https://help.passbolt.com/hosting/install/ce/docker.html
This is still a WIP as I prepare to leave LastPass and host my own DB. I believe Passbolt recommends using a dedicated user, and I plan on using a dedicated VM. But, the below got me a running container, which was a good start!
WD=/opt/passbolt
mkdir -p $WD/{setup,db,gpg,images,ssl}
cd $WD/setup
cat << 'EOF' >docker-compose.yaml
version: '3.7'
services:
db:
container_name: passboltdb
image: mariadb:10.3
hostname: passboltdb
ports:
- '127.0.0.1:3306:3306'
volumes:
- type: bind
source: /opt/passbolt/db/
target: /var/lib/mysql
environment:
- 'TZ=${TZ}'
- 'MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}'
- 'MYSQL_DATABASE=${MYSQL_DATABASE}'
- 'MYSQL_USER=${MYSQL_USER}'
- 'MYSQL_PASSWORD=${MYSQL_PASSWORD}'
passbolt:
container_name: passbolt
image: passbolt/passbolt:2.13.5-debian
hostname: passbolt
tty: true
depends_on:
- db
ports:
- '8227:80'
- '4742:443'
volumes:
- type: bind
source: /opt/passbolt/gpg/
target: /root/.gnupg/
- type: bind
source: /opt/passbolt/images/
target: /usr/share/php/passbolt/webroot/img
- type: bind
source: /opt/passbolt/ssl/
target: /etc/ssl/certs/
tmpfs:
- /run
command: ["/usr/bin/wait-for.sh", "-t", "0", "passboltdb:3306", "--", "/docker-entrypoint.sh"]
environment:
- 'TZ=${TZ}'
- 'APP_FULL_BASE_URL=${APP_FULL_BASE_URL}'
- 'DATASOURCES_DEFAULT_HOST=${DATASOURCES_DEFAULT_HOST}'
- 'DATASOURCES_DEFAULT_USERNAME=${DATASOURCES_DEFAULT_USERNAME}'
- 'DATASOURCES_DEFAULT_PASSWORD=${DATASOURCES_DEFAULT_PASSWORD}'
- 'DATASOURCES_DEFAULT_DATABASE=${DATASOURCES_DEFAULT_DATABASE}'
- 'DATASOURCES_DEFAULT_PORT=${DATASOURCES_DEFAULT_PORT}'
- 'DATASOURCES_QUOTE_IDENTIFIER=${DATASOURCES_QUOTE_IDENTIFIER}'
- 'PASSBOLT_REGISTRATION_PUBLIC=${PASSBOLT_REGISTRATION_PUBLIC}'
- 'PASSBOLT_SSL_FORCE=${PASSBOLT_SSL_FORCE}'
- 'EMAIL_TRANSPORT_DEFAULT_HOST=${EMAIL_TRANSPORT_DEFAULT_HOST}'
- 'EMAIL_TRANSPORT_DEFAULT_PORT=${EMAIL_TRANSPORT_DEFAULT_PORT}'
- 'EMAIL_TRANSPORT_DEFAULT_USERNAME=${EMAIL_TRANSPORT_DEFAULT_USERNAME}'
- 'EMAIL_DEFAULT_FROM=${EMAIL_DEFAULT_FROM}'
- 'EMAIL_TRANSPORT_DEFAULT_PASSWORD=${EMAIL_TRANSPORT_DEFAULT_PASSWORD}'
- 'EMAIL_TRANSPORT_DEFAULT_TLS=${EMAIL_TRANSPORT_DEFAULT_TLS}'
volumes:
db:
gpg:
images:
EOF
chmod +x docker-compose.yaml
https://help.passbolt.com/configure/environment/reference.html
cd $WD/setup cat << 'EOF'>.env #TimeZone TZ=America/Whitehorse #DB Settings MYSQL_ROOT_PASSWORD=test MYSQL_DATABASE=passbolt MYSQL_USER=passbolt MYSQL_PASSWORD=P4ssb0lt #EMail EMAIL_TRANSPORT_DEFAULT_HOST=smtp.gmail.com EMAIL_TRANSPORT_DEFAULT_PORT=587 EMAIL_TRANSPORT_DEFAULT_USERNAME=user@gmail.com EMAIL_DEFAULT_FROM=user@gmail.com EMAIL_TRANSPORT_DEFAULT_PASSWORD=password EMAIL_TRANSPORT_DEFAULT_TLS=true # URL #Note Use 'https://localhost:IP' behind NGinX Reverse Proxy, not sub.domain.com #APP_FULL_BASE_URL=https://localhost:4742 APP_FULL_BASE_URL=https://passbolt.user.com # Database settings DATASOURCES_DEFAULT_HOST=passboltdb DATASOURCES_DEFAULT_USERNAME=passbolt DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt DATASOURCES_DEFAULT_DATABASE=passbolt DATASOURCES_DEFAULT_PORT=3306 DATASOURCES_QUOTE_IDENTIFIER=true # Registration PASSBOLT_REGISTRATION_PUBLIC=false #SSL PASSBOLT_SSL_FORCE=true EOF chmod +x .env
WD=/opt/passbolt/setup cat << EOF >$WD/passbolt.service.setup.sh cat << EOL >/lib/systemd/system/passbolt.service [Unit] Description=passbolt_Docker Requires=docker.service network-online.target [Service] Restart=on-abnormal ExecStart=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml up ExecStop=/usr/bin/docker-compose --project-name passbolt --project-directory $WD -f $WD/docker-compose.yaml stop [Install] WantedBy=multi-user.target EOL systemctl enable passbolt systemctl restart passbolt systemctl status passbolt EOF chmod +x $WD/passbolt.service.setup.sh $WD/passbolt.service.setup.sh
echo 'alias pboltcli="docker exec -it passbolt /bin/bash"' >> ~/.bashrc source ~/.bashrc