Hi Garret!
Thank you for replying Sorry for what has become a very long post!
Docker is working great for my regular user:
$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
The password request comes from the docker container, and not my local machine - nothing in /var/log/auth.log (and I did try with my password as well - multiple times).
The docker-compose.yml looks like this - very standard except using “latest-ce-non-root” and two alt ports:
$ cat docker-compose.yml
version: '3.4'
services:
db:
image: mariadb:10.3
env_file:
- env/mysql.env
volumes:
- database_volume:/var/lib/mysql
ports:
- "127.0.0.1:3306:3306"
passbolt:
#image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
image: passbolt/passbolt:latest-ce-non-root
tty: true
depends_on:
- db
env_file:
- env/passbolt.env
volumes:
- gpg_volume:/etc/passbolt/gpg
- images_volume:/usr/share/php/passbolt/webroot/img/public
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
ports:
# - 80:80
# - 443:443
#Alternatively for non-root images:
- 8002:80
- 4443:443
volumes:
database_volume:
gpg_volume:
images_volume:
Also thank you for the urllib link - i fixed that
Just now - I solved(?) the problem by removing the “su” part of the exec command for registering first user - like so:
$ docker-compose exec passbolt /usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u a@b.c \
-f foo \
-l fooey \
-r admin
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
User saved successfully.
Its not meant to be run that way im sure…but…it got me further. Now the issue is actual access to the container - it seems this adventure is unfolding with every minute that passes
I can see from an attached console in the docker container that it is not listening on 80 and 443, but 8080 and 4433:
www-data@5897ac37d944:/usr/share/php/passbolt$ ss -4pln6
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 511 [::]:8080 [::]:* users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
tcp LISTEN 0 511 [::]:4433 [::]:* users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))
mptcp LISTEN 0 511 [::]:8080 [::]:* users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
mptcp LISTEN 0 511 [::]:4433 [::]:* users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))
After correcting the port mapping in docker (with portainer), I can now access the ports - but no page is loading due to CSP errors (firefox console). Im using “http://passbolt.local:8002” to access the page (both http and https are displaying the same behavior). I wonder why the CSP settings are set up the way they are - dont know how to solve this yet.
Should I edit all this and post this to a separate thread?