How to Install TeamPass Password Manager on Debian 10
TeamPass is a collaborative password manager used for managing passwords and sharing them among team members with a specific role. It uses MySQL/MariaDB to store passwords and provides a powerful tool for customizing passwords access Teampass is highly customizable and provides a lot of options to customize it to your needs. It uses Defuse PHP Encryption library to secures your data and your users.
In this tutorial, we will show you how to install TeamPass on Debian 10 and secure it with Let's Encrypt SSL.
Prerequisites
- A server running Debian 10.
- A valid domain name pointed with your server IP. in this tutorial, we will use teampass.example.com domain.
- A root password is configured on your server.
Getting Started
Before starting, it is a good idea to update your system with the latest version. You can update your system with the following command:
apt-get update -y
apt-get upgrade -y
After updating the system, restart it to implement the changes.
Install LAMP Server
First, you will need to install the Apache webserver, MariaDB database server, PHP and other required PHP extensions to your system. You can install all of them with the following command:
apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -y
Once all the packages are installed, open php.ini file and change some required settings:
nano /etc/php/7.3/apache2/php.ini
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = Asia/Kolkata
Save and close the file when you are finished.
Configure MariaDB
By default, the MariaDB root password is not configured in Debian 10. So you will need to set it for security reasons.
First, log in to the MariaDB shell with the following command:
mysql
After login, set the MariaDB root user password with the following command:
MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");
Next, create a database and user for TeamPass with the following command:
MariaDB [(none)]> create database teampassdb;
MariaDB [(none)]> grant all privileges on teampassdb.* to [email protected] identified by "password";
Next, flush theprivileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
Download TeamPass
Next, you will need to download the latest version of the TeamPass from the Git repository. You can download it to the Apache web root directory with the following command:
cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass.git
Next, give proper permissions to the TeamPass with the following command:
chown -R www-data.www-data /var/www/html/TeamPass/
chmod -R 775 /var/www/html/TeamPass/
Configure Apache for TeamPass
Next, you will need to create an Apache virtual host configuration file for TeamPass. You can create it with the following command:
nano /etc/apache2/sites-available/teampass.conf
Add the following lines:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/TeamPass
ServerName teampass.example.com
<Directory /var/www/html/TeamPass>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/teampass_error.log
CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined
</VirtualHost>
Save and close the file when you are finished. Then, enable the TeamPass virtual host and restart the Apache web service to apply the changes:
a2ensite teampass
systemctl restart apache2
Secure TeamPass with Let's Encrypt
Next, it is a good idea to secure your TeamPass with Let's Encrypt Free SSL. First, you will need to install the Certbot client in your server to download and install the Let's Encrypt SSL for your domain.
By default, the Certbot client package is not available in the Debian 10 default repository. You can add the repository with the following command:
echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list
Next, update the repository and install the Certbot client with the following command:
apt-get update -y
apt-get install python-certbot-apache -t buster-backports
Once installed, run the following command to obtain and install the SSL certificate for your domain:
certbot --apache -d teampass.example.com
You will be prompt to accept the term of service and provide your valid email address as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
Next, you will need to choose whether or not to redirect HTTP traffic to HTTPS as shown below:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to continue. Once the installation has been completed, you should get the following output:
Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.example.com/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
At this point, your domain is secured with Let's Encrypt SSL.
Access TeamPass Web Interface
Open your web browser and type the URL https://teampass.example.com. You will be redirected to the TeamPass welcome page as shown below:
Click on the Next button. You should see the following page:
Provide the URL and path of your TeamPass and click on the LAUNCH button. Once all the requirements are satisfied, you should see the following page:
Click on the Next button. You should see the following page:
Provide your database details and click on the LAUNCH and Next button. You should see the following page:
Provide your administrator password and click on the LAUNCH and Next button. You should see the following page:
Click on the LAUNCH button to populate the database. You should see the following page:
Click on the Next button. You should see the following page:
Click on the LAUNCH button to finalize the installation. You should see the following page:
Click on the Next button. Once the installation has been completed. You should see the following page:
Click on the Move to home page. You will be redirected to the TeamPass login page:
Provide your admin username and password, and click on the Log in button. You should see the TeamPass dashboard in the following page:
Congratulations! you have successfully installed and configured TeamPass password manager on Debian 10.
