I installed Passbolt on my VPS, where I also have a website:
Cent OS 7.9.2009
Nginx 1.20.1
PHP 8.0.27
Everything is working correctly. However, I wanted to find out if it was possible to hide the Passbolt configuration page from normal users or disable it if it is not needed (if disabled the subdomain no longer works passbolt). I don’t like the fact that non-admin users can find the configuration page.
Yes, I am aware that no one can have access to my passwords. I was just wondering if it was possible to hide this portal. I am attaching the image that maybe makes the concept clearer.
I mean, since I also have a website on the same VPS, everyone can access the Passbolt login page. I wanted to try to hide it or disable it by returning for example 404. In the Caddy configuration, disabling the subdomain used to access the login (passbolt.‘mysite’.‘com’./auth/), passbolt no longer works and the browser and mobile app come out with an error.
I apologize for my ignorance, but if I’m not mistaken, allowing access to the page only from a specific IP address blocks connections from all others attempting to connect. So, am I correct in assuming that the Passbolt mobile app or Passbolt browser extension on devices that do not have that IP address will encounter the issue shown in the second photo, with the error message “An internal error occurred. The server response could not be parsed. Please contact your administrator.”?
But it’s not clear yet why it is a problem to you for people to access the login page. It’s not your typical login page.
Have you tried accessing it from another device without an extension installed? There is no login option. The screen you show is only for users who have their extension installed.