Noob tries to setup a self hosted passbolt

Hi all,

I’ve been trying to host passbolt local on my Fedora server for a few hours now.

In doing so I am following the instructions from networkchuck.

So I have 3 docker containers (mariadb, passbolt and traefik). All 3 are running properly. The only difference from the video is that for APP_FULL_BASE_URL, traefik.http.routers.passbolt-http.rule and traefik.http.routers.passbolt-https.rule are pointing to a subdomain. so like this https://passbolt.mydomain.tech
When I create the admin account and open the generated link, it also comes up with the correct subdomain (passbolt.mydomain.tech)

What could be the reason that it responds to me with ERR_CONNECTION_REFUSED every time on the subdomain?

firewalld is disabled

Hi @uidzero

I have not seen the NetworkChuck instructions.

Please take a look at the Passbolt CE docker instructions

Hi, I switched to Ubuntu 22.04 Server and tried the installation guide again.

Everytime when I try to do the Step 5. Create first admin user,
it tells me

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Exception: Connection to Mysql could not be established: SQLSTATE[HY000] [2002] Connection timed out
In [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php, line 133]

any idea?

my docker-compose file looks like this:

version: '3.9'
services:
  db:
    image: mariadb:10.10
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_FULL_BASE_URL: https://passbolt.mydomain.tech
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    labels:
      traefik.enable: "true"
      traefik.http.routers.passbolt-http.entrypoints: "web"
      traefik.http.routers.passbolt-http.rule: "Host(`passbolt.mydomain.tech`)"
      traefik.http.routers.passbolt-http.middlewares: "SslHeader@file"
      traefik.http.routers.passbolt-https.middlewares: "SslHeader@file"
      traefik.http.routers.passbolt-https.entrypoints: "websecure"
      traefik.http.routers.passbolt-https.rule: "Host(`passbolt.mydomain.tech`)"
      traefik.http.routers.passbolt-https.tls: "true"
      traefik.http.routers.passbolt-https.tls.certresolver: "letsencrypt"

  traefik:
    image: traefik:2.6
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yaml:/traefik.yaml:ro
      - ./conf/:/etc/traefik/conf
      - ./shared/:/shared

    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

all 3 container are running fine

It seems that there is a db issue.

Have you tried running a health-check command executed in your passbolt root directory :

sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data

If you installed from sources, your passbolt directory should be :
/var/www/passbolt

If you installed via package, it should be :
/usr/share/php/passbolt

Here are the Passbolt reference environment variables Passbolt Help | Passbolt reference environment variables

Have you tried pulling all the current tags

“At this point, you should have a working docker setup running on the latest tag. However, it is recommended that users [pull the tags pointing to specific passbolt versions. The current version is 3.12.2

https://hub.docker.com/r/passbolt/passbolt/tags

@diego @garrett can you please help with this Docker issue

i used wget to get the compose.yaml
(wget https://download.passbolt.com/ce/docker/docker-compose-ce.yaml)
I installed it in my root home, couldnt find any of these 2 paths above
my dir looks like this

root@server:~/passbolt# ll
total 24
drwxr-xr-x 4 root root 4096 Mai  6 18:40 ./
drwx------ 5 root root 4096 Mai  6 19:32 ../
drwxr-xr-x 2 root root 4096 Mai  6 18:38 conf/
-rw-r--r-- 1 root root 1937 Mai  6 18:37 docker-compose-ce.yaml
drwxr-xr-x 2 root root 4096 Mai  6 18:40 shared/
-rw-r--r-- 1 root root  787 Mai  6 18:38 traefik.yaml

where can I execute the health check?

Maybe the Passbolt Docker trouble shooting tip might help you with health check

1 Like

The most recent setup that was working I think was this one Blank page after fresh set-up, docker-compose.yml file fault? TRAEFIK - #23 by ArchMatt

1 Like

If you have already verified that your firewall is disabled and your containers are running properly, there could be a few other reasons why you are receiving an ERR_CONNECTION_REFUSED error when accessing your Passbolt instance through your subdomain.

Here are some steps you can take to troubleshoot the issue:

  1. Check if your DNS settings are correct: Make sure that the DNS settings for your subdomain are pointing to the correct IP address of your Fedora server. You can use the nslookup or dig commands to verify that your subdomain is resolving to the correct IP address.
  2. Check if your Traefik configuration is correct: Double-check your Traefik configuration to ensure that you have set up the correct routing rules for your Passbolt container. Specifically, check the traefik.http.routers.passbolt-http.rule and traefik.http.routers.passbolt-https.rule settings to ensure they are pointing to the correct subdomain. You can also check the Traefik logs to see if there are any errors related to routing.
  3. Check if your SSL certificate is valid: If you are using SSL for your Passbolt instance, make sure that your SSL certificate is valid and that it is installed correctly on your server. You can use tools like openssl to verify the validity of your SSL certificate.
  4. Check if your Passbolt container is listening on the correct port: Verify that your Passbolt container is listening on the correct port (usually port 80 or 443 for HTTP/HTTPS traffic). You can use the docker ps command to check if your container is listening on the correct port.
  5. Check if there are any other services running on the same port: Make sure that there are no other services running on the same port as your Passbolt container. You can use tools like netstat to check if there are any other services listening on the same port.
1 Like