
Secure Your Team’s Passwords: A Complete Guide to Installing TeamPass on Ubuntu
In today’s digital landscape, managing passwords across a team is a significant security challenge. Weak passwords, credential sharing, and disorganized spreadsheets create vulnerabilities that can be easily exploited. A self-hosted password manager provides a robust solution, giving you full control over your data while empowering your team with secure, collaborative access.
TeamPass is a powerful, open-source password manager designed specifically for teams. By hosting it on your own server, you eliminate reliance on third-party cloud services and ensure your most sensitive data remains in your control.
This comprehensive guide will walk you through the entire process of installing TeamPass on an Ubuntu 18.04 server. While the steps are detailed for this version, the process is very similar for newer Ubuntu releases like 20.04 and 22.04.
Prerequisites
Before you begin, ensure you have the following:
- An Ubuntu 18.04 server (or a newer version).
- A user with
sudo
or root privileges. - A domain name pointed to your server’s IP address (optional, but highly recommended for secure access).
Step 1: Update Your System
First, it’s crucial to update your server’s package list and upgrade existing software to the latest versions. This ensures system stability and security.
Open your terminal and run the following commands:
sudo apt update
sudo apt upgrade -y
Step 2: Install the LAMP Stack (Apache, MariaDB, PHP)
TeamPass is a web application that requires a web server, a database, and PHP to function. We will install Apache as our web server, MariaDB as our database server, and the necessary PHP components.
Install Apache, MariaDB, and PHP:
TeamPass has specific PHP extension requirements. The command below installs everything needed in one go.sudo apt install apache2 mariadb-server php7.2 libapache2-mod-php7.2 php7.2-mysql php7.2-mbstring php7.2-xml php7.2-gd php7.2-bcmath php7.2-gmp php7.2-curl php7.2-zip -y
Note: For Ubuntu 20.04, you would use
php7.4
. For Ubuntu 22.04, you would usephp8.1
. Adjust the version numbers in the command accordingly.Enable and Start Services:
Ensure Apache and MariaDB start automatically on boot.sudo systemctl start apache2 sudo systemctl enable apache2 sudo systemctl start mariadb sudo systemctl enable mariadb
Step 3: Secure Your MariaDB Installation
A fresh MariaDB installation is not secure by default. Running the included security script is a critical step to protect your database.
Execute the script and follow the prompts:
sudo mysql_secure_installation
You will be asked to:
- Set a root password (highly recommended).
- Remove anonymous users (answer
Y
). - Disallow root login remotely (answer
Y
). - Remove the test database (answer
Y
). - Reload privilege tables (answer
Y
).
Step 4: Create a Dedicated Database for TeamPass
For better security and management, TeamPass should have its own database and a dedicated user with limited permissions.
Log in to the MariaDB shell as the root user:
sudo mysql -u root -p
Enter the root password you set in the previous step.
Run the following SQL commands to create the database, user, and grant the necessary privileges. Replace
teampass_db
,teampass_user
, and'your-strong-password'
with your own secure values.CREATE DATABASE teampass_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE USER 'teampass_user'@'localhost' IDENTIFIED BY 'your-strong-password'; GRANT ALL PRIVILEGES ON teampass_db.* TO 'teampass_user'@'localhost'; FLUSH PRIVILEGES; EXIT;
Remember the database name, username, and password, as you will need them during the web-based installation.
Step 5: Download and Configure TeamPass
Now we will download the TeamPass source code and place it in the web server’s directory.
Navigate to the
/tmp
directory and download the latest version of TeamPass. You can find the latest release on the official TeamPass GitHub page.cd /tmp wget https://github.com/nilsteampassnet/TeamPass/archive/refs/tags/3.0.0.22.zip
Unzip the downloaded file:
unzip 3.0.0.22.zip
Move the extracted files to your web root directory. We’ll place it in
/var/www/html/teampass
.sudo mv TeamPass-3.0.0.22 /var/www/html/teampass
Set the correct file permissions. This is a crucial step to allow the web server to read, write, and execute the application files.
sudo chown -R www-data:www-data /var/www/html/teampass/ sudo chmod -R 775 /var/www/html/teampass/
Step 6: Create an Apache Virtual Host
Configuring a virtual host allows you to manage your TeamPass site cleanly and makes it easy to apply an SSL certificate later.
Create a new virtual host configuration file:
sudo nano /etc/apache2/sites-available/teampass.conf
Paste the following configuration into the file. Replace
your-domain.com
with your actual domain name. If you don’t have one, you can use your server’s IP address.<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/html/teampass ServerName your-domain.com
<Directory /var/www/html/teampass/> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/teampass_error.log CustomLog ${APACHE_LOG_DIR}/teampass_access.log combined
</VirtualHost>
Enable the new virtual host and the Apache rewrite module:
sudo a2ensite teampass.conf sudo a2enmod rewrite
Restart Apache for the changes to take effect:
sudo systemctl restart apache2
Step 7: Complete the Installation via Web Browser
With the server-side setup complete, you can now finalize the installation through your web browser.
- Navigate to
http://your-domain.com
orhttp://your-server-ip
. - You will be greeted by the TeamPass installation wizard. Click “Next” to begin.
- The installer will perform a server check. If all prerequisites from Step 2 were met, you should see all checks pass with a green light.
- Enter the database details you created in Step 4:
- Database server:
localhost
- Database name:
teampass_db
- Database user:
teampass_user
- User password:
your-strong-password
- Database server:
- Follow the subsequent steps to configure encryption keys, salt, and create your administrator account. Store your salt key in a secure location, as it is vital for data recovery.
- Once finished, the installation is complete.
Essential Post-Installation Security Steps
Your TeamPass instance is running, but a few final steps are critical for securing it.
Delete the Installation Folder: This is the most important post-install step to prevent unauthorized access.
sudo rm -rf /var/www/html/teampass/install
Enable HTTPS with Let’s Encrypt: A password manager should always be accessed over an encrypted connection. Using Certbot to install a free Let’s Encrypt SSL certificate is the easiest way to achieve this.
sudo apt install certbot python3-certbot-apache sudo certbot --apache -d your-domain.com
Follow the prompts, and Certbot will automatically configure HTTPS for you.
Configure Background Tasks (Cron Job): TeamPass requires a scheduled task to run in the background for maintenance and other functions.
Open the crontab for the
www-data
user:sudo -u www-data crontab -e
Add the following line to run the script every 15 minutes:
*/15 * * * * /usr/bin/php /var/www/html/teampass/sources/cron/cron.php
You now have a fully functional, secure, and self-hosted TeamPass instance. You can begin creating password entries, organizing them into folders, and inviting your team members to collaborate safely. By taking control of your password management, you’ve taken a significant step toward strengthening your organization’s overall security posture.
Source: https://kifarunix.com/install-teampass-password-manager-on-ubuntu-18-04/