Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

https://help.passbolt.com/hosting/install/ce/docker.html

This is still a WIP as I prepare to leave LastPass and host my own DB. I believe Passbolt recommends using a dedicated user, and I plan on using a dedicated VM. But, the below got me a running container, which was a good start!

WD=/opt/passbolt
mkdir -p $WD/{setup,db,gpg,images,ssl}
cd $WD/setup
cat << 'EOF' >docker-compose.yaml 
version: '3.7'

services:
 db:
    container_name: passboltdb
    image: mariadb:10.3
    hostname: passboltdb
    ports:
      - '127.0.0.1:3306:3306'
    volumes:
      - type: bind
        source: /opt/passbolt/db/
        target: /var/lib/mysql

    environment:
      - 'TZ=${TZ}'
      - 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}'
      - 'MYSQL_DATABASE=${MYSQL_DATABASE}'
      - 'MYSQL_USER=${MYSQL_USER}'
      - 'MYSQL_PASSWORD=${MYSQL_PASSWORD}'

 passbolt:
    container_name: passbolt
    image: passbolt/passbolt:2.13.5-debian
    hostname: passbolt
    tty: true
    depends_on:
      - db
    ports:
      - '8227:80'
      - '4742:443'
    volumes:
      - type: bind
        source: /opt/passbolt/gpg/
        target: /root/.gnupg/
      - type: bind
        source: /opt/passbolt/images/
        target: /usr/share/php/passbolt/webroot/img
      - type: bind
        source: /opt/passbolt/ssl/
        target: /etc/ssl/certs/
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "passboltdb:3306", "--", "/docker-entrypoint.sh"]

    environment:
      - 'TZ=${TZ}'
      - 'APP_FULL_BASE_URL=${APP_FULL_BASE_URL}'
      - 'DATASOURCES_DEFAULT_HOST=${DATASOURCES_DEFAULT_HOST}'
      - 'DATASOURCES_DEFAULT_USERNAME=${DATASOURCES_DEFAULT_USERNAME}'
      - 'DATASOURCES_DEFAULT_PASSWORD=${DATASOURCES_DEFAULT_PASSWORD}'
      - 'DATASOURCES_DEFAULT_DATABASE=${DATASOURCES_DEFAULT_DATABASE}'
      - 'DATASOURCES_DEFAULT_PORT=${DATASOURCES_DEFAULT_PORT}'
      - 'DATASOURCES_QUOTE_IDENTIFIER=${DATASOURCES_QUOTE_IDENTIFIER}'
      - 'PASSBOLT_REGISTRATION_PUBLIC=${PASSBOLT_REGISTRATION_PUBLIC}'
      - 'PASSBOLT_SSL_FORCE=${PASSBOLT_SSL_FORCE}'
      - 'EMAIL_TRANSPORT_DEFAULT_HOST=${EMAIL_TRANSPORT_DEFAULT_HOST}'
      - 'EMAIL_TRANSPORT_DEFAULT_PORT=${EMAIL_TRANSPORT_DEFAULT_PORT}'
      - 'EMAIL_TRANSPORT_DEFAULT_USERNAME=${EMAIL_TRANSPORT_DEFAULT_USERNAME}'
      - 'EMAIL_DEFAULT_FROM=${EMAIL_DEFAULT_FROM}'
      - 'EMAIL_TRANSPORT_DEFAULT_PASSWORD=${EMAIL_TRANSPORT_DEFAULT_PASSWORD}'
      - 'EMAIL_TRANSPORT_DEFAULT_TLS=${EMAIL_TRANSPORT_DEFAULT_TLS}'
      
volumes:
  db:
  gpg:
  images:

EOF
chmod +x docker-compose.yaml

https://help.passbolt.com/configure/environment/reference.html

cd $WD/setup 
cat << 'EOF'>.env
#TimeZone
TZ=America/Whitehorse

#DB Settings
MYSQL_ROOT_PASSWORD=test
MYSQL_DATABASE=passbolt
MYSQL_USER=passbolt
MYSQL_PASSWORD=P4ssb0lt

#EMail
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.gmail.com
EMAIL_TRANSPORT_DEFAULT_PORT=587
EMAIL_TRANSPORT_DEFAULT_USERNAME=user@gmail.com
EMAIL_DEFAULT_FROM=user@gmail.com
EMAIL_TRANSPORT_DEFAULT_PASSWORD=password
EMAIL_TRANSPORT_DEFAULT_TLS=true

# URL
#Note Use 'https://localhost:IP' behind NGinX Reverse Proxy, not sub.domain.com
#APP_FULL_BASE_URL=https://localhost:4742
APP_FULL_BASE_URL=https://passbolt.user.com

# Database settings
DATASOURCES_DEFAULT_HOST=passboltdb
DATASOURCES_DEFAULT_USERNAME=passbolt
DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
DATASOURCES_DEFAULT_DATABASE=passbolt
DATASOURCES_DEFAULT_PORT=3306
DATASOURCES_QUOTE_IDENTIFIER=true

# Registration
PASSBOLT_REGISTRATION_PUBLIC=false

#SSL
PASSBOLT_SSL_FORCE=true
EOF
chmod +x .env
WD=/opt/passbolt/setup
cat << EOF >$WD/passbolt.service.setup.sh
cat << EOL >/lib/systemd/system/passbolt.service
[Unit]
Description=passbolt_Docker
Requires=docker.service network-online.target

[Service]

Restart=on-abnormal
ExecStart=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml up
ExecStop=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml stop

[Install]
WantedBy=multi-user.target
EOL
systemctl enable passbolt
systemctl restart passbolt
systemctl status passbolt
EOF
chmod +x $WD/passbolt.service.setup.sh
$WD/passbolt.service.setup.sh
echo 'alias pboltcli="docker exec -it passbolt /bin/bash"' >> ~/.bashrc
source ~/.bashrc
  • No labels