Passbolt timing out (Oracle cloud, iptables)

Installation Issues
1

Hello all,

I recently got my passbolt up and running, under Ubuntu 22.04 with MySQL db.
It seemed to be fine, I enabled 2FA on my main email address that it sends from, so I created an app password, went into /etc/passbolt/passbolt.php, and changed the password in there to the app password.
Did a reboot of the server…

Now it won’t run.

It looks like nginx service is running, and so is apache2? – not too sure if they both should be on there, but I have stopped apache2, and nginx as well, one by one to see if it makes a difference or not.
If I go to the IP, I get the standard Apache page. If I go to the DNS name, it times out.

My Healthcheck is:

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.1.2.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.mydomain.co.uk
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check
[HELP] fopen(): Failed to open stream: No route to host

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (3.7.1).
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

[FAIL] 4 error(s) found. Hang in there!

Checklist
[x ] I have read intro post: About the Installation Issues category
[x ] I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

2

Hi,

If passbolt doesn’t work after modifing passbolt.php configuration files, it usually means you have introduced a typo.

The EmailTransport configuration is a PHP array, are you sure you didn’t forgot a comma?

    // Email configuration.
    'EmailTransport' => [
        'default' => [
            'host' => 'localhost',
            'port' => 25,
            'username' => 'user',
            'password' => 'secret',
            // Is this a secure connection? true if yes, null if no.
            'tls' => null,
            //'timeout' => 30,
            //'client' => null,
            //'url' => null,
        ],
    ],

Do you have only passbolt installed on this server? If yes, nginx is usualy the preferred web server, and apache2 is not needed.
You should find passbolt web server configuration file under /etc/nginx/sites-enabled

Cheers,

3

Thanks for the reply.
This is what is in the passbolt.php file,
image

Only thing I changed was the password between the ’ '.

It is the only thing on this server, found it odd that apache2 was installed as well, it was a fresh instance of ubuntu. apt autoremove doesn’t find it which is odd, but that’s a different issue.

The root according to sites enabled is /usr/share/php/passbolt/webroot ---- i assume this is since I used the installer.
The passbolt.php file is over in /etc/passbolt/passbolt.php

In that directory, there is a passbolt.default.php, worst comes to worst, would I be able to just overwrite the current one and just do the config again?

Thanks

4

Thanks for the details. So you installed passbolt from our package, and nginx is the used web server. You updated /etc/passbolt/passbolt.php and since you rebooted your server, you got a timeout.

Are you sure the IP address of your server remains the same after the reboot ?

passbolt.default.php is a sample file, the passbolt configuration file is /etc/passbolt/passbolt.php.

Cheers,

5

Yep, the IP remains the same.

From the CLI, if I run:
curl “IP address”, I get the default apache page, the contents of /var/www/html.

If I ping passbolt.mydomain.co.uk (i have an a record set up on my dns), it resolves the correct IP address.

If I do
curl passbolt.mydomain.co.uk
I get:

301 Moved Permanently

301 Moved Permanently

nginx/1.18.0 (Ubuntu)

If I do curl passbolt.mydomain.co.uk:443
I get
curl: (7) Failed to connect to passbolt.mydomain.co.uk port 443 after 1 ms: No route to host

I wonder if me changing the config messed up the permissions on the passbolt.php file?
image

Seems to be the only one there owned by www-data rather than root, though I would assume it should be owned by www-data since it’s the config.

Thank you

6

If you want to check the connectivity with curl with https, you must set explicitely https://

curl passbolt.mydomain.co.uk:443 will perform curl http://passbolt.mydomain.co.uk:443 and there is no http running on port 443.

You should use this curl command instead:

curl -L https://passbolt.mydomain.co.uk

Best,

7

I had assumed that using port 443 would assume https, I did not know that.
I guess we do learn something new everyday!

Right, so running
curl -L https://passbolt.mydomain.co.uk yields the same result.

curl: (7) Failed to connect to passbolt.mydomain.co.uk port 443 after 30 ms: No route to host

I wonder if it’s an Nginx configuration issue then… - Though none of that has been touched.

Thank you

8

You have a No route to host error, do you have any firewall rules activated ?

Can you also provide the output of these commands:

sudo systemctl status nginx
sudo netstat -tunpl
curl -vLI https://passbolt.mydomain.co.uk

Best,

9

iptables is running, but to allow in port 80 and 443, I did do a:
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
and
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
netfilter-persistent save

Those are the only rules I added in, and it was working with those.

The outputs of the commands you’ve asked for are:

root@passbolt2:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
     Active: active (running) since Mon 2022-09-12 10:28:24 UTC; 2h 9min ago
       Docs: man:nginx(8)
    Process: 4235 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proce>
    Process: 4237 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (c>
   Main PID: 4238 (nginx)
      Tasks: 3 (limit: 1076)
     Memory: 4.9M
        CPU: 86ms
     CGroup: /system.slice/nginx.service
             ├─4238 "nginx: master process /usr/sbin/nginx -g daemon on; master>
             ├─4239 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "">
             └─4240 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "">

Sep 12 10:28:24 passbolt2 systemd[1]: Starting A high performance web server an>
Sep 12 10:28:24 passbolt2 systemd[1]: Started A high performance web server and>

root@passbolt2:~# netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      732/systemd-resolve
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      941/mysqld
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4238/nginx: master
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4238/nginx: master
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      941/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      870/sshd: /usr/sbin
tcp6       0      0 :::443                  :::*                    LISTEN      4238/nginx: master
tcp6       0      0 :::80                   :::*                    LISTEN      4238/nginx: master
tcp6       0      0 :::111                  :::*                    LISTEN      1/init
tcp6       0      0 :::22                   :::*                    LISTEN      870/sshd: /usr/sbin
udp        0      0 10.0.0.208:68           0.0.0.0:*                           730/systemd-network
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/init
udp        0      0 127.0.0.53:53           0.0.0.0:*                           732/systemd-resolve
udp6       0      0 :::111                  :::*                                1/init
root@passbolt2:~# curl -vLI https://passbolt.mydomain.co.uk
*   Trying my.ext.ip.here:443...
* connect to my.ext.ip.here port 443 failed: No route to host
* Failed to connect to passbolt.mydomain.co.uk port 443 after 32 ms: No route to host
* Closing connection 0
curl: (7) Failed to connect to passbolt.mydomain.co.uk port 443 after 32 ms: No route to host
root@passbolt2:~#

Thank you

10

@unboostedvtak If it’s showing your external ip address maybe you need to add your domain to the /etc/hosts file?

127.0.0.1 passbolt.mydomain.co.uk
11

Okay, so I’ve added that in.

image

Result is different, from the curl command.

ubuntu@passbolt2:~$ sudo -i
root@passbolt2:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-09-12 14:15:52 UTC; 40s ago
       Docs: man:nginx(8)
   Main PID: 895 (nginx)
      Tasks: 3 (limit: 1076)
     Memory: 7.4M
        CPU: 363ms
     CGroup: /system.slice/nginx.service
             ├─895 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             ├─896 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" >
             └─897 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" >

Sep 12 14:15:50 passbolt2 systemd[1]: Starting A high performance web server and a reverse >
Sep 12 14:15:52 passbolt2 systemd[1]: Started A high performance web server and a reverse p>
lines 1-15/15 (END)
root@passbolt2:~# netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      895/nginx: master p
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      928/mysqld  
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      928/mysqld  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      874/sshd: /usr/sbin
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      725/systemd-resolve
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init      
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      895/nginx: master p
tcp6       0      0 :::443                  :::*                    LISTEN      895/nginx: master p
tcp6       0      0 :::22                   :::*                    LISTEN      874/sshd: /usr/sbin
tcp6       0      0 :::111                  :::*                    LISTEN      1/init      
tcp6       0      0 :::80                   :::*                    LISTEN      895/nginx: master p
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/init      
udp        0      0 127.0.0.53:53           0.0.0.0:*                           725/systemd-resolve
udp        0      0 10.0.0.208:68           0.0.0.0:*                           723/systemd-network
udp6       0      0 :::111                  :::*                                1/init      
root@passbolt2:~# curl -vLI https://passbolt.mydomain.co.uk
*   Trying 127.0.0.1:443...
* Connected to passbolt.mydomain.co.uk (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=passbolt.mydomain.co.uk
*  start date: Sep  9 11:41:18 2022 GMT
*  expire date: Dec  8 11:41:17 2022 GMT
*  subjectAltName: host "passbolt.mydomain.co.uk" matched cert's "passbolt.mydomain.co.uk"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> HEAD / HTTP/1.1
> Host: passbolt.mydomain.co.uk
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< Server: nginx/1.18.0 (Ubuntu)
Server: nginx/1.18.0 (Ubuntu)
< Date: Mon, 12 Sep 2022 14:17:10 GMT
Date: Mon, 12 Sep 2022 14:17:10 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< Keep-Alive: timeout=5
Keep-Alive: timeout=5
< Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';frame-src 'self';
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';frame-src 'self';

<
* Connection #0 to host passbolt.mydomain.co.uk left intact
root@passbolt2:~#

That still hasn’t brought up the page however. But it does look like it’s a step in the right direction. Most of the time, when I look at linux in a funny way it breaks itself :joy:

Thank you

12

@unboostedvtak How does the healthcheck look now?

13

Healthcheck looks a lot better than before. The only failure now is
[FAIL] Passbolt is not configured to force SSL use.
under “Application configuration”.

I’ve gone into /etc/passbolt/passbolt.php and changed force SSL to true, run the health check again, and it is passing the health check with no errors.

I still cannot access it however…

14

@unboostedvtak Well, that’s a little bit of good news!

We need to look for errors in /var/log/passbolt (I think) and also errors on the browser side of things in the browser console. What exactly happens on the browser side when you try to access?

15

Right, so on the browser, I get a connection timeout, nothing much in the console.

image
image1270×670 25.8 KB

in /var/log/passbolt, I seem to have
cli-error.log
error.log
error.log.1
error.log.2.gz
error.log.gz

Latest timestamped file is error.log, but it is empty.
Second latest timestamped is error.log.1.
The contents are:

ubuntu@passbolt2:/var/log/passbolt$ ls -l
total 16
-rw-rw-r-- 1 www-data www-data  900 Sep 10 18:04 cli-error.log
-rw-r----- 1 www-data www-data    0 Sep 13 00:00 error.log
-rw-r----- 1 www-data www-data 3128 Sep 12 15:59 error.log.1
-rw-r----- 1 www-data www-data  803 Sep 11 21:17 error.log.2.gz
-rw-r--r-- 1 www-data www-data 1992 Sep 10 23:33 error.log.3.gz
ubuntu@passbolt2:/var/log/passbolt$ sudo cat error.log.1
2022-09-12 03:36:22 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/owa/auth/logon.aspx" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
Client IP: 192.241.221.87


2022-09-12 03:49:23 error: [Cake\Routing\Exception\MissingRouteException] A route matching "s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: s=/Index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21?s=/Index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=md5&vars%5B1%5D%5B%5D=HelloThinkPHP21
Client IP: 152.89.196.211


2022-09-12 05:14:41 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/mifs/.;/services/LogService" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /mifs/.;/services/LogService
Referer URL: https://132.145.11.37:443
Client IP: 152.89.196.211


2022-09-12 05:25:57 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/.env" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /.env
Client IP: 52.188.168.183


2022-09-12 05:25:58 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /
Client IP: 52.188.168.183


2022-09-12 06:40:51 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/Autodiscover/Autodiscover.xml" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /Autodiscover/Autodiscover.xml
Client IP: 152.89.196.211


2022-09-12 08:02:19 error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: **My IP address from where I was accessing**


2022-09-12 14:14:45 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /
Client IP: 127.0.0.1


2022-09-12 14:17:10 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /
Client IP: 127.0.0.1


2022-09-12 15:59:26 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /
Client IP: 127.0.0.1


ubuntu@passbolt2:/var/log/passbolt$

It doesn’t look like me trying to browse to it via my browser is showing up in the logs at all. The screenshot above with the console open was done about a minute before going to the logs.

I’ve triple checked that my domain, passbolt.mydomain.co.uk does in fact resolve to the external IP of the sever. The Ext IP has not changed.

I’m at a loss now, almost like nginx isn’t getting the requests to be able to handle it maybe?

16

If I go for nginx logs, I have the following:

ubuntu@passbolt2:/var/log/nginx$ ls -l
total 112
-rw-r----- 1 www-data adm   9262 Sep 13 09:07 access.log
-rw-r----- 1 www-data adm  23640 Sep 12 23:58 access.log.1
-rw-r----- 1 www-data adm   2931 Sep 11 23:47 access.log.2.gz
-rw-r----- 1 www-data adm   5923 Sep 10 23:58 access.log.3.gz
-rw-r----- 1 www-data adm      0 Sep 11 00:00 error.log
-rw-r----- 1 www-data adm    401 Sep  9 12:41 error.log.1
-rw-r----- 1 www-data adm      0 Sep 13 00:00 passbolt-access.log
-rw-r----- 1 www-data adm   8478 Sep 12 15:59 passbolt-access.log.1
-rw-r----- 1 www-data adm   2898 Sep 11 23:44 passbolt-access.log.2.gz
-rw-r--r-- 1 root     root 16205 Sep 10 23:47 passbolt-access.log.3.gz
-rw-r----- 1 www-data adm      0 Sep 13 00:00 passbolt-error.log
-rw-r----- 1 www-data adm   9303 Sep 12 15:59 passbolt-error.log.1
-rw-r----- 1 www-data adm   2996 Sep 11 23:44 passbolt-error.log.2.gz
-rw-r--r-- 1 root     root  8101 Sep 10 23:56 passbolt-error.log.3.gz


ubuntu@passbolt2:/var/log/nginx$ sudo cat passbolt-access.log.1
205.210.31.23 - - [12/Sep/2022:00:55:08 +0000] "GET / HTTP/1.1" 302 5 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
205.210.31.23 - - [12/Sep/2022:00:55:09 +0000] "GET /auth/login?redirect=%2F HTTP/1.1" 200 2809 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
194.165.16.10 - - [12/Sep/2022:01:37:49 +0000] "\x03\x00\x00,'\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Domain" 400 166 "-" "-"
194.165.16.10 - - [12/Sep/2022:01:37:49 +0000] "\x03\x00\x00,'\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Domain" 400 166 "-" "-"
128.14.141.34 - - [12/Sep/2022:01:40:08 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
128.14.141.34 - - [12/Sep/2022:01:40:08 +0000] "GET /auth/login?redirect=%2F HTTP/1.1" 200 1105 "https://Server.Ext.IP.Add/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:02:55:37 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
64.62.197.167 - - [12/Sep/2022:03:27:04 +0000] "GET / HTTP/1.1" 302 5 "-" "-"
64.62.197.167 - - [12/Sep/2022:03:35:32 +0000] "GET /favicon.ico HTTP/1.1" 200 318 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
192.241.221.87 - - [12/Sep/2022:03:36:22 +0000] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 1461 "-" "Mozilla/5.0 zgrab/0.x"
64.62.197.168 - - [12/Sep/2022:03:39:03 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
64.62.197.168 - - [12/Sep/2022:03:39:03 +0000] "GET /auth/login?redirect=%2F HTTP/1.1" 200 1105 "https://Server.Ext.IP.Add/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:03:49:23 +0000] "GET /index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 404 1461 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
128.1.248.26 - - [12/Sep/2022:04:29:36 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
128.1.248.26 - - [12/Sep/2022:04:29:36 +0000] "GET /auth/login?redirect=%2F HTTP/1.1" 200 1105 "https://Server.Ext.IP.Add/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:05:01:29 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:05:14:41 +0000] "POST /mifs/.;/services/LogService HTTP/1.1" 404 1461 "https://Server.Ext.IP.Add:443" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
52.188.168.183 - - [12/Sep/2022:05:25:57 +0000] "GET /.env HTTP/1.1" 404 1461 "-" "python-httpx/0.23.0"
52.188.168.183 - - [12/Sep/2022:05:25:58 +0000] "POST / HTTP/1.1" 404 1461 "-" "python-httpx/0.23.0"
193.46.254.45 - - [12/Sep/2022:05:44:45 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:06:40:52 +0000] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 404 1461 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.143.200.118 - - [12/Sep/2022:07:04:48 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 166 "-" "-"
192.241.206.49 - - [12/Sep/2022:07:20:10 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 zgrab/0.x"
62.254.9.223 - - [12/Sep/2022:07:21:44 +0000] "GET /img/avatar/user_medium.png HTTP/1.1" 200 2921 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:46 +0000] "GET /auth/verify.json HTTP/1.1" 200 2909 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:46 +0000] "GET /auth/jwt/rsa.json HTTP/1.1" 200 1095 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:47 +0000] "POST /auth/jwt/login.json HTTP/1.1" 200 3076 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:48 +0000] "GET /settings.json HTTP/1.1" 200 1866 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:48 +0000] "GET /users/me.json HTTP/1.1" 200 4048 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:49 +0000] "GET /img/avatar/user_medium.png HTTP/1.1" 200 2921 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:49 +0000] "GET /users.json HTTP/1.1" 200 9556 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:50 +0000] "GET /groups.json?contain%5Buser%5D=1 HTTP/1.1" 200 263 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:50 +0000] "GET /resources.json?contain%5Bpermission%5D=1&contain%5Bfavorite%5D=1&contain%5Btag%5D=1&contain%5Bpermissions.group%5D=1 HTTP/1.1" 200 18543 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:50 +0000] "GET /resource-types.json HTTP/1.1" 200 1621 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:54 +0000] "GET /img/avatar/user_medium.png HTTP/1.1" 200 2921 "-" "okhttp/4.7.2"
62.254.9.223 - - [12/Sep/2022:07:21:55 +0000] "GET /secrets/resource/15c8de72-2c8f-4310-9723-29bc52a94308.json HTTP/1.1" 200 1924 "-" "okhttp/4.7.2"
192.241.221.72 - - [12/Sep/2022:07:47:59 +0000] "GET / HTTP/1.1" 400 264 "-" "Mozilla/5.0 zgrab/0.x"
88.215.43.222 - - [12/Sep/2022:08:02:19 +0000] "GET /auth/is-authenticated.json HTTP/1.1" 401 266 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:08:03:14 +0000] "GET / HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
152.89.196.211 - - [12/Sep/2022:08:03:25 +0000] "GET /auth/login?redirect=%2F HTTP/1.1" 200 1105 "https://Server.Ext.IP.Add:443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
127.0.0.1 - - [12/Sep/2022:14:14:45 +0000] "HEAD / HTTP/1.1" 404 0 "-" "curl/7.81.0"
127.0.0.1 - - [12/Sep/2022:14:17:10 +0000] "HEAD / HTTP/1.1" 404 0 "-" "curl/7.81.0"
127.0.0.1 - - [12/Sep/2022:15:26:46 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "-"
127.0.0.1 - - [12/Sep/2022:15:26:46 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:26:47 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:26:47 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:52:50 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "-"
127.0.0.1 - - [12/Sep/2022:15:52:51 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:52:51 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:52:51 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:55:07 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "-"
127.0.0.1 - - [12/Sep/2022:15:55:07 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:55:08 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:55:08 +0000] "GET /healthcheck/status.json HTTP/1.1" 200 231 "-" "CakePHP"
127.0.0.1 - - [12/Sep/2022:15:59:03 +0000] "GET / HTTP/1.1" 302 5 "-" "curl/7.81.0"
127.0.0.1 - - [12/Sep/2022:15:59:26 +0000] "HEAD / HTTP/1.1" 404 0 "-" "curl/7.81.0"



ubuntu@passbolt2:/var/log/nginx$ sudo cat passbolt-error.log.1
2022/09/12 00:01:24 [info] 15686#15686: *3269 SSL_do_handshake() failed (SSL: error:0A000102:SSL routines::unsupported protocol) while SSL handshaking, client: 192.241.220.32, server: 0.0.0.0:443
2022/09/12 00:26:33 [info] 15686#15686: *3272 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2022/09/12 00:55:08 [info] 15686#15686: *3281 client 205.210.31.23 closed keepalive connection
2022/09/12 00:55:10 [info] 15686#15686: *3283 client 205.210.31.23 closed keepalive connection
2022/09/12 01:37:49 [info] 15686#15686: *3292 recv() failed (104: Unknown error) while SSL handshaking, client: 194.165.16.10, server: 0.0.0.0:443
2022/09/12 01:37:49 [info] 15686#15686: *3293 client sent invalid method while reading client request line, client: 194.165.16.10, server: passbolt.mydomain.co.uk, request: ",'▒Cookie: mstshash=Domain"
2022/09/12 01:37:49 [info] 15686#15686: *3293 recv() failed (104: Unknown error) while reading client request line, client: 194.165.16.10, server: passbolt.mydomain.co.uk, request: ",'▒Cookie: mstshash=Domain"
2022/09/12 01:37:49 [info] 15686#15686: *3294 client sent invalid method while reading client request line, client: 194.165.16.10, server: passbolt.mydomain.co.uk, request: ",'▒Cookie: mstshash=Domain"
2022/09/12 01:37:49 [info] 15686#15686: *3294 recv() failed (104: Unknown error) while reading client request line, client: 194.165.16.10, server: passbolt.mydomain.co.uk, request: ",'▒Cookie: mstshash=Domain"
2022/09/12 01:45:34 [info] 15686#15686: *3298 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2022/09/12 02:39:39 [info] 15686#15686: *3305 client timed out (110: Unknown error) while waiting for request, client: 152.89.196.211, server: 0.0.0.0:443
2022/09/12 03:27:05 [info] 15686#15686: *3309 client 64.62.197.167 closed keepalive connection
2022/09/12 03:29:47 [info] 15686#15686: *3311 SSL_do_handshake() failed (SSL: error:0A00018C:SSL routines::version too low) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:30:37 [info] 15686#15686: *3312 SSL_do_handshake() failed (SSL: error:0A0000C1:SSL routines::no shared cipher) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:46 [info] 15686#15686: *3313 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:46 [info] 15686#15686: *3314 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:46 [info] 15686#15686: *3315 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:46 [info] 15686#15686: *3316 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:47 [info] 15686#15686: *3317 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:47 [info] 15686#15686: *3318 SSL_do_handshake() failed (SSL: error:0A000102:SSL routines::unsupported protocol) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:47 [info] 15686#15686: *3319 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:48 [info] 15686#15686: *3320 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:48 [info] 15686#15686: *3321 SSL_do_handshake() failed (SSL: error:0A0000C1:SSL routines::no shared cipher) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:31:48 [crit] 15686#15686: *3322 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:35:32 [crit] 15686#15686: *3323 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:37:08 [info] 15686#15686: *3326 client closed connection while waiting for request, client: 64.62.197.167, server: 0.0.0.0:443
2022/09/12 03:39:03 [crit] 15686#15686: *3327 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 64.62.197.168, server: 0.0.0.0:443
2022/09/12 04:33:45 [crit] 15686#15686: *3341 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 23.239.8.82, server: 0.0.0.0:443
2022/09/12 05:15:43 [info] 15686#15686: *3351 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2022/09/12 05:25:58 [crit] 15686#15686: *3353 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 52.188.168.183, server: 0.0.0.0:443
2022/09/12 05:25:58 [crit] 15686#15686: *3355 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 52.188.168.183, server: 0.0.0.0:443
2022/09/12 05:44:50 [crit] 15686#15686: *3362 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.100.255, server: 0.0.0.0:443
2022/09/12 05:44:51 [crit] 15686#15686: *3363 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.174, server: 0.0.0.0:443
2022/09/12 05:44:51 [crit] 15686#15686: *3364 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.174, server: 0.0.0.0:443
2022/09/12 05:44:51 [crit] 15686#15686: *3365 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.48, server: 0.0.0.0:443
2022/09/12 05:44:55 [info] 15686#15686: *3367 SSL_do_handshake() failed (SSL: error:0A000102:SSL routines::unsupported protocol) while SSL handshaking, client: 185.220.100.255, server: 0.0.0.0:443
2022/09/12 05:44:55 [crit] 15686#15686: *3366 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.188, server: 0.0.0.0:443
2022/09/12 05:45:03 [crit] 15686#15686: *3369 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.48, server: 0.0.0.0:443
2022/09/12 05:45:04 [info] 15686#15686: *3370 SSL_do_handshake() failed (SSL: error:0A0000C1:SSL routines::no shared cipher) while SSL handshaking, client: 185.220.101.174, server: 0.0.0.0:443
2022/09/12 05:45:04 [crit] 15686#15686: *3368 SSL_do_handshake() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while SSL handshaking, client: 185.220.101.188, server: 0.0.0.0:443
2022/09/12 05:45:15 [crit] 15686#15686: *3371 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 185.220.101.188, server: 0.0.0.0:443
2022/09/12 06:06:08 [info] 15686#15686: *3372 client timed out (110: Unknown error) while waiting for request, client: 152.89.196.211, server: 0.0.0.0:443
2022/09/12 06:21:13 [info] 15686#15686: *3374 peer closed connection in SSL handshake (104: Unknown error) while SSL handshaking, client: 212.102.40.218, server: 0.0.0.0:443
2022/09/12 07:04:48 [info] 15686#15686: *3378 client sent invalid method while reading client request line, client: 45.143.200.118, server: passbolt.mydomain.co.uk, request: "/*▒Cookie: mstshash=Administr"
2022/09/12 07:04:48 [info] 15686#15686: *3378 recv() failed (104: Unknown error) while reading client request line, client: 45.143.200.118, server: passbolt.mydomain.co.uk, request: "/*▒Cookie: mstshash=Administr"
2022/09/12 07:20:10 [crit] 15686#15686: *3380 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 192.241.206.49, server: 0.0.0.0:443
2022/09/12 07:31:18 [info] 15686#15686: *3397 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking, client: 172.105.77.209, server: 0.0.0.0:443
2022/09/12 07:47:59 [info] 15686#15686: *3403 client sent plain HTTP request to HTTPS port while reading client request headers, client: 192.241.221.72, server: passbolt.mydomain.co.uk, request: "GET / HTTP/1.1", host: "Server.Ext.IP.Add:443"
2022/09/12 08:29:08 [info] 15686#15686: *3433 client timed out (110: Unknown error) while waiting for request, client: 152.89.196.211, server: 0.0.0.0:443
2022/09/12 14:14:45 [info] 4239#4239: *28 client 127.0.0.1 closed keepalive connection
2022/09/12 14:17:10 [info] 896#896: *1 client 127.0.0.1 closed keepalive connection
2022/09/12 15:59:03 [info] 907#907: *1 client 127.0.0.1 closed keepalive connection
2022/09/12 15:59:26 [info] 907#907: *3 client 127.0.0.1 closed keepalive connection
ubuntu@passbolt2:/var/log/nginx$
17

@unboostedvtak The next things I would check:

  • ping the passbolt server from your client using the domain name - do you get a response?
  • run nginx -t to test the config files for the passbolt site and see if there are errors
  • why is Apache running? Stop that service, restart NGINX and see what happens.

If this doesn’t work, can you provide your NGINX passbolt.conf so we can take a look at the settings. Obfuscate as needed.

18

Thanks for your help by the way, it is extremely appreciated.

ICMP was disabled, just made the rule to allow it through, I get responses through IP and through my A record.

ubuntu@passbolt2:/etc/nginx/sites-enabled$ sudo nginx -t -c nginx-passbolt.conf
nginx: [emerg] open() "/usr/share/nginx/nginx-passbolt.conf" failed (2: No such file or directory)
nginx: configuration file /usr/share/nginx/nginx-passbolt.conf test failed

Now that is interesting…

I couldn’t tell you why apache2 is running, APT won’t find it to remove it… I’ve stopped the service and disabled the daemon for it. Restarted the nginx service, same thing…

Here’s the config file for nginx under the sites-enabled directory of nginx:

ubuntu@passbolt2:/etc/nginx/sites-enabled$ sudo cat nginx-passbolt.conf
#
#  Passbolt.conf - Nginx configuration file to run the Passbolt software.
#

server {

  # Managed by Passbolt
  server_name passbolt.mydomain.co.uk;

  client_body_buffer_size     100K;
  client_header_buffer_size   1K;
  client_max_body_size        5M;

  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;

  root /usr/share/php/passbolt/webroot;
  index index.php;
  error_log /var/log/nginx/passbolt-error.log info;
  access_log /var/log/nginx/passbolt-access.log;

  # Managed by Passbolt
  # include __PASSBOLT_SSL__

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files                $uri =404;
    include                  fastcgi_params;
    fastcgi_pass             unix:/run/php/php8.1-fpm.sock;
    fastcgi_index            index.php;
    fastcgi_intercept_errors on;
    fastcgi_split_path_info  ^(.+\.php)(.+)$;
    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param            SERVER_NAME $http_host;
    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
  }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/passbolt.mydomain.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/passbolt.mydomain.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = passbolt.mydomain.co.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



  listen 80;
  listen [::]:80;
  server_name passbolt.mydomain.co.uk;
    return 404; # managed by Certbot


}
ubuntu@passbolt2:/etc/nginx/sites-enabled$

At this point, would it be easier for me to spin up a new server and restore my DB?

Thank you

19

Here is what is in the /usr/share/nginx directory:

ubuntu@passbolt2:/usr/share/nginx$ ls -l
total 8
drwxr-xr-x 2 root root 4096 Sep  9 12:37 html
lrwxrwxrwx 1 root root   23 Apr 27 10:56 modules -> ../../lib/nginx/modules
drwxr-xr-x 2 root root 4096 Sep  9 12:37 modules-available
ubuntu@passbolt2:/usr/share/nginx$

Would it need a symlink?

20

Just run nginx -t on its own.