Installation difficulties - passbolt.php on docker

sawwee · February 27, 2020, 11:12am

I have passbolt installed in a docker container. It is working perfectly, having no issues at all, however I wanted store my custom settings in passbolt.php (at the moment I have them in evnironment variables.)

I created a copy from passbolt.default.php and customized it with my own data (email address, password, etc.)

I surely do something wrong because when passbolt.php is on its place then I get error messages on the login page about server key, and when I delete the file (ie. let passbolt get the data from environment variables) then it works again.

I suppose the problem is in this part:

'passbolt' => [
    // GPG Configuration.
    // The keyring must to be owned and accessible by the webserver user.
    // Example: www-data user on Debian
    'gpg' => [
        // Tell GPG where to find the keyring.
        // If putenv is set to false, gnupg will use the default path ~/.gnupg.
        // For example :
        // - Apache on Centos it would be in '/usr/share/httpd/.gnupg'
        // - Apache on Debian it would be in '/var/www/.gnupg'
        // - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
        // - etc.
        //'keyring' => getenv("HOME") . DS . '.gnupg',
        //
        // Replace GNUPGHOME with above value even if it is set.
        //'putenv' => false,

        // Main server key.
        'serverKey' => [
            // Server private key fingerprint.

            'fingerprint' => '1928F83938AE44E27BA0F4D3AEAE396260D12172',
            'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc',
            'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc',
        ],
    ],
],

I have serverkey.asc and serverkey_private.asc persisted outside of the container.

I was not exactly sure what data put to ‘fingerprint’. On the list of environment variables of the docker container there is a variable called “GPG_KEYS”, and as a value there are two keys there (separated with a space), it is 2x 40 letters long. Which one shall I use as ‘fingerprint’? The first 40 letters or the second 40 letters? Or all the 80 letters? With our without space between them?

Anyway, I tried all these versions but it didn’t help, so I’m not sure if this is the key I need to copy here.
Also I’m not perfectly sure about serverkey.asc and serverkey_private.asc. Is it okay just to put the file name here without the complete path? (They are in /var/www/passbolt/config/gpg in the docker and they are persisted outside of the docker.)

Thanks a lot in advance for your help!

sawwee · March 2, 2020, 9:49pm

Could anyone help me, please?

system · March 7, 2020, 9:50pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.