Passbolt stops working after PHP upgrade

I have been running PHP 7.1, just to be safe, and up to date, I updated to 7.4, and then Passbolt stopped working. I reverted to 7.1 and it worked again. I searched for a solution but was unable to find it. Can you guys help?
I tried Regular OS Patching
I tried PHP 7.3 / Debian Buster stable PHP version
but these didn’t work for me.

passbolt is on 2.12.0 / 2.12/0

Checklist
[ ] I have read intro post: About the Installation Issues category
[ ] I have read the tutorials, help and searched for similar issues
[ ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Hi @pimzwager,

Currently passbolt is not well supported on php7.4.

Following platforms are tested and supported:

debian (stretch and buster) and ubuntu php versions 7.1, 7.2, 7.3
centos7 php versions 7.1, 7.2, 7.3

We encourage users for debian stable and php7.3 as main supported platform but we try to increase the matrix of supported platforms over time.
(Just for you to know php 7.4 has been for a while running on our testing pipelines but some fixes are still pending)

I just tried 7.2 and 7.3 and they also not work.

I would need you to elaborate a bit more as 7.3 is the main version we provide in all our packaged artifacts (vm, docker containers, digital ocean images)

What do you need to know?

Here some checklist we use on the github issues:

Provide all the information you can collect about your problem
Description of the environment where passbolt is running
Provide log outputs from (some examples follow):
/var/www/passbolt/tmp/logs/error.log
/var/log/nginx/error.log
curl -vvvLk http://passboltdomain
Any other sources you might think will help to solve the problem

I have a Direct admin environment from my hosting company, So I can change PHP versions (sorry I don’t really know more that this creates a linux environment, Can I find out what linux distribution it creates?

I think i don’t have a error.log? only tar.gz files?

PimsAirBCG021:~ p.zwager$ curl -vvvLk bcg.support

  • Trying 195.211.74.101…
  • TCP_NODELAY set
  • Connected to bcg.support (195.211.74.101) port 80 (#0)

GET / HTTP/1.1
Host: bcg.support
User-Agent: curl/7.64.1
Accept: /

< HTTP/1.1 302 Found
< Date: Fri, 13 Mar 2020 13:15:25 GMT
< Server: Apache
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Security-Policy: default-src ‘self’; script-src ‘self’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’;frame-src ‘self’;
< strict-transport-security: max-age=31536000; includeSubDomains
< x-permitted-cross-domain-policies: all
< referrer-policy: same-origin
< x-frame-options: sameorigin
< x-xss-protection: 1; mode=block
< x-download-options: noopen
< x-content-type-options: nosniff
< X-GPGAuth-Version: 1.3.0
< X-GPGAuth-Login-URL: /auth/login
< X-GPGAuth-Logout-URL: /auth/logout
< X-GPGAuth-Verify-URL: /auth/verify
< X-GPGAuth-Pubkey-URL: /auth/verify.json
< Access-Control-Expose-Headers: X-GPGAuth-Verify-Response, X-GPGAuth-Progress, X-GPGAuth-User-Auth-Token, X-GPGAuth-Authenticated, X-GPGAuth-Refer, X-GPGAuth-Debug, X-GPGAuth-Error, X-GPGAuth-Pubkey, X-GPGAuth-Logout-Url, X-GPGAuth-Version
< Set-Cookie: CAKEPHP=57f6f0748eea4915f2a0fffb61a38e77; path=/; HttpOnly
< Set-Cookie: csrfToken=dfa8dc62d7a7cd85da0c1a20f9a30fec175eb0fd0f4a1aedc42a984b02fb61883e341d8c27db1626076b8b33bd03a1286ddd3fce771a121257ab23af73e0990b; path=/
< Vary: User-Agent
< Upgrade: h2c
< Connection: Upgrade
< Location: https://bcg.support/auth/login
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<

  • Connection #0 to host bcg.support left intact
  • Issue another request to this URL: ‘https://bcg.support/auth/login
  • Trying 195.211.74.101…
  • TCP_NODELAY set
  • Connected to bcg.support (195.211.74.101) port 443 (#1)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/cert.pem
    CApath: none
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=www.bcg.support
  • start date: Feb 28 20:25:14 2020 GMT
  • expire date: May 28 20:25:14 2020 GMT
  • issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x7faa71004200)

GET /auth/login HTTP/2
Host: bcg.support
User-Agent: curl/7.64.1
Accept: /

  • Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
    < HTTP/2 200
    < date: Fri, 13 Mar 2020 13:15:25 GMT
    < server: Apache
    < expires: Thu, 19 Nov 1981 08:52:00 GMT
    < cache-control: no-store, no-cache, must-revalidate
    < pragma: no-cache
    < content-security-policy: default-src ‘self’; script-src ‘self’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’;frame-src ‘self’;
    < strict-transport-security: max-age=31536000; includeSubDomains
    < x-permitted-cross-domain-policies: all
    < referrer-policy: same-origin
    < x-frame-options: sameorigin
    < x-xss-protection: 1; mode=block
    < x-download-options: noopen
    < x-content-type-options: nosniff
    < x-gpgauth-version: 1.3.0
    < x-gpgauth-login-url: /auth/login
    < x-gpgauth-logout-url: /auth/logout
    < x-gpgauth-verify-url: /auth/verify
    < x-gpgauth-pubkey-url: /auth/verify.json
    < access-control-expose-headers: X-GPGAuth-Verify-Response, X-GPGAuth-Progress, X-GPGAuth-User-Auth-Token, X-GPGAuth-Authenticated, X-GPGAuth-Refer, X-GPGAuth-Debug, X-GPGAuth-Error, X-GPGAuth-Pubkey, X-GPGAuth-Logout-Url, X-GPGAuth-Version
    < set-cookie: CAKEPHP=5ac47cd8e657d7f18f2a92bbcc18e230; path=/; secure; HttpOnly
    < set-cookie: csrfToken=8f26e037cd0c358cbf27d872c43fcb9a3a19ab8036a1d694090a000fccc6c6e6b137c6eb934d16a51ac7bf434960a9d9619f2840ec3d0aa5382c19d6e7d52f9f; path=/
    < vary: User-Agent,Accept-Encoding
    < content-type: text/html; charset=UTF-8
    <
Passbolt | Login

Download firefox!

Passbolt is not available for your browser. Try with Mozilla Firefox .

Don't worry, we aim at enabling more browsers and phones in the future..

Passbolt Cloud

Get passbolt in the cloud, hosted on our secure servers, while keeping 100% data ownership.

read more

Passbolt Pro

Passbolt Pro provides premium features, and our team will help you setup and support your install.

read more

We ♥ open source

Passbolt is open source and respects your privacy. It uses OpenPGP.js, CanJS, Cakephp and many more! Get involved!

Github

* Connection #1 to host bcg.support left intact * Closing connection 1 * Closing connection 0

Thanks for the info!

Can I find out what linux distribution it creates?

You can find which linux is checking for files such as /etc/debian_version, any other /etc/*-release files or using the command lsb_release

I think i don’t have a error.log? only tar.gz files?

passbolt has a directory where the logs are stored, depending on your version this directory should be located in: /your/passbolt_base_install/logs or /your/passbolt_base_install/tmp/logs if those directories are empty means passbolt is not encounter any issues when running.

Some questions:

What you just posted is running on php7.3?
The last piece of the post is what you see on your browser? Like passbolt running without styles? If that is the case could you open your browser console, reload the passbolt page and check if there are any errors when loading the passbolt page?

sorry i cant figure out the linux distro, is this important?

So i founf the error.log and there are a lot of the same errors in it (2 per minute)

2020-03-13 13:10:25 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

no the post was made while running 7.1, I don’t know where the page came from, I guess it was the output of the Curl thing?

Request URL: /auth/is-authenticated.json

Those exceptions are totally normal, just an unauthenticated used trying to access an area where authentication is needed. Very common when you for instance are idle and automatically logged out from passbolt.

So with this setup everything is working for you? If that is the case I would be interested in the setup that is not working with php 7.3, the same data.

yes it works fine, here it is on 7.3:

PimsAirBCG021:~ p.zwager$ curl -vvvLk bcg.support

  • Trying 195.211.74.101…

  • TCP_NODELAY set

  • Connected to bcg.support (195.211.74.101) port 80 (#0)

GET / HTTP/1.1

Host: bcg.support

User-Agent: curl/7.64.1

Accept: /

< HTTP/1.1 500 Internal Server Error

< Date: Fri, 13 Mar 2020 13:56:28 GMT

< Server: Apache

< Vary: User-Agent

< Upgrade: h2c

< Connection: Upgrade, close

< Content-Length: 0

< Content-Type: text/html; charset=UTF-8

<

  • Closing connection 0

PimsAirBCG021:~ p.zwager$

With that output there should be something on the error.log

2020-03-13 12:39:21 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

Request URL: /auth/is-authenticated.json

2020-03-13 13:09:25 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

Request URL: /auth/is-authenticated.json

2020-03-13 13:10:25 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

Request URL: /auth/is-authenticated.json

2020-03-13 13:58:20 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

Request URL: /auth/is-authenticated.json

2020-03-13 13:59:20 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location. (/home/bcgsupport/domains/bcg.support/public_html/src/Auth/GpgAuthenticate.php:85)

Request URL: /auth/is-authenticated.json

This information is not useful… I noticed you are using apache, have you checked the error.log of your apache server? Typically on /var/log/apache/error.log but depending on your apache virtualhost configuration it might be different path.

[Fri Mar 13 13:48:51.069559 2020] [lsapi:error] [pid 1915411:tid 139968110274304] [client 163.158.20.121:54622] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 13:48:51.070196 2020] [lsapi:error] [pid 1915411:tid 139968085096192] [client 163.158.20.121:54622] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 13:48:52.130289 2020] [lsapi:error] [pid 1915411:tid 139968085096192] [client 163.158.20.121:54622] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 14:02:28.996904 2020] [lsapi:error] [pid 2340070:tid 139968110274304] [client 163.158.20.121:54689] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n, referer: https://bcg.support/app/users
[Fri Mar 13 14:02:28.997151 2020] [lsapi:error] [pid 2340074:tid 139968118667008] [client 163.158.20.121:54690] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n, referer: https://bcg.support/app/users
[Fri Mar 13 14:02:32.971820 2020] [lsapi:error] [pid 2339131:tid 139968143845120] [client 163.158.20.121:54693] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 14:02:32.972505 2020] [lsapi:error] [pid 2339131:tid 139968076703488] [client 163.158.20.121:54693] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 14:02:47.194954 2020] [lsapi:error] [pid 2345775:tid 139968118667008] [client 163.158.20.121:54695] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 14:02:47.195164 2020] [lsapi:error] [pid 2345775:tid 139968336877312] [client 163.158.20.121:54695] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n
[Fri Mar 13 14:56:28.204804 2020] [lsapi:error] [pid 3852066:tid 139967925634816] [client 163.158.20.121:54990] [host bcg.support] Backend fatal error: PHP Fatal error: You must enable the intl extension to use Passbolt. in /home/bcgsupport/domains/bcg.support/public_html/config/requirements.php on line 20\n

there you go, you are missing the php-intl package. Probably the package changed the name I’m not sure as your environment is quite a black box for me, just install it and make sure using php -m that ‘intl’ is on the list

after enabling this, i also had to enable gnupg, and now it is woring on 7.3! thank you very much

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.