Skip to main content

Migrate to a new SLES Server


For this tutorial, you will need:

  • A minimal SLES 15 SP6 server.
  • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
  • A working SMTP server for email notifications
  • A working NTP service to avoid GPG authentication issues

The recommended server requirements are:

  • 2 cores
  • 2GB of RAM

FAQ pages:

Please note

It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server.

Pro tip

If you are going to manually provision SSL certificates you may want to do that before beginning!

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.

Step 1. Download our dependencies installation script:

curl -LO

Step 2. Download our SHA512SUM for the installation script:

curl -LO

Step 3. Ensure that the script is valid and execute it:

sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./ || echo "Bad checksum. Aborting" && rm -f

Install passbolt official linux package

sudo zypper install passbolt-pro-server
During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:
Importing GPG key 0xC155581D:
Userid : "Passbolt SA package signing key [email protected]"
Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
From :
  Repository:       Passbolt Server
Key Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
Key Name: Passbolt SA package signing key <[email protected]>
Key Algorithm: RSA 2048

If the fingerprint matches, trust always by answering a to this question:

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):

Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

  Repository:       php
Key Fingerprint: 55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
Key Name: devel:languages:php OBS Project <devel:languages:[email protected]>
Key Algorithm: DSA 1024

Finally, verify and trust OpenSUSE PHP extensions repository GPG key:

  Repository:       php-extensions-x86_64
Key Fingerprint: A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
Key Name: server:php:extensions OBS Project <server:php:[email protected]>
Key Algorithm: RSA 2048

MariaDB / Nginx / SSL settings

Passbolt PRO RPM package on SLES 15 SP6 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

Launch passbolt-configure tool and answer to the questions:

sudo /usr/local/bin/passbolt-configure


Do you want to configure a local mariadb server on this machine?
1) yes
2) no

Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

If you chose yes, answer the questions:

Please enter a new password for the root database user:
MariaDB Root Password: ****
MariaDB Root Password (verify): ****
Please enter a name for the passbolt database username
Passbolt database user name:passboltuser
Please enter a new password for the mysql passbolt user
MariaDB passbolt user password: ****
MariaDB passbolt user password (verify): ****
Please enter a name for the passbolt database:
Passbolt database name:passboltdb


On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

Install Haveged ?
1) yes
2) no


Please enter the domain name under which passbolt will run.

Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let's encrypt if you don't have your own SSL certificates.

If you don't have a domain name and you do not plan to use let's encrypt please enter the ip address to access this machine.

Hostname: passbolt.domain.tld

SSL configuration

3 available choices for SSL configuration:

  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
  • auto: Will issue a free SSL certificate with and set up nginx
  • none: Do not setup HTTPS at all
Setting up SSL...
1) manual
2) auto
3) none

If you choose 1, you will be prompted for the full path of your certificates:

Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

Installation is almost complete. Please point your browser to
https://passbolt.domain.tld to complete the process

Migrate data

Load the backup files into the new server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

You should have:

  • Your subscription key
  • The private and public GPG keys
  • Your database dump
  • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2

Step 1. Create the subscription key file

You received your subscription key by email, copy it as `/etc/passbolt/subscription_key.txt` on your server.

Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown nginx:nginx /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php
sudo chown nginx:nginx /etc/passbolt/subscription_key.txt
Pro tips: If you didn't the old server database credentials while configuring MariaDB, you might want to update Datasources from /etc/passbolt/passbolt.php

Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey_private.asc
sudo chown nginx:nginx /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc

Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
sudo chown -R nginx:nginx /usr/share/php/passbolt/webroot/img/public

Step 5. Load the database

mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql

Step 6. Import the server key

sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" nginx

Step 7. Migrate passbolt to the latest version

sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

Step 8. Test passbolt

Try to access your passbolt application with your browser.

If you are encountering any issues, you can run the following command to assess the status of your instance:

sudo -H -u nginx /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"