Skip to main content

Passbolt - Open Source Password Manager - Docker Compose Stack with Nginx Reverse Proxy

332 words·
Passbolt Docker-Compose Nginx MariaDB
Table of Contents

Passbolt
#

Prerequisites
#

# Create directory & change permissions
mkdir -p passbolt_gpg && chown -R 33:33 passbolt_gpg
# Create environment file for passwords
vi .env

# Define passwords
MARIADB_ROOT_PASSWORD=password
MARIADB_USER_PASSWORD=passoword

Docker Compose
#

Without Mail
#

  • This version defines the credentials for the mail server via the GUI
version: '3.4'
services:
  mariadb:
    image: mariadb:latest
    environment:
      - MYSQL_DATABASE=passbolt
      - MYSQL_USER=passbolt
      - MYSQL_PASSWORD=${MARIADB_USER_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    volumes:
      - ./mariadb_data:/var/lib/mysql
    restart: unless-stopped
    
  passbolt:
    image: passbolt/passbolt:latest-ce
    tty: true
    depends_on:
      - mariadb
    environment:
      - DATASOURCES_DEFAULT_HOST=mariadb
      - DATASOURCES_DEFAULT_USERNAME=passbolt
      - DATASOURCES_DEFAULT_PASSWORD=${MARIADB_USER_PASSWORD}
      - DATASOURCES_DEFAULT_DATABASE=passbolt
      - DATASOURCES_DEFAULT_PORT=3306
      - DATASOURCES_QUOTE_IDENTIFIER=true
      - APP_FULL_BASE_URL=https://passbolt.yourdomain.com

    volumes:
      - ./passbolt_gpg:/etc/passbolt/gpg
      - ./passbolt_web:/usr/share/php/passbolt/webroot/img/public
    command: ["/usr/bin/wait-for.sh", "-t", "0", "mariadb:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 17880:80
    restart: unless-stopped

With Mail
#

  • This version defines the credentials for the mail server in the Docker Compose file
version: '3.4'
services:
  mariadb:
    image: mariadb:latest
    environment:
      - MYSQL_DATABASE=passbolt
      - MYSQL_USER=passbolt
      - MYSQL_PASSWORD=${MARIADB_USER_PASSWORD}
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    volumes:
      - ./mariadb_data:/var/lib/mysql
    restart: unless-stopped
    
  passbolt:
    image: passbolt/passbolt:latest-ce
    tty: true
    depends_on:
      - mariadb
    environment:
      - DATASOURCES_DEFAULT_HOST=mariadb
      - DATASOURCES_DEFAULT_USERNAME=passbolt
      - DATASOURCES_DEFAULT_PASSWORD=${MARIADB_USER_PASSWORD}
      - DATASOURCES_DEFAULT_DATABASE=passbolt
      - DATASOURCES_DEFAULT_PORT=3306
      - DATASOURCES_QUOTE_IDENTIFIER=true
      - APP_FULL_BASE_URL=https://passbolt.yourdomain.com
      - EMAIL_DEFAULT_FROM= # Define From Address
      - EMAIL_TRANSPORT_DEFAULT_HOST= mail.yourdomain.com # Define Mailserver
      - EMAIL_TRANSPORT_DEFAULT_PORT=587
      - EMAIL_TRANSPORT_DEFAULT_USERNAME=  # Define Mailserver Login
      - EMAIL_TRANSPORT_DEFAULT_PASSWORD=  # Define Mailserver Login PW
      - EMAIL_TRANSPORT_DEFAULT_TLS=true
      #- PASSBOLT_KEY_EMAIL=
    volumes:
      - ./passbolt_gpg:/etc/passbolt/gpg
      - ./passbolt_web:/usr/share/php/passbolt/webroot/img/public
    command: ["/usr/bin/wait-for.sh", "-t", "0", "mariadb:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 17880:80
    restart: unless-stopped
# Test SMTP connection / send test mail
docker compose exec passbolt su -m -c "bin/cake passbolt send_test_email --recipient=juergen.klug@yourdomain.com"

Start Docker Stack
#

# Create / start container
docker compose up -d

Nginx Reverse Proxy
#

# Install Nginx
sudo apt install nginx
# Copy config file
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/passbolt.yourdomain.com

# Open config file
sudo vi /etc/nginx/sites-available/passbolt.yourdomain.com


# Nginx config
server {
    listen 443 ssl;
    server_name passbolt.yourdomain.com;

    ssl_certificate         /etc/certs/fullchain1.pem;
    ssl_certificate_key     /etc/certs/privkey1.pem;


    location / {
        proxy_pass http://127.0.0.1:17880/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
# Create link to sites-enabled directory
sudo ln -s /etc/nginx/sites-available/passbolt.yourdomain.com /etc/nginx/sites-enabled/

# Remove default site from sites-enabled directory
rm /etc/nginx/sites-enabled/default

# Restart Nginx
sudo systemctl restart nginx