From index.html
console during failed login:
vendors.min.js:82340 POST https://passbolt.mydomain.com/auth/login.json?api-version=v1 502 (Bad Gateway)
index.min.js:1455 There was a server error. No additional information provided(502)
There is a small chance SE linux is stomping on things but I donāt think it has before. Wait no, it is disabled:
cameron@myserver /var/www/passbolt $ sudo sestatus
SELinux status: disabled
Just noticed the nginx error logs during failed login:
==> /var/log/nginx/error.log <==
2018/05/17 10:17:13 [error] 847#0: *228598 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133" while reading response header from upstream, client: 12.34.56.789, server: passbolt.mydomain.com, request: "POST /auth/login.json?api-version
2018/05/17 10:17:13 [error] 847#0: *228598 upstream sent too big header while reading response header from upstream, client: 12.34.56.789, server: passbolt.mydomain.com, request: "POST /auth/login.json?api-version=v1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "passbolt.mydomain.com"
So, when I switched the user accounts around, I didnāt fix permissions with regards to nginx.
cameron@myserver ~ $ ls -l /var/www/passbolt/logs
total 0
cameron@myserver ~ $ ls -l /var/www/passbolt/logs -d
drwxr-xrwx 2 passbolt-src nginx 4096 May 10 22:48 /var/www/passbolt/logs
Fix that real quick
cameron@myserver ~ $ sudo chmod g+w,o-w /var/www/passbolt/logs
Now I donāt get the 502
error but I get bumped right back to the login page.
cameron@myserver ~ $ cat /var/www/passbolt/logs/error.log | egrep -v '^\s*$'
2018-05-17 07:23:25 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:26 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:26 Warning: Warning (512): /var/www/passbolt/tmp/cache/models/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_gpgkeys' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_roles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_groups_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_profiles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): _cake_model_ cache was unable to write 'default_file_storage' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:26 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:26 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_op2eq0d7gjqavho0kvnpju8f01, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:23:26 Warning: Warning (2): session_write_close(): open(/var/lib/php/session/sess_op2eq0d7gjqavho0kvnpju8f01, O_RDWR) failed: Permission denied (13) in [Unknown, line 0]
2018-05-17 07:23:26 Warning: Warning (2): session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in [Unknown, line 0]
2018-05-17 07:23:31 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:31 Warning: Warning (512): /var/www/passbolt/tmp/cache/models/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_gpgkeys' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_roles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_groups_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_profiles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_file_storage' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:31 Warning: Warning (512): _cake_model_ cache was unable to write 'default_authentication_tokens' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:32 Warning: Warning (512): /var/www/passbolt/tmp/cache/models/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_gpgkeys' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_roles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_groups_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_profiles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_file_storage' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (512): _cake_model_ cache was unable to write 'default_authentication_tokens' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:32 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_op2eq0d7gjqavho0kvnpju8f01, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:23:32 Warning: Warning (2): session_regenerate_id(): open(/var/lib/php/session/sess_qus91rhrbj7j5jr85uuunoj9u6, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 578]
2018-05-17 07:23:32 Warning: Warning (4096): session_regenerate_id(): Failed to create(read) session ID: files (path: /var/lib/php/session) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 578]
2018-05-17 07:23:32 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:32 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:33 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_hjo3799hsopum7bamo9nc8c7v7, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:23:33 Warning: Warning (2): session_write_close(): open(/var/lib/php/session/sess_hjo3799hsopum7bamo9nc8c7v7, O_RDWR) failed: Permission denied (13) in [Unknown, line 0]
2018-05-17 07:23:33 Warning: Warning (2): session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in [Unknown, line 0]
2018-05-17 07:23:33 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:33 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:33 Warning: Warning (512): /var/www/passbolt/tmp/cache/models/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_gpgkeys' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_roles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_groups_users' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_profiles' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): _cake_model_ cache was unable to write 'default_file_storage' to Cake\Cache\Engine\FileEngine cache in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Cache.php, line 286]
2018-05-17 07:23:33 Warning: Warning (512): /var/www/passbolt/tmp/cache/persistent/ is not writable in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 437]
2018-05-17 07:23:33 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_hjo3799hsopum7bamo9nc8c7v7, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:23:33 Warning: Warning (2): session_write_close(): open(/var/lib/php/session/sess_hjo3799hsopum7bamo9nc8c7v7, O_RDWR) failed: Permission denied (13) in [Unknown, line 0]
2018-05-17 07:23:33 Warning: Warning (2): session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in [Unknown, line 0]
Looks like I didnāt fix all of the permissions that needed fixing.
I would like it for nginx to not be able to modify files it shouldnāt need to modify. I guess thatās what I was thinking with creating a passbolt-src
user. Also so that that user could run git updates without nginx permissions. Alas, I see your installations instructions say to just let nginx
own everythingā¦
cameron@myserver /var/www/passbolt $ sudo chown -R nginx: .
Hmmm. Still not logging in. nginx Access logs show things happeningā¦
==> /var/log/nginx/access.log <==
12.34.56.789 - - [17/May/2018:10:38:57 +0300] "POST /auth/login.json?api-version=v1 HTTP/1.1" 200 1097 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:57 +0300] "POST /auth/login.json?api-version=v1 HTTP/1.1" 200 3995 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:57 +0300] "GET /auth/checkSession.json?api-version=v1 HTTP/1.1" 403 263 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:57 +0300] "GET / HTTP/1.1" 302 5 "https://passbolt.mydomain.com/auth/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:57 +0300] "GET /auth/login HTTP/1.1" 200 5611 "https://passbolt.mydomain.com/auth/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:59 +0300] "POST /auth/verify.json?api-version=v1 HTTP/1.1" 200 1916 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
12.34.56.789 - - [17/May/2018:10:38:59 +0300] "GET /settings.json?api-version=v2 HTTP/1.1" 200 326 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" "-"
Oh! More errors in /var/www/passbolt/logs/error.log
(that I overlooked before):
2018-05-17 07:38:57 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_047i6tj20dvnm28ccrogasj561, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:38:57 Warning: Warning (2): session_regenerate_id(): open(/var/lib/php/session/sess_kvmtav4e1sddkb29mdd14fddb7, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 578]
2018-05-17 07:38:57 Warning: Warning (4096): session_regenerate_id(): Failed to create(read) session ID: files (path: /var/lib/php/session) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 578]
2018-05-17 07:38:57 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_3l4ftb10bo0m1eip6rtp48log3, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:38:57 Warning: Warning (2): session_write_close(): open(/var/lib/php/session/sess_3l4ftb10bo0m1eip6rtp48log3, O_RDWR) failed: Permission denied (13) in [Unknown, line 0]
2018-05-17 07:38:57 Warning: Warning (2): session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in [Unknown, line 0]
2018-05-17 07:38:59 Warning: Warning (2): session_start(): open(/var/lib/php/session/sess_3l4ftb10bo0m1eip6rtp48log3, O_RDWR) failed: Permission denied (13) in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Session.php, line 335]
2018-05-17 07:38:59 Warning: Warning (2): session_write_close(): open(/var/lib/php/session/sess_3l4ftb10bo0m1eip6rtp48log3, O_RDWR) failed: Permission denied (13) in [Unknown, line 0]
2018-05-17 07:38:59 Warning: Warning (2): session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in [Unknown, line 0]
Stupid php update changes the permissions on /var/lib/php/session
to apache
.
cameron@myserver ~ $ sudo ls -ld /var/lib/php/session
drwxrwx--- 2 root apache 4096 Apr 28 11:22 /var/lib/php/session
cameron@myserver ~ $ sudo chgrp nginx /var/lib/php/session
And weāre all set!
Thanks for the help debugging this. Hope the documentation of my tribulations will help someone else eventually.