I’m new to passbolt and am trying to install it on a new server.
I followed the installation guide without problem and prepared the docker-compose-ce.yaml, traefik.yaml, headers.yaml and tls.yaml files as proposed in the guide. I put the docker-compose-ce.yaml and traefik.yaml files in a /srv/passbolt directory, and the 2 headers.yaml and tls.yaml files in the /srv/passbolt/conf directory.
When I then launch the
docker-compose -f docker-compose-ce.yaml up -d
command, the 2 passbolt and database containers are properly started, but I get an error for the traefik container:
ERROR: for passbolt_traefik_1 Cannot start service traefik: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/srv/passbolt/traefik.yaml" to rootfs at "/traefik.yaml": mount /srv/passbolt/traefik.yaml:/traefik.yaml (via /proc/self/fd/6), flags: 0x5001: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
I’m confused by this error. It seems docker is trying to mount the traefik.yaml file as a directory. I don’t understand why.
Environment notes:
OS: Ubuntu 22.04.1
Docker 20.10.21
Docker-compose 1.29.2
Docker-compose-ce-yaml (version 3.9)
Passbolt image 3.8.3-1-ce
traefik image 2.6
I created a tls.yaml instead of a tls.conf as indicated in the documentation. I think it is a documentation error.
Indeed, you are right our documentation that indicate “tls.conf” is a mistake, that is “tls.yaml” who needs to be created. We will be updating this page really soon, thanks for the report.
Is it possible that after you removed any sensitive informations you give us the full content of “docker-compose-ce.yaml” ? It may be related.
Also, have you created the folder “conf” in the same tree structure?
Can you, once again check that the path inside theses files in conf/ are the good one and also their contents?
After investigating on internet for a similar issue, running this command could temporary help: sudo -E bash -c "docker-compose -f docker-compose-ce.yaml up -d"
Is it possible for you to try it?
I noticed that the owner/group of my docker-compose-ce.yaml file was not “root” so I changed that. It’s now root, but I still have the same error on launching the “docker-compose” command.
What are the rights that the yaml files should have?
I eventually decided to take advantage of the week-end to reinitialize my server and repeat the installation procedure step by step. And this time it worked! I have my 3 containers running. I still don’t understand what mistake I did in my previous installation. I seems to me that I did exactly the same procedure. Well, anyway. Containers are up and it’s good!
I also successfully added the initial admin user with the docker-compose command as explained in the documentation. So the passbolt service is working and properly connected to its database.
Remains 2 problems:
1 - I can’t access passbolt through a browser.
When I type my dedicated passbolt url in my browser, I got this error message:
*An error occurred during a connection to passbolt.atalan.net. SSL peer has no certificate for the requested DNS name.
Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT
*
Problem with SSL certificate apparently, but I don’t know what to do to solve that. Any idea of where that could come from?
2 - Second problem: The Email service apparently doesn’t work (I haven’t received any Email after the creation of the initial admin as I should have according to the documentation).
Here are the Email environment variables that I set in the docker-compose-ce.yaml file:
EMAIL_DEFAULT_FROM_NAME: “Passbolt”
EMAIL_DEFAULT_FROM: “passbolt@mydomainname.com”
EMAIL_TRANSPORT_DEFAULT_HOST: “mySmtpServerUrl”
EMAIL_TRANSPORT_DEFAULT_PORT: 465
EMAIL_TRANSPORT_DEFAULT_USERNAME: “myUsername”
EMAIL_TRANSPORT_DEFAULT_PASSWORD: “myPassword”
EMAIL_TRANSPORT_DEFAULT_TLS: “True”
The smtp server works fine with this account. I tested it. It nevertheless gives a certificate warning that I can bypass with the Email client, but maybe that may be a problem for passbolt?
So that’s it. Sorry for all these problems. Hope I will succeed eventually at having the application properly running on the server
Thank you for your help @AnatomicJC. I could easily understand the problem with the logs and fix it. The passbolt site works now!
Last problem remains the Emails that still don’t work. I changed my smtp server, checked 3 times the settings, tested them on thunderbird. It works perfectly on thunderbird, but refuses to work with passbolt.
I checked the passbolt container logs. Here is the related output:
SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS
Email 8 was not sent
Here are the related env settings in my docker-compose-ce.yaml file:
You can try to delete the env variable EMAIL_TRANSPORT_DEFAULT_TLS from the set of variables. Passbolt will fallback on the null value by default, therefore disabling TLS
I would recommend to add that point in the documentation, or at least precise how to write properly the right value for this parameter. It’s really confusing.
Maybe also point out the “ssl://” that has to be put in front of the smtp server name for the DEFAULT_HOST parameter. It took me some time to defect this error.
Thank you all once again for your help. Beautiful community. I owe you a lot.