Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl

Hello every one,
Here are some informations :
OS: Ubuntu 22.04
PHP: 8.1.2
nginx : 1.18.0
passbolt: 4.1.1
Actually, I have some probleme when I try to browse to the server from my navig, I couldn’t access, also it give me apache page but I’m using nginx after removing apache2 and I tried hard to know the source of the problem, but I couldn’t understand.

Also when the installation is done: it give me that link to access but it doesn’t work (https://10.******/setup/start/984345Yh74-4d1b-45ad-7284-fb47647208519/d376f444-6ed6-4dce-a42f-7505c72e)

And this the healthchek result:

sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt healthcheck” www-data

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.1.2-1ubuntu2.13.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://10.254.61.74
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /var/www/passbolt/config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (7) Failed to connect to 10.254.61.74 port 443 after 0 ms: Connection refused

Database

[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.1.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/passbolt/config/passbolt.php.

[FAIL] 3 error(s) found. Hang in there!

I’m waiting for the help.
Thank you

Hey @inas ,

Because you installed passbolt from source, can you share the content of /etc/nginx/sites-enabled/passbolt.conf ?

Also ensure that apache2 is not found after running systemctl status apache2.service so there is no conflicts between them?

thank you @antony for the quick reply,

Here is the content of /etc/nginx/sites-enabled/passbolt.conf

server {
listen [::]:80;
listen 80;

server_name 10.254.61.74;

client_body_buffer_size 100K;
client_header_buffer_size 1k;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

#ssl_certificate CERTIFICATE_PATH;
#ssl_certificate_key KEY_PATH;
#ssl_session_timeout 1d;
#ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
#ssl_session_tickets off;
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_prefer_server_ciphers off;
root /var/www/passbolt/webroot;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param 10.254.61.74 $http_host;
fastcgi_param 8.1.2 “upload_max_filesize=5M \n post_max_size=5M”;
}
}

And I verifed that apache2.service it’s not founded

$sudo systemctl status apache2.service
Unit apache2.service could not be found.

Since we know that apache2 is completely deleted could you please delete the browser cache, just in case?

Also I see something weird, so you said:

Also when the installation is done: it give me that link to access but it doesn’t work (https://10.******/setup/start/984345Yh74-4d1b-45ad-7284-fb47647208519/d376f444-6ed6-4dce-a42f-7505c72e)

But, your nginx configuration file is listening to port 80 which is HTTP and not HTTPS, have you tried http:// instead? Is your fullBaseUrl in /var/www/passbolt/config/passbolt.php https or http?

I correct the fullBaseUrl in /var/www/passbolt/config/passbolt.php to http,
I deleted the browser cache and I tried http, but it stell not working,
and that was the result of healthcheck:

Environment

[PASS] PHP version 8.1.2-1ubuntu2.13.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://10.254.61.74
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /var/www/passbolt/config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.1.1).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in /var/www/passbolt/config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/passbolt/config/passbolt.php.

[FAIL] 2 error(s) found. Hang in there!

Could you please send some screenshots in order for us to understand precisely what you see on the browser? To clarify, when you navigate to http://10.254.61.74 that’s the apache2 default page you see?
e.g.

After updating the nginx configuration file, have you done sudo systemctl restart nginx ?

Yess the default page of apache2 was disappeared, it was some apache2 directory still in my server that’s why.
But now it’s ok, I can see the nginx default page (http://10.254.61.74),

but I can’t access with (http://10.254.61.74:8081) ‘‘I changed the port from 80 to 8081 in /etc/nginx/sites-enabled/passsbolt.conf’’

And that was the result of nginx status

Actually, I didn’t work with nginx before so may be I made some mistakes in the configuration.

But the healthcheck still giving me those errors :

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://10.254.61.74
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /var/www/passbolt/config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL

Database

[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.1.1).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in /var/www/passbolt/config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/passbolt/config/passbolt.php.

[FAIL] 4 error(s) found. Hang in there!

the fullBaseUrl problem was solved, actually, I have to setup before the ssl with nginx. and that’s it.
but an other problem still appearing:

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate

ps: I generate ssl with openssl.