How to Install Passbolt on Your Synology NAS

How to Install Passbolt on Your Synology NAS

Passbolt is a free and open source password manager designed for collaboration. With Passbolt you can securely generate, store, manage and monitor your team credentials. Get access to all of your logins and passwords from multiple browsers or even your mobile phone. In this step by step guide I will show you how to install Passbolt on your Synology NAS using Docker & Portainer. Note: You can use Bitwarden or Vaultwarden as alternatives to Passbolt.

Note: This guide works perfectly with the latest version of Passbolt 3.9.1

  • STEP 1

Please Support My work by Making a Donation.

  • STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

  • STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

  • STEP 4

Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.

Passbolt Synology NAS Set up 1

  • STEP 5

Now click the “Create” button. Follow the instructions in the image below.

Passbolt Synology NAS Set up 2

  • STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in Passbolt. After that, add the following instructions:

Source:
Protocol: HTTPS
Hostname: passbolt.yourname.synology.me
Port: 443

Check Enable HSTS

Destination:
Protocol: HTTP
Hostname: localhost
Port: 9475

Passbolt Synology NAS Set up 3

  • STEP 7

On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.

Synology Proxy WebSocket

  • STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

Passbolt Synology NAS Set up 4

  • STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.

Passbolt Synology NAS Set up 5

  • STEP 10

Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it passbolt. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

Passbolt Synology NAS Set up 6

  • STEP 11

Now create four new folders inside the passbolt folder that you created at STEP 10 and name them db, gpg, jwt. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

Passbolt Synology NAS Set up 7

  • STEP 12

Right click on the gpg folder that you have previously created at STEP 11 then click Properties. Follow the instructions in the image below.

Passbolt Synology NAS Set up 8

  • STEP 13

Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.

Passbolt Synology NAS Set up 9

  • STEP 14

Select Everyone then click the Edit tab. Follow the instructions in the image below.

Passbolt Synology NAS Set up 10

  • STEP 15

Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.

Passbolt Synology NAS Set up 11

  • STEP 16

After you click Done on STEP 15, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.

Passbolt Synology NAS Set up 12

  • STEP 17

Right click on the jwt folder that you have previously created at STEP 11 then click Properties. Follow the instructions in the image below.

Passbolt Synology NAS Set up 13

  • STEP 18

Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.

Passbolt Synology NAS Set up 14

  • STEP 19

Select Everyone then click the Edit tab. Follow the instructions in the image below.

Passbolt Synology NAS Set up 15

  • STEP 20

Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.

Passbolt Synology NAS Set up 17

  • STEP 21

After you click Done on STEP 20, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.

Passbolt Synology NAS Set up 18

  • STEP 22

Follow my step by step guide on how to activate SMTP for your Gmail account. This step is mandatory. Note: If you don’t want to use the easiest way for SMTP with Google and you already have SMTP details from your own Mail Server, you can just skip this STEP and use your personalized email SMTP details instead.

  • STEP 23

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

1 Synology Portainer Add Stack

  • STEP 24

In the Name field type in passbolt. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

version: "3.9"
services:
  db:
    image: mariadb:jammy
    container_name: Passbolt-DB
    hostname: passbolt-db
    mem_limit: 512m
    mem_reservation: 128m
    cpu_shares: 768
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -P 3306 -prootpass | grep 'mysqld is alive' || exit 1"]
    volumes:
      - /volume1/docker/passbolt/db:/var/lib/mysql:rw
    environment:
      TZ: Europe/Bucharest
      MYSQL_ROOT_PASSWORD: rootpass
      MYSQL_DATABASE: passbolt
      MYSQL_USER: passboltuser
      MYSQL_PASSWORD: passboltpass
    restart: on-failure:5

  passbolt:
    image: passbolt/passbolt:latest-ce-non-root
    command:
      - /bin/bash
      - -c
      - /usr/bin/wait-for.sh -t 0 db:3306 -- /docker-entrypoint.sh
    container_name: Passbolt
    hostname: passbolt
    mem_limit: 1g
    cpu_shares: 512
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test: curl -f http://localhost:8080/ || exit 1
    ports:
      - 9475:8080
    volumes:
      - /volume1/docker/passbolt/gpg:/etc/passbolt/gpg:rw
      - /volume1/docker/passbolt/jwt:/etc/passbolt/jwt:rw
    environment:
      DEBUG: false
      APP_FULL_BASE_URL: https://passbolt.yourname.synology.me
      DATASOURCES_DEFAULT_HOST: passbolt-db
      DATASOURCES_DEFAULT_USERNAME: passboltuser
      DATASOURCES_DEFAULT_PASSWORD: passboltpass
      DATASOURCES_DEFAULT_DATABASE: passbolt
      PASSBOLT_REGISTRATION_PUBLIC: true
      EMAIL_DEFAULT_FROM: Your-own-gmail-address
      EMAIL_TRANSPORT_DEFAULT_HOST: smtp.gmail.com
      EMAIL_TRANSPORT_DEFAULT_PORT: 587
      EMAIL_TRANSPORT_DEFAULT_USERNAME: Your-own-gmail-address
      EMAIL_TRANSPORT_DEFAULT_PASSWORD: Your-own-app-password
      EMAIL_TRANSPORT_DEFAULT_TLS: true
    restart: on-failure:5
    depends_on:
      db:
        condition: service_started

Note: Before you paste the code above in the Web editor area below, change the value for TZ. (Select your current Time Zone from this list.)
Note: Before you paste the code above in the Web editor area below, change the value for APP_FULL_BASE_URL and type in your own synology.me DDNS with https:// at the beginning that you have previously created at STEP 6.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_DEFAULT_FROM and type in your own Gmail address. Refer to STEP 22.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_TRANSPORT_DEFAULT_USERNAME and type in your own Gmail address. Refer to STEP 22.
Note: Before you paste the code above in the Web editor area below, change the value for EMAIL_TRANSPORT_DEFAULT_PASSWORD and type in your own Gmail app password. Refer to STEP 22.

Passbolt Synology NAS Set up 19 new 2023

  • STEP 25

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

Passbolt Synology NAS Set up 20 2023 new

  • STEP 26

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

Passbolt Synology NAS Set up 21

  • STEP 27

Go back to STEP 1 or you will deal with karma 🙂.

  • STEP 28

Now open your browser and type in your HTTPS/SSL certificate like this https://passbolt.yourname.synology.me In my case it’s https://passbolt.mariushosting.synology.me If everything goes right, you will see the Passbolt main page. Type in your own email that you have previously added at STEP 24 then click Next. Follow the instructions in the image below.

Passbolt Synology NAS Set up 22

  • STEP 29

Type in your First and Last name then click Sign up. Follow the instructions in the image below.

Passbolt Synology NAS Set up 23

  • STEP 30

After you click Sign up at STEP 29, a new message will notify you to check your mailbox.

Passbolt Synology NAS Set up 24

  • STEP 31

Wait approximately 2 minutes until you get an email welcoming you to passbolt. Click Get Started. Follow the instructions in the image below.

Passbolt Synology NAS Set up 25 new

  • STEP 32

After you click Get started at STEP 31 you will automatically be redirected to your synology.me DDNS address. Click Download extension to download the Passbolt extension for your browser. Follow the instructions in the image below.

Passbolt Synology NAS Set up 26

  • STEP 33

Click Add to Chrome. Follow the instructions in the image below.

Passbolt Synology NAS Set up 27

  • STEP 34

Click Add extension. Follow the instructions in the image below.

Passbolt Synology NAS Set up 28

  • STEP 35

After the Passbolt extension is installed on your browser, click Next. Follow the instructions in the image below.

Passbolt Synology NAS Set up 29

  • STEP 36

Type in your own Password then click Next. Follow the instructions in the image below.

Passbolt Synology NAS Set up 30

  • STEP 37

Save your recovery kit in a safe place then click Next. Follow the instructions in the image below.

Passbolt Synology NAS Set up 31

  • STEP 38

Choose a Security token then click Next. Follow the instructions in the image below.

Passbolt Synology NAS Set up 32

  • STEP 39

Your Passbolt dashboard at a glance!

Passbolt Synology NAS Set up 33

  • STEP 40

At the top right of the page click on your own name then select Theme to switch to dark mode. Follow the instructions in the image below.

Passbolt Synology NAS Set up 34

Enjoy Passbolt!

Note: Can I run Docker on my Synology NAS? See the supported models.
Note: Find out how to update the Passbolt container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.

This post was updated on Thursday / February 2nd, 2023 at 1:12 AM