Alma/Rocky/CentOS
Installing Passwork on following OS:
- CentOS 8 Stream, Alma Linux 8, Rocky Linux 8.
- CentOS 9 Stream, Alma Linux 9, Rocky Linux 9.
On this page you can switch between blocks of code to view the commands applicable to your version of the OS
Passwork is not resource-heavy. How much disk space, RAM and CPU power you will need depends on the number of active users, the amount of stored data, and your requirements for fault-tolerance.
See the full system requirements
If your server has 2-4 GB of RAM, we recommend enabling the SWAP file for libraries to compile properly.
First, gain root access and update the local packages:
Then, install the Git version control package, Apache2 web-server and curl data transfer tool:
Run httpd.service:
And enable autostart:
Install the dynamically managed firewall Firewalld:
Run firewalld.service:
Enable autostart:
Allow HTTP services in firewalld:
Allow HTTPS services in firewalld:
And apply the changes to firewalld:
Edit the /etc/selinux/config configuration file:
Change theSELINUX parameter from enforcing to disabled:
Save the changes (Ctrl+O) and exit the terminal (Ctrl+X). Then, restart your system to apply the changes to SELinux:
Install the EPEL package and YUM package management tool:
Download and install the latest EPEL repository:
Download and install the repository for access to PHP versions:
Enable the PHP 8.2 modile from REMI repository:
Install PHP and its extensions:
Install a PHP MongoDB driver:
Create configuration files for PHP MongoDB startup and activation:
Install the PHP Phalcon extension:
Create a file to add MongoDB into YUM package manager
Add the following lines into the file:
Install MongoDB:
Run mongod.service:
And enable autostart:
Go to /var/www/:
Add a global Git configuration pointing to the safe directory:
Initialize a Git repository at /var/www/:
Add the remote Passwork repository:
Get the remote repository for your local sever:
The system will ask for your credentials, which are listed on your customer portal page. If you can't access the customer portal, let us know.
Switch to the v6 branch with the latest Passwork version:
Give apache owner privileges for the files and directories:
Open the virtual host configuration file for HTTP:
Edit the file so it looks as follows:
Restart the web server (httpd.service):
You can open http://passwork.local or http://127.0.0.1 to test your Passwork connection
When you connect to Passwork for the first time, you will need to go over the checklist that includes:
- Automatic parameter checking
- Checking connection to MongoDB database
- Generating an encryption key for MongoDB
- License verification
After finishing the checklist, you will be offered to create the first Passwork user and set their login, password and email address for notifications.
Note. This user is always local and "Owner" of Passwork by default, in case of assigning — "Owner" LDAP/SSO user, it will automatically become local and you will not be able to authorise in Passwork
Install a SSL module for Apache2:
Create a new directory to store the private key and the certificate in:
Use OpenSSL to generate a self-signed X.509 certificate for Apache2:
- Common Name (CN) — Specify the IP of your server or host. This field is important, as the certificate should match the domain or IP of your website;
- subjectAltName (SAN) — Альтернативное имя домена или IP-адрес.
Generate Diffie-Hellman parameters with the key length of 2048:
Add Diffie-Hellman parameters to the self-signed certificate:
Give root access to the user to secure the private key and the certificate:
Open the virtual host configuration file for HTTPS connection:
Find the section that starts with <VirtualHost _default_:443> and edit it as follows:
- Uncomment the DocumentRoot line and change the path to Passwork's root folder /var/www/public
- Uncomment the ServerName line and change www.example.com to the IP or the domain of the server (it should match the Common Name of the certificate):
- Add the <Directory> directive after ServerName:
- Comment the SSLProtocol and SSLCipherSuite lines:
- Update the paths to certificate files, which were generated earlier:
- After editing the file, check if the virtual host configuration file matches the example:
Restart the web server (httpd.service):
Check the HTTPS connection to Passwork using https://passwork.local
When using a secure SSL connection (HTTPS), client browsers require certain flags to process Passwork data. These flags are called session.cookie_secure and disableSameSiteCookie. If these flags are not set, browsers will not be able to establish connections and the connection will be rejected, which can lead to authorisation errors — "The session of this browser tab is out of date".
Enable the ;session.cookie_secure parameter in /etc/php.ini:
Set the disableSameSiteCookie parameter in /var/www/app/config/config.ini to Off:
Do not set these parameters or reset them to their original value if you change your mind about using SSL and work over the HTTP protocol.
Background tasks are tasks that are executed by the scheduler in the background. For example, LDAP synchronisation, loading favicons, and other tasks that are time-consuming, persistent, or resource-allocating.
See a guide on setting up background tasks.
Before performing actions to modify and configure security settings, we strongly recommend that you make sure that Passwork is stable and working correctly, and that you back up the files to which you are making changes.
Server security is an important part of ensuring the protection of valuable company data and resources. It is a process that requires planning and execution to ensure maximum protection against various threats.
Look through the overview of Passwork security settings.
