There is a new version of this tutorial available for Debian 11 (Bullseye).

How to Install TeamPass Password Manager on Debian 10

TeamPass is a collaborative password manager used for managing passwords and sharing them among team members with a specific role. It uses MySQL/MariaDB to store passwords and provides a powerful tool for customizing passwords access Teampass is highly customizable and provides a lot of options to customize it to your needs. It uses Defuse PHP Encryption library to secures your data and your users.

In this tutorial, we will show you how to install TeamPass on Debian 10 and secure it with Let's Encrypt SSL.

Prerequisites

  • A server running Debian 10.
  • A valid domain name pointed with your server IP. in this tutorial, we will use teampass.example.com domain.
  • A root password is configured on your server.

Getting Started

Before starting, it is a good idea to update your system with the latest version. You can update your system with the following command:

apt-get update -y
apt-get upgrade -y

After updating the system, restart it to implement the changes.

Install LAMP Server

First, you will need to install the Apache webserver, MariaDB database server, PHP and other required PHP extensions to your system. You can install all of them with the following command:

apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -y

Once all the packages are installed, open php.ini file and change some required settings:

nano /etc/php/7.3/apache2/php.ini
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Asia/Kolkata

Save and close the file when you are finished.

Configure MariaDB

By default, the MariaDB root password is not configured in Debian 10. So you will need to set it for security reasons.

First, log in to the MariaDB shell with the following command:

mysql

After login, set the MariaDB root user password with the following command:

MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");

Next, create a database and user for TeamPass with the following command:

MariaDB [(none)]> create database teampassdb;
MariaDB [(none)]> grant all privileges on teampassdb.* to tpuser@localhost identified by "password";

Next, flush theprivileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;

Download TeamPass

Next, you will need to download the latest version of the TeamPass from the Git repository. You can download it to the Apache web root directory with the following command:

cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass.git

Next, give proper permissions to the TeamPass with the following command:

chown -R www-data.www-data /var/www/html/TeamPass/
chmod -R 775 /var/www/html/TeamPass/

Configure Apache for TeamPass

Next, you will need to create an Apache virtual host configuration file for TeamPass. You can create it with the following command:

nano /etc/apache2/sites-available/teampass.conf

Add the following lines:

<VirtualHost *:80>   
     ServerAdmin [email protected]
     DocumentRoot /var/www/html/TeamPass   
     ServerName teampass.example.com

     <Directory /var/www/html/TeamPass>      
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>   

     ErrorLog ${APACHE_LOG_DIR}/teampass_error.log
     CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined

</VirtualHost>  

Save and close the file when you are finished. Then, enable the TeamPass virtual host and restart the Apache web service to apply the changes:

a2ensite teampass
systemctl restart apache2

Secure TeamPass with Let's Encrypt

Next, it is a good idea to secure your TeamPass with Let's Encrypt Free SSL. First, you will need to install the Certbot client in your server to download and install the Let's Encrypt SSL for your domain.

By default, the Certbot client package is not available in the Debian 10 default repository. You can add the repository with the following command:

echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

Next, update the repository and install the Certbot client with the following command:

apt-get update -y
apt-get install python-certbot-apache -t buster-backports

Once installed, run the following command to obtain and install the SSL certificate for your domain:

certbot --apache -d teampass.example.com

You will be prompt to accept the term of service and provide your valid email address as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for teampass.example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

Next, you will need to choose whether or not to redirect HTTP traffic to HTTPS as shown below:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to continue. Once the installation has been completed, you should get the following output:

Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://teampass.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/teampass.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/teampass.example.com/privkey.pem
   Your cert will expire on 2020-04-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point, your domain is secured with Let's Encrypt SSL.

Access TeamPass Web Interface

Open your web browser and type the URL https://teampass.example.com. You will be redirected to the TeamPass welcome page as shown below:

TeamPass web installer

Click on the Next button. You should see the following page:

Server Check

Provide the URL and path of your TeamPass and click on the LAUNCH button. Once all the requirements are satisfied, you should see the following page:

Server Check successful

Click on the Next button. You should see the following page:

Database connection

Provide your database details and click on the LAUNCH and Next button. You should see the following page:

Table prefix

Provide your administrator password and click on the LAUNCH and Next button. You should see the following page:

Creating database tables

Click on the LAUNCH button to populate the database. You should see the following page:

Tables created successfully

Click on the Next button. You should see the following page:

Finalize installation

Click on the LAUNCH button to finalize the installation. You should see the following page:

Launch TeamPass

Click on the Next button. Once the installation has been completed. You should see the following page:

Installation completed

Click on the Move to home page. You will be redirected to the TeamPass login page:

TeamPass Homepage

Provide your admin username and password, and click on the Log in button. You should see the TeamPass dashboard in the following page:

TeamPass dashboard

Congratulations! you have successfully installed and configured TeamPass password manager on Debian 10.

Share this page:

0 Comment(s)