Migrate to a new RedHat Server
Prerequisites
For this tutorial, you will need:
- A minimal Red Hat 9 server.
- A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
- A working SMTP server for email notifications
- A working NTP service to avoid GPG authentication issues
The recommended server requirements are:
- 2 cores
- 2GB of RAM
FAQ pages:
It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server.
If you are going to manually provision SSL certificates you may want to do that before beginning!
Package repository setup
For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.
Step 1. Download our dependencies installation script:
curl -LO https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh
Step 2. Download our SHA512SUM for the installation script:
curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt
Step 3. Ensure that the script is valid and execute it:
sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.pro.sh
Install passbolt official linux package
sudo dnf install passbolt-pro-server
Importing GPG key 0xC155581D:
Userid : "Passbolt SA package signing key [email protected]"
Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
From : https://download.passbolt.com/pub.key
MariaDB / Nginx / SSL settings
Passbolt PRO RPM package on Red Hat 9 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.
You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.
Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.
Launch passbolt-configure
tool and answer to the questions:
sudo /usr/local/bin/passbolt-configure
MariaDB
================================================================
Do you want to configure a local mariadb server on this machine?
================================================================
1) yes
2) no
#?
Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.
If you chose yes, answer the questions:
=======================================================
Please enter a new password for the root database user:
=======================================================
MariaDB Root Password: ****
MariaDB Root Password (verify): ****
======================================================
Please enter a name for the passbolt database username
======================================================
Passbolt database user name:passboltuser
=======================================================
Please enter a new password for the mysql passbolt user
=======================================================
MariaDB passbolt user password: ****
MariaDB passbolt user password (verify): ****
==============================================
Please enter a name for the passbolt database:
==============================================
Passbolt database name:passboltdb
Haveged
On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.
You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.
==================
Install Haveged ?
==================
1) yes
2) no
#?
Nginx
Please enter the domain name under which passbolt will run.
Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let's encrypt if you don't have your own SSL certificates.
If you don't have a domain name and you do not plan to use let's encrypt please enter the ip address to access this machine.
=========
Hostname: passbolt.domain.tld
=========
SSL configuration
3 available choices for SSL configuration:
- manual: Prompts for the path of user uploaded ssl certificates and set up nginx
- auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
- none: Do not setup HTTPS at all
==================
Setting up SSL...
==================
1) manual
2) auto
3) none
#?
If you choose 1, you will be prompted for the full path of your certificates:
Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem
Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.
===============================================================
Installation is almost complete. Please point your browser to
https://passbolt.domain.tld to complete the process
===============================================================
Migrate data
Load the backup files into the new server, for the following tasks we will consider that the backup files are in your user home directory ~/backup
You should have:
- Your subscription key
- The private and public GPG keys
- Your database dump
- The avatar archive file
passbolt-avatars.tar.gz
if you are coming from Passbolt prior to 3.2
Step 1. Create the subscription key file
You received your subscription key by email, copy it as `/etc/passbolt/subscription_key.txt` on your server.
Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:
sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown nginx:nginx /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php
sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
Datasources
from /etc/passbolt/passbolt.php
Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:
sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc
Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)
sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public
Step 5. Load the database
mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql
Step 6. Import the server key
sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" nginx
Step 7. Migrate passbolt to the latest version
sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
Step 8. Test passbolt
Try to access your passbolt application with your browser.
If you are encountering any issues, you can run the following command to assess the status of your instance:
sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"