Docker install in subdirectory

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I want to use passbolt in a subdirectory https://myhost/passbolt.

I have docker installation of passbolt/passbolt:latest-ce but I also tried passbolt/passbolt:4.2.0-1-ce.
I set docker env:

      APP_BASE: "/passbolt"
      APP_FULL_BASE_URL: "https://myhost/passbolt"

The problem I encounter is that when I try to open https://myhost/passbolt it redirects me to https://myhost/passbolt/auth/login?redirect=%2F which is a blank page.

In the log I see:

passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/ HTTP/1.1" 302 5 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/auth/login?redirect=%2F HTTP/1.1" 200 1130 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/passbolt/js/app/api-triage.js?v=4.2.0 HTTP/1.1" 404 1483 "https://myhost/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/passbolt/js/app/api-vendors.js?v=4.2.0 HTTP/1.1" 404 1483 "https://myhost/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/passbolt/js/app/stylesheet.js?v=4.2.0 HTTP/1.1" 404 1483 "https://myhost/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/passbolt/js/app/api-vendors.js?v=4.2.0 HTTP/1.1" 404 1483 "https://myhost/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"
passbolt_1  | 172.22.0.2 - - [29/Oct/2023:10:44:40 +0000] "GET /passbolt/passbolt/js/app/api-triage.js?v=4.2.0 HTTP/1.1" 404 1483 "https://myhost/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0"

The installation works fine if I use a subdomain instead of a subdirectory.

Hello @treadstone and welcome to the forum!
Have you tied removing the folder from APP_FULL_BASE_URL?

Hello @Termindiego25, thank you for your reply.
Yes, I did try to remove the folder from APP_FULL_BASE_URL but it didn’t help.
Also the documentation says that in this case APP_FULL_BASE_URL should also contain the folder.

Hello @treadstone,

Can you try to set:
APP_FULL_BASE_URL: "https://myhost" without any slash at the end?

Also, could you mount into the passbolt conf this block? that should help

  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
  access_log on;
  log_not_found on;
  rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
  rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
  try_files $uri $uri/ /index.php?$args;
}

Thanks! This helped. I can access the login page (didn’t have a chance to test the full functionality).

For anyone else having the same problem this is how to make passbolt accessible from a subdirectory (URL path prefix).

APP_BASE: "/passbolt"
APP_FULL_BASE_URL: "https://domain.com"

Edit the file /etc/nginx/sites-enabled/nginx-passbolt.conf

server {

  listen 80;
  listen [::]:80;

  # Managed by Passbolt
  server_name _;

  client_body_buffer_size     100K;
  client_header_buffer_size   1K;
  client_max_body_size        5M;

  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;

  root /usr/share/php/passbolt/webroot;
  index index.php;
  error_log /var/log/nginx/passbolt-error.log info;
  access_log /var/log/nginx/passbolt-access.log;

  # Managed by Passbolt
  include /etc/nginx/snippets/passbolt-ssl.conf;

  # This block is to make passbolt work in /passbolt subdirectory 
  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
    access_log on;
    log_not_found on;
    rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
    rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
    try_files $uri $uri/ /index.php?$args;
  }

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files                $uri =404;
    include                  fastcgi_params;
    fastcgi_pass             unix:/run/php/php8.2-fpm.sock;
    fastcgi_index            index.php;
    fastcgi_intercept_errors on;
    fastcgi_split_path_info  ^(.+\.php)(.+)$;
    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param            SERVER_NAME $http_host;
    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
  }

}

Hello,
I had the same problem, and this solution fixed it. But not entirely. For other resources than favicon.ico in the same folder (favicon_xxx.png, etc.), rewrite rules not sufficient. Is there an elegant way to address all resources ?