Skip to main content

RPM based manual HTTPS configuration

danger

If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.

Pro tips: In order to download their recovery kit, users can follow this dedicated guide

If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb or havaged setup questions and go for the nginx setup

MariaDB / Nginx / SSL settings

Passbolt CE RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

You must prepare your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

Launch passbolt-configure tool and answer to the questions:

sudo /usr/local/bin/passbolt-configure

Nginx

Please enter the domain name under which passbolt will run.

Note

This hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

=========
Hostname: passbolt.domain.tld
=========

SSL configuration

There are 3 choices available for SSL configuration:

  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
  • auto: Will issue a free SSL certificate with Let's Encrypt and set up nginx
  • none: Do not setup HTTPS at all
==================
Setting up SSL...
==================
1) manual
2) auto
3) none
#?

If you choose 1, you will be prompted for the full path of your certificates:

Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

===============================================================
Installation is almost complete. Please point your browser to
https://passbolt.domain.tld to complete the process
===============================================================

Reload nginx after finish the reconfigure to use the SSL configuration.

sudo systemctl reload nginx
warning

Finally, ensure fullBaseUrl value in /etc/passbolt/passbolt.php starts with https://.

And that’s it you should be able to reach your server on the domain you specified.