HTTP Blank page, SWAG and App


I did a fresh install in docker.
Server is running and I’m able register the first user via docker command.
Server uses self signed certificate.

  1. Why does the blank page happen and how can I avoid it?

    I set: PASSBOLT_SSL_FORCE: false in compose file but I am not able to access the server through HTTP-Port: http://LAN-IP:PORT
    URL in browser gets: http://LAN-IP:PORT/auth/login?redirect=%2F and a blank page appears.
    The same happens for HTTPS: https://LAN-IP:PORT

    Accessing via the URL specified as APP_FULL_BASE_URL: works

  2. I didn’t find a howto for setting up passbolt with SWAG subdomain proxy

    Can anybody help with that?

  3. Scan QR-Code in App does not work

    App starts flickering when pointed to the first QR-Code and tells page has already been scanned.

This is the health check output.

 Healthcheck shell         


 [PASS] PHP version 8.2.18.
 [PASS] PHP version is 8.1 or above.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [WARN] SSL peer certificate does not validate
 [WARN] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check
 [HELP] cURL Error (60) SSL certificate problem: self-signed certificate


 [PASS] The application is able to connect to the database
 [PASS] 31 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server OpenPGP key is not set
 [HELP] Create a key, export it and add the fingerprint to /etc/passbolt/passbolt.php
 [HELP] See.
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
 [HELP] Double check the key fingerprint, example: 
 [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
 [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
 [HELP] See.
 [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.

 Application configuration

 [FAIL] This installation is not up to date. Currently using 4.6.2 and it should be 4.7.0.
 [HELP] See.
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [WARN] The SMTP Settings source is: env variables.
 [HELP] It is recommended to set the SMTP Settings in the database through the administration section.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Or set to true in /etc/passbolt/passbolt.php.

 [FAIL] 6 error(s) found. Hang in there!

Hey @anduz welcome to the forum! What you’ve described is the expected behavior, the passbolt UI will appear as a blank page if you are accessing it as anything other than the APP_FULL_BASE_URL

Since the healthcheck is showing an SSL issue this is likely the cause of the mobile connection issue. You’ll likely need to import the cert to your phone

Can you help with the configuration of SWAG?

That’s not one I am familiar with so can’t really help there

I have switched to traefik.
Everything is working.
Is there a way to access passbolt from LAN if something goes wrong?
Making a DNS entry in local DNS won’t work, because trafik isn’t running on 443, which is occupied by QNAP.

Is there another way?