Hi everyone,
I’m trying to set up a passbolt server behind our Nginx proxy server.
I’m not using docker. This is a standard install using the Ubuntu 24 tutorial provided. From the local network, everything is working fine. I can access the install page.
However from outside the lan, not so much.
Using Edge, I’m getting this:
Here are the technical details:
Passbolt server: Ubuntu server 64b 24.04
The reverse proxy is handling the SSL encryption, therefore the passbolt server is running on TCP 80.
Nginx conf:
server {
listen 80;
listen [::]:80;
server_name bolt.newton.com;
client_body_buffer_size 100K;
client_header_buffer_size 1K;
client_max_body_size 5M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
root /usr/share/php/passbolt/webroot;
index index.php;
error_log /var/log/nginx/passbolt-error.log info;
access_log /var/log/nginx/passbolt-access.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
}
}
Passbolt server /etc/hosts
127.0.0.1 localhost
127.0.1.1 bolt.newton.com
/var/log/nginx/passbolt-access.log
192.168.1.1 is the reverse proxy address.
192.168.1.1 - - [06/Jun/2024:14:19:13 +0000] "GET /install HTTP/1.0" 200 3973 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0"
192.168.1.1 - - [06/Jun/2024:14:19:13 +0000] "GET /install HTTP/1.0" 200 3973 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0"
Nothing in /var/log/nginx/passbolt-error.log
Nginx Reverse Proxy Conf:
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $http_host/editors;
server{
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/bolt.newton.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bolt.newton.com/privkey.pem;
access_log /var/log/nginx/reverse-access-bolt.log;
error_log /var/log/nginx/reverse-error-bolt.log;
server_name bolt.newton.com;
location / {
proxy_pass http://bolt.newton.com:80;
}
}
Reverse proxy /etc/hosts
127.0.0.1 localhost
192.168.1.7 bolt.newton.com
Reverse proxy /var/log/nginx/reverse-access-bolt.log
109.209.xx.xx- - [06/Jun/2024:16:21:14 +0200] "GET /install HTTP/1.1" 200 1658 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0"
I assume the problem is related to the reverse proxy configuration, but I could not figure out why.
