Found part of the issue… I wasn’t connected as www-data
Ran healthcheck and am seeing a few errors that concern me.
the docker-compose file as the APP_FULL_BASE_URL set as the IP. Clearing the cache didn’t resolve this.
./bin/cake passbolt healthcheck
[?2004l
____ __ ____
/ __ ____ _____ / / ____ / / /
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell…
Environment
[32m[PASS] [0m PHP version 8.2.7.
[32m[PASS] [0m PCRE compiled with unicode support.
[32m[PASS] [0m The temporary directory and its content are writable and not executable.
[32m[PASS] [0m The logs directory and its content are writable.
[32m[PASS] [0m GD or Imagick extension is installed.
[32m[PASS] [0m Intl extension is installed.
[32m[PASS] [0m Mbstring extension is installed.
Config files
[32m[PASS] [0m The application config file is present
[33m[WARN] The passbolt config file is missing in /etc/passbolt/
[36m[HELP] [0m Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[36m[HELP] [0m The passbolt config file is not required if passbolt is configured with environment variables
Core config
[32m[PASS] [0m Debug mode is off.
[32m[PASS] [0m Cache is working.
[32m[PASS] [0m Unique value set for security.salt
[32m[PASS] [0m Full base url is set to https://passbolt.local
[32m[PASS] [0m App.fullBaseUrl validation OK.
[31m[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[36m[HELP] [0m Check that the domain name is correct in /etc/passbolt/passbolt.php
[36m[HELP] [0m Check the network settings
SSL Certificate
[31m[FAIL] SSL peer certificate does not validate [0m
[31m[FAIL] Hostname does not match when validating certificates.
[33m[WARN] Using a self-signed certificate [0m
[36m[HELP] [0m Check Passbolt Help | Troubleshoot SSL
[36m[HELP] [0m cURL Error (6) Could not resolve host: passbolt.local
Database
[32m[PASS] [0m The application is able to connect to the database
[32m[PASS] [0m 32 tables found
[32m[PASS] [0m Some default content is present
[32m[PASS] [0m The database schema up to date.
GPG Configuration
[32m[PASS] [0m PHP GPG Module is installed and loaded.
[32m[PASS] [0m The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[32m[PASS] [0m The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[31m[FAIL] The server OpenPGP key is not set [0m
[36m[HELP] [0m Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
[36m[HELP] [0m See. Passbolt Help | Installation
[32m[PASS] [0m The public key file is defined in /etc/passbolt/passbolt.php and readable.
[32m[PASS] [0m The private key file is defined in /etc/passbolt/passbolt.php and readable.
[31m[FAIL] The server key fingerprint doesn’t match the one defined in /etc/passbolt/passbolt.php.
[36m[HELP] [0m Double check the key fingerprint, example:
[36m[HELP] [0m sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[36m[HELP] [0m SERVER_KEY_EMAIL: The email you used when you generated the server key.
[36m[HELP] [0m See. Passbolt Help | Installation
[31m[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [0m
[36m[HELP] [0m Import the private server key in the keyring of the webserver user.
[36m[HELP] [0m you can try:
[36m[HELP] [0m sudo su -s /bin/bash -c “gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc” www-data
[31m[FAIL] The server key does not have a valid email id. [0m
[36m[HELP] [0m Edit or generate another key with a valid email id.
Application configuration
[32m[PASS] [0m Using latest passbolt version (4.1.1).
[31m[FAIL] Passbolt is not configured to force SSL use. [0m
[36m[HELP] [0m Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[32m[PASS] [0m App.fullBaseUrl is set to HTTPS.
[32m[PASS] [0m Selenium API endpoints are disabled.
[32m[PASS] [0m Search engine robots are told not to index content.
[36m[INFO] [0m The Self Registration plugin is enabled.
[36m[INFO] [0m Registration is closed, only administrators can add users.
[32m[PASS] [0m The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[33m[WARN] Host availability checking is disabled. [0m
[36m[HELP] [0m Make sure this instance is not publicly available on the internet.
[36m[HELP] [0m Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[36m[HELP] [0m Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[32m[PASS] [0m Serving the compiled version of the javascript app.
[33m[WARN] Some email notifications are disabled by the administrator. [0m
JWT Authentication
[32m[PASS] [0m The JWT Authentication plugin is enabled
[32m[PASS] [0m The /etc/passbolt/jwt/ directory is not writable.
[32m[PASS] [0m A valid JWT key pair was found
SMTP Settings
[32m[PASS] [0m The SMTP Settings plugin is enabled.
[32m[PASS] [0m SMTP Settings coherent. You may send a test email to validate them.
[33m[WARN] The SMTP Settings source is: env variables. [0m
[36m[HELP] [0m It is recommended to set the SMTP Settings in the database through the administration section.
[33m[WARN] The SMTP Settings plugin endpoints are enabled. [0m
[36m[HELP] [0m It is recommended to disable the plugin endpoints.
[36m[HELP] [0m Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[36m[HELP] [0m Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[31m[FAIL] 8 error(s) found. Hang in there! [0m
Why isn’t it using the URL specified in the docker-compose file?