Hello,
i try to run Passbolt on our Server (Debian) with Apache.
The main Background is, that i’m not familair with nginx and i need to run two webservices on that VM and the second system is already running on apache.
Systeminformation
- Debian 12.0
- PHP 8.2.7
- PHP Modules (php -m) calendar,core,ctype,curl,date,dom,exif,FFI,fileinfo,filter,ftp,gettext,gnupg,hash,iconv,imagick,intl,json,ldap,libxml,mbstring,mysqli,mysqlnd,openssl,pcntl,pcre,PDO,pdo_mysql,Phar,posix,random,readline,Reflection,session,shomp,SimpleXML,sockets,sodium,SPL,standard,sysvmsg,sysvsem,sysvshm,tokenizer,xml,xmlreader,xmlwriter,xsl,Zend OPcache, zlib
- Zend Engine v4.2.7 with OPcahe v8.2.7
- Apache 2.4.57 (Debian)
- Loaded Apache Modules: php_module,proxy_module,proxy_fcgi_module,rewrite_module
Vhost Config
Currently Passbolt will run local for testing, later we will connect it with our domain, so there is currently no ssl certificate and the ssl certificate will always come from our domain/hoster and not from our server.
<VirtualHost *:80>
ServerAdmin etronetadmin@localhost
DocumentRoot /var/www/html/passbolt/webroot
<Directory /var/www/html/passbolt>
Options FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/passbolt_error.log
CustomLog ${APACHE_LOG_DIR}/passbolt_access.log combined
</VirtualHost>
Config passbolt.php
<?php
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SA (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or
any later version.
* For full copyright and license information, please see the
LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SA (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 2.0.0
*/
/**
* PASSBOLT CONFIGURATION FILE TEMPLATE
*
* By default passbolt tries to use the environment variables or falls
back to the default values as
* defined in default.php. You can use passbolt.default.php as a basis
to set your own configuration
* without using environment variables..
*
* 1. copy/paste passbolt.default.php to passbolt.php
* 2. set the variables in the App section
* 3. set the variables in the passbolt section
*
* To see all available options, you can refer to the default.php file,
and modify passsbolt.php accordingly.
* Do not modify default.php or you may break your upgrade process.
*
* Read more about how to install passbolt:
https://www.passbolt.com/help/tech/install
* Any issue, check out our FAQ: https://www.passbolt.com/faq
* An installation issue? Ask for help to the community:
https://community.passbolt.com/
*/
return [
/**
* DEFAULT APP CONFIGURATION
*
* All the information in this section must be provided in order for
passbolt to work
* This configuration overrides the CakePHP defaults located in
app.php
* Do not edit app.php as it may break your upgrade process
*/
'App' => [
// A base URL to use for absolute links.
// The fully qualified domain name (including protocol) to your
application’s root
// e.g. where the passbolt instance will be reachable to your
end users.
// This information is need to render images in emails for
example.
'fullBaseUrl' => 'http://192.168.20.154',
// OPTIONAL
// You can specify the base directory the app resides in.
// Useful if you are running passbolt in a subdirectory like
example.com/passbolt
// Ensure your string starts with a / and does NOT end with a /
'base' => '/passbolt'
],
// Database configuration.
'Datasources' => [
'default' => [
'host' => 'localhost',
//'port' => 'non_standard_port_number',
'username' => 'passbolt',
'password' => 'mypassword',
'database' => 'etr_pb',
],
],
// Email configuration.
'EmailTransport' => [
'default' => [
'host' => 'smtp.myprovider.com',
'port' => 465,
'username' => 'mailuser',
'password' => 'mypassword',
// Is this a secure connection? true if yes, null if no.
'tls' => true,
//'timeout' => 30,
//'client' => null,
//'url' => null,
],
],
'Email' => [
'default' => [
// Defines the default name and email of the sender of the
emails.
'from' => ['passbolt@mydomain.com' => 'Passbolt My Company'],
//'charset' => 'utf-8',
//'headerCharset' => 'utf-8',
],
],
/**
* DEFAULT PASSBOLT CONFIGURATION
*
* This is the default configuration.
* It enforces the use of ssl, and does not provide a default
OpenPGP key.
* If your objective is to try passbolt quickly for evaluation
purpose, and security is not important
* you can use the demo config example provided in the next section
below.
*/
'passbolt' => [
// GPG Configuration.
// The keyring must to be owned and accessible by the webserver
user.
// Example: www-data user on Debian
'gpg' => [
// Tell GPG where to find the keyring.
// If putenv is set to false, gnupg will use the default
path ~/.gnupg.
// For example :
// - Apache on Centos it would be in
'/usr/share/httpd/.gnupg'
// - Apache on Debian it would be in '/var/www/.gnupg'
// - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
// - etc.
//'keyring' => getenv("HOME") . DS . '.gnupg',
//
// Replace GNUPGHOME with above value even if it is set.
//'putenv' => false,
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' =>
'HERE IS MY FINGER PRINT, WHICH I DELETED FOR THIS POST',
//'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
//'private' => CONFIG . 'gpg' . DS .
'serverkey_private.asc',
],
],
],
/**
* DEMO CONFIGURATION EXAMPLE
*
* Uncomment the lines below if you want to try passbolt quickly.
* and if you are not concerned about the security of your installation.
* (Don't forget to comment the default config above).
*/
// 'debug' => true,
// 'passbolt' => [
// 'registration' => [
// 'public' => true
// ],
// 'ssl' => [
// 'force' => false,
// ],
// 'gpg' => [
// 'serverKey' => [
// 'fingerprint' =>
'2FC8945833C51946E937F9FED47B0811573EE67E',
// 'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key',
// 'private' => CONFIG . DS . 'gpg' . DS .
'unsecure_private.key',
// ],
// ],
// ]
];
Errorlog
2023-07-25 14:51:31 error:
[Cake\Routing\Exception\MissingRouteException] A route matching
"/webroot/" could not be found. in
/var/www/html/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php
on line 197
Request URL: /webroot/
Client IP: 192.168.20.130
Healthcheck Errors
[Fail] The logs directory ant its content are not writable
[Fail] Could not reach the /healthcheck/status wit the url specified in App.FullBaseurl
[Fail] SSL peer certificate does not validate
[Fail] Hostname does not match when validating certificates
[Fail] The public key fiile is not defined in /var/www/html/passbolt/config/passbolt.php or not readable
[Fail] The private key cannot be used to sign a message
[Fail] The public and private keys cannot be used to encrypt and sign a message
[Fail] The private key cannot be used to decrypt a message
[Fail] The private key cannot be used to decrypt and verify a message
[Fail] The public key cannot be used to verify a signature
[Fail] Passbolt is not configured to force SSL use
[Fail] App.fullBaseUrl is not set to HTTPS
[WARN] Host availability checking is disabled
[Fail] The .../jwt/ directory should not be writable
[Fail] A valid JWT key pair is missing
What i tried and found out:
- visiting 192.168.20.154/passbolt ends in an redirect to > 192.168.20.154/passbolt/auth/login?redirect=%2F and shows “Not Found - The requestet URL was not found on this Server at localhost Port 80”
- visiting 192.168.20.154/passbolt/webroot shows some links but also “Not found”
I think this is a rewrite problem but i don’t can figure out whats the matter.
Maybe some of you could help me 
Checklist
[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x ] I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[x ] I describe the steps on how to reproduce the issue