CentOS 7.x Installation¶
Prerequisites¶
- Web server (Apache/Nginx/Lighttpd) with SSL enabled.
- MariaDB >= 10.1
- PHP >= 7.0 (7.1 or above recommended)
- PHP modules
- mysqlnd
- curl
- json
- gd
- xml
- mbstring
- intl
- readline
- ldap (optional)
- mcrypt (optional for importing older XML export files)
- Package with latest sysPass version https://github.com/nuxsmin/sysPass/releases/latest
- Or clone sysPass repository from GitHub https://github.com/nuxsmin/sysPass.git
Installation¶
CentOS 7 package installation (http://wiki.centos.org/SpecialInterestGroup/SCLo).
$ sudo yum -y install centos-release-scl.noarch
$ sudo yum -y install rh-php73 rh-php73-php rh-php73-php-fpm httpd rh-mariadb103 wget
$ sudo yum -y install rh-php73-php-gd rh-php73-php-intl rh-php73-php-json rh-php73-php-ldap rh-php73-php-mbstring rh-php73-php-mysqlnd rh-php73-php-opcache rh-php73-php-pdo rh-php73-php-xml rh-php73-php-zip
Automated start/stop Apache web server and MariaDB server.
$ sudo systemctl enable --now httpd24-httpd.service rh-mariadb103-mariadb.service
Setting up MariaDB.
$ sudo scl enable rh-mariadb103 mysql_secure_installation
Enabling firewall ports.
$ sudo firewall-cmd --zone=public --add-service=http --add-service=https
$ sudo firewall-cmd --runtime-to-permanent
Optional for enabling SSL.
In order to increase your sysPass instance security, please consider to use SSL. See Security and the following resources for Debian:
- Sites only accessible from LAN: https://doc.debian.org/configuration/Self-Signed_Certificate
- Sites accessible from Internet, you could use Let’s Encrypt, see https://certbot.eff.org/
Directories and permissions¶
Create a directory for sysPass within the web server root.
$ sudo mkdir /var/www/html/syspass
If you go with the packaged version, download and unpack sysPass files.
$ cd /var/www/html/syspass
# Strip version directory and extract contents to current directory.
$ sudo tar xzf syspass.tar.gz --strip-components=1
# If using the vendors package
$ sudo tar xzf vendors.tar.gz
If you go with Git cloned version, clone sysPass GitHub repository.
$ sudo git clone https://github.com/nuxsmin/sysPass.git /var/www/html/syspass
Setup directories permissions. The owner should match the web server running user.
$ sudo chown apache -R /var/www/html/syspass
$ sudo chmod 750 /var/www/html/syspass/app/config /var/www/html/syspass/app/backup
SELinux¶
sysPass needs to be allowed to write its configuration and some other files (backup, cache, temp, etc). We have 2 choices:
Note
Please, run only one of the choices
- Change the SELinux context of files:
$ sudo setsebool -P httpd_can_connect_ldap 1
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/syspass/app/(config|backup|cache|temp)(/.*)?"
$ sudo restorecon -R -v /var/www/html/syspass
- Disable SELinux by editing the file “/etc/sysconfig/selinux” and setting “SELINUX” variable’s value to “disabled”. You need to restart the system. Until then you can use permissive mode which won’t enforce the policies:
$ sudo setenforce 0
Installing dependencies¶
PHP Composer is needed to keep up-to-date dependencies and an easy way to apply security or functional patches to them.
You can either download the dependencies using Composer itself or by getting the latest “vendor.tar.gz” package from the release page.
Note
If you don’t have any Internet access from the server, the vendor package will provide all the release dependencies and you don’t need to deal with composer commands.
Using PHP Composer¶
From sysPass root directory, download and install Composer (https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md)
Create a bash script called “install_composer.sh” and paste this code in it:
#!/bin/sh
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
>&2 echo 'ERROR: Invalid installer signature'
rm composer-setup.php
exit 1
fi
php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT
$ chmod +x install_composer.sh
$ ./install_composer.sh
Then install sysPass dependencies
$ php composer.phar install --no-dev
Environment configuration¶
Please, point your web browser to the following URL and follow the installer steps
https://IP_OR_SERVER_ADDRESS/syspass/index.php
Note
More information about how sysPass works on Application
Warning
It’s very advisable to take a look to security advices on Security