CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

work in progress readme

This commit is contained in:
Diego Lendoiro 2018-01-12 12:23:12 +01:00
parent 3b12c27757
commit 955389329c
1 changed files with 47 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
README.md
View File

@ -1,5 +1,9 @@
# Passbolt docker official image
# Warning
This is a work in progress branch use at your own risk.
# What is passbolt?
Passbolt is a free and open source password manager that allows team members to
@ -28,16 +32,21 @@ Passbolt requires mysql to be running. The following example use mysql official
with the default passbolt credentials.
```bash
$ docker run -e MYSQL_ROOT_PASSWORD=<your_root_password> \
-e MYSQL_DATABASE=passbolt \
-e MYSQL_USER=passbolt \
-e MYSQL_PASSWORD=P4ssb0lt \
$ docker run -e MYSQL_ROOT_PASSWORD=<root_password> \
-e MYSQL_DATABASE=<mysql_database> \
-e MYSQL_USER=<mysql_user> \
-e MYSQL_PASSWORD=<mysql_password> \
mysql
```
Then you can start passbolt just by providing the database container ip in the `db_host` environment variable.
`$ docker run -e DB_HOST=<mysql_container_ip> passbolt:local`
```bash
$ docker run -e DATASOURCES_DEFAULT_HOST=<mysql_container_host> \
-e DATASOURCES_DEFAULT_PASSWORD=<mysql_password> \
-e DATASOURCES_DEFAULT_USERNAME=<mysql_user> \
-e DATASOURCES_DEFAULT_DATABASE=<mysql_database> \
passbolt:local```
Once the process is done, just navigate to the following url in your browser: https://passbolt_container_ip
@ -52,48 +61,40 @@ And access it using https://localhost:host_port
# Configure passbolt
## Environment variables
## Environment variables reference
Passbolt docker image provides several environment variables to configure different aspects:
### GnuPG key creation related variables
* APP_FULL_BASE_URL: Defines Passbolt base url (Example https://yourdomain.com)
* DATASOURCES_DEFAULT_HOST: database hostname (defaults to localhost)
* DATASOURCES_DEFAULT_PORT: database port (defaults to 3306)
* DATASOURCES_DEFAULT_USERNAME: database username (defaults to my_app)
* DATASOURCES_DEFAULT_PASSWORD: database password (defaults to secret)
* DATASOURCES_DEFAULT_DATABASE: database name (defaults to my_app)
* EMAIL_DEFAULT_FROM: from email address (defaults to contact@mydomain.local)
* EMAIL_DEFAULT_TRANSPORT: sets transport method (defaults to default)
* EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (defaults to localhost)
* EMAIL_TRANSPORT_DEFAULT_PORT: server port (defaults to 25)
* EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (defaults to 30)
* EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (defaults to null)
* EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (defaults to null)
* EMAIL_TRANSPORT_DEFAULT_CLIENT: client (defaults to null)
* EMAIL_TRANSPORT_DEFAULT_TLS: set tls (defaults to null)
* EMAIL_TRANSPORT_DEFAULT_URL: set url (defaults to null)
* GNUPGHOME: Path to gnupghome directory (defaults to web_user_home_directory/.gnupg )
* PASSBOLT_KEY_LENGTH: gpg desired key length
* PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length
* PASSBOLT_KEY_NAME: key owner name
* PASSBOLT_KEY_EMAIL: key owner email address
* PASSBOLT_KEY_EXPIRATION: key expiration date
* PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint
* PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key
* PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key
* PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (defaults to false)
* PASSBOLT_SSL_FORCE: Forces passbolt to redirect to SSL any non-SSL request
* PASSBOLT_SECURITY_SET_HEADERS: Forces passbolt to send CSP Headers (defaults to true)
* SECURITY_SALT: A random number user in security hashing methods.
* KEY_LENGTH: gpg desired key length
* SUBKEY_LENGTH: gpg desired subkey length
* KEY_NAME: key owner name
* KEY_EMAIL: key owner email address
* KEY_EXPIRATION: key expiration date
### App file variables
* FINGERPRINT: GnuPG fingerprint
* REGISTRATION: Defines if users can register (defaults to false)
* SSL: Forces passbolt to redirect to SSL any non-SSL request
### Core file variables
* SALT: a random string used by cakephp in security hashing methods
* CIPHERSEED: a random string used by cakephp to encrypt/decrypt strings
* URL: URL of the passbolt installation (defaults to passbolt.local)
### Database variables
* DB_HOST: database hostname This param has to be specified either using env var or in database.php (defaults to passbolt.local)
* DB_PORT: database port (defaults to 3306)
* DB_USER: database username (defaults to passbolt)
* DB_PASS: database password (defaults to P4ssb0lt)
* DB_NAME: database name (defaults to passbolt)
### Email variables
* EMAIL_TRANSPORT: transport protocol ( defaults to Smtp)
* EMAIL_FROM: from email address ( defaults to contact@mydomain.local)
* EMAIL_HOST: server hostname ( defaults to localhost)
* EMAIL_PORT: server port ( defaults to 587)
* EMAIL_TIMEOUT: timeout ( defaults to 30s)
* EMAIL_USERNAME: username for email server auth ( defaults to email_user)
* EMAIL_PASSWORD: password for email server auth ( defaults to email_password)
* EMAIL_TLS: set tls, boolean ( defaults to false)
## Advanced configuration
@ -102,12 +103,9 @@ It it possible to mount the desired configuration files as volumes.
### Configuration files subject to be persisted:
* /var/www/passbolt/app/Config/app.php
* /var/www/passbolt/app/Config/core.php
* /var/www/passbolt/app/Config/database.php
* /var/www/passbolt/app/Config/email.php
* /var/www/passbolt/app/Config/gpg/serverkey.asc
* /var/www/passbolt/app/Config/gpg/serverkey.private.asc
* /var/www/passbolt/config/app.php
* /var/www/passbolt/config/gpg/serverkey.asc
* /var/www/passbolt/config/gpg/serverkey_private.asc
* /var/www/passbolt/app/webroot/img/public/images
### SSL certificate files
@ -117,57 +115,6 @@ It is also possible to mount a ssl certificate on the following paths:
* /etc/ssl/certs/certificate.crt
* /etc/ssl/certs/certificate.key
# Examples
For the following examples it is assumed that passbolt container image has been built from this repo following the instructions
described on the [Build](#build-the-image) section.
In the following example passbolt is launched with the defaults enabled usind mysql official docker container to store passbolt data:
```bash
$ docker run -e MYSQL_ROOT_PASSWORD=c0mplexp4ss \
-e MYSQL_DATABASE=passbolt \
-e MYSQL_USER=passbolt \
-e MYSQL_PASSWORD=P4ssb0lt \
mysql
```
Once mysql container is running we should extract its ip address. Let's assume 172.17.0.2 for this example
`$ docker run -e DB_HOST=172.17.0.2 passbolt:local`
Point your browser to the passbolt container ip or localhost:exposed_port.
## Advanced configuration
In the following example passbolt is launched with a customized setup mounting and persisting configuration files. We also make use of
mysql official docker container to store passbolt data.
```bash
$ docker run -e MYSQL_ROOT_PASSWORD=c0mplexp4ss \
-e MYSQL_DATABASE=passbolt \
-e MYSQL_USER=passbolt \
-e MYSQL_PASSWORD=P4ssb0lt \
mysql
```
Using docker inspect or any other method you can get the ip address of the mysql container. This example uses 172.17.0.2.
Once this container is running and you have the mysql ip address we run passbolt container mounting all configuration files stored
under a example conf directory in $PWD
```bash
$ docker run -v $PWD/conf/app.php:/var/www/passbolt/app/Config/app.php \
-v $PWD/conf/core.php:/var/www/passbolt/app/Config/core.php \
-v $PWD/conf/database.php:/var/www/passbolt/app/Config/database.php \
-v $PWD/conf/email.php:/var/www/passbolt/app/Config/email.php \
-v $PWD/conf/private.asc:/var/www/passbolt/app/Config/gpg/serverkey.private.asc \
-v $PWD/conf/public.asc:/var/www/passbolt/app/Config/gpg/serverkey.asc \
passbolt:local
```
Navigate with the browser to the passbolt container ip or localhost:exposed_port
# Requirements:
* rng-tools are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster.