Category Archives: Hosting

passbolt docker password manager

docker pull passbolt/passbolt:latest
git clone https://github.com/passbolt/passbolt_docker
cd passbolt_docker

vim env/mysql.env
vim env/passbolt.env

docker-compose -f docker-compose.yml up -d
docker-compose ps

docker-compose exec passbolt su -m -c "/var/www/passbolt/bin/cake \
                                passbolt register_user \
                                -u <[email protected]> \
                                -f <yourname> \
                                -l <surname> \
                                -r admin" -s /bin/sh www-data

Another option manually run passbolt:

docker network create passbolt_network
docker volume create mariadb_passbolt_data

docker run -d --name mariadb --net passbolt_network \
             --mount source=mariadb_passbolt_data,target=/var/lib/mysql \
             -e MYSQL_ROOT_PASSWORD=<root_password> \
             -e MYSQL_DATABASE=<mariadb_database> \
             -e MYSQL_USER=<mariadb_user> \
             -e MYSQL_PASSWORD=<mariadb_password> \
             mariadb
docker run --name passbolt --net passbolt_network \
             --mount type=bind,\
               source=<host_path_to_gnupg_keys_dir>,\
               target=/var/www/passbolt/config/gpg \
             -p 443:443 \
             -p 80:80 \
             -e DATASOURCES_DEFAULT_HOST=mariadb \
             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
             -e APP_FULL_BASE_URL=https://mydomain.com \
             passbolt/passbolt:latest

Persisting data in passbolt container:
/var/www/passbolt/webroot/img
/var/www/passbolt/config/gpg
/etc/ssl/certs/certificate.crt /etc/ssl/certs/certificate.key

Persisting the images directory could be to create a docker volume:
docker volume create passbolt_images

docker run --name passbolt --net passbolt_network \
             --mount source=passbolt_images,\
             target=/var/www/passbolt/webroot/img \
             -p 443:443 \
             -p 80:80 \
             -e DATASOURCES_DEFAULT_HOST=mariadb \
             -e DATASOURCES_DEFAULT_PASSWORD=<mariadb_password> \
             -e DATASOURCES_DEFAULT_USERNAME=<mariadb_user> \
             -e DATASOURCES_DEFAULT_DATABASE=<mariadb_database> \
             -e APP_FULL_BASE_URL=https://mydomain.com \
             passbolt/passbolt:latest

PHP-FPM get status

cat /etc/php/7.4/fpm/pool.d/www.conf | grep -v \; | awk 'NF' | tee /etc/php/7.4/fpm/pool.d/www.conf
vi /etc/php/7.4/fpm/pool.d/www.conf

pm.status_path=/status
ping.path=/ping
ping.response=pong

apt install fcgiwrap
ss -l | grep php
u_strLISTEN 0 511 /run/php/php7.4-fpm.sock 79744 * 0

SCRIPT_NAME=/status \
SCRIPT_FILENAME=/status \
REQUEST_METHOD=GET \
cgi-fcgi -bind -connect /run/php/php7.4-fpm.sock

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-type: text/plain;charset=UTF-8

pool: www
process manager: dynamic
start time: 07/Feb/2021:13:44:50 +0200
start since: 382
accepted conn: 3
listen queue: 0
max listen queue: 0
listen queue len: 0
idle processes: 1
active processes: 1
total processes: 2
max active processes: 1
max children reached: 0
slow requests: 0

proxy_fcgi apache

apt install apache2 php7.4-fpm

a2enconf php7.4-fpm
a2enmod proxy proxy_fcgi

cat /etc/apache2/conf-enabled/php7.4-fpm.conf 
# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>

certbot cloudflare DNS authentication API

add-apt-repository ppa:certbot/certbot
apt install software-properties-common
apt update
apt install python-certbot-nginx
apt install python-pip
pip install certbot-dns-cloudflare

vi /root/.secrets/cloudflare.cfg
dns_cloudflare_api_key = “xxx”

certbot certonly –dns-cloudflare –dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d domain.com,*.domain.com –preferred-challenges dns-01

prestashop enable SSL SQL


mysql> SELECT * FROM `ps_configuration` WHERE name like 'PS_SSL_ENABLED%' ;
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+
| id_configuration | id_shop_group | id_shop | name | value | date_add | date_upd |
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+
| 29 | NULL | NULL | PS_SSL_ENABLED | 0 | 0000-00-00 00:00:00 | 0000-00-00 00:00:00 |
| 288 | NULL | NULL | PS_SSL_ENABLED_EVERYWHERE | 0 | 2021-01-24 00:52:10 | 2021-01-24 00:52:10 |
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+

mysql> update ps_configuration set value=1 where id_configuration=29;
mysql> update ps_configuration set value=1 where id_configuration=288;

pure-ftpd ubuntu


apt update
apt install pure-ftpd

rm -rf /etc/pure-ftpd/conf/* \
&& echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog \
&& echo "UTF-8" > /etc/pure-ftpd/conf/FSCharset \
&& echo "1000" > /etc/pure-ftpd/conf/MinUID \
&& echo "yes" > /etc/pure-ftpd/conf/NoAnonymous \
&& echo "no" > /etc/pure-ftpd/conf/PAMAuthentication \
&& echo "no" > /etc/pure-ftpd/conf/UnixAuthentication \
&& echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB \
&& touch /etc/pure-ftpd/pureftpd.pdb \
&& echo "027 007" > /etc/pure-ftpd/conf/Umask \
&& echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone \
&& echo "yes" > /etc/pure-ftpd/conf/Daemonize \
&& echo "yes" > /etc/pure-ftpd/conf/DontResolve \
&& echo "no" > /etc/pure-ftpd/conf/BrokenClientsCompatibility \
&& echo "50" > /etc/pure-ftpd/conf/MaxClientsNumber \
&& echo "no" > /etc/pure-ftpd/conf/VerboseLog \
&& echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles \
&& echo "no" > /etc/pure-ftpd/conf/AnonymousOnly \
&& echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility \
&& echo "no" > /etc/pure-ftpd/conf/AnonymousCanCreateDirs \
&& echo "30000 35000" > /etc/pure-ftpd/conf/PassivePortRange \
&& echo "no" > /etc/pure-ftpd/conf/AllowUserFXP \
&& echo "no" > /etc/pure-ftpd/conf/AllowAnonymousFXP \
&& echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite \
&& echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead \
&& echo "no" > /etc/pure-ftpd/conf/AutoRename \
&& echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload \
&& ln -sf /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure \
&& ln -sf /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/40PureDB \
&& systemctl stop pure-ftpd \
&& systemctl start pure-ftpd \
&& systemctl status pure-ftpd

# To enable both plain-text and TLS encryption
echo "1" > /etc/pure-ftpd/conf/TLS

# Or disable plain-text and use TLS encryption only
echo "2" > /etc/pure-ftpd/conf/TLS

apt install -y certbot
certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start"

echo $(certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start") \
cd /etc/letsencrypt/live/ftp.yourdomain.tld/ \
&& cat cert.pem privkey.pem > pure-ftpd.pem \
&& rm /etc/ssl/private/pure-ftpd.pem \
&& mv pure-ftpd.pem /etc/ssl/private/ \
&& chmod 600 /etc/ssl/private/pure-ftpd.pem \
&& service pure-ftpd restart

#Add new user
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser -d /home/ftpuser
chown -R ftpuser:ftpgroup /home/ftpuser

pure-pw useradd ftpaccountname -u ftpuser -g ftpgroup -d /home/ftpuser
pure-pw mkdb
pure-pw show ftpaccountname

#Reset FTP User Password
pure-pw list
pure-pw passwd ftpaccountname
pure-pw mkdb

#Delete FTP User
pure-pw userdel ftpaccountname
pure-pw mkdb

ERROR 1698 (28000): Access denied for user ‘root’@’localhost’

MariaDB [mysql]> SELECT User, Host, plugin FROM mysql.user;
+------+-----------+-------------+
| User | Host | plugin |
+------+-----------+-------------+
| root | localhost | unix_socket |

mysql> USE mysql;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> FLUSH PRIVILEGES;
mysql> exit;

MariaDB [mysql]> SELECT User, Host, plugin FROM mysql.user;
+------+-----------+-----------------------+
| User | Host | plugin |
+------+-----------+-----------------------+
| root | localhost | mysql_native_password |
+------+-----------+-----------------------+

service mysql restart