User Tools

Site Tools


sysadmin_misc:teampass

Teampass

This applies to debian jessie, for the deploiement of https://github.com/nilsteampassnet/TeamPass. Since teampass development happens in separate branches cleanly I am following the github repo directly.

Dependencies

apt install postfix nginx php5-fpm php5-mcrypt php5-ldap php5-gd

Database

apt install mysql-server
mysql_secure_installation
echo "CREATE DATABASE teampass CHARACTER SET utf8;
CREATE USER 'teampass'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL PRIVILEGES ON teampass.* TO 'teampass'@'localhost';" | mysql -p

Nginx config

apt install nginx

The configuration in /etc/nginx/nginx.conf is as follows :

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  ;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name  _;

        root /var/www/html/TeamPass/;
        index index.php;

        location ~ ^/(favicon.ico|robots.txt)$ {
            access_log off;
            expires max;
        }
        location ~ ^/(backups|files|install|sources|upload|apache-default.conf|changelog.md|composer.json|docker-compose.yml|Dockerfile|license.md|readme.md|start.sh|.git|.github)$ {
            deny all;
            access_log off;
            log_not_found off;
        }
        location ~ ^/(includes) {
            allow all;
        }
        # deny access to all .dot-files
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }

        location / {
            try_files $uri /index.php$is_args$args;
        }

        location ~ \.php {
            fastcgi_pass   unix:/var/run/php5-fpm.sock;

            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS off;
        }
    }
}

Teampass itself

cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass
sed 's/max_execution_time = 30/max_execution_time = 60/' -i /etc/php5/fpm/php.ini
chown -R www-data install/ includes/ files/ upload/

We also create a directory for the saltkey, which should be outside of /var/www :

mkdir /var/lib/teampass
chown www-data /var/lib/teampass

Initial setup

sysadmin_misc/teampass.txt · Last modified: 2018/09/25 15:00 (external edit)