Hi again,
So I just gave a try and here is my docker-compose.yaml file, without any environment variables:
version: '3.7'
services:
db:
image: mariadb:10.7
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:3.5.0-ce
restart: unless-stopped
tty: true
depends_on:
- db
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
- ./cert.pem:/etc/ssl/certs/certificate.crt:ro
- ./key.pem:/etc/ssl/certs/certificate.key:ro
- ./passbolt.php:/etc/passbolt/passbolt.php:ro
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
ports:
- 80:80
- 443:443
volumes:
database_volume:
gpg_volume:
jwt_volume:
The interesting part is the passbolt.php file mounted as a volume:
volumes:
(...)
- ./passbolt.php:/etc/passbolt/passbolt.php:ro
Instead of a source file, you will have to define secret, as explained here: Compose file version 3 reference | Docker Documentation
As a reference here is my sample passbolt.php file:
<?php
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 2.0.0
*/
return [
'App' => [
'fullBaseUrl' => 'https://passbolt.docker.jc',
],
// Database configuration.
'Datasources' => [
'default' => [
'host' => 'db',
//'port' => 'non_standard_port_number',
'username' => 'passbolt',
'password' => 'P4ssb0lt',
'database' => 'passbolt',
],
],
// Email configuration.
'EmailTransport' => [
'default' => [
'host' => 'localhost',
'port' => 25,
'username' => 'user',
'password' => 'secret',
// Is this a secure connection? true if yes, null if no.
'tls' => null,
//'timeout' => 30,
//'client' => null,
//'url' => null,
],
],
'Email' => [
'default' => [
'from' => ['passbolt@your_organization.com' => 'Passbolt'],
],
],
'passbolt' => [
'gpg' => [
'serverKey' => [
'fingerprint' => '7C9D88E63A85D1B677976C2609DB72B1BF932FA0',
],
],
],
];
Before starting the stack the first time, you don’t know what is the passbolt server fingerprint. You have to start the stack, and once it is up and running, jump in the passbolt container to retrieve the passbolt gpg server key fingerprint:
root@4e072ed88e0e:/usr/share/php/passbolt# gpg --show-keys /etc/passbolt/gpg/serverkey.asc
gpg: WARNING: unsafe ownership on homedir '/var/lib/passbolt/.gnupg'
pub rsa2048 2022-04-08 [SC]
7C9D88E63A85D1B677976C2609DB72B1BF932FA0
uid Passbolt default user <passbolt@yourdomain.com>
sub rsa2048 2022-04-08 [E]
Mine was 7C9D88E63A85D1B677976C2609DB72B1BF932FA0, so I edited the passbolt.php file to put the correct fingerprint.
Then I created the first admin user, as described in the doc:
docker-compose -f docker-compose-ce.yml exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u john@doe.com \
-f yourname \
-l surname \
-r admin" -s /bin/sh www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
User saved successfully.
To start registration follow the link provided in your mailbox or here:
https://passbolt.docker.jc/setup/install/e1fc4233-237f-4808-a8df-d240f2fac689/aac97232-bd56-45a4-8edf-2314f3e1f047
Best,