Setting Passbolt_api for dev env

AbhishekTiwari23 · February 12, 2024, 11:04pm

Hi, I am trying to make my local dev setup for Passbolt_api.

Point to note

I am working on a fresh debian image with no extra configuration
version and installs
- PHP - 8.2.7
- MySQL - 15.1 10.11.6-MariaDB
- Composer version - 2.5.5
- all the dependencies are installed - passbolt_api/config/requirements.php at master · AbhishekTiwari23/passbolt_api · GitHub
- apache2 and nginx both installed

Mysql Setup

MariaDB [mysql]> show grants for ‘passboltadmin’@‘localhost’;
±---------------------------------------------------------------------------------------------------------------------+
| Grants for passboltadmin@localhost |
±---------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON . TO passboltadmin@localhost IDENTIFIED BY PASSWORD '19982AC484EEE1A991CA8D07587351B132BCCE7C’ |
| GRANT ALL PRIVILEGES ON passboltdb. TO passboltadmin@localhost |
±---------------------------------------------------------------------------------------------------------------------+

My passbolt.php setup

<?PHP return [ 'App' => [

    'fullBaseUrl' => 'https://127.0.0.1',
],

// Database configuration.
'Datasources' => [
    'default' => [
        'host' => 'localhost',
        'driver' => 'Cake\\Database\\Driver\\Mysql',
        'port' => '3306',
        'username' => 'passboltadmin',
        'password' => 'debian',
        'database' => 'passboltdb',
    ],
],

// Email configuration.
'EmailTransport' => [
    'default' => [
        'host' => 'smtp.gmail.com',
        'port' => 25,
        'username' => 'abhishektiwariabhishek23@gmail.com',
        'password' => 'my password',
        // Is this a secure connection? true if yes, null if no.
        'tls' => true,
        //'timeout' => 30,
        //'client' => null,
        //'url' => null,
    ],
],
'Email' => [
    'default' => [
        // Defines the default name and email of the sender of the emails.
        'from' => ['abhishektiwariabhishek23@gmail.com' => 'Passbolt'],
        //'charset' => 'utf-8',
        //'headerCharset' => 'utf-8',
    ],
],

'passbolt' => [
    'gpg' => [
        // Tell GPG where to find the keyring.
        // If putenv is set to false, gnupg will use the default path ~/.gnupg.
        // For example :
        // - Apache on Centos it would be in '/usr/share/httpd/.gnupg'
        // - Apache on Debian it would be in '/var/www/.gnupg'
        // - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
        // - etc.
        'keyring' => getenv("HOME") . DS . '.gnupg',
        //
        // Replace GNUPGHOME with above value even if it is set.
        //'putenv' => false,

        // Main server key.
        'serverKey' => [
            // Server private key fingerprint.
            'fingerprint' => 'E532C2D3AC26F8C5ECA7B1670AB66F07C0159CE6',
            'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
            'private' => CONFIG . 'gpg' . DS . 'serverkey_private.asc',
        ],
    ],
    'security' =>[
        'smtpsettings' =>[
            'endpointDisabled' => true,
        ],
    ],

    'ssl' =>[
        'force' => true,
    ],
], ];

bin/cake passbolt healthcheck output

debian@debian:~/Desktop/passbolt/passbolt_api$ bin/cake passbolt healthcheck
Open source password manager for teams

Passbolt commands should only be executed as the web server user.
The command should be executed with the same user as your web server. By instance:
su -s /bin/bash -c “/home/debian/Desktop/passbolt/passbolt_api/bin/cake COMMAND” HTTP_USER
where HTTP_USER match your web server user: www-data, nginx, apache, http
Healthcheck shell

Environment
[PASS] PHP version 8.2.7.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://127.0.0.1
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate
Database
[FAIL] The application is not able to connect to the database.
[HELP] Double check the host, database name, username and password in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.
[HELP] Make sure the database exists and is accessible for the given database user.
[FAIL] No table found
[HELP] Run the install script to install the database tables
[HELP] sudo su -s /bin/bash -c “/home/debian/Desktop/passbolt/passbolt_api/bin/cake passbolt install” debian
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c “/home/debian/Desktop/passbolt/passbolt_api/bin/cake passbolt install” debian
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c “/home/debian/Desktop/passbolt/passbolt_api/bin/cake migrations migrate --no-lock” debian
[HELP] See. Passbolt Help | Update
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/debian/.gnupg.
[PASS] The directory /home/debian/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php and readable.
[PASS] The private key file is defined in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.
[PASS] The server public key defined in the /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (4.5.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /home/debian/Desktop/passbolt/passbolt_api/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /home/debian/Desktop/passbolt/passbolt_api/config/passbolt.php.

[FAIL] 5 error(s) found. Hang in there!

For SSL certificate I followed - Passbolt Help | Manual HTTPS configuration on Debian and Ubuntu with user provided certificates How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04 | DigitalOcean

All required ports are enabled

AbhishekTiwari23 · February 12, 2024, 11:13pm

Please guide me what to do now

antony · February 13, 2024, 7:39am

Hello @AbhishekTiwari23 , welcome to our community

I see some healthcheck issues but I wanted to know if that is what you want to fix? Have you followed this guide?

It looks like you didn’t ran the install script and I see some issues, it looks like the MySQL password you’ve shared doesn’t match the one in passbolt.php

AbhishekTiwari23 · February 14, 2024, 7:04am

Yes, I followed the guide and my setup is also similar, even when I am running ‘composer test’ command, only 17 test are failing. And for running the test I am using the same database. Please have look at - Mozilla Community Pastebin/nrRD1auY (JavaScript). And I want to run Passbolt using ‘bin/cake Passbolt install’ command

antony · February 19, 2024, 9:46am

Hello,

Could you be more clear with the issue you are encountering? What do you expect to see, what do you see instead ? You want to use the passbolt install command but if you manage to share the healthcheck I assume that passbolt has been installed?

Do you have some issues accessing the instance on the browser?

AbhishekTiwari23 · February 19, 2024, 9:58am

I fixed it, and now it is working. Thanks for help

antony · February 19, 2024, 9:59am

Happy to hear that.

Could you share with us what was the issue and how did you managed to resolve it?

AbhishekTiwari23 · February 19, 2024, 10:00am

Actually, at that time, I was using unsecure GPG keys ( the default one), so I was getting errors; now it is fixed.
And for the above message, I mean “registering the admin”.