Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue
I’ve installed Passbolt inside a FreeBSD 12.2 jail following the from-source instructions. After getting nginx and fpm configured, I can go through the process of creating the first user, but actually logging in fails with a 500 server error (exact message and server log below). Running healthcheck highlights three errors: that the server does not have https enabled (correct, I’ll do that once I can confirm it’s otherwise working), and that while the server keys can be used to encrypt and decrypt messages, they cannot be used to verify signatures. Could this verify error and the 500 server error be related?
The server key and subkey are both RSA (Passkey doesn’t support EDDSA, the default on this system), they’re owned by the nginx user (www), and I’ve verified they work for encryption and signing at the CLI. I’ve tried installing the pecl gnupg package via pecl instead of via the system package manager (suggested by eddie4 in '18), but that had no effect. I’ve also searched the forum here, but most of the relevant threads have issues with both decryption and verification.
Is there any way to get more detailed information out of the healthcheck shell? The --verbose flag doesn’t seem to have any effect.
versions:
FreeBSD 12.2 (FreeNAS), iocage jail
nginx/1.20.1
mysql Ver 15.1 Distrib 10.5.13-MariaDB
PHP 7.4.26
Passbolt 3.4.0-2 (commit 98397bba)
gpg (GnuPG) 2.3.2
libgcrypt 1.9.4
./bin/cake passbolt healthcheck
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 7.4.26.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://passbolt.thescrapyard.org
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www/.gnupg.
[PASS] The directory /home/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[FAIL] The private key cannot be used to decrypt and verify a message
[FAIL] The public key cannot be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (3.4.0).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
JWT Authentication
[WARN] The JWT Authentication plugin is disabled
[HELP] Set the environment variable PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to true
[FAIL] 3 error(s) found. Hang in there!
login error:
Sorry, you have not been signed in.
Something went wrong, the sign in failed with the following error:
There was a server error. No additional information provided(500
nginx access.log below, with no errors present in error.log.
[05/Jan/2022:16:42:39 -0800] "GET /settings.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:42:40 -0800] "GET /auth/verify.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:42:40 -0800] "GET /setup/install/<snip>.json?api-version=v2 HTTP/1.1" 400
[05/Jan/2022:16:42:42 -0800] "GET /setup/install/<snip>?locale=en-UK HTTP/1.1" 200
[05/Jan/2022:16:42:42 -0800] "GET /js/app/stylesheet.js?v=3.4.0 HTTP/1.1" 304
[05/Jan/2022:16:42:42 -0800] "GET /js/app/api-setup.js?v=3.4.0 HTTP/1.1" 304
[05/Jan/2022:16:42:42 -0800] "GET /js/app/api-vendors.js?v=3.4.0 HTTP/1.1" 304
[05/Jan/2022:16:42:42 -0800] "GET /settings.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:42:42 -0800] "GET /settings.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:42:42 -0800] "GET /auth/verify.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:42:42 -0800] "GET /setup/install/<snip>.json?api-version=v2 HTTP/1.1" 400
[05/Jan/2022:16:42:43 -0800] "GET /setup/install/<snip>.json?api-version=v2 HTTP/1.1" 400
[05/Jan/2022:16:42:48 -0800] "GET / HTTP/1.1" 302
[05/Jan/2022:16:42:49 -0800] "GET /auth/login?redirect=%2F HTTP/1.1" 200
[05/Jan/2022:16:42:59 -0800] "GET / HTTP/1.1" 302
[05/Jan/2022:16:42:59 -0800] "GET /auth/login?redirect=%2F HTTP/1.1" 200
[05/Jan/2022:16:43:00 -0800] "GET /js/app/api-triage.js?v=3.4.0 HTTP/1.1" 304
[05/Jan/2022:16:43:00 -0800] "GET /settings.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:00 -0800] "GET /settings.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:00 -0800] "POST /auth/verify.json?api-version=v2 HTTP/1.1" 500
[05/Jan/2022:16:43:00 -0800] "GET /auth/verify.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:01 -0800] "GET /auth/verify.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:04 -0800] "GET /auth/verify.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:04 -0800] "GET /img/avatar/user.png HTTP/1.1" 304
[05/Jan/2022:16:43:10 -0800] "GET /users/csrf-token.json?api-version=v2 HTTP/1.1" 200
[05/Jan/2022:16:43:10 -0800] "POST /auth/login.json?api-version=v2 HTTP/1.1" 500