Can't get the login page on a new install

When I hit the page in my browser I get the following error.

passbolt.ehps.ncsu.edu refused to connect.

I have attached the output from netstat and the healthcheck below.

Any help would be appreciated.

Thanks,

Shawn

Output from netstat:

[root@ct-passbolt passbolt]# netstat -pnuta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1614/php-fpm: maste
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      537/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1532/nginx: master
tcp6       0      0 :::80                   :::*                    LISTEN      1532/nginx: master
udp     4480      0 0.0.0.0:68              0.0.0.0:*                           237/dhclient

Health Check:

---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.2.8.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [FAIL] Debug mode is on.
  [HELP] Set debug = false; in config/passbolt.php
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://domain.com
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
  [HELP] Check that the domain name is correct in config/passbolt.php
  [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 18 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The server gpg key is not the default one
 [PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
 [PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [FAIL] The private key cannot be used to sign a message
  [HELP] Make sure that the server private key is valid and that there is no passphrase.
  [HELP] Make sure you imported the private server key in the keyring of the webserver user.
  [HELP] you can try:
  [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/nginx/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" nginx
 [FAIL] The public and private keys cannot be used to encrypt and sign a message
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.1.0).
 [FAIL] Passbot is not configured to force SSL use.
  [HELP] Set passbolt.ssl.force to true in config/passbolt.php.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  10 error(s) found. Hang in there!

Hello @staylor8,

You have several issues.
Looks like your domain is not reachable through SSL ? Is nginx configured with SSL ?
You also have an issue with the gpg key you created for your passbolt instance. Did you create it with a passphrase ?

Cheers

Cedric,

Thanks for your response, I did not. owever, I just generated the cert and configured ssl.

I think the issue is that the CentOS instructions say after step 15, your passbolt installation should be working.

Mine wasn’t.

I had two things attempting to listen on port 80, the default nginx config and the passbolt config. Once I configured ssl and move the port to 443, both sites started working. It was an over site not to edit the port, but it would be good if the code snippets in the setup docs used a non-standard port.

I have attached a new copy of the healcheck and i am down to just the GPG issue.

I am apparently great at reading the instructions only after I have made the mistake. Unfortunately, yes - I used a passphrase.

Can I just create a new key and import it into nginx?

Thanks,

Shawn

Healthcheck shell
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.2.8.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://domain.com
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 18 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The server gpg key is not the default one
 [PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
 [PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [FAIL] The private key cannot be used to sign a message
  [HELP] Make sure that the server private key is valid and that there is no passphrase.
  [HELP] Make sure you imported the private server key in the keyring of the webserver user.
  [HELP] you can try:
  [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/nginx/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" nginx
 [FAIL] The public and private keys cannot be used to encrypt and sign a message
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.1.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  5 error(s) found. Hang in there!

Yes it should work.

  • Generate a new key
  • Import it to the nginx keyring
  • Update your config/passbolt.php with the new fingerprint

Cedric,

Thanks for your continued help. I’ll take a run at this later today. Would the lack of encryption cause the site to not function properly?

I have completed the following since I got the site up and runnig:

configured mail relay in config/passbolt.php
sent the queued email using cake EmailQueue.sender
setup my account on my local server
uninstalled the plugin
reinstalled the plugin

At this point, when I click Login on the page or when I click the plugin, I simply get redirected to https://domain.com/auth/login

I never get an opportunity to actually login or use the features of passbolt.

Will correcting the key resolve this, or do I still have other issues?

Thanks,

Shawn

It looks good to me.
If you generate a new gpg key ensure your are updating your config/passbolt.php.
Let us know how it goes.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.