Skip to content

Passbolt

Jump to bottom
Jason Klein edited this page Nov 10, 2020 · 8 revisions

Passbolt

Springfield Devs uses Passbolt to share community project credentials with contributors. Browse to passbolt.sgf.dev to access the SGF Devs Passbolt Service.

Service setup and maintenance is documented below.

Web Services

Passbolt web services are hosted on an AWS EC2 instance (ec2-3-15-211-121.us-east-2.compute.amazonaws.com) in the Ohio Region (us-east-2) of the DEVS-H4G AWS account (979662945731). Daily backup snapshots of the EBS Volume are stored for 35 days.

The web server contains:

  • Server Keys (/var/www/passbolt/config/gpg)
  • User avatar images (/var/www/passbolt/webroot/img/public)
  • Password Database (MySQL)

HTTP/HTTPS services are accessible from any IP (https://passbolt.sgf.dev/). An existing admin must create website account for new users.

SSH is accessible from specific IPs. Login to SSH using "admin" user and the "passbolt.sgf.dev" SSH key in DEVS 1Password.

This server sends outbound email through AWS SES.

Database Services

Passbolt data is hosted in a MySQL (MariaDB) server on the same EC2 instance that hosts the web service. Daily backup snapshots are stored for 6 months (/var/lib/mysql-backup/). Root and Passbolt User Credentials are stored in AWS H4G details in DEVS 1Password.

OS Updates

This server is not configured to perform automatic updates. Follow these steps to perform OS updates.

  1. Login to the AWS EC2 console
  2. Temporarily attach the "Outgoing Web Requests" security policy to the server (so that it can make HTTP/HTTPS connections and download updates)
  3. SSH into the EC2 server (ssh admin@passbolt.sgf.dev). Refer to DEVS 1Password for SSH key.
  4. Update APT (sudo apt update)
  5. Upgrade APT packages (sudo apt upgrade)
  6. Reboot server (reboot)
  7. Remove the "Outgoing Web Requests" security policy from the server.

Recovery

See Passbolt Backup

  • Database: Restore MySQL data from daily MySQL dump files (/var/lib/mysql-backup/).
  • Avatars: Restore images to /var/www/passbolt/webroot/img/public
  • Server Key: Restore files to /var/www/passbolt/config/gpg or restore key from DEVS 1Password (cat /var/www/passbolt/config/gpg/serverkey_private.asc)
  • App Config: Create new configure or restore config from DEVS 1Password (cat /var/www/passbolt/config/passbolt.php)

Troubleshooting

04/16/2020 - Server was not responding. Restarted Nginx to resolve issue.

ssh admin@passbolt.sgf.dev
sudo /etc/init.d/nginx restart

Clone this wiki locally