Passbolt is a free and open source password manager designed for collaboration. With Passbolt you can securely generate, store, manage and monitor your team credentials. Get access to all of your logins and passwords from multiple browsers or even your mobile phone. In this step by step guide I will show you how to install Passbolt on your Synology NAS using Docker & Portainer. Note: You can use Bitwarden or Vaultwarden as alternatives to Passbolt.
STEP 1
Please Support My work by Making a Donation.
STEP 2
InstallĀ Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.
STEP 3
Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.
STEP 4
Go toĀ Control PanelĀ /Ā Login PortalĀ /Ā AdvancedĀ Tab / clickĀ Reverse Proxy. Follow the instructions in the image below.
STEP 5
Now click the āCreateā button. Follow the instructions in the image below.
STEP 6
After you click the Create button, the window below will open. Follow the instructions in the image below.
On the General area, set the Reverse Proxy Name description: type in Passbolt. After that, add the following instructions:
Source:
Protocol:Ā HTTPS
Hostname: passbolt.yourname.synology.me
Port:Ā 443
Check Enable HSTS
Destination:
Protocol:Ā HTTP
Hostname:Ā localhost
Port:Ā 9475
STEP 7
On the Reverse Proxy Rules click the Custom HeaderĀ tab. ClickĀ CreateĀ and then, from the drop-down menu, clickĀ WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. ClickĀ Save. Follow the instructions in the image below.
STEP 8
Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.
STEP 9
Go to Control Panel / Security / Advanced tab/ Check Enable HTTP CompressionĀ then click Apply. Follow the instructions in the image below.
STEP 10
Go toĀ File StationĀ and open the docker folder. Inside the docker folder, create one new folder and name itĀ passbolt. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 11
Now create three new folders inside the passbolt folder that you created at STEP 10Ā and name them db, gpg, jwt. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 12
Right click on the gpg folder that you have previously created at STEP 11 then click Properties. Follow the instructions in the image below.
STEP 13
Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.
STEP 14
Select Everyone then click the Edit tab. Follow the instructions in the image below.
STEP 15
Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.
STEP 16
After you click Done on STEP 15, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.
STEP 17
Right click on the jwt folder that you have previously created at STEP 11 then click Properties. Follow the instructions in the image below.
STEP 18
Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.
STEP 19
Select Everyone then click the Edit tab. Follow the instructions in the image below.
STEP 20
Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.
STEP 21
After you click Done on STEP 20, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.
STEP 22
Follow my step by step guide on how to activate SMTP for your Gmail account. This step is mandatory. Note: If you don’t want to use the easiest way for SMTP with Google and you already have SMTP details from your own Mail Server, you can just skip this STEP and use your personalized email SMTP details instead.
STEP 23
Log into Portainer using your username and password. On the left sidebar in Portainer, click on StacksĀ thenĀ + Add stack. Follow the instructions in the image below.
STEP 24
In the Name field type in passbolt. Follow the instructions in the image below.
version: "3.9" services: db: image: mariadb:11.3-jammy container_name: Passbolt-DB hostname: passbolt-db mem_limit: 512m mem_reservation: 128m cpu_shares: 768 security_opt: - no-new-privileges:true volumes: - /volume1/docker/passbolt/db:/var/lib/mysql:rw environment: TZ: Europe/Bucharest MYSQL_ROOT_PASSWORD: rootpass MYSQL_DATABASE: passbolt MYSQL_USER: passboltuser MYSQL_PASSWORD: passboltpass restart: on-failure:5 passbolt: image: passbolt/passbolt:latest-ce-non-root command: - /bin/bash - -c - /usr/bin/wait-for.sh -t 0 db:3306 -- /docker-entrypoint.sh container_name: Passbolt hostname: passbolt mem_limit: 1g cpu_shares: 512 security_opt: - no-new-privileges:true healthcheck: test: curl -f http://localhost:8080/ || exit 1 ports: - 9475:8080 volumes: - /volume1/docker/passbolt/gpg:/etc/passbolt/gpg:rw - /volume1/docker/passbolt/jwt:/etc/passbolt/jwt:rw environment: DEBUG: false APP_FULL_BASE_URL: https://passbolt.yourname.synology.me DATASOURCES_DEFAULT_HOST: passbolt-db DATASOURCES_DEFAULT_USERNAME: passboltuser DATASOURCES_DEFAULT_PASSWORD: passboltpass DATASOURCES_DEFAULT_DATABASE: passbolt PASSBOLT_REGISTRATION_PUBLIC: true EMAIL_DEFAULT_FROM: Your-own-gmail-address EMAIL_TRANSPORT_DEFAULT_HOST: smtp.gmail.com EMAIL_TRANSPORT_DEFAULT_PORT: 587 EMAIL_TRANSPORT_DEFAULT_USERNAME: Your-own-gmail-address EMAIL_TRANSPORT_DEFAULT_PASSWORD: Your-own-app-password EMAIL_TRANSPORT_DEFAULT_TLS: true restart: on-failure:5 depends_on: db: condition: service_started
Note: Before you paste the code above in the Web editor area below, change the value for TZ.Ā (Select your current Time Zone from this list.)
Note: Before you paste the code above in the Web editor area below, change the value for APP_FULL_BASE_URLĀ and type in your own synology.me DDNS withĀ https:// at the beginning that you have previously created at STEP 6.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_DEFAULT_FROMĀ and type in your own Gmail address. Refer to STEP 22.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_TRANSPORT_DEFAULT_USERNAMEĀ and type in your own Gmail address. Refer to STEP 22.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_TRANSPORT_DEFAULT_PASSWORDĀ and type in your own Gmail app password. Refer to STEP 22.
STEP 25
Scroll down on the page until you see a button namedĀ Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.
STEP 26
If everything goes right, you will see the following message at the top right of your screen: āSuccess Stack successfully deployedā.
STEP 27
On the left sidebar in Portainer, click Containers. Identify your Passbolt instance, then click on the little terminal icon. Follow the instructions in the image below.
STEP 28
After you click on the little terminal icon at STEP 27, a new page will open. Click Connect. Follow the instructions in the image below.
STEP 29
After you click Connect at STEP 28, a Console will open. Copy Paste the code below and follow the instructions in the image.
./bin/cake passbolt register_user -u yourownemail -f Marius -l Lixandru -r admin
Note: Before you paste the code above in the Console area below, change yourownemail text with your Email.
Note: Before you paste the code above in the Console area below, change Marius text with your own Name.
Note: Before you paste the code above in the Console area below, change Lixandru text with your own Surname.
STEP 30
Once the code is inserted, confirm by pressing Enter on your keyboard to start the process of admin user creation. After some seconds, you will get a link. Copy your generated link.
STEP 31
š¢Please Support My work by Making a Donation. Almost 99,9% of the people that install something using my guidesĀ forget to support my work, or justĀ ignoreĀ STEP 1. Iāve been very honest about this aspect of my work since the beginning: I donāt run any ADS, I donāt require subscriptions, paid or otherwise, I donāt collect IPs, emails, and I donāt have any referral links from Amazon or other merchants. I also donāt have any POP-UPs or COOKIES. I have repeatedly been told over the years how much I have contributed to the community. Itās something I love doing and have been honest about my passion since the beginning. But I also Need The Community to Support me Back to be able to continue doing this work.
STEP 32
Click Download extension to download the Passbolt extension for your browser. Follow the instructions in the image below.
STEP 33
Click Add to Chrome. Follow the instructions in the image below.
STEP 34
Click Add extension. Follow the instructions in the image below.
STEP 35
After the Passbolt extension is installed on your browser, click Next. Follow the instructions in the image below.
STEP 36
Type in your own Password then click Next. Follow the instructions in the image below.
STEP 37
Save your recovery kit in a safe place then click Next. Follow the instructions in the image below.
STEP 38
Choose a Security token then click Next. Follow the instructions in the image below.
STEP 39
Your Passbolt dashboard at a glance!
STEP 40
At the top right of the page click on your own name then select Theme to switch to Dark Mode. Follow the instructions in the image below.
Enjoy Passbolt!
If you encounter issues by using this container, make sure to check out the Common Docker issuesĀ article.
Note: Can I run Docker on my Synology NAS?Ā See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: Find outĀ how to update the Passbolt container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.
This post was updated on Saturday / January 11th, 2025 at 11:44 AM