https://help.passbolt.com/hosting/install/ce/docker.html
This is still a WIP as I prepare to leave LastPass and host my own DB. I believe Passbolt recommends using a dedicated user, and I plan on using a dedicated VM. But, the below got me a running container, which was a good start!
WD=/opt/passbolt mkdir -p $WD/{setup,db,gpg,images,ssl} cd $WD/setup cat << 'EOF' >docker-compose.yaml version: '3.7' services: db: container_name: passboltdb image: mariadb:10.3 hostname: passboltdb ports: - '127.0.0.1:3306:3306' volumes: - type: bind source: /opt/passbolt/db/ target: /var/lib/mysql environment: - 'TZ=${TZ}' - 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}' - 'MYSQL_DATABASE=${MYSQL_DATABASE}' - 'MYSQL_USER=${MYSQL_USER}' - 'MYSQL_PASSWORD=${MYSQL_PASSWORD}' passbolt: container_name: passbolt image: passbolt/passbolt:2.13.5-debian hostname: passbolt tty: true depends_on: - db ports: - '8227:80' - '4742:443' volumes: - type: bind source: /opt/passbolt/gpg/ target: /root/.gnupg/ - type: bind source: /opt/passbolt/images/ target: /usr/share/php/passbolt/webroot/img - type: bind source: /opt/passbolt/ssl/ target: /etc/ssl/certs/ tmpfs: - /run command: ["/usr/bin/wait-for.sh", "-t", "0", "passboltdb:3306", "--", "/docker-entrypoint.sh"] environment: - 'TZ=${TZ}' - 'APP_FULL_BASE_URL=${APP_FULL_BASE_URL}' - 'DATASOURCES_DEFAULT_HOST=${DATASOURCES_DEFAULT_HOST}' - 'DATASOURCES_DEFAULT_USERNAME=${DATASOURCES_DEFAULT_USERNAME}' - 'DATASOURCES_DEFAULT_PASSWORD=${DATASOURCES_DEFAULT_PASSWORD}' - 'DATASOURCES_DEFAULT_DATABASE=${DATASOURCES_DEFAULT_DATABASE}' - 'DATASOURCES_DEFAULT_PORT=${DATASOURCES_DEFAULT_PORT}' - 'DATASOURCES_QUOTE_IDENTIFIER=${DATASOURCES_QUOTE_IDENTIFIER}' - 'PASSBOLT_REGISTRATION_PUBLIC=${PASSBOLT_REGISTRATION_PUBLIC}' - 'PASSBOLT_SSL_FORCE=${PASSBOLT_SSL_FORCE}' - 'EMAIL_TRANSPORT_DEFAULT_HOST=${EMAIL_TRANSPORT_DEFAULT_HOST}' - 'EMAIL_TRANSPORT_DEFAULT_PORT=${EMAIL_TRANSPORT_DEFAULT_PORT}' - 'EMAIL_TRANSPORT_DEFAULT_USERNAME=${EMAIL_TRANSPORT_DEFAULT_USERNAME}' - 'EMAIL_DEFAULT_FROM=${EMAIL_DEFAULT_FROM}' - 'EMAIL_TRANSPORT_DEFAULT_PASSWORD=${EMAIL_TRANSPORT_DEFAULT_PASSWORD}' - 'EMAIL_TRANSPORT_DEFAULT_TLS=${EMAIL_TRANSPORT_DEFAULT_TLS}' volumes: db: gpg: images: EOF chmod +x docker-compose.yaml
https://help.passbolt.com/configure/environment/reference.html
cd $WD/setup cat << 'EOF'>.env #TimeZone TZ=America/Whitehorse #DB Settings MYSQL_ROOT_PASSWORD=test MYSQL_DATABASE=passbolt MYSQL_USER=passbolt MYSQL_PASSWORD=P4ssb0lt #EMail EMAIL_TRANSPORT_DEFAULT_HOST=smtp.gmail.com EMAIL_TRANSPORT_DEFAULT_PORT=587 EMAIL_TRANSPORT_DEFAULT_USERNAME=user@gmail.com EMAIL_DEFAULT_FROM=user@gmail.com EMAIL_TRANSPORT_DEFAULT_PASSWORD=password EMAIL_TRANSPORT_DEFAULT_TLS=true # URL #Note Use 'https://localhost:IP' behind NGinX Reverse Proxy, not sub.domain.com #APP_FULL_BASE_URL=https://localhost:4742 APP_FULL_BASE_URL=https://passbolt.user.com # Database settings DATASOURCES_DEFAULT_HOST=passboltdb DATASOURCES_DEFAULT_USERNAME=passbolt DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt DATASOURCES_DEFAULT_DATABASE=passbolt DATASOURCES_DEFAULT_PORT=3306 DATASOURCES_QUOTE_IDENTIFIER=true # Registration PASSBOLT_REGISTRATION_PUBLIC=false #SSL PASSBOLT_SSL_FORCE=true EOF chmod +x .env
WD=/opt/passbolt/setup cat << EOF >$WD/passbolt.service.setup.sh cat << EOL >/lib/systemd/system/passbolt.service [Unit] Description=passbolt_Docker Requires=docker.service network-online.target [Service] Restart=on-abnormal ExecStart=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml up ExecStop=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml stop [Install] WantedBy=multi-user.target EOL systemctl enable passbolt systemctl restart passbolt systemctl status passbolt EOF chmod +x $WD/passbolt.service.setup.sh $WD/passbolt.service.setup.sh
echo 'alias pboltcli="docker exec -it passbolt /bin/bash"' >> ~/.bashrc source ~/.bashrc