Passbolt - Google Chrome slow

ChrisVille · May 15, 2024, 10:36am

Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[x ] I describe the steps on how to reproduce the issue

Hi everyone ,
I recently installed Passbolt in a Debian 12 - AWS instance with MariaDB 10.11.6, Wildcard certificate. It works really well when using it with Firefox (no delay, no waiting times), but with Google Chrome is really slow. It takes 1-2 minutes to connect the extension and same when you type your passphrase and log in.
I’ve readed the tutorials, other topics about Passbolt being slow, configured the DB config to make it performant but nothing helped .

ChrisVille · May 15, 2024, 10:44am

____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.2.18.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://my-url.com
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings

SSL Certificate

[WARN] SSL peer certificate does not validate.
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate.
[HELP] Check Troubleshooting SSL/TLS | Passbolt documentation.

SMTP settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.7.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema up to date.

Database

[PASS] The application is able to connect to the database
[PASS] 31 tables found.
[PASS] Some default content is present.

[FAIL] 1 error(s) found. Hang in there!

antony · May 16, 2024, 9:17am

Hello @ChrisVille, welcome to our community

I would like to know if you could share the output of the datacheck:
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details" www-data

Also, do you have any other chrome extensions running? Do you have Memory Saver active? (Chrome Settings > Performances > Memory Saver)

ChrisVille · May 16, 2024, 10:16am

Hi @antony,
thanks for your answer.
I’ve checked the config and Memory Saver in Chrome is deactivated, i’ve tried with clean Chrome profiles without any other extension installed with same results.
Here the output from datacheck:
sudo su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details” www-data

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Data check shell
[PASS] Data integrity for AuthenticationTokens.
[PASS] Can validate: 55/55
[PASS] Data integrity for Comments.
[PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
[PASS] Can validate: 0/0
[PASS] Data integrity for Gpgkeys.
[PASS] Can encrypt: 5/5
[PASS] Pass validation service checks: 5/5
[PASS] Entity data and armored key data matches: 5/5
[PASS] Is not expired: 5/5
[PASS] Is armored key format valid: 5/5
[PASS] Data integrity for Groups.
[PASS] Can validate: 1/1
[PASS] Data integrity for Profiles.
[PASS] Can validate: 7/7
[PASS] Data integrity for Resources.
[PASS] Can validate: 4/4
[PASS] Data integrity for Secrets.
[PASS] Can validate: 16/16
[PASS] Data integrity for Users.
[PASS] Can validate: 7/7

Regards,
Chris

ChrisVille · May 16, 2024, 10:42am

Maybe this helps, here is the debug log of the Passbolt Chrome extension:
index.min.js:2 TabService::exec(id: 1361579101, url: https://my-url.com/app/users): Navigation detected.

index.min.js:2 TabService::exec(id: 1361579101): No content script application acknowledged presence on worker runtime memory port. Error: Attempting to use a disconnected port object

at f.emit (index.min.js:2:3412)

at index.min.js:2:3744

at new Promise ()

at f.request (index.min.js:2:3560)

at exec (index.min.js:2:582287)

index.min.js:2 The pagemod “Recover” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “Setup” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “Auth” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “App” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “QuickAccess” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “InFormCallToAction” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “InFormMenu” should implement canBeAttachedTo. Default false.

index.min.js:2 The pagemod “AccountRecovery” should implement canBeAttachedTo. Default false.