Hello All,
So i just started out trying Passbolt. Currently i’m using the self-hosted version of Bitwarden, Vaultwarden. It has been working fine since day one, but the interface isn’t that great.
I’m trying to get Passbolt hosted on my Proxmox server with Debian 11 running.
After some struggling i managed to get it to work, but running into some things i don’t understand.
What i have:
- Proxmox with a couple of LXC containers.
- NginX running on Proxmox as redirect for my domainname.
- LXC with Debian 11 and Passbolt installed.
Everything is setup correct (SMTP etc), but i can’t figure out how to admin this…
When i logon local: 192.168.1.15 it looks OK, but remote is blanc.
In NginX i passed passbolt.smart****.nl to http://192.168.1.15:80
When i edit below to the correct adres instead of the 192.168.1.15 it’s working, but just one box to recover my password and nothing else.
/etc/passbolt/passbolt.php
/etc/nginx/sites-enabled/nginx-passbolt.conf
If i then, remove the passbolt extention, how can you configure it again?. It just keeps looking for the server endlessly, or opens up the website: Passbolt password manager for agile teams - Get started
Hi @MDLefevere It seems you have a need for reverse proxy config?
Here’s one that works:
server {
listen 80;
server_name passbolt.smart****.nl;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name passbolt.smart****.nl;
# modern configuration https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.0e&hsts=no&profile=modern
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /path/to/fullchain.cer;
ssl_certificate_key /path/to/domain.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
location / {
include /etc/nginx/mime.types;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://192.168.1.15;
}
}
Notice that I have a https
in the proxy_pass
line as my backend is also running on port 443.
Additionally, if you are getting a blank, it might be that your backend needs a record in the /etc/hosts
file pointing your domain to your backend ip address.
Regarding how to configure the extension again, it first must be re-installed, then navigate to your Passbolt site and follow the guidance.
Hi Garrett,
Thanks for the reply!.
I managed to get i to work with the following:
/etc/passbolt/passbolt.php:
‘fullBaseUrl’ => ‘https://passbolt.smart*****.nl’,
/etc/passbolt/passbolt.php /etc/nginx/sites-enabled/nginx-passbolt.conf
In my NginX i setup a host that directs my passbolt.domain.nl to http:192.168.1.15:8200
…
It’s way off of what you posted, so is this just a good ques or do you still advice to change it?
(As i am nog allowed yet to post 2 images at one post )
/etc/passbolt/passbolt.php:
My example was for the reverse proxy NGINX config, but regarding which port to serve from on the backend, it’s completely up to you. If you were NOT serving the backend securely I didn’t want it to trip you up.
Glad to hear it’s working!
Thanks for the help
It’s a lot of information in it. I’m going to try to figure it out and see if i can get it to work that way
1 Like