I installed passbolt on ubuntu20.04 following installation guide.
Install finishes no error, but I cannot login with correct password.
When I try to login, it says following.
Sorry, you have not been signed in.
Something went wrong, the sign in failed with the following error:
x-gpgauth-authenticated should be set to false during stage1
root@hostname:/etc/ssl/private# sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://hostname.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 25 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (3.2.1).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
[FAIL] 2 error(s) found. Hang in there!
Also, I set following in nginx.conf and restart nginx but the same error keep displaying.
proxy_set_header x-gpgauth-authenticated false;
Do I have to set SSL to make it work correctly?
This server is internally accessed from reverse proxy server, so I don’t need SSL setting though.
@hiroki passbolt uses a bunch of custom headers to login, they are dynamic you can’t just set them manually. Check if they are allowed on your network.
To check if the headers are sent correctly you can go, on chrome, to chrome://extensions, click on “index.html” under the passbolt webextension. Then go to network tab and click on the /auth/login requests to see if the headers are sent.
x-gpgauth-authenticated -> false
x-gpgauth-login-url -> /auth/login
x-gpgauth-logout-url -> /auth/logout
x-gpgauth-progress -> stage0
x-gpgauth-pubkey-url -> /auth/verify.json
x-gpgauth-user-auth-token -> not set
x-gpgauth-verify-url -> auth/verify
x-gpgauth-verify-response -> not set
x-gpgauth-refer -> not set
x-gpgauth-version -> 1.3.0
x-gpgauth-debug - > there is no user associated with this key. No key id set.
x-gpgauth-error -> true
That is strange. Can you get in touch with us at support@passbolt.com (even if you are using CE), so that we can organize a conference call to dig into the issue?