Debian 11
Passwork is not demanding on the resources of the server(s). The amount of resources (RAM, CPU, HDD) and the number of servers depends on the number of active users, the amount of stored data, and the requirements for system fault tolerance.
💡 If the server has 2-4 GB RAM, it is recommended to enable a SWAP file to build all libraries correctly.
Change server hostname to "passwork"
Automatic local network configuration and discovery.
Change AVAHI_DAEMON_DETECT_LOCAL from 1 to 0.
Set:
Restart avahi-daemon:
Download and add a MongoDB GPG key
Create a file — /etc/apt/sources.list.d/mongodb-org-6.0.list
Reload local package database
Install the latest stable version of MongoDB
Start MongoDB Service.
Enable mongod service start on the system boot.
💡 PHP version 8.2 must be installed. Newer versions are not yet supported.
Get the gpg key:
Add the new repository to sources:
Install PHP and additional extensions.
Check PHP version
If the current PHP version is different from PHP 8.2, select the necessary version using the following commands.
Restart the Apache2 web server
Clone the repository using your login and password.
💡 The system will ask for a login and password to the repository, which you can find in your Customer Portal. If you don't have access to the Customer Portal, contact us.
Set up permissions for the files.
Configure your Apache2
Open Apache’s configuration file.
Make it look like this:
Enable rewrite module and restart Apache.
Open http://passwork.local or http:// to access the website.
When you open Passwork for the first time, you will see an installation wizard that will check if the server is configured correctly and allow you to enter the basic parameters.
💡 Leave all fields at their default values if you are installing a new copy of Passwork
💡 Please note, the randomly generated key of the setup page is used to encrypt the database.
Sign up an administrator
Enter the username and password for the first user. The user will automatically become the administrator and owner of the organization.
First, enable the Apache SSL module.
Activate the default Apache website.
Restart Apache to put these changes into effect.
Create a new directory where we can store the private key and certificate.
Generate a new certificate and a private key to protect it.
Invoking this command will result in a series of prompts.
- Common Name(CN): Specify your server's IP address or hostname. This field is important because your certificate must match the domain (or IP address) for your website.
- subjectAltName(SAN): Alternative domain names or IP address.
Set the file permissions to protect your private key and certificate.
Your certificate and the private key that protects it are now ready for Apache to use.
When working over an SSL (HTTPS) connection, the Chrome browser requires the Secure and SameSite flags for cookies. Without these flags, the browser won't accept cookies and you won't be able to authorize in Passwork in Chrome.
To set these flags, enable the session.cookie_secure parameter in /etc/php/8.2/apache2/php.ini manual or command:
And set the disableSameSiteCookie parameter (section [application]) in /var/www/app/config/config.ini to Off manual or command:
💡 Please note that the `config.ini` file is generated after going through the initial setup on the installation page.
💡 Do not set these parameters or reset them if you change your mind about using SSL and work via the HTTP protocol.
Activate the Apache SSL module.
Activate the default SSL configuration.
Restart Apache for the changes to take effect.
Open the SSL configuration file in a text editor.
Locate the section that begins with <VirtualHost _default_:443> and make the following changes.
- Add a line with your server name directy below the ServerAdmin email line. This can be your domain name or IP address:
- Add “Directory” directive next to the “ServerName”.
- Find the following two lines, and update the paths to match the locations of the certificate and key we generated earlier. If you purchased a certificate or generated your certificate elsewhere, make sure the paths here match the actual locations of your certificate and key:
Once these changes have been made, check that your virtual host configuration file matches the following.
Restart Apache to apply the changes.
Check SSL connection by going to https://passwork.local.
Background tasks are jobs that run on the scheduler in the background. For example, LDAP synchronization, loading favicons, and other tasks that require a lot of time, constant execution, or resource allocation.
Before performing actions to modify and configure security settings, we strongly recommend making sure that Passwork is stable and working correctly, as well as backing up the files to which changes are being made.
Server security is an important part of ensuring the protection of valuable company data and resources. It is a process that requires planning and execution to ensure maximum protection against various threats.