Passbolt 3 CE - Apache configuration

Hello,

I do not manage to find the right apache configuration (I can’t use nginx).

I’m using the debian installer and have followed the migration guide from install scripts to repository. I just skipped the part configuring nginx.

I have set the DocumentRoot in my Apache Vhost to /usr/share/php/passbolt/webroot

The passbolt page loads but it very minimalistic : There is only the background color and the top menu header background.

Thank you for your attention !

Hi @farfade, did you have a previously working setup? I would think it should still work.

If you are starting fresh, another user in the past previously used a guide on the web - I just confirmed it is live still. I would pay attention to just section 5 as everything else is outdated. I have not tested to see if this will currently work but if you’re using Apache on your own hopefully you are comfortable with Apache.

Maybe your files need to be accessible by the apache webserver user.

1 Like

Hi @garrett

Thank you for answering.
I had (and I can still revert to) a working setup (passbolt 2 installed by script in another folder)

It seems to me that something brand new in passbolt 3 is the installation of proxy_fcgi and php7.3-fpm debian packages.
I was instructed to run a2enmod proxy_fcgi and a2enconf php7.3-fpm and I did it.

But I’m not sure how it was working with passbolt 2… I was thinking I already used php7.3 with passbolt 2. Is proxy_fcgi a new requirement ?

@farfade I think you are correct regarding php7.3-fpm. The old passbolt required 7.2.

I notice this error in the apache debug logs when I hit the main url :

File does not exist: /usr/share/php/passbolt/webroot/auth/login

So definitely some redirection that was working before has been broken somewhere in my updating trial… but I don’t understand why !

Can you provide the Apache config?

Sure ! The only change I’ve done is changing the old DocumentRoot and Directory directives from my custom folder to the one installed by the deb package :

            LogLevel debug

            ServerName passbolt.myhost.fr

            #Turn on SSL
            Include configuration-blocks/ssl/pub-ssl

            DocumentRoot /usr/share/php/passbolt/webroot

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            <Directory /usr/share/php/passbolt/webroot>
                    Options FollowSymLinks
                    AllowOverride All
                    Require all granted
            </Directory>

            <FilesMatch “\.(php)$”>
                    SSLOptions +StdEnvVars
            </FilesMatch>

    </VirtualHost>

Maybe forward slash on the end of the paths?

Nope :frowning: still

File does not exist: /usr/share/php/passbolt/webroot/auth/login

I know it’s not the whole config file but what about

DirectoryIndex  index.php

Not working :frowning:

If I try to access a static php page I drop in the webroot, just printing basic php info, it works.

But as soon as I load the passbolt index.php, it tries to load /usr/share/php/passbolt/webroot/auth/login instead of trying to rewrite it to target the correct URL passbolt is expecting.

Yes, I think mod_rewrite is needed. CakePHP v3 Apache instructions

OK @garrett , I understand.

Your previous passbolt v2 install script delivered a .htaccess in the webroot folder, containing instructions for apache about rewrite rules :

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

Basically, it says : “if you don’t find the requested URL directly, pass it as an argument to index.php”

Your deb installer does not deliver this file anymore.

I’ve manually added those lines in my configuration file. It works now :slight_smile:

Thank you for your help, sharing my blurry thoughts with someone else definitely helps to solve the situations quicker !

Regards,

farfade

1 Like

@diego Should the new debian package take into consideration previous installation script files related to Apache? (Like the .htaccess file as noted above.)

1 Like

Yeah we could add the htaccess mention on the documentation. As a side note support for apache built-in on the debian/ubuntu package should come in the following version(s) as it is on the backlog.

1 Like

Thank you guys ! for that and overall for the whole great job about passbolt !

3 Likes

I should Thank You :), You saved my behind a couple of days ago. Lost all access to my private passbolt-ce via desktop.

Your rewriteCond saved my behind lol.

Agreed, The passbolt team is legendary.

1 Like