yum update for CentOS 7 said a new version of Passbolt (4.1.0-1) was available and I accepted the update. After the update, I am receiving the error when I passbolt with multiple browsers:

passbolt.domain.com redirected you too many times.

• Try clearing your cookies.
  ERR_TOO_MANY_REDIRECTS

I cleared the browser, and went through the update instructions are: Passbolt Help | Update passbolt on CentOS
and did a “cake cache clear_all”, but it didn’t help.

cake passbolt healthcheck outputs the following 2 errors, and everything else passes:
[FAIL] No default content found
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl

Any help is greatly appreciated… Thanks.
-Akak

Hi @akak01000101 ,

this could be due to the fullBaseUrl missing in /etc/passbolt/passbolt.php.

In this file, you will find at the top:

'App' => [
        // A base URL to use for absolute links.
        // The url where the passbolt instance will be reachable to your end users.
        // This information is need to render images in emails for example
       'fullBaseUrl' => 'https://passbolt.domain.com',
    ],

Make sure that your domain passbolt.domain.com is defined there, including https if you are using https.

Let us know if this was already defined, or not, and if not if the change fixes your issue.

Yep. That is there and the /etc/passbolt/passbolt.php file hasn’t been touched since I installed passbolt back in May.

I saw that a new version of php was released (8.1.21-1.el7.remi) for CentOS 7, so I updated php, wondering if there were any dependencies in the updated passbolt needed. But there was no change. Same issue exists.

-akak

If you updated php probably you will need to change the php socket path on your passbolt nginx configuration to point to the new location. This usually mean version bumping from 7.x to 8.x

I have had the same issue on Ubuntu 22.04 LTS.

The correct fullbaseurl was defined in passbolt.php.

I had to restore a backup to get the system to a working state again.

Agreed with @diego
Do a php -v in command line
if you bump from v7 to v8
better to have a look inside /etc/nginx/sites-enabled/nginx-passbolt.conf
and look for the fastcgi_pass that must target the new version of php
like for v8.2:

fastcgi_pass             unix:/run/php/php8.2-fpm.sock;

PHP 8.1.21 is installed, and can’t find anything specific to php8.1 for fpm or fpm.sock on the system.

# ls -l /etc/nginx/conf.d/
-rw-r–r–. 1 root root 897 Apr 2 21:12 passbolt.conf
-rw-r–r–. 1 root root 136 Apr 2 20:50 php-fpm.conf

/etc/nginx/conf.d/passbolt.conf: fastcgi_pass php-fpm;

There is no php8.2-fpm.sock or similar anywhere on the system

# cat /etc/nginx/conf.d/php-fpm.conf

upstream php-fpm {
server unix:/run/php-fpm/www.sock;
}

# ls -ld /run/php*
drwxr-xr-x. 2 root root 80 Jul 5 15:40 /run/php-fpm

# ls -l /run/php-fpm/
-rw-r–r–. 1 root root 5 Jul 5 15:40 php-fpm.pid
srw-rw----. 1 nginx nginx 0 Jul 5 15:40 www.sock

So i updated again and tried to look up for your hints.

Seems alright to me.

Edit:

PHP has not been updated:

The following packages have been kept back:
initramfs-tools initramfs-tools-bin initramfs-tools-core
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-stream-geoip2 nginx nginx-common nginx-core
The following packages will be upgraded:
passbolt-ce-server ubuntu-server-minimal

I saw there was another update 4.1.1-1 to passbolt-ce-server. Did a yum update and still the same error. I ran the health check and got the following results:

[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings

/etc/passbolt/passbolt.php domain is good. The domain nor the file has been changed since I set it up back in May. The only thing changed was a yum update on passbolt, got the error, then yum update php to version 8, still got the error.
Network settings are good, nothing changed with that.

When I goto: https://passbolt.[mydomain].com/healthcheck/status
I get the same error:

This page isn’t working
passbolt.[mydomain].com redirected you too many times.
Try clearing your cookies

ERR_TOO_MANY_REDIRECTS

Also tried clearing the cookies and multiple browsers. Still the same error.

At this point it has been 10 days and I don’t have my passwords. I’m tempted to just do a yum remove/install, run through the configuration process and hope I can still connect to the database to get my passwords.

Thoughts?

Can you ran the sudo /usr/local/bin/passbolt-configure script again ?

Say no to database questions but fill the ones regarding domain name and SSL part. If I am not wrong, this script will reconfigure nginx config files.

Can you post also nginx configuration files ? In /etc/nginx/conf.d folder if I am not wrong.

Best,

I renewed & replaced my cert and still same error. I ran the configure script again. I restarted nginx, and I’m not getting the error, but getting the “Welcome to CentOS” page from /usr/share/doc/HTML/index.html

Here is my /etc/nginx/conf.d/passbolt.conf file:

server {
listen [::]:443;
listen 443;
server_name passbolt.[mydomain].com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /usr/share/php/passbolt/webroot;
index index.php;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

Getting closer…?

There is some progress

You should have somewhere in /etc/nginx folder a default.conf file or maybe a section in /etc/nginx/nginx.conf where the nginx default page is defined.

You should comment this section or move or delete the default.conf file if it exists, then sudo systemctl restart nginx to apply changes.

Some nginx tips:

nginx -t will check if configuration files are correct.

nginx -T (with an uppercase T) will display the current applied nginx configuration.

Hope this helps

Best regards,

I commented out the section (see below) from the nginx.conf file. Restarted nginx and now it cannot connect. Its acting like webserver isn’t running.

nginx 16302 16301 1 15:01 ? 00:00:44 php-fpm: pool www
nginx 16303 16301 1 15:01 ? 00:00:44 php-fpm: pool www
nginx 16635 16301 1 15:05 ? 00:00:25 php-fpm: pool www
root 17682 1 0 15:38 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 17683 17682 0 15:38 ? 00:00:00 nginx: worker process
nginx 17684 17682 0 15:38 ? 00:00:00 nginx: worker process

Here is the output from nginx -T:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

#configuration file /etc/nginx/nginx.conf:
#For more information on configuration, see:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

#Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 4096;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

#Load modular configuration files from the /etc/nginx/conf.d directory.
#See Core functionality
#for more information.
include /etc/nginx/conf.d/*.conf;

#COMMENTED OUT THE SERVER 80 SECTION, 443 SERVER SECTION WAS ALREADY COMMENTED OUT.
#server {
#listen 80;
#listen [::]:80;
#server_name _;
#root /usr/share/nginx/html;

##Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;

#error_page 404 /404.html;
#location = /404.html {
#}

#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}

#Settings for a TLS enabled server.

#server {
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
#server_name _;
#root /usr/share/nginx/html;

#ssl_certificate “/etc/pki/nginx/server.crt”;
#ssl_certificate_key “/etc/pki/nginx/private/server.key”;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 10m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;

#Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;

#error_page 404 /404.html;
#location = /40x.html {
#}

#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#}
#}

}

#configuration file /etc/nginx/mime.types:

types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml                                      mml;
text/plain                                       txt;
text/vnd.sun.j2me.app-descriptor                 jad;
text/vnd.wap.wml                                 wml;
text/x-component                                 htc;

image/png                                        png;
image/svg+xml                                    svg svgz;
image/tiff                                       tif tiff;
image/vnd.wap.wbmp                               wbmp;
image/webp                                       webp;
image/x-icon                                     ico;
image/x-jng                                      jng;
image/x-ms-bmp                                   bmp;

font/woff                                        woff;
font/woff2                                       woff2;

application/java-archive                         jar war ear;
application/json                                 json;
application/mac-binhex40                         hqx;
application/msword                               doc;
application/pdf                                  pdf;
application/postscript                           ps eps ai;
application/rtf                                  rtf;
application/vnd.apple.mpegurl                    m3u8;
application/vnd.google-earth.kml+xml             kml;
application/vnd.google-earth.kmz                 kmz;
application/vnd.ms-excel                         xls;
application/vnd.ms-fontobject                    eot;
application/vnd.ms-powerpoint                    ppt;
application/vnd.oasis.opendocument.graphics      odg;
application/vnd.oasis.opendocument.presentation  odp;
application/vnd.oasis.opendocument.spreadsheet   ods;
application/vnd.oasis.opendocument.text          odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                 pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                 xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                 docx;
application/vnd.wap.wmlc                         wmlc;
application/x-7z-compressed                      7z;
application/x-cocoa                              cco;
application/x-java-archive-diff                  jardiff;
application/x-java-jnlp-file                     jnlp;
application/x-makeself                           run;
application/x-perl                               pl pm;
application/x-pilot                              prc pdb;
application/x-rar-compressed                     rar;
application/x-redhat-package-manager             rpm;
application/x-sea                                sea;
application/x-shockwave-flash                    swf;
application/x-stuffit                            sit;
application/x-tcl                                tcl tk;
application/x-x509-ca-cert                       der pem crt;
application/x-xpinstall                          xpi;
application/xhtml+xml                            xhtml;
application/xspf+xml                             xspf;
application/zip                                  zip;

application/octet-stream                         bin exe dll;
application/octet-stream                         deb;
application/octet-stream                         dmg;
application/octet-stream                         iso img;
application/octet-stream                         msi msp msm;

audio/midi                                       mid midi kar;
audio/mpeg                                       mp3;
audio/ogg                                        ogg;
audio/x-m4a                                      m4a;
audio/x-realaudio                                ra;

video/3gpp                                       3gpp 3gp;
video/mp2t                                       ts;
video/mp4                                        mp4;
video/mpeg                                       mpeg mpg;
video/quicktime                                  mov;
video/webm                                       webm;
video/x-flv                                      flv;
video/x-m4v                                      m4v;
video/x-mng                                      mng;
video/x-ms-asf                                   asx asf;
video/x-ms-wmv                                   wmv;
video/x-msvideo                                  avi;

}

#configuration file /etc/nginx/conf.d/passbolt.conf:
server {
listen [::]:443;
listen 443;
server_name passbolt.[mydomain].com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /usr/share/php/passbolt/webroot;
index index.php;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

#configuration file /etc/nginx/fastcgi_params:

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

#PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

#configuration file /etc/nginx/conf.d/php-fpm.conf:
#PHP-FPM FastCGI server
#network or unix domain socket configuration

upstream php-fpm {
server unix:/run/php-fpm/www.sock;
}

I see only /etc/nginx/conf.d/passbolt.conf file who is the non-http configuration file.

On rpm distro, you should have a /etc/nginx/conf.d/passbolt-ssl.conf file.

You listen on port 443 bit I don’t see any active ssl_certificate directive. The only one is commented.

If you execute the passbolt-configure script, you should have all of this correctly configured.

I don’t see in your config file the path to your SSL certificate.