Unable to register first user

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hey guys.

Installed passbolt via docker (compose) - image id dbd9022ee56fb1c8b6fe91134de9453002c5a23c1067d30f2ac6afdf44aa3ad9 . I chose two new default ports in docker-compose.yml.

They boot up fine, but running exec for registering a new user as per the documentation im seeing this error:

$ docker-compose exec passbolt su -m -c “/usr/share/php/passbolt/bin/cake
passbolt register_user
-u a@b.c
-f foo
-l fooey
-r admin” -s /bin/sh www-data
/usr/lib/python3/dist-packages/requests/init.py:89: RequestsDependencyWarning: urllib3 (1.26.7) or chardet (3.0.4) doesn’t match a supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn’t match a supported "
Password:
su: Authentication failure

I tried to attach as root and change the password for www-data - didnt work (i know thats a dirty hack

What am I doing wrong? I am running the containers as a normal user. Have also tried as root - no luck.

Hi @dfgertge4w345

Regarding your error: on StackOverflow.

Without using sudo for the docker-compose command have you referenced this: regarding running docker-compose as non-root?

After these two, if still not working please post your docker-compose.yml so we can see the modifications, thanks.

Hi Garret!

Thank you for replying Sorry for what has become a very long post!

Docker is working great for my regular user:

$  docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

The password request comes from the docker container, and not my local machine - nothing in /var/log/auth.log (and I did try with my password as well - multiple times).

The docker-compose.yml looks like this - very standard except using “latest-ce-non-root” and two alt ports:

$ cat docker-compose.yml 
version: '3.4'
services:
  db:
    image: mariadb:10.3
    env_file:
      - env/mysql.env
    volumes:
      - database_volume:/var/lib/mysql
    ports:
      - "127.0.0.1:3306:3306"

  passbolt:
    #image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    image: passbolt/passbolt:latest-ce-non-root
    tty: true
    depends_on:
      - db
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - images_volume:/usr/share/php/passbolt/webroot/img/public
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
    #  - 80:80
    #  - 443:443
    #Alternatively for non-root images:
     - 8002:80
     - 4443:443

volumes:
  database_volume:
  gpg_volume:
  images_volume:

Also thank you for the urllib link - i fixed that

Just now - I solved(?) the problem by removing the “su” part of the exec command for registering first user - like so:

$ docker-compose exec passbolt /usr/share/php/passbolt/bin/cake \
                                passbolt register_user \
                                -u a@b.c \
                                -f foo \
                                -l fooey \
                                -r admin

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
User saved successfully.

Its not meant to be run that way im sure…but…it got me further. Now the issue is actual access to the container - it seems this adventure is unfolding with every minute that passes

I can see from an attached console in the docker container that it is not listening on 80 and 443, but 8080 and 4433:

www-data@5897ac37d944:/usr/share/php/passbolt$ ss -4pln6
Netid                   State                    Recv-Q                   Send-Q                                     Local Address:Port                                     Peer Address:Port                  Process                                                                                                                                                                                                        
tcp                     LISTEN                   0                        511                                                 [::]:8080                                             [::]:*                      users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
tcp                     LISTEN                   0                        511                                                 [::]:4433                                             [::]:*                      users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))
mptcp                   LISTEN                   0                        511                                                 [::]:8080                                             [::]:*                      users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
mptcp                   LISTEN                   0                        511                                                 [::]:4433                                             [::]:*                      users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))

After correcting the port mapping in docker (with portainer), I can now access the ports - but no page is loading due to CSP errors (firefox console). Im using “http://passbolt.local:8002” to access the page (both http and https are displaying the same behavior). I wonder why the CSP settings are set up the way they are - dont know how to solve this yet.

Should I edit all this and post this to a separate thread?

Hi @dfgertge4w345

The docker installation part is currently under rewriting, as information are exploded in multiple places, and are not always very clear, from my point of view.

If you have a look at this docker-compose.yml, you will see the used ports for non-root images:

    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

So if you want to access to http port from port 8002, and let’s say 8003 for https, you should use:

    #Alternatively for non-root images:
     - 8002:8080
     - 8003:4433

non-root images are executed as www-data user, so you’re right, you have to remove the su - .... www-data stuff.

You have some other informations in the README of the github repository: passbolt_docker/README.md at master · passbolt/passbolt_docker · GitHub

About your CSP errors, you should re-post your updated docker-compose.yml with environment files (hide your password) ? The APP_FULL_BASE_URL environment variable must start with https:// or http:// you cannot use both.

By the way, here is another forum post who is talking about HTTP to HTTPS and CORS problems: HTTP to HTTP configuration problem

Maybe do you have the same issue ?

If you are interested, here are rewriting drafts for installing passbolt on docker (can contain typos):

• passbolt docker installation draft
• passbolt docker SSL certificates with Let’s Encrypt
• passbolt docker troubleshooting