How to Passbolt Admin

Hello All,

So i just started out trying Passbolt. Currently i’m using the self-hosted version of Bitwarden, Vaultwarden. It has been working fine since day one, but the interface isn’t that great.

I’m trying to get Passbolt hosted on my Proxmox server with Debian 11 running.
After some struggling i managed to get it to work, but running into some things i don’t understand.

What i have:

  • Proxmox with a couple of LXC containers.
  • NginX running on Proxmox as redirect for my domainname.
  • LXC with Debian 11 and Passbolt installed.

Everything is setup correct (SMTP etc), but i can’t figure out how to admin this…
When i logon local: 192.168.1.15 it looks OK, but remote is blanc.
In NginX i passed passbolt.smart****.nl to http://192.168.1.15:80

When i edit below to the correct adres instead of the 192.168.1.15 it’s working, but just one box to recover my password and nothing else.
/etc/passbolt/passbolt.php
/etc/nginx/sites-enabled/nginx-passbolt.conf

If i then, remove the passbolt extention, how can you configure it again?. It just keeps looking for the server endlessly, or opens up the website: Passbolt password manager for agile teams - Get started

Hi @MDLefevere It seems you have a need for reverse proxy config?

Here’s one that works:

server {
        listen 80;
        server_name     passbolt.smart****.nl;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl http2;
        server_name     passbolt.smart****.nl;

        # modern configuration https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.0e&hsts=no&profile=modern
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers off;
        ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;

        ssl_certificate         /path/to/fullchain.cer;
        ssl_certificate_key     /path/to/domain.key;

        ssl_session_timeout     1d;
        ssl_session_cache       shared:SSL:50m;
        ssl_session_tickets     off;

        location / {
                include /etc/nginx/mime.types;

                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_pass              https://192.168.1.15;
        }
}

Notice that I have a https in the proxy_pass line as my backend is also running on port 443.

Additionally, if you are getting a blank, it might be that your backend needs a record in the /etc/hosts file pointing your domain to your backend ip address.

Regarding how to configure the extension again, it first must be re-installed, then navigate to your Passbolt site and follow the guidance.

Hi Garrett,

Thanks for the reply!.
I managed to get i to work with the following:

/etc/passbolt/passbolt.php:
‘fullBaseUrl’ => ‘https://passbolt.smart*****.nl’,

/etc/passbolt/passbolt.php /etc/nginx/sites-enabled/nginx-passbolt.conf

In my NginX i setup a host that directs my passbolt.domain.nl to http:192.168.1.15:8200


It’s way off of what you posted, so is this just a good ques or do you still advice to change it?

(As i am nog allowed yet to post 2 images at one post :wink: )

/etc/passbolt/passbolt.php:

My example was for the reverse proxy NGINX config, but regarding which port to serve from on the backend, it’s completely up to you. If you were NOT serving the backend securely I didn’t want it to trip you up.

Glad to hear it’s working!

Thanks for the help :smiley:
It’s a lot of information in it. I’m going to try to figure it out and see if i can get it to work that way :wink:

1 Like