There is a new version of this tutorial available for Ubuntu 22.04 (Jammy Jellyfish).

Install sysPass Password Manager on Ubuntu 20.04

sysPass is an open-source and multiuser password manager written in PHP. It is used in business and personal use for password management. It saves your password using bidirectional encryption with a master password to a database. It comes with a rich set of features including, Security. Database authentication. LDAP directory authentication, Encrypted and unencrypted custom fields for accounts, Permissions and more.

In this tutorial, we will show you how to install the sysPass password manager with Apache and Let's Encrypt SSL on Ubuntu 20.04 server.

Prerequisites

  • A server running Ubuntu 20.04.
  • A valid domain name pointed with your server IP.
  • A root password is configured the server.

Getting Started

Before starting, you will need to update your system packages to the latest version. You can update them using the following command:

apt-get update -y

Once your server is updated, you can proceed to the next step.

Install LAMP Server

First, you will need to install the Apache webserver, MariaDB database, PHP and other PHP modules to your server. Run the following command to install all those packages:

apt-get install apache2 mariadb-server libapache2-mod-php php-mysql php-pdo php-pear php php-cgi php-cli php-common php-gd php-json php-readline php-curl php-intl php-ldap php-xml php-mbstring git -y

Once all the packages are installed, edit the php.ini file and make some desired changes:

nano /etc/php/7.4/apache2/php.ini

Change the following lines:

post_max_size = 1024M
upload_max_filesize = 1024M
max_execution_time = 7200
memory_limit = 512M
date.timezone = Asia/Kolkata

Save and close the file when you are finished.

Create a sysPass Database

sysPass uses MariaDB as a database backend. So you will need to create a database and user for sysPass.

First, connect with MySQL with the following command:

mysql

Once connected, create a database and user with the following command:

MariaDB [(none)]> create database syspassdb;
MariaDB [(none)]> grant all privileges on syspassdb.* to syspass@localhost identified by "password";

Next, flush the privileges and exit from the MariaDB with the following command:

MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

Once the database is created, you can proceed to the next step.

Install sysPass

First, you will need to download the latest version of sysPass from the Git repository to the Apache root directory. You can download it with the following command:

git clone https://github.com/nuxsmin/sysPass.git /var/www/html/syspass

Once the download is completed, set proper permissions and ownership with the following command:

chown -R www-data:www-data /var/www/html/syspass
chmod 750 /var/www/html/syspass/app/{config,backup}

Next, change the directory to the sysPass and create a Composer installation script:

cd /var/www/html/syspass
nano composer-install.sh

Add the following lines:

#!/bin/sh
 EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
 ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
 if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
 then
     >&2 echo 'ERROR: Invalid installer signature'
     rm composer-setup.php
     exit 1
 fi
 php composer-setup.php --quiet
 RESULT=$?
 rm composer-setup.php
 exit $RESULT

Save and close the file then run the script with the following command:

bash composer-install.sh

Next, install all the required PHP dependencies with the following command:

php composer.phar install --no-dev

Once all the dependencies are installed, you can proceed to the next step.

Configure Apache for sysPass

Next, you will need to create an Apache virtual host configuration file for sysPass. You can create it with the following command:

nano /etc/apache2/sites-available/syspass.conf

Add the following lines:

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/syspass
ServerName syspass.example.com

Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/syspass-error_log
CustomLog /var/log/apache2/syspass-access_log common
</VirtualHost>

Save and close the file when you are finished then enable the sysPass virtual host configuration file with the following command:

a2ensite syspass

Next, restart the Apache service to apply the changes:

systemctl reload apache2
You can also verify the status of the Apache with the following command:
systemctl status apache2

You should get the following output:

? apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-02-16 09:42:27 UTC; 10min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 19098 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 19117 (apache2)
      Tasks: 11 (limit: 2353)
     Memory: 47.5M
     CGroup: /system.slice/apache2.service
             ??19117 /usr/sbin/apache2 -k start
             ??19119 /usr/sbin/apache2 -k start
             ??19120 /usr/sbin/apache2 -k start
             ??19121 /usr/sbin/apache2 -k start
             ??19122 /usr/sbin/apache2 -k start
             ??19126 /usr/sbin/apache2 -k start
             ??19128 /usr/sbin/apache2 -k start
             ??19130 /usr/sbin/apache2 -k start
             ??19131 /usr/sbin/apache2 -k start
             ??19132 /usr/sbin/apache2 -k start
             ??19143 /usr/sbin/apache2 -k start

Feb 16 09:42:27 ubuntu2004 systemd[1]: Starting The Apache HTTP Server...

Access sysPass Web UI

Now, open your web browser and access the sysPass web interface using the URL http://syspass.example.com. You will be redirected to the following page:

Provide your Database information, admin username, password, master password, check Hosting mode and click on the INSTALL button. Once the installation has been finished, you will be redirected to the sysPass login page:

Provide your admin username, password click on the > button. You should see the sysPass dashboard in the following page:

Secure sysPass with Let's Encrypt SSL

It is always a good idea to secure your website with Let's Encrypt SSL. You will need to install the Certbot client to install and manage the SSL. You can install it with the following command:

apt-get install python3-certbot-apache -y

Once the Certbot is installed, run the following command to secure your website with Let's Encrypt SSL:

certbot --apache -d syspass.example.com

You will be asked to provide your email and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for syspass.example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/syspass-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/syspass-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/syspass-le-ssl.conf

Next, select whether or not to redirect HTTP traffic to HTTPS as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to install the Let's Encrypt SSL for your website:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/syspass.conf to ssl vhost in /etc/apache2/sites-available/syspass-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://syspass.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=syspass.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/syspass.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/syspass.example.com/privkey.pem
   Your cert will expire on 2020-10-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, you can access your website securely using the URL https://syspass.example.com.

Conclusion

Congratulations! you have successfully installed sysPass with Apache and Let's Encrypt SSL on Ubuntu 20.04. You can now use sysPass to store and manage your password from the central location. Feel free to ask me if you have any questions.

Share this page:

0 Comment(s)