CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed: readme updates on new config paths and cosmetic changes

This commit is contained in:
Diego Lendoiro 2021-02-23 16:56:00 +01:00
parent c401c8a4e7
commit 6359b110c9
No known key found for this signature in database
GPG Key ID: 3808AD1A50FF0B59
1 changed files with 66 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
README.md
View File

@ -6,7 +6,7 @@
/_/ \__,_/____/____/_,___/\____/_/\__/ `,.__. ^___.-/ /_/ \__,_/____/____/_,___/\____/_/\__/ `,.__. ^___.-/
`-./ .'...--` `-./ .'...--`
The open source password manager for teams `' The open source password manager for teams `'
(c) 2018 Passbolt SARL (c) 2021 Passbolt SA
https://www.passbolt.com https://www.passbolt.com
``` ```
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/0de4eaf7426944769a70a2d727a9012b)](https://www.codacy.com/app/passbolt/passbolt_docker?utm_source=github.com&utm_medium=referral&utm_content=passbolt/passbolt_docker&utm_campaign=Badge_Grade) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/0de4eaf7426944769a70a2d727a9012b)](https://www.codacy.com/app/passbolt/passbolt_docker?utm_source=github.com&utm_medium=referral&utm_content=passbolt/passbolt_docker&utm_campaign=Badge_Grade)
@ -20,14 +20,22 @@
Passbolt is a free and open source password manager that allows team members to Passbolt is a free and open source password manager that allows team members to
store and share credentials securely. store and share credentials securely.
# Requirements: # Requirements
* rng-tools or haveged are required on host machine to speed up entropy generation on containers. * rng-tools or haveged might be required on host machine to speed up entropy generation on containers.
This way gpg key creation on passbolt container will be faster. This way gpg key creation on passbolt container will be faster.
* mariadb/mysql >= 5.0 * mariadb/mysql >= 5.0
# Usage # Usage
### docker-compose
Usage:
```
$ docker-compose up
```
Users are encouraged to use [official docker image from the docker hub](https://hub.docker.com/r/passbolt/passbolt/). Users are encouraged to use [official docker image from the docker hub](https://hub.docker.com/r/passbolt/passbolt/).
## Start passbolt instance ## Start passbolt instance
@ -44,7 +52,7 @@ $ docker run -e MYSQL_ROOT_PASSWORD=<root_password> \
``` ```
Then you can start passbolt just by providing the database container ip in the Then you can start passbolt just by providing the database container ip in the
`db_host` environment variable. `DATASOURCES_DEFAULT_HOST` environment variable.
```bash ```bash
$ docker run --name passbolt \ $ docker run --name passbolt \
@ -61,7 +69,7 @@ $ docker run --name passbolt \
Once the container is running create your first admin user: Once the container is running create your first admin user:
```bash ```bash
$ docker exec passbolt su -m -c "/var/www/passbolt/bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data $ docker exec passbolt su -m -c "bin/cake passbolt register_user -u your@email.com -f yourname -l surname -r admin" -s /bin/sh www-data
``` ```
This registration command will return a single use url required to continue the This registration command will return a single use url required to continue the
@ -74,43 +82,44 @@ available browsing `https://yourdomain.com`
Passbolt docker image provides several environment variables to configure different aspects: Passbolt docker image provides several environment variables to configure different aspects:
| Variable name | Description | Default value | | Variable name | Description | Default value
| ----------------------------------- | -------------------------------- | ------------------- | | ----------------------------------- | -------------------------------- | -------------------
| APP_BASE | it allows people to specify the base subdir the application is running in | null | | APP_BASE | it allows people to specify the base subdir the application is running in | null
| APP_FULL_BASE_URL | Passbolt base url | false | | APP_FULL_BASE_URL | Passbolt base url | false
| DATASOURCES_DEFAULT_HOST | Database hostname | localhost | | DATASOURCES_DEFAULT_HOST | Database hostname | localhost
| DATASOURCES_DEFAULT_PORT | Database port | 3306 | | DATASOURCES_DEFAULT_PORT | Database port | 3306
| DATASOURCES_DEFAULT_USERNAME | Database username | '' | | DATASOURCES_DEFAULT_USERNAME | Database username | ''
| DATASOURCES_DEFAULT_PASSWORD | Database password | '' | | DATASOURCES_DEFAULT_PASSWORD | Database password | ''
| DATASOURCES_DEFAULT_DATABASE | Database name | '' | | DATASOURCES_DEFAULT_DATABASE | Database name | ''
| DATASOURCES_DEFAULT_SSL_KEY | Database SSL Key | '' | | DATASOURCES_DEFAULT_SSL_KEY | Database SSL Key | ''
| DATASOURCES_DEFAULT_SSL_CERT | Database SSL Cert | '' | | DATASOURCES_DEFAULT_SSL_CERT | Database SSL Cert | ''
| DATASOURCES_DEFAULT_SSL_CA | Database SSL CA | '' | | DATASOURCES_DEFAULT_SSL_CA | Database SSL CA | ''
| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME | Email classname | Smtp | | EMAIL_TRANSPORT_DEFAULT_CLASS_NAME | Email classname | Smtp
| EMAIL_DEFAULT_FROM | From email address | you@localhost | | EMAIL_DEFAULT_FROM | From email address | you@localhost
| EMAIL_DEFAULT_TRANSPORT | Sets transport method | default | | EMAIL_DEFAULT_TRANSPORT | Sets transport method | default
| EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | localhost | | EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | localhost
| EMAIL_TRANSPORT_DEFAULT_PORT | Server port | 25 | | EMAIL_TRANSPORT_DEFAULT_PORT | Server port | 25
| EMAIL_TRANSPORT_DEFAULT_TIMEOUT | Timeout | 30 | | EMAIL_TRANSPORT_DEFAULT_TIMEOUT | Timeout | 30
| EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | null | | EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | null
| EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | null | | EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | null
| EMAIL_TRANSPORT_DEFAULT_CLIENT | Client | null | | EMAIL_TRANSPORT_DEFAULT_CLIENT | Client | null
| EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | null | | EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | null
| EMAIL_TRANSPORT_DEFAULT_URL | Set url | null | | EMAIL_TRANSPORT_DEFAULT_URL | Set url | null
| GNUPGHOME | path to gnupghome directory | /home/www-data/.gnupg | | GNUPGHOME | path to gnupghome directory | /var/lib/passbolt/.gnupg
| PASSBOLT_KEY_LENGTH | Gpg desired key length | 2048 | | PASSBOLT_KEY_LENGTH | Gpg desired key length | 2048
| PASSBOLT_SUBKEY_LENGTH | Gpg desired subkey length | 2048 | | PASSBOLT_SUBKEY_LENGTH | Gpg desired subkey length | 2048
| PASSBOLT_KEY_NAME | Key owner name | Passbolt default user | | PASSBOLT_KEY_NAME | Key owner name | Passbolt default user
| PASSBOLT_KEY_EMAIL | Key owner email address | passbolt@yourdomain.com | | PASSBOLT_KEY_EMAIL | Key owner email address | passbolt@yourdomain.com
| PASSBOLT_KEY_EXPIRATION | Key expiration date | 0, never expires | | PASSBOLT_KEY_EXPIRATION | Key expiration date | 0, never expires
| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | null | | PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | null
| PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | /var/www/passbolt/config/gpg/serverkey.asc | | PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | /etc/passbolt/gpg/serverkey.asc
| PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | /var/www/passbolt/config/gpg/serverkey_private.asc | | PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | /etc/passbolt/gpg/serverkey_private.asc
| PASSBOLT_PLUGINS_EXPORT_ENABLED | Enable export plugin | true | | PASSBOLT_PLUGINS_EXPORT_ENABLED | Enable export plugin | true
| PASSBOLT_PLUGINS_IMPORT_ENABLED | Enable import plugin | true | | PASSBOLT_PLUGINS_IMPORT_ENABLED | Enable import plugin | true
| PASSBOLT_REGISTRATION_PUBLIC | Defines if users can register | false | | PASSBOLT_REGISTRATION_PUBLIC | Defines if users can register | false
| PASSBOLT_SSL_FORCE | Redirects http to https | true | | PASSBOLT_SSL_FORCE | Redirects http to https | true
| PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | true | | SECURITY_SALT | CakePHP security salt | __SALT__ | | PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | true
| SECURITY_SALT | CakePHP security salt | __SALT__
For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php) For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php)
and [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php) and [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php)
@ -120,11 +129,11 @@ and [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/confi
What if you already have a set of gpg keys and custom configuration files for passbolt? What if you already have a set of gpg keys and custom configuration files for passbolt?
It it possible to mount the desired configuration files as volumes. It it possible to mount the desired configuration files as volumes.
* /var/www/passbolt/config/app.php * /etc/passbolt/app.php
* /var/www/passbolt/config/passbolt.php * /etc/passbolt/passbolt.php
* /var/www/passbolt/config/gpg/serverkey.asc * /etc/passbolt/gpg/serverkey.asc
* /var/www/passbolt/config/gpg/serverkey_private.asc * /etc/passbolt/gpg/serverkey_private.asc
* /var/www/passbolt/webroot/img/public/images * /usr/share/php/passbolt/webroot/img/public/images
### SSL certificate files ### SSL certificate files
@ -147,24 +156,22 @@ ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-key=/etc/mysql/ssl/server-key.pem ssl-key=/etc/mysql/ssl/server-key.pem
``` ```
### docker-compose
Usage:
```
$ docker-compose up
```
### CLI healthcheck ### CLI healthcheck
In order to run the healtcheck from the CLI on the container: In order to run the healtcheck from the CLI on the container:
On a root docker image:
``` ```
$ su -c "source /etc/environment; bin/cake passbolt healthcheck" -s /bin/bash www-data $ su -s /bin/bash www-data
$ export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
$ bin/cake passbolt healthcheck
``` ```
# Requirements: Non root image:
* rng-tools or haveged are required on host machine to speed up entropy generation on containers. ```
This way gpg key creation on passbolt container will be faster. $ export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
* mariadb/mysql >= 5.6 $ bin/cake passbolt healthcheck
```