-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-debian-server-html": { -"title": "Migrate an existing Passbolt CE to a new Debian server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Debian server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Debian 12 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Debian server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-debian-server.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-debian-html": { -"title": "Upgrade Passbolt from CE to Pro on Debian", -"category": "", -"content": "Pre-requisites For this tutorial, you will need: A minimal Debian server. Passbolt CE Debian package installed. Upgrading passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup passbolt First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upload your subscription key You should copy your subscription key to /etc/passbolt/subscription_key.txt and ensure the permissions are correct. sudo chown root:www-data /etc/passbolt/subscription_key.txtsudo chmod 640 /etc/passbolt/subscription_key.txt 4. Uninstall passbolt CE Passbolt CE package should be removed prior to installing passbolt Pro. sudo apt-get remove passbolt-ce-server 5. Update passbolt package repository For easier installation and update tasks Passbolt provides...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-debian.html" -}, -"hosting-update-install-scripts-html": { -"title": "Update passbolt on Centos 7 (installation script)", -"category": "", -"content": "Important: This page has been depreciated, CentOS is not supported anymore. PrerequisitesFor this tutorial, you will need: A minimal server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issuesThe recommended server requirements are: 2 cores 2GB of RAMFAQ pages: Set up NTP Firewall rules Considerations about entropy Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server. Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning! Package repository setupFor easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt...", -"url": "https://help.passbolt.com/hosting/update/install-scripts.html" -}, -"configure-ldap-ldap-common-sync-error-messages-html": { -"title": "Most common ldap sync error messages", -"category": "", -"content": "Introduction Depending on the structure of your directory or the state of the synchronization between passbolt and your directory, passbolt can report certain synchronization issues. They come from a variety of reasons, here are the most common ones. The user user@domain.com could not be added to group MyGroup because it is not active yet This error happens when passbolt is trying to add a user to a group, but the user has not yet activated their account. Passboltcannot add such users to groups automatically since their account is not operational yet. When this situation happens, no intervention is required. The user will be added to the group automatically once they activate their account (when they click on the link provided in the email invitation and complete the initial setup). The user user@domain.com could not be mapped with an existing user in passbolt because it was created after. This error happens...", -"url": "https://help.passbolt.com/configure/ldap/ldap-common-sync-error-messages.html" -}, -"configure-ldap-setup-html": { -"title": "Configure Ldap plugin", -"category": "", -"content": "Important: The LDAP connector will send an invitation email to all the users matching your configuration during a synchronization. If you are simply testing it, make sure not to perform an actual synchronization (use simulate sync instead), or disable the cron job to send emails first. Introduction What is it? The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passboltadministrator to synchronize a list of groups and users, as well as the associated group memberships. Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the futurewe will also support other non ldap based user directories such as Google API User Directory. How does it work? In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimalinvolvement of the administrators and group managers. However if an action...", -"url": "https://help.passbolt.com/configure/ldap/setup.html" -}, -"hosting-backup-docker-html": { -"title": "Docker", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: We assume here Passbolt container is named “passbolt-container” and...", -"url": "https://help.passbolt.com/hosting/backup/docker.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-docker-html": { -"title": "Migrate an existing Passbolt PRO to a new Docker", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A new server with Docker Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. Don’t delete the existing instance yet! Prepare the new server Create a fresh new Passbolt instance on Docker following this documentation. Migrate the data Stop running containers At this step, you should have a running empty Passbolt instance running on your server. We will now stop it and delete the database volume. If you have chosen the docker-compose install, you just have to delete the volumes you created with this command (don’t forget the -v): docker-compose...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-docker.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-docker-html": { -"title": "Migrate an existing Passbolt CE to a new Docker", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A new server with Docker Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. Don’t delete the existing instance yet! Prepare the new server Create a fresh new Passbolt instance on Docker following this documentation. Migrate the data Stop running containers At this step, you should have a running empty Passbolt instance running on your server. We will now stop it and delete the database volume. If you have chosen the docker-compose install, you just have to delete the volumes you created with this command (don’t forget the -v): docker-compose...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-docker.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-virtual-machine-html": { -"title": "Migrate an existing Passbolt PRO to Virtual Machine", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Virtual Machine Appliance. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the Virtual Machine Appliance for migration While configuring the database ensure you are configuring the database as it was on your previous server, check the backup of the file passbolt.php for the configuration details. Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-virtual-machine.html" -}, -"hosting-upgrade-pro-migrate-existing-pro-to-ubuntu-server-html": { -"title": "Migrate an existing Passbolt PRO to a new Ubuntu server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Ubuntu server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Ubuntu 22.04 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Ubuntu server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt PRO and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-ubuntu-server.html" -}, -"hosting-upgrade-ce-migrate-existing-ce-to-ubuntu-server-html": { -"title": "Migrate an existing Passbolt CE to a new Ubuntu server", -"category": "", -"content": "This document describes how to migrate an existing passbolt to a new Ubuntu server. Pre-requisites For this tutorial, you will need: Passbolt installed on an old server A minimal Ubuntu 22.04 new server Backup the existing data Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations. Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. Don’t delete the existing instance yet! Prepare the new Ubuntu server Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setupbefore you download Passbolt CE and install it. Step 1. Download our dependencies installation script: wget \"https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh\" Step 2. Download our SHA512SUM for the installation script: wget...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-ubuntu-server.html" -}, -"hosting-backup-ubuntu-html": { -"title": "Ubuntu package", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: 1. The database We made a dedicated command in...", -"url": "https://help.passbolt.com/hosting/backup/ubuntu.html" -}, -"hosting-install-pro-aws-html": { -"title": "Using Passbolt PRO AWS AMI", -"category": "", -"content": "Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you canuse for free on your Amazon Web Services infrastructure.The AMI includes the following software: Debian 11 Nginx Php-fpm Mariadb Passbolt PRO preinstalled certbot This AMI does not provide an email server preinstalled so users can manually install it orleverage on third party email providers. 1. Getting started with passbolt PRO AMI You can subscribe to passbolt PRO on the following AWS marketplace listing. Justclick on “continue to subscribe” button on the listing page. fig. Subscribe to passbolt marketplace The EULA for the passbolt PRO is the AGPL license you have to accept that in orderto use this image by just clicking on the “Accept terms” button. fig. Accept AMI terms Once the terms are accepted you can click on “Continue to configuration” button. In the nextscreen you will be able to select which version of the...", -"url": "https://help.passbolt.com/hosting/install/pro/aws.html" -}, -"hosting-upgrade-ce-migrate-to-ubuntu-html": { -"title": "Migrate passbolt CE from install scripts to Ubuntu package", -"category": "", -"content": "A Ubuntu package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal Ubuntu 20.04 server. Passbolt installed with the Ubuntu install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4 and supports PHP 8.2. A full system upgrade to Ubuntu 20.04 is necessary before installing the passbolt Ubuntu package. Here is the official Ubuntu guide toupgrade your system with a step by step tutorial....", -"url": "https://help.passbolt.com/hosting/upgrade/ce/migrate-to-ubuntu.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-ubuntu-html": { -"title": "Upgrade Passbolt from CE to Pro on Ubuntu", -"category": "", -"content": "Pre-requisites For this tutorial, you will need: A minimal Ubuntu 22.04 server. Passbolt CE Ubuntu package installed. Upgrading passbolt 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. $ sudo systemctl stop nginx 2. Backup passbolt First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upload your subscription key You should copy your subscription key to /etc/passbolt/subscription_key.txt and ensure the permissions are correct. sudo chown root:www-data /etc/passbolt/subscription_key.txtsudo chmod 640 /etc/passbolt/subscription_key.txt 4. Uninstall passbolt CE Passbolt CE package should be removed prior to installing passbolt Pro. sudo apt-get remove passbolt-ce-server 5. Update passbolt package repository For easier installation and update tasks Passbolt...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-ubuntu.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-html": { -"title": "Upgrade to Passbolt Pro", -"category": "", -"content": "Important: This page is depreciated. For up to date upgrade instructions please see our help site page on upgrades. There are many ways you can upgrade your version 2 Community Edition (CE) to Passbolt Pro.This page list the options and will point you to the right manual. Upgrade from CE v2 Upgrade CE v2.x to Pro using source Upgrade CE v2.x to Pro using docker Requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP >= 7.3.0 MariaDB/Mysql >= 5.5.59 Composer...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce.html" -}, -"hosting-backup-debian-html": { -"title": "Debian package", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: 1. The database We made a dedicated command in...", -"url": "https://help.passbolt.com/hosting/backup/debian.html" -}, -"hosting-update-source-html": { -"title": "Update passbolt source install", -"category": "", -"content": "Pre-requisites System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP >= 7.4.0 MariaDB >= 10.3 /Mysql >= 5.7 Composer >= 2 GnuPG Git The following PHP extensions (that may or may not come by default): PHP-GNUPG: for key verification and authentication. Cakephp default requirements: Intl, mbstring, simplexml Image manipulation: gd or imagick Database: Mysqlnd, pdo, pdo_mysql Some general default: xsl, phar, posix, xml, zlib, ctype, curl, json. Ldap & more depending on your configuration (for example if you want...", -"url": "https://help.passbolt.com/hosting/update/source.html" -}, -"hosting-update-do-update-html": { -"title": "Update for Digital Ocean", -"category": "", -"content": "", -"url": "https://help.passbolt.com/hosting/update/do-update.html" -}, -"hosting-update-ami-update-html": { -"title": "Update for AWS ami", -"category": "", -"content": "", -"url": "https://help.passbolt.com/hosting/update/ami-update.html" -}, -"hosting-update-vm-update-html": { -"title": "Update for Virtual Machine", -"category": "", -"content": "", -"url": "https://help.passbolt.com/hosting/update/vm-update.html" -}, -"hosting-upgrade-pro-migrate-to-ubuntu-html": { -"title": "Migrate from install scripts to Ubuntu package", -"category": "", -"content": "A Ubuntu package has been created to increase the ease of installing and upgrading passbolt. Pre-requisites For this tutorial, you will need: A minimal Ubuntu 22.04 server. Passbolt installed with the Ubuntu install script. 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effectssuch as active users corrupting the data in the middle of an upgrade. sudo systemctl stop nginx 2. Backup your instance First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss.You can follow our backup process. 3. Upgrade your system Passbolt requires PHP 7.4 and supports PHP 8.2. A full system upgrade to Ubuntu 22.04 is necessary before installing the passbolt Ubuntu package. Here is the official Ubuntu guide toupgrade your system with a step by step tutorial....", -"url": "https://help.passbolt.com/hosting/upgrade/pro/migrate-to-ubuntu.html" -}, -"hosting-install-pro-vm-html": { -"title": "Using Passbolt pro virtual machine appliance", -"category": "", -"content": "Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and start enjoying Passbolt Pro.The VM includes the following software: Debian 12 Nginx Php-fpm Mariadb Passbolt Pro preinstalled certbot 1. Getting started with Passbolt Pro VM 1.1 Download Download the ova and the SHA512SUM.txt: Passbolt Pro VM SHA512SUM.txt Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files. Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM’s settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process. 1.2 Credentials The appliance performs some actions on the first...", -"url": "https://help.passbolt.com/hosting/install/pro/vm.html" -}, -"configure-email-setup-html": { -"title": "Configure email providers", -"category": "", -"content": "Introduction Passbolt relies heavily on emails: Account creation Account recovery Notifications on different user actions Having a working email setup is essential if you want to use passbolt at its best. There are many email providersand each one has its own setup process. The aim of this help page is to provide the basic concepts so each admincan setup their provider adjusting to their particular case. Requirements You can follow this procedure if you are meeting the following requirements: You are running Passbolt Pro > 3.8.0 or Passbolt Cloud You have an active administrator account You are running Passbolt Pro < 3.7.3 ? How does it work? Configuring email server, but through the UI is a feature introduced with Passbolt v3.8.0 that as for aim to help all administrators who needs to change their SMTP server settings the easiest way. We moved the email configuration from config/passbolt.php directly into the...", -"url": "https://help.passbolt.com/configure/email/setup.html" -}, -"configure-ldap-ldap-with-ssl-html": { -"title": "Configure LDAP plugin with SSL (ldaps)", -"category": "", -"content": "Introduction To run LDAPS your LDAP server must offer a valid SSL certificate to the client which in this case that client is the passbolt server.It is also required that the SSL certificate is trusted by your passbolt instance. There are two ways of obtaining your SSL certificate, listed below. Your LDAP server is offering a SSL certificate obtained by a public Certificate Authority If your SSL certificate has been obtained through a public and well known SSL certificate authority such as Let’s encrypt your certificate wouldbe automatically trusted by the passbolt instance unless otherwise specified by your SSL provider. Most of the time in this scenario your passbolt instance will not require any extra configuration. Your LDAP server is offering a SSL certificate obtained from a private Certficate Authority Some organizations run LDAP on a private network on premises. In these scenarios it is very common that your organization...", -"url": "https://help.passbolt.com/configure/ldap/ldap-with-ssl.html" -}, -"hosting-install-pro-debian-9-stretch-html": { -"title": "Install Passbolt Pro on Debian 9 (Stretch)", -"category": "", -"content": "This tutorial describes how to install Passbolt PRO on a minimal Debian 9 (Stretch) server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. Any doubt? Check out this step by step video of the installation. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal Debian 9 (Stretch) server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB...", -"url": "https://help.passbolt.com/hosting/install/pro/debian-9-stretch.html" -}, -"hosting-install-ce-aws-html": { -"title": "Using Passbolt CE AWS AMI", -"category": "", -"content": "Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you canuse for free on your Amazon Web Services infrastructure.The AMI includes the following software: Debian 11 Nginx Php-fpm Mariadb Passbolt CE preinstalled certbot This AMI does not provide an email server preinstalled so users can manually install it orleverage on third party email providers. 1. Getting started with passbolt CE AMI You can subscribe to passbolt CE on the following AWS marketplace listing. Justclick on “continue to subscribe” button on the listing page. fig. Subscribe to passbolt marketplace The EULA for the passbolt CE is the AGPL license you have to accept that in orderto use this image by just clicking on the “Accept terms” button. fig. Accept AMI terms Once the terms are accepted you can click on “Continue to configuration” button. In the nextscreen you will be able to select which version of the...", -"url": "https://help.passbolt.com/hosting/install/ce/aws.html" -}, -"configure-notification-email": { -"title": "How to configure email notification settings for your organization", -"category": "", -"content": "Some actions in passbolt, such as a user sharing a password with someone else, trigger an email notification. As passbolt admin, you can control which events result in an email notification and which events are ignored. Similarly you can control whether or not a piece of information is included in those notification emails. Passbolt events that trigger email notification Event Recipients When a comment is posted on a password. All the users having access to the given password. When a password is created. The user creating the password. When a password is shared. The users gaining access to the given password. When a password is updated. All the users having access to the given password. When a password is deleted. All the users who had access to the given password. When a new user is invited. The invited user. When users try to recover their passbolt account. The user trying...", -"url": "https://help.passbolt.com/configure/notification/email" -}, -"hosting-install-ce-digital-ocean": { -"title": "Install Passbolt CE Digital Ocean", -"category": "", -"content": "Since march 2019 it is possible to install passbolt easily directly from Digital Ocean.Digital Ocean is an hosting provider based in the USA. In order to run passboltyou will need the following: A Digital Ocean account A domain name for example passbolt.yourdomain.com Some level of access to point your DNS records to the new passbolt server 1. Create the droplet in Digital Ocean The first step is to login in Digital Ocean (or create and setup an account).You can then head to Marketplace and search for passbolt. It is recommended at the point that you have domain name (or subdomain). It is not mandatory buthighly encouraged. Since passbolt web extension is tied to a domain name it will be easier to getit right upfront rather than using the IP address and changing the proper domain name later. Go to the marketplace and search for passbolt, select the card and click...", -"url": "https://help.passbolt.com/hosting/install/ce/digital-ocean" -}, -"configure-mfa-totp-html": { -"title": "How to configure passbolt to use TOTP", -"category": "", -"content": "Passbolt Pro Edition since v2.4.0 support TOTP (Time-based One Time Password). TOTP is a type of authentication method that generates a new, unique password at set intervals (such as every 30 seconds) to be used in addition to a static username and password. Important: Multi Factor Authentication requires HTTPS to work. Security considerations When using Time-based One-time Passwords (TOTP) as a form of multi-factor authentication, it is important to enable and set up at least one additional form of multi-factor authentication as a backup, in case the TOTP service becomes temporarily unavailable. This will ensure that users are still able to access their accounts even if one form of authentication is not working. Another consideration is to ensure that the time-synchronization between the server and the client devices is accurate, if not TOTP codes will not match and the authentication will fail. Install a TOTP application In order to use...", -"url": "https://help.passbolt.com/configure/mfa/totp.html" -}, -"hosting-install-ce-from-source-html": { -"title": "Install passbolt API from source", -"category": "", -"content": "Introduction This tutorial is distribution agnostic. It details the installation steps at a high level, withouttaking into account the specifics related to each and every linux distribution. Please note: This is not the recommended way to install passbolt. You will find guides to install passbolt on your distribution here. You should only attempt this if you are advanced in terms of server configuration System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP >= 7.4.0 WARNING: PHP 8.1.0 will be...", -"url": "https://help.passbolt.com/hosting/install/ce/from-source.html" -}, -"hosting-install-pro-ubuntu-18-04-bionic-beaver-html": { -"title": "Install Passbolt Pro on Ubuntu 18.04 (Bionic Beaver)", -"category": "", -"content": "This tutorial describes how to install Passbolt PRO on a minimal Ubuntu 18.04 (Bionic Beaver) server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal Ubuntu 18.04 (Bionic Beaver) server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations...", -"url": "https://help.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html" -}, -"hosting-install-pro-centos-7-from-source-html": { -"title": "Install Passbolt Pro on CentOS 7", -"category": "", -"content": "This tutorial describes how to install Passbolt PRO on a minimal CentOS 7 server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal CentOS 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note:...", -"url": "https://help.passbolt.com/hosting/install/pro/centos-7-from-source.html" -}, -"hosting-install-ce-ubuntu-18-04-bionic-beaver-html": { -"title": "Install Passbolt CE on Ubuntu 18.04 (Bionic Beaver)", -"category": "", -"content": "This tutorial describes how to install Passbolt CE on a minimal Ubuntu 18.04 (Bionic Beaver) server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal Ubuntu 18.04 (Bionic Beaver) server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations...", -"url": "https://help.passbolt.com/hosting/install/ce/ubuntu-18-04-bionic-beaver.html" -}, -"hosting-install-ce-debian-9-stretch-html": { -"title": "Install Passbolt CE on Debian 9 (Stretch)", -"category": "", -"content": "This tutorial describes how to install Passbolt CE on a minimal Debian 9 (Stretch) server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. Any doubt? Check out this step by step video of the installation. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal Debian 9 (Stretch) server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB...", -"url": "https://help.passbolt.com/hosting/install/ce/debian-9-stretch.html" -}, -"hosting-install-ce-centos-7-from-source-html": { -"title": "Install Passbolt CE on CentOS 7", -"category": "", -"content": "This tutorial describes how to install Passbolt CE on a minimal CentOS 7 server. The installation procedure is based on install scripts that will dothe heavy lifting for you. They will configure your operating system to be passbolt ready and will take care of installing and configuring the webserver (Nginx), database (MariaDb), PHP, SSL and GPG keyring. Installation time: 10 minutes. If you prefer to install passbolt manually please refer to this documentation: Install passbolt from source. Prerequisites For this tutorial, you will need: A minimal CentOS 7 server. A domain / host name pointing to your server, or at least being able to reach your server through a static IP address. a working SMTP server for email notifications a working NTP service to avoid GPG authentication issues The recommended server requirements are: 2 cores 2GB of RAM FAQ pages: Set up NTP Firewall rules Considerations about entropy Please note:...", -"url": "https://help.passbolt.com/hosting/install/ce/centos-7-from-source.html" -}, -"hosting-install-pro-install-scripts-html": { -"title": "Install Passbolt Pro", -"category": "", -"content": " Choose the guide corresponding to your distribution Debian 9: https://www.passbolt.com/hosting/install/pro/debian-9-stretch.html Centos 7: https://www.passbolt.com/hosting/install/pro/centos-7.html Ubuntu 18.04: https://www.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html Last updated This article was last updated on November13th,2018. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community ", -"url": "https://help.passbolt.com/hosting/install/pro/install-scripts.html" -}, -"hosting-install-pro-wizard-html": { -"title": "Install Passbolt Pro", -"category": "", -"content": " Choose the guide corresponding to your distribution Debian 9: https://www.passbolt.com/hosting/install/pro/debian-9-stretch.html Centos 7: https://www.passbolt.com/hosting/install/pro/centos-7.html Ubuntu 18.04: https://www.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html Last updated This article was last updated on November13th,2018. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community ", -"url": "https://help.passbolt.com/hosting/install/pro/wizard.html" -}, -"configure-ldap-ldap-from-configuration-file-html": { -"title": "Configure Ldap plugin", -"category": "", -"content": "Important: The Ldap plugin is part of Passbolt Pro only and is not available in the Community Edition. Introduction What is it? The goal of the directory synchronization tool, also called LDAP connector, is to provide a way for a passboltadministrator to synchronize a list of groups and users, as well as the associated group memberships. Currently the connector supports two types of directory: OpenLDAP and Microsoft Active Directory. In the futurewe will also support other non ldap based user directories such as Google API User Directory. How does it work? In a nutshell this part of the application will try to keep passbolt and a directory in sync with a minimalinvolvement of the administrators and group managers. However if an action is not possible, such as, deletinga user that is the sole password owner, the process triggers will trigger relevant email notifications sothat a human can solve it manually....", -"url": "https://help.passbolt.com/configure/ldap/ldap-from-configuration-file.html" -}, -"hosting-upgrade-ce-upgrade-docker-ce-html": { -"title": "Upgrade Passbolt docker from v1", -"category": "", -"content": "This tutorial covers the case where you want to upgrade your current docker installation of passbolt CE v1.x into passbolt CE v2.x. Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. Upgrade from v1.6.10-debian Passbolt v2 introduces several changes that are important to keep in mind when upgrading: Changes: Environment variables The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables: DB_USER is now DATASOURCES_DEFAULT_USERNAMEDB_HOST is now DATASOURCES_DEFAULT_HOST There is a more detailed list in passbolt_docker README file. Changes: Configuration files No more core.php, email.php or database.php.Any user that does not want to use environment variables must configure passbolt using: /var/www/passbolt/config/passbolt.php Passbolt will look for for configuration values in passbolt.php. Wether passbolt.php does not exist or...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/upgrade-docker-ce.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-v1-docker-html": { -"title": "Upgrade from CE v1 to Pro using docker", -"category": "", -"content": "This tutorial covers the case where you want to upgrade from your passbolt CE v1.x into Passbolt Pro when using docker. Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. The upgrading process is very similar to the one listed in the ce section. The main difference is that Passbolt Pro requires a subscription key towork. Upgrade from v1.6.10-debian Passbolt v2 introduces several changes that are important to keep in mind when upgrading: Changes: Environment variables The set of environment variables have changed and users should take some time to get familiar with the new ones. For example in case of the database env variables: DB_USER is now DATASOURCES_DEFAULT_USERNAMEDB_HOST is now DATASOURCES_DEFAULT_HOST There is a more detailed list in passbolt_docker README file. Changes: Configuration files No more core.php, email.php or database.php.Any user that does not...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-docker.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-v1-same-server-html": { -"title": "Upgrade Passbolt from v1 to Pro on the same server", -"category": "", -"content": "WARNING This involves an outdated version, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into Passbolt Pro on the same server. If you want to use a new server, follow this link. Important: Please take a full backup of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database. System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian,...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-same-server.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-v1-new-server-html": { -"title": "Upgrade Passbolt from v1 to Pro on a new server", -"category": "", -"content": " This tutorial will be available soon. Last updated This article was last updated on April9th,2018. Are you experiencing issues with Passbolt Pro Edition? Contact Pro support or ask the community ", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-new-server.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-source-html": { -"title": "Upgrade Passbolt from CE source install to Pro", -"category": "", -"content": "This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro. Important: Please take a full backup of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database. You may want to consider moving to one of our packages before upgrading to Pro. System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP >= 7.4.0 MariaDB >= 10.3 /Mysql >= 5.7 Composer >=...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-source.html" -}, -"hosting-upgrade-pro-upgrade-pro-from-ce-v2-html": { -"title": "Upgrade Passbolt from community edition v2 to Pro", -"category": "", -"content": "WARNING This involves an outdated version, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING This tutorial covers the case where you want to upgrade your current instance of passbolt CE v2.x into Passbolt Pro. Important: Please take a full backup of your Passbolt CE before proceeding with the upgrade. Backup should include passbolt files as well as the database. System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP...", -"url": "https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v2.html" -}, -"hosting-backup-from-source-html": { -"title": "Backing up a passbolt installation", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: 1. The database We made a dedicated command in...", -"url": "https://help.passbolt.com/hosting/backup/from-source.html" -}, -"hosting-upgrade-ce-upgrade-ce-html": { -"title": "Upgrade Passbolt CE from v1 to v2", -"category": "", -"content": "WARNING This involves outdated versions, v3.x is the current version. You will likely want to contact us at contact@passbolt.com for assistance with this. WARNING This tutorial covers the case where you want to upgrade your current instance of passbolt CE v1.x into passbolt CE v2.x. Important: Please take a full backup of your passbolt before proceeding with the upgrade. Backup should include passbolt files as well as the database. System requirements Passbolt is reported to work on a large variety of operating system configurations.Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration,please check the forum.Maybe someone else has had your issue. If not, make a post and the community will try to help you. Any Unix-like major distribution (Debian, Centos, Ubuntu, *BSD) A webserver (Apache or Nginx) A TLS server certificate for HTTPS PHP >=...", -"url": "https://help.passbolt.com/hosting/upgrade/ce/upgrade-ce.html" -}, -"hosting-backup-backup-v1-html": { -"title": "Backing up a passbolt installation (v1)", -"category": "", -"content": "Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores importantinformation, it is equally important to have a backup strategy in place. As a passbolt administrator it is your responsibility to define how often and when to perform backups.Please automate and customize this process to match the needs and policies of your organization. Here are some best practices to keep in mind: Ensure that the backups are taken at intervals that match your usage Take these backups off-site, or to another environment than the live one Make sure the backup is encrypted and stored in a safe location Practice drills and test the backups to make sure they work What to backup? If you are a PRO user, ensure you have a backup of your subscription key. There are also several elements you need to backup: 1. The database This can be easily scripted using...", -"url": "https://help.passbolt.com/hosting/backup/backup-v1.html" -}, -"hosting-install-v1-html": { -"title": "Install passbolt API version 1", -"category": "hosting", -"content": "Passbolt is reported to work on a large variety of operating system configurations. Therefore this help page is a generic guide that should work for most environments. If you run into any issues with your particular configuration, please check the forum. Maybe someone else has had your issue. If not, make a post and the community will try to help you. Other community guides If you are looking for more system specific step by step guides please check out the following resources: Debian 8 “Jessy” with Apache, MariaDB and PHP 5 (by Passbolt) CentOS 7 with Nginx, MariaDB and PHP7 (by Passbolt) CentOS 7 with Apache, MariaDB and PHP 7 (by Wobak) FreeBSD 10.3, Apache, Mysql 5.7, PHP 5.6 (by Patpro) OpenBSD 6.1, Nginx, MariaDB, PHP 5.6/7.0 (by AuthBSD) Environment setup and baseline requirements Operating system We recommend you install passbolt on stable Unix-like operating system distributions such as Debian,...", -"url": "https://help.passbolt.com/hosting/install-v1.html" -}, -"hosting-update-update-v1-html": { -"title": "Update passbolt server component (v1)", -"category": "", -"content": "Which update process to follow? Each passbolt release follows the concept of Semantic Versioning. Given a version number MAJOR.MINOR.PATCH, we increment as follow: PATCH version when we make backwards-compatible bug fixes. So let’s say you are running passbolt v1.3.2 and the latest one available is v1.3.7 you will need to perform a patch update. MINOR version when we add functionality in a backwards-compatible manner. Similarly say you have passbolt v1.2.0 installed and the latest version available is v1.3.2, you will need to perform a minor version update. MAJOR version when incompatible API changes are made. You get the deal for major version update: that would mean going from v1.3.7 to v2.0.0 for example. Where to find the latest release version number? You can find information about which version is the latest in the release notes. It is generally a good idea to check these notes before running an update. You...", -"url": "https://help.passbolt.com/hosting/update/update-v1.html" -}, -"tech-auth-html": { -"title": "Authentication in passbolt", -"category": "tech", -"content": "Passbolt instead of a classic form based authentication perform a challenge based authentication based on OpenPGP keys set during the setup. The aim of this document is to help explain how this authentication process works to facilitate review and discussions as well as future integration with other products. Our goals were both to improve the security and usability of the overall solution, e.g. reuse the existing OpenPGP facilities of passbolt to avoid having the user remember another password than their passphrase. Form based authentication While some web application today defer to another service such as Google or Facebook to handle the authentication, most still support a form based authentication by default. The process goes as follow: fig. Sequence diagram of a form based authentication During the registration, the password is sent (ideally over HTTPS) to the server. This password is then salted and hashed using bcrypt (or equivalent) and stored...", -"url": "https://help.passbolt.com/tech/auth.html" -} + }; diff --git a/docs/sitemap.xml b/docs/sitemap.xml index f04735172..c703c38c6 100644 --- a/docs/sitemap.xml +++ b/docs/sitemap.xml @@ -1,1076 +1,188 @@ -https://help.passbolt.com/faq/configure/enable-disable-import-export-plugins -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/configure/performance-tweaks -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/configure/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/contribute/code-contribution -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/feature-request -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/financial-contribution -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/support-us -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/bug-report -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/design-contribution -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/code-of-conduct -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/contribute/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/discover/what-is-passbolt -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/why -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/how-does-it-work -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/how-is-different -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/is-sharing-password-a-bad-practice -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/can-i-use-passbolt-as-personal-password-manager -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/why-an-extension -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/are-we-there-yet -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/discover/feature-priority -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/discover/where-can-i-login -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/discover/where-to-get-help -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/discover/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-install -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-backup -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-update -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/hosting-requirements -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/where-to-host -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/installation-issue-help -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/legal/which-license -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/commercial-use -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/review-modify-share -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/how-to-sign-cla -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/where-is-cla -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/why-cla -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/legal/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/security/security-vulnerability -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/what-is-encrypted -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/encryption-tech -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/authentication -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/javascript-security -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/is-open-source-secure -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/revocation-certificate -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/public-key-trust -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/security-token -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/faq/start/browser-extensions -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/account-setup -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/registration-token-expired -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/profile-picture -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/copy-to-clipboard -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/create-edit-delete-password -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/account-basics -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/share-password -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/why-unsafe -2017-03-03T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/why-email-not-sent -2018-03-14T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/import-passwords -2018-04-23T02:00:00+02:00 - - -https://help.passbolt.com/faq/hosting/why-haveged-virtual-env -2019-03-29T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/update-evaluation-subscription-key -2019-05-27T02:00:00+02:00 - - -https://help.passbolt.com/faq/configure/why-am-i-getting-ldap-synchronization-issues -2020-08-09T02:00:00+02:00 - - -https://help.passbolt.com/contribute/translation -2021-05-10T02:00:00+02:00 - - -https://help.passbolt.com/faq/security/change-passphrase -2021-11-08T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-increase-auto-logout-time -2021-11-23T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/firewall-rules -2021-11-23T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-generate-jwt-key-pair-manually -2021-11-23T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/troubleshoot-docker -2021-12-15T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/compromised-secret-key -2021-12-15T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-migrate-from-http-to-https -2021-12-27T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-use-rootless-images -2021-12-30T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-import-ssl-certificate-on-mobile -2022-01-05T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/troubleshoot-ssl -2022-01-06T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-rotate-server-gpg-keys -2022-01-21T01:00:00+01:00 - - -https://help.passbolt.com/faq/security/how-to-extend-user-expired-key -2022-01-21T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/mobile-faq -2022-02-02T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/how-to-install-passbolt-non-interactive -2022-03-02T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/disable-built-in-password-manager -2022-03-11T01:00:00+01:00 - - -https://help.passbolt.com/faq/start/how-to-use-tags -2022-05-02T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/roles-and-permissions-faq -2022-05-02T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/roles-and-permissions -2022-05-02T02:00:00+02:00 - - -https://help.passbolt.com/faq/security/is-passbolt-secure -2022-05-23T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/account-recovery/subscribe -2022-07-28T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/account-recovery/review-request -2022-07-28T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/generate-openpgp-key -2022-07-28T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/passphrase-recovery -2022-08-02T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/account-recover -2022-08-02T02:00:00+02:00 - - -https://help.passbolt.com/faq/hosting/troubleshoot-helm -2022-11-23T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/set-up-ntp -2022-12-05T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/docker-secrets -2023-01-16T01:00:00+01:00 - - -https://help.passbolt.com/configure/self-registration -2023-02-15T01:00:00+01:00 - - -https://help.passbolt.com/faq/hosting/logs -2023-05-22T02:00:00+02:00 - - -https://help.passbolt.com/faq/security/code-review -2023-08-25T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/export-passwords -2023-10-03T02:00:00+02:00 - - -https://help.passbolt.com/faq/start/ -2024-03-15T15:52:30+01:00 - - -https://help.passbolt.com/incidents/20170210_chrome_not_available -2017-02-10T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20170914_xss_on_resource_urls -2017-09-14T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20171013_passphrase_information_leakage -2017-10-13T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20171228_content_scripts_malicious_domain -2017-12-28T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20180508_password_generator_prng -2018-05-08T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20180509_nginx_webroot_configuration -2018-05-09T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20181109_gke_incident -2018-11-09T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20190211_multiple_vulnerabilities -2019-02-11T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20190807_multiple_vulnerabilities -2019-08-07T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20191126_autofill_suggestions -2019-11-26T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20210210_v3_webextension_issues -2021-02-10T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20210419_PBL01_Cure53_report -2021-10-19T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20211124_PBL_06_008_v331_Cure53_report -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/incidents/220211215_Clout-outage -2021-12-15T01:00:00+01:00 - - -https://help.passbolt.com/incidents/220220118_PBL-06-security-audit-results -2022-01-19T01:00:00+01:00 - - -https://help.passbolt.com/incidents/20220920_spell-jacking -2022-09-20T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20230404_android-app-unlisted -2023-04-05T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20230426_sending-unencrypted-description -2023-04-26T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20230701_cloud-outage -2023-07-03T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20230710_PBL-08-security-audit-results -2023-07-10T02:00:00+02:00 - - -https://help.passbolt.com/incidents/20230911_PBL-09-security-audit-results -2023-09-11T02:00:00+02:00 - - -https://help.passbolt.com/tech/auth.html -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/update-v1.html -2017-01-20T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install-v1.html -2017-03-20T01:00:00+01:00 - - -https://help.passbolt.com/hosting/backup/backup-v1.html -2017-06-15T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/ce/upgrade-ce.html -2018-03-14T01:00:00+01:00 - - -https://help.passbolt.com/hosting/backup/from-source.html -2018-03-14T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v2.html -2018-04-03T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-source.html -2018-04-03T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-new-server.html -2018-04-09T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-same-server.html -2018-04-09T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-v1-docker.html -2018-04-09T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/ce/upgrade-docker-ce.html -2018-04-10T02:00:00+02:00 - - -https://help.passbolt.com/configure/ldap/ldap-from-configuration-file.html -2018-09-07T02:00:00+02:00 - - -https://help.passbolt.com/hosting/install/pro/wizard.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/install-scripts.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/centos-7-from-source.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/debian-9-stretch.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/ubuntu-18-04-bionic-beaver.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/centos-7-from-source.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/ubuntu-18-04-bionic-beaver.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/from-source.html -2018-11-13T01:00:00+01:00 - - -https://help.passbolt.com/configure/mfa/totp.html -2018-11-15T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/digital-ocean -2019-03-01T01:00:00+01:00 - - -https://help.passbolt.com/configure/notification/email -2019-05-22T02:00:00+02:00 - - -https://help.passbolt.com/hosting/install/ce/aws.html -2019-08-07T02:00:00+02:00 - - -https://help.passbolt.com/hosting/install/pro/debian-9-stretch.html -2019-08-09T02:00:00+02:00 - - -https://help.passbolt.com/configure/ldap/ldap-with-ssl.html -2020-02-07T01:00:00+01:00 - - -https://help.passbolt.com/configure/email/setup.html -2020-03-06T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/vm.html -2021-02-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-to-ubuntu.html -2021-02-03T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/source.html -2021-02-08T01:00:00+01:00 - - -https://help.passbolt.com/hosting/backup/debian.html -2021-02-10T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce.html -2021-02-10T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-ubuntu.html -2021-02-10T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-to-ubuntu.html -2021-02-12T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/aws.html -2021-08-11T02:00:00+02:00 - - -https://help.passbolt.com/hosting/backup/ubuntu.html -2021-09-16T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-ubuntu-server.html -2021-09-16T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-ubuntu-server.html -2021-09-16T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-virtual-machine.html -2021-09-16T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-docker.html -2021-09-29T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-docker.html -2021-09-29T02:00:00+02:00 - - -https://help.passbolt.com/hosting/backup/docker.html -2021-10-01T02:00:00+02:00 - - -https://help.passbolt.com/configure/ldap/setup.html -2021-10-11T02:00:00+02:00 - - -https://help.passbolt.com/configure/ldap/ldap-common-sync-error-messages.html -2021-10-11T02:00:00+02:00 - - -https://help.passbolt.com/hosting/update/install-scripts.html -2021-10-19T02:00:00+02:00 - - -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-debian.html -2021-11-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-debian-server.html -2021-11-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-debian-server.html -2021-11-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-to-debian.html -2021-11-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-to-debian.html -2021-11-02T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/from-debian-10-to-debian-11-ce.html -2021-11-03T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/from-debian-10-to-debian-11-pro.html -2021-11-03T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/debian-10-buster.html -2021-11-22T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/debian-10-buster.html -2021-11-22T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu-20-04.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/ubuntu/ubuntu-20-04.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/centos-8.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/oraclelinux-7.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/redhat-7.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/centos-8.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/oraclelinux-7.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/redhat-7.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/backup/package.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/2021/11/24/Debian11-ce.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/2021/11/24/Debian11.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/almalinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/centos.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/oraclelinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/redhat.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/rockylinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/almalinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/centos.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/oraclelinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/redhat.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/rockylinux.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/opensuse.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/ce/fedora.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/install/pro/fedora.html -2021-11-24T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/centos-7.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/oraclelinux-7.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/redhat-7.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/ubuntu-package.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/debian-package.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/almalinux.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/centos.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/oraclelinux.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/redhat.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/rockylinux.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/raspberry.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/opensuse.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/update/fedora.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-almalinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-oraclelinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-redhat-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-rockylinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-almalinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-oraclelinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-redhat-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-rockylinux-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-to-centos.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-to-centos.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-fedora-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-fedora-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-centos-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-centos-server.html -2021-11-26T01:00:00+01:00 - - -https://help.passbolt.com/configure/https/pro/debian/auto.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/code-contribution +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/pro/debian/manual.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/feature-request +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/debian/manual.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/financial-contribution +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/debian/auto.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/support-us +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/pro/docker/manual.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/bug-report +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/docker/manual.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/design-contribution +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/pro/rpm.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/code-of-conduct +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/rpm.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/contribute/ +2024-03-20T17:06:34+01:00 -https://help.passbolt.com/configure/database/credentials.html -2021-12-16T01:00:00+01:00 +https://help.passbolt.com/faq/ +2024-03-20T17:06:34+01:00 -https://help.passbolt.com/configure/https/pro/docker/auto.html -2021-12-30T01:00:00+01:00 +https://help.passbolt.com/faq/security/security-vulnerability +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/docker/auto.html -2021-12-30T01:00:00+01:00 +https://help.passbolt.com/faq/security/what-is-encrypted +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/environment/reference.html -2021-12-30T01:00:00+01:00 +https://help.passbolt.com/faq/security/encryption-tech +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/install/ce/raspberry.html -2022-01-06T01:00:00+01:00 +https://help.passbolt.com/faq/security/authentication +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/install/pro/raspberry.html -2022-01-06T01:00:00+01:00 +https://help.passbolt.com/faq/security/javascript-security +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/configure/mfa/yubikey.html -2022-02-02T01:00:00+01:00 +https://help.passbolt.com/faq/security/is-open-source-secure +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/install/pro/helm.html -2022-02-06T01:00:00+01:00 +https://help.passbolt.com/faq/security/revocation-certificate +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/install/ce/opensuse.html -2022-02-07T01:00:00+01:00 +https://help.passbolt.com/faq/security/public-key-trust +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/upgrade/ce/migrate-existing-ce-to-opensuse-server.html -2022-02-11T01:00:00+01:00 +https://help.passbolt.com/faq/security/security-token +2017-01-20T01:00:00+01:00 -https://help.passbolt.com/hosting/upgrade/pro/migrate-existing-pro-to-opensuse-server.html -2022-02-11T01:00:00+01:00 +https://help.passbolt.com/contribute/translation +2021-05-10T02:00:00+02:00 -https://help.passbolt.com/hosting/update/docker.html -2022-02-21T01:00:00+01:00 +https://help.passbolt.com/faq/security/change-passphrase +2021-11-08T01:00:00+01:00 -https://help.passbolt.com/hosting/upgrade/pro/upgrade-pro-from-ce-docker.html -2022-02-21T01:00:00+01:00 +https://help.passbolt.com/faq/security/compromised-secret-key +2021-12-15T01:00:00+01:00 -https://help.passbolt.com/configure/https/pro/ova/auto.html -2022-03-21T01:00:00+01:00 +https://help.passbolt.com/faq/security/how-to-extend-user-expired-key +2022-01-21T01:00:00+01:00 -https://help.passbolt.com/configure/https/ce/aws/auto.html -2022-03-29T02:00:00+02:00 +https://help.passbolt.com/faq/security/is-passbolt-secure +2022-05-23T02:00:00+02:00 -https://help.passbolt.com/configure/https/pro/aws/auto.html -2022-03-29T02:00:00+02:00 +https://help.passbolt.com/faq/security/code-review +2023-08-25T02:00:00+02:00 -https://help.passbolt.com/configure/https/ce/digital-ocean/auto.html -2022-03-29T02:00:00+02:00 +https://help.passbolt.com/faq/security/ +2024-03-20T17:06:34+01:00 -https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu.html -2022-07-11T02:00:00+02:00 +https://help.passbolt.com/incidents/20170210_chrome_not_available +2017-02-10T01:00:00+01:00 -https://help.passbolt.com/hosting/install/pro/ubuntu/ubuntu.html -2022-07-11T02:00:00+02:00 +https://help.passbolt.com/incidents/20170914_xss_on_resource_urls +2017-09-14T02:00:00+02:00 -https://help.passbolt.com/configure/account-recovery.html -2022-08-05T02:00:00+02:00 +https://help.passbolt.com/incidents/20171013_passphrase_information_leakage +2017-10-13T02:00:00+02:00 -https://help.passbolt.com/configure/sso/google.html -2023-01-18T01:00:00+01:00 +https://help.passbolt.com/incidents/20171228_content_scripts_malicious_domain +2017-12-28T01:00:00+01:00 -https://help.passbolt.com/configure/mfa/duo.html -2023-02-06T01:00:00+01:00 +https://help.passbolt.com/incidents/20180508_password_generator_prng +2018-05-08T02:00:00+02:00 -https://help.passbolt.com/hosting/install/ce/docker.html -2023-02-06T01:00:00+01:00 +https://help.passbolt.com/incidents/20180509_nginx_webroot_configuration +2018-05-09T02:00:00+02:00 -https://help.passbolt.com/hosting/install/pro/docker.html -2023-02-06T01:00:00+01:00 +https://help.passbolt.com/incidents/20181109_gke_incident +2018-11-09T01:00:00+01:00 -https://help.passbolt.com/hosting/install/ce/helm.html -2023-02-06T01:00:00+01:00 +https://help.passbolt.com/incidents/20190211_multiple_vulnerabilities +2019-02-11T01:00:00+01:00 -https://help.passbolt.com/configure/email/smtp-authentication.html -2023-02-26T01:00:00+01:00 +https://help.passbolt.com/incidents/20190807_multiple_vulnerabilities +2019-08-07T02:00:00+02:00 -https://help.passbolt.com/configure/sso/azure.html -2023-03-15T01:00:00+01:00 +https://help.passbolt.com/incidents/20191126_autofill_suggestions +2019-11-26T01:00:00+01:00 -https://help.passbolt.com/hosting/install/ce/debian/debian.html -2023-06-29T02:00:00+02:00 +https://help.passbolt.com/incidents/20210210_v3_webextension_issues +2021-02-10T01:00:00+01:00 -https://help.passbolt.com/hosting/install/pro/debian/debian.html -2023-06-29T02:00:00+02:00 +https://help.passbolt.com/incidents/20210419_PBL01_Cure53_report +2021-10-19T02:00:00+02:00 -https://help.passbolt.com/hosting/upgrade/ce/from-debian-11-to-debian-12-ce.html -2023-06-29T02:00:00+02:00 +https://help.passbolt.com/incidents/20211124_PBL_06_008_v331_Cure53_report +2021-11-24T01:00:00+01:00 -https://help.passbolt.com/hosting/upgrade/pro/from-debian-11-to-debian-12-pro.html -2023-06-29T02:00:00+02:00 +https://help.passbolt.com/incidents/220211215_Clout-outage +2021-12-15T01:00:00+01:00 -https://help.passbolt.com/configure/rbac.html -2023-07-05T02:00:00+02:00 +https://help.passbolt.com/incidents/220220118_PBL-06-security-audit-results +2022-01-19T01:00:00+01:00 -https://help.passbolt.com/configure/user-passphrase-policies.html -2023-09-13T02:00:00+02:00 +https://help.passbolt.com/incidents/20220920_spell-jacking +2022-09-20T02:00:00+02:00 -https://help.passbolt.com/configure/password-policies.html -2023-09-14T02:00:00+02:00 +https://help.passbolt.com/incidents/20230404_android-app-unlisted +2023-04-05T02:00:00+02:00 -https://help.passbolt.com/configure/totp/time-based-one-time-password-mobile.html -2023-10-04T02:00:00+02:00 +https://help.passbolt.com/incidents/20230426_sending-unencrypted-description +2023-04-26T02:00:00+02:00 -https://help.passbolt.com/configure/totp/time-based-one-time-password-ui.html -2023-10-04T02:00:00+02:00 +https://help.passbolt.com/incidents/20230701_cloud-outage +2023-07-03T02:00:00+02:00 -https://help.passbolt.com/configure/ldap/ldap-filters.html -2023-11-30T01:00:00+01:00 +https://help.passbolt.com/incidents/20230710_PBL-08-security-audit-results +2023-07-10T02:00:00+02:00 -https://help.passbolt.com/configure/windows-app.html -2023-11-30T01:00:00+01:00 +https://help.passbolt.com/incidents/20230911_PBL-09-security-audit-results +2023-09-11T02:00:00+02:00 https://help.passbolt.com/releases/ce/v105-moveonup @@ -1664,9 +776,6 @@ https://help.passbolt.com/api/authentication -https://help.passbolt.com/hosting/backup - - https://help.passbolt.com/api/comments/create @@ -1745,31 +854,19 @@ https://help.passbolt.com/api/groups -https://help.passbolt.com/configure/https +https://help.passbolt.com/extend/ -https://help.passbolt.com/releases/ce/ +https://help.passbolt.com/releases/pro/ -https://help.passbolt.com/legal/ +https://help.passbolt.com/releases/ce/ https://help.passbolt.com/releases/ -https://help.passbolt.com/discover/ - - -https://help.passbolt.com/configure/docker/ - - -https://help.passbolt.com/configure/ - - -https://help.passbolt.com/tech/ - - -https://help.passbolt.com/hosting/ +https://help.passbolt.com/contribute/ https://help.passbolt.com/incidents/ @@ -1778,27 +875,9 @@ https://help.passbolt.com/ -https://help.passbolt.com/contribute/ - - -https://help.passbolt.com/extend/ - - -https://help.passbolt.com/releases/pro/ - - -https://help.passbolt.com/start/ - - https://help.passbolt.com/api -https://help.passbolt.com/hosting/install - - -https://help.passbolt.com/configure/mfa - - https://help.passbolt.com/api/permissions/read @@ -1844,18 +923,6 @@ https://help.passbolt.com/api/secrets -https://help.passbolt.com/configure/sso - - -https://help.passbolt.com/configure/totp - - -https://help.passbolt.com/hosting/update - - -https://help.passbolt.com/hosting/upgrade - - https://help.passbolt.com/api/users/create @@ -1878,38 +945,38 @@ https://help.passbolt.com/assets/files/PBL-01-report.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:48+02:00 https://help.passbolt.com/assets/files/PBL-02-report.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:48+02:00 https://help.passbolt.com/assets/files/PBL-03-report.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:55+02:00 https://help.passbolt.com/assets/files/PBL-05-report.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:48+02:00 https://help.passbolt.com/assets/files/PBL-06-report.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:55+02:00 https://help.passbolt.com/assets/files/PBL-07-report.pdf -2023-01-23T15:16:49+01:00 +2022-08-12T10:44:30+02:00 https://help.passbolt.com/assets/files/PBL-08-report.pdf -2023-11-17T11:16:27+01:00 +2023-07-13T09:40:03+02:00 https://help.passbolt.com/assets/files/PBL-09-report.pdf -2024-02-09T15:30:50+01:00 +2023-09-11T16:08:00+02:00 https://help.passbolt.com/assets/files/Security%20White%20Paper%20-%20Passbolt%20Pro%20Edition.pdf -2023-01-23T15:16:49+01:00 +2022-04-19T14:07:48+02:00 diff --git a/docs/start/index.html b/docs/start/index.html deleted file mode 100644 index cda420bfa..000000000 --- a/docs/start/index.html +++ /dev/null @@ -1,299 +0,0 @@ - - - - - Passbolt Help | Get started with passbolt - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - - - - - - - -
    -
    -

    Getting started

    -
    -
    -
    - - -
    - - - - - - Get started using passbolt - Frequently asked questions during first time use. - -
    - - -
    - - - - - - Browser extension - How to install and remove the browser extensions. - -
    - - -
    - - - - - - Password basics - Creating, editing, sharing and deleting passwords - -
    - - -
    - - - - - - Sharing passwords - Sharing is caring (but only if you really have to). - -
    - - -
    - - - - - - Roles and permissions - Information about the roles and permissions system of passbolt. - -
    - - -
    - - - - - - Forum - When in doubt, you can also ask the community! - -
    - -
    - - - - - - - - - - - - - -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/docs/tech/auth.html b/docs/tech/auth.html deleted file mode 100644 index 2bb13f6fd..000000000 --- a/docs/tech/auth.html +++ /dev/null @@ -1,424 +0,0 @@ - - - - - Passbolt Help | Authentication in passbolt - - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - - - - - - - - - - - - - - - - - - - - - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -

    Authentication in passbolt

    -
    -
    - -
    -
    - -

    Passbolt instead of a classic form based authentication perform a challenge based authentication based on OpenPGP -keys set during the setup.

    - -

    The aim of this document is to help explain how this authentication process works to facilitate review and -discussions as well as future integration with other products.

    - -

    Our goals were both to improve the security and usability of the overall solution, e.g. reuse the existing - OpenPGP facilities of passbolt to avoid having the user remember another password than their passphrase.

    - -

    Form based authentication

    - -

    While some web application today defer to another service such as Google or Facebook to handle the authentication, -most still support a form based authentication by default.

    - -

    The process goes as follow:

    - -
    - Sequence diagram of a form based authentication - fig. Sequence diagram of a form based authentication -
    - -

    During the registration, the password is sent (ideally over HTTPS) to the server. This password is then salted -and hashed using bcrypt (or equivalent) and stored for further use by the server. A salt known only by this -application instance is used to prevent brute force in case the password’s hashes get leaked (via a sql injection -for example).

    - -

    During login is sent in a similar fashion than the setup, the server hash it and compare it with the stored -version. If they match the server store a session token that is send back as a cookie (or url parameter) and -set on the client side. This cookie is produced by the client for each requests for the duration of the session -(until the cookie expires, the user logout or the server terminate the session).

    - -

    The problem with the form based approach

    - -

    The main issue is one of usability. Using this approach for passbolt would mean that a user would need to -remember another password on top of their private key password. This negates the benefits of having a password manager.

    - -

    We would also store the password in the authentication plugin. But this would complicate our requirements as it -would introduce the need for passbolt user account password creation, update and recovery.

    - -

    Another big issue is the inability for the user to reset their password using an email verification, in case the -password to the email client is stored in passbolt.

    - -

    Other issues are not specific to passbolt but still worth trying to fix with with another approach:

    - -
      -
    • Phishing: it is possible for an attacker to mimic the passbolt login page and trick a user into entering -their credentials. Traditional form based authentication do not perform server identity verification: it is the -responsibility of the user to verify if the URL is correct and SSL certificates are valid.
      • -
    • Password quality: password fatigue generally leads to password reuse, poor rotation and weak strength. -Validation can be implemented server side to improve password quality but only by placing an additional burden -on the user.
      • -
    - -

    GPGAuth based authentication

    - -

    This process will follow the gpgAuth protocol. This authentication mechanism uses Public/Private keys to authenticate users to a web application. The process works by the two-way exchange of encrypted and signed tokens between the user and the service.

    - -

    The authentication process is as follow:

    - -
    - Sequence diagram of a GPGAuth based authentication - fig. Sequence diagram of a GPGAuth based authentication -
    - -

    Verify steps

    - -
      -
    1. The client generates an encrypted token of random data (encrypted with the server public key), and stores -the unencrypted version locally.
      2. -
    2. That encrypted token is sent to the server along with the user key fingerprint.
      3. -
    3. Based on the user key fingerprint the server check if the user exist and is active. If it is the case the -server decrypts the nonce and check if it is in the valid format.
      4. -
    4. The server sends back the decrypted nonce.
      5. -
    5. The client check if the nonce match the previously recorded one. If it does not match the client warns the -user that the server identity cannot be verified.
      6. -
    - -
    -

    - This server identity verification should not be understood as an end to end server authentication, - e.g. it does not protect against an attacker performing a man in the middle attack. View the discussion - around this topic on the - community forum. - -

    - -
    - -

    Login steps

    - -
      -
    1. The user sends their key fingerprint.
      2. -
    2. The server checks to see if the fingerprint and user associated with are valid. It then generates an -encrypted token of random data, and stores the unencrypted version locally.
      3. -
    3. The server sends the unencrypted signed user token, and the encrypted server token to the user.
      4. -
    4. The user enter their private key passphrase, the client decrypt the nonce and check the token format.
      5. -
    5. The client send back the decrypted nonce along with the user key fingerprint.
      6. -
    6. The server compares the un-encrypted signed token sent from the client to make sure it matches. If the -server is satisfied, the authentication is completed as with a normal form based login: session is started.
      7. -
    - -

    Notes and remarks

    - -
      -
    • As per protocol definition the server key verification steps are optional but recommended all our client -enforce it by default.
      • -
    • We decided to stick to the historical version of the protocol for now, but in the future we may try to reduce -the number of HTTP request: e.g. currently one can not request nonce1 in the verify step. So with the verify -step a total of 3 POST are needed. The whole protocol could probably be simplified to single GET/POST roundtrip, -like for form based auth.
      • -
    • There is also an optional “step 0” where the user perform a GET /auth/verify request. -This can be used to get the URLs of the server public key and server verification, or to view the public key -advertised by the server.
      • -
    - -

    Benefits

    - -

    On top of the usability benefit of not having to remember an additional password we note the following additional benefits are made available:

    - -
      -
    • Phishing: this risk is mitigated because the client does not enter a password, e.g. getting the secret key -passphrase alone would not allow an attacker to login. Since the client can verify the server identity based on -server key (manually added to the keyring), it is not enough for an attacker to fake a form and domain.
      • -
    • Password quality: the strength of the authentication token is stronger than a classic password, since a -different “password” is also used every time and is not linked the private key master password complexity.
      • -
    - -

    Residual risks and drawbacks

    - -

    There are still risks with the chosen solution:

    - -
      -
    • Server: integrity and verification of client public key validity. A server could be tricked into storing the -wrong client public key. To prevent this the server must check the validity automatically via OpenPGP web of trust -and/or by checking against public key servers and/or there must be a manual check by an administrator. This check -is not in place at the moment.
      • -
    • Server: DDOS. Since encrypt / sign operations are more costly than the password hashing operations in a -“normal” form based login, these endpoints could potentially be used to create a denial of service. To mitigate -that risks we throttle attempts, e.g. limit the number of attempt over time. This check is not in place at the moment.
      • -
    • Server: information leak about user base. An attacker can find out if a user have an account on the server -by requesting an encrypted nonce and receiving an error. We also leak information in the header to improve usability -and provide better error messages: for example to tell a user that their account was delete for example.
      • -
    • Client: integrity and verification of server public key. The client could be tricked into storing invalid -server key. To prevent this the client must check the validity (as in previous case) during the setup. Similarly -during the setup the client must also check domain / key mapping in case someone is creating a real key with a -fake but very similar domain url. This is implemented at the moment, but could certainly be improved as the end -user can still make a mistake and not check properly.
      • -
    • Client/Server: the client/server can be tricked into decrypting and returning/signing wrong data, for -example an email previously captured by an attacker. To mitigate this the encrypted format message is fixed -(e.g. a UUID) and signed by the server.
      • -
    • Client: the authentication cookie can be stolen if SSL can be broken. This is not specific to this -authentication method, as form authentication is also vulnerable to this class of attack.
      • -
    • Both: Key revocation and expiracy. There is no facility at the moment to replace and revoke keys.
      • -
    - -
    -

    Last updated

    -

    This article was last updated on -January -20th, -2017.

    -
    - -
    -
    - -
    -

    See also:

    -

    - - - Cakephp authentication -

    -

    - - GPGAuth protocol -

    -

    - - GNU Privacy Guard -

    -

    - - API GpgAuth source -

    -

    - - - API GpgAuth unit tests -

    -
    -
    -

    - -
    - -
    -
    - -
    -
    -
    -
    - - - - -
    - - - - - - - - - \ No newline at end of file diff --git a/docs/tech/index.html b/docs/tech/index.html deleted file mode 100644 index 51f6e112e..000000000 --- a/docs/tech/index.html +++ /dev/null @@ -1,201 +0,0 @@ - - - - - Passbolt Help | All tech articles - - - - - - - - - - - - - - - - - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -

    Help Search

    -
    -
    -
    - - -
    - -
    -
    -
    -
    -
    - - Edit on github -
    -
    -
    - -
    -
    - -
    -
    -
    -
    -
    -
    - -
    -
    -
    - -

    More coming soon!

    -
    -
    -
    - - - - - -
    - - - - - - - - diff --git a/index.html b/index.html index 1c0191b5f..96c524b1c 100644 --- a/index.html +++ b/index.html @@ -9,14 +9,14 @@
    {% include breadcrumbs/default.html slug=page.slug %} - {% include cards/section-cards.html slug="discover" %} - {% include cards/section-cards.html slug="start" %} - {% include cards/section-cards.html slug="basics" %} - {% include cards/section-cards.html slug="hosting" %} - {% include cards/section-cards.html slug="configure" %} - {% include cards/section-cards.html slug="extend" %} - {% include cards/section-cards.html slug="contribute" %} - {% include cards/section-cards.html slug="legal" %} + +

    Welcome!

    + {% include messages/notice.html + content="Welcome help.passbolt.com the historical place for the product documentation. + The content of this website is currently being migrated here.
    + Thank you for your patience!" + %} + {% include cards/section-cards.html slug="introduction" %}