Checklist
[ x ] I have read intro post:
[ x ] I have read the tutorials, help and searched for similar issues
- I followed the install from source (would link it but new user can only link 2 links)
- I also read this similar forum post, but could not find what I might need to change
- I also used to have this post problem However after some
.htaccessedit forth and back, I now got this issue.
[ x ] I provide relevant information about my server (component names and versions, etc.)
Server: Ubuntu 22.04
Passbolt: 3.8.1
[ x ] I provide a copy of my logs and healthcheck
[ x ] I describe the steps I have taken to trouble shoot the problem
[ ? ] I describe the steps on how to reproduce the issue
So my vhost configs looks like this
<VirtualHost *:80>
ServerAdmin togtja@gmail.com
ServerName passbolt.domain.com
DocumentRoot /var/www/passbolt/webroot
#DirectoryIndex index.php
#Redirect "/" "https://passbolt.domain.com"
ErrorLog ${APACHE_LOG_DIR}/passbolt_error.log
CustomLog ${APACHE_LOG_DIR}/passbolt_access.log combined
<Directory /var/www/passbolt/webroot>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =passbolt.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
443/SSL
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin togtja@gmail.com
ServerName passbolt.domain.com
DocumentRoot /var/www/passbolt/webroot
#DirectoryIndex index.php
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/passbolt_error.log
CustomLog ${APACHE_LOG_DIR}/passbolt_access.log combined
SSLEngine on
<Directory /var/www/passbolt/webroot>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
#<Directory /usr/lib/cgi-bin>
# SSLOptions +StdEnvVars
#</Directory>
SSLCertificateFile /etc/letsencrypt/live/passbolt.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/passbolt.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
.htaccess:
# Uncomment the following to prevent the httpoxy vulnerability
# See: https://httpoxy.org/
#<IfModule mod_headers.c>
# RequestHeader unset Proxy
#</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(\.well-known/.*)$ $1 [L]
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
rewrite is enabled
Healthchek log:
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 8.1.2-1ubuntu2.8.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://www.passbolt.domain.com
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
[HELP] fopen(): Unable to locate peer certificate CN
fopen(): Failed to enable crypto
fopen(https://www.passbolt.domain.com/healthcheck/status.json): Failed to open stream: operation failed
Database
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (3.8.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[FAIL] 3 error(s) found. Hang in there!
And finally my /var/log/apache2/passbolt_error.log (Only the relevant part, i belive)
[Mon Nov 21 12:22:55.589571 2022] [core:info] [pid 81157:tid 139781843899968] [client 84.48.95.77:51127] AH00128: File does not exist: /var/www/passbolt/webroot/auth/login
So I been trying to get passbolt up and running starting 2 days ago.
I first tried the ngnix solution, but that seem to not like my other apache webservice running there from before. So i tried doing to from source (Meaning I at somepoint had both source and the package version). At somepoint I managed to to the auth/login however non of the JS worked. I at somepoint uninstalled the package passbolt with sudo apt remove passbolt-ce-server (still have the var/www/passbolt source) and then I tried fixing the JS things by adding:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
to my .htaccess that seems to cause a 500 error where it redirected infinitly to /webroot/webrrot/webroot… after that I removed it I got the where I am now. I have aslo done alot of small edits to the vhostover time in hopes of fixing various problems.
Thanks for reading and help and guidance in advanced
