CentOS 7.x Installation

Prerequisites

Installation

CentOS 7 package installation (https://www.softwarecollections.org/en/scls/rhscl/rh-php70/).

$ sudo yum -y install centos-release-scl.noarch
$ sudo yum -y install rh-php71 rh-php71-php rh-php71-php-fpm httpd rh-mariadb102 wget
$ sudo yum -y install rh-php71-php-gd rh-php71-php-intl rh-php71-php-json rh-php71-php-ldap rh-php71-php-mbstring rh-php71-php-mysqlnd rh-php71-php-opcache rh-php71-php-pdo rh-php71-php-xml rh-php71-php-zip

Automated start/stop Apache web server and MariaDB server.

$ sudo systemctl enable httpd.service
$ sudo systemctl enable mariadb.service
$ sudo systemctl start httpd.service
$ sudo systemctl start mariadb.service

Setting up MariaDB.

$ sudo /usr/bin/mysql_secure_installation

Enabling firewall ports.

$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --permanent --zone=public --add-service=https
$ sudo firewall-cmd --reload

Optional for enabling SSL.

In order to increase your sysPass instance security, please consider to use SSL. See Security and the following resources for Debian:

Directories and permissions

Create a directory for sysPass within the web server root.

$ sudo mkdir /var/www/html/syspass

If you go with the packaged version, download and unpack sysPass files.

$ cd /var/www/html/syspass
$ sudo tar xzf syspass.tar.gz

If you go with Git cloned version, clone sysPass GitHub repository.

$ sudo git clone https://github.com/nuxsmin/sysPass.git  /var/www/html/syspass

Setup directories permissions. The owner should match the web server running user.

$ sudo chown apache -R /var/www/html/syspass
$ sudo chmod 750 /var/www/html/syspass/app/config /var/www/html/syspass/app/backup

SELinux

sysPass needs to be allowed to write its configuration and some other files (backup, cache, temp, etc). We have 2 choices:

Note

Please, run only one of the choices

  • Change SELinux’s context and user:
$ sudo setsebool -P httpd_can_connect_ldap 1
$ sudo chcon -R -t httpd_sys_rw_content_t /var/www/html/syspass/app/{config,backup,cache,tmp}
  • Disable SELinux by editing the file “/etc/sysconfig/selinux” and setting “SELINUX” variable’s value to “permissive”. You need to restart the system.

Installing dependencies

PHP Composer is needed to keep up-to-date dependencies and an easy way to apply security or functional patches to them.

You can either download the dependencies using Composer itself or by getting the latest “vendor.tar.gz” package from the release page.

Note

If you don’t have any Internet access from the server, the vendor package will provide all the release dependencies and you don’t need to deal with composer commands.

Using PHP Composer

From sysPass root directory, download and install Composer (https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md)

Create a bash script called “install_composer.sh” and paste this code in it:

#!/bin/sh
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"

if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
    >&2 echo 'ERROR: Invalid installer signature'
    rm composer-setup.php
    exit 1
fi

php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT
$ chmod +x install_composer.sh
$ ./install_composer.sh

Then install sysPass dependencies

$ php composer.phar install --no-dev

Environment configuration

Please, point your web browser to the following URL and follow the installer steps

https://IP_OR_SERVER_ADDRESS/syspass/index.php

Note

More information about how sysPass works on Application

Warning

It’s very advisable to take a look to security advices on Security