Create First Admin User

[Y] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[Y] I provide relevant information about my server (component names and versions, etc.)
[N] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[Y] I describe the steps on how to reproduce the issue

I have created my first admin user, and my APP_FULL_BASE_URL is “https://localhost”.

I was going to host this in-house and have it routed to my a subdomain of mine using Cloud Flare’s Zero Trust. However… because I am hosting this locally, when I submit my admin user creation, I get a message telling me to go to the following url:

https:// localhost/setup/install/

This is not possible as the host OS is Ubuntu Server and there is no web browser or GUI for that matter.

How can I access this?

I tried going to that link on another computer (but instead of “localhost” I put the IP address of that machine, to no avail.

Also, when I navigate to the host’s IP in a web browser on another machine it spits out “ERR_SSL_UNRECOGNIZED_NAME_ALERT”, (and that is using Traefik within the container. Before I setup Traefik, I was just getting a white page that had nothing in it.

This is frustrating.

Hi @krozz Welcome to the forum!

I would think using the default value in this case would have been much easier.


The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

It is assumed that if passbolt is running on a server the users of passbolt will be coming from other devices.

Try doing this:

  1. Change to the default above
  2. From a computer (not phone) set the domain and ip address of the server in your hosts file so you can resolve it in the browser.

On windows machines the hosts file often has to get dragged out of its folder before being editable, then edited, then dragged back in. It’s located at C:\Windows\System32\drivers\etc\hosts.

Linux machines have /etc/hosts.

If your server address is, the record should be:


If you can access from a device in the same network as the server locally, that’s ideal so you don’t have to mess with network routing.

Hope this helps!

So I can ping passbolt.local from the host machine, and it resolves as the correct IP (, but on other machines, I (obviously) cannot ping “passbolt.local” but I can ping the IP address.

I’m not sure if I’m just missing something and I’m being stupid, or if there’s something funky going on. When I try to navigate to (the docker host machine), I get “ERR_SSL_UNRECOGNIZED_NAME_ALERT”

In my /etc/hosts file, I have added “ passbolt.local”.
Below is my docker-compose-ce.yaml file.

version: ‘3.9’
image: mariadb:10.3
restart: unless-stopped
MYSQL_DATABASE: “passbolt”
MYSQL_USER: “passbolt”
- database_volume:/var/lib/mysql

image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
- db
APP_FULL_BASE_URL: https://passbolt.local
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command: [“/usr/bin/”, “-t”, “0”, “db:3306”, “–”, “/”]
# - 80:80
# - 443:443
#Alternatively for non-root images:
# - 80:8080
# - 443:4433
traefik.enable: “true”
traefik.http.routers.passbolt-http.entrypoints: “web”
traefik.http.routers.passbolt-http.rule: “Host(passbolt.local)”
traefik.http.routers.passbolt-http.middlewares: “SslHeader@file”
traefik.http.routers.passbolt-https.middlewares: “SslHeader@file”
traefik.http.routers.passbolt-https.entrypoints: “websecure”
traefik.http.routers.passbolt-https.rule: “Host(passbolt.local)”
traefik.http.routers.passbolt-https.tls: “true”
traefik.http.routers.passbolt-https.tls.certresolver: “letsencrypt”
image: traefik:2.6
restart: always
- 80:80
- 443:443
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared

Also, here is a snippet of the /etc/hosts


This is because you have not added the DNS entry on the other machine’s hosts file as I described. Once you do, you should be able to ping the domain name.

I have updated the host files (Windows) on my main workstation, and still having the same results.

I’m assuming you mean you cannot ping from Windows and get the passbolt local address? What subnet is your Windows machine on? Same as passbolt server?

(And sorry about the mixup with the DNS listing!)

The error you were referencing…maybe it is related to the CloudFlare settings and there is a mismatch in the domain name or something?

My CloudFlare settings are working great with everything else I’m running. Yes they are all in the same subnet. My main goal here is to just broadcast Passbolt over my local network. I’ll configure the SSL and tunnel forward to my domain with a different method. I’m just trying to access Passbolt locally, which I seem to suck at lol

I need to use one of the tunnels to understand but I’m assuming since they call it zero trust that includes blocking on local as well.

Do you provide local access on your other services while using a Cloudflare tunnel?

Almost all of my networks are zero trust so that means even same subnet is blocked. I don’t use Cloudflare tunnels, but that’s the idea of zero trust. No matter where the incoming is coming from, no one gets a free pass. All traffic is verified.

Example. I have UptimeKuma running in a container as well. It’s running on

I can access it locally at that IP, or I can go to Both links work from any device on or off my network.

I’m basically trying to get Passbolt running the same way. Running over LAN then configure CF’s Zero Trust (pointing to internal IP:Port) to access it over my domain.

So the different containers would have the same ip address? Are you running the containers using the host network instead of isolated?

Edit: I think I see what you mean. It is using port 3001 on the host but the container is not using that ip.

The passbolt install should work like the others… you aren’t accessing those locally, it’s all routed thru Cloudflare.

The error is the problem at this point I think. It’s not a passbolt error and it’s a generic error. Do you need a cert in the Cloudflare settings too?

I’m gonna make another VM and install Passbolt on there to see if the problem is other containers clashing with it.

Yes, but no. I do access my other services locally. When I’m away from home, I can access them via my domain.