Migrate from source to package on Debian
A Debian package has been created to increase the ease of installing and upgrading passbolt.
Pre-requisites
For this tutorial, you will need:
- A minimal Debian 12 server.
- Passbolt installed with the Debian install script.
1. Take down your site
It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects such as active users corrupting the data in the middle of an upgrade.
sudo systemctl stop nginx
2. Backup your instance
First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process.
3. Upgrade your system
Passbolt requires PHP 7.4 and supports PHP 8.2.
A full system upgrade to Debian 12 is necessary before installing the passbolt Debian package.
4. Install the package
Package repository setup
For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.
Step 1. Download our dependencies installation script:
curl -LO https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh
Step 2. Download our SHA512SUM for the installation script:
curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
Step 3. Ensure that the script is valid and execute it:
sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh --passbolt-migrate || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.pro.sh
Install passbolt official linux package
sudo apt install passbolt-pro-server
It is recommend at this point to select:
- No for configuration as it is already configured
- No to nginx configuration as we will do it at the end
5.1. Copy the server keys
Copy the GPG server keys as following:
sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
sudo chown -R root:www-data /etc/passbolt/gpg
sudo chmod g-w /etc/passbolt/gpg
5.2. Copy the passbolt configuration
Copy passbolt configuration as following:
sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
sudo chown root:www-data /etc/passbolt/passbolt.php
sudo chmod g-w /etc/passbolt/passbolt.php
If you are running mysql 8, please change the quoteIdentifiers
setting of the passbolt.php
as follow:
'quoteIdentifiers' => true
5.3. Copy the avatars
If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:
sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/
Copy the subscription key
Copy the subscription key as following:
sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt
sudo chown root:www-data /etc/passbolt/subscription_key.txt
sudo chmod g-w /etc/passbolt/subscription_key.txt
PHP-FPM
Edit /etc/php/8.2/fpm/pool.d/www.conf and look for the line that looks like this:
listen = 127.0.0.1:9000
Change it to look like this:
listen = /run/php/php8.2-fpm.sock
Due to a bug on the install scripts some installations might need to do an additional substitution on /etc/php/8.2/fpm/pool.d/www.conf:
Look for the line containing:
listen.group = _WWW_GROUP_
And change it to look like:
listen.group = www-data
Nginx
Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/
sudo rm /etc/nginx/conf.d/passbolt.conf
sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
Then, you can reconfigure the Debian package using:
sudo dpkg-reconfigure passbolt-pro-server
Answer the following way:
- No to configuration
- No to nginx configuration
You can then select the SSL method that suits best your needs.
Run the database migrations
Now it is time to run the migrations to upgrade the database schemas:
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
Cleanup
After you have checked you can access your new setup with the Debian package make a backup of /var/www/passbolt
and then you can delete it:
sudo rm -rf /var/www/passbolt
You may also want to check for the old CRON job that may need to be removed:
sudo crontab -u www-data
Bring your site back online
Finally take passbolt back up:
sudo systemctl start nginx
sudo systemctl restart php8.2-fpm