How to install TeamPass password manager on Debian 10

How to install TeamPass password manager on Debian 10

TeamPass is a collaborative password manager for managing passwords and sharing passwords among team members with specific roles. It uses MySQL / MariaDB to store passwords and provides powerful tools for custom password access. Teampass is highly customizable and offers many options to customize it to your needs. It uses Defuse PHP encryption library to protect your data and users.

In this tutorial, we will show you how to install TeamPass on Debian 10 and secure it with Let’s Encrypt SSL.

prerequisites

  • A server running Debian 10.
  • A valid domain name pointing to the server IP. In this tutorial, we will use the teampass.example.com domain.
  • A root password is configured on your server.

getting Started

Before you start, it’s a good idea to update your system to the latest version. You can use the following command to update the system:

apt-get update -y apt-get upgrade -y

After updating the system, restart it to implement the changes.

Install LAMP server

First, you need to install the Apache web server, MariaDB database server, PHP, and other necessary PHP extensions into your system. You can install all components with:

apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -y

After installing all the packages, open the php.ini file and change some required settings:

nano /etc/php/7.3/apache2/php.ini
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Asia/Kolkata

Save and close the file when you are finished.

Configure MariaDB

By default, MariaDB root password is not configured in Debian 10. Therefore, for security reasons, you need to set it up.

First, log in to the MariaDB shell using the following command:

mysql

After logging in, use the following command to set the MariaDB root user password:

MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");

Next, create a database and user for TeamPass using the following command:

MariaDB [(none)]> create database teampassdb; MariaDB [(none)]> grant all privileges on teampassdb.* to [email protected] identified by "password";

Next, refresh the privileges and exit from the MariaDB shell using the following command:

MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit;

Download TeamPass

Next, you need to download the latest version of TeamPass from the Git repository. You can download it to the Apache web root directory using the following command:

cd /var/www/html git clone https://github.com/nilsteampassnet/TeamPass.git

Next, grant the appropriate permissions to TeamPass using the following command:

chown -R www-data.www-data /var/www/html/TeamPass/ chmod -R 775 /var/www/html/TeamPass/

Configure Apache for TeamPass

Next, you will need to create an Apache virtual host profile for TeamPass. You can create it using:

nano /etc/apache2/sites-available/teampass.conf

Add the following lines:

   
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/TeamPass   
     ServerName teampass.example.com

           
          Options FollowSymlinks
          AllowOverride All
          Require all granted
        

     ErrorLog ${APACHE_LOG_DIR}/teampass_error.log
     CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined

  

Save and close the file when you are finished. Then, enable TeamPass virtual hosting and restart the Apache web service to apply the changes:

a2ensite teampass systemctl restart apache2

Let’s Encrypt to Protect TeamPass

Next, it’s best to secure TeamPass with Free Encrypted SSL. First, you need to install the Certbot client in the server to download and install “Let’s Encrypt SSL” for your domain.

The Certbot client package is not available in the Debian 10 default repository by default. You can add a repository using the following command:

echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

Next, update the repository and install the Certbot client using the following command:

apt-get update -y apt-get install python-certbot-apache -t buster-backports

After installation, run the following command to obtain and install the SSL certificate for your domain:

certbot --apache -d teampass.example.com

You will be prompted to accept the Terms of Service and provide a valid email address as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for teampass.example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

Next, you will need to choose whether to redirect HTTP traffic to HTTPS as follows:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Types of 2 And hit Enter Then go on. When the installation is complete, you will get the following output:

Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://teampass.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/teampass.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/teampass.example.com/privkey.pem
   Your cert will expire on 2020-04-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point, your domain is protected by “Encrypt our SSL.”

Access the TeamPass web interface

Open your web browser and enter the URL https://teampass.example.com. You will be redirected to the TeamPass welcome page as shown below:

Click on next Button. You should see the following page:

Server check

Provide the URL and path of your TeamPass and click emission Button. Once all requirements are met, you should see the following page:

Server check succeeded

Click on next Button. You should see the following page:

Database Connectivity

Provide your database details and click emission with next Button. You should see the following page:

Table prefix

Provide your administrator password and click emission with next Button. You should see the following page:

Create a database table

Click on emission The button populates the database. You should see the following page:

Table created successfully

Click on next Button. You should see the following page:

finish installation

Click on emission Button to complete the installation. You should see the following page:

Launch TeamPass

Click on next Button. After installation is complete. You should see the following page:

The installation is complete

Click on Go to homepage. You will be redirected to the TeamPass login page:

TeamPass Home

Provide your administrator username and password and click recording in Button. You should see the TeamPass dashboard on the following pages:

TeamPass dashboard

Congratulations! You have successfully installed and configured the TeamPass password manager on Debian 10.

Source

Sidebar