OVA automatic HTTPS configuration
If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.
Pro tips: In order to download their recovery kit, users can follow this dedicated guide
This tutorial assumes your machine has a valid domain name assigned in order to work with Let’s Encrypt.
This configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default
Edit nginx configuration file
By default, our nginx configuration file ensure all domain names will match with our passbolt virtual machine but to obtain a valid Let’s Encrypt SSL certificate, you will have to manually set your passbolt domain name.
Open /etc/nginx/sites-enabled/nginx-passbolt.conf
and search for this line:
server_name _;
Replace the underscore with your passbolt domain name:
server_name passbolt.domain.tld;
Reconfigure passbolt
Execute this command:
sudo dpkg-reconfigure passbolt-pro-server
You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup
The passbolt debian based package currently supports the configuration of nginx. It comes with a default configuration that supports:
- Serving passbolt on port 80 (http)
- Serving passbolt on port 443 (https)
The following steps will guide you through the option that uses Let’s encrypt method to enable SSL.
After choosing yes you will be prompted with the following dialog where you can choose which method you prefer to configure SSL on nginx:
You will now need to introduce the name of the domain name assinged to your server:
Finally you will need to provide an email address for Let’s encrypt to notify you for renewals and other admin info:
If everything goes fine you should see a final message that points you to finish passbolt configuration:
Reload nginx after finish the reconfigure to use the SSL configuration.
sudo systemctl reload nginx
Finally, ensure fullBaseUrl
value in /etc/passbolt/passbolt.php
starts with https://
.
And that’s it you should be able to reach your server on the domain you specified.