CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
142 Commits 1 Branch 0 Tags 987 KiB
Ruby 50.6%
Shell 34.6%
Dockerfile 14.8%
Go to file
Diego Lendoiro 21b9e1a6cf no prestissimo and git for public builds 2018-01-16 17:42:42 +01:00
bin check for file existence 2018-01-16 17:10:02 +01:00
conf security headers are being sent from passbolt application 2018-01-16 16:25:52 +01:00
spec fix directory permissions 2018-01-12 11:17:21 +01:00
.gitignore updated ignored files 2018-01-12 11:24:17 +01:00
CHANGELOG.md updated changelog 2017-08-31 11:03:57 +02:00
Dockerfile no prestissimo and git for public builds 2018-01-16 17:42:42 +01:00
Gemfile healthcheck returns 200 status code 2018-01-12 09:33:28 +01:00
Gemfile.lock healthcheck returns 200 status code 2018-01-12 09:33:28 +01:00
LICENSE Initial commit 2016-02-18 15:23:50 +05:30
README.md formatting 2018-01-14 21:15:13 +01:00
Rakefile initial Rakefile 2018-01-04 15:28:10 +01:00

README.md

Passbolt docker official image

Warning

This is a work in progress branch use at your own risk.

What is passbolt?

Passbolt is a free and open source password manager that allows team members to store and share credentials securely.

Scope of this repository

This repository will allow passbolt power users to customize their passbolt image to fit their needs on specific environments. It is also a community meeting point to exchange feedback, request for new features track issues and pull requests.

Users that do not require any special modifications are encouraged to docker pull the official docker image from the docker hub.

Build the image

Inside the repo directory:

$ docker build . -t passbolt:local

How to use the local image?

Start passbolt instance

Passbolt requires mysql to be running. The following example use mysql official docker image with the default passbolt credentials.

$ docker run -e MYSQL_ROOT_PASSWORD=<root_password> \
             -e MYSQL_DATABASE=<mysql_database> \
             -e MYSQL_USER=<mysql_user> \
             -e MYSQL_PASSWORD=<mysql_password> \
             mysql

Then you can start passbolt just by providing the database container ip in the db_host environment variable.

$ docker run -e DATASOURCES_DEFAULT_HOST=<mysql_container_host> \
             -e DATASOURCES_DEFAULT_PASSWORD=<mysql_password> \
             -e DATASOURCES_DEFAULT_USERNAME=<mysql_user> \
             -e DATASOURCES_DEFAULT_DATABASE=<mysql_database> \
             passbolt:local

Once the process is done, just navigate to the following url in your browser: https://passbolt_container_ip

Note on starting passbolt container on MacOS systems

Due to the limitations of docker networking under MacOS users should start the container exposing a port on the host:

$ docker run -p host_port:443 -e DB_HOST=<mysql_container_ip> passbolt:local

And access it using https://localhost:host_port

Configure passbolt

Environment variables reference

Passbolt docker image provides several environment variables to configure different aspects:

  • APP_FULL_BASE_URL: Defines Passbolt base url (Example https://yourdomain.com)
  • DATASOURCES_DEFAULT_HOST: database hostname (defaults to localhost)
  • DATASOURCES_DEFAULT_PORT: database port (defaults to 3306)
  • DATASOURCES_DEFAULT_USERNAME: database username (defaults to my_app)
  • DATASOURCES_DEFAULT_PASSWORD: database password (defaults to secret)
  • DATASOURCES_DEFAULT_DATABASE: database name (defaults to my_app)
  • EMAIL_DEFAULT_FROM: from email address (defaults to contact@mydomain.local)
  • EMAIL_DEFAULT_TRANSPORT: sets transport method (defaults to default)
  • EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (defaults to localhost)
  • EMAIL_TRANSPORT_DEFAULT_PORT: server port (defaults to 25)
  • EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (defaults to 30)
  • EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (defaults to null)
  • EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (defaults to null)
  • EMAIL_TRANSPORT_DEFAULT_CLIENT: client (defaults to null)
  • EMAIL_TRANSPORT_DEFAULT_TLS: set tls (defaults to null)
  • EMAIL_TRANSPORT_DEFAULT_URL: set url (defaults to null)
  • GNUPGHOME: Path to gnupghome directory (defaults to web_user_home_directory/.gnupg )
  • PASSBOLT_KEY_LENGTH: gpg desired key length
  • PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length
  • PASSBOLT_KEY_NAME: key owner name
  • PASSBOLT_KEY_EMAIL: key owner email address
  • PASSBOLT_KEY_EXPIRATION: key expiration date
  • PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint
  • PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key
  • PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key
  • PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (defaults to false)
  • PASSBOLT_SSL_FORCE: Forces passbolt to redirect to SSL any non-SSL request
  • PASSBOLT_SECURITY_SET_HEADERS: Forces passbolt to send CSP Headers (defaults to true)
  • SECURITY_SALT: A random number user in security hashing methods.

Advanced configuration

What if you already have a set of gpg keys and custom configuration files for passbolt? It it possible to mount the desired configuration files as volumes.

Configuration files subject to be persisted:

  • /var/www/passbolt/config/app.php
  • /var/www/passbolt/config/gpg/serverkey.asc
  • /var/www/passbolt/config/gpg/serverkey_private.asc
  • /var/www/passbolt/app/webroot/img/public/images

SSL certificate files

It is also possible to mount a ssl certificate on the following paths:

  • /etc/ssl/certs/certificate.crt
  • /etc/ssl/certs/certificate.key

Requirements:

  • rng-tools are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster.
  • mysql >= 5.6