Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
1. Provide your system information:
-
Kubernetes (Minikube)
-
Passbolt Container (Docker) without any volume mounts and an adjusted app.php for allowing self signed certificates.
āurlā => env(āEMAIL_TRANSPORT_DEFAULT_URLā, null),
ācontextā => [
āsslā => [
āverify_peerā => env(āEMAIL_TRANSPORT_VERIFY_PEERā, true),
āverify_peer_nameā => env(āEMAIL_TRANSPORT_VERIFY_NAMEā, true),
āallow_self_signedā => env(āEMAIL_TRANSPORT_ALLOW_SELF_SIGNEDā, false),
]
], -
Version 2.12.0
2. Provide a copy of your healthcheck running as the web server user
./bin/cake passbolt healthcheck
root@passbolt:/var/www/passbolt# su -s /bin/bash -c ā./bin/cake passbolt healthcheckā www-data
Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 405]
Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/persistent/myapp_cake_core_translations_cake_console_en__u_s): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 405]
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.3.14.
[PASS] PCRE compiled with unicode support.
[FAIL] The temporary directory and its content are not writable.
[HELP] Ensure the temporary directory and its content are writable by the webserver user.
[HELP] you can try:
[HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
[HELP] sudo chmod 775 $(find /var/www/passbolt/tmp/ -type d)
[HELP] sudo chmod 664 $(find /var/www/passbolt/tmp/ -type f)
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://{passbolt.domain}
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. {link removed}
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesnāt match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c āgpg --list-keys --fingerprint --home /home/www-data/.gnupgā www-data | grep -i -B 2 āSERVER_KEY_EMAILā
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. {link removed}
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c āgpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.ascā www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
Application configuration
[FAIL] Could not connect to passbolt repository to check versions. It is not possible check if your version is up to date.
[HELP] Check the network configuration to allow this script to check for updates.
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
7 error(s) found. Hang in there!
root@passbolt:/var/www/passbolt#
./bin/cake passbolt send_test_email
root@passbolt:/var/www/passbolt# ./bin/cake passbolt send_test_email -r {user email}
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Debug email shell
Email configuration
Host: {host}
Port: 25
Username: {username}
Password: *********
TLS: true
Sending email from: {from email}
Sending email to: {user email}
Trace
[220] Default Frontend {host}
EHLO localhost
[250] {host} Hello [{ip}]
[250] SIZE 37748736
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] STARTTLS
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
STARTTLS
[220] 2.0.0 SMTP server ready
EHLO localhost
[250] {host} Hello [{ip}]
[250] SIZE 37748736
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] AUTH LOGIN
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
AUTH LOGIN
[334] VXNlcm5hbWU6
[334] UGFzc3dvcmQ6
[235] 2.7.0 Authentication successful
MAIL FROM:{email}
[250] 2.1.0 Sender OK
RCPT TO:{user email}
[250] 2.1.5 Recipient OK
DATA
[354] Start mail input; end with .
From: {email}
To: {user email}
Date: Wed, 29 Jan 2020 16:34:10 +0000
Message-ID: <271d289d27b24a678671671fdef10543 @ passbolt>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.
.
[250] 2.6.0 <271d289d27b24a678671671fdef10543 @ passbolt> [InternalId=109190953567210, Hostname={host}] 1522 bytes in 0.129, 11,508 KB/sec Queued mail for delivery
QUIT
The message has been successfully sent!
root@passbolt:/var/www/passbolt#
Environment variables
APP_FULL_BASE_URL: http://{passbolt.domain}
DATASOURCES_DEFAULT_HOST: {db ip}
DATASOURCES_DEFAULT_PASSWORD: {db password}
DATASOURCES_DEFAULT_USERNAME: {db user}
DATASOURCES_DEFAULT_DATABASE: {db}
EMAIL_TRANSPORT_DEFAULT_CLASS_NAME: Smtp
EMAIL_DEFAULT_FROM: {from email}
EMAIL_TRANSPORT_DEFAULT_HOST: {smtp host}
EMAIL_TRANSPORT_DEFAULT_PORT: ā25ā
EMAIL_TRANSPORT_DEFAULT_USERNAME: ā{email user}ā
EMAIL_TRANSPORT_DEFAULT_PASSWORD: ā{email password}ā
EMAIL_TRANSPORT_DEFAULT_TLS: ā1ā
EMAIL_TRANSPORT_VERIFY_PEER: ā0ā
EMAIL_TRANSPORT_VERIFY_PEER_NAME: ā0ā
EMAIL_TRANSPORT_ALLOW_SELF_SIGNED: ā1ā
3. Describe the problem thoroughly with as much details as possible so that people can reproduce the issues.
ā What steps did you take?
- I already fixed the permission issues in the container for the temp folder, but no luck
- The cli email check is working (the test email is also received)
ā What happened?
- The email message will not be sent to the users
- No logs are written by passbolt to /var/www/passbolt/logs
ā What did you expect instead?
- Emails will be sent or an error should be shown