Access Passbolt in Docker by IP/ Blank page

Installation Issues
1

Checklist
[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

I had this running before, and when Proxmox ate itself, I lost my server…
I’m trying to re-install Passbolt as a self-hosted private service on docker, and before I upgraded Proxmox, I was able to access the server by IP. I don’t really have DNS running here at home, so I wanted to keep using that method for now.
After following the UG for installation on a docker container, all I get is a blank page. Inspecting the webpage shows it going to the IP I have set, but then reverting to the default domain set in the docker-compose file. Not sure what I’m missing here.
How can I set this up to be accessible on my private network by IP. At least for now?

2

Hello @cpnbnanamn ,

but then reverting to the default domain set in the docker-compose file

Can you confirm that on your docker-compose file, the APP_FULL_BASE_URL match your local ip address?

3

Yes, I can. My docker-compose file looks like this currently (snippet):

passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://10.0.0.125
DATASOURCES_DEFAULT_HOST: “db”
DATASOURCES_DEFAULT_USERNAME: “”
DATASOURCES_DEFAULT_PASSWORD: “”
DATASOURCES_DEFAULT_DATABASE: “”
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
“/usr/bin/wait-for.sh”,
“-t”,
“0”,
“db:3306”,
“–”,
“/docker-entrypoint.sh”,

image

image
image727×632 37.6 KB

4

Might be worth trying to clear the cache on the container:
./bin/cake cache clear_all

5

image

This is a docker LXC container within Proxmox. Not sure how much of a difference that makes.

6

You musn’t launch this command as root, as you can encounter ownership issues.

Please have a look at Passbolt Help | Troubleshoot Docker for the correct way to launch the commands.

By the way, I see in your browser debug logs some passbolt.local occurences. Clearing cache as requested by Clayton should fix your issue.

Best,

7

Found part of the issue… I wasn’t connected as www-data

Ran healthcheck and am seeing a few errors that concern me.
the docker-compose file as the APP_FULL_BASE_URL set as the IP. Clearing the cache didn’t resolve this.

./bin/cake passbolt healthcheck
[?2004l
____ __ ____
/ __ ____ _____ / / ____ / / /
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell…

Environment

[32m[PASS] [0m PHP version 8.2.7.
[32m[PASS] [0m PCRE compiled with unicode support.
[32m[PASS] [0m The temporary directory and its content are writable and not executable.
[32m[PASS] [0m The logs directory and its content are writable.
[32m[PASS] [0m GD or Imagick extension is installed.
[32m[PASS] [0m Intl extension is installed.
[32m[PASS] [0m Mbstring extension is installed.

Config files

[32m[PASS] [0m The application config file is present
[33m[WARN] The passbolt config file is missing in /etc/passbolt/
[36m[HELP] [0m Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[36m[HELP] [0m The passbolt config file is not required if passbolt is configured with environment variables

Core config

[32m[PASS] [0m Debug mode is off.
[32m[PASS] [0m Cache is working.
[32m[PASS] [0m Unique value set for security.salt
[32m[PASS] [0m Full base url is set to https://passbolt.local
[32m[PASS] [0m App.fullBaseUrl validation OK.
[31m[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[36m[HELP] [0m Check that the domain name is correct in /etc/passbolt/passbolt.php
[36m[HELP] [0m Check the network settings

SSL Certificate

[31m[FAIL] SSL peer certificate does not validate [0m
[31m[FAIL] Hostname does not match when validating certificates.
[33m[WARN] Using a self-signed certificate [0m
[36m[HELP] [0m Check Passbolt Help | Troubleshoot SSL
[36m[HELP] [0m cURL Error (6) Could not resolve host: passbolt.local

Database

[32m[PASS] [0m The application is able to connect to the database
[32m[PASS] [0m 32 tables found
[32m[PASS] [0m Some default content is present
[32m[PASS] [0m The database schema up to date.

GPG Configuration

[32m[PASS] [0m PHP GPG Module is installed and loaded.
[32m[PASS] [0m The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[32m[PASS] [0m The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[31m[FAIL] The server OpenPGP key is not set [0m
[36m[HELP] [0m Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
[36m[HELP] [0m See. Passbolt Help | Installation
[32m[PASS] [0m The public key file is defined in /etc/passbolt/passbolt.php and readable.
[32m[PASS] [0m The private key file is defined in /etc/passbolt/passbolt.php and readable.
[31m[FAIL] The server key fingerprint doesn’t match the one defined in /etc/passbolt/passbolt.php.
[36m[HELP] [0m Double check the key fingerprint, example:
[36m[HELP] [0m sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[36m[HELP] [0m SERVER_KEY_EMAIL: The email you used when you generated the server key.
[36m[HELP] [0m See. Passbolt Help | Installation
[31m[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [0m
[36m[HELP] [0m Import the private server key in the keyring of the webserver user.
[36m[HELP] [0m you can try:
[36m[HELP] [0m sudo su -s /bin/bash -c “gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc” www-data
[31m[FAIL] The server key does not have a valid email id. [0m
[36m[HELP] [0m Edit or generate another key with a valid email id.

Application configuration

[32m[PASS] [0m Using latest passbolt version (4.1.1).
[31m[FAIL] Passbolt is not configured to force SSL use. [0m
[36m[HELP] [0m Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[32m[PASS] [0m App.fullBaseUrl is set to HTTPS.
[32m[PASS] [0m Selenium API endpoints are disabled.
[32m[PASS] [0m Search engine robots are told not to index content.
[36m[INFO] [0m The Self Registration plugin is enabled.
[36m[INFO] [0m Registration is closed, only administrators can add users.
[32m[PASS] [0m The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[33m[WARN] Host availability checking is disabled. [0m
[36m[HELP] [0m Make sure this instance is not publicly available on the internet.
[36m[HELP] [0m Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[36m[HELP] [0m Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[32m[PASS] [0m Serving the compiled version of the javascript app.
[33m[WARN] Some email notifications are disabled by the administrator. [0m

JWT Authentication

[32m[PASS] [0m The JWT Authentication plugin is enabled
[32m[PASS] [0m The /etc/passbolt/jwt/ directory is not writable.
[32m[PASS] [0m A valid JWT key pair was found

SMTP Settings

[32m[PASS] [0m The SMTP Settings plugin is enabled.
[32m[PASS] [0m SMTP Settings coherent. You may send a test email to validate them.
[33m[WARN] The SMTP Settings source is: env variables. [0m
[36m[HELP] [0m It is recommended to set the SMTP Settings in the database through the administration section.
[33m[WARN] The SMTP Settings plugin endpoints are enabled. [0m
[36m[HELP] [0m It is recommended to disable the plugin endpoints.
[36m[HELP] [0m Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[36m[HELP] [0m Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

[31m[FAIL] 8 error(s) found. Hang in there! [0m

Why isn’t it using the URL specified in the docker-compose file?

8

Hello, there is a conflict between the full base url from the docker-compose and what’s shown on the healthcheck. It looks like it uses the default url that comes with the yaml file. Since you’ve cleared the cache is there any issues in the container logs?

9

Where is it getting the default URL from then? The docker-compose.yaml file has the IP in it.

This is what’s in the container logs since clearing the cache. From what I can tell, the pid with exit 0 appear to be sessions that have closed?
____ __ ____
/ __ ____ _____ / / ____ / / /
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams

Running migration scripts.

using migration paths

  • /etc/passbolt/Migrations
    using seed paths
    using environment default
    using adapter mysql
    using database passbolt
    ordering by creation time
    All Done. Took 0.0208s
    Clearing cake caches
    Clearing cake_model
    Cleared cake_model cache
    Clearing cake_core
    Cleared cake_core cache
    Enjoy! :peace_symbol:
    /usr/lib/python3/dist-packages/supervisor/options.py:474: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a “-c” argument specifying an absolute path to a configuration file for improved security.
    self.warnings.warn(
    2023-07-22 12:01:02,885 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
    2023-07-22 12:01:02,886 INFO Included extra file “/etc/supervisor/conf.d/cron.conf” during parsing
    2023-07-22 12:01:02,886 INFO Included extra file “/etc/supervisor/conf.d/nginx.conf” during parsing
    2023-07-22 12:01:02,886 INFO Included extra file “/etc/supervisor/conf.d/php.conf” during parsing
    2023-07-22 12:01:02,890 INFO RPC interface ‘supervisor’ initialized
    2023-07-22 12:01:02,890 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
    2023-07-22 12:01:02,890 INFO supervisord started with pid 1
    2023-07-22 12:01:03,893 INFO spawned: ‘php-fpm’ with pid 187
    2023-07-22 12:01:03,895 INFO spawned: ‘nginx’ with pid 188
    2023-07-22 12:01:03,897 INFO spawned: ‘cron’ with pid 189
    [22-Jul-2023 12:01:03] NOTICE: fpm is running, pid 187
    [22-Jul-2023 12:01:03] NOTICE: ready to handle connections
    [22-Jul-2023 12:01:03] NOTICE: systemd monitor interval set to 10000ms
    2023-07-22 12:01:04,989 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2023-07-22 12:01:04,989 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2023-07-22 12:01:04,989 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    10.0.0.100 - - [22/Jul/2023:12:01:06 +0000] “GET / HTTP/2.0” 302 0 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0”
    2023-07-22 12:01:06,914 INFO reaped unknown pid 209 (exit status 0)
    2023-07-22 12:01:06,915 INFO reaped unknown pid 211 (exit status 0)
    2023-07-22 12:01:06,915 INFO reaped unknown pid 213 (exit status 0)
    2023-07-22 12:01:06,915 INFO reaped unknown pid 215 (exit status 0)
    2023-07-22 12:01:06,916 INFO reaped unknown pid 217 (exit status 0)
    2023-07-22 12:01:06,916 INFO reaped unknown pid 219 (exit status 0)
    2023-07-22 12:01:06,916 INFO reaped unknown pid 221 (exit status 0)
    10.0.0.100 - - [22/Jul/2023:12:01:07 +0000] “GET /auth/login?redirect=%2F HTTP/2.0” 200 1099 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0”
    2023-07-22 12:01:07,002 INFO reaped unknown pid 224 (exit status 0)
    2023-07-22 12:01:07,002 INFO reaped unknown pid 226 (exit status 0)
    2023-07-22 12:01:07,003 INFO reaped unknown pid 228 (exit status 0)
    2023-07-22 12:01:07,003 INFO reaped unknown pid 230 (exit status 0)
    2023-07-22 12:01:07,003 INFO reaped unknown pid 232 (exit status 0)
    2023-07-22 12:01:07,004 INFO reaped unknown pid 234 (exit status 0)
    2023-07-22 12:01:07,004 INFO reaped unknown pid 236 (exit status 0)
    10.0.0.100 - - [22/Jul/2023:12:01:07 +0000] “GET /settings.json?api-version=v2 HTTP/2.0” 200 1314 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0”
    2023-07-22 12:01:07,363 INFO reaped unknown pid 239 (exit status 0)
    2023-07-22 12:01:07,363 INFO reaped unknown pid 241 (exit status 0)
    10.0.0.100 - - [22/Jul/2023:12:01:07 +0000] “POST /auth/verify.json?api-version=v2 HTTP/2.0” 200 282 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0”
    2023-07-22 12:01:07,486 INFO reaped unknown pid 244 (exit status 0)
    2023-07-22 12:01:07,487 INFO reaped unknown pid 246 (exit status 0)
10

Did you try to connect from another browser? Ensure you have a copy of your private key and try to recover your account. Maybe this setting is stored in the browser extension, you can try to clean browser cache too. But starting from another browser can ensure your browser extension is clean.

Hope this helps,

11

I haven’t re-added my database or passwords or anything. This is a fresh installation - nothing on it.
I’ve tried 3 different browsers, 3 different devices, before and after cache clearing, and get the same result.
I should also note that I blew away the LXC, and this is a new container, as well

12

If you jump into the passbolt container and run:

echo $APP_FULL_BASE_URL

What do you see ? passbolt.local or https://10.0.0.125 ?

And if you type the env command, you should see all environment variables. Can you check the vatiables related to database are are the ones you set in your docker-compose.yaml file ?

I also use passbolt in proxmox but within a Debian 12 LXC container. I installed from the Debian package and it works fine. My passbolt is behind a reverse proxy to handle SSL termination.

13

I’m seeing the default URL. But why? docker-compose has the IP. Did I miss something in setup here?

www-data@591719c6963c:/usr/share/php/passbolt$ echo $APP_FULL_BASE_URL
https://passbolt.local

www-data@591719c6963c:/usr/share/php/passbolt$ env
SHELL=/bin/bash
HOSTNAME=591719c6963c
PHP_VERSION=8.2
DATASOURCES_DEFAULT_USERNAME=
GNUPGHOME=/var/lib/passbolt/.gnupg
PWD=/usr/share/php/passbolt
LOGNAME=www-data
PASSBOLT_PKG=passbolt-ce-server
DATASOURCES_DEFAULT_PASSWORD=
HOME=/var/www
TERM=xterm
USER=www-data
DATASOURCES_DEFAULT_DATABASE=
PASSBOLT_FLAVOUR=ce
SHLVL=2
DATASOURCES_DEFAULT_HOST=db
PASSBOLT_PKG_KEY=
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL=/var/mail/www-data
APP_FULL_BASE_URL=https://passbolt.local
_=/usr/bin/env

14

I guess the environment section of your docker-compose file is not taken into account.

How do you run docker in your proxmox server ? Directly in the server? Which compose version are you using ? How did you setup docker ?

15

I used a script for Proxmox from tteckster. I used it before on Proxmox 7 without issue.

Proxmox is barebones on the server, and a docker container is run within that.

Doesn’t make sense that docker-compose isn’t being used here. Is there another method I should be using?

16

I may have figured this out. I built a new instance, and redid the docker-compose variables, and then brought up the app. That works! I may know where I messed up. I’ll close this if that’s the case.

17

If you can explain what you did to fix your issue, maybe it will help other people.

Thx!

18

I was trying to make changes to the docker compose file and then stop/start the application in docker thinking it would pick up the changes. It wasn’t until I basically re-deployed the docker-compose file that it started working.
Not everything works yet. I still have to fix email, and find out why the Users page goes blank

Thank you for the help thus far. I appreciate the community!

3 Likes