Docker compose official image + docker nginx reverse proxy : blank page

Checklist
[ x ] I have read intro post: About the Installation Issues category
[ x ] I have read the tutorials, help and searched for similar issues
[ x ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ x ] I describe the steps I have taken to trouble shoot the problem

Hi, i just started the passbolt installation and try the compose method.

My actual installation is about services or application behind a reverse proxy that runs in docker engine. So i was hoping to setup a docker compose image of passbolt, and access it from WAN via the nginx reverse proxy.

I meet a lot of blank page trying to access the server and try different combinaison from BASE_URL and proxy_pass adress and i am quite shure that problem is from my nginx reverse proxy configuration.

Take a look at my docker compose file and my nginx.conf and please tell me if you have some ideas to correct my issue. Thanks

Docker compose file :

version: "3.9"
services:
  db:
    image: mariadb:10.11
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest-ce
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_BASE: /passbolt
      APP_FULL_BASE_URL: https://horlo.net/passbolt
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      DEBUG: "true"
      
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command:
      [
        "/usr/bin/wait-for.sh",
        "-t",
        "0",
        "db:3306",
        "--",
        "/docker-entrypoint.sh",
      ]
    ports:
     - 8080:80
     - 4443:443

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

Nginx reverse proxy.conf

user  nginx;
worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    keepalive_timeout  90;
    client_max_body_size 0;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

# NO HTTP    
    server {
        listen      80;
        listen [::]:80;
        server_name domain.wan;
        return 301 https://$host$request_uri;
    }

# HTTPS
    server {
        listen      443 ssl;
        listen [::]:443 ssl;
        http2 on;
        server_name domain.wan;

        ssl_certificate           /certs/fullchain.cer;
        ssl_certificate_key       /certs/clef.key;
        ssl_trusted_certificate   /certs//ca.cer;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        gzip on;
        gzip_vary on;
        gzip_min_length 1000;
        gzip_proxied any;
        gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
        gzip_disable "MSIE [1-6]\.";

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# NEW PASSWORD
        location /passbolt/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass https://hostname.lan:4443/; #443 is taken by reverse
        }     
    }
}

Hello @Horlogrium , welcome to our community

I see a mistake in your docker-compose file, indeed APP_BASE seems correct but you can’t specify it again in the APP_FULL_BASE_URL. Otherwise it will search for fullBaseUrl/appBase/appBase

Also, for /etc/nginx/sites-enabled/nginx-passbolt.conf can you try to add this block:

  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
  access_log on;
  log_not_found on;
  rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
  rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
  try_files $uri $uri/ /index.php?$args;
}

Could you share a screenshot of what you are seing after these changes when you reach the url?

Hi, thank you for your welcome

I modified my nginx.conf as :

location /passbolt/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass https://evergreen.horlo.lan:4443/; #443 is taken by reverse

            location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
                access_log on;
                log_not_found on;
                rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
                rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
                try_files $uri $uri/ /index.php?$args;
            }
        }

And the docker-compose as :

passbolt:
    image: passbolt/passbolt:latest-ce
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_BASE: /passbolt
      APP_FULL_BASE_URL: https://horlo.net
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      DEBUG: "true"

There is no big change but i have now the passbolt icon on top the browser tab.

passbolt1920×1032 14.1 KB

Oh sorry, didn’t modified the right nginx file, now it seems to be working, i’ll try the setup of my passbolt and w’ll come to you after that if everything worked.

How can i modify the docker compose file to take the changement of the nginx-sites and not making it by hands on every update ?