I’m setting up a demo server, and I’ve run into two problems.
- /recovery is 404ing
There’s no magic proxying going on, I’m also able to log into the web console and manage my account fine. I haven’t done much exploration yet (see 2) below), but a missing /recovery page seems like it’ll be an issue.
- how to reset a broswer plugin/account?
Currently I’m trying to test with FF and Chrome, and I’m using my demo server. As far as I can tell, the plugin supports single accounts only (unless you go multi-account in chrome itself… which is not something I want to do with non-techie endusers). I’d like to roll out this demo to some select users to try out, but first I want to figure out how to zap the details so we can use a production setup after we’re done with the demo. I didn’t find any good documentation on how to do this (and is what led me to find that /recovery is 404ing)
- fresh debian 10 VM, basically vanilla debian + basic php setup (our php SOE - I had to turn php-fpm + nginx off so the installer script would work properly; can’t usermod www-data if it’s in use)
- AWS EC2 instance behind an AWS load balancer
- running a self-signed cert on 443 (the loadbalancer holds a valid cert for the web)
- was installed using the official documentation for debian 10 and the installer script 2 days ago
- did the initial script installation with LetsEncrypt, that failed, so reran the installation with self-signed certs instead
- using a remote mysqldb
logs/error.log - mostly just repeats of the following:
2019-11-14 00:08:46 Error: [Cake\Routing\Exception\MissingRouteException] A route matching “/recovery” could not be found.
Request URL: /recovery
2019-11-13 03:08:02 Error: [Cake\Http\Exception\ForbiddenException] You need to login to access this location.
Request URL: /auth/is-authenticated.json
Installation log from console, showing choices and results (re-run over previous Lets Encrypt-style deploy)
____ __ ____
/ __ ____ _____ / / ____ / / /
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
The open source password manager for teams (c) 2018 Passbolt SARL https://www.passbolt.com ================================================================ IMPORTANT NOTE: This installation scripts are for use only on FRESH installed debian >= 9.0 | ubuntu 18.04 | CentOS >= 7.0 ================================================================ ============================================================== Do you want to install a local mariadb server on this machine? ============================================================== 1) yes 2) no #? 2 ================================================================================ On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly. Do you want to install Haveged to speed up the entropy generation on your system? Please check https://help.passbolt.com/faq/hosting/why-haveged- virtual-env ================================================================================ 1) yes 2) no #? 1 ================================================================================ Setting hostname... Please enter the domain name under which passbolt will run. Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let's encrypt. If you don't have a domain name and you do not plan to use let's encrypt please enter the ip address to access this machine ================================================================================ Hostname:passbolt-demo.mydomain.net ================================================================================ Setting up SSL... Do you want to setup a SSL certificate and enable HTTPS now? - manual: Prompts for the path of user uploaded ssl certificates and set up nginx - auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx - none: Do not setup HTTPS at all ================================================================================ 1) manual 2) auto 3) none #? 1 Enter the path to the SSL certificate: /etc/ssl/passbolt-selfsigned.crt Enter the path to the SSL privkey: /etc/ssl/passbolt-selfsigned.key usermod: no changes ============================= Installing os dependencies... ============================= Hit:1 http://security.debian.org/debian-security buster/updates InRelease Hit:2 https://packages.sury.org/php buster InRelease Hit:3 http://cdn-aws.deb.debian.org/debian buster InRelease Hit:4 http://cdn-aws.deb.debian.org/debian buster-updates InRelease Hit:5 http://cdn-aws.deb.debian.org/debian buster-backports InRelease Reading package lists... Reading package lists... Building dependency tree... Reading state information... git is already the newest version (1:2.20.1-2). nginx is already the newest version (1.14.2-2+deb10u1). php-gnupg is already the newest version (1.4.0-3). certbot is already the newest version (0.31.0-1). unzip is already the newest version (6.0-23+deb10u1). php-pear is already the newest version (1:1.10.9+submodules+notgz-1+0~20191010.12+debian10~1.gbp296d25). php7.3-dev is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-fpm is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-gd is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-intl is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-ldap is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-mbstring is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). php7.3-mysql is already the newest version (7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0). 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. ============================================ Using remote or custom database installation ============================================ Synchronizing state of php7.3-fpm.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable php7.3-fpm Already up to date. /root/passbolt-installer ====================== Installing composer... ====================== --2019-11-13 01:02:28-- https://getcomposer.org/installer Resolving getcomposer.org (getcomposer.org)... 22.214.171.124, 2607:5300:201:2100::4:d105 Connecting to getcomposer.org (getcomposer.org)|126.96.36.199|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 275959 (269K) [application/octet-stream] Saving to: ‘composer-setup.php’ 0K .......... .......... .......... .......... .......... 18% 205K 1s 50K .......... .......... .......... .......... .......... 37% 206K 1s 100K .......... .......... .......... .......... .......... 55% 18.6M 0s 150K .......... .......... .......... .......... .......... 74% 207K 0s 200K .......... .......... .......... .......... .......... 92% 22.1M 0s 250K .......... ......... 100% 25.9M=0.7s 2019-11-13 01:02:30 (367 KB/s) - ‘composer-setup.php’ saved [275959/275959] All settings correct for using Composer Downloading... Composer (version 1.9.1) successfully installed to: /usr/bin/composer.phar Use it: php /usr/bin/composer.phar =================================== Installing composer dependencies... =================================== Loading composer repositories with package information Installing dependencies from lock file Nothing to install or update Generating optimized autoload files > Cake\Composer\Installer\PluginInstaller::postAutoloadDump thadafinser/package-info: Generating class... thadafinser/package-info: ...generating class > App\Console\Installer::postInstall No Security.salt placeholder to replace. =================== Setting up nginx... =================== Server names hash bucket is 64 Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable nginx Server names hash bucket is 64 Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable nginx Hit:1 http://cdn-aws.deb.debian.org/debian buster InRelease Hit:2 http://cdn-aws.deb.debian.org/debian buster-updates InRelease Hit:3 http://cdn-aws.deb.debian.org/debian buster-backports InRelease Hit:4 http://security.debian.org/debian-security buster/updates InRelease Hit:5 https://packages.sury.org/php buster InRelease Reading package lists... Reading package lists... Building dependency tree... Reading state information... haveged is already the newest version (1.9.1-7). 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. Synchronizing state of haveged.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable haveged ================================================================================ Installation is almost complete. Please point your browser to https://passbolt-demo.mydomain.net to complete the process ================================================================================
How do I get the /recovery location working? And what’s the best way to reset the credentials for the browser plugins?