Ok cool, I figured the one would be empty but better to check.
To get this going just HTTP for now you’ll need two changes to /etc/nginx/sites-enabled/nginx-passbolt.conf
server {
listen 80;
listen [::]:80;
and then comment out the ssl include
# Managed by Passbolt
# include /etc/passbolt/nginx-ssl.conf;
Then a restart on nginx and let me know if you still get a 502 on the IP address in the browser
It works now!
Please explain me what happened!
Keep in mind I have deleted default .
And after create default again and restart nginx, still works
listen 80;
listen [::]:80;
Is where the issue was, the top one is IPv4 and the bottom is IPv6 so yours wasn’t listening on 80 for IPv4 so when you were trying to access just the http site via the IP address that port wasn’t an option.
Once you have the domain connected to the IP address you can run the reconfigure with your certs to switch to HTTPS, you’ll need to double check to make sure the SSL include is uncommented and then in the passbolt.php file you’ll have to double check that it is set to https
domain is connected and redirect to server now as told you. So for now keep listen on 80 in conf file?
And now can I reconfigure using domain?
When you reconfigure it should switch to 443 if you are going to HTTPS but double check after running the command that it did change everywhere since you just manually modified the file
After reconfigure it change to listen on 443 for IPv4, other didn’t changed. I’m going to change them manually.
Now nginx return back to show.
How to solve this?
*I’ve configured SSL with option ‘manual’.
This is /etc/nginx/sites-enabled/nginx-passbolt.conf now :
#
# Passbolt.conf - Nginx configuration file to run the Passbolt software.
#
server {
# listen 443 ssl http2;
listen 443 ssl http2;
listen [::]:80;
# Managed by Passbolt
server_name passbolt.cloudvests.com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
# Managed by Passbolt
include /etc/passbolt/nginx-ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
}
And there is no passbolt.php .
Tried with SSL reconfigured, then changed /etc/nginx/sites-enabled/nginx-passbolt.conf again to listen 80; instead of listen 443 ssl http2; then it worked but without https.
Then when write the domain in browser with https://, it shows this page:
What is happening here? When passbolt should be runing with https? Isn’t at first?
And until now there is no passbolt.php. Should I create it?
Passbolt still run if nginx-passbolt.conf listen on 80, not on 443, and run with https after finish installation and install recovery kit, then when try to run as http, the screen become blank (maybe recovery behavior). But until now I cannot force SSL, so when try to force it, I get “The page isn’t redirecting properly” error. Finally, when try to make nginx listen on 443 only, I get 502 bad gateway error.
This is /var/log/nginx/passbolt-access.log :
192.168.1.8 - - [20/Mar/2024:08:55:02 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:02 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
192.168.1.8 - - [20/Mar/2024:08:55:03 +0000] "GET /auth/login?redirect=%2F&locale=en-UK HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
All other log files have not new logs.
Apologies for the delay I was away for a few days there.
You shouldn’t need to manually create the passbolt.php file. You should complete the installation wizard with everything configured for just HTTP, once done you can then use the reconfigure to switch over to HTTPS. Typically you’d be able to do this in HTTPS the first time through but since there have been a few runs of the reconfigure command and manual modifications doing it in HTTP to start will likely be easiest here
Thank you now passbolt is running successfully. I knew that my administrator configured domain to point to the server on port 80; then we had a redirecting loop. Now after change the port to 443, it redirecting successfully!
Now I’m trying to update to the new version. But I don’t know where I can find the mysql dump file that created by the recommended script.
If you mean the script mentioned in this blog post that should be in /tmp/ unless you’ve modified the script
I meant that from here:
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" WEB_SERVER_USER
Then when run it the output was:
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt mysql_export" www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Saving backup file: /var/lib/passbolt/tmp/cache/database/backup_1710939357.sql
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysqldump: Error: 'Access denied; you need (at least one of) the PROCESS privilege(s) for this operation' when trying to dump tablespaces
Success: the database was saved on file! ```Based on the output that is where you should be able to find it
Thank you so much !! I sometimes feel myself dumb 