diff --git a/README.md b/README.md index 65c644c..37876eb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # Passbolt docker official image +# Warning + +This is a work in progress branch use at your own risk. + # What is passbolt? Passbolt is a free and open source password manager that allows team members to @@ -28,16 +32,21 @@ Passbolt requires mysql to be running. The following example use mysql official with the default passbolt credentials. ```bash -$ docker run -e MYSQL_ROOT_PASSWORD= \ - -e MYSQL_DATABASE=passbolt \ - -e MYSQL_USER=passbolt \ - -e MYSQL_PASSWORD=P4ssb0lt \ +$ docker run -e MYSQL_ROOT_PASSWORD= \ + -e MYSQL_DATABASE= \ + -e MYSQL_USER= \ + -e MYSQL_PASSWORD= \ mysql ``` Then you can start passbolt just by providing the database container ip in the `db_host` environment variable. -`$ docker run -e DB_HOST= passbolt:local` +```bash +$ docker run -e DATASOURCES_DEFAULT_HOST= \ + -e DATASOURCES_DEFAULT_PASSWORD= \ + -e DATASOURCES_DEFAULT_USERNAME= \ + -e DATASOURCES_DEFAULT_DATABASE= \ + passbolt:local``` Once the process is done, just navigate to the following url in your browser: https://passbolt_container_ip @@ -52,48 +61,40 @@ And access it using https://localhost:host_port # Configure passbolt -## Environment variables +## Environment variables reference Passbolt docker image provides several environment variables to configure different aspects: -### GnuPG key creation related variables +* APP_FULL_BASE_URL: Defines Passbolt base url (Example https://yourdomain.com) +* DATASOURCES_DEFAULT_HOST: database hostname (defaults to localhost) +* DATASOURCES_DEFAULT_PORT: database port (defaults to 3306) +* DATASOURCES_DEFAULT_USERNAME: database username (defaults to my_app) +* DATASOURCES_DEFAULT_PASSWORD: database password (defaults to secret) +* DATASOURCES_DEFAULT_DATABASE: database name (defaults to my_app) +* EMAIL_DEFAULT_FROM: from email address (defaults to contact@mydomain.local) +* EMAIL_DEFAULT_TRANSPORT: sets transport method (defaults to default) +* EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (defaults to localhost) +* EMAIL_TRANSPORT_DEFAULT_PORT: server port (defaults to 25) +* EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (defaults to 30) +* EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (defaults to null) +* EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (defaults to null) +* EMAIL_TRANSPORT_DEFAULT_CLIENT: client (defaults to null) +* EMAIL_TRANSPORT_DEFAULT_TLS: set tls (defaults to null) +* EMAIL_TRANSPORT_DEFAULT_URL: set url (defaults to null) +* GNUPGHOME: Path to gnupghome directory (defaults to web_user_home_directory/.gnupg ) +* PASSBOLT_KEY_LENGTH: gpg desired key length +* PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length +* PASSBOLT_KEY_NAME: key owner name +* PASSBOLT_KEY_EMAIL: key owner email address +* PASSBOLT_KEY_EXPIRATION: key expiration date +* PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint +* PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key +* PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key +* PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (defaults to false) +* PASSBOLT_SSL_FORCE: Forces passbolt to redirect to SSL any non-SSL request +* PASSBOLT_SECURITY_SET_HEADERS: Forces passbolt to send CSP Headers (defaults to true) +* SECURITY_SALT: A random number user in security hashing methods. -* KEY_LENGTH: gpg desired key length -* SUBKEY_LENGTH: gpg desired subkey length -* KEY_NAME: key owner name -* KEY_EMAIL: key owner email address -* KEY_EXPIRATION: key expiration date - -### App file variables - -* FINGERPRINT: GnuPG fingerprint -* REGISTRATION: Defines if users can register (defaults to false) -* SSL: Forces passbolt to redirect to SSL any non-SSL request - -### Core file variables - -* SALT: a random string used by cakephp in security hashing methods -* CIPHERSEED: a random string used by cakephp to encrypt/decrypt strings -* URL: URL of the passbolt installation (defaults to passbolt.local) - -### Database variables - -* DB_HOST: database hostname This param has to be specified either using env var or in database.php (defaults to passbolt.local) -* DB_PORT: database port (defaults to 3306) -* DB_USER: database username (defaults to passbolt) -* DB_PASS: database password (defaults to P4ssb0lt) -* DB_NAME: database name (defaults to passbolt) - -### Email variables - -* EMAIL_TRANSPORT: transport protocol ( defaults to Smtp) -* EMAIL_FROM: from email address ( defaults to contact@mydomain.local) -* EMAIL_HOST: server hostname ( defaults to localhost) -* EMAIL_PORT: server port ( defaults to 587) -* EMAIL_TIMEOUT: timeout ( defaults to 30s) -* EMAIL_USERNAME: username for email server auth ( defaults to email_user) -* EMAIL_PASSWORD: password for email server auth ( defaults to email_password) -* EMAIL_TLS: set tls, boolean ( defaults to false) ## Advanced configuration @@ -102,12 +103,9 @@ It it possible to mount the desired configuration files as volumes. ### Configuration files subject to be persisted: -* /var/www/passbolt/app/Config/app.php -* /var/www/passbolt/app/Config/core.php -* /var/www/passbolt/app/Config/database.php -* /var/www/passbolt/app/Config/email.php -* /var/www/passbolt/app/Config/gpg/serverkey.asc -* /var/www/passbolt/app/Config/gpg/serverkey.private.asc +* /var/www/passbolt/config/app.php +* /var/www/passbolt/config/gpg/serverkey.asc +* /var/www/passbolt/config/gpg/serverkey_private.asc * /var/www/passbolt/app/webroot/img/public/images ### SSL certificate files @@ -117,57 +115,6 @@ It is also possible to mount a ssl certificate on the following paths: * /etc/ssl/certs/certificate.crt * /etc/ssl/certs/certificate.key -# Examples - -For the following examples it is assumed that passbolt container image has been built from this repo following the instructions -described on the [Build](#build-the-image) section. - -In the following example passbolt is launched with the defaults enabled usind mysql official docker container to store passbolt data: - -```bash -$ docker run -e MYSQL_ROOT_PASSWORD=c0mplexp4ss \ - -e MYSQL_DATABASE=passbolt \ - -e MYSQL_USER=passbolt \ - -e MYSQL_PASSWORD=P4ssb0lt \ - mysql -``` - -Once mysql container is running we should extract its ip address. Let's assume 172.17.0.2 for this example - -`$ docker run -e DB_HOST=172.17.0.2 passbolt:local` - -Point your browser to the passbolt container ip or localhost:exposed_port. - -## Advanced configuration - -In the following example passbolt is launched with a customized setup mounting and persisting configuration files. We also make use of -mysql official docker container to store passbolt data. - -```bash -$ docker run -e MYSQL_ROOT_PASSWORD=c0mplexp4ss \ - -e MYSQL_DATABASE=passbolt \ - -e MYSQL_USER=passbolt \ - -e MYSQL_PASSWORD=P4ssb0lt \ - mysql -``` - -Using docker inspect or any other method you can get the ip address of the mysql container. This example uses 172.17.0.2. - -Once this container is running and you have the mysql ip address we run passbolt container mounting all configuration files stored -under a example conf directory in $PWD - -```bash -$ docker run -v $PWD/conf/app.php:/var/www/passbolt/app/Config/app.php \ - -v $PWD/conf/core.php:/var/www/passbolt/app/Config/core.php \ - -v $PWD/conf/database.php:/var/www/passbolt/app/Config/database.php \ - -v $PWD/conf/email.php:/var/www/passbolt/app/Config/email.php \ - -v $PWD/conf/private.asc:/var/www/passbolt/app/Config/gpg/serverkey.private.asc \ - -v $PWD/conf/public.asc:/var/www/passbolt/app/Config/gpg/serverkey.asc \ - passbolt:local -``` - -Navigate with the browser to the passbolt container ip or localhost:exposed_port - # Requirements: * rng-tools are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster.