jareth
-
Posts
14 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by jareth
-
-
33:33 is a UID, User Identifer. Because we are doing this through docker, and we want the permissions there before we start the docker for the first time you need to ensure your appdata has a passbolt-ce directory with jwt and gpg directories in it. You can do this through the unraid terminal. Then while still in the terminal you want to chown 33:33 jwt and then chown 33:33 gpg. This will make the user and group owners for these directories 33. 33 is the UID for www-data user in the container that needs permissions to those directories to create keys and what not. We use 33 because the www-data user is not present on the unraid host.
I found I needed those directories created with the proper permissions before my first attempt, as I think first time creation script is slightly different.
-
I recently got the Passbolt CE successfully installed and configured. I did have multiple issues, over a few attempts at getting this going and I will try and put my findings here, as I hope this will help other people. First off, "username is already in use" issue. This username is stored in the DB you created for this, so it has nothing to do with passbolt or their servers. You can try the your url/recover page, but if you are just installing this the first time, I found it easier to just remove the mariadb image and delete the data folder in appdata, and start over. My biggest issue seemed to be that when starting the passbolt instance for the first time, it would try and write the keys in the jwt and gpg. I would always go in there afterward and change chown 33:33 jwt and gpg, but on my last attempt I created the folders and set the owner to 33:33 before starting the instance for the first time. This seemed to be successful as when I registered via command line, everything worked this time. I did have the extension pre-installed so that may be part of the process. Last issue I had was the email settings, I had to add lines for EMAIL_TRANSPORT_DEFAULT_HOST EMAIL_DEFAULT_FROM EMAIL_TRANSPORT_DEFAULT_USERNAME and EMAIL_TRANSPORT_DEFAULT_PASSWORD as container variables. Those 3 things, the email settings, the folder permissions and having a fresh DB, and I was able to get everything working.
Doing a health check of my system, I still have 6 errors [FAIL]. Two are for SSL, 4 are basically a lack of passbolt.php which seems to not be used in the unraid docker version. If anyone sees anything wrong with something I've said please call me out, I don't want to be giving incorrect information, or be running this improperly myself. I'm only a few hours in, but am glad I finally got this far.
Good luck all!
-
-
Looking at -
The link for - Goes to File Not found.
I tried using the wayback machine to find that file but no luck as of yet.
I have a brtfs cache of 2x250gb ssd and 2x500 gb ssd. One of my 500's was reporting issues, I tried scrubing with repair and no luck, so I purchased a 1tb replacement. I removed the bad 500, put the new 1tb in and selected it in place of the bad 500gb. It appears to be doing something as a brtfs operation prevents certain actions, but I am seeing more writes on the good 500gb drive than on the 1tb drive.
I tried btrfs replace status /mnt/cache command but it says never started.
Any assistance, would be appreciated.
-
Hello,
I am currently having issues getting sftp setup. I got it working before, but now Proftpd won't load, so I revisisted your steps. I created an ssh key and followed that guide, and that did not work, I remembered something about having to do it on another linux machine, so I created a new key and followed the steps again. Unraid Version 6.8.0 and Ubuntu 19.10 for ssh-key gen and Plugin Version: 2020.03.10.1.
I am currently getting the following errors -
proftpd -t -c /etc/proftpd.conf
Checking syntax of configuration file
2020-05-22 14:59:08,550 Tower proftpd[5571]: mod_ctrls/0.9.5: error: unable to bind to local socket: Address already in use
2020-05-22 14:59:11,638 Tower proftpd[5571] 127.0.0.1: mod_lang/1.1: unable to scan the localised files in '/usr/local/share/locale': No such file or directoryWrong passphrase for this key. Please try again.
Wrong passphrase for this key. Please try again.
Wrong passphrase for this key. Please try again.
2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/sftp_rsa_key': (unknown)
2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/sftp_rsa_key', exitingJust in case heres my proftpd.conf
# Server Settings
ServerName ProFTPd
ServerType standalone
DefaultServer on
PidFile /var/run/ProFTPd/ProFTPd.pid# Port 21 is the standard FTP port. You propably should not connect to the
# internet with this port. Make your router forward another port to
# this one instead.
Port 21# Set the user and group under which the server will run.
User nobody
Group users# Prevent DoS attacks
MaxInstances 30# Speedup Login
UseReverseDNS off
IdentLookups off# Control Logging - comment and uncomment as needed
# If logging Directory is world writeable the server won't start!
# If no SystemLog is defined proftpd will log to servers syslog.
#SystemLog NONE
#SystemLog /boot/config/plugins/ProFTPd/slog
TransferLog NONE
#TransferLog /boot/config/plugins/ProFTPd/xferlog
WtmpLog NONE# As a security precaution prevent root and other users in
# /etc/ftpuser from accessing the FTP server.
UseFtpUsers on
RootLogin off# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022# "Jail" FTP-Users into their home directory. (chroot)
# The root directory has to be set in the description field
# when defining an user:
# ftpuser /mnt/cache/FTP
# See README for more information.
DefaultRoot ~# Shell has to be set when defining an user. As a security precaution
# it is set to "/bin/false" as FTP-Users should not have shell access.
# This setting makes proftpd accept invalid shells.
RequireValidShell no# Normally, we want files to be overwriteable.
AllowOverwrite on<IfModule mod_sftp.c>
SFTPEngine on
Port 2222
SFTPLog /var/log/sftp.logSFTPHostKey /etc/ssh/sftp_rsa_key
SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keysSFTPAuthMethods publickey
SFTPKeyBlacklist none
SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem</IfModule>
[SUPPORT] SmartPhoneLover - Passbolt
in Docker Containers
Posted
Hi Clayton,
I had some free time this morning, so I looked back into my healthcheck.
[FAIL] The server OpenPGP key is not set
[FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
[FAIL] The server key does not have a valid email id.
I saw that OpenPGP part, so I added 3 Passbolt_GPG environment variables and that got me -
Healthcheck shell......Exception: Could not use key for signing. get_key failed
In [/usr/share/php/passbolt/src/Utility/OpenPGP/Backends/Gnupg.php, line 240]
When running health check. I took the variables out and back to those 2 errors above, +SSL and 1 more for not being on latest version, which I will remedy later.
Any help would greatly be appreciated.
Jareth