PasswordLab Installation Guide for Ubuntu Server LTS

Overview

This comprehensive guide will walk you through the installation process of PasswordLab on Ubuntu Server LTS. PasswordLab is an on-premises password manager that provides enterprise-grade security for managing passwords and sensitive data.

Prerequisites

Before beginning the installation, ensure you have the following requirements fulfilled:

System Requirements

• Operating System: Ubuntu Server 24.04 LTS
• Server Access: Root user access or sudo privileges
• Network: Internet connectivity for downloading packages and software
• Hardware: Minimum 2GB RAM, 10GB available disk space

Required Information

1. Valid PasswordLab License: Ensure you have a valid license key
2. SMTP Configuration: Email server details for sending notifications and 2FA codes
   • SMTP server address
   • SMTP port (typically 587 or 465)
   • Email address and password for the SMTP account
3. Administrator Email: Email address for the system administrator account

Installation Process

Step 1: Server Preparation

1. Connect to your Ubuntu server using SSH with root privileges:

               
   ssh root@your-server-ip
               
           

2. Verify your Ubuntu version (the script will validate this automatically):

               
   lsb_release -a
               
           

Step 2: Run the Installation Script

Execute the automated installation script using curl and bash:

            
curl -s https://download.passwordlab.io/install-ubuntu.sh | bash
            
        

What the script does:

• Validates the operating system (Ubuntu only)
• Sets timezone to UTC
• Updates all system packages
• Installs and configures UFW firewall
• Installs MariaDB database server
• Secures the database installation
• Creates a dedicated database and user for PasswordLab
• Downloads and verifies the PasswordLab binary
• Sets up systemd service for automatic startup
• Configures necessary network ports (22, 80, 443, 3000)

Step 3: Note Database Credentials

IMPORTANT: After the installation completes, you'll see database credentials on the screen. Write down these details immediately as they'll be required for the initial configuration:

            
Database Location: localhost
Database Port: 3306
Database Username: [randomly generated]
Database Password: [randomly generated]
Database Name: [randomly generated]
Database Root Password: [randomly generated]
            
        

The script also saves these credentials to /root/database.txt for your reference.

Step 4: Access PasswordLab Web Interface

1. Open your web browser and navigate to:

               
   http://your-server-ip:3000
               
           

2. Initial Setup Wizard will guide you through the configuration process.

Initial Configuration

Step 1: Accept Terms and Conditions

• Review and accept the PasswordLab terms and conditions to proceed.

Step 2: License Activation

• Enter your valid PasswordLab license key in the provided field.
• Click "Activate License" to validate and proceed.

Step 3: Database Configuration

Enter the database details that were displayed after the installation:

• Database Host: localhost
• Database Port: 3306
• Database Name: [from installation output]
• Database Username: [from installation output]
• Database Password: [from installation output]

Step 4: SMTP Configuration

Configure email settings for notifications and 2FA:

• SMTP Server: Your email server address
• SMTP Port: Usually 587 (TLS) or 465 (SSL)
• Email Address: The email account for sending notifications
• Email Password: Password for the SMTP account
• Encryption: Select TLS or SSL based on your email provider

Step 5: Administrator Account Creation

Create the main administrator account:

• Full Name: Administrator's full name
• Email Address: Administrator's email (for receiving OTP)
• Password: Strong password for the admin account
• Confirm Password: Re-enter the password

Step 6: Email Verification

• Check your email for the OTP (One-Time Password)
• Enter the received OTP in the verification field
• Click "Verify" to proceed

Step 7: Master Vault Configuration

This is the most critical step for security:

1. Master Key Distribution: Enter email addresses for 5 trusted individuals who will receive master keys

   • Recommendation: Use 5 different email addresses for maximum security
   • For testing: You can use the same email address for all 5 keys

2. Master Key Generation: The system will:

   • Generate 5 unique master keys
   • Send each key to the specified email addresses
   • Create the encrypted master vault

Step 8: System Initialization

• The system will automatically:
  • Create the database schema
  • Initialize the vault structure
  • Set up the administrator account
  • Configure security settings

Step 9: Service Restart

After configuration completion, restart the PasswordLab service:

            
systemctl restart passwordlab
            
        

Post-Installation

Verify Installation

1. Check service status:

               
   systemctl status passwordlab
               
           

2. Access the application:

   • Open http://your-server-ip:3000
   • Log in with your administrator credentials

Security Considerations

1. Firewall Configuration: The installation automatically configures UFW with these rules:

   • SSH (22) - Allow
   • HTTP (80) - Allow
   • HTTPS (443) - Allow
   • PasswordLab (3000) - Allow

2. SSL Certificate: Consider setting up SSL/TLS certificates for production use.

3. Backup Strategy: Implement regular backups of:

   • Database (/var/lib/mysql/)
   • Configuration files

System Management Commands

Manage the PasswordLab service using these commands:

            
# Start the service
systemctl start passwordlab

# Stop the service
systemctl stop passwordlab

# Restart the service
systemctl restart passwordlab

# Check service status
systemctl status passwordlab

# View service logs
journalctl -u passwordlab -f
            
        

Database Access

If you need to access the database directly:

            
# Access as root user
mysql -u root -p

# Access as PasswordLab user
mysql -u [db_username] -p [db_name]
            
        

The database credentials are stored in /root/database.txt.

Troubleshooting

Common Issues

1. Port 3000 not accessible:

   • Check firewall rules: ufw status
   • Verify service is running: systemctl status passwordlab

2. Database connection errors:

   • Verify MariaDB is running: systemctl status mariadb
   • Check database credentials in /root/database.txt

3. Service won't start:

   • Check logs: journalctl -u passwordlab -f
   • Verify binary permissions: ls -la /usr/local/bin/passwordlab

Log Files

• Service logs: journalctl -u passwordlab
• System logs: /var/log/syslog
• Database logs: /var/log/mysql/

Note: Keep your master keys and database credentials in a secure location. Loss of these credentials may result in permanent data loss.