Help running passbolt docker compose version


#1

I want to evaluate passbolt but am having some difficuly running with docker compose.

It looks like the database schema isnt being built (I assumed this happens automatically):

Exception: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘passbolt.users’ doesn’t exist in [/var/www/passbolt/vendor/cakephp/cakephp/src/Database/Schema/Collection.php, line 131]

This happens trying to run the registration command.

I also get a connection refused on port 80 but I have set PASSBOLT_SSL_FORCE=false

What do I need to do to initialise mysql and is there something else I need to do to run it on port 80?

When the container starts I do not see much debugging, just these 4 lines:

root@ip-10-52-2-245:/data/passbolt# docker-compose logs passbolt
Attaching to passbolt_passbolt_1
passbolt_1 | wait-for.sh: waiting 15 seconds for db:3306
passbolt_1 | wait-for.sh: db:3306 is available after 1 seconds
passbolt_1 | gpg: directory ‘/home/www-data/.gnupg’ created
passbolt_1 | gpg: keybox ‘/home/www-data/.gnupg/pubring.kbx’ created


#2

Further to my question above, is the docker compose version of passbolt only meant for evaluation of the software and not intended to be used as a password manager?


#3

Hi @berimbolo,

Passbolt docker indeed creates the database schema automatically. What seems to happen in your setup is that you lack the entropy on the container to create the gpg keys so the startup process is stuck on that step.
Most likely you lack haveged/rng-tools installed on your host from the list of requirements

Hope this helps! Let us know!


#4

Hi @diego it seems to have gotten a litle further and fails for something else (any idea on this?):

root@ip-10-52-2-136:/data/passbolt# docker-compose logs passbolt
Attaching to passbolt_passbolt_1
passbolt_1 | wait-for.sh: waiting 15 seconds for db:3306
passbolt_1 | wait-for.sh: db:3306 is available after 7 seconds
passbolt_1 | gpg: directory ‘/home/www-data/.gnupg’ created
passbolt_1 | gpg: keybox ‘/home/www-data/.gnupg/pubring.kbx’ created
passbolt_1 | gpg: /home/www-data/.gnupg/trustdb.gpg: trustdb created
passbolt_1 | gpg: key C9033F098DB3D664 marked as ultimately trusted
passbolt_1 | gpg: directory ‘/home/www-data/.gnupg/openpgp-revocs.d’ created
passbolt_1 | gpg: revocation certificate stored as ‘/home/www-data/.gnupg/openpgp-revocs.d/CE5175F0957733C9B614EAB5C9033F098DB3D664.rev’
passbolt_1 | -su: /var/www/passbolt/config/gpg/serverkey_private.asc: Permission denied


#5

The docker-compose comes with a passbolt container and a mysql container with minimal setup: self signed certificates, example access passwords, etc. Using it on production environments as it is would not be a good idea. You should generate your certs, or using let’s encrypt maybe generate you own gpg keys out of band and mount them on it… It might be a good idea to provide a community driven docker-compose ready for production…


#6

I am planning to front it with another instance of nginx, not sure if this is a bad idea? Thats why I wanted to turn off SSL and then terminate our certs at this instance of nginx.

I want to avoid doing any manual set up as if suitable the plan would be to run on EC2 and build via terraform scripts and I dont want to have to do any manual installation steps.


#7

I have this sorted now, it was a permission issues with the directory on the data volueme I mounted.


#8

That would work. However SSL termination might be interesting to be done on passbolt container itself. You could also front it with a vpn to increased security.
What I try to say is that the composer:

  • If you meet the requirements it should run out of the box with self signed certs with no interaction at all
  • It is valid for testing
  • Production environments would require some customization to adjust to particular needs such as vpn, mysql passwords, ssl certificates. This is part of the final assessment from the users and their security requirements

#9

Ok brilliant thanks, its already running behind a vpn on a private vpc with no inbound direct internet access, and the ssl termination is working in nginx now.

I just need to get the css rendering properly and then I can test it out!


closed #10

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.