Checklist
[Y] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[Y] I provide relevant information about my server (component names and versions, etc.)
[N] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[Y] I describe the steps on how to reproduce the issue
I have created my first admin user, and my APP_FULL_BASE_URL is “https://localhost”.
I was going to host this in-house and have it routed to my a subdomain of mine using Cloud Flare’s Zero Trust. However… because I am hosting this locally, when I submit my admin user creation, I get a message telling me to go to the following url:
https:// localhost/setup/install/
This is not possible as the host OS is Ubuntu Server and there is no web browser or GUI for that matter.
How can I access this?
I tried going to that link on another computer (but instead of “localhost” I put the IP address of that machine, to no avail.
Also, when I navigate to the host’s IP in a web browser on another machine it spits out “ERR_SSL_UNRECOGNIZED_NAME_ALERT”, (and that is using Traefik within the container. Before I setup Traefik, I was just getting a white page that had nothing in it.
The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.
It is assumed that if passbolt is running on a server the users of passbolt will be coming from other devices.
Try doing this:
Change to the default above
From a computer (not phone) set the domain and ip address of the server in your hosts file so you can resolve it in the browser.
On windows machines the hosts file often has to get dragged out of its folder before being editable, then edited, then dragged back in. It’s located at C:\Windows\System32\drivers\etc\hosts.
Linux machines have /etc/hosts.
If your server address is 192.168.1.10, the record should be:
passbolt.local 192.168.1.10
If you can access from a device in the same network as the server locally, that’s ideal so you don’t have to mess with network routing.
@garrett
So I can ping passbolt.local from the host machine, and it resolves as the correct IP (192.168.0.51), but on other machines, I (obviously) cannot ping “passbolt.local” but I can ping the IP address.
I’m not sure if I’m just missing something and I’m being stupid, or if there’s something funky going on. When I try to navigate to 192.168.0.51 (the docker host machine), I get “ERR_SSL_UNRECOGNIZED_NAME_ALERT”
In my /etc/hosts file, I have added “192.168.0.51 passbolt.local”.
Below is my docker-compose-ce.yaml file.
This is because you have not added the DNS entry on the other machine’s hosts file as I described. Once you do, you should be able to ping the domain name.
I’m assuming you mean you cannot ping from Windows and get the passbolt local address? What subnet is your Windows machine on? Same as passbolt server?
(And sorry about the mixup with the DNS listing!)
The error you were referencing…maybe it is related to the CloudFlare settings and there is a mismatch in the domain name or something?
My CloudFlare settings are working great with everything else I’m running. Yes they are all in the same subnet. My main goal here is to just broadcast Passbolt over my local network. I’ll configure the SSL and tunnel forward to my domain with a different method. I’m just trying to access Passbolt locally, which I seem to suck at lol
I need to use one of the tunnels to understand but I’m assuming since they call it zero trust that includes blocking on local as well.
Do you provide local access on your other services while using a Cloudflare tunnel?
Almost all of my networks are zero trust so that means even same subnet is blocked. I don’t use Cloudflare tunnels, but that’s the idea of zero trust. No matter where the incoming is coming from, no one gets a free pass. All traffic is verified.
Example. I have UptimeKuma running in a container as well. It’s running on 192.168.0.51:3001
I can access it locally at that IP, or I can go to kuma.mydomain.com. Both links work from any device on or off my network.
I’m basically trying to get Passbolt running the same way. Running over LAN then configure CF’s Zero Trust (pointing to internal IP:Port) to access it over my domain.