Connection refused issue

Hello everyone

I tried so many things to fix my issue but stil occur so i decide to ask here if someone have a solution.

Started from fresh install of Passbolt CE on Ubuntu 24.04 by following official installation guide.

After installation every works great : passbolt installed successfully, SSL certificates OK, nginx OK, reachable from other computers of my network.

After server reboot, I’m totally unable to reach Passbolt again from computers and I don’t know why. From host server, Passbolt is reachable and working well. But on others computers I can’t reach Passbolt caused by browser error “ERR_CONNECTION_REFUSED” while nothing has changed :frowning:

I tried things but without success : editing .conf files, restart nginx, status OK, firewall disabled… I’m new Linux user so I’m bit afraid to do mistakes

Can someone have any idea for this issue ?

Hello @762x51 and welcome to the forum!

If I understood things properly, you were able to use passbolt as expected and then the server rebooted and it doesn’t work anymore.

I don’t know how your passbolt and network are configured:

  • are you using a domain name
  • are you using an IP address to access your instance
  • what elements do you have on your network (the passbolt server, any proxy, reverse proxy etc?)

I’m not sure it’s the problem but at first, I would check if the IP of the server is unchanged.
If not changed, then I would try to ping the server from another machine to see if it respond.

Hi @Steph, thanks for the reply

Yes I was able to use Passbolt as expected before reboot. Web installation OK, login OK, SMTP OK, create users/passwords/groups OK. Everything was OK

  • I’m using a domain name, yes
  • I’ve made DNS redirection from passbolt.url to ip_adress and work well. Tried to modify IP adress but same issue
  • No proxys, but Fortinet firewall. I suspected this first but there are no rules to deny communication over these protocols. On Windows computer I host local website on the same protocols and works great…

I suspected duplicate IP address but it’s not.

Honestly I spent hours scratching my head about this. It may be on the nginx side, or a file permission issue. I don’t really know what to do to diagnose these parts.

Anyway thanks for help, I appreciate

Hello @762x51 and welcome to the forum!
I have a similar problem but it was using Docker not a fresh Ubuntu installation.
Could you share some logs of your web server and Passbolt to try to find some clues?
You should find them inside /var/log

1 Like

Hello @Termindiego25, thanks !

I tried to use Docker instead of fresh linux install but I gived up; I thought it was more relevant to use a Linux distribution, to have complete control over the system for debugging.

But it isnt so obvious :sweat_smile:

Logs files checked, there is nothing on nginx, passbolt or mysql, no errors found

I can’t even reach default nginx webpage now so it’s not on Passbolt side I guess.

Note that Passbolt is working great on server, it looks networks or domain issue maybe

If I understand well, you have nothing in /var/log/nginx/access.log or /var/log/nginx/error.log?

That would show that Nginx doesn’t receive at all a request from a client.

To ensure, some stuff are working, if you use another machine than your server, are you able to ping your passbolt server (using the domain name)?
The idea behind is to check if the domain name resolves correctly (using the right IP address) and if the server respond.

Then, check if there is no response from the server, the next question will be “is the IP of the resolved domain is matching the passbolt server”.

Other checks that could be done is to ensure the server has a static IP address as well. I don’t know how it is determined (like do you have a DHCP server somewhere in your network? if it’s a home network, you might have a router with a DHCP and you might need to configure it to make your server always using a static IP address).

In /var/log/nginx/access.log and /var/log/nginx/error.log are empty but :

full /var/log/nginx/passbolt-error.log

*2024/06/04 09:04:02 [info] 5408#5408: 12 client closed connection while SSL handshaking, client:, server:

*2024/06/04 09:04:30 [info] 5410#5410: 13 SSL_do_handshake() failed (SSL: error:0A000416:SSL routines::sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: client_ip_address, server:

*2024/06/04 09:04:30 [info] 5409#5409: 14 SSL_do_handshake() failed (SSL: error:0A000416:SSL routines::sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: client_ip_address, server:

*2024/06/04 09:43:36 [info] 8819#8819: 12 shutdown() failed (107: Transport endpoint is not connected) while processing HTTP/2 connection, client: server_ip_address, server:

However, I’m making progress with the diagnosis, I noticed that port 80 was blocked :

Ubuntu:~$ nc -zv 443
Connection to 443 port [tcp/https] succeeded!
Ubuntu:~$ nc -zv 80
nc: connect to port 80 (tcp) failed: Connection refused

Then I checked to connect directly on https://passbolt.mydomain > connection successfull.

Now I need to find out how to allow port 80 and make sure that http to https redirection works properly, as it does actually on server but not from clients.

I’m already happy to have found this and I feel stupid not to have checked it before.

Ok guys I’ve solved my issue, finally !

Last attempt to resolved was to add listen 80; to nginx-passbolt.conf.

I do big amount of tests and the last one works.

Redirection http > https OK

Note that if I access to passbolt with IP address I have blank page but it redirect me well to passbolt as I can see the sourcecode. Anyway I will use passbolt.mydomain to reach this.

Thanks for help