Migrate to a new RedHat Server

Pro

Prerequisites

For this tutorial, you will need:

• A minimal Red Hat 9 server.
• A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
• A working SMTP server for email notifications
• A working NTP service to avoid GPG authentication issues

The recommended server requirements are:

• 2 cores
• 2GB of RAM

FAQ pages:

• Considerations about entropy
• Set up NTP
• Firewall rules

Please note

It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server.

Pro tip

If you are going to manually provision SSL certificates you may want to do that before beginning!

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.

Step 1. Download our dependencies installation script:

curl -LO https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh

Step 2. Download our SHA512SUM for the installation script:

curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt

Step 3. Ensure that the script is valid and execute it:

sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.pro.sh

Install passbolt official linux package

sudo dnf install passbolt-pro-server

During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

Importing GPG key 0xC155581D:
Userid     : "Passbolt SA package signing key [email protected]"
Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
From       : https://download.passbolt.com/pub.key

MariaDB / Nginx / SSL settings

Passbolt PRO RPM package on Red Hat 9 come with a configuration helper tool to prepare MariaDB, Nginx and TLS (SSL) settings.

You must prepare beforehand your TLS (SSL) certificates before launching the tool. Be sure to write down the full path to your certificate and its corresponding private key, as it will be needed in the nginx configuration process.

Please, notice that for security matters we highly recommend to setup TLS (SSL) to serve passbolt.

Launch passbolt-configure tool and answer to the questions:

sudo /usr/local/bin/passbolt-configure

MariaDB

tip

If you prefer installing passbolt with Postgres, you can follow our dedicated configuration guide.

================================================================
Do you want to configure a local mariadb server on this machine?
================================================================
1) yes
2) no
#?

Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

If you chose yes, answer the questions:

=======================================================
Please enter a new password for the root database user:
=======================================================
MariaDB Root Password: ****
MariaDB Root Password (verify): ****
======================================================
Please enter a name for the passbolt database username
======================================================
Passbolt database user name:passboltuser
=======================================================
Please enter a new password for the mysql passbolt user
=======================================================
MariaDB passbolt user password: ****
MariaDB passbolt user password (verify): ****
==============================================
Please enter a name for the passbolt database:
==============================================
Passbolt database name:passboltdb

Migrate data

Load the backup files into the new server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

You should have:

• Your subscription key
• The private and public GPG keys
• Your database dump

Step 1. Create the subscription key file

You received your subscription key by email, copy it as `/etc/passbolt/subscription_key.txt` on your server.

Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown nginx:nginx /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php
sudo chown nginx:nginx /etc/passbolt/subscription_key.txt

Pro tips: If you didn't the old server database credentials while configuring MariaDB, you might want to update Datasources from /etc/passbolt/passbolt.php

Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc

Step 4. Remove the empty inserted tables

sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt drop_tables" nginx

Step 5. Load the backup into the database

mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql

Step 6. Import the server key

sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" nginx

Step 7. Migrate passbolt to the latest version

sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

Step 8. Test passbolt

Try to access your passbolt application with your browser.

If you are encountering any issues, you can run the following command to assess the status of your instance:

sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"