Can't Access Passbolt Webapp via Nginx Reverse Proxy

Installation Issues
1

Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x ] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

Hi everyone, I’m trying to make passbolt container work behind an nginx reverse proxy because I want to be able to host different webapps with different domains.
I’m trying to get passbolt out by typing mydomain.it but I can’t figure out how to set everything up correctly…
This is the docker file:


version: "3.9"
services:
  db:
    image: mariadb:10.11
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_BASE: /passbolt
      APP_FULL_BASE_URL: https://mydomain.it
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      DEBUG: "true"

    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command:
      [
        "/usr/bin/wait-for.sh",
        "-t",
        "0",
        "db:3306",
        "--",
        "/docker-entrypoint.sh",
      ]
    ports:
     - 8080:80
     - 4443:443

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

on /etc/nginx/sites-available/mydomain.it.conf


upstream passbolt {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    listen [::]:80;
    server_name mydomain.it www.mydomain.it;

    # Redirect HTTP to HTTPS
    if ($host = www.mydomain.it) {
        return 301 https://$host$request_uri;
    }
    if ($host = mydomain.it) {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name mydomain.it www.mydomain.it;

    ssl_certificate /etc/letsencrypt/live/mydomain.it/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.it/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

docker ps:


CONTAINER ID   IMAGE                                  COMMAND                  CREATED        STATUS        PORTS                                                                                                NAMES
de71d0c62e3d   passbolt/passbolt:latest-ce-non-root   "/usr/bin/wait-for.s…"   14 hours ago   Up 14 hours   4433/tcp, 8080/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:4443->443/tcp, :::4443->443/tcp  myusername_passbolt_1
93bb1456e139   mariadb:10.11                          "docker-entrypoint.s…"   14 hours ago   Up 14 hours   3306/tcp                                                                                             myusername_db_1

docker inspect de71d0c62e3d :

....something...
 "Networks": {
                "myusername_default": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "de71d0c62e3d",
                        "passbolt"
                    ],
                    "MacAddress": "11:11:11:11:00:03",
                    "NetworkID": "a5caeeaeb4ca5542aaad7c2a389dd5d9c4610d40c98e6623c86744fda2458443",
                    "EndpointID": "791e3f22af37fb4e33587a5d0498a9edef66b6eaef21693d99d84b51d84613eb",
                    "Gateway": "172.19.0.1",
                    "IPAddress": "172.19.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "DriverOpts": null,
                    "DNSNames": [
                        "myusername_passbolt_1",
                        "de71d0c62e3d",
                        "passbolt"
                    ]
                }
.....something...

I’ve made numerous attempts reading from various forums, don’t take at face value what I wrote about the nginx configuration file, if there are other types of problems besides the wrong parameters I would be happy to receive help on that too.

Hope that someone can help me, if there is any further information needed to help me, please ask :slight_smile:

2

Hello @Michele and welcome to the forum!
You made a mistake configuring your Nginx site. In location / you must indicate your Docker instance or the IP where you can access it and declare it as a proxy. As you configured it, it expects a file called index.php in a not provided folder.

You can find an example here:

3

hi, thanks for the reply, so should I enter 172.19.0.3 in my case?

upstream passbolt {
    server 172.19.0.3;
}
....
location / {
proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        try_files $uri $uri/ /index.php?$args;
    }

if i type on web mydomain.it return 502
else if i type mydomain.it/passbolt it return 500
im sure im doing something wrong… i never did this things…

4

In proxxy_pass you should have your Passbolt upstream name (like proxy_pass http://passbolt:8080; or the IP of the instance (not sure if it’s localhost or the IP declared upstream).
Typically, if Nginx is on the same machine as Passbolt, localhost is the good one, but remember that you won’t be able to test with localhost outside of that machine and you’ll need the IP of that machine on your LAN

1 Like
5

ok I understand thx so much

1 Like