Installation behind Reverse Apache Proxy

cola · March 27, 2020, 4:16pm

Hi all

We have install the Installation like it is described for Ubuntu 18.04.
So the setup script have setup a Ngnix and all other stuff.

Now we have problems with the configuration. We read a lot of posts here and also in the Internet, but nothing works like we need.

The Problem:

We use a Apache Proxy on another server, the passbolt is on a new server installed separeted
Passbolt (Nginx) musst be called over i.E.192.168.1.100:8080/passbolt our Apache Proxy will then work like Internal.xyz domain name may be for sale

Now we try a lot with configuration on Nginx, but the problem is, if we create a new “location” and put then the alias etc. to /passbolt/, passbolt self redirect us always back to / without our /passbolt/

server {
listen [::]:8080;
listen 8080;
server_name 192.168.1.100;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /var/www/passbolt/webroot;
index index.php;

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

location /passbolt/ {
alias /var/www/passbolt/webroot/;
try_files $uri $uri/ /passbolt/index.php?$args;
location ~ \.php$ {
  try_files                $uri =404;
  include                  fastcgi_params;
  fastcgi_pass             127.0.0.1:9000;
  fastcgi_intercept_errors on;
  fastcgi_param            SCRIPT_FILENAME $request_filename;
  fastcgi_param            SERVER_NAME $http_host;
  fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
}
}

}

Any ideas how we became it works, that passbolt is callable over http://192.168.1.100:8080/passbolt

Server: Ubuntu 18.04.4 LTS

Thank you for your help

Checklist
I have read intro post:
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

garrett · March 28, 2020, 3:11am

Hi @cola

Just to clarify, is it “passbold” or “passbolt” that will be in the URL you wish to use?

cola · March 28, 2020, 6:26am

@garrett sorry, my fault, yes is passbolt. Any idea whats going wrong?

garrett · March 28, 2020, 11:32am

@cola I believe your Nginx configuration should be standard per the installation instructions/script. Alias is for when the location needs files from a folder completely different from root. Don’t use alias.

Instead, don’t include a / location. Try Making it /passbolt and have only that location block and the one for php and see if that works.

maxime · March 28, 2020, 3:29pm

Hi @cola,

Also, after trying what is mentioning @garrett, can you check what is the value of your environment variable APP_FULL_BASE_URL?

Or if you did not change this environment variable, then can you check the config/passbolt.php file and look for the fullBaseUrl configuration key. It should look like this:

'App' => [
    // A base URL to use for absolute links.
    // The url where the passbolt instance will be reachable to your end users.
    // This information is need to render images in emails for example
    'fullBaseUrl' => 'https://pro.passbolt.test',
],

It might be possible that your fullBaseUrl configuration is defined as http://192.168.1.100:8080 instead of http://192.168.1.100:8080/passbolt.
If that’s the case, try to change it to your desired value (http://192.168.1.100:8080/passbolt).

Let us know if that works for you.

cola · March 28, 2020, 8:06pm

thank you for your help!

I setup now as follow

server {
listen [::]:8088;
listen 8088;
server_name 192.168.1.100;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /var/www/passbolt/webroot;
index index.php;

location /passbolt {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

I don’t have a passbolt.php in the config folder (only a passbolt.default.php).
So for testing i change the app.php as follow

'App' => [
    'namespace' => 'App',
    'encoding' => env('APP_ENCODING', 'UTF-8'),
    'defaultLocale' => env('APP_DEFAULT_LOCALE', 'en_US'),
    'base' => env('APP_BASE', false),
    'dir' => 'src',
    'webroot' => 'webroot',
    'wwwRoot' => WWW_ROOT,
    // 'baseUrl' => env('APP_BASE_URL'),
    //'fullBaseUrl' => env('APP_FULL_BASE_URL', false),
    'fullBaseUrl' => 'http://192.168.1.100:8080/passbolt',
    'imageBaseUrl' => 'img/',
    'cssBaseUrl' => 'css/',
    'jsBaseUrl' => 'js/',
    'paths' => [
        'plugins' => [ROOT . DS . 'plugins' . DS],
        'templates' => [APP . 'Template' . DS],
        'locales' => [APP . 'Locale' . DS],
    ],
],

Now if I http://192.168.1.100:8080/passbolt/ i became “The website cannot be reached”

Any other ideas?

maxime · March 28, 2020, 8:10pm

server {
listen [::]:8088;
listen 8088;

I think there is a typo in your configuration, should not it be 8080 instead of 8088?

Maxime

cola · March 28, 2020, 9:16pm

sorry my fault…

server {
listen [::]:8080;
listen 8080;
server_name 192.168.1.100;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /var/www/passbolt/webroot;
index index.php;

location /passbolt {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

and

    'App' => [
        'namespace' => 'App',
        'encoding' => env('APP_ENCODING', 'UTF-8'),
        'defaultLocale' => env('APP_DEFAULT_LOCALE', 'en_US'),
        'base' => env('APP_BASE', false),
        'dir' => 'src',
        'webroot' => 'webroot',
        'wwwRoot' => WWW_ROOT,
        // 'baseUrl' => env('APP_BASE_URL'),
        //'fullBaseUrl' => env('APP_FULL_BASE_URL', false),
        'fullBaseUrl' => 'http://192.168.1.100:8080/passbolt',
        'imageBaseUrl' => 'img/',
        'cssBaseUrl' => 'css/',
        'jsBaseUrl' => 'js/',
        'paths' => [
            'plugins' => [ROOT . DS . 'plugins' . DS],
            'templates' => [APP . 'Template' . DS],
            'locales' => [APP . 'Locale' . DS],
        ],
    ],

now I became this error…

Not Found

The requested address was not found on this server. Please double check the url. Maybe the page was deleted or moved.

garrett · March 29, 2020, 12:25pm

@cola This is progress! Please run the healthcheck and post results, thanks.

Edit: Just noticed the uri needs to be $uri in php location block.

cola · March 29, 2020, 12:53pm

@garrett thank you

right now I have two issues

The CSS etc. files cannot be found, because the nginx configuration means that this is on / and not on /passbolt. Passbolt search the CSS under /passbolt/css/XXX but nginx delivery it right now without /passbolt… how can this be fixed on nginx configuration?
All links are wrong right now. I.e.the setup wizard is pointed to href="/passboltinstall/system_check" and this is wrong. A / is missing in the href

any ideas?

garrett · March 29, 2020, 1:05pm

@cola Try adding / at the end of the FullBaseUrl.

cola · March 29, 2020, 1:20pm

I try this, but nothing helps…
the problem nginx is running as default / and not under /passbolt so the css etc. is served over /css and not on /passbolt/css

garrett · March 29, 2020, 3:40pm

@cola But there is no / location to serve.
Please provide logs for more detail. We’re flying blind without them.
I’m also assuming you restarted nginx after changes.

cola · March 29, 2020, 7:11pm

ok let me try… after each change I restart nginx

'App' => [
    // A base URL to use for absolute links.
    // The url where the passbolt instance will be reachable to your end users.
    // This information is need to render images in emails for example
    'fullBaseUrl' => 'http://192.168.1.100:8080/passbolt',
    'baseUrl' => '/passbolt',
],

server {
listen [::]:8080;
listen 8080;
server_name 192.168.1.100;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

root /var/www/passbolt/webroot;
index index.php;

location /passbolt {
try_files $uri $uri/ /index.php?$args;
}

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;
}

}

If I run this configuration, i have following issues

CSS etc. not callable https://192.168.1.100:8080/passbolt/css/themes/default/api_setup.min.css?v=2.12.0 net::ERR_ABORTED 404 (Not Found)
“Start the wizard” page has this link https://192.168.1.100:8080/passboltinstall/system_check there is a missing /.

I also try this configuration but exactly same (both) issues

 'App' => [
        // A base URL to use for absolute links.
        // The url where the passbolt instance will be reachable to your end users.
        // This information is need to render images in emails for example
        'fullBaseUrl' => 'https://192.168.1.100:8080/passbolt/',
        'baseUrl' => '/passbolt',
    ],

And I also try this, without success

 'App' => [
        // A base URL to use for absolute links.
        // The url where the passbolt instance will be reachable to your end users.
        // This information is need to render images in emails for example
        'fullBaseUrl' => 'https://192.168.1.100:8080',
        'baseUrl' => 'passbolt/',
    ],

The CSS Issue seems, because the nginx is configured as default to root /var/www/passbolt/webroot; and the location /passbolt is only for PHP script? So CSS / JS etc. is not affected.
The second seems to be a issue on generation of the links. So a ending / nothing helps.

Hope you can help me now better

garrett · March 30, 2020, 1:59am

@cola Did you notice the uri in the php location should be $uri? I think it’s skipping past uri and returning 404.

system · April 4, 2020, 1:59am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.