TeamPass是一种协作式密码管理器,用于管理密码并在具有特定角色的团队成员之间共享密码。它使用MySQL / MariaDB存储密码,并提供了用于自定义密码访问的强大工具。Teampass具有高度可定制性,并提供了许多选项来根据您的需要进行自定义。它使用Defuse PHP加密库来保护您的数据和用户。
在本教程中,我们将向您展示如何在Debian 10上安装TeamPass并使用Let’s Encrypt SSL对其进行保护。
先决条件
- 运行Debian 10的服务器。
- 指向服务器IP的有效域名。在本教程中,我们将使用teampass.example.com域。
- 在您的服务器上配置了root密码。
入门
在开始之前,最好将系统更新为最新版本。您可以使用以下命令更新系统:
apt-get update -y
apt-get upgrade -y
更新系统后,重新启动它以实施更改。
安装LAMP服务器
首先,您需要将Apache Web服务器,MariaDB数据库服务器,PHP和其他必需的PHP扩展安装到系统中。您可以使用以下命令安装所有组件:
apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -y
安装完所有软件包后,打开php.ini文件并更改一些必需的设置:
nano /etc/php/7.3/apache2/php.ini
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = Asia/Kolkata
完成后保存并关闭文件。
配置MariaDB
默认情况下,在Debian 10中未配置MariaDB根密码。因此,出于安全原因,您需要进行设置。
首先,使用以下命令登录MariaDB shell:
mysql
登录后,使用以下命令设置MariaDB root用户密码:
MariaDB [(none)]> SET PASSWORD FOR 'root'@'localhost' = PASSWORD("yournewpassword");
接下来,使用以下命令为TeamPass创建数据库和用户:
MariaDB [(none)]> create database teampassdb;
MariaDB [(none)]> grant all privileges on teampassdb.* to tpuser@localhost identified by "password";
接下来,刷新特权并使用以下命令从MariaDB shell退出:
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
下载TeamPass
接下来,您需要从Git存储库下载最新版本的TeamPass。您可以使用以下命令将其下载到Apache Web根目录:
cd /var/www/html
git clone https://github.com/nilsteampassnet/TeamPass.git
接下来,使用以下命令为TeamPass授予适当的权限:
chown -R www-data.www-data /var/www/html/TeamPass/
chmod -R 775 /var/www/html/TeamPass/
为TeamPass配置Apache
接下来,您将需要为TeamPass创建一个Apache虚拟主机配置文件。您可以使用以下命令创建它:
nano /etc/apache2/sites-available/teampass.conf
添加以下行:
<VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/html/TeamPass ServerName teampass.example.com <Directory /var/www/html/TeamPass> Options FollowSymlinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/teampass_error.log CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined </VirtualHost>
完成后保存并关闭文件。然后,启用TeamPass虚拟主机并重新启动Apache Web服务以应用更改:
a2ensite teampass
systemctl restart apache2
让我们加密来保护TeamPass
接下来,最好使用“免费加密SSL”来保护TeamPass。首先,您需要在服务器中安装Certbot客户端,以下载和安装域的“让我们加密SSL”。
默认情况下,Certbot客户端软件包在Debian 10默认存储库中不可用。您可以使用以下命令添加存储库:
echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list
接下来,更新存储库并使用以下命令安装Certbot客户端:
apt-get update -y
apt-get install python-certbot-apache -t buster-backports
安装后,运行以下命令以获取并安装您域的SSL证书:
certbot --apache -d teampass.example.com
系统将提示您接受服务条款并提供有效的电子邮件地址,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): hitjethva@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
接下来,您将需要选择是否将HTTP流量重定向到HTTPS,如下所示:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
键入2并按下Enter键继续。安装完成后,您将获得以下输出:
Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.example.com/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
至此,您的域已被“加密我们的SSL”保护。
访问TeamPass Web界面
打开您的Web浏览器,然后输入URL https://teampass.example.com。您将被重定向到TeamPass欢迎页面,如下所示:
单击下一步按钮。您应该看到以下页面:
提供您的TeamPass的URL和路径,然后单击LAUNCH按钮。一旦满足所有要求,您应该看到以下页面:
单击下一步按钮。您应该看到以下页面:
提供数据库细节,点击LAUNCH和下一步按钮。您应该看到以下页面:
提供您的管理员密码,然后点击LAUNCH和下一步按钮。您应该看到以下页面:
点击LAUNCH按钮来填充数据库。您应该看到以下页面:
单击下一步按钮。您应该看到以下页面:
点击LAUNCH按钮完成安装。您应该看到以下页面:
单击下一步按钮。安装完成后。您应该看到以下页面:
单击“ 移至主页”。您将被重定向到TeamPass登录页面:
提供您的管理员用户名和密码,然后单击“ 登录 ”按钮。您应该在以下页面中看到TeamPass仪表板:
恭喜你!您已经在Debian 10上成功安装并配置了TeamPass密码管理器。
原文:https://www.howtoforge.com/how-to-install-teampass-password-manager-on-debian-10/