如何在Debian 10上安装TeamPass密码管理器
TeamPass是一种协作式密码管理器,用于管理密码并在具有特定角色的团队成员之间共享密码。它使用MySQL / MariaDB存储密码,并提供了用于自定义密码访问的强大工具。Teampass具有高度可定制性,并提供了许多选项来根据您的需要进行自定义。它使用Defuse PHP加密库来保护您的数据和用户。
在本教程中,我们将向您展示如何在Debian 10上安装TeamPass并使用Let s Encrypt SSL对其进行保护。
运行Debian 10的服务器。 指向服务器IP的有效域名。在本教程中,我们将使用teampass.example.com域。 在您的服务器上配置了root密码。在开始之前,最好将系统更新为最新版本。您可以使用以下命令更新系统:
apt-get update -y apt-get upgrade -y
更新系统后,重新启动它以实施更改。
安装LAMP服务器首先,您需要将Apache Web服务器,MariaDB数据库服务器,PHP和其他必需的PHP扩展安装到系统中。您可以使用以下命令安装所有组件:
apt-get install apache2 mariadb-server php php-cli libapache2-mod-php php-mysql php-curl php-mbstring php-bcmath php-common php-gd php-xml git wget -y
安装完所有软件包后,打开php.ini文件并更改一些必需的设置:
nano /etc/php/7.3/apache2/php.ini
memory_limit = 256M upload_max_filesize = 100M max_execution_time = 360 date.timezone = Asia/Kolkata
完成后保存并关闭文件。
配置MariaDB默认情况下,在Debian 10中未配置MariaDB根密码。因此,出于安全原因,您需要进行设置。
首先,使用以下命令登录MariaDB shell:
mysql
登录后,使用以下命令设置MariaDB root用户密码:
MariaDB [(none)] SET PASSWORD FOR root@localhost = PASSWORD("yournewpassword");
接下来,使用以下命令为TeamPass创建数据库和用户:
MariaDB [(none)] create database teampassdb; MariaDB [(none)] grant all privileges on teampassdb.* to tpuser@localhost identified by "password";
接下来,刷新特权并使用以下命令从MariaDB shell退出:
MariaDB [(none)] flush privileges; MariaDB [(none)] exit;下载TeamPass
接下来,您需要从Git存储库下载最新版本的TeamPass。您可以使用以下命令将其下载到Apache Web根目录:
cd /var/www/html git clone https://github.com/nilsteampassnet/TeamPass.git
接下来,使用以下命令为TeamPass授予适当的权限:
chown -R www-data.www-data /var/www/html/TeamPass/ chmod -R 775 /var/www/html/TeamPass/为TeamPass配置Apache
接下来,您将需要为TeamPass创建一个Apache虚拟主机配置文件。您可以使用以下命令创建它:
nano /etc/apache2/sites-available/teampass.conf
添加以下行:
VirtualHost *:80 ServerAdmin admin@example.com DocumentRoot /var/www/html/TeamPass ServerName teampass.example.com Directory /var/www/html/TeamPass Options FollowSymlinks AllowOverride All Require all granted /Directory ErrorLog ${APACHE_LOG_DIR}/teampass_error.log CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined /VirtualHost
完成后保存并关闭文件。然后,启用TeamPass虚拟主机并重新启动Apache Web服务以应用更改:
a2ensite teampass systemctl restart apache2让我们加密来保护TeamPass
接下来,最好使用“免费加密SSL”来保护TeamPass。首先,您需要在服务器中安装Certbot客户端,以下载和安装域的“让我们加密SSL”。
默认情况下,Certbot客户端软件包在Debian 10默认存储库中不可用。您可以使用以下命令添加存储库:
echo "deb http://ftp.debian.org/debian buster-backports main" /etc/apt/sources.list
接下来,更新存储库并使用以下命令安装Certbot客户端:
apt-get update -y apt-get install python-certbot-apache -t buster-backports
安装后,运行以下命令以获取并安装您域的SSL证书:
certbot --apache -d teampass.example.com
系统将提示您接受服务条款并提供有效的电子邮件地址,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter c to cancel): hitjethva@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Lets Encrypt project and the non-profit organization that develops Certbot? Wed like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for teampass.example.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/teampass-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/teampass-le-ssl.conf Enabling available site: /etc/apache2/sites-available/teampass-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
接下来,您将需要选择是否将HTTP流量重定向到HTTPS,如下所示:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if youre confident your site works on HTTPS. You can undo this change by editing your web servers configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press c to cancel): 2
键入2并按下Enter键继续。安装完成后,您将获得以下输出:
Redirecting vhost in /etc/apache2/sites-enabled/teampass.conf to ssl vhost in /etc/apache2/sites-available/teampass-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://teampass.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=teampass.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/teampass.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/teampass.example.com/privkey.pem Your cert will expire on 2020-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Lets Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
至此,您的域已被“加密我们的SSL”保护。
访问TeamPass Web界面打开您的Web浏览器,然后输入URL https://teampass.example.com。您将被重定向到TeamPass欢迎页面,如下所示:
单击下一步按钮。您应该看到以下页面:
提供您的TeamPass的URL和路径,然后单击LAUNCH按钮。一旦满足所有要求,您应该看到以下页面:
单击下一步按钮。您应该看到以下页面:
提供数据库细节,点击LAUNCH和下一步按钮。您应该看到以下页面:
提供您的管理员密码,然后点击LAUNCH和下一步按钮。您应该看到以下页面:
点击LAUNCH按钮来填充数据库。您应该看到以下页面:
单击下一步按钮。您应该看到以下页面:
点击LAUNCH按钮完成安装。您应该看到以下页面:
单击下一步按钮。安装完成后。您应该看到以下页面:
单击“ 移至主页”。您将被重定向到TeamPass登录页面:
提供您的管理员用户名和密码,然后单击“ 登录 ”按钮。您应该在以下页面中看到TeamPass仪表板:
恭喜你!您已经在Debian 10上成功安装并配置了TeamPass密码管理器。
原文:https://www.howtoforge.com/how-to-install-teampass-password-manager-on-debian-10/
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/32297.html
apacheDebianLAMPmysqlphppythonshell相关文章
- 区块链密码基础之签名算法(一)
- Vagrant安装Docker及Docker上安装Redis并设置密码
- 开源密码存储引擎 Vault 的安装与使用
- Linux 安装二进制MySQL 及 破解MySQL密码的方法
- 输入8-16位数字和字母组成的密码详解编程语言
- Linux用户:安全登录密码设置指南(linux登录用户密码)
- 忘记重置root密码Oracle忘记重置Root密码:急救措施(oracle几分钟前)
- 微软 Edge 浏览器 92 稳定版发布:新增密码健康仪表盘、导航升级 HTTPS
- 和密码Mysql登录:输入用户名密码授权访问(mysql登陆用户名)
- MySQL安装的默认密码:破解了的秘密(mysql安装的默认密码)
- MySQL中默认密码的保护(mysql的默认密码)
- MySQL默认账号与密码设置(mysql的默认账号密码)
- 上的安装方法在macOS上安装MySQL的步骤下载安装文件双击安装启动MySQL配置root密码测试连接完成
- MySQL无密码连接从入门到精通(c mysql无密码连接)
- 探究Redis是否可以不用密码直接访问(查看redis是否免密)
- Redis上线新装置安全更可靠(新安装的redis有密码)
- 保护好你的Oracle登录密码吧(oracle保存登录密码)
- 解决mysql无法显示密码问题的方法(mysql不显示密码)
- Redis默认密码设置与安全性(redis默认密码是什么)
- 使用Redis经过密码认证的登录策略(redis设置密码后登陆)