Skip to content

Instantly share code, notes, and snippets.

@fibonacid
Last active February 16, 2024 00:07
Show Gist options
  • Save fibonacid/c048621a2db45e50b9cdffdfc6a2b892 to your computer and use it in GitHub Desktop.
Save fibonacid/c048621a2db45e50b9cdffdfc6a2b892 to your computer and use it in GitHub Desktop.
How to migrate Passbolt to a new server

How to migrate Passbolt to a new server

SSH into you remote server and create a directory.

mkdir ~/passbolt

Go inside the directory

cd ~/passbolt

Go to your current server and make a copy of the database used by passbolt

mysqldump -u user -d database ./backup.sql

Make a copy of the public image folder.

sudo cp -r /var/www/passbolt/webroot/img/public ./images

Export public gpg keys from the web user

sudo -s /bin/bash -c "gpg --export > ./gpg_keys.asc" www-data

Export private gpg keys from the web user

sudo -s /bin/bash -c "gpg --export-secret-keys > ./gpg_secret_keys.asc" www-data

Copy all the files we created on your local computer. Open a terminal on your machine and run:

scp -r <old-server-user>@<old-server-ip>:~/passbolt .

If you plan on changing the domain name for your passbolt server you should replace all the references to the old one in the backup.sql file.

sed --in-place "s/old.domain.com/new.domain.com/" passbolt/backup.sql

Now you can copy the folder to the new server.

scp -r passbolt <new-server-user>@<new-server-ip>:~/

Connect to new server with SSH.

ssh <new-server-user>@<new-server-ip>

Install Passbolt Community Edition following one of the guides listed on this link. Once you have installed passbolt, create the database and setup GnuPG it's time to restore the backups we made.

First import the gpg keys on the web user:

sudo -s /bin/bash -c "gpg --import < ./passbolt/gpg_keys.asc" www-data
sudo -s /bin/bash -c "gpg --import-secret-keys < ./passbolt/gpg_secret_keys.asc" www-data

List gpg keys to find out the email address of the server key. In my case the email is passbolt@yourdomain.com, you can find out what is yours by executing this command.

sudo -s /bin/bash -c "gpg --list-secret-keys --fingerprint" www-data

Then you should copy the server key inside a file called serverkey_private.asc in the /config/gpg folder.

sudo -s /bin/bash -c "sudo gpg --armor --export-secret-keys passbolt@yourdomain.com | sudo tee /var/www/passbolt/config/gpg/serverkey_private.asc" www-data

Do it also for the public key.

sudo -s /bin/bash -c "sudo gpg --armor --export passbolt@yourdomain.com | sudo tee /var/www/passbolt/config/gpg/serverkey.asc" www-data

Make sure that the new key files belong to the web user.

sudo chown -R www-data:www-data /var/www/passbolt/config/gpg

Now it's time to restore the database:

mysql -u passbolt -d passbolt -p < ./passbolt/backup.sql

Once that's done you can check if everything is ok by running the passbolt healthcheck command.

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck" www-data

If passbolt says that there are some pending migrations you can run the following command.

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt migrate" www-data

You can find out about more passbolt commands by passing the --help flag the passbolt cli tool.

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt --help" www-data

Finally you can copy the images from the old server inside /var/www/passbolt/webroot/img/public.

sudo cp -f -r ./passbolt/images/** /var/www/passbolt/webroot/img/public/

Then change the owner of the public folder to the web user.

sudo chown -R www-data:www-data /var/www/passbolt/webroot/img/public

Now you should be able to connect to your new server at new.domain.com, login with your old credentials and see all the data. Once you have verified that everything is good you should clean up all the temporary files we created along the way, especially the gpg keys.

@TobiKr
Copy link

TobiKr commented Sep 14, 2021

Hi,

thanks for your tutorial. The tutorial has a small error: gpg import command's > has wrong direction (needs to be "<")

@fibonacid
Copy link
Author

Thanks @TobiKr, i've corrected the error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment