Passbolt with traefik & Let's Encrypt on docker - cannot register with the link [Cloudflare tunnel]

[Y ] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[Y ] I provide relevant information about my server (component names and versions, etc.)
[N] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[Y ] I describe the steps on how to reproduce the issue

Hello, in need of some help.

I’ve followed the installtion instructions and I have the three containers up and running as per attched screenshot

I have set up an admin user successfully.

The problem I have is that the url that is provided at this stage does not load.

I have my domain going going through cloudflare. i think I am not understanding fully what I need to go in this part.

I have a cname record set up

I have that sepcified in my docker-compose under - APP_FULL_BASE_URL

What am I missing here? Can you provide any help? I can provide any info you need


Hi @gregorgregor25

Your cname… you are meaning a subdomain of passbolt right?

Can you show your CNAME record?

Hi, thanks for your reply. I’m using cloudflare. I have it set up for many sub domains and is working great for other apps. I must not fully understand the process required here.

Are you running the other apps on the same machine as passbolt?

Are you wanting the subdomain to be used with the passbolt app?

Yes I am running them om the same machine.

Yes is like to use that subdomain with passbolt. Thanks

Ok so if you are using the CNAME flattening from Cloudflare that should be fine.

Are your other apps on their own Docker containers as well?

If you have multiple web apps you will need something like a reverse proxy in front of them to handle the different incoming requests.

Tell me more about the other apps, what ports they use, and do you have a reverse proxy in place?


I don’t have a reverse proxy in place. I’m using cloudflare tunnels for them. I’ve got web apps like jellyfin, sabnzbd, sonarr, radarr, there’s loads of them.

What OS is your Docker host?

My docker host is Ubuntu 22.04 LTS

Just to confirm, passbolt is not going to be your only app that needs ports 80 and 443?

I dont have anything other then portainer using 443. Anything else that uses port 443 or 80 is only mapped to that within the other containers so for instance:

Next cloud is using port 80 in a container but is mapped to port 888 on host.

I dont have anything like nginx or caddy using 80

And this is set to

I think if you are running portainer on 80 and 443, then you need to set passbolt on an alternative port binding as well, like you do with Nextcloud.

This is my yaml for passbolt well most of it. On my phone juat now lol

Can you check it out.

If i meed to remap port can you provide ans examplw of how this is done it the yaml i think ive confused myself.

I appreciate the help!

In the traefik ports section, I think you’ll want to do something like:


and in portainer set 8080, 4043 for passbolt like you did 888 for Nextcloud. I may be misunderstanding and if this doesn’t make sense can you show portainer settings for passbolt?

in here?

Currently, I dont have any ports mapped in portainer. I can use the Manual network port publishings section to do this for instance?

Where you circled red looks like what I was saying.

How are you using portainer - just to manage the up/down of containers or are you also handling networking with portainer?

I think you were saying you are using Cloudflare tunnels…so I’m going to assume you are not using Portainer to manage the networking parts.

That means you should be able to leave the traefik section alone - it is a reverse proxy and will be listening on ports 80 and 443 of your host- your tunnel settings need to reflect that.

If you want traefik to listen on other numbered ports to match you tunnel settings, then change accordingly.

Hi some good news,

Done the ports on the .yaml bound the ports in portainer, then deleted my CNAME then re added it as a tunnel in cloudflare and bingo!

I do have one more question if you will indulge me? I pu tin my email address and I got this

but no email has arrived.

1 Like