Checklist
[ x ] I have read intro post: About the Installation Issues category
[ x ] I have read the tutorials, help and searched for similar issues
[ x ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ x ] I describe the steps I have taken to trouble shoot the problem
Hi, i just started the passbolt installation and try the compose method.
My actual installation is about services or application behind a reverse proxy that runs in docker engine. So i was hoping to setup a docker compose image of passbolt, and access it from WAN via the nginx reverse proxy.
I meet a lot of blank page trying to access the server and try different combinaison from BASE_URL and proxy_pass adress and i am quite shure that problem is from my nginx reverse proxy configuration.
Take a look at my docker compose file and my nginx.conf and please tell me if you have some ideas to correct my issue. Thanks
Docker compose file :
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
restart: unless-stopped
depends_on:
- db
environment:
APP_BASE: /passbolt
APP_FULL_BASE_URL: https://horlo.net/passbolt
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
DEBUG: "true"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
ports:
- 8080:80
- 4443:443
volumes:
database_volume:
gpg_volume:
jwt_volume:
Nginx reverse proxy.conf
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
keepalive_timeout 90;
client_max_body_size 0;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# NO HTTP
server {
listen 80;
listen [::]:80;
server_name domain.wan;
return 301 https://$host$request_uri;
}
# HTTPS
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name domain.wan;
ssl_certificate /certs/fullchain.cer;
ssl_certificate_key /certs/clef.key;
ssl_trusted_certificate /certs//ca.cer;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# NEW PASSWORD
location /passbolt/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass https://hostname.lan:4443/; #443 is taken by reverse
}
}
}