Passbolt is a free, open-source password manager that helps individuals and teams securely manage their passwords. In this tutorial, we will explain how to install Passbolt on FreeBSD Latest.
Before installing Passbolt, it is essential to update the system to its latest version. You can do this by running the following command:
sudo pkg update && sudo pkg upgrade
Passbolt requires a few dependencies to be installed before it can be installed itself. Install the required packages with the following command:
sudo pkg install -y bash git sudo nginx php74 php74-mysqli php74-openssl php74-curl php74-zip php74-gd php74-mbstring php74-ctype php74-tokenizer
Composer is a dependency manager for PHP. Passbolt uses it to manage its dependencies. Install Composer globally with the following command:
sudo pkg install -y composer
It is recommended to create a dedicated user for Passbolt for security purposes. Run the following command to create a user named "passbolt":
sudo adduser -c 'Passbolt User' -d /usr/local/www/passbolt -s /bin/csh passbolt
Download the latest version of Passbolt from the official website with the following command:
sudo su - passbolt -c "cd ~ && git clone https://github.com/passbolt/passbolt_ce.git passbolt"
Navigate to the Passbolt directory and install the dependencies with the following commands:
sudo su - passbolt -c "cd ~/passbolt && composer install"
Create an NGINX configuration file for Passbolt with the following command:
sudo nano /usr/local/etc/nginx/sites-available/passbolt
Paste the following configuration in the file:
server {
    listen 80;
    listen [::]:80;
    server_name passbolt.example.com;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name passbolt.example.com;
    add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload';
    ssl_certificate /usr/local/etc/ssl/certs/passbolt.example.com.crt;
    ssl_certificate_key /usr/local/etc/ssl/private/passbolt.example.com.key;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    client_max_body_size 100M;
    root /usr/local/www/passbolt/;
    index index.php;
    location / {
        try_files $uri $uri/ /index.php;
        expires 30d;
    }
    location ~ /(app|config|lib|plugins|tmp)/.*$ {
        deny all;
    }
    location ~ ^/img/(.*).(jpg|jpeg|gif|png|svg)$ {
        access_log off;
        expires 30d;
        add_header Cache-Control "public, max-age=31536000, immutable";
        try_files /img/$1.$2 =404;
    }
    location ~ ^/(index|register|verify|login|setup|installer|public|share)/.*$ {
        auth_basic "Restricted Content";
        auth_basic_user_file /usr/local/www/passbolt/app/webroot/.htpasswd;
        try_files $uri $uri/ /index.php?$uri&$args;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
    }
    location ~ ^/(js|css)/.*.php$ {
        return 404;
    }
    location ~ .php$ {
        try_files $uri /index.php?$args;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000;
        include fastcgi_params;
    }
}
Make sure to replace passbolt.example.com with your registered domain or subdomain name and update the SSL certificate file paths.
Create a symlink to enable the NGINX configuration with the following command:
sudo ln -s /usr/local/etc/nginx/sites-available/passbolt /usr/local/etc/nginx/sites-enabled/passbolt
Restart the NGINX service with the following command:
sudo service nginx restart
Create a new configuration file for Passbolt with the following command:
sudo su - passbolt -c "cd ~/passbolt/config && cp .env.template .env"
Edit the configuration file with the following command:
sudo nano ~/passbolt/config/.env
Update the following configurations:
PASSBOLT_BASE_DIR=/usr/local/www/passbolt
DATASOURCES_DEFAULT_HOST=localhost
DATASOURCES_DEFAULT_DATABASE=passbolt
DATASOURCES_DEFAULT_USERNAME=root
DATASOURCES_DEFAULT_PASSWORD=password
PASSBOLT_INSTALLER_SECURED_WAIT_TIME=OFF
Create a MySQL database for Passbolt with the following commands:
sudo mysql -u root -p
mysql> create database passbolt;
mysql> create user 'passbolt'@'localhost' identified by 'password';
mysql> grant all privileges on passbolt.* to 'passbolt'@'localhost';
mysql> exit
Make sure to replace password with a strong password.
Run the following command to initialize Passbolt:
sudo su - passbolt -c "cd ~/passbolt && ./bin/cake passbolt install --no-admin"
Run the following command to create an admin user for Passbolt:
sudo su - passbolt -c "cd ~/passbolt/bin && ./cake passbolt register_user -u admin@example.com -f FirstName -l LastName -r admin"
Make sure to replace admin@example.com with a valid email address.
Visit https://passbolt.example.com in your web browser, and you should see the login screen. Enter your admin username and password to log in and start using Passbolt!
Congratulations, you have successfully installed Passbolt!
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!