Apologies for the immensely delayed response - some other matters came up that I had to attend to.
Okay. Actually, I have to admit I have a bit of an interesting configuration here - we’re trying to use Portainer as our container management interface and so I set it up all on there - and from what I can tell, it’s running just fine, but I cannot get to the URL it generates for me for initial setup, and I’ve configured our internal DNS to CNAME passbolt.example.com
to our Portainer VM, portainer.example.com
. I even later tried Caddy, to see if I could get it to work (it’s way easier than Apache).
Anyways. Configs, sanitized:
Apache HTTPD:
<VirtualHost *:80>
ServerName passbolt.example.com
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin administrator@example.com
ServerName passbolt.example.com
SSLProxyEngine On
ProxyRequests Off
RequestHeader set "X-Forwarded-Proto" https
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/example-wildcard.crt
SSLCertificateKeyFile /etc/pki/tls/private/example-wildcard.key
<Location "/">
ProxyPreserveHost On
ProxyPass http://localhost:8005/
ProxyPassReverse http://localhost:8005/
</Location>
ErrorLog logs/passbolt-error_log
CustomLog logs/passbolt-access_log common
</VirtualHost>
Caddy:
passbolt.example.com {
reverse_proxy localhost:8005
}
Docker-Compose Config:
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://passbolt.example.com
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
ports:
# - 80:80
# - 443:443
#Alternatively for non-root images:
- 8005:8080
- 9444:4433
volumes:
database_volume:
gpg_volume:
jwt_volume:
Noooo dicey. I just get “Unable to connect” (on Firefox 123 64-bit on Windows 10 Pro x64, although I get the same on my Fedora 36 box at work).
I’ve also got SELinux turned off, although for obvious reasons, we’d like that turned on. Lastly - is there any way for us to customize the database passwords and such, just for that added bit of security? Because that, too, would be nice.
EDIT: I should add!
I also tried connecting directly - by configuring firewalld
to simply allow TCP ports 8005 and 9444 through and by disabling httpd.service
as well as caddy.service
. Again - no dice.