Home » Blog » Install sysPass on Ubuntu

Information

Install sysPass on Ubuntu

Benhcmark Administrator

02/10/2025

3 Views 0

SaveSavedRemoved 0

How to Install sysPass on Ubuntu: A Comprehensive Step-by-Step Guide

In today’s digital world, managing passwords effectively is not just a convenience—it’s a critical security requirement. While cloud-based password managers are popular, a self-hosted solution offers unparalleled control over your sensitive data. For organizations and individuals who prioritize data sovereignty, sysPass is a powerful, open-source password management tool.

This guide provides a detailed, step-by-step walkthrough for installing sysPass on an Ubuntu server, giving you a secure, centralized vault for your credentials.

What is sysPass?

sysPass is a web-based password manager that allows you to store and share credentials securely within a team or for personal use. It features robust encryption, granular access controls, user group management, and a comprehensive audit log. By hosting it yourself, you ensure that your passwords remain entirely on your infrastructure.

Prerequisites

Before we begin, ensure you have the following:

• A server running a recent version of Ubuntu (20.04 or 22.04 is recommended).
• Root or sudo access to the server.
• A LAMP (Linux, Apache, MariaDB, PHP) stack installed.

Step 1: Update Your System

First, it’s always best practice to ensure your system’s package list and installed packages are up to date.

sudo apt update && sudo apt upgrade -y

Step 2: Install Apache, MariaDB, and PHP

sysPass relies on a web server, a database, and PHP to function. We will install the LAMP stack and the specific PHP extensions required by sysPass.

1. Install Apache, MariaDB, and PHP:

   sudo apt install apache2 mariadb-server php libapache2-mod-php -y
   

2. Install Required PHP Extensions: sysPass needs several specific PHP modules to operate correctly.

   sudo apt install php-mysql php-ldap php-gd php-json php-mbstring php-xml php-intl php-curl php-imagick -y
   

3. Restart Apache to load the new modules:

   sudo systemctl restart apache2
   

Step 3: Create a Database for sysPass

Next, you need to create a dedicated database and a user for sysPass to store its data.

1. Log in to the MariaDB shell as the root user.

   sudo mysql -u root -p
   

2. Create the database, user, and grant the necessary privileges. Replace 'YourStrongPassword' with a secure password of your own.

   CREATE DATABASE syspass_db;
   CREATE USER 'syspass_user'@'localhost' IDENTIFIED BY 'YourStrongPassword';
   GRANT ALL PRIVILEGES ON syspass_db.* TO 'syspass_user'@'localhost';
   FLUSH PRIVILEGES;
   EXIT;
   

   Make a note of the database name, username, and password, as you will need them during the web-based installation.

Step 4: Download and Prepare sysPass

Now we will download the latest version of sysPass and place it in the web server’s directory.

1. Navigate to the /tmp directory and download the latest release from the official GitHub repository.

   cd /tmp
   wget https://github.com/nuxsmin/sysPass/releases/download/3.2.11/syspass-3.2.11.tar.gz
   

   Note: Always check the sysPass GitHub page for the latest version number and update the URL accordingly.

2. Extract the downloaded archive.

   tar -zxvf syspass-3.2.11.tar.gz
   

3. Move the extracted files to your web root directory. We’ll place it in a subdirectory named syspass.

   sudo mv syspass /var/www/html/syspass
   

4. Set the correct permissions. The web server needs to be able to write to specific directories. This is a critical step for both functionality and security.

   sudo chown -R www-data:www-data /var/www/html/syspass/
   sudo chmod -R 750 /var/www/html/syspass/
   

Step 5: Configure Apache Virtual Host

To serve sysPass cleanly, it’s best to create a dedicated Apache virtual host file.

1. Create a new configuration file.

   sudo nano /etc/apache2/sites-available/syspass.conf
   

2. Paste the following configuration into the file. If you have a domain name, replace your-domain.com with it. Otherwise, you can use your server’s IP address.

   <VirtualHost *:80>
       ServerAdmin [email protected]
       ServerName your-domain.com
       DocumentRoot /var/www/html/syspass/
   &lt;Directory /var/www/html/syspass/&gt;
       Options FollowSymLinks
       AllowOverride All
       Require all granted
   &lt;/Directory&gt;
   
   ErrorLog ${APACHE_LOG_DIR}/syspass_error.log
   CustomLog ${APACHE_LOG_DIR}/syspass_access.log combined
   </VirtualHost>
   
   

3. Enable the new site configuration and the Apache rewrite module.

   sudo a2ensite syspass.conf
   sudo a2enmod rewrite
   

4. Finally, restart Apache for all changes to take effect.

   sudo systemctl restart apache2
   

Step 6: Finalize Installation via the Web Interface

With the backend configured, you can now complete the setup through your web browser.

1. Open your web browser and navigate to your server’s IP address or domain name (e.g., http://your-domain.com).

2. You will be greeted by the sysPass installation wizard. Click “Start Installation.”

3. Database Configuration: Enter the database details you created in Step 3:

   • Database: syspass_db
   • User: syspass_user
   • Password: The password you set ('YourStrongPassword')

4. Admin Account Setup: Create your administrator account by providing a username and a strong password.

5. Master Password: You will be prompted to create a Master Password. This password is used to encrypt all data within sysPass. This is the most important password—if you lose it, your data cannot be recovered. Store it in an extremely safe and secure location.

6. Installation Complete: Once you complete the steps, sysPass will finalize the installation. You will be provided with an encryption key for disaster recovery. Save this key somewhere secure and offline, separate from the master password.

You can now log in with your admin credentials and start using your secure, self-hosted password manager.

Essential Post-Installation Security Tips

• Enable HTTPS: The single most important security step is to encrypt traffic between users and your server. Use Let’s Encrypt with Certbot to easily install a free SSL certificate. An unencrypted password manager is a major security risk.
• Regular Backups: Implement a regular backup schedule for both the sysPass database and the configuration files located in /var/www/html/syspass/app/config.
• Strong Passwords: Enforce strong password policies for all users within sysPass. The security of your entire vault depends on the strength of user passwords and the master password.
• Keep Everything Updated: Regularly check for and apply updates for sysPass, Ubuntu, Apache, and PHP to protect against known vulnerabilities.

Source: https://kifarunix.com/install-syspass-password-manager-on-ubuntu/