Checklist
[ x ] I have read intro post: About the Installation Issues category
[ x ] I have read the tutorials, help and searched for similar issues
[ x ] I provide relevant information about my server (component names and versions, etc.)
[ x ] I provide a copy of my logs and healthcheck
[ x ] I describe the steps I have taken to trouble shoot the problem
[ x ] I describe the steps on how to reproduce the issue
Debian 11.6
nginx 1.18.0
Passbolt 3.12.2
Passbolt is installed and running fine. I have Netbox running on separate host with nginx as the web server. This also works fine.
I migrated my netbox environment over to the Passbolt host and I’m having difficulty getting the netbox page to load in this environment. I have DNS A records for both hosts pointing to the same IP address and I have a wildcard certificate and key installed.
If I enable both sites (nginx-passbolt.conf and netbox.conf) and restart nginx, then https://passbolt.example.com/ loads fine.
https://netbox.example.com/ redirects to https://passbolt.example.com/.
If I disable nginx-passbolt.conf and restart nginx then https://netbox.example.com/ still redirects to https://passbolt.example.com/, which then results in a 400 error. What am I doing wrong?
cat /etc/nginx/sites-enabled/nginx-passbolt.conf
#
# Passbolt.conf - Nginx configuration file to run the Passbolt software.
#
server {
listen 443 ssl http2;
listen [::]:80;
# Managed by Passbolt
server_name passbolt.example.com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
# Managed by Passbolt
include /etc/passbolt/nginx-ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
}
cat /etc/passbolt/nginx-ssl.conf
#
# nginx-passbolt.conf
#
# Passbolt provided file to be included from nginx main virtual hosts file.
# It allows to pull common SSL settings from a central place.
#
# Use the nginx include directive to pull this information in.
#
# Managed by Passbolt
listen [::]:443 ssl http2;
server_name passbolt.example.com;
ssl_certificate /etc/ssl/certs/_example_com-2023.crt;
ssl_certificate_key /etc/ssl/private/_example_com-2023.rsa;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
cat /etc/nginx/sites-enabled/netbox.conf
server {
listen 443 ssl;
# CHANGE THIS TO YOUR SERVER'S NAME
server_name netbox.example.com;
ssl_certificate /etc/ssl/certs/_example_com-2023.crt;
ssl_certificate_key /etc/ssl/private/_example_com-2023.rsa;
client_max_body_size 25m;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
# Redirect HTTP traffic to HTTPS
listen 80;
server_name netbox.example.com;
return 301 https://$host$request_uri;
}