How to install TeamPass password manager on Debian 10
How to install TeamPass password manager on Debian 10
TeamPass is a collaborative password manager for managing passwords and sharing passwords among team members with specific roles. It uses MySQL / MariaDB to store passwords and provides powerful tools for custom password access. Teampass is highly customizable and offers many options to customize it to your needs. It uses Defuse PHP encryption library to protect your data and users.
In this tutorial, we will show you how to install TeamPass on Debian 10 and secure it with Let’s Encrypt SSL.
prerequisites
- A server running Debian 10.
- A valid domain name pointing to the server IP. In this tutorial, we will use the teampass.example.com domain.
- A root password is configured on your server.
getting Started
Before you start, it’s a good idea to update your system to the latest version. You can use the following command to update the system:
apt-get update -y apt-get upgrade -yAfter updating the system, restart it to implement the changes.
Install LAMP server
First, you need to install the Apache web server, MariaDB database server, PHP, and other necessary PHP extensions into your system. You can install all components with:
apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -yAfter installing all the packages, open the php.ini file and change some required settings:
nano /etc/php/7.3/apache2/php.inimemory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = Asia/Kolkata
Save and close the file when you are finished.
Configure MariaDB
By default, MariaDB root password is not configured in Debian 10. Therefore, for security reasons, you need to set it up.
First, log in to the MariaDB shell using the following command:
mysqlAfter logging in, use the following command to set the MariaDB root user password:
MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");Next, create a database and user for TeamPass using the following command:
MariaDB [(none)]> create database teampassdb; MariaDB [(none)]> grant all privileges on teampassdb.* to [email protected] identified by "password";Next, refresh the privileges and exit from the MariaDB shell using the following command:
MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit;Download TeamPass
Next, you need to download the latest version of TeamPass from the Git repository. You can download it to the Apache web root directory using the following command:
cd /var/www/html git clone https://github.com/nilsteampassnet/TeamPass.gitNext, grant the appropriate permissions to TeamPass using the following command:
chown -R www-data.www-data /var/www/html/TeamPass/ chmod -R 775 /var/www/html/TeamPass/Configure Apache for TeamPass
Next, you will need to create an Apache virtual host profile for TeamPass. You can create it using:
nano /etc/apache2/sites-available/teampass.confAdd the following lines:
ServerAdmin [email protected] DocumentRoot /var/www/html/TeamPass ServerName teampass.example.com Options FollowSymlinks AllowOverride All Require all granted ErrorLog ${APACHE_LOG_DIR}/teampass_error.log CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined
Save and close the file when you are finished. Then, enable TeamPass virtual hosting and restart the Apache web service to apply the changes:
a2ensite teampass systemctl restart apache2Let’s Encrypt to Protect TeamPass
Next, it’s best to secure TeamPass with Free Encrypted SSL. First, you need to install the Certbot client in the server to download and install “Let’s Encrypt SSL” for your domain.
The Certbot client package is not available in the Debian 10 default repository by default. You can add a repository using the following command:
echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.listNext, update the repository and install the Certbot client using the following command:
apt-get update -y apt-get install python-certbot-apache -t buster-backportsAfter installation, run the following command to obtain and install the SSL certificate for your domain:
certbot --apache -d teampass.example.comYou will be prompted to accept the Terms of Service and provide a valid email address as follows:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
Next, you will need to choose whether to redirect HTTP traffic to HTTPS as follows:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Types of 2 And hit Enter Then go on. When the installation is complete, you will get the following output:
Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.example.com/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
At this point, your domain is protected by “Encrypt our SSL.”
Access the TeamPass web interface
Open your web browser and enter the URL https://teampass.example.com. You will be redirected to the TeamPass welcome page as shown below:
Click on next Button. You should see the following page:
Provide the URL and path of your TeamPass and click emission Button. Once all requirements are met, you should see the following page:
Click on next Button. You should see the following page:
Provide your database details and click emission with next Button. You should see the following page:
Provide your administrator password and click emission with next Button. You should see the following page:
Click on emission The button populates the database. You should see the following page:
Click on next Button. You should see the following page:
Click on emission Button to complete the installation. You should see the following page:
Click on next Button. After installation is complete. You should see the following page:
Click on Go to homepage. You will be redirected to the TeamPass login page:
Provide your administrator username and password and click recording in Button. You should see the TeamPass dashboard on the following pages:
Congratulations! You have successfully installed and configured the TeamPass password manager on Debian 10.