Container restarted - unable to login

Coolfeather2 · August 9, 2018, 7:34am

on the login page I get:
Could not verify server key. There was an error during authentication. Enable debug mode for more information

Different Server Key? Possible to recover?

do I need to setup a volume in /var/www/passbolt/config/gpg?

see here for more info about my deployment

gpg: directory '/home/www-data/.gnupg' created
gpg: keybox '/home/www-data/.gnupg/pubring.kbx' created
gpg: /home/www-data/.gnupg/trustdb.gpg: trustdb created
gpg: key B4B726271B6F18AF marked as ultimately trusted
gpg: directory '/home/www-data/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/www-data/.gnupg/openpgp-revocs.d/FB5FC8E038D89A0F1A9D8008B4B726271B6F18AF.rev'
gpg: key B4B726271B6F18AF: "Passbolt default user &lt;passbolt@yourdomain.com&gt;" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: key B4B726271B6F18AF: "Passbolt default user &lt;passbolt@yourdomain.com&gt;" not changed
gpg: key B4B726271B6F18AF: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1
Generating a 4096 bit RSA private key
..........................................++
.........................................................................................................++
writing new private key to '/etc/ssl/certs/certificate.key'
-----
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
      ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   
  Open source password manager for teams
---------------------------------------------------------------
 Running migration scripts.
---------------------------------------------------------------
using migration paths 
 - /var/www/passbolt/config/Migrations
using seed paths 
 - /var/www/passbolt/config/Seeds
using environment default
using adapter mysql
using database passbolt
All Done. Took 0.0054s
using migration paths 
 - /var/www/passbolt/config/Migrations
using seed paths 
 - /var/www/passbolt/config/Seeds
Writing dump file `/var/www/passbolt/config/Migrations/schema-dump-default.lock`...
Dump file `/var/www/passbolt/config/Migrations/schema-dump-default.lock` was successfully written
Enjoy! ☮
/usr/lib/python2.7/dist-packages/supervisor/options.py:298: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
2018-08-09 07:14:41,349 CRIT Supervisor running as root (no user in config file)
2018-08-09 07:14:41,360 INFO RPC interface 'supervisor' initialized
2018-08-09 07:14:41,361 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2018-08-09 07:14:41,361 INFO supervisord started with pid 64
2018-08-09 07:14:42,362 INFO spawned: 'php-fpm' with pid 67
2018-08-09 07:14:42,364 INFO spawned: 'nginx' with pid 68
2018-08-09 07:14:42,366 INFO spawned: 'cron' with pid 69
[09-Aug-2018 07:14:42] NOTICE: fpm is running, pid 67
[09-Aug-2018 07:14:42] NOTICE: ready to handle connections
2018-08-09 07:14:43,437 INFO success: php-fpm entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)
2018-08-09 07:14:43,437 INFO success: nginx entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)
2018-08-09 07:14:43,437 INFO success: cron entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)
127.0.0.1 -  09/Aug/2018:07:17:38 +0000 "GET /index.php" 302
127.0.0.1 -  09/Aug/2018:07:17:38 +0000 "GET /index.php" 200

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

diego · August 9, 2018, 7:48am

Hi!

Yes, the idea is to persist the serverkeys otherwise the container will create a new one every restart if the keys are not present.

You should be able to recover your account when the serverkey changes.

Coolfeather2 · August 9, 2018, 7:51am

Passbolt is not setup to send out emails, so the recovery link does not work

am I persisting /home/www-data/.gnupg or /var/www/passbolt/config/gpg?

diego · August 9, 2018, 7:54am

The way it works currently you should persist /var/www/passbolt/config/gpg

diego · August 9, 2018, 7:55am

There are some other configuration directories that might be interesting for you to keep in mind for persistence purposes:

Coolfeather2 · August 9, 2018, 8:02am

What is the point of these two files?

/var/www/passbolt/config/app.php
/var/www/passbolt/config/passbolt.php

I now have these mounted:

        - name: passbolt-gpg
          mountPath: /var/www/passbolt/config/gpg
          subPath: gpg
        - name: passbolt-images
          mountPath: /var/www/passbolt/webroot/img/public/images
          subPath: images

So how would I go about recovering account?

diego · August 9, 2018, 8:10am

Hi again!
app.php and passbolt.php are in the list because some people might:

don’t want to use env variables
have specific requirements not supported with env variables i.e: setup a cache server

For recovering your account you will need:

your private gpg keys (you should have had downloaded them in the account creation process)
email sending set up

system · August 14, 2018, 8:10am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.