Hello, I have passbolt up and running with the docker instalation. Now, to avoid conflicts with other things on the server (that are not running in docker containers) I want to change the port from 80 to 9009. I have tried this command to start my docker:
When I go to a browser and type http://192.168.8.241:9009 (note that I am using http and not https) I see the recovery page, and after recovering the account I can see the login page. However, it does not login (although the password is right). After login, it sends me back to the login page. I have tried setting the APP_FULL_BASE_URL environment variable to http**s**://192.168.8.241:9009 but then I cannot even see the webpages.
Obviously, this is not a server port issue as I can see with the sudo ufw status of the host machine that port 9009 is open for both TCP and UDP.
Any idea on how to solve this? Passbolt is amazing but if I cannot change the port where it runs it will be a big issue.
Change the port of the docker-composer.yml from 80:80 to 9009:80 and set APP_FULL_BASE_URL=https://192.168.8.241:9009 in the passbolt.env file. After starting the dockers, I go to a browser and type 192.168.8.241:9009. I am redirected to https://192.168.8.241:9009/auth/login but I get a “This site can’t provide a secure connection” error.
Change the port of the docker-composer.yml from 80:80 to 9009:80 and set APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false in the passbolt.env file. When I type 192.168.8.241:9009 in a browser I am redirected to http://192.168.8.241:9009/auth/login and I can recover my account. After recovering my account I can see the login page. However, after typing in my password (triplechecked that it has no errors). I am not logged in, instead, I am redirected again to the login page. And everytime I enter my passwords, I am again redirected and never logged in.
Out of curiosity, I’ve checked the same as in point 2 but without changing the port (i.e leaving 80:80 in the passbolt.env file) and the same login loop happens.
Any idea on how to solve this port change? I don’t care if it is using or not the PASSBOLT_SSL_FORCE=false flag (we can live by using ssl).
So the issue is you are setting: PASSBOLT_SSL_FORCE=false but you set APP_FULL_BASE_URL=https://192.168.8.241
PASSBOLT_SSL_FORCE must match the schema provided in APP_FULL_BASE_URL.
For example if you set PASSBOLT_SSL_FORCE to true then your APP_FULL_BASE_URL must start with https://
Conversely if you set PASSBOLT_SSL_FORCE to false your APP_FULL_BASE_URL must start with http://
EDIT: Sorry I have read too much diagonally. I will try to reproduce your issue with the ports.
I don’t think that’s the issue, unless the passbolt.env file does not read #PASSBOLT_SSL_FORCE=false as a comment. If you look into the three things that I’ve checked you see how in 1. I use APP_FULL_BASE_URL=https://192.168.8.241:9009 with the passbolt ssl force line commented in the passbolt.env. In 2. I use APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false with port 9009 and in 3. I use APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false with port 80.
This is what I see on the docker-compose terminal if I try to login using option 3.
Maybe the problem is in the line SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.8.0.6, server: 0.0.0.0:443
Yes it is all related with the same problem, using https and non https ports.
So your fullbase url is https://yourIP:9009 which makes passbolt to redirect all your requests to port 9009 with https scheme.
This is a NON https port as you defined on the ports section port 9009 points to port 80. To make your setup work you should redirect port 9009 to 443 on the ports section like: