Unable to register first user

[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hey guys.

Installed passbolt via docker (compose) - image id dbd9022ee56fb1c8b6fe91134de9453002c5a23c1067d30f2ac6afdf44aa3ad9 . I chose two new default ports in docker-compose.yml.

They boot up fine, but running exec for registering a new user as per the documentation im seeing this error:

$ docker-compose exec passbolt su -m -c “/usr/share/php/passbolt/bin/cake
passbolt register_user
-u a@b.c
-f foo
-l fooey
-r admin” -s /bin/sh www-data
/usr/lib/python3/dist-packages/requests/init.py:89: RequestsDependencyWarning: urllib3 (1.26.7) or chardet (3.0.4) doesn’t match a supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn’t match a supported "
su: Authentication failure

I tried to attach as root and change the password for www-data - didnt work (i know thats a dirty hack :wink:

What am I doing wrong? I am running the containers as a normal user. Have also tried as root - no luck.

Hi @dfgertge4w345

Regarding your error: on StackOverflow.

Without using sudo for the docker-compose command have you referenced this: regarding running docker-compose as non-root?

After these two, if still not working please post your docker-compose.yml so we can see the modifications, thanks.

Hi Garret!

Thank you for replying :slight_smile: Sorry for what has become a very long post!

Docker is working great for my regular user:

$  docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:cc15c5b292d8525effc0f89cb299f1804f3a725c8d05e158653a563f15e4f685
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

The password request comes from the docker container, and not my local machine - nothing in /var/log/auth.log (and I did try with my password as well - multiple times).

The docker-compose.yml looks like this - very standard except using “latest-ce-non-root” and two alt ports:

$ cat docker-compose.yml 
version: '3.4'
    image: mariadb:10.3
      - env/mysql.env
      - database_volume:/var/lib/mysql
      - ""

    #image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    image: passbolt/passbolt:latest-ce-non-root
    tty: true
      - db
      - env/passbolt.env
      - gpg_volume:/etc/passbolt/gpg
      - images_volume:/usr/share/php/passbolt/webroot/img/public
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    #  - 80:80
    #  - 443:443
    #Alternatively for non-root images:
     - 8002:80
     - 4443:443


Also thank you for the urllib link - i fixed that :slight_smile:

Just now - I solved(?) the problem by removing the “su” part of the exec command for registering first user - like so:

$ docker-compose exec passbolt /usr/share/php/passbolt/bin/cake \
                                passbolt register_user \
                                -u a@b.c \
                                -f foo \
                                -l fooey \
                                -r admin

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
User saved successfully.

Its not meant to be run that way im sure…but…it got me further. Now the issue is actual access to the container - it seems this adventure is unfolding with every minute that passes :slight_smile:

I can see from an attached console in the docker container that it is not listening on 80 and 443, but 8080 and 4433:

www-data@5897ac37d944:/usr/share/php/passbolt$ ss -4pln6
Netid                   State                    Recv-Q                   Send-Q                                     Local Address:Port                                     Peer Address:Port                  Process                                                                                                                                                                                                        
tcp                     LISTEN                   0                        511                                                 [::]:8080                                             [::]:*                      users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
tcp                     LISTEN                   0                        511                                                 [::]:4433                                             [::]:*                      users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))
mptcp                   LISTEN                   0                        511                                                 [::]:8080                                             [::]:*                      users:(("nginx",pid=163,fd=9),("nginx",pid=161,fd=9),("nginx",pid=158,fd=9),("nginx",pid=157,fd=9),("nginx",pid=156,fd=9),("nginx",pid=155,fd=9),("nginx",pid=154,fd=9),("nginx",pid=153,fd=9),("nginx",pid=152,fd=9),("nginx",pid=151,fd=9),("nginx",pid=150,fd=9),("nginx",pid=149,fd=9),("nginx",pid=143,fd=9))
mptcp                   LISTEN                   0                        511                                                 [::]:4433                                             [::]:*                      users:(("nginx",pid=163,fd=10),("nginx",pid=161,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=155,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=143,fd=10))

After correcting the port mapping in docker (with portainer), I can now access the ports - but no page is loading due to CSP errors (firefox console). Im using “http://passbolt.local:8002” to access the page (both http and https are displaying the same behavior). I wonder why the CSP settings are set up the way they are - dont know how to solve this yet.

Should I edit all this and post this to a separate thread?

Hi @dfgertge4w345

The docker installation part is currently under rewriting, as information are exploded in multiple places, and are not always very clear, from my point of view.

If you have a look at this docker-compose.yml, you will see the used ports for non-root images:

    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

So if you want to access to http port from port 8002, and let’s say 8003 for https, you should use:

    #Alternatively for non-root images:
     - 8002:8080
     - 8003:4433

non-root images are executed as www-data user, so you’re right, you have to remove the su - .... www-data stuff.

You have some other informations in the README of the github repository: passbolt_docker/README.md at master · passbolt/passbolt_docker · GitHub

About your CSP errors, you should re-post your updated docker-compose.yml with environment files (hide your password) ? The APP_FULL_BASE_URL environment variable must start with https:// or http:// you cannot use both.

By the way, here is another forum post who is talking about HTTP to HTTPS and CORS problems: HTTP to HTTP configuration problem

Maybe do you have the same issue ?

If you are interested, here are rewriting drafts for installing passbolt on docker (can contain typos):