Install sysPass Password Manager with Free Let's Encrypt SSL on Ubuntu 22.04

sysPass is a free, open-source, and PHP-based password management tool used to save your passwords in a safe location. It is web-based, secure, reliable, and designed for multi-user environments. It comes with a user-friendly web interface that helps users to configure different options like LDAP auth, mail, auditing, backup, import/export, etc. sysPass can be installed via web app, mobile app, and browser extension.

In this post, we will show you how to install sysPass password manager on Ubuntu 22.04.

Prerequisites

  • A server running Ubuntu 22.04.
  • A valid domain name pointed with your server IP.
  • A root password is configured on the server.

Install Apache, MariaDB, and PHP

Before starting, you will need to install the Apache web server, MariaDB database server, PHP, and other PHP extensions to your server. First, install the Apache and MariaDB server using the following command:

apt-get install apache2 mariadb-server -y

By default, Ubuntu 22.04 ships with PHP 8.1 version, but sysPass does not support PHP 8.1 version. So you will need to install PHP 7.4 version with other extensions on your server.

First, install all required dependencies with the following command:

apt install software-properties-common ca-certificates lsb-release apt-transport-https

Next, add the PHP repository with the following command:

add-apt-repository ppa:ondrej/php

Once the PHP repository is added, run the following command to install PHP 7.4 with all required extensions:

apt install libapache2-mod-php7.4 php7.4 php7.4-mysqli php7.4-pdo php7.4 php7.4-cgi php7.4-cli php7.4-common php7.4-gd php7.4-json php7.4-readline php7.4-curl php7.4-intl php7.4-ldap php7.4-xml php7.4-mbstring git -y

Once all the packages are installed, edit the php.ini file and make some changes:

nano /etc/php/7.4/apache2/php.ini

Change the following settings:

post_max_size = 100M
upload_max_filesize = 100M
max_execution_time = 7200
memory_limit = 512M
date.timezone = UTC

Save and close the file when you are finished. Next, restart the Apache service to apply the configuration changes:

systemctl restart apache2

Configure MariaDB for sysPass

By default, MariaDB installation is not secured. So you will need to secure it first. You can secure it using the following command:

mysql_secure_installation

Answer all the questions as shown below to set a MariaDB root password and secure the installation:

Enter current password for root (enter for none): 
Switch to unix_socket authentication [Y/n] Y
Change the root password? [Y/n] Y
New password: 
Re-enter new password: 
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once you are done, log in to the MariaDB interface with the following command:

mysql -u root -p

You will be asked to provide a MariaDB root password. Once you are login, create a database and user with the following command:

MariaDB [(none)]> create database syspassdb;
MariaDB [(none)]> grant all privileges on syspassdb.* to syspassuser@localhost identified by "password";

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

At this point, your MariaDB database and the user are ready for sysPass. You can now proceed to the next step.

Install sysPass

First, download the latest version of sysPass from the Git repository using the following command:

git clone https://github.com/nuxsmin/sysPass.git

After downloading sysPass, move the downloaded directory to the Apache web root directory:

mv sysPass /var/www/html/syspass

Next, set proper ownership to the syspass directory with the following command:

chown -R www-data:www-data /var/www/html/syspass

Next, set proper permission to the other directories:

chmod 750 /var/www/html/syspass/app/{config,backup}

Next, you will need to install the Composer to your system.

First, create a Composer installation script with the following command:

nano /var/www/html/syspass/install-composer.sh

Add the following lines:

#!/bin/sh
 EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
 ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
 if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
 then
     >&2 echo 'ERROR: Invalid installer signature'
     rm composer-setup.php
     exit 1
 fi
 php composer-setup.php --quiet
 RESULT=$?
 rm composer-setup.php
 exit $RESULT

Save and close the file, then run the Composer installation script using the following command:

cd /var/www/html/syspass/
sh install-composer.sh

Once the Composer is installed, run the following command to install all required PHP dependencies:

php composer.phar install --no-dev

Once all the dependencies are installed, you can proceed to the next step.

Configure Apache for sysPass

Next, you will need to create an Apache virtual host configuration file to host sysPass on the web. You can create it using the following command:

nano /etc/apache2/sites-available/syspass.conf

Add the following lines:

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/syspass"
ServerName syspass.example.com
<Directory "/var/www/html/syspass/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/syspass_access.log
ErrorLog /var/log/apache2/syspass_error.log
</VirtualHost>

Save and close the file when you are finished then activate the Apache virtual host with the following command:

a2ensite syspass

Next, restart the Apache service to apply the changes:

systemctl restart apache2

You can also check the status of the Apache service using the following command:

systemctl status apache2

You should get the following output:

? apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese>
     Active: active (running) since Sun 2022-07-24 04:27:17 UTC; 6s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 62773 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/S>
   Main PID: 62777 (apache2)
      Tasks: 6 (limit: 2242)
     Memory: 14.3M
        CPU: 109ms
     CGroup: /system.slice/apache2.service
             ??62777 /usr/sbin/apache2 -k start
             ??62778 /usr/sbin/apache2 -k start
             ??62779 /usr/sbin/apache2 -k start
             ??62780 /usr/sbin/apache2 -k start
             ??62781 /usr/sbin/apache2 -k start
             ??62782 /usr/sbin/apache2 -k start

Jul 24 04:27:17 ubuntu systemd[1]: Starting The Apache HTTP Server...

Once you are finished, you can proceed to the next step.

Access sysPass Admin Interface

Now, open your web browser and access the sysPass Admin interface using the URL http://syspass.example.com. You will be redirected to the following page:

sysPass master password

Login to sysPass

Provide your admin username, password, master password, database credentials, choose your language, hosting mode, and click on the INSTALL button. Once the installation has been completed, you will be redirected to sysPass login page.

Systems password manager

Provide your admin username, password and click on the > button. You should see the sysPass dashboard on the following page:

sysPass dashboard

Install Let's Encrypt SSL on sysPass

It is always a good idea to secure your website with Let's Encrypt SSL. First, you will need to install the Certbot client to install and manage the SSL. By default, the Certbot package is included in the Ubuntu 22.04 default repository, so you can install it with the following command:

apt-get install python3-certbot-apache -y

Once the Certbot is installed, run the following command to secure your website with Let's Encrypt SSL:

certbot --apache -d syspass.example.com

You will be asked to provide your email and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for syspass.example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/syspass-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/syspass-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/syspass-le-ssl.conf

Next, select whether or not to redirect HTTP traffic to HTTPS as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to install the Let's Encrypt SSL for your website:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/syspass.conf to ssl vhost in /etc/apache2/sites-available/syspass-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://syspass.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=syspass.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/syspass.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/syspass.example.com/privkey.pem
   Your cert will expire on 2022-10-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Conclusion

Congratulations! you have successfully installed sysPass password manager with Apache and Let's Encrypt SSL on Ubuntu 22.04. You can now explore the sysPass password manager and start to deploy it in your production environment.

Share this page:

0 Comment(s)