Better safe than sorry: I don't rely on cloud services. It comes at a cost, but it's quite rewarding to show the world another way exists.
Disclaimer: I don't give a sh*t about smartphones, so my needs are computer-centric.
Enough chit-chat, let's install.
My initial setup was a vanilla FreeBSD 10.3 install, so I've had to make everything. I won't replay every single step here, especially on the configuration side.
pkg install apache24 pkg install mod_php56 pkg install php56-gd pkg install pecl-memcached pkg install mysql57-server pkg install pecl-gnupg pkg install git pkg install php56-pdo_mysql pkg install sudo pkg install php56-openssl pkg install php56-ctype pkg install php56-filter
Everything else should come as a dependency.
Apache must allow
.htaccess, so you'll have to put an
AllowOverride All somewhere in your configuration. You must also load the Rewrite module. Also, go now for SSL (letsencrypt is free and supported). Non-SSL install of Passbolt are for demo purpose only.
Apache will also need to execute gnupg commands, meaning the
www user needs an extended
$PATH. The Apache startup script provided on FreeBSD sources Apache environment variables from
/usr/local/sbin/envvars and this very file sources every
/usr/local/etc/apache24/envvars.d/*.env, so I've created mine:
$ cat /usr/local/etc/apache24/envvars.d/path.env PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin
You also need to tune your MySQL server. If you choose the 5.7, you must edit it's configuration. Just add the following line into
[mysqld] section of
sql_mode = 'STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
This is due to a bug in Passbolt and could be useless in a not to distant future.
You can now follow the install recipe at https://www.passbolt.com/help/tech/install.
Generating the GPG key is quite straightforward but you have to keep in mind that Apache's user (
www) will need access to the keyring. So if you create this key and keyring with a different user, you'll have to
chown -R www the full
.gnupg directory somewhere
www can read it (outside
DocumentRoot is perfectly fine).
Use git to retrieve the application code into appropriate path (according to your Apache config):
cd /usr/local/www git clone https://github.com/passbolt/passbolt.git
Edit php files as per the documentation.
Beware the install script: make sure you
chown -R www the whole passbolt directory before using
On FreeBSD you won't be able to use
su to run the install script, because
www's account is locked. You can use
sudo -u www app/Console/cake install --no-admin
Same for the admin account creation:
sudo -u www app/Console/cake passbolt register_user -u firstname.lastname@example.org -f Pat -l Pro -r admin
Follow the end of the install doc, and you should be ok. Install the Firefox passbolt extension into your browser, and point to your server.
I'm pretty happy with passbolt so far. I'll have to install a proper production server, with SSL and all, but features are very appealing, the passbolt team is nice and responsive, and the roadmap is loaded with killing features. Yeah BRING ME 2FA \o/.