Hello, after having passbolt server up and running about 1.5 years. But now when i try to go my passbolt server web login page, its all blank. Devices with already logged in or cached the website can access it normally, included android and ios devices. Anyone know solution for this?
Hi @LassiY
Welcome to the community!
Thank you for using Passbolt.
I believe the post from @clayton will help you.
If this is not your issue please post your Passbolt Health-Check so the forum can further help diagnose the problem.
Cheers
Hello, i upgrade passbolt to the latest version, its same blank page as before. Also when visiting healthcheck from browser, it shows 404 error page, also here is my healtcheck:
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.4.33.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pass****.*****ivut.**u
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (4.2.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No error found. Nice one sparky!
Hi,
Did you tried with another browser with only passbolt extension installed?
What about nginx logs?
How did you installed passbolt?
Are you hosting other web applications on your server?
Which operating system are you using for your passbolt server?
Cheers,
Hello, i tried differend browser, device and ip-address. Including ios and android devices.
-Nginx log shows connection was made correctly.
-I installed passbolt as this quide says: Passbolt Help | Install Passbolt CE on Debian 12 (Bookworm)
-Im only hosting passbolt on the machine, but its behind reverse proxy by another machine.
Im using Debian 11, upgrade 12 without results.
Also now it seems that the old instanced cant connect to the server. I installed new vm with new passbolt installation, i got the same blank page as the old one.
I also installed new clear passbolt to differend network without reverse proxy or anything between. It worked, but after restoring the database, i get the blank screen again. I tried to migrate the database on newly installed server, but after that. The new server also stopped working, so i think the database is corrupted or i did not backup i correctly. I was using this quide: Passbolt Help | Migrate an existing Passbolt CE to a new Ubuntu server.
So in nutshell:
-tried differend combinations for user to login.
-Installed new passbolt for new vm > blank screen. (Using Debian 12 and 11 with )
-Installed new passbolt for new vm using differend network and hardware > working fine > restore old database > blank screen.
Thanks for providing these details.
You can also check /var/log/passbolt/error.log or php-fpm logs: /var/log/php*fpm.log
Some other commands:
# Clear cache
sudo -H -u www-data /usr/share/php/passbolt/bin/cake cache clear_all
# Datacheck
sudo -H -u www-data /usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details
You can also enable debug logs of the passbolt extension.
If you are using Google Chrome can you please go to: chrome://extensions
- Activate the Developer mode in the top right corner
- Look for the Passbolt card and click details button
- Look for the Inspect views and the index.html link
- A new window will appear this is the debugger of the browser extension << very important, we need logs from this other window
- Go to network tab
- Try to reproduce the error
On Firefox, you can go to: about:debugging#/runtime/this-firefox
- locate Passbolt and click Inspect
- A new tab for the console of the browser extension will appear.
- Go to the network tab
- try to reproduce the error
Do you see any error in the extension debug window ?
Hello, passbolt’s error.log shows this:
Client IP: 192.168.1.135
2023-09-03 17:27:24 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.1.135
2023-09-03 17:27:58 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.1.135
2023-09-03 17:28:08 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.1.135
I don’t get any errors when debugging both firefox and chrome extensions. But when comparing the network tab, the working one shows alot more files or request or what ever its called.
Its weird that already logged and cached browsers can access the server and even save/copy passwords normally but new can’t.
Datacheck passed all checks, also looking throught passbolt-access.log i noticed that working instance gives two GET requests and one POST request, the blank ones gives two GET requests.
Comparing those with working server, the working server that im hosting temporarily gives alot more GET requests (Without logged in only accessing the login page).
Hey @LassiY, thanks for sharing network tab’s screenshot. Can you also check & share console tab as well? I think you have some error in the console. Generally these errors are gone when you try clearing your browsers cache & cookies.
Also, looks like you are logged in because /auth/is-authenticated.json call is made after you’ve logged into the passbolt. So, is it the case that you are able to login but unable to access the passwords pages?
Hello, here are the console tabs:
This is the one that have never opened passbolt in webbrowser:
This is the one that have already logged in and can view passwords:
Everytime i test anything, i clear cache including cookies and other data.
So to be clear, the post that i submitted including console tab, user “blank.png” opened first time the passbolt login page, after the issue so never before. And the “working.png” user have before the issue logged in and can still access the login page normally with passwords using the browser or the plugin itself.
Yes, thats what i mean by blank. It does redirect to auth/login?redirect=%2F just like you have.
Do you have a force SSL turn to true inside your passbolt.php?
If its the case remove it (since you mentioned going through a reverse proxy)
Best,
Max
Another thing to check is the fullBaseUrl in your /etc/passbolt/passbolt.php file. I was able to produce this blank page by navigating to the IP address instead of what I have set for the fullBaseUrl and with using a reverse proxy this might be something to take a look at more
Hello, force ssl was turned off. Also my fullbaseurl looks like this:
‘fullBaseUrl’ => ‘https://passbolt.mywebsite.com’,
Just to confirm, that is the same URL you are using to connect to passbolt?
If so could you also share your nginx configuration?
Hello, the url is same.
This is the passbolt.php file:
type <?php
return [
'App' => [
// A base URL to use for absolute links.
// The url where the passbolt instance will be reachable to your end users.
// This information is need to render images in emails for example
'fullBaseUrl' => 'https://passbolt.mydomain.com',
],
// Database configuration.
'Datasources' => [
'default' => [
'host' => 'localhost',
'port' => '3306',
'username' => 'usernmae',
'password' => 'password',
'database' => 'database',
],
],
'passbolt' => [
// GPG Configuration.
// The keyring must be owned and accessible by the webserver user.
// Example: www-data user on Debian
'gpg' => [
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' => '**********************************',
'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc',
],
],
'ssl' => [
'force' => false,
]
],
];
And here is the nginx-passbolt.conf from sites-available
server {
listen 80;
listen [::]:80;
# Managed by Passbolt
# server_name
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
# Managed by Passbolt
# include __PASSBOLT_SSL__
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/__PHP_SOCK__;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
}
And here is the nginx-passbolt.conf from sites-enable
server {
# Managed by Passbolt
server_name passbolt.mydomain.com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
# Managed by Passbolt
# include __PASSBOLT_SSL__
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/passbolt.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/passbolt.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = passbolt.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name passbolt.mydomain.com;
return 404; # managed by Certbot
}
and what do you have for your reverse proxy config for this?
Hello, my reverse proxy config looks like this:
<VirtualHost *:80>
ServerName www.my.website.com
ServerAlias www.my.website.com
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Redirect / https://www.my.website.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.my.website.com
ServerAlias www.my.website.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
ProxyPreserveHost On
ProxyPass / https://192.168.1.135:443/
ProxyPassReverse / https://192.168.1.135:443/
</VirtualHost>
Also i highly doubt that the reverse proxy is the problem. The site worked fine 1 and half year without problems being behind reverse proxy. I think the problem is that the web server can’t load correct files.
Ok, if it worked fine for 1.5 years it could be something else. Did you update anything before this issue occurred?
I can see you updated to version 4.2.0 after this happened, but what version were you on previously?