Checklist
[Y] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[N] I provide relevant information about my server (component names and versions, etc.)
[N] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[IDK] I describe the steps on how to reproduce the issue
Hello everyone, I was flowing very close NetworkChuck Install guide to install Passbolt to my server using docker everythag seems like it was working well until I went to pasted in my URL from the console and the website keeps giving me a 404 page cant be found as you can see here
pic for 404 page
I have no idea how to fix this or if it is fixable I really don’t know what I can paste to help
Hey @dgibbs3196 welcome to the forum!
Just took a look at the NetworkChuck video to make sure I was on the same page here. A couple questions on this:
- Did you add traefik or not?
- Can you run the healthcheck and post the output?
- Can you share your docker compose file? Just make sure to remove the passwords
-
Did you add Traefik or not?
- Yes, I did. I followed the step-by-step guide to the T
-
Can you run the healthcheck and post the output?
-
Can you share your docker-compose file? Just make sure to remove the passwords
If you need any more info just ask I do not sure what I need to do to fix the problems that the Healthcheck found It may be very easy things to fix may be hard for all I know I may need to restart from scratch…
@dgibbs3196 please post the log content into your posts here and triple backtick above and below the text for easy viewing, thanks.
pASSBOLT HELTH THAG
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 7.4.33.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://password.dgibbs3196.xyz
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
Database
[PASS] The application is able to connect to the database
[PASS] 30 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (3.12.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: env variables.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[FAIL] 3 error(s) found. Hang in there!
docker compose file
version: '3.9'
services:
db:
image: mariadb:10.10
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "NOPE"
MYSQL_USER: "NOPE"
MYSQL_PASSWORD: "NOPE"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://"password."dgibbs3196.xyz
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "NOPE"
DATASOURCES_DEFAULT_PASSWORD: "NOPE"
DATASOURCES_DEFAULT_DATABASE: "NOPE"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
labels:
traefik.enable: "true"
traefik.http.routers.passbolt-http.entrypoints: "web"
traefik.http.routers.passbolt-http.rule: "Host(`password.dgibbs3196.xyz`)"
traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.entrypoints: "websecure"
traefik.http.routers.passbolt-https.rule: "Host(`password.dgibbs3196.xyz`)"
traefik.http.routers.passbolt-https.tls: "true"
traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
#Alternatively for non-root images:
# - 80:8080
# - 443:4433
traefik:
image: traefik:2.6
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared
volumes:
database_volume:
gpg_volume:
jwt_volume:
On the App full base url in the docker compose you have
APP_FULL_BASE_URL: https://"password."dgibbs3196.xyz
but are the quotes in the middle because of the forum link limit rules or is this a typo?
Yes the quotes in there because of the link limitation on the forum
Couple more things to check on this:
- Can you run
docker ps and make sure the 3 containers are all up and running?
- Run an
ls on the directory with the docker-compose file just to make sure the traefik files are in the right spots
- Double check the content of the traefik files you added to make sure nothing went wrong with pasting as that sometimes happens
it all looks right to me but I don’t know…
here is what I’m seeing
All of the configs look the same with the exaption to the stuff I had to change like my email in the “traefik.yaml”
Ok, all the files are there.
I went to your domain to check and did get the 404 but saw that the site is already set up for HTTPS and it is a google cert. How/where are you hosting this? And, can you double check your DNS records to make sure it is all pointing to the correct server?
How/where are you hosting this? I am hosting this on Linode using Ubuntu 23.04
And can you double-check your DNS records to make sure it is all pointing to the correct server? This is on the
Linode dashboard..
Cloudflare DNS
Everything looks right to me. Just seem very, very weird, But this is my luck using docker…
Good news, we do have packages for a variety of linux distributions so if you want to install on Ubuntu you can! It would just have to be 22.04
Hi, can you try something?
I see you are using passbolt with docker and traefik, right?
Since traefik listen to ports 80 and 443 and you may try set passbolt to custom ports and let traefik do the magic …
On ports in the passbolt docker-compose file section try this :
version: '3.9'
services:
db:
image: mariadb:10.10
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "NOPE"
MYSQL_USER: "NOPE"
MYSQL_PASSWORD: "NOPE"
volumes:
- database_volume:/var/lib/mysql
passbolt:
image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
#image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
ports: ---------> here
- 8080:80 ----------> here
- 4443:433 ---------> here
environment:
APP_FULL_BASE_URL: https://"password."dgibbs3196.xyz
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "NOPE"
DATASOURCES_DEFAULT_PASSWORD: "NOPE"
DATASOURCES_DEFAULT_DATABASE: "NOPE"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
labels:
traefik.enable: "true"
traefik.http.routers.passbolt-http.entrypoints: "web"
traefik.http.routers.passbolt-http.rule: "Host(`password.dgibbs3196.xyz`)"
traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
traefik.http.routers.passbolt-https.entrypoints: "websecure"
traefik.http.routers.passbolt-https.rule: "Host(`password.dgibbs3196.xyz`)"
traefik.http.routers.passbolt-https.tls: "true"
traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"
traefik:
image: traefik:2.6
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/traefik.yaml:ro
- ./conf/:/etc/traefik/conf
- ./shared/:/shared
volumes:
database_volume:
gpg_volume:
jwt_volume:
Then, on your traefik config.yml file, where you redirect to the IP, change to “http:// your IP :8080”
Something like this, on this section of traefik config.yml:
XXXX: ----> your passbolt service name here
loadBalancer:
servers:
- url: "http://XXX.XXX.XXX.XXX:8080" # your public ip
passHostHeader: true
Try with http first, to isolate from SSL problems.
hope that helps.
Thanks, everyone, for the amazing help, but I thank I’m going to go away from Docker at this time due to my very bad luck using it. I have never had good luck using it. I thank that using the native ver of Passbolt may be the best for me due to the fact that I’m using Linode to begin with, so I can make a Virtual server for it anyways as well @hackmann im unable to do this as I have wiped the box to do @clayton idea
Good news, we do have packages for a variety of linux distributions so if you want to install on Ubuntu you can! It would just have to be 22.04
This would be the best for me as I have got it to work very easy for me
YAY
PIC of my working passbolt YAY
3 Likes
Nice @dgibbs3196 !
Glad you got passbolt up and running
And yes. Containerization can do nasty things sometimes.
Keep it up and enjoy passbolt!
1 Like
