It was unfortunately locked before I could reply/resolve the issue.
Most recently, here’s my status check/health check:
user@passbolt-server-ubuntu-19-10:/var/www/passbolt$ sudo su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.3.11-0ubuntu0.19.10.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://192.168.1.42
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (7) Failed to connect to 192.168.1.42 port 443: Connection refused
Database
[PASS] The application is able to connect to the database
[PASS] 1 tables found
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt install" www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake migrations migrate --no-lock" www-data
[HELP] See. https://www.passbolt.com/help/tech/update
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[FAIL] The environment variable GNUPGHOME is set to /home/www-data/.gnupg, but the directory does not exist.
[HELP] Ensure the keyring location exists and is accessible by the webserver user.
[HELP] you can try:
[HELP] sudo mkdir /home/www-data/.gnupg
[HELP] sudo chown -R www-data:www-data /home/www-data/.gnupg
[HELP] sudo chmod 700 /home/www-data/.gnupg
[HELP] You can change the location of the keyring by editing the GPG.env.setenv and GPG.env.home variables in config/passbolt.php.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The public key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the public key file is defined by the variable passbolt.gpg.serverKey.public in config/passbolt.php.
[HELP] Ensure there is a public key armored block in the key file.
[HELP] Ensure the public key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The private key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
[HELP] Ensure there is a private key armored block in the key file.
[HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /home/www-data/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
Application configuration
[PASS] Using latest passbolt version (2.12.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
12 error(s) found. Hang in there!
When I go to re-run the install script with sudo su -s /bin/bash -c "./bin/cake passbolt install --force" www-data in /var/www/passbolt, I get:
user@server:/var/www/passbolt$ sudo su -s /bin/bash -c "./bin/cake passbolt install --force" www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Running baseline checks, please wait...
The GnuPG config for the server is not available or incomplete
Please run ./bin/cake passbolt healthcheck for more information and help.
So clearly something is wrong with my GnuPG set-up. I believe this relates back to my problems explained in the previous post (404s after fresh install on Ubuntu 19.10).
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.3.11-0ubuntu0.19.10.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://192.168.1.42
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (2.12.0).
[PASS] Passbolt is configured to force SSL use.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
4 error(s) found. Hang in there!
Finally got this working. Apparently the .htaccess in /var/www/html was:
root@mamabear:/var/www/passbolt# cat /var/www/passbolt/.htaccess
# Uncomment the following to prevent the httpoxy vulnerability
# See: https://httpoxy.org/
#<IfModule mod_headers.c>
# RequestHeader unset Proxy
#</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
I then noticed that the Apache set-up on this Ubuntu box happened to have no mod_rewrite, so I enabled it with:
root@server:/var/www/passbolt# sudo a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@server:/var/www/passbolt#
root@server:/var/www/passbolt# systemctl restart apache2
Then, the site started loading! I’m running through the install now. Yay.