[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl

Hi,

I’m having difficulty getting passbolt up and running, I’ve followed the guide from the medium guide.

But get stuck on step 5 - Check that everything is in order.

Can someone please help? I’ve pasted my installed versions below. I have searched but other solutions didn’t help.

Thank you

CENTOS 7
nginx-1.12.2-1.el7.x86_64
mariadb-5.5.56-2.el7.x86_64
PHP 5.4.16
1.6.9

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 5.4.16
[PASS] PCRE compiled with unicode support
[PASS] The temporary directory and its content are writable
[PASS] The public image directory and its content are writable

Config files

[PASS] The core config file is present
[PASS] The database config file is present
[PASS] The email config file is present
[PASS] The application config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Unique value set for security.cipherSeed
[PASS] Full base url is set to http://192.168.101.49:8081
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in app/Config/core.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate

Database

[PASS] Configured to use a supported database backend
[PASS] The application is able to connect to the database
[PASS] Not using a prefix for database tables
[PASS] 20 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the user the webserver is running as.
[PASS] The public key file is defined in app/config.php and readable.
[PASS] The private key file is defined in app/config.php and readable.
[PASS] The server key fingerprint matches the one defined in app/config.php.
[PASS] The server key defined in the app/Config.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.

Application configuration

[FAIL] This installation is not up to date. Currently using 1.6.9 and it should be v2.0.0-rc2.
[HELP] See. https://www.passbolt.com/help/tech/update
[FAIL] Passbot is not configured to force SSL use
[HELP] Set App.ssl.force to true in app/Config/app.php
[FAIL] App.fullBaseUrl is not set to HTTPS
[HELP] Check App.fullBaseUrl url scheme in app/Config/core.php
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

Development Tools (optional)

[PASS] Phpunit is installed
[PASS] Phpunit version is 3.7.38

6 error(s) found. Hang in there!

The failures you face in this healthcheck seem according with your setup and should not limit you for running passbolt.

Are you facing any other error?

Hi Diego,
I the passbolt page does not load. Times out after around thirty seconds and gives me an empty response error.

Could you provide logs from /var/log/nginx/error.log or access.log and from /var/www/passbolt/tmp/logs/error.log ?

Thanks for helping diego

/var/log/nginx/error.log

[root@minint-fbs3ttp csu_admin]# vi /var/log/nginx/error.log
2018/03/16 12:12:25 [emerg] 48726#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:7
2018/03/16 12:12:35 [emerg] 48740#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:7
2018/03/16 12:16:26 [emerg] 48763#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:6
2018/03/16 13:01:11 [emerg] 48861#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:6
2018/03/16 13:08:31 [error] 48951#0: *1 open() "/usr/share/nginx/html/healthcheck/status.json" failed (2: No such file or directory), client: ::1, server: _, request: "GET /healthcheck/status.json HTTP/1.0", host: "localhost"
2018/03/16 13:08:31 [error] 48953#0: *2 open() "/usr/share/nginx/html/healthcheck/status.json" failed (2: No such file or directory), client: ::1, server: _, request: "GET /healthcheck/status.json HTTP/1.0", host: "localhost"

[root@minint-fbs3ttp ~]# vi /var/log/nginx/access.log
::1 - - [16/Mar/2018:13:08:31 +0000] "GET /healthcheck/status.json HTTP/1.0" 404 3650 "-" "-" "-"
::1 - - [16/Mar/2018:13:08:31 +0000] "GET /healthcheck/status.json HTTP/1.0" 404 3650 "-" "-" "-"

I have no /tmp/ directory for the second log.

Looks like the nginx setup is not correct. Could you provide the /etc/nginx/nginx.conf file and the /etc/nginx/conf.d/default.conf ?

Really appreciate the quick replies!

I’ve literally copied the guide word for word, hopefully I didn’t miss a step!

[root@minint-fbs3ttp ~]# vi /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

/etc/nginx/conf.f/default.conf

[root@minint-fbs3ttp ~]# vi /etc/nginx/conf.d/default.conf
server {
  listen 80;
  server_name 192.168.101.49:8081;
  client_body_buffer_size     100K;
  client_header_buffer_size   1k;
  client_max_body_size        100k;
  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;
  root /var/www/passbolt;
# X-Frame-Options is to prevent from clickJacking attack
  add_header X-Frame-Options SAMEORIGIN;
#  disable content-type sniffing on some browsers.
  add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter
  add_header X-XSS-Protection "1; mode=block";

location / {
    try_files $uri $uri/ /index.php?$args;
    index index.php;
  }
location ~ \.php$ {
    fastcgi_index           index.php;
    fastcgi_pass            127.0.0.1:9000;
    fastcgi_split_path_info ^(.+\.php)(.+)$;
    include                 fastcgi_params;
    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param           SERVER_NAME $http_host;
  }
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
    access_log off;
    log_not_found off;
    try_files $uri /app/webroot/$uri /index.php?$args;
  }
}

On the default.conf you have the following:

 listen 80;
  server_name 192.168.101.49:8081;

That is conflicting since you are telling nginx to listen on port 80 but then you reassign the port on the servername. That’s why in your logs the requests are being handled by the server{} section of your /etc/nginx/nginx.conf instead of passbolt

If you want the nginx to listen on port 8081 you could do:

listen 8081;
server_name 192.168.101.49;

Getting somewhere I hope.
I now get this, it goes away if I revert the change

…
[root@minint-fbs3ttp ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-03-16 16:11:38 GMT; 11s ago
Process: 52702 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 52847 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 52845 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 52705 (code=exited, status=0/SUCCESS)

Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local systemd[1]: Starting The nginx HTTP and reverse proxy server…
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local nginx[52847]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local nginx[52847]: nginx: [emerg] bind() to 0.0.0.0:8081 failed (13: Permission denied)
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local nginx[52847]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local systemd[1]: Unit nginx.service entered failed state.
Mar 16 16:11:38 minint-fbs3ttp.sandwell-pct.local systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
…

Could you disable selinux if activated and reboot?

Edit /etc/sysconfig/selinux and change

SELINUX=enforcing

for

SELINUX=permissive

or

SELINUX=disabled

No error now when starting nginx but I still cannot navigate to the passbolt page.

SELINUX is disabled

> [root@0ad01206a Config]# vi /var/log/nginx/error.log
> 2018/03/16 12:12:25 [emerg] 48726#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:7
> 2018/03/16 12:12:35 [emerg] 48740#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:7
> 2018/03/16 12:16:26 [emerg] 48763#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:6
> 2018/03/16 13:01:11 [emerg] 48861#0: unknown directive "client_header_bufer_size" in /etc/nginx/conf.d/default.conf:6
> 2018/03/16 13:08:31 [error] 48951#0: *1 open() "/usr/share/nginx/html/healthcheck/status.json" failed (2: No such file or directory), client: ::1, server: _, request: "GET /healthcheck/status.json HTTP/1.0", host: "localhost"
> 2018/03/16 13:08:31 [error] 48953#0: *2 open() "/usr/share/nginx/html/healthcheck/status.json" failed (2: No such file or directory), client: ::1, server: _, request: "GET /healthcheck/status.json HTTP/1.0", host: "localhost"
> 2018/03/16 15:53:36 [emerg] 52661#0: bind() to 0.0.0.0:8081 failed (13: Permission denied)
> 2018/03/16 16:05:52 [emerg] 52739#0: bind() to 0.0.0.0:8081 failed (13: Permission denied)
> 2018/03/16 16:06:43 [emerg] 52756#0: bind() to 0.0.0.0:8081 failed (13: Permission denied)
> 2018/03/16 16:11:38 [emerg] 52847#0: bind() to 0.0.0.0:8081 failed (13: Permission denied)
> 2018/03/16 16:18:07 [emerg] 52980#0: bind() to 0.0.0.0:8081 failed (13: Permission denied)

Still no logs in passbolt/tmp/

what does curl -Lvvk http://192.168.101.49 say?

> [root@minint-brd8u0g ~]# curl -Lvvk http://192.168.101.49
> * About to connect() to 192.168.101.49 port 80 (#0)
> *   Trying 192.168.101.49...
> * Connection refused
> * Failed connect to 192.168.101.49:80; Connection refused
> * Closing connection 0
> curl: (7) Failed connect to 192.168.101.49:80; Connection refused
> [root@minint-brd8u0g ~]#

Sorry, my bad, I meant curl -Lvvk http://192.168.101.49:8081

Same thing!

[root@minint-brd8u0g ~]# curl -Lvvk http://192.168.101.49:8081
* About to connect() to 192.168.101.49 port 8081 (#0)
*   Trying 192.168.101.49...
* Connection refused
* Failed connect to 192.168.101.49:8081; Connection refused
* Closing connection 0
curl: (7) Failed connect to 192.168.101.49:8081; Connection refused
[root@minint-brd8u0g ~]#

Are you running a vm and doing some kind of port mapping or firewall? If nginx is running this ports should be accessible

Yes it’s installed on a Hyper-V host. Firewall is disabled on the host and guest and the hardware appliance is set to allow all ports within the same subnet.

I’m not particularly fond of port 8081. I can change to a more standard port if it would help.

I’ve disabled management sharing of the NIC and that now gives me NGNIX test page when I don’t add a port. I think that must have been causing issues.

Seems like a problem connecting to the vm to me not a passbolt problem.

From the machine running passbolt please check that:
nginx is running and php-fpm is also runing
nginx is listening on port 8081 (check it with netstat -pnuta for instance)
From that very same vm that runs passbolt you should be able to curl to the passbolt instance. You might need to pass a host header, for instance:
curl -Lvvk --header 'Host: 192.168.101.49' http://127.0.0.1

It was the VM you were correct. Thank you for helping me narrow it down!

[root@lytabeverettt csu_admin]# netstat -pnuta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      1015/php-fpm: maste
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1349/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1711/nginx: master
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      1711/nginx: master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      999/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1408/master
tcp        0      0 192.168.101.49:8081     192.168.101.50:62998    TIME_WAIT   -
tcp        0     64 192.168.101.49:22       192.168.101.50:62902    ESTABLISHED 1665/sshd: csu_admi
tcp        0      0 127.0.0.1:9000          127.0.0.1:40522         TIME_WAIT   -
tcp6       0      0 :::80                   :::*                    LISTEN      1711/nginx: master
tcp6       0      0 :::22                   :::*                    LISTEN      999/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1408/master
udp        0      0 0.0.0.0:55929           0.0.0.0:*                           796/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           796/dhclient
udp        0      0 127.0.0.1:323           0.0.0.0:*                           643/chronyd
udp6       0      0 :::62884                :::*                                796/dhclient
udp6       0      0 ::1:323                 :::*                                643/chronyd
[root@lytabeverettt csu_admin]# curl -Lvvk http://192.168.101.49:8081
* About to connect() to 192.168.101.49 port 8081 (#0)
*   Trying 192.168.101.49...
* Connected to 192.168.101.49 (192.168.101.49) port 8081 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.101.49:8081
> Accept: */*
>
< HTTP/1.1 500 Internal Server Error
< Server: nginx/1.12.2
< Date: Fri, 16 Mar 2018 16:55:57 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=5
< X-Powered-By: PHP/7.1.8
<
* Connection #0 to host 192.168.101.49 left intact
[root@lytabeverettt csu_admin]#

I now have a different issue with error 500. Dependancies look to be correct, as per New install - HTTP ERROR 500 suggestion.

nice! We should need some logs to narrow this error 500 from nginx and passbolt. Regarding the path I provided earlier /var/www/passbolt/tmp/logs/error.log maybe it lacks an app /var/www/passbolt/app/tmp/logs/error.log