# Passbolt docs
## Table of contents
- [Installation](#Installation)
- Maintenance
- Updating passbolt instance
- Backup passbolt instance
## Installation
In this section, the process of installing passbolt is explained. This is based of the documentation from passbolt.
### Prerequisites
- Minimal Ubuntu 22.04 server
- A domain/host name pointing to your server, or a static IP to reach the server
- A working SMTP server for email
- A working NTP service to avoid GPG authentication issues
### Server requirements
- 2 cores
- 2 GB of RAM
**NOTE**: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server.
### Installation
**1. configure environment and install package**
Type the following in the Terminal:
- `wget "https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh" `(Download the dependencies installation script)
- `wget "https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt"` (Download the SHA512SUM for the installation script)
- `sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.ce.sh` (Ensure that the script is valid and execute it)
- `sudo apt install passbolt-ce-server` (Install passbolt official linux package)
**2. configure and create first user** (https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu.html)
Follow the wizard installation and you will be redirected to user creation
**3. Configure your administrator account**
- Download the plugin
- Create a new key
- Download the recovery kit
- Define your security token
## Maintenance
This regards processes regarding the updating of a passbolt instance and the backing-up of a passbolt instance. All documentation regarding this is based of the passbolt documentation.
### Updating passbolt instance
#### Prerequisites
For this tutorial, you will need:
- A minimal Ubuntu server.
- Passbolt Ubuntu package installed.
#### Update passbolt
**1. Take down passbolt.muze.nl**
It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects such as active users corrupting the data in the middle of an upgrade.
`$ sudo systemctl stop nginx`
**2. Backup the database**
It is recommended to always perform a backup of your passbolt installation. Please check the [backup section](#Backup-passbolt-instance)
**3. Upgrade the system (Only when needed)**
These commands will trigger an upgrade on your whole Ubuntu system:
`$ sudo apt update`
`$ sudo apt upgrade`
**4. Clear the cache**
Finally make sure you clear the application cache, to make sure any changes in the database structure are reflected in model cache files:
`$ sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"`
**5. Take your site back up**
Start up passbolt.muze.nl
`sudo systemctl start nginx`
**Troubleshooting**
For troubleshooting, you can reffer to the [passbolt documentation](https://help.passbolt.com/hosting/update/ubuntu-package.html) in the troubleshooting section.
### Backup passbolt instance
Making regular backups is a critical aspect of managing a passbolt instance. Because passbolt stores important information, it is equally important to have a backup strategy in place.
As a passbolt administrator it is your responsibility to define how often and when to perform backups. Please automate and customize this process to match the needs and policies of your organization.
Here are some best practices to keep in mind:
- Ensure that the backups are taken at intervals that match your usage
- Take these backups off-site, or to another environment than the live one
- Make sure the backup is encrypted and stored in a safe location
- Practice drills and test the backups to make sure they work
#### What to backup?
If you are a PRO user, ensure you have a backup of your subscription key.
There are also several elements you need to backup:
**1. The database**
This can be easily scripted using mysqldump for example:
`mysqldump -u[user] -p[pass] [db] > /path/to/backup.sql`
**2. The server public and private keys**
The easiest way is to copy the server OpenPGP key in config/gpg.
- private key is serverkey_private.asc
- public key is serverkey.asc
Another method is to export it using GnuPG. You can use the email attached to your keys to identify them or use the fingerprint. In order to find the fingerprint if you do not know the email attached to your keys:
`sudo -H -u www-data /bin/bash -c "gpg --list-keys"`
If you know the email attached to your keys you can use it to export your keys as follows:
`sudo -H -u www-data /bin/bash -c "gpg --export-secret-keys <identifier> > /var/www/passbolt/config/gpg/private.asc" www-data`
`sudo -H -u www-data /bin/bash -c "gpg --export <identifier> > /var/www/passbolt/config/gpg/public.asc" www-data`
**NOTE:** *Be sure to remove the expiration time before importing the keys at backup restore. While restoring the backup, the imported keys cannot have an expiry date.*
**3. The application configuration**
Passbolt configuration file is located in config/passbolt.php.
**4. The avatars (for Passbolt version prior to 3.2)**
Back up webroot/img/public to avoid losing the profile images.
`sudo tar cvfzp passbolt-avatars.tar.gz -C /var/www/passbolt/ webroot/img/avatar`
**NOTE:** *Since Passbolt 3.2, user’s avatars are no longer stored on disk but on the avatars table of passbolt database.*
**Backup list**
At the end of the backup process you should have:
- a dump of your database
- the server public and private GPG keys
- a copy of your config/passbolt.php configuration file
- a copy of your avatar folder (only if Passbolt version < 3.2)
**What about the secret keys of my collaborators?**
Every user private key should also be backed up, this is however not something we/you can automate easily for now (passbolt might provide a functionality for this in the future). We believe it is best if this is the responsibility of the end user. There is a dedicated step during the extension setup to that purpose.
As an administrator you should stress the importance of backing up secret keys to other users. For example this warning could be part of the initial information message sent to introduce passbolt to new users.
It is possible that having users back up their own keys may not be realistic or desirable in your case. In this case you can opt in for an alternative strategy such as setting up the account with/for them and taking a backup of the secret keys then. In the worst case scenario you could automate the process by installing a script on your users machine that would make that backup for you.
Sign in with Wallet
Connect another wallet