search

nuxsmin / sysPass

Systems Password Manager
https://syspass.org
GNU General Public License v3.0
976 stars 208 forks source link

Easiest installation #1028

Closed KopNudler closed 6 years ago

KopNudler commented 6 years ago

Hi,

I've worked in IT for 8 years, mostly Microsoft, but I've dapped in linux. And I can for the life of me not get this working. I've tried installing this about 7 times on docker, Debian, and CentOS. I cannot not get anything to appear on https://IP_OR_SERVER_NAME/syspass/index.php. I can see that apache runs on https://IP_OR_SERVER_NAME/. I've just tried installing using this guide https://pastebin.com/wrzyqyY0, and it still doesnt work. I install using root, is this my mistake?

Thanks.

nuxsmin commented 6 years ago

Hi, if you're using docker, why not to install following the instructions on releases page (GitHub)?.

There's also a docker-syspass repository which contains some info about how to run sysPass using docker. Please be aware of the branch selected.

Regards

KopNudler commented 6 years ago

Hi,

I tried docker on Debian (having never used it before) and it seemed more complex learning docker to install sysPass, than just installing on Linux dist.

KopNudler commented 6 years ago

Is docker the easiest way to go? I have yet to try it on Windows, because I'd love not save the license key.

nuxsmin commented 6 years ago

@KopNudler sure, just install docker and submit the docker-compose file. It will setup sysPass environment (web server and database) automatically, though you need to perform the installation step.

KopNudler commented 6 years ago

@nuxsmin Thanks you so much for your help. I installed docker, and docker-composer. I have installed sysPass and I can see both containers are running, but I cannot get to the webinterface. I've tried the hostname, the host IP, and 0.0.0.0. They all return a "Not found. The requested URL /syspass/index.php was not found on this server." from the apache server. I am running Debian 8, and got the stable sysPass.

KopNudler commented 6 years ago

Never mind.. I just realised I didnt need the /syspass/index.php.

EDIT:

I tried with the default password for the database and I get this

billede

EDIT 2:

Included parameters

billede

nuxsmin commented 6 years ago

Hello!

It seems that you need to set the db host to syspass-db (as the database container name).

KopNudler commented 6 years ago

Hi!

Great! I got it up and running now! Thanks you for the support here.

nuxsmin commented 6 years ago

Hi!, That sounds good!

Did you deploy using composer file?. If so it would have exposed the 80 and 443 ports on your host so you only need to configure the firewall NAT.

Please, this is very important: if you're using docker for the first time (surely yes) you need to be aware of containers' storage since the container lifecycle is often a short time one, so if you deployed using composer several volumes should have been created for config, backup and database. These volumes are not accessible through a normal way, so the best way is to play with sysPass and docker and then, when you're familiar with docker concepts, go on production.

sysPass backup would help you...

Regards

KopNudler commented 6 years ago

I did deploy using the composer file.

Thank you for the heads up on storage, I'll look into it. I feel I got a pretty good hang of sysPass. It's very intuitive, and easy to use. 👍

KopNudler commented 6 years ago

Okay, I fucked it all up somehow. The app container keeps restarting now after i rebooted the host. Should I close the containers before a reboot?

You wrote that volumes have been created using the composer file. Does that mean I dont need to worry about commiting the image before a restart?

tbalbers commented 6 years ago

@KopNudler may I suggest you install a real server OS and test on that? Although docker is nice, it can bring complexity to the setup. I suggest you do the following: Install CentOS 7.5 or similar(Scientific Linux, RHEL, Springdale, Oracle Linux) and these repos:

remi-php56 epel

Then install the following packages(version number might be higher today, just go for the names):

apr-1.4.8-3.el7.x86_64

apr-util-1.5.2-6.el7.x86_64

httpd-tools-2.4.6-45.el7.centos.4.x86_64

mailcap-2.1.41-2.el7.noarch

httpd-2.4.6-45.el7.centos.4.x86_64

mariadb-5.5.52-1.el7.x86_64

perl-Compress-Raw-Zlib-2.061-4.el7.x86_64

perl-Net-Daemon-0.48-5.el7.noarch

perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64

perl-IO-Compress-2.061-2.el7.noarch

perl-PlRPC-0.2020-14.el7.noarch

perl-DBI-1.627-4.el7.x86_64

perl-DBD-MySQL-4.023-5.el7.x86_64

mariadb-server-5.5.52-1.el7.x86_64

libzip-0.10.1-8.el7.x86_64

php-common-5.4.16-42.el7.x86_64

php-cli-5.4.16-42.el7.x86_64

php-pdo-5.4.16-42.el7.x86_64

libXpm-3.5.11-3.el7.x86_64

libxslt-1.1.28-5.el7.x86_64

t1lib-5.1.2-14.el7.x86_64

php-gd-5.4.16-42.el7.x86_64

php-xml-5.4.16-42.el7.x86_64

php-mysqlnd-5.4.16-42.el7.x86_64

php-5.4.16-42.el7.x86_64

php-fpm-5.4.16-42.el7.x86_64

php-mbstring-5.4.16-42.el7.x86_64

epel-release-7-9.noarch

libmcrypt-2.5.8-13.el7.x86_64

php-mcrypt-5.4.16-7.el7.x86_64

mod_ssl-2.4.6-45.el7.centos.4.x86_64

unzip-6.0-16.el7.x86_64

php-bcmath-5.4.16-42.el7.x86_64

remi-release-7.3-2.el7.remi.noarch

libzip5-1.2.0-1.el7.remi.x86_64

scl-utils-20130529-17.el7_1.x86_64

tcl-8.5.13-8.el7.x86_64

environment-modules-3.2.10-10.el7.x86_64

php56-runtime-2.1-5.el7.remi.x86_64

php56-php-pecl-jsonc-1.3.10-1.el7.remi.x86_64

php56-php-common-5.6.30-1.el7.remi.x86_64

php56-php-pecl-zip-1.14.0-1.el7.remi.x86_64

php56-php-cli-5.6.30-1.el7.remi.x86_64

php56-php-pdo-5.6.30-1.el7.remi.x86_64

libtool-ltdl-2.4.2-22.el7_3.x86_64

libwebp-0.3.0-3.el7.x86_64

gd-last-2.2.4-1.el7.remi.x86_64

php56-php-gd-5.6.30-1.el7.remi.x86_64

php56-php-mcrypt-5.6.30-1.el7.remi.x86_64

php56-php-mysqlnd-5.6.30-1.el7.remi.x86_64

php56-php-5.6.30-1.el7.remi.x86_64

php56-php-xml-5.6.30-1.el7.remi.x86_64

php56-php-mbstring-5.6.30-1.el7.remi.x86_64

php56-php-fpm-5.6.30-1.el7.remi.x86_64

php56-php-bcmath-5.6.30-1.el7.remi.x86_64

php56-php-ldap-5.6.30-1.el7.remi.x86_64

Then follow the sysPass installation doc.

Disable firewalld or open the necessary ports(recommended, and if your default zone is 'public', check with firewall-cmd --get-active-zones):

firewall-cmd --permanent --add-service=https --add-service=http --zone=public
firewall-cmd --reload

Make sure apache owns the files(we have installed syspass in /var/www/syspass): chown -R apache:apache /var/www/syspass Then setup SELinux, here we have installed sysPass in /var/www/syspass. Change paths in the commands accordingly if needed:

chcon -R -t httpd_sys_rw_content_t /var/www/syspass/config/
chcon -R -t httpd_sys_rw_content_t /var/www/syspass/backup/
mkdir /var/www/syspass/tmp && chcon -R -t httpd_sys_rw_content_t /var/www/syspass/tmp
setsebool -P httpd_can_network_connect_db on
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/syspass/config(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/syspass/backup(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/syspass/tmp(/.*)?"

Next set up an apache virtualhost to run syspass, change hostname and domain accordingly i.e.:

cat /etc/httpd/conf.d/syspass.conf
<VirtualHost hostname.domain.dk:88>
ServerAdmin helpdesk@domain.dk
DocumentRoot /var/www/syspass
ServerName hostname.domain.dk
ServerAlias hostname

ErrorLog logs/hostname.domain.dk-https-error_log
CustomLog logs/hostname.domain.dk-https-access_log combinedssl

#Include conf.d/ssl.include
#Include conf.d/ssl.include.star

<Directory ~ "/var/www/syspass/(config|backup)">
  Require all denied
</Directory>

</VirtualHost>

Now you should be able to test. Connect your browser to the host on port 88. Notice that we're not running HTTPS -you should consider setting that up if you're doing anything except testing with irrelevant data.

/tony

nuxsmin commented 6 years ago

I agree with @tbalbers though Docker is the best way for testing, when you come up to production, you should know how Docker works.

KopNudler commented 6 years ago

@tbalbers Thanks for your input. I will try it your way. Is there a reason for using port 88 instead of 80?

KopNudler commented 6 years ago

Okay, new status. I've installed all as you said, but I just get a text file when I browse the IP.

billede

nuxsmin commented 6 years ago

It seems that PHP module is not enabled.

KopNudler commented 6 years ago

@nuxsmin Right, and is that as a service? Or do I need to add some lines in a configuration file somewhere?

nuxsmin commented 6 years ago

It should be enabled in web server configuration. Apache does enable it by issuing the command a2enmod php

KopNudler commented 6 years ago

Okay, so I sorta php working. It apparantly installed 5.4 at first. So I tried upgrading to 5.6, but now I get a blank page when I try and go to HTTP://IPADDRESS/syspass/index.php The apache test site still works fine.

nuxsmin commented 6 years ago

It could be a missing PHP module. Please take a look to Apache's error log to check out for any error messages.

KopNudler commented 6 years ago

I got it working with a little help from a webprogrammer buddy. But now I cant seem to connect to the database.

Error while checking the database Please, try the installation again

Then I check, but no database have been created. And when I try the installation again it comes with and "Internal server error" where it actually does create the database. And then if I try a third time it says the database is already created, and to either create a new or delete the exixting. And then I'm back to square one.

nuxsmin commented 6 years ago

Then I check, but no database have been created.

sysPass will rollback any actions done whenever an error is thrown. Please, could you check out for any error messages in syspass.log file (within sysPass' config directory)?

You could try to enable hosting mode (see https://doc.syspass.org/en/installing/hostingmode.html)

KopNudler commented 6 years ago

Here is the log when I try normally.

Hosting mode didnt work.

Value : 211618061901 2018-09-05 08:19:58 - SQLSTATE[HY000] [1045] Access denied for user 'sp_admin'@'localhost' (using password: YES) 2018-09-05 08:19:58 - 0 2018-09-05 08:19:58 - Rollback 2018-09-06 10:12:51 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-06 10:12:52 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901 2018-09-06 10:13:44 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-06 10:13:45 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901 2018-09-06 10:13:56 - Exception: No es posible conectar con la BD - Compruebe los datos de conexión 2018-09-06 10:13:56 - #0 SP\Storage\DB->prepareQueryData() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:150]

1 SP\Storage\DB->doQuery() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:105]

2 SP\Storage\DB::getResults() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:81]

3 SP\Storage\DB::getResultsArray() called at [/var/www/html/syspass/inc/SP/Mgmt/Plugins/Plugin.class.php:287]

4 SP\Mgmt\Plugins\Plugin->getEnabled() called at [/var/www/html/syspass/inc/SP/Core/Plugin/PluginUtil.class.php:185]

5 SP\Core\Plugin\PluginUtil::getEnabledPlugins() called at [/var/www/html/syspass/ajax/ajax_getEnvironment.php:54]

2018-09-06 10:13:56 - Error while querying No es posible conectar con la BD (0) Caller 1: SP\Storage\DB\logDBException Caller 2: SP\Storage\DB\getResults Caller 3: SP\Storage\DB\getResultsArray Caller 4: SP\Mgmt\Plugins\Plugin\getEnabled Caller 5: SP\Core\Plugin\PluginUtil\getEnabledPlugins 2018-09-06 10:13:56 - SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1 2018-09-06 10:13:56 - Action: getResultsArray -- Description: Error while querying No es posible conectar con la BD (0) -- Details: SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1 2018-09-06 10:14:49 - SQLSTATE[HY000] [1045] Access denied for user 'sp_admin'@'localhost' (using password: YES) 2018-09-06 10:14:49 - 0 2018-09-06 10:14:49 - Rollback 2018-09-06 10:15:09 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-06 10:15:10 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901 2018-09-06 10:15:14 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-06 10:15:15 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901

nuxsmin commented 6 years ago

It seems that there is a database connection issue Access denied for user 'sp_admin'@'localhost' (using password: YES). This user is automatically created by sysPass.

KopNudler commented 6 years ago

Is the user created on CentOS or in the database? Or is it created during the webinterface install?

nuxsmin commented 6 years ago

It's created during sysPass web UI installation process

KopNudler commented 6 years ago

Okay, any ideas on how to solve this? It can see the databases and create them.

nuxsmin commented 6 years ago

The only option is using hosting mode, in which sysPass won't create the database user. You only need to create an user, sysPass database (only database) and grant permission over this database to the created user.

vmario89 commented 6 years ago

Hi. some side info: i made up some upgrading/backup bash script to easily update syspass directly from a given github commit-id. I wrote this because i don't use docker yet and it sucks downloading tar.gz files, untar them, move files, etc. .... smae procedure every time for a new version.

You may have a look at https://gist.github.com/vmario89/a9d6a81a4d08e5c5579cdb6abaf7ef77

regards, Mario

KopNudler commented 6 years ago

@nuxsmin I tried do hosting mode, but I get an Internal Server Error. Here is the syspass.log

Caller 2: SP\Storage\DB\getResults Caller 3: SP\Storage\DB\getResultsArray Caller 4: SP\Mgmt\Plugins\Plugin\getEnabled Caller 5: SP\Core\Plugin\PluginUtil\getEnabledPlugins 2018-09-07 10:32:22 - SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1 2018-09-07 10:32:22 - Action: getResultsArray -- Description: Error while querying No es posible conectar con la BD (0) -- Details: SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1 2018-09-07 10:32:51 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-07 10:32:52 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901 2018-09-07 10:34:56 - Action: Configuration -- Description: Update Configuration -- Details: 2018-09-07 10:34:57 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version Value : 211618061901

nuxsmin commented 6 years ago

@KopNudler the getEnabledPlugins error does not affect to the installation, since it's an error thrown because sysPass is not installed yet. The last two messages (informational) are logged within 2 minutes, and these are related to sysPass installation itself. Is there any error in Apache's error log?

KopNudler commented 6 years ago

@nuxsmin Sorry for the slow reply, long weekend.

I got this in the apache log [Tue Sep 11 09:10:19.112434 2018] [:error] [pid 4846] [client 10.0.13.110:20804] PHP Fatal error: Class 'DOMDocument' not found in /var/www/html/syspass/inc/SP/Storage/XmlHandler.class.php on line 105, referer: http://10.0.10.58/syspass/index.php

I installed php-xml and now the installation completed! Once more, I'd like to thank you for the help and support. You are very patient 👍

nuxsmin commented 6 years ago

@KopNudler no worries... glad to know it worked fine.

Regards