Js libraries not loading with Apache

Checklist
[1] I have read intro post: About the Installation Issues category
[2] I have read the tutorials, help and searched for similar issues
[3] I provide relevant information about my server (component names and versions, etc.)
[4] I provide a copy of my logs and healthcheck
[5] I describe the steps I have taken to trouble shoot the problem
[6] I describe the steps on how to reproduce the issue

  1. Yes
  2. Yes
  3. Passbolt Package installation (apt)
    3.1 version 3.7.2
    3.2 php -v 7.4.38


5. simply updated to version 3.7.2
6. Tried a clean install and still returns with a blank page, unable to load any js
Screenshot

I have noticed that there are no errors in the log files for apache2, Although i have noticed this error in the passbolt logs.

error: [Cake\Routing\Exception\MissingRouteException] A route matching "/robots.txt" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /robots.txt

error: [Cake\Routing\Exception\MissingRouteException] A route matching "/js/app/api-vendors.js" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /js/app/api-vendors.js?v=3.7.2
Referer URL: https://domain.here/auth/login?redirect=%2F

error: [Cake\Routing\Exception\MissingRouteException] A route matching "/js/app/api-triage.js" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /js/app/api-triage.js?v=3.7.2
Referer URL: https://domain.here/auth/login?redirect=%2F

error: [Cake\Routing\Exception\MissingRouteException] A route matching "/js/app/stylesheet.js" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /js/app/stylesheet.js?v=3.7.2
Referer URL: https://domain.here/auth/login?redirect=%2F

UPDATE; Everything is working app (iOS/Android) and a signed in browser. Any new browser will be faced with an empty (Blank) page. The dev tools still show a 404 error. Could this be a package error from the passbolt apt repo ?

Hi @JamesBond

Which browser and version are you using?

You are showing a package install, but you mention you are running Apache webserver. Are you also running NGINX?

If something broke during the install, is it possible that another coincidental package update affected Apache? There is a routing issue at the webserver I believe. Maybe it’s trying to server them with http instead of https? The files in question are located at /usr/share/php/passbolt/webroot/js/app if you want to verify their existence in the directory. Edit: If they are there, check file permissions and that webserver user can access.

Also, there is a recent 3.7.3 extension you could try.

Hi @garrett,

I am using the latest Brave Browser (Chromium 105), latest Firefox. I have tested this on actively working setups (logged in) as well as new desktops with fresh installation of Brave Browser. They all appear to still display the /auth/login page but does not display any content and when you take a look at the console for errors. It still shows 404 on the js resources.

EDIT+SideNote: My sql server is a remote server, i do not need the installed mysql-server

On my current install, that has been working for almost a year. The specifics are as follows:

  1. Debian 11
  2. Apache2
  3. PHP 7.4.38 and the required extensions
  4. Passbolt-ce-server installed from the apt repo.

What I have tried is:

  1. Installing ubuntu 20.04.1 LTS, with the recommended methods of installation.
  2. Did a restore from the debian 11 install that was working on v3.7.0-1

End results, it did not work.

I then tried switching it up, i installed a clean debian 11 system, did the install etc then instead of using Apache2 i used NginX. Still the same thing occurred.

There is a routing issue at the webserver I believe. Maybe it’s trying to server them with http instead of https?

I do think that something changed after the update, i just cannot find it in any error logs except for the errors from /var/log/passbolt/error.log

I tested the http and https routing and i have isolated them. Since directly accessing the web page with a direct ethernet into the server, still results in https://192.0.0.0/auth/login/ returning with an empty page and a 404 error on the js libraries

Edit: If they are there, check file permissions and that webserver user can access.

I have checked if they existed and if the server has permission which it does. It’s a mind boggle, It was routing perfectly with 3.7.0-1. I also am unable to rollback.

www-data folder permissions as well as the appropriate file and folder permissions

Also, there is a recent 3.7.3 extension you could try.

I checked the GitHub repo and it shows the latest release is currently 3.7.2, will have a look for 3.7.3

Not going to lie, at least its just the GUI that failed and not they system itself, every device that has access will remain connected until they log out.

Thank You for your response :slight_smile:

Is the actual url being shown? Or are you changing it to hide your domain?

I know you are running the site with a domain and not an ip address from your healthcheck results. If this is what is shown it seems the webserver is redirecting or proxying to this ip address. And external access from the browser’s perspective is not going to be able to access those files.

Can you provide your Apache config? Change the domain name if you wish.

Is the actual url being shown? Or are you changing it to hide your domain?

I tested both the fqdn as well as the local ip address https://pass.domain.com/auth/login and https://10.0.0.21/auth/login

They both return the same results. That’s when i knew something is not running as it should be. For example: passbolt can be installed and tied to a domain name, the server should still be able to access the passbolt server directly using the local IP assigned to it.

I will be going to site in the next 30 Minutes as i need to physically be there for this one, Will update you on the configuration files on how I have setup passbolt. When i get there :slight_smile:

Thank You
JamesBond

I would also check the /etc/hosts and check to which ip address it resolves the domain. If you can stick with the package install with NGINX, that would be ideal going forward. If after a clean install it is still doing this, I am guessing it’s the hosts file or some other existing service that is catching the requests and redirecting. If it’s the same server and Apache is no longer used, I would work to disable it so it doesn’t cause any conflicts.

I have checked the hosts file and all seems to be pointing correctly. domain to IP and vice verse.

That’s pretty much the plan if I cannot get this instance back online 100%. I do not mind nginx, I simply enjoy using apache.

Bellow is the requested Apache2 vhost config for port 80:
Note that the permanent redirect was added now to re test the http/https just in case.

PORT 80 Conf

<VirtualHost *:80>

    ServerAdmin webmaster@example.com
    ServerName passbolt.example.com
    ServerAlias www.passbolt.example.com
    
    DocumentRoot "/usr/share/php/passbolt/webroot"
    DirectoryIndex index.php

    Redirect permanent / https://passbolt.example.com
    #<Directory /usr/share/php/passbolt/webroot>
    #        Options FollowSymLinks
    #        AllowOverride All
    #        Require all granted
    #</Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/passbolt.example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/passbolt.example.com-access.log combined
    
</VirtualHost>

PORT 443 Conf

<VirtualHost *:443>
	# DO NOT TOUCH MOD SECURITY RULES FOR ANY REASON
	# contact me if you think this would cause an issue
	# which it would not.
	
	# modsecurity on
	SecRuleEngine On

	# Loads Frontend properly without failures
	SecRuleRemoveById 200004 980150

	# Avoids internal error when updating entries
	SecRuleRemoveById 980130 949110
	
	# Enable Mobile Auth
	SecRuleRemoveById 942100 980145
	# ID 980145 Might be removed in testing 

	DocumentRoot "/usr/share/php/passbolt/webroot"
	DirectoryIndex index.php
	
	ServerAdmin webmaster@example.com
	ServerName passbolt.example.com
	ServerAlias www.passbolt.example.com
	
	ErrorLog ${APACHE_LOG_DIR}/passbolt.example.com-ssl-error.log
	CustomLog ${APACHE_LOG_DIR}/passbolt.example.com-ssl-access.log combined
    
	ServerSignature Off
	SSLEngine On
	SSLCertificateFile "/etc/apache2/certs/passbolt.example.com.bundle"
	SSLCertificateKeyFile "/etc/apache2/certs/passbolt.example.com.key"
	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM
        SSLProtocol +TLSv1.3 +TLSv1.2
        SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
        SSLHonorCipherOrder On
        
        <Directory /usr/share/php/passbolt/webroot>
                Options FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>
# Enable for use with php-fpm ONLY keep the bellow commented OUT        
#        <FilesMatch \.php> # Apache 2.4.10+ can proxy to unix socket 
#                SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/" 
#        </FilesMatch> 

        <FilesMatch “\.(php)$”>
                SSLOptions +StdEnvVars
        </FilesMatch>
    	# Whoever added HSTS keep this here for future use 
    	# Apache has been setup for HSTS
	# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff
</VirtualHost>

Is there anything else that you would require, such as the loaded modules and or apache.conf ?

EDIT:

I am guessing it’s the hosts file or some other existing service that is catching the requests and redirecting. If it’s the same server and Apache is no longer used, I would work to disable it so it doesn’t cause any conflicts.

I checked for any conflicts and apparently there aren’t any, i did remove the nginx to avoid that conflict with apache and nginx

EDIT 2: I did test the passbolt server that was working both with mod security enabled and mod security disabled, i got the same results

Thank You
Bond

Yes, there is also mod_rewrite which I would assume was installed if it was working previously. From the source install instructions:

I am still reviewing your posted config.

Correct, mod rewrite is required although i manually double check that all required modules are enabled. I also noticed that passbolt does not get shipped with a .htaccess to rewrite the urls to point to index.

i placed this in /usr/share/php/passbolt/webroot/.htaccess

RewriteEngine On
RewriteRule ^(.*)$ index.php

Awesome

Thank You for your help, it is much appreciated :slight_smile:

I just remembered this post: Passbolt 3 CE - Apache configuration - #13 by farfade

Related to missing .htaccess file. You are on the right track.

1 Like

Lol This is EPIC haha.

Fixing up my .htaccess with the following:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

It now works, the front-end.
I actually skipped the RewriteCond because in previous versions it worked.

Your assistance is greatly appreciated :slight_smile:

Regards
Bond

1 Like

And thanks again to @farfade! We’ve got a very helpful community.

3 Likes