Can't get installation page, but get nginx page

Installation Issues
1

Checklist
[ * ] I have read intro post: About the Installation Issues category
[* ] I have read the tutorials, help and searched for similar issues
[* ] I provide relevant information about my server (component names and versions, etc.)
[* ] I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi there. After proceed with this tutorial step by step to install passbolt until open installation web page, then I get nginx page instead. I searched in community for people who had the same of my issue, then there are some people who had my issue with same case, most of them deleted default nginx config file then their issue been solved. But I’m getting 502 bad gateway error. And even passbolt.php does not exist so there are many errors in healthcheck related to not-complete setup and non-exist passbolt.php. I have ubuntu LTS 22.04 OS and manual configuration for SSL because I’m working in private network. I also have checked nginx-passbolt.conf but I can’t see any issue in.

This is output of healthcheck:

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell…2024-03-07 06:32:31 warning: file_get_contents(/etc/passbolt/gpg/serverkey.asc): Failed to open stream: No such file or directory
warning: 2 :: file_get_contents(/etc/passbolt/gpg/serverkey.asc): Failed to open stream: No such file or directory on line 456 of /usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php
2024-03-07 06:32:31 warning: file_get_contents(/etc/passbolt/gpg/serverkey_private.asc): Failed to open stream: No such file or directory
warning: 2 :: file_get_contents(/etc/passbolt/gpg/serverkey_private.asc): Failed to open stream: No such file or directory on line 458 of /usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php
.2024-03-07 06:32:31 error: [TypeError] strpos(): Argument #1 ($haystack) must be of type string, bool given in /usr/share/php/passbolt/src/Utility/Healthchecks.php on line 104

Passbolt | An Internal Error Has Occurred.

An Internal Error Has Occurred

An Internal Error Has Occurred.

And this is nginx-passbolt.conf:

Passbolt.conf - Nginx configuration file to run the Passbolt software.

server {

listen 443 ssl http2;
listen [::]:80;

Managed by Passbolt

server_name passbolt.cloudvests.com;

client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;

Managed by Passbolt

include /etc/passbolt/nginx-ssl.conf;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

And this is /etc/passbolt/nginx-ssl.conf:

nginx-passbolt.conf

Passbolt provided file to be included from nginx main virtual hosts file.

It allows to pull common SSL settings from a central place.

Use the nginx include directive to pull this information in.

Managed by Passbolt

listen [::]:443 ssl http2;

ssl_certificate /etc/ssl/certs/1709731019-cert.pem;
ssl_certificate_key /etc/ssl/private/1709731019-key.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions

ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128->
ssl_prefer_server_ciphers off;

Please help me to solve this issue. Please tell me if you need any info to help me. Thank you.

2

Hey @OmarAsi welcome to the forum!

After you deleted the default nginx config did you restart nginx?

3

Yes, of course. Tried restart, reload, and stop and start.

4

Alright with that in mind two additional places to check are:

  • /var/log/nginx/error.log
  • /var/log/nginx/passbolt-error.log

Also since it is a 502 might be worth trying a restart on php8.1-fpm

5

Now I’m working on a new server, and still wait my administrator to point our domain to new server IP address so its is in a private network, then I’m testing by using the private IP address that also known in /etc/hosts. So after delete default nginx conf file, then reload nginx and restart php8.1-fpm, still get connection refused without nginx page shows (again I’m now testing on private network).

When point to my private IP address without “https://”, I’m getting in /var/log/nginx/error.log :

2024/03/07 08:16:27 [notice] 73747#73747: signal process started

and nothing in /var/log/nginx/passbolt-error.log

But when using “https://” before IP, I got nothing in /var/log/nginx/error.log, but got this in /var/log/nginx/passbolt-error.log:

2024/03/07 08:20:51 [info] 73748#73748: *24 SSL_do_handshake() failed (SSL: error:0A000412:SSL routines::sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 192.168.1.19, server: 0.0.0.0:443

That because I’m in private network and my domain does not point to server.

I think passbolt installation page should work even when using IP address instead domain, is that right?

6

And for missed passbolt.php file, when exactly should be generated? Why does not exist?

7

Ok that clarifies a bit.

For the passbolt.php file that is generated after you go through the install process on the web UI which is where you are stuck now. This is also why the healthcheck doesn’t work

Passbolt is very strict with the full base URL and how you access the site, so if you are using the domain name in configuration and then trying to directly access via IP address that will be why you’d get a blank page and nothing else.

My recommendation would be either start over and use the IP address for the initial configuration and access it that way or wait until the domain is pointing to the server. You can always change from IP to domain once that is ready, it’ll just make everyone log in again but it sounds like that would mostly just be you for now as you are doing the initial set up

8

I’ve started configuration again with:

sudo dpkg-reconfigure passbolt-ce-server

then jump to SSL conf so chose manual because I’m in a private network, then reload nginx and restart php8.1-fpm. Then pointed to IP address but every thing still as is (got nothing because default nginx conf file still deleted). Then opened passbolt-nginx.conf and found server_name still the domain. Should I change it to the private IP and test again?

9

Yea change it there to the IP as well

10

Changed server_name to server private IP then reloaded and restarted nginx and php8.1-fpm then still have same result (connection refused) and still have this in /var/log/nginx/error.log :

2024/03/07 09:17:36 [notice] 75291#75291: signal process started

11

If possible you might want to restore a snapshot to before you installed/starting over with a new vm and then install with the IP instead of doing the reconfigure at this stage. Is that something you can try?

12

Now domain with https is pointing to server IP, I have tried again with default nginx conf file exist, then nginx page shows again, and when delete it, it shows 502 bad gateway error (in two cases restarted and reloaded nginx and php8.1-fpm). But no errors in log files. Please help!

13

I think no need to start again with a new VM and take more time and FYI this is 3rd VM I’m trying to install passbolt on.

14

Alright, generally it is better to be testing with a fresh one instead of running reconfigure at this stage.

I’d try this without HTTPS to see if you can get that started, if that works it would narrow this down to an issue with the certs. So could you try a reconfigure using the IP address and none for https?

15

I have reconfigured again with IP and none for https, then changed server_name in nginx-passbolt.conf to private IP, then reload and restart nginx and php8.1-fpm services, so got nginx page. But when deleted default conf file, I got connection refused.

16

Could you post the full content of:

  • /etc/nginx/nginx.conf
  • /etc/nginx/sites-enabled/nginx-passbolt.conf

and the output of ls on any included directories from either of those?

I just ran through a standard install on Ubuntu 22.04 with no issue so will need to see what any differences are here. Just to confirm you are installing on a completely vanilla server, right? Like you didn’t install or configure anything else before trying to install passbolt, correct?

17

Of course my tries was on vanilla servers, and followed steps step by step using package installation instructions.

this is /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

and this is /etc/nginx/sites-enabled/nginx-passbolt.conf:

#
#  Passbolt.conf - Nginx configuration file to run the Passbolt software.
#

server {

  listen 443 ssl http2;
  listen [::]:80;

  # Managed by Passbolt
  server_name 192.168.1.33;

  client_body_buffer_size     100K;
  client_header_buffer_size   1K;
  client_max_body_size        5M;

  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;

  root /usr/share/php/passbolt/webroot;
  index index.php;
  error_log /var/log/nginx/passbolt-error.log info;
  access_log /var/log/nginx/passbolt-access.log;

  # Managed by Passbolt
  include /etc/passbolt/nginx-ssl.conf;

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files                $uri =404;
    include                  fastcgi_params;
    fastcgi_pass             unix:/run/php/php8.1-fpm.sock;
    fastcgi_index            index.php;
    fastcgi_intercept_errors on;
    fastcgi_split_path_info  ^(.+\.php)(.+)$;
    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param            SERVER_NAME $http_host;
    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
  }

}



ls /etc/nginx/
conf.d        fastcgi_params  koi-win     modules-available  nginx.conf    scgi_params      sites-enabled  uwsgi_params
fastcgi.conf  koi-utf         mime.types  modules-enabled    proxy_params  sites-available  snippets       win-utf

ls /etc/nginx/sites-enabled/
nginx-passbolt.conf

*I’ve deleted ‘default’ from /etc/nginx/sites-enabled directory

18

Sorry for format and fonts confusing

19

Thanks, two more to check based on that:

  • ls /etc/nginx/conf.d/
    • and then if there is anything in there the content would be helpful
  • cat /etc/passbolt/nginx-ssl.conf
20

/etc/nginx/conf.d/ is Empty.

The content of /etc/passbolt/nginx-ssl.conf:

#
#  nginx-passbolt.conf
#
#  Passbolt provided file to be included from nginx main virtual hosts file.
#  It allows to pull common SSL settings from a central place.
#
#  Use the nginx include directive to pull this information in.
#

  # Managed by Passbolt
  listen [::]:443 ssl http2;

  ssl_certificate /etc/ssl/certs/1709801766-cert.pem;
  ssl_certificate_key /etc/ssl/private/1709801766-key.pem;


  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

  ssl_session_tickets off;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;