502 error after upgrade to v3.3.0

Checklist
[ *] I have read intro post: About the Installation Issues category
[ *] I have read the tutorials, help and searched for similar issues
[ *] I provide relevant information about my server (component names and versions, etc.)
[ *] I provide a copy of my logs and healthcheck
[ *] I describe the steps I have taken to trouble shoot the problem
[ *] I describe the steps on how to reproduce the issue

I am trying to upgrade my passbolt VM to v3.3.0 from ~v2.3 and I am getting a 502 error after doing a migration.

I am running Ubuntu 20.04 with PHP 7.4 and MySQL 8 on another device on the network. I am also using an Apache server as a web proxy as I have multiple sites that are served through it.

Please let me know what logs I need to pull from my system so I can troubleshoot this.

Below is what I get when I run a healthcheck:

PASSBOLT
Open source password manager for teams

Healthcheck shell…Warning Error: file_get_contents(/var/www/passbolt/config/jwt/jwt.pem): failed to open stream: No such file or directory
In [/var/www/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]

2021-10-31 22:41:59 Warning: Warning (2): file_get_contents(/var/www/passbolt/config/jwt/jwt.pem): failed to open stream: No such file or directory in [/var/www/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]


Environment

[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.XXXXXXX.com
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (3.3.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

JWT Authentication

[WARN] The JWT Authentication plugin is disabled
[HELP] Set the environment variable PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to true

[FAIL] 3 error(s) found. Hang in there!

The last two Nginx errors that I captured showing me trying to connect:

2021/10/31 22:48:14 [error] 3885#3885: *64 connect() failed (111: Connection refused) while connecting to upstream, client: 10.208.41.233, server: passbolt.XXXXXXX.com, request: “GET /install/system_check HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “passbolt.XXXXXXX.com

2021/10/31 22:53:45 [error] 3885#3885: *69 connect() failed (111: Connection refused) while connecting to upstream, client: 10.208.41.233, server: passbolt.XXXXXXX.com, request: “GET / HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “passbolt.XXXXXXX.com

@krosseyed your post should now be visible.

Thank you @remy for opening this back up, as I have been able to resolve my issue.

Turns out it was an Nginx error and I had followed all the steps in the following guide to resolve it:

The solution from this guide that worked for me was the following:

nano www.conf

listen = 127.0.0.1:9000

After that change, nginx started to work again. So if you are updating from 18.04 → 20.04 on ubuntu, please check that your nginx config hasn’t been modified, as it may prevent passbolt access via nginx.

Thanks for your feedback about your installation issue. I think it can help other users.

By the way, the default with Ubuntu 20.04 is now to use a socket (/run/php/php7.4-fpm.sock) instead of a TCP connection (127.0.0.1:9000).

Another solution is to edit your nginx configuration file and use this socket:

    fastcgi_pass             unix:/run/php/php7.4-fpm.sock;

Instead of the TCP connection:

    fastcgi_pass             127.0.0.1:9000;

I appreciate the followup on this. I did have to change the fastcgi_pass value to the following before it would work.

fastcgi_pass unix:php7.4-fpm.pid;

After that, we are good to go!

2 Likes