Passbolt from LAN not working when WAN is lost

Hello,

I’m using passbolt 5.6.0 on debian 13 from deb package and everything is running fine. Thanks again and again for the amazing work !

It’s very important to me to keep connecting to passbolt from my LAN, without depending on the WAN connectivity.

Yesterday, I lost my ISP connection for 24h (unplanned outage).

When trying to connect from a LAN workstation to my passbolt server hosted on the same LAN, I was able to get the initial passbolt UI (https://passbolt.mylan.com), put my password, and got redirected to /auth/login.json?api-version=v2.

So I know that my local DNS server answered, and that the passbolt app server is actually accessible.

But after that, the browser was stuck on the “connecting” page indefinitely (the passbolt skinned one, not the browser standard one).

Looking at the logs on the server, I found that at the same time : Using Fallback Controller instead. Error Invalid UserControl username. (full log below)

Can you help me identify what is the server trying and failing to do when my WAN connection is down ? I was thinking maybe an infinite loop in trying to connect / resolve the SMTP server, which is on the WAN ?

2025-11-05 20:26:01 warning: Failed to construct or call startup() on the resolved controller class of App\Controller\ErrorController. Using Fallback Controller instead. Error Invalid UserControl username.
Stack Trace
: #0 /usr/share/php/passbolt/src/Controller/Component/UserComponent.php(140): App\Utility\UserAccessControl->__construct(‘…’, ‘…’, ‘…’)
#1 /usr/share/php/passbolt/src/Controller/ErrorController.php(50): App\Controller\Component\UserComponent->getAccessControl()
#2 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/Controller.php(238): App\Controller\ErrorController->initialize()
#3 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Renderer/WebExceptionRenderer.php(174): Cake\Controller\Controller->__construct(Object(Cake\Http\ServerRequest))
#4 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Renderer/WebExceptionRenderer.php(126): Cake\Error\Renderer\WebExceptionRenderer->_getController()
#5 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/ExceptionTrap.php(133): Cake\Error\Renderer\WebExceptionRenderer->__construct(Object(Cake\Http\Exception\InternalErrorException), Object(Cake\Http\ServerRequest), Array)
#6 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(145): Cake\Error\ExceptionTrap->renderer(Object(Cake\Http\Exception\InternalErrorException), Object(Cake\Http\ServerRequest))
#7 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(119): Cake\Error\Middleware\ErrorHandlerMiddleware->handleException(Object(Cake\Http\Exception\InternalErrorException), Object(Cake\Http\ServerRequest))
#8 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): Cake\Error\Middleware\ErrorHandlerMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#9 /usr/share/php/passbolt/src/Middleware/ContentSecurityPolicyMiddleware.php(39): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#10 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ContentSecurityPolicyMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#11 /usr/share/php/passbolt/src/Middleware/ValidCookieNameMiddleware.php(46): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#12 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ValidCookieNameMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#13 /usr/share/php/passbolt/src/Middleware/ContainerInjectorMiddleware.php(54): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#14 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ContainerInjectorMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#15 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(60): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#16 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Server.php(104): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(App\Application))
#17 /usr/share/php/passbolt/webroot/index.php(40): Cake\Http\Server->run()
#18 {main}
2025-11-05 20:26:01 warning: Throwable - Failed to render error template error500. Error: UserAction has not been initialized yet.
Stack Trace
: #0 /usr/share/php/passbolt/plugins/PassboltCe/Log/src/Events/ActionLogsBeforeRenderListener.php(50): App\Utility\UserAction::getInstance()
#1 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Event/EventManager.php(332): Passbolt\Log\Events\ActionLogsBeforeRenderListener->logControllerAction(Object(Cake\Event\Event))
#2 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Event/EventManager.php(316): Cake\Event\EventManager->_callListener(Object(Closure), Object(Cake\Event\Event))
#3 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Event/EventDispatcherTrait.php(88): Cake\Event\EventManager->dispatch(Object(Cake\Event\Event))
#4 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/Controller.php(698): Cake\Controller\Controller->dispatchEvent(‘…’)
#5 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Renderer/WebExceptionRenderer.php(432): Cake\Controller\Controller->render(‘…’)
#6 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Renderer/WebExceptionRenderer.php(277): Cake\Error\Renderer\WebExceptionRenderer->_outputMessage(‘…’)
#7 /usr/share/php/passbolt/src/Error/AppExceptionRenderer.php(39): Cake\Error\Renderer\WebExceptionRenderer->render()
#8 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(149): App\Error\AppExceptionRenderer->render()
#9 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(119): Cake\Error\Middleware\ErrorHandlerMiddleware->handleException(Object(Cake\Http\Exception\InternalErrorException), Object(Cake\Http\ServerRequest))
#10 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): Cake\Error\Middleware\ErrorHandlerMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#11 /usr/share/php/passbolt/src/Middleware/ContentSecurityPolicyMiddleware.php(39): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#12 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ContentSecurityPolicyMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#13 /usr/share/php/passbolt/src/Middleware/ValidCookieNameMiddleware.php(46): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#14 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ValidCookieNameMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#15 /usr/share/php/passbolt/src/Middleware/ContainerInjectorMiddleware.php(54): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#16 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(82): App\Middleware\ContainerInjectorMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#17 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(60): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#18 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Server.php(104): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(App\Application))
#19 /usr/share/php/passbolt/webroot/index.php(40): Cake\Http\Server->run()
#20 {main}

Thanks for your attention !

G’day Farfade.

Passbolt itself doesn’t have any external requirements so it’s almost definitely networking/dns/proxy/external service issue.

If you add the IP address for passbolt.mylan.com to your hosts file and you can hit the https port (443) with a tool like curl or netcat:
nc -zv passbolt.mylan.com 443
then you should be able to load that page in your browser without issue.

If passbolt is hosted at the subdomain of a public domain name (example.com) then it may not have a static entry for that subdomain (passbolt.example.com), or it might not have a cached response. So your router (nameserver) is trying to hit the upstream nameserver (8.8.8.8, or your ISP, etc.) and timing out.

If you set a static entry in your workstation hosts file you’ll bypass all of that.

Let us know how you go.

Cheers
Gareth

Thank you Gareth for your interest to my case.

I tried to make a static resolution on both the workstation and the server but it was still failing. I also checked that both the client and server were served by my local DNS server and that this one solved correctly the passbolt.mylan.com query with the static entry with local IP address.

That’s confirmed by the effective success in accessing passbolt login page from the browser. It’s after that (after having entered the key password and pressed “login”) it becomes stuck.

But I confirm passbolt is probably not in cause… I’ve got to work again on understanding where is my problem Maybe the passbolt logs above can give a clue to someone !

G’day farfade.

If you’re getting the passbolt login with your passphrase then that means the fullBaseUrlis correct.
From there you should open your browser console and look for errors.
My guess is that you have a browser extension or some kind of network issue as passbolt does not require online resolution of any resources.
If it’s a server issue then please capture and post the logs when it’s hanging as the last logs didn’t show any issues.

Cheers
Gareth

I finally found a network configuration error : a router was, in some cases, using a DNS provided by the internet service provider instead of the local one.

Thanks again Gareth for your help and long life to passbolt !