How to Setup Teampass Password Manager on Debian 11
Most users have a lot of social media, email, and other accounts on the internet. It is very difficult for anyone to manage all their account and passwords. This is where the password manager comes into the picture. Team pass is an open-source password manager that helps you to store and manage all your passwords from the central location. It is a collaborative password manager that allows you to share all stored passwords with team members. You can also set access rights for each user to control them to access only a given set of data.
In this tutorial, I will show you how to install the Teampass password manager with Apache and Let's Encrypt SSL on Debian 11.
Prerequisites
- A server running Debian 11.
- A valid domain name pointed with your server IP.
- A root password is configured on the server.
Install Apache, MariaDB and PHP
First, you will need to install the Apache web server, MariaDB database server, PHP and other required extensions to your server. You can install all of them by running the following command:
apt-get install apache2 apache2-utils mariadb-server mariadb-client php7.4 libapache2-mod-php7.4 php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-bcmath php7.4-curl php7.4-fpm php7.4-gd php7.4-xml php7.4-mbstring -y
Once all the packages are installed, edit the php.ini file and change some default settings:
nano /etc/php/7.4/apache2/php.ini
Change the following settings:
max_execution_time = 60 date.timezone = Asia/Kolkata
Save and close the file then restart the Apache service to apply the changes:
systemctl restart apache2
Once you are finished, you can proceed to the next step.
Create a Database for Teampass
Teampass uses a MariaDB as a database backend so you will need to create a database and user for Teampass.
First, secure the MariaDB installation and set a MariaDB root password using the following command:
mysql_secure_installation
Answer all the questions as shown below:
Enter current password for root (enter for none): Switch to unix_socket authentication [Y/n] n Change the root password? [Y/n] Y New password: Re-enter new password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Once you are done, connect to the MariaDB with the following command:
mysql -u root -p
Next, create a database and user with the following command:
MariaDB [(none)]> create database teampass;
MariaDB [(none)]> grant all privileges on teampass.* to teampass@localhost identified by "password";
Next, flush the privileges and exit from the MariaDB with the following command:
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
Once you are done, you can proceed to the next step.
Install Teampass
Next, you will need to download the latest version of Teampass from the Git repository.
First, install the git package using the following command:
apt-get install git -y
Next, download the latest version of Teampass to the Apache web root directory:
cd /var/www/html/
git clone https://github.com/nilsteampassnet/TeamPass.git
Next, change the ownership and permission with the following command:
chown -R www-data:www-data TeamPass
chmod -R 775 /var/www/html/TeamPass
Once you are done, you can proceed to the next step.
Create an Apache Virtual Host for Teampass
Next, you will need to create an Apache virtual host configuration file to host Teampass on the internet.
nano /etc/apache2/sites-available/teampass.conf
Add the following lines:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/TeamPass
ServerName teampass.example.com
<Directory /var/www/html/TeamPass>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/teampass_error.log
CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined
</VirtualHost>
Save and close the file then enable the Apache virtual host and restart the Apache service to apply the changes:
a2ensite teampass
systemctl restart apache2
You can also verify the status of the Apache with the following command:
systemctl status apache2
You will get the following output:
? apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-11-01 03:39:47 UTC; 5s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 20013 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 20017 (apache2)
Tasks: 6 (limit: 2341)
Memory: 14.1M
CPU: 95ms
CGroup: /system.slice/apache2.service
??20017 /usr/sbin/apache2 -k start
??20018 /usr/sbin/apache2 -k start
??20019 /usr/sbin/apache2 -k start
??20020 /usr/sbin/apache2 -k start
??20021 /usr/sbin/apache2 -k start
??20022 /usr/sbin/apache2 -k start
Nov 01 03:39:47 debian11 systemd[1]: Starting The Apache HTTP Server..
Access Teampass Web Interface
Now, open your web browser and access the Teampass web interface using the URL http://teampass.example.com. You should see the following page:
Click on the LAUNCH and NEXT buttons. You should see the Server checks screen:
Provide your Teampass path, website URL and click on the LAUNCH and NEXT buttons. You should see the Database connection screen:
Provide your Database details and click on the LAUNCH and NEXT buttons. You should see the preparation screen:
Provide your admin password and click on the LAUNCH and NEXT buttons. You should see the Table creation screen:
Click on the LAUNCH and NEXT buttons. You should see the Finalization screen:
Click on the LAUNCH and NEXT buttons. Once the installation has been finished successfully, You should see the following screen:
Now, click on the Move to home page button. You will be redirected to the TeamPass login screen as shown below:
Provide your username as admin and the password which you have written during the installation process, and click on the Log In button. You should see the TeamPass dashboard on the following screen:
Secure Teampass with Let's Encrypt SSL
First, you will need to install the Certbot Let's Encrypt client on your server. It is used to install and manage the Let's Encrypt SSL certificate for your domain. Run the following command to install the Certbot.
apt-get install python3-certbot-apache -y
Once the Certbot is installed, run the following command to download and install the Let's Encrypt SSL for your website:
certbot --apache -d teampass.example.com
You will need to provide your valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.example.com Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf
Next, you will need to select whether or not to redirect HTTP traffic to HTTPS as shown below:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 to make all requests redirect to secure HTTPS access and hit Enter to install the Let's Encrypt SSL. Once the installation has been finished successfully, you should see the following output:
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.example.com/privkey.pem Your cert will expire on 2022-01-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
At this point, your website is secured with Let's Encrypt SSL. You can now access it securely with HTTPS protocol.
Conclusion
Congratulations! you have successfully installed Teampass password manager with Apache and Let's Encrypt SSL on Debian 11. You can now manage your all credentials and share them with your team from the web-based interface.
