Create a Secure Web Based Password Vault with Keepass Web
24#KeepassWeb #PasswardVault #Linux
Full steps can be found at https://i12bretro.github.io/tutorials...
01. Log into the Debian device
02. Run the following commands in a terminal:
update repositories and install any available software updates
sudo apt update
sudo apt upgrade
install apache2
sudo apt install apache2
download and extract keepass web
wget https://github.com/keeweb/keeweb/arch...
sudo unzip gh-pages.zip -d /var/www/html/
sudo mv /var/www/html/keeweb-gh-pages /var/www/html/keepass
create webdav directory and set permissions
sudo mkdir /var/www/html/webdav
sudo chown -R www-data:www-data /var/www/html/webdav
change permissions on the newly setup application folder
sudo chown -R www-data:www-data /var/www/html/keepass
create a new keepass.conf file to configure the site
sudo nano /etc/apache2/sites-available/keepass.conf
03. Paste the following directives into keepass.conf
DavLockDB "/var/www/html/webdav/DavLock"
≪Location /keepass ≫
RewriteEngine on
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
Don't require LDAP authentication for a healthcheck
SetEnvIf Request_URI "^/healhcheck" accessgranted=1
Order deny,allow
Satisfy any
Deny from all
Allow from env=accessgranted
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "readonly_svc@i12bretro.local"
AuthLDAPBindPassword "Read0nly!!"
AuthName "Restricted Area [i12bretro.local]"
to authenticate a domain group, specify the full DN
AuthLDAPGroupAttributeIsDN on
require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local
≪/Location≫
≪Location "/webdav"≫
DAV On
AuthType "Basic"
AuthName "webdav"
Options Indexes
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Header always set Access-Control-Expose-Headers "ETag"
Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Header always set Access-Control-Allow-Credentials "true"
≪/Location≫
04. Edit the index.html file and modify the kw-config meta tag, setting the value to config.json
sudo nano /var/www/html/keepass/index.html
05. Press CTRL+O, Enter, CTRL+X to write the changes to index.html
06. Create and edit config.json to by running the following command:
sudo nano /var/www/html/keepass/config.json
07. Paste the following in to config.json
{
"settings": {
"theme": "fb",
"autoSave": true,
"autoSaveInterval": 1,
"canOpenDemo": false,
"dropbox": false,
"gdrive": false,
"onedrive": false,
"canExportXml": true
},
"files": [{
"storage": "webdav",
"name": "Database",
"path": "/webdav/database.kdbx"
}]
}
08. Press CTRL+O, Enter, CTRL+X to write the changes to config.json
09. Continue by executing the following commands in terminal:
# enable the keepass site and required Apache modules
sudo a2ensite keepass
sudo a2enmod dav dav_fs ldap authnz_ldap rewrite headers
restart apache2 service for the changes to take effect
sudo systemctl restart apache2
10. Open a web browser and navigate to http://DNSorIP/keepass
11. Authenticate with a valid LDAP user account
12. Click the New icon
13. Click the New link in the lower left hand corner
14. Enter a Master password and re-type it to confirm
15. Enter a Name for the keepass database
16. Click the Save to... button ≫ File
17. Save the database to ~/database.kdbx
18. Close the browser
19. Continue by executing the following commands in terminal:
copy the keepass database to webdav directory
sudo mv ~/database.kdbx /var/www/html/webdav/
20. Open a web browser and navigate to http://DNSorIP/keepass
....Full steps can be found on GitHub [link at the top]
Connect with me and others ###
★ Discord: / discord
★ Reddit: / i12bretro
★ Twitter: / i12bretro