To change the password later, try this: Update DB Password on Docker Installation
Regarding the /setup path, try this NGINX conf (includes an upstream for 443 traffic):
upstream passbolt_container {
server 127.0.0.1:4433;
}
server {
listen 80;
server_name bolt.domain.com;
return 301 https://bolt.domain.com;
# Note: add this to /etc/hosts: 127.0.0.1 bolt.domain.com if not done already
}
server {
listen 443 ssl http2;
server_name bolt.domain.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_certificate /opt/bolt/ssl/fullchain.pem;
ssl_certificate_key /opt/bolt/ssl/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
location / {
proxy_pass https://passbolt_container;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
In the previous config I had it listening on port 8080 - not sure why I think I meant it to be 80. But anyway, I now have what I would normally do to force https at the reverse proxy in front of the container (should be fine since you already have certs in place).
Now everything should route through port 443 from the browser. See if this works for you.