Docker install issues

Checklist
[x ] I have read intro post: About the Installation Issues category
[x ] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hi,

I’m trying to run a proof of concept before we consider deploying Passbolt.

I’ve followed the docker install for Passbolt but without pro which may the issue. I just pulled the latest docker pull passbolt/passbolt.

I cannot hit the web page but looking at the healthcheck I have DB issues and config files seem to be missing. When trying to set up the user I get:

Exception: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘passbolt-db.users’ doesn’t exist in [/var/www/passbolt/vendor/cakephp/cakephp/src/Database/Schema/Collection.php, line 132]

When trying to install defaults:

su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt install” www-data

I get:

The GnuPG config for the server is not available or incomplete.

I copied the default config file to passbolt.php which then broke the healthcheck.

--------------HEALTHCHECK---------------
Environment

[PASS] PHP version 7.3.12.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://ec2-35-178-186-15.eu-west-2.compute.amazonaws.com
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (60) SSL certificate problem: self signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 1 tables found
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt install” www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake migrations migrate --no-lock” www-data
[HELP] See. https://www.passbolt.com/help/tech/update

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.12.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

5 error(s) found. Hang in there!

Hi Mark,

Did you set DB parameters in the config file yet? Copying is not enough… Copy in order to use config.php with your own info.

Try install after that. Repeat the Healthcheck and report back if you get stuck.

Hi,

Thanks I assumed database credentials would be populated from setting the environment variables from the docker run string.

docker run -d --name passbolt --net passbolt_network -p 443:443 -p 80:80
-e DATASOURCES_DEFAULT_HOST=172.18.0.2
-e DATASOURCES_DEFAULT_PASSWORD=password
-e DATASOURCES_DEFAULT_USERNAME=admin
-e DATASOURCES_DEFAULT_DATABASE=passbolt-db
-e APP_FULL_BASE_URL=https://ec2-3-10-206-215.eu-west-2.compute.amazonaws.com passbolt/passbolt:latest

I copied the passbolt.php.default to passbolt.php and populated the file with the DB values from the runstring above

I’m hitting a key issue on the healthcheck.

Healthcheck shell…Exception: Could not use key for signing. get_key failed in [/var/www/passbolt/src/Utility/OpenPGP/Backends/Gnupg.php, line 240]

Is there a guide on setting up keys for the free version? Or is there a working docker file for the free version rather than trying to use the pro version?

Thanks Mark

Maybe something like this will help: The public key cannot be used to encrypt and sign a message

Getting keys owned by the web server is sometimes tricky, but that’s the idea.

Hi,

Thanks for the info but what I don’t get is that the health check passes the GPG section referencing the config/passbolt.php file which doesn’t actually exist. When I create that file and put the DB details in GPG then fails. So is the healthcheck wrong and that is just a default output or is the config somewhere else and when I create the passbolt.php file with the DB details it overwrites it? Is there GPG config elsewhere I need to grab and stick passbolt.php when I create it?

I’ll dig around and see what is happening. As far as docker containers go this isn’t easy to scale at the moment in a privileged production environment.

Thanks Mark

Hi,

I reverted to the default GPG config in the passbolt.php file for testing as suggested.

I still cannot browse. Which of the following errors are relevant at this point?

Healthcheck shell…
Environment

[PASS] PHP version 7.3.12.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[FAIL] Debug mode is on.
[HELP] Set debug = false; in config/passbolt.php
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to ://ec2-3-10-206-215.eu-west-2.compute.amazonaws
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (28) Connection timed out after 30001 milliseconds

Database

[PASS] The application is able to connect to the database
[PASS] 1 tables found
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt install” www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake migrations migrate --no-lock” www-data
[HELP] See. //www.passbolt/help/tech/update

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[FAIL] Do not use the default gpg key for the server
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. https://www.passbolt/help/tech/install#toc_gpg
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config//gpg/unsecure_private.key” www-data
[PASS] There is a valid email id defined for the server key.

Application configuration

[PASS] Using latest passbolt version (2.12.0).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[WARN] Registration is open to everyone.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set passbolt.registration.public to false in config/passbolt.php.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

9 error(s) found. Hang in there!

I think it should be set to:
'fullBaseUrl' => 'https://ec2-3-10-206-215.eu-west-2.compute.amazonaws.com'

It is a critical setting. Other settings depend on this one.

Apologies any .com or https missing is to get past the posting filter. Apparently we can only post one link per thread.

@Mark That restriction was forgotten, sorry about that. I would recommend starting from scratch again. You are okay using the Community Edition and not pro, and correct that environment variables are sufficient.

Since the problems were at first with the DB and not keys, and now with the keys and not DB, I think if we’re trying to get to a live first-time use then a clean start might be the quickest way, given your objectives.

https://help.passbolt.com/hosting/install/ce/docker.html

If the DB problems arise again, don’t change the config file in the passbolt container… We have to figure out what’s going on with your DB. The instructions for either a host DB or container DB are in the link above, including discussion regarding persistence after container restart.

When the install is successful, it will seem easy.

Hi,

Thanks for your time. I’ve run a clean install on a standard micro red hat ec2 instance on AWS. I have the file showing all the commands if you have a method for me to send it to you?

I get to the step where I set up the first user. Personal details redacted.

[root@ip-172-31-44-201 ec2-user]# docker exec passbolt su -m -c “/var/www/passbolt/bin/cake passbolt register_user -u nane.surname@company.co.uk -f name -l surname -r admin” -s /bin/sh www-data

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Exception: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘passbolt-db.users’ doesn’t exist in [/var/www/passbolt/vendor/cakephp/cakephp/src/Database/Schema/Collection.php, line 132]

The healthcheck is the same as the first one in the top of this thread.

Thanks Mark

Hi,

See if this works?

Thanks Mark

-e DATASOURCES_DEFAULT_HOST=172.18.0.2

change to

-e DATASOURCES_DEFAULT_HOST=mariadb

Hi,

Still the same error unfortunately.

Thanks Mark

The DB table is being recognized. It’s ready to install. Reference the Database section in the Healthcheck results.

Hi,

I’m in catch 22 again I was trying run the database commands but failing on keys. I disable the security config as per the instructions but that doesn’t help. I’m looking into the keys on the server. I don’t have gpg keys on the server ec2 uses an open source version. I may just create some gpg keys and import them.

Thanks Mark

I ultimately did the same thing.

Remember that whatever user creates the key, it goes into that users keyring by default. If you create using root, then it’s not readable by the web server. Getting keys squared away was what I got stuck on myself, for this reason.

Passbolt error logs are pretty good so make sure to include them along the way.

Gpg is needed by passbolt, and I ended up using the gpg documentation because I was not on a fresh server, and there were other apps using other keys as well. But, the passbolt installation docs in the “install from source” section are quite helpful so don’t miss those.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.