Debian 11 clean install v3.5.0 but stuck on new user window

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hi,
I install fresh server with Debian 11, then install iptables, sudo. Next go with this tutorial: Passbolt Help | Install Passbolt CE on Debian 11 (Bullseye)

step by step install passbolt ver. 3.5.0

php -version
PHP 7.4.28 (cli) (built: Feb 17 2022 16:17:19) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.28, Copyright (c), by Zend Technologies

Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 247
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11

nginx version: nginx/1.18.0


I searched this forum but i can’t find any solution to my problem :confused:

check log looks fine:

sudo -H -u www-data bash -c “/usr/share/php/passbolt/bin/cake passbolt healthcheck”

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.4.28.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://<my.domain>
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (3.5.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

[PASS] No error found. Nice one sparky!


When I finish step 7 (Installation) I see:
Some binary things are happening
Installing
Checking status
circle

and now this status is from 1 hour :frowning:

logs:

/var/log/nginx/passbolt-error.log
2022/03/25 04:10:31 [error] 30505#30505: 1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: , server: <my.domain>, request: “GET /install/installation/do_install.json HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.4-fpm.sock”, host: “<name_my_host>”, referrer: "https://<my.domain>/install/installation

/var/log/passbolt/error.log
2022-03-25 03:07:50 Warning: Warning (2): file_get_contents(/etc/passbolt/gpg/serverkey.asc): failed to open stream: No such file or directory in [/usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 457]
2022-03-25 03:07:50 Warning: Warning (2): file_get_contents(/etc/passbolt/gpg/serverkey_private.asc): failed to open stream: No such file or directory in [/usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 459]
2022-03-25 03:11:34 Warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/Passbolt/WebInstaller/src/Utility/WebInstaller.php, line 290]
2022-03-25 03:11:34 Warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/Passbolt/WebInstaller/src/Utility/WebInstaller.php, line 290]
2022-03-25 03:11:34 Warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/Passbolt/WebInstaller/src/Utility/WebInstaller.php, line 290]
2022-03-25 03:11:34 Warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/Passbolt/WebInstaller/src/Utility/WebInstaller.php, line 290]
2022-03-25 03:11:34 Warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/Passbolt/WebInstaller/src/Utility/WebInstaller.php, line 290]

When I refresh page - I saw “new user” window and I can’t login as admin :frowning:

need help…

p.s.

I run:
chown -R root:www-data /etc/passbolt
and even chmod -R 0777 /etc/passbolt (and others directories)

I installed passbolt 6-times and always get the same result…

EDIT:
server is on Hyper-V, 1vCPU, 2 GB RAM, 60 GB HDD, IP Public (I have snaphots: after install Debian and after “apt install passbolt”)

Hi @Mariusz :wave:

These errors are expected while setup passbolt for the first time.

But this is not supposed to be so long :slight_smile:

If you press F12 to display developer tools and go to the network and console tabs, do you see any error ? As an example on my browser console is empty and network got only 200 HTTP return codes:

You said you installed iptables, did you add some rules ? What is the result of the iptables-save command ?

Do you have any error logs on /var/log/php7.4-fpm.log ?

Cheers,

I forgot one thing, there is no need to do that:

Files rights and ownership are correctly set by Debian package. chmod 0777 is the path to the Dark side, the worst thing you can do on a server and never should be ran. Never.

On which other folders did you ran chmod 0777 ?

Hi _jc !

first - log php:
[24-Mar-2022 23:37:43] NOTICE: fpm is running, pid 20845
[24-Mar-2022 23:37:43] NOTICE: ready to handle connections
[24-Mar-2022 23:37:43] NOTICE: systemd monitor interval set to 10000ms

iptables -vnL:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

(iptables-save - empty response)

After F12:

P.S.
I changed the file permissions just before the snapshot recovery to make sure these permissions did not cause any problems. I would never leave that state (all 777)…

Thanks for the details, so there is no active iptables rules and all is open.

There is a 504 gateway timeout in your screenshot, do you have any proxy between your computer and passbolt server ?
Usually, your will find the reason of the 504 in passbolt nginx error log, but if you are using a proxy, you should find the log explaining the 504 in the proxy logs.

Cheers,

Thank you for the quick reply!
I don’t use a proxy. The server that hosts the Debian virtual machine is in my home. It looks something like this:

VM - Server (with hyper-v) - ISP modem (each VM gets a public IP)

my laptop - my router - ISP modem (router gets public IP, my computer gets internal (non-routable) IP address)

I redirected my domain to the public address of the virtual machine and I have no problems connecting to it.

I can try to connect from another place and see what the effect will be.

And how to check where is the file that has an error in the 1st line, 1st column (my screenshot from the previous post)? Maybe there is a problem here?

I add 2 logs from nginx:

passbolt-error.log
2022/03/25 00:09:48 [info] 21962#21962: *89 client <<my.ip>> closed keepalive connection
2022/03/25 08:40:58 [error] 21962#21962: *122 upstream timed out (110: Connection timed out) while reading response header from upstream, client: <<my.ip>>, server: pass.<>.eu, request: “GET /instal
l/installation/do_install.json HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.4-fpm.sock”, host: “pass.<>.eu”, referrer: “https://pass.<>.eu/install/installation”

passbolt-acces.log
<<my.ip>> - - [25/Mar/2022:00:09:42 +0100] “GET / HTTP/1.1” 302 5 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:09:42 +0100] “GET /install HTTP/1.1” 200 1640 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:09:44 +0100] “GET /install/system_check HTTP/1.1” 200 2411 “https://pass.<>.eu/install” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”<<my.ip>> - - [25/Mar/2022:00:09:48 +0100] “GET /install/database HTTP/1.1” 200 2440 “https://pass.<>.eu/install/system_check” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:09:48 +0100] “GET /js/vendors/chosen.jquery.js HTTP/1.1” 200 47436 “https://pass.<>.eu/install/database” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:10 +0100] “POST /install/database HTTP/1.1” 302 5 “https://pass.<>.eu/install/database” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:10 +0100] “GET /install/gpg_key HTTP/1.1” 200 2418 “https://pass.<>.eu/install/database” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:21 +0100] “POST /install/gpg_key HTTP/1.1” 302 5 “https://pass.<>.eu/install/gpg_key” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:21 +0100] “GET /install/email HTTP/1.1” 200 2529 “https://pass.<>.eu/install/gpg_key” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:37 +0100] “POST /install/email HTTP/1.1” 302 5 “https://pass.<>.eu/install/email” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:00:10:37 +0100] “GET /install/options HTTP/1.1” 200 2423 “https://pass.<>.eu/install/email” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:08:34:24 +0100] “GET / HTTP/1.1” 302 5 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:08:34:24 +0100] “GET /install HTTP/1.1” 200 1640 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”
<<my.ip>> - - [25/Mar/2022:08:34:48 +0100] “GET /install/system_check HTTP/1.1” 200 2411 “https://pass.<>.eu/install” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”<<my.ip>> - - [25/Mar/2022:08:34:50 +0100] “GET /install/database HTTP/1.1” 200 2442 “https://pass.<>.eu/install/system_check” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0”

nmap from different server:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-03-25 08:45 UTC
Nmap scan report for (<>)
Host is up (0.023s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap

Nmap done: 1 IP address (1 host up) scanned in 2.60 seconds

so 80 and 443 are open…

Just to confirm, <<my.ip>> is your laptop ip, correct?

Yes,
<<my.ip>> - my router ip
< domain > - my public domain in *.eu with subdomain “pass”

I have no idea how to deal with this problem. Debian 11 only has the sudo and iptables packages installed (to avoid a firewall problem). I install according to the instructions and I have no errors. The problem appears at the very end of the installation where I get the error code 504

I am still thinking to install the graphical environment and run the installer from the local machine.

@Mariusz to eliminate the router for troubleshooting, you could change your Windows hosts file to point your domain to the vm ip. You may already know but in case not, the file must be dragged out of its location, like to the desktop, to be edited. Then dragged back.

Also make sure the hosts file on the vm points the domain to 127.0.0.1.

I set up this file right after installing passbolt before adding redirection in DNS.
My router resolves the domain name well (I checked with nslookup) - DNS is set to 8.8.8.8

I was installing pastbolt without using a domain, ie only by IP address, and had the same problem.

At the moment I am finishing the installation of lxde and I will check if I can finish the installation on the local computer.

If not, I have no ideas what could be the reason …

It’s not clear to me what you mean by redirecting.

I add to C:\Windows\System32\drivers\etc\hosts

<< server.ip >> pass.domain.eu

Ok, that’s good. And the VM also needs to be able to resolve the domain in it’s host file by having it point to 127.0.0.1

Yes, in /etc/hosts this same…

i even try this:
<<public.server.ip>> pass.domain.eu

now i have this:
127.0.0.1 localhost pass.domain.eu pass

Try 127.0.0.1 pass.domain.eu pass localhost

There have been a handful of other users with the same scenario of a timeout but some never got solved. Timeouts are not expected and not normal.

With that said, the next steps would be to increase timeout settings in NGINX and PHP for the sake of troubleshooting to see if it helps.

unfortunately it didn’t work :confused:

Are you getting blocked by the router firewall - any logs there?

/var/log/nginx/passbolt-error.log
2022/03/25 13:22:01 [info] 615#615: *9 client closed connection while waiting for request, client: 127.0.0.1, server: 0.0.0.0:443
2022/03/25 13:25:08 [info] 615#615: *14 client closed connection while waiting for request, client: 127.0.0.1, server: 0.0.0.0:443
2022/03/25 13:25:32 [info] 615#615: *15 client 127.0.0.1 closed keepalive connection
2022/03/25 13:25:46 [info] 615#615: *20 client closed connection while waiting for request, client: 127.0.0.1, server: 0.0.0.0:443
2022/03/25 13:27:28 [error] 615#615: *27 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1, server: pass.domain.eu, request: “GET /install/installation/do_install.json HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.4-fpm.sock”, host: “pass.domain.eu”, referrer: “https://pass.domain.eu/install/installation”
2022/03/25 13:27:33 [info] 615#615: *27 client 127.0.0.1 closed keepalive connection

I ran this installation “from inside”, that is, I installed the graphical environment and launched firefox there.

And I have the same bugs …

In the nginx-passbolt.conf file there are some timeout settings. One is keepalive_timeout and you could try changing it to 60 and restart the NGINX service.