Checklist
[
] I have read intro post: About the Installation Issues category
[] I have read the tutorials, help and searched for similar issues
[] I provide relevant information about my server (component names and versions, etc.)
[] I provide a copy of my logs and healthcheck
[] I describe the steps I have taken to trouble shoot the problem
[] I describe the steps on how to reproduce the issue
OS: AlmaLinux 9.3 (Shamrock Pampas Cat) x86_64
Docker Version: 26.1.0
Hi all,
I’ve been trying to get my Docker container up and running for a while. But I keep getting stumped with this issue when trying to create the admin user.
2024-04-30 11:36:23 error: [Cake\Database\Exception\MissingConnectionException] Connection to Mysql could not be established: SQLSTATE[HY000] [1045] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES) in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 144
Caused by: [PDOException] SQLSTATE[HY000] [1045] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES) in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php on line 132
2024-04-30 11:36:23 error: Could not connect to Database.I’ve looked everywhere for solutions to try, I found some peeps with similar issues, but nothing congruent to this error. I’ve tried starting from fresh (following the docs to the letter), with and without traefik, I’ve even watched a YT walkthrough to make sure there wasn’t anything obvious I was missing.
docker-compose.yaml:
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://pb.domain.com
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
EMAIL_DEFAULT_FROM_NAME: "Passbolt"
EMAIL_DEFAULT_FROM: "passbolt@domain.com"
EMAIL_TRANSPORT_DEFAULT_HOST: "localhost"
EMAIL_TRANSPORT_DEFAULT_PORT: 25
EMAIL_TRANSPORT_DEFAULT_USERNAME: null
EMAIL_TRANSPORT_DEFAULT_PASSWORD: null
EMAIL_TRANSPORT_DEFAULT_TLS: null
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
#ports:
# - 80:80
# - 443:443
#Alternatively for non-root images:
# - 80:8080
# - 443:4433
labels:
traefik.enable: "true"
traefik.http.routers.passbolt-http.entrypoints: "web"
traefik.http.routers.passbolt-http.rule: "Host(`pb.domain.com`)"
traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.entrypoints: "websecure"
traefik.http.routers.passbolt-https.rule: "Host(`pb.domain.com`)"
traefik.http.routers.passbolt-https.tls: "true"
traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
traefik:
image: traefik:2.6
restart: always
ports:
- 12480:80
- 12443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared
volumes:
database_volume:
gpg_volume:
jwt_volume:Docker log:
2024-04-30 11:34:28+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.7+maria~ubu2204 started.
2024-04-30 11:34:28+00:00 [Warn] [Entrypoint]: /sys/fs/cgroup///memory.pressure not writable, functionality unavailable to MariaDB
2024-04-30 11:34:28+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2024-04-30 11:34:28+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.7+maria~ubu2204 started.
2024-04-30 11:34:29+00:00 [Note] [Entrypoint]: MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to $MARIADB_AUTO_UPGRADE setting
2024-04-30 11:34:29 0 [Note] Starting MariaDB 10.11.7-MariaDB-1:10.11.7+maria~ubu2204 source revision 87e13722a95af5d9378d990caf48cb6874439347 as process 1
2024-04-30 11:34:29 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2024-04-30 11:34:29 0 [Note] InnoDB: Number of transaction pools: 1
2024-04-30 11:34:29 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2024-04-30 11:34:29 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
2024-04-30 11:34:29 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2024-04-30 11:34:29 0 [Note] InnoDB: Completed initialization of buffer pool
2024-04-30 11:34:29 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
2024-04-30 11:34:29 0 [Note] InnoDB: End of log at LSN=1147328
2024-04-30 11:34:29 0 [Note] InnoDB: 128 rollback segments are active.
2024-04-30 11:34:29 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
2024-04-30 11:34:29 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2024-04-30 11:34:29 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2024-04-30 11:34:29 0 [Note] InnoDB: log sequence number 1147328; transaction id 1277
2024-04-30 11:34:29 0 [Note] Plugin 'FEEDBACK' is disabled.
2024-04-30 11:34:29 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2024-04-30 11:34:29 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
2024-04-30 11:34:29 0 [Note] Server socket created on IP: '0.0.0.0'.
2024-04-30 11:34:29 0 [Note] Server socket created on IP: '::'.
2024-04-30 11:34:29 0 [Note] mariadbd: ready for connections.
Version: '10.11.7-MariaDB-1:10.11.7+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
2024-04-30 11:34:29 0 [Note] InnoDB: Buffer pool(s) load completed at 240430 11:34:29
2024-04-30 11:34:29 3 [Warning] Aborted connection 3 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.4' (This connection closed normally without authentication)
2024-04-30 11:34:31 4 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:32 5 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:32 6 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:32 7 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:32 8 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:32 9 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:33 10 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:33 11 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:33 12 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:34:33 13 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:35:01 14 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:35:01 15 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:35:01 16 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:35:01 17 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:02 18 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:02 19 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:02 20 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:02 21 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:23 22 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:23 23 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:23 24 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:36:23 25 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:37:01 26 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:37:01 27 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:37:01 28 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:37:02 29 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:38:01 30 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:38:01 31 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)
2024-04-30 11:38:01 32 [Warning] Access denied for user 'passbolt'@'172.19.0.4' (using password: YES)Healthcheck:
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 8.2.7.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pb.domain.com
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings
SSL Certificate
[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
[HELP] cURL Error (6) Could not resolve host: pb.domain.com
Database
[FAIL] The application is not able to connect to the database.
[HELP] Double check the host, database name, username and password in /etc/passbolt/passbolt.php.
[HELP] Make sure the database exists and is accessible for the given database user.
[FAIL] No table found
[HELP] Run the install script to install the database tables
[HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt install" www-data
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt install" www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake migrations migrate --no-lock" www-data
[HELP] See. https://www.passbolt.com/help/tech/update
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server OpenPGP key is not set
[HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
Application configuration
[FAIL] This installation is not up to date. Currently using 4.6.2 and it should be 4.7.0.
[HELP] See. https://www.passbolt.com/help/tech/update
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: env variables.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[FAIL] 11 error(s) found. Hang in there!