I would like to install passbolt very simple.
At the moment, I have to extra configure traefik with https://www.passbolt.com/docs/hosting/configure/https/ce/docker-auto/.
For me, this looks very complicated with a lot of lines to configure.
Could you provide a official setup documentation with caddy?
What I expect is something like this
CaddyFile
passbolt.my-domain.com {
reverse_proxy passbolt
}
and a full complete docker-compose.yml with caddy and passbolt.
ready for copy&paste.
Hi 
version: "3.8"
services:
passbolt:
image: passbolt/passbolt:latest-ce
container_name: passbolt
environment:
APP_FULL_BASE_URL: https://passbolt.my-domain.com
DATASOURCES_DEFAULT_HOST: mariadb
DATASOURCES_DEFAULT_USERNAME: passbolt
DATASOURCES_DEFAULT_PASSWORD: secret
DATASOURCES_DEFAULT_DATABASE: passboltdb
EMAIL_DEFAULT_FROM: your-email@gmail.com
EMAIL_TRANSPORT_DEFAULT_HOST: smtp.gmail.com
EMAIL_TRANSPORT_DEFAULT_PORT: 587
EMAIL_TRANSPORT_DEFAULT_USERNAME: your-email@gmail.com
EMAIL_TRANSPORT_DEFAULT_PASSWORD: your-app-password
EMAIL_TRANSPORT_DEFAULT_TLS: true
# Optional (for logging/timezone)
TZ: Europe/Paris
volumes:
- gpg:/etc/passbolt/gpg
- jwt:/etc/passbolt/jwt
depends_on:
- mariadb
mariadb:
image: mariadb:10.6
container_name: mariadb
environment:
MYSQL_ROOT_PASSWORD: supersecret
MYSQL_DATABASE: passboltdb
MYSQL_USER: passbolt
MYSQL_PASSWORD: secret
volumes:
- db_data:/var/lib/mysql
caddy:
image: caddy:2
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
volumes:
db_data:
gpg:
jwt:
caddy_data:
caddy_config:
Aside your docker-compose.yml, create a Caddyfile with this content:
passbolt.my-domain.com {
reverse_proxy passbolt:80
}
Can you try and let us know ?
Cheers,
Thank you, this works
So the tutorial is:
- download docker-compose.yml
- configure Caddyfile
- docker-compose up -d
create user
docker compose -f docker-compose-ce.yaml \exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \ passbolt register_user \ -u YOUR_EMAIL \ -f YOUR_NAME \ -l YOUR_LASTNAME \ -r admin" -s /bin/sh www-data
Maybe you can update this simpel tutorial in your get started guide
Thank you for the feedback. You are right, this setup is so much easier than the traefik one and error-proof.
Maybe passbolt team can double-check and replace traefik setup with caddy.
I have to agree with @AnatomicJC, combining Caddy and Passbolt (both under Docker) is really elegant and convenient. Many thanks for sharing your thoughts and a suggested setup on this!
I have a question about extending this Caddy reverse proxy setup to include OAuth authorisation (e.g. using the popular github.com/greenpau/caddy-security module/plugin).
If the Caddyfile entry were extended to include an authorize
statement prior to reverse_proxy
, e.g.:
{
order authenticate before respond
order authorize before basicauth
security {
...
}
}
passbolt.my-domain.com {
authorize with mypolicy
reverse_proxy passbolt:80
}
… what would the implications be for Passbolt browser extensions, mobile and desktop apps etc.? Would they try, but fail, to connect because they wouldn’t be granted an access token without interaction with the OAuth step? I assume this would look like a lot of failures on the Caddy logs, which could trigger bouncer (e.g. CrowdSec) remediation/blocking.
Is including an OAuth step within Caddy simply not possible?
Many thanks