TeamPass is a Collaborative Passwords Manager used for managing passwords and sharing them among team members. It uses MySQL/MariaDB database to store passwords securely. It provides a powerful tool to customize passwords access depending on the users roles. It is free and open-source software and allows you to manage your passwords and related data in an organized way in respect to the access rights defined for each user. It comes with a rich set of features including, Data encryption, Personal folder, Tree structure, User privileges, Roles definition and many more.
In this tutorial, we will be going to show you how to install the TeamPass Password Manager software on Ubuntu 20.04 with Let's Encrypt SSL.
Prerequisites
- A server running Ubuntu 20.04.
- A valid domain name is pointed with your server IP.
- A root password is configured on the server.
Install LAMP Server
Before starting, make sure LAMP server must be installed in your server. If not installed, you can install it with other package by running the following command:
apt-get install apache2 mariadb-server php7.4 php7.4-cli libapache2-mod-php7.4 php7.4-mysql php7.4-curl php7.4-mbstring php7.4-bcmath php7.4-common php7.4-gd php7.4-xml git wget -y
Once the LAMP server is installed, edit the php.ini file and change some settings:
nano /etc/php/7.4/apache2/php.ini
Modify the following lines:
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = Asia/Kolkata
Once you are finished, you can proceed to the next step.
Create TeamPass Database
Next, you will need to create a database and user for TeamPass. First, log in to MariaDB shell with the following command:
mysql -u root
Once login, create a database and user for TeamPass with the following command:
MariaDB [(none)]> create database teampass;
MariaDB [(none)]> grant all privileges on teampass.* to teampass@localhost identified by "password";
Next, flush the privileges and exit from the MariaDB with the following command:
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
Once your database is created, you can proceed to the next step.
Download TeamPass
First, you will need to download the latest version of TeamPass from the Git repository. You can download it to the Apache web root directory with the following command:
cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass.git
Once the download is completed, change the ownership to the www-data user and set proper permission with the following command:
chown -R www-data.www-data /var/www/html/TeamPass/
chmod -R 775 /var/www/html/TeamPass/
Once you are finished, you can proceed to the next step.
Configure Apache Web Server
First, create an Apache virtual host configuration file for TeamPass with the following command:
nano /etc/apache2/sites-available/teampass.conf
Add the following lines:
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/TeamPass
ServerName teampass.linuxbuz.com
<Directory /var/www/html/TeamPass>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/teampass_error.log
CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined
</VirtualHost>
Save the file when you are finished. Then, enable the apache virtual host file and restart apache service to apply the changes:
a2ensite teampass
systemctl restart apache2
Once your Apache web server is configured, you can proceed to the next step.
Secure TeamPass with Let's Encrypt SSL
.First, you will need to install the Certbot Let's Encrypt client in your server. It is used to install and manage the Let's Encrypt SSL certificate for your domain. Run the following command to install the Certbot
apt-get install python3-certbot-apache -y
Once the Certbot is installed, run the following command to download and install the Let's Encrypt SSL for your website:
certbot --apache -d teampass.linuxbuz.com
You will need to provide your valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): hitjethva@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.linuxbuz.com Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf
Next, you will need to select whether or not to redirect HTTP traffic to HTTPS as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 to make all requests redirect to secure HTTPS access and hit Enter to install the Let's Encrypt SSL. Once the installation has been finished successfully, you should see the following output:
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.linuxbuz.com/privkey.pem Your cert will expire on 2020-10-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
At this point, your website is secured with Let's Encrypt SSL. You can now access it securely with HTTPS protocol.
Access TeamPass Web UI
Now, access your TeamPass web interface by visiting the URL https://teampass.linuxbuz.com. You should see the TeamPass welcome screen:
Click on the NEXT button. You should see the Server checks screen:
Click on the LAUNCH and NEXT button. You should see the Database connection screen:
Provide your Database details and click on the LAUNCH and NEXT button. You should see the preparation screen:
Click on the LAUNCH and NEXT button. You should see the Table creation screen:
Click on the LAUNCH and NEXT button. You should see the Finalization screen:
Click on the LAUNCH and NEXT button. Once the installation has been finished successfully, You should see the following screen:
Now, click on the Move to home page button. You will be redirected to the TeamPass login screen as shown below:
Provide your username as admin and the password which you have written during the installation process, and click on the Log In button. You should see the TeamPass dashboard in the following screen:
Conclusion
In this guide, you learned how to install the TeamPass password manager on Ubuntu 20.04 and secure it with Let's Encrypt SSL. You can now explore the TeamPass and deploy it in the production environment. For more information, visit the TeamPass official documentation.