Install Teampass Password Manager on Ubuntu 22.04 LTS

Posted Oct 15, 2022

By Febryandana 3 min read

Quotes from TeamPass :

TeamPass is a Passwords Manager dedicated for managing passwords in a collaborative way by sharing them among team members.

In this guide we will install TeamPass on Ubuntu 22.04 LTS with nginx as web server and mariadb as database server. We will also cover how to secure teampass website with HTTPS.

Preparation

Update Ubuntu 22.04

  
sudo apt-get update
sudo apt-get upgrade -y

Install Dependencies

Instal Nginx, MariaDB Server, and PHP with some extensions

  
sudo apt-get install nginx mariadb-server certbot \
php8.1 php8.1-cli php8.1-mysql php8.1-curl \
php8.1-mbstring php8.1-bcmath php8.1-common \
php8.1-fpm php8.1-gd php8.1-xml git wget

Update PHP Configurations

Edit below configurations in php.ini file.

nano /etc/php/8.1/fpm/php.ini

  
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Asia/Jakarta

systemctl restart php8.1-fpm.service

Create TeamPass Database

Start mysql initial setup to secure it.

mysql_secure_installation

Create new mysql user and database for storing teampass data.

  
mysql -u root -p

CREATE USER 'teampass'@'localhost' IDENTIFIED BY "dbpassword";
CREATE DATABASE teampass;
GRANT ALL PRIVILEGES ON teampass.* TO 'teampass'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Download Latest TeamPass

Create directory to store teampass salt key.

  
mkdir -p /var/teampass
chown -R www-data:www-data /var/teampass

Download TeamPass Github repository.

  
cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass.git
mkdir TeamPass/includes/libraries/csrfp/log
chown -R www-data:www-data /var/www/html/TeamPass/
chmod -R 775 /var/www/html/TeamPass/

Configure Nginx Web Server

Set Domain Pointing to TeamPass Host

We can do it from DNS registrar dashboard. DNS is needed for HTTPS.

Install SSL Certificates for HTTPS

systemctl stop nginx
certbot certonly -d teampass.febryandana.xyz

When requesting certificates, choose to Spin up a temporary webserver, input your email, Agree (Y) to ToS, disagree (N) for email subscription, and take notes of the certificate and key file location.

Create New Virtual Host

Change teampass.febryandana.xyz to your domain.

nano /etc/nginx/sites-available/teampass.febryandana.xyz.conf
ln -s /etc/nginx/sites-available/teampass.febryandana.xyz.conf /etc/nginx/sites-enabled/teampass.febryandana.xyz.conf

  
server {
    listen 80;
    server_name teampass.febryandana.xyz;
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name teampass.febryandana.xyz;
  root /var/www/html/TeamPass;

  ssl_certificate  /etc/letsencrypt/live/teampass.febryandana.xyz/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/teampass.febryandana.xyz/privkey.pem;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log /var/log/nginx/teampass-access.log;
  error_log /var/log/nginx/teampass-error.log;

  location / {
      try_files $uri /index.php$is_args$args;
  }

  location ~ .php$ { ## Execute PHP scripts
      if (!-e $request_filename) { rewrite / /index.php last; }
      expires        off;
      fastcgi_pass   unix:/var/run/php/php8.1-fpm.sock;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      fastcgi_read_timeout 500;
      include        fastcgi_params;
  }
}