Change port from 80 to 9009 in docker

apalomer · November 12, 2020, 7:58am

Hello, I have passbolt up and running with the docker instalation. Now, to avoid conflicts with other things on the server (that are not running in docker containers) I want to change the port from 80 to 9009. I have tried this command to start my docker:

docker run -d --name passbolt --net passbolt_network -p 443:443 -p 9009:80 --mount source=passbolt_images_volume,target=/var/www/passbolt/webroot/img/public -e DATASOURCES_DEFAULT_HOST=mariadb -e DATASOURCES_DEFAULT_PASSWORD=plouifasol -e DATASOURCES_DEFAULT_USERNAME=passbolt_user -e DATASOURCES_DEFAULT_DATABASE=passbolt_db -e APP_FULL_BASE_URL=http://192.168.8.241:9009 -e EMAIL_DEFAULT_FROM=mail@domain.com -e EMAIL_TRANSPORT_DEFAULT_HOST=smtp.server.com -e EMAIL_TRANSPORT_DEFAULT_PORT=587 -e EMAIL_TRANSPORT_DEFAULT_TLS=true -e EMAIL_TRANSPORT_DEFAULT_USERNAME=mail@domain.com -e EMAIL_TRANSPORT_DEFAULT_PASSWORD=MY.password passbolt/passbolt:latest

When I go to a browser and type http://192.168.8.241:9009 (note that I am using http and not https) I see the recovery page, and after recovering the account I can see the login page. However, it does not login (although the password is right). After login, it sends me back to the login page. I have tried setting the APP_FULL_BASE_URL environment variable to http**s**://192.168.8.241:9009 but then I cannot even see the webpages.

Obviously, this is not a server port issue as I can see with the sudo ufw status of the host machine that port 9009 is open for both TCP and UDP.

Any idea on how to solve this? Passbolt is amazing but if I cannot change the port where it runs it will be a big issue.

Thank you!

diego · November 12, 2020, 8:11am

Hi @apalomer,

I think you are lacking the PASSBOLT_SSL_FORCE env var if you are not going to use https.

Also I would suggest that you use our docker-compose stack as it is easier to manage passbolt using docker with it (more info https://help.passbolt.com/hosting/install/ce/docker.html)

Hope this helps

EDIT: I haven’t mentioned but the PASSBOLT_SSL_FORCE should be set to false if you are not using https

apalomer · November 13, 2020, 10:33am

Ok, I’ve moved to docker compose as recommended. Here are my file when everything works on port 80.
passbolt.env

# URL
APP_FULL_BASE_URL=https://192.168.8.241

# Database settings
DATASOURCES_DEFAULT_HOST=mariadb
DATASOURCES_DEFAULT_USERNAME=myuser
DATASOURCES_DEFAULT_PASSWORD=mypassword
DATASOURCES_DEFAULT_DATABASE=mydb
DATASOURCES_DEFAULT_PORT=3306
DATASOURCES_QUOTE_IDENTIFIER=true

# SMTP
EMAIL_DEFAULT_FROM=my@mail.com
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.domain.es
EMAIL_TRANSPORT_DEFAULT_PORT=587
EMAIL_TRANSPORT_DEFAULT_TLS=true
EMAIL_TRANSPORT_DEFAULT_USERNAME=my@mail.com
EMAIL_TRANSPORT_DEFAULT_PASSWORD=mypass!

# Disable ssl
#PASSBOLT_SSL_FORCE=false

# Registration
# PASSBOLT_REGISTRATION_PUBLIC=true

docker-compose.yml

version: '3.4'
services:
  mariadb:
    image: mariadb
    env_file:
      - env/mysql.env
    volumes:
      - mariadb_passbolt_data:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest
    tty: true
    depends_on:
      - mariadb
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/var/www/passbolt/config/gpg
      - passbolt_images_volume:/var/www/passbolt/webroot/img/public
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "mariadb:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 80:80
      - 443:443

volumes:
  mariadb_passbolt_data:
  gpg_volume:
  passbolt_images_volume:

Things that I’ve tried

Change the port of the docker-composer.yml from 80:80 to 9009:80 and set APP_FULL_BASE_URL=https://192.168.8.241:9009 in the passbolt.env file. After starting the dockers, I go to a browser and type 192.168.8.241:9009. I am redirected to https://192.168.8.241:9009/auth/login but I get a “This site can’t provide a secure connection” error.
Change the port of the docker-composer.yml from 80:80 to 9009:80 and set APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false in the passbolt.env file. When I type 192.168.8.241:9009 in a browser I am redirected to http://192.168.8.241:9009/auth/login and I can recover my account. After recovering my account I can see the login page. However, after typing in my password (triplechecked that it has no errors). I am not logged in, instead, I am redirected again to the login page. And everytime I enter my passwords, I am again redirected and never logged in.
Out of curiosity, I’ve checked the same as in point 2 but without changing the port (i.e leaving 80:80 in the passbolt.env file) and the same login loop happens.

Any idea on how to solve this port change? I don’t care if it is using or not the PASSBOLT_SSL_FORCE=false flag (we can live by using ssl).

Thank you very much.

diego · November 13, 2020, 10:40am

So the issue is you are setting:
PASSBOLT_SSL_FORCE=false but you set APP_FULL_BASE_URL=https://192.168.8.241

PASSBOLT_SSL_FORCE must match the schema provided in APP_FULL_BASE_URL.

For example if you set PASSBOLT_SSL_FORCE to true then your APP_FULL_BASE_URL must start with https://
Conversely if you set PASSBOLT_SSL_FORCE to false your APP_FULL_BASE_URL must start with http://

EDIT: Sorry I have read too much diagonally. I will try to reproduce your issue with the ports.

apalomer · November 13, 2020, 10:49am

I don’t think that’s the issue, unless the passbolt.env file does not read #PASSBOLT_SSL_FORCE=false as a comment. If you look into the three things that I’ve checked you see how in 1. I use APP_FULL_BASE_URL=https://192.168.8.241:9009 with the passbolt ssl force line commented in the passbolt.env. In 2. I use APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false with port 9009 and in 3. I use APP_FULL_BASE_URL=http://192.168.8.241:9009 and PASSBOLT_SSL_FORCE=false with port 80.

This is what I see on the docker-compose terminal if I try to login using option 3.

passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:31 +0000 "GET /index.php" 200
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:31 +0000] "GET /users/recover HTTP/1.1" 200 2183 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 2020-11-13 10:46:31,869 INFO reaped unknown pid 246
passbolt_1  | 2020-11-13 10:46:31,873 INFO reaped unknown pid 248
passbolt_1  | 2020-11-13 10:46:31,881 INFO reaped unknown pid 251
passbolt_1  | 2020-11-13 10:46:31,884 INFO reaped unknown pid 253
passbolt_1  | 2020-11-13 10:46:31,888 INFO reaped unknown pid 255
passbolt_1  | 2020-11-13 10:46:31,891 INFO reaped unknown pid 257
passbolt_1  | 2020-11-13 10:46:31,896 INFO reaped unknown pid 259
passbolt_1  | 2020-11-13 10:46:31,938 INFO reaped unknown pid 262
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:31 +0000] "POST /auth/login.json?api-version=v1 HTTP/1.1" 200 298 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:31 +0000 "POST /index.php" 200
passbolt_1  | 2020-11-13 10:46:32,118 INFO reaped unknown pid 265
passbolt_1  | 2020-11-13 10:46:32,121 INFO reaped unknown pid 267
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "POST /auth/login.json?api-version=v1 HTTP/1.1" 200 3813 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "POST /index.php" 200
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "GET /account/settings.json?api-version=v2 HTTP/1.1" 403 321 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "GET /index.php" 403
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "GET / HTTP/1.1" 302 5 "http://192.168.8.241/auth/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "GET /index.php" 302
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "GET /index.php" 200
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "GET /auth/login HTTP/1.1" 200 2298 "http://192.168.8.241/auth/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 2020-11-13 10:46:32,550 INFO reaped unknown pid 270
passbolt_1  | 2020-11-13 10:46:32,553 INFO reaped unknown pid 272
passbolt_1  | 2020-11-13 10:46:32,569 INFO reaped unknown pid 275
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "POST /auth/verify.json?api-version=v1 HTTP/1.1" 200 299 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "POST /index.php" 200
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:32 +0000] "GET /settings.json?api-version=v2 HTTP/1.1" 200 501 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:32 +0000 "GET /index.php" 200
passbolt_1  | 127.0.0.1 -  13/Nov/2020:10:46:58 +0000 "GET /index.php" 403
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:10:46:58 +0000] "GET /auth/is-authenticated.json HTTP/1.1" 403 312 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"

Any other idea on what can I do?

diego · November 13, 2020, 10:55am

So here is my setup:

APP_FULL_BASE_URL=http://passbolt.local:9000
PASSBOLT_SSL_FORCE=false
DATASOURCES_DEFAULT_HOST=db
DATASOURCES_DEFAULT_USERNAME=passbolt
DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
DATASOURCES_DEFAULT_DATABASE=passbolt
DATASOURCES_DEFAULT_PORT=3306
PASSBOLT_REGISTRATION_PUBLIC=true
PASSBOLT_KEY_LENGTH=4096
PASSBOLT_SUBKEY_LENGTH=4096

Here my docker-compose.yaml

version: '3.4'
services:
  db:
    image: mariadb:10.3
    env_file:
      - env/mysql.env
    volumes:
      - database_volume:/var/lib/mysql
    ports:
      - "127.0.0.1:3306:3306"

  passbolt:
    image: passbolt/passbolt:latest
    tty: true
    depends_on:
      - db
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/var/www/passbolt/config/gpg
      - images_volume:/var/www/passbolt/webroot/img/public
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 9000:80

volumes:
  database_volume:
  gpg_volume:
  images_volume:

It works without any issues I can log in http://passbolt.local:9000

apalomer · November 13, 2020, 11:04am

Just in case it is of any help. I am trying now with the following configuration:

passbolt.env

# URL
APP_FULL_BASE_URL=https://192.168.8.241:9009

# Database settings
DATASOURCES_DEFAULT_HOST=mariadb
DATASOURCES_DEFAULT_USERNAME=user
DATASOURCES_DEFAULT_PASSWORD=pass
DATASOURCES_DEFAULT_DATABASE=db
DATASOURCES_DEFAULT_PORT=3306
DATASOURCES_QUOTE_IDENTIFIER=true

# SMTP
EMAIL_DEFAULT_FROM=my@domain.com
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.domain.es
EMAIL_TRANSPORT_DEFAULT_PORT=587
EMAIL_TRANSPORT_DEFAULT_TLS=true
EMAIL_TRANSPORT_DEFAULT_USERNAME=my@domain.com
EMAIL_TRANSPORT_DEFAULT_PASSWORD=mypass

docker-compose.yml

version: '3.4'
services:
  mariadb:
    image: mariadb
    env_file:
      - env/mysql.env
    volumes:
      - mariadb_passbolt_data:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest
    tty: true
    depends_on:
      - mariadb
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/var/www/passbolt/config/gpg
      - passbolt_images_volume:/var/www/passbolt/webroot/img/public
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "mariadb:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 9009:80
      - 443:443

volumes:
  mariadb_passbolt_data:
  gpg_volume:
  passbolt_images_volume:

On the docker terminal I see the following when I go to a browser (just to make sure, the browser is not running on the server) and type 192.168.8.241

passbolt_1  | 10.8.0.6 - - [13/Nov/2020:11:01:40 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36"
passbolt_1  | 127.0.0.1 -  13/Nov/2020:11:01:40 +0000 "GET /index.php" 302
passbolt_1  | 2020/11/13 11:01:40 [info] 159#159: *24 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.8.0.6, server: 0.0.0.0:443
passbolt_1  | 2020/11/13 11:01:40 [info] 159#159: *25 client sent invalid method while reading client request line, client: 10.8.0.6, server: , request: "��q��W�j�Chc@�-�x��L���6��ޟP�� 0��^����bG�4傣N�.ĽG.{������ **�+�/�,�0̨̩����/5�"
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:11:01:40 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xDA\x11q\x80\x8E\x02W\xB7j\x94Chc@\x9A-\x98x\xB3\xE4L\xC0\xE2\xD46\xAE\xFD\xDE\x9FP\x9C\x9F 0\xF0\xE0^\xF0\xF6\xB1\x9EbG\xBF4\xE5\x82\xA3N\x93.\xC4\xBDG.\x18\x16\x06{\xF9\xB7\x85\xA5\xFF\xD4\x00 **\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93" 400 166 "-" "-"
passbolt_1  | 2020/11/13 11:01:40 [info] 159#159: *26 client sent invalid method while reading client request line, client: 10.8.0.6, server: , request: "�"
passbolt_1  | 10.8.0.6 - - [13/Nov/2020:11:01:40 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03" 400 166 "-" "-"
passbolt_1  | 2020/11/13 11:01:45 [info] 159#159: *18 client timed out (110: Connection timed out) while waiting for request, client: 10.8.0.6, server: 0.0.0.0:80

Maybe the problem is in the line SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.8.0.6, server: 0.0.0.0:443

diego · November 13, 2020, 11:16am

Yes it is all related with the same problem, using https and non https ports.

So your fullbase url is https://yourIP:9009 which makes passbolt to redirect all your requests to port 9009 with https scheme.

This is a NON https port as you defined on the ports section port 9009 points to port 80. To make your setup work you should redirect port 9009 to 443 on the ports section like:

ports:
  - 9009:443

apalomer · November 13, 2020, 11:37am

I now see that the problem was merging to many things (80 and http with 443 and https…).

My final and working configurations are:

passbolt.env

# URL
APP_FULL_BASE_URL=https://192.168.8.241:9009

# Database settings
DATASOURCES_DEFAULT_HOST=mariadb
DATASOURCES_DEFAULT_USERNAME=usr
DATASOURCES_DEFAULT_PASSWORD=pass
DATASOURCES_DEFAULT_DATABASE=db
DATASOURCES_DEFAULT_PORT=3306
DATASOURCES_QUOTE_IDENTIFIER=true

# SMTP
EMAIL_DEFAULT_FROM=my@domain.es
EMAIL_TRANSPORT_DEFAULT_HOST=smtp.domain.es
EMAIL_TRANSPORT_DEFAULT_PORT=587
EMAIL_TRANSPORT_DEFAULT_TLS=true
EMAIL_TRANSPORT_DEFAULT_USERNAME=my@domain.es
EMAIL_TRANSPORT_DEFAULT_PASSWORD=password

docker-compose.yml

version: '3.4'
services:
  mariadb:
    image: mariadb
    env_file:
      - env/mysql.env
    volumes:
      - mariadb_passbolt_data:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest
    tty: true
    depends_on:
      - mariadb
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/var/www/passbolt/config/gpg
      - passbolt_images_volume:/var/www/passbolt/webroot/img/public
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "mariadb:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 9009:443

volumes:
  mariadb_passbolt_data:
  gpg_volume:
  passbolt_images_volume:

this configuration only allows SSL connections and uses port 9009. Therefore I have to connect to https://192.168.8.241:9009 to access passbolt.

Thank you very much again Diego!

system · November 18, 2020, 11:37am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.