Skip to main content

Migrate to a new Debian Server

This document describes how to migrate an existing passbolt to a new Debian server.

Pre-requisites

For this tutorial, you will need:

  • Passbolt installed on an old server
  • A minimal Debian 12 new server

Backup the existing data

Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

Don’t delete the existing instance yet!

Prepare the new Debian server

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt CE and install it.

Step 1. Download our dependencies installation script:

wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh"

Step 2. Download our SHA512SUM for the installation script:

wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt

Step 3. Ensure that the script is valid and execute it:

sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh  || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.ce.sh

Install passbolt official linux package

sudo apt install passbolt-ce-server

Configure mariadb

If not instructed otherwise passbolt Debian package will install mariadb-server locally. This step will help you create an empty mariadb database for passbolt to use.

Configure database dialog
fig. Configure database dialog

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. By default in most installations the admin username would be root and the password would be empty.

Database admin user dialog
fig. Database admin user dialog
Database admin user pass dialog
fig. Database admin user pass dialog

Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.

Database passbolt user dialog
fig. Database passbolt user dialog
Database passbolt user dialog
fig. Database passbolt user pass dialog

Lastly we need to create a database for passbolt to use, for that we need to name it:

Database name dialog
fig. Database name dialog

Configure nginx for serving HTTPS

Depending on your needs there are two different options to setup nginx and SSL using the Debian package:

Migrate data

Load the backup files into the new server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

You should have:

  • The private and public GPG keys
  • Your database dump
  • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2

Step 1. Restore Passbolt configuration file and ensure rights and ownership are correct:

sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown www-data:www-data /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php
Pro tips: If you didn't use the old server database credentials while configuring MariaDB, you might want to update Datasources from /etc/passbolt/passbolt.php

Step 2. Restore GPG public and private keys and ensure rights and ownership are correct:

sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown www-data:www-data /etc/passbolt/gpg/serverkey_private.asc
sudo chown www-data:www-data /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc

Step 3. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public

Step 4. Load the database

mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql

Step 5. Import the server key

sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data

Step 6. Migrate passbolt to the latest version

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

Step 7. Test passbolt

Try to access your passbolt application with your browser.

If you are encountering any issues, you can run the following command to assess the status of your instance:

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"