Getting a Blank Page: TrueNAS Scale APP + Nginx Proxy Manager

New user here! I can’t seem to get passbolt working in a subfolder directory.

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues

I provide relevant information about my server (component names and versions, etc.)

  • Server operating system name and version: TrueNAS Scale Dragonfish-24.04.2
  • Web server name and version: Nginx Proxy Manager v2.11.3
  • Php version: 8.2.20
  • Passbolt version: 4.9.1

I provide a copy of my logs and healthcheck

2024-09-17 13:11:32.925589-04:00gpg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created
2024-09-17 13:11:32.988044-04:00gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created
2024-09-17 13:11:32.988379-04:00gpg: key 48227E38AAAEE0BF: public key "Passbolt default user <passbolt@yourdomain.com>" imported
2024-09-17 13:11:33.070414-04:00gpg: Total number processed: 1
2024-09-17 13:11:33.070565-04:00gpg:               imported: 1
2024-09-17 13:11:33.076481-04:00gpg: key 48227E38AAAEE0BF: "Passbolt default user <passbolt@yourdomain.com>" not changed
2024-09-17 13:11:33.081055-04:00gpg: key 48227E38AAAEE0BF: secret key imported
2024-09-17 13:11:33.081145-04:00gpg: Total number processed: 1
2024-09-17 13:11:33.081166-04:00gpg:              unchanged: 1
2024-09-17 13:11:33.081186-04:00gpg:       secret keys read: 1
2024-09-17 13:11:33.081206-04:00gpg:   secret keys imported: 1
2024-09-17 13:11:33.989454-04:00..+.........+..+.........................+......+..+.......+...+...+...+..+...+....+......+..+....+.....+......+....+...+...+...+...........+.+..+...............+.+..+.........+......+....+...+........+.......+...............+.....+...+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+.....+...................+..............+......+.+........+...+............+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2024-09-17 13:11:34.634891-04:00.......+...............+.....+...+.+......+........+...+....+......+..+.......+........................+..+....+...+..+......+...+.......+...+...........+.+........+......+.+..............+.+.....+...+....+........+...+....+......+..+.........+......+....+...........+....+......+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2024-09-17 13:11:34.714511-04:00-----
2024-09-17 13:11:34.778602-04:00Installing passbolt
2024-09-17 13:11:35.383945-04:002024-09-17T13:11:35.383945696-04:00
2024-09-17 13:11:35.384019-04:00____                  __          ____  
2024-09-17 13:11:35.384040-04:00/ __ \____  _____ ____/ /_  ____  / / /_ 
2024-09-17 13:11:35.384059-04:00/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
2024-09-17 13:11:35.384104-04:00/ ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
2024-09-17 13:11:35.384125-04:00/_/    \__,_/____/____/_.___/\____/_/\__/   
2024-09-17 13:11:35.384144-04:002024-09-17T13:11:35.384144032-04:00
2024-09-17 13:11:35.384163-04:00Open source password manager for teams
2024-09-17 13:11:35.384183-04:00-------------------------------------------------------------------------------
2024-09-17 13:11:35.420807-04:00Running baseline checks, please wait...
2024-09-17 13:11:35.540638-04:00The /etc/passbolt/jwt/ directory should not be writable.
2024-09-17 13:11:35.540725-04:00Please run ./bin/cake passbolt healthcheck for more information and help.
2024-09-17 13:11:35.558660-04:00Running migrations
2024-09-17 13:11:35.955020-04:002024-09-17T13:11:35.955020130-04:00
2024-09-17 13:11:35.955105-04:00____                  __          ____  
2024-09-17 13:11:35.955127-04:00/ __ \____  _____ ____/ /_  ____  / / /_ 
2024-09-17 13:11:35.955174-04:00/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
2024-09-17 13:11:35.955194-04:00/ ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
2024-09-17 13:11:35.955214-04:00/_/    \__,_/____/____/_.___/\____/_/\__/   
2024-09-17 13:11:35.955232-04:002024-09-17T13:11:35.955232712-04:00
2024-09-17 13:11:35.955252-04:00Open source password manager for teams
2024-09-17 13:11:35.955283-04:00-------------------------------------------------------------------------------
2024-09-17 13:11:35.955315-04:00-------------------------------------------------------------------------------
2024-09-17 13:11:35.956394-04:00Running migration scripts.
2024-09-17 13:11:35.956420-04:00-------------------------------------------------------------------------------
2024-09-17 13:11:36.188785-04:00using migration paths 
2024-09-17 13:11:36.201195-04:00- /etc/passbolt/Migrations
2024-09-17 13:11:36.201300-04:00using seed paths 
2024-09-17 13:11:36.201322-04:00- /etc/passbolt/Seeds
2024-09-17 13:11:36.228516-04:00using environment default
2024-09-17 13:11:36.228581-04:00using adapter mysql
2024-09-17 13:11:36.228603-04:00using database passbolt
2024-09-17 13:11:36.228623-04:00ordering by creation time
2024-09-17 13:11:36.273289-04:002024-09-17T13:11:36.273289814-04:00
2024-09-17 13:11:36.273583-04:00All Done. Took 0.0446s
2024-09-17 13:11:36.290151-04:00Clearing cake caches
2024-09-17 13:11:36.677127-04:00Clearing _cake_model_
2024-09-17 13:11:36.694173-04:00Cleared _cake_model_ cache
2024-09-17 13:11:37.096876-04:00Clearing _cake_core_
2024-09-17 13:11:37.096964-04:00Cleared _cake_core_ cache
2024-09-17 13:11:37.108914-04:00Enjoy! ☮
2024-09-17 13:11:37.109023-04:002024-09-17T13:11:37.109023506-04:00
2024-09-17 13:11:38.825894-04:002024-09-17 17:11:38,825 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
2024-09-17 13:11:38.825997-04:002024-09-17 17:11:38,825 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
2024-09-17 13:11:38.826038-04:002024-09-17 17:11:38,825 INFO Included extra file "/etc/supervisor/conf.d/php.conf" during parsing
2024-09-17 13:11:38.850577-04:002024-09-17 17:11:38,850 INFO RPC interface 'supervisor' initialized
2024-09-17 13:11:38.850762-04:002024-09-17 17:11:38,850 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2024-09-17 13:11:38.851335-04:002024-09-17 17:11:38,851 INFO supervisord started with pid 1
2024-09-17 13:11:39.855620-04:002024-09-17 17:11:39,855 INFO spawned: 'php-fpm' with pid 89
2024-09-17 13:11:39.863401-04:002024-09-17 17:11:39,860 INFO spawned: 'nginx' with pid 90
2024-09-17 13:11:39.866032-04:002024-09-17 17:11:39,865 INFO spawned: 'cron' with pid 91
2024-09-17 13:11:40.167807-04:00time="2024-09-17T17:11:40Z" level=info msg="read crontab: /etc/cron.d/passbolt-ce-server"
2024-09-17 13:11:40.386745-04:00[17-Sep-2024 17:11:40] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
2024-09-17 13:11:40.386838-04:00[17-Sep-2024 17:11:40] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
2024-09-17 13:11:40.386859-04:00[17-Sep-2024 17:11:40] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
2024-09-17 13:11:40.386905-04:00[17-Sep-2024 17:11:40] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
2024-09-17 13:11:40.386926-04:00[17-Sep-2024 17:11:40] NOTICE: fpm is running, pid 89
2024-09-17 13:11:40.388358-04:00[17-Sep-2024 17:11:40] NOTICE: ready to handle connections
2024-09-17 13:11:40.388503-04:00[17-Sep-2024 17:11:40] NOTICE: systemd monitor interval set to 10000ms
2024-09-17 13:11:41.389860-04:002024-09-17 17:11:41,389 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-09-17 13:11:41.390059-04:002024-09-17 17:11:41,389 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-09-17 13:11:41.390211-04:002024-09-17 17:11:41,390 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-09-17 13:11:43.762723-04:00172.16.0.1 - - [17/Sep/2024:17:11:43 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:11:43.763623-04:002024-09-17 17:11:43,762 INFO reaped unknown pid 110 (exit status 0)
2024-09-17 13:11:43.877369-04:00172.16.0.1 - - [17/Sep/2024:17:11:43 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:11:43.877629-04:002024-09-17 17:11:43,877 INFO reaped unknown pid 125 (exit status 0)
2024-09-17 13:11:47.980039-04:00172.16.0.1 - - [17/Sep/2024:17:11:47 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:11:47.980254-04:002024-09-17 17:11:47,979 INFO reaped unknown pid 141 (exit status 0)
2024-09-17 13:11:47.984051-04:00172.16.0.1 - - [17/Sep/2024:17:11:47 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:11:57.980167-04:00172.16.0.1 - - [17/Sep/2024:17:11:57 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:11:57.980248-04:002024-09-17 17:11:57,979 INFO reaped unknown pid 151 (exit status 0)
2024-09-17 13:11:57.982768-04:00172.16.0.1 - - [17/Sep/2024:17:11:57 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:12:00.018802-04:00time="2024-09-17T17:12:00Z" level=info msg=starting iteration=0 job.command="$PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log" job.position=0 job.schedule="* * * * *"
2024-09-17 13:12:00.510368-04:00time="2024-09-17T17:12:00Z" level=info msg="job succeeded" iteration=0 job.command="$PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log" job.position=0 job.schedule="* * * * *"
2024-09-17 13:12:07.981953-04:00172.16.0.1 - - [17/Sep/2024:17:12:07 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:12:07.982063-04:002024-09-17 17:12:07,981 INFO reaped unknown pid 177 (exit status 0)
...
2024-09-17 13:14:00.058786-04:00time="2024-09-17T17:14:00Z" level=info msg=starting iteration=2 job.command="$PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log" job.position=0 job.schedule="* * * * *"
2024-09-17 13:14:00.510806-04:00time="2024-09-17T17:14:00Z" level=info msg="job succeeded" iteration=2 job.command="$PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log" job.position=0 job.schedule="* * * * *"
2024-09-17 13:14:07.986552-04:00172.16.0.1 - - [17/Sep/2024:17:14:07 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:14:07.986672-04:002024-09-17 17:14:07,984 INFO reaped unknown pid 329 (exit status 0)
2024-09-17 13:14:07.986733-04:002024-09-17 17:14:07,984 INFO reaped unknown pid 330 (exit status 0)
2024-09-17 13:14:07.986756-04:002024-09-17 17:14:07,985 INFO reaped unknown pid 333 (exit status 0)
2024-09-17 13:14:07.986778-04:002024-09-17 17:14:07,985 INFO reaped unknown pid 334 (exit status 0)
2024-09-17 13:14:07.986799-04:00172.16.0.1 - - [17/Sep/2024:17:14:07 +0000] "GET /healthcheck/status HTTP/1.1" 200 12 "-" "kube-probe/1.26"
2024-09-17 13:14:11.979277-04:00172.16.1.212 - - [17/Sep/2024:17:14:11 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:11.979414-04:002024-09-17 17:14:11,979 INFO reaped unknown pid 339 (exit status 0)
2024-09-17 13:14:11.980489-04:002024/09/17 17:14:11 [info] 100#100: *67 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:11.980540-04:002024-09-17 17:14:11,979 INFO reaped unknown pid 340 (exit status 0)
2024-09-17 13:14:11.980602-04:002024-09-17 17:14:11,979 INFO reaped unknown pid 343 (exit status 0)
2024-09-17 13:14:11.980625-04:002024-09-17 17:14:11,979 INFO reaped unknown pid 344 (exit status 0)
2024-09-17 13:14:11.981322-04:00172.16.1.212 - - [17/Sep/2024:17:14:11 +0000] "GET /app/administration/mfa HTTP/1.1" 302 5 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"
2024-09-17 13:14:12.221998-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/auth/login?redirect=%2F HTTP/1.1" 200 1120 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:12.222085-04:002024-09-17 17:14:12,221 INFO reaped unknown pid 348 (exit status 0)
2024-09-17 13:14:12.222122-04:002024-09-17 17:14:12,221 INFO reaped unknown pid 350 (exit status 0)
2024-09-17 13:14:12.222163-04:002024/09/17 17:14:12 [info] 100#100: *69 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:12.303779-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/auth/login?redirect=%2Fapp%2Fadministration%2Fmfa HTTP/1.1" 200 1120 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"
2024-09-17 13:14:12.304167-04:002024-09-17 17:14:12,303 INFO reaped unknown pid 353 (exit status 0)
2024-09-17 13:14:12.304212-04:002024-09-17 17:14:12,303 INFO reaped unknown pid 355 (exit status 0)
2024-09-17 13:14:12.626684-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/js/app/stylesheet.js?v=4.9.1 HTTP/1.1" 404 118765 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:12.626712-04:002024/09/17 17:14:12 [info] 100#100: *73 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:12.684245-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/js/app/api-vendors.js?v=4.9.1 HTTP/1.1" 404 118414 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:12.684456-04:002024-09-17 17:14:12,683 INFO reaped unknown pid 359 (exit status 0)
2024-09-17 13:14:12.684262-04:002024/09/17 17:14:12 [info] 100#100: *75 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:12.699663-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/auth/login?redirect=%2Fapp%2Fadministration%2Fmfa HTTP/1.1" 200 2882 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
2024-09-17 13:14:12.699755-04:002024-09-17 17:14:12,699 INFO reaped unknown pid 361 (exit status 0)
2024-09-17 13:14:12.720924-04:002024/09/17 17:14:12 [info] 100#100: *77 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:12.721001-04:00172.16.1.212 - - [17/Sep/2024:17:14:12 +0000] "GET /passbolt/js/app/api-triage.js?v=4.9.1 HTTP/1.1" 404 118612 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:13.153489-04:00172.16.1.212 - - [17/Sep/2024:17:14:13 +0000] "GET /passbolt/auth/login HTTP/1.1" 200 1120 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"
2024-09-17 13:14:13.154338-04:002024-09-17 17:14:13,153 INFO reaped unknown pid 364 (exit status 0)
2024-09-17 13:14:13.154410-04:002024-09-17 17:14:13,153 INFO reaped unknown pid 366 (exit status 0)
2024-09-17 13:14:13.446418-04:00172.16.1.212 - - [17/Sep/2024:17:14:13 +0000] "GET /passbolt/js/app/api-triage.js?v=4.9.1 HTTP/1.1" 404 118549 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:13.446468-04:002024/09/17 17:14:13 [info] 100#100: *83 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:13.657135-04:00172.16.1.212 - - [17/Sep/2024:17:14:13 +0000] "GET /passbolt/auth/login HTTP/1.1" 200 2882 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
2024-09-17 13:14:14.566432-04:00172.16.1.212 - - [17/Sep/2024:17:14:14 +0000] "GET /passbolt/favicon.ico HTTP/1.1" 404 119017 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:14.566437-04:002024/09/17 17:14:14 [info] 100#100: *87 client 172.16.1.212 closed keepalive connection
2024-09-17 13:14:14.574813-04:00172.16.1.212 - - [17/Sep/2024:17:14:14 +0000] "GET /passbolt/favicon_228.png HTTP/1.1" 404 119205 "https://domain/passbolt/auth/login?redirect=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
2024-09-17 13:14:14.574873-04:002024/09/17 17:14:14 [info] 100#100: *89 client 172.16.1.212 closed keepalive connection

Healthcheck for subdomain (worked):

 Environment

 [PASS] PHP version 8.2.20.
 [PASS] PHP version is 8.1 or above.
 [PASS] PCRE compiled with unicode support.
 [PASS] Mbstring extension is installed.
 [PASS] Intl extension is installed.
 [PASS] GD or Imagick extension is installed.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Cache is working.
 [FAIL] Debug mode is on.
 [HELP] Set debug to false in /etc/passbolt/passbolt.php
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://domain
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates.
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate.

 SMTP settings

 [PASS] The SMTP Settings plugin is enabled.
 [FAIL] SMTP Setting errors: App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint(): Argument #1 ($fingerprint) must be of type string, null given, called in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 109
 [WARN] The SMTP Settings source is: undefined.
 [HELP] It is recommended to set the SMTP Settings in the database through the administration section.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
 [PASS] No custom SSL configuration for SMTP server.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled.
 [FAIL] The /etc/passbolt/jwt/ directory should not be writable.
 [HELP] You can try: 
 [HELP] sudo chown -Rf root:www-data /etc/passbolt/jwt/
 [HELP] sudo chmod 750 /etc/passbolt/jwt/
 [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.key
 [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.pem
 [PASS] A valid JWT key pair was found.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server OpenPGP key is not set.
 [HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
 [HELP] Double check the key fingerprint, example: 
 [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
 [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (4.9.1).
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.
 [PASS] The database schema is up to date.

 Database

 [PASS] The application is able to connect to the database
 [PASS] 31 tables found.
 [PASS] Some default content is present.

 [FAIL] 11 error(s) found. Hang in there!

Healthcheck (subfolder, not working)

 Environment

 [PASS] PHP version 8.2.20.
 [PASS] PHP version is 8.1 or above.
 [PASS] PCRE compiled with unicode support.
 [PASS] Mbstring extension is installed.
 [PASS] Intl extension is installed.
 [PASS] GD or Imagick extension is installed.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Cache is working.
 [FAIL] Debug mode is on.
 [HELP] Set debug to false in /etc/passbolt/passbolt.php
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://domain
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates.
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate.

 SMTP settings

 [PASS] The SMTP Settings plugin is enabled.
 [FAIL] SMTP Setting errors: App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint(): Argument #1 ($fingerprint) must be of type string, null given, called in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 109
 [WARN] The SMTP Settings source is: undefined.
 [HELP] It is recommended to set the SMTP Settings in the database through the administration section.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
 [HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
 [PASS] No custom SSL configuration for SMTP server.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled.
 [FAIL] The /etc/passbolt/jwt/ directory should not be writable.
 [HELP] You can try: 
 [HELP] sudo chown -Rf root:www-data /etc/passbolt/jwt/
 [HELP] sudo chmod 750 /etc/passbolt/jwt/
 [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.key
 [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.pem
 [PASS] A valid JWT key pair was found.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server OpenPGP key is not set.
 [HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
 [HELP] Double check the key fingerprint, example: 
 [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
 [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
 [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (4.9.1).
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.
 [PASS] The database schema is up to date.

 Database

 [PASS] The application is able to connect to the database
 [PASS] 31 tables found.
 [PASS] Some default content is present.

 [FAIL] 11 error(s) found. Hang in there!

Nginx proxy conf (generated by NPM; formatted a bit for easier parsing)

server {
  set $forward_scheme http;
  set $server         "internal IP";
  set $port           port;

  listen 80;

  listen 443 ssl;

  server_name domain;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-14/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-14/privkey.pem;

  # Block Exploits
  include conf.d/include/block-exploits.conf;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security $hsts_header always;

  # Force SSL
  include conf.d/include/force-ssl.conf;

  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $http_connection;
  proxy_http_version 1.1;

  access_log /data/logs/proxy-host-20_access.log proxy;
  error_log /data/logs/proxy-host-20_error.log warn;

  location /passbolt/ {
    location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
      access_log on;
      log_not_found on;
      rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
      rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
      try_files $uri $uri/ /index.php?$args;
    }

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
    proxy_pass       http://internal_ip:port;

    # Block Exploits
    include conf.d/include/block-exploits.conf;

    # Force SSL
    include conf.d/include/force-ssl.conf;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
    add_header Strict-Transport-Security $hsts_header always;
    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
  }

  location / {
    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
    add_header Strict-Transport-Security $hsts_header always;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;

    # Proxy!
    include conf.d/include/proxy.conf;
  }
}

I describe the steps I have taken to trouble shoot the problem

  • I am able to launch passbolt and proxy it to a subdomain.
  • I set “APP_BASE” to “/passbolt” and APP_FULL_BASE_URL" to “https:domain” (I learnt to remove the APP_BASE from the full URL)
  • I kept tweaking nginx settings to no success. The app loads when I visit “https:domain” but not when I visit “https:domain/passbolt”

I describe the steps on how to reproduce the issue

  1. Installed TrueNAS app
  2. set the APP_BASE in additional environment variables, and other setup
  3. launch and visit domain

Screenshot of the URL seemingly working, but this is WITH the “APP_BASE” set to “/passbolt”. If the subfolder is added, it goes to a blank page.

Hello @zehro and welcome to the forum!
Could you add your Passbolt config? Also, please blind your sensitive data as domains, IPs, credentials…

Hi @Termindiego25 ! Thank you for pointing out to obscure sensitive data. Let me know if you need any additional information.

As far as a “Passbolt config” goes, I don’t think I have one. In my healthcheck…

[PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

I am using TrueNAS Charts, which utilizes some environment variables.

Your environment variables are your Passbolt config

This is my best guess. When I attempt to set values to anything other than the APP_BASE as additional environment variables, my server complains that it’s already been written.

  • APP_BASE = /passbolt
  • APP_FULL_BASE_URL = https://domain
  • DEBUG = true
    the rest are for SMTP email stuff (EMAIL_TRANSPORT_DEFAULT_HOST, EMAIL_TRANSPORT_DEFAULT_PORT, etc.)

Is there something else I should look for/can find?

Will no one help with the issue I’m having? Is this forum the only way of seeking help?

Bump. Still seeking assistance.