SmartPhoneLover Posted February 4, 2022 Share Posted February 4, 2022 This docker template was created based on an already available official docker image WebSite: https://www.passbolt.com/ Forum: https://community.passbolt.com/ GitHub: https://github.com/passbolt/passbolt_docker DockerHub: https://hub.docker.com/r/passbolt/passbolt/ Documentation: https://help.passbolt.com/?pk_vid=20aa535c5bde0cec164389224878caf0 My Repository: https://github.com/SmartPhoneLover/unraid-docker-templates DESCRIPTION Passbolt is a free and open source password manager that allows team members to store and share credentials securely. Comparison chart: https://signup.passbolt.com/pricing/pro#features How to proceed after first launch? 1. Register new user at first launch... Open unRAID Terminal (not from container), and enter the following cmd (your details): 'docker exec CONTAINER_NAME su -m -c "bin/cake passbolt register_user -u [email protected] -f USER_NAME -l USER_SURNAME -r admin" -s /bin/sh www-data'. 2. Generating registration link... Once the previous cmd finishes, it will generate a registration link based on your data entered before. The URL will be something like: 'https://HOST_IP:PORT/setup/install/5426733-63k6...'. Now, copy/paste (or just click) the address and open it with your favourite web browser. 3. Finishing registration process... You will be asked to create a passphrase to protect your account, and after entering it a recovery kit file (passbolt-recovery-kit.asc) will be generated and downloaded locally. Now, continue with the rest of the steps. Done! NOTES • It requires an external database. (MariaDB, MySQL) • It may asks you to install the browser's extension (Chrome, Mozilla...). • You have many other variables to use on this template if you need them. Check the GitHub repo to know more. VERSION 1.0 (2022-02-03) If you are going to report a bug or request something to be added/modified, please, take into consideration that I will only be able to apply changes for the work I own only. For example, if I create a docker template for an already existing docker image (not created by me), I won't be able to do more for that image than forward your report or request to the owner of the project. If you like my work, please consider making a little donation. - DONATE - Thank you very much 🙂 Quote Link to comment
AlexGreenUK Posted February 17, 2022 Share Posted February 17, 2022 Hey, Just tried using the App and when I run it I get -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied In the logs and the container does not start? Thanks for any help Quote Link to comment
SmartPhoneLover Posted April 11, 2022 Author Share Posted April 11, 2022 On 2/17/2022 at 10:40 AM, AlexGreenUK said: Hey, Just tried using the App and when I run it I get -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied In the logs and the container does not start? Thanks for any help Try giving full permissions to the appdata directory. And let me know what happends. Quote Link to comment
GitBoxer Posted April 19, 2022 Share Posted April 19, 2022 Followed the instructions, got the regostration IP, but screen is blank white Log gives me the following: 2022/04/19 17:36:33 [info] 166#166: *2 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.23.5.42, server: 0.0.0.0:443 10.23.5.42 - - [19/Apr/2022:17:36:33 -0400] "GET /setup/install/[Generated Code] HTTP/2.0" 200 1092 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Edg/100.0.1185.44" 2022-04-19 17:36:33,871 INFO reaped unknown pid 173 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 175 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 177 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 179 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 181 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 183 (exit status 0) 2022-04-19 17:36:33,871 INFO reaped unknown pid 185 (exit status 0) Quote Link to comment
GitBoxer Posted April 20, 2022 Share Posted April 20, 2022 I attempted to restart the installation process but now I get this at registration: Validation failed for the following user data: - Username: The username is already in use. User registration failed. How do I remove this username so I can restart the registration? Thanks! Quote Link to comment
Jos85 Posted August 22, 2022 Share Posted August 22, 2022 After install i follow your information about the command you have to execute, after that i click on the link and opens a page that wants you to install the extension. after install it keeps saying that you have to install the extension. I deleted the browser cache etc. still asking that question.. I checked the logs and says the following: 2022-08-22 16:09:04,660 INFO reaped unknown pid 469 (exit status 0) 2022-08-22 16:09:04,660 INFO reaped unknown pid 471 (exit status 0) im running out of options.... Quote Link to comment
Jos85 Posted September 4, 2022 Share Posted September 4, 2022 On 8/23/2022 at 1:23 AM, Jos85 said: After install i follow your information about the command you have to execute, after that i click on the link and opens a page that wants you to install the extension. after install it keeps saying that you have to install the extension. I deleted the browser cache etc. still asking that question.. I checked the logs and says the following: 2022-08-22 16:09:04,660 INFO reaped unknown pid 469 (exit status 0) 2022-08-22 16:09:04,660 INFO reaped unknown pid 471 (exit status 0) im running out of options.... This is an older version... will not work if as long this app wont be upgraded... Quote Link to comment
Squid Posted September 5, 2022 Share Posted September 5, 2022 This is the official version, and was last updated August 12th Quote Link to comment
darzani77 Posted October 16, 2022 Share Posted October 16, 2022 I can't start anything pg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created gpg: key 6A22E29278282113 marked as ultimately trusted gpg: directory '/var/lib/passbolt/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/B63170FED53102A933B35BB56A22E29278282113.rev' -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied gpg: key 3BB18EEF139E2C04 marked as ultimately trusted gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/7F48D071D76A069C76A6F5063BB18EEF139E2C04.rev' -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied gpg: key 138A096A6FA017F0 marked as ultimately trusted gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/DE2A30AE42502D1C1088A8C9138A096A6FA017F0.rev' -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied gpg: key F9019BC2BC1E1C69 marked as ultimately trusted gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/2BA033498A1D261CB3BDEE24F9019BC2BC1E1C69.rev' -bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied ================================================================================== Your entropy pool is low. This situation could lead GnuPG to not be able to create the gpg serverkey so the container start process will hang until enough entropy is obtained. Please consider installing rng-tools and/or virtio-rng on your host as the preferred method to generate random numbers using a TRNG. If rngd (rng-tools) does not provide enough or fast enough randomness you could consider installing haveged as a helper to speed up this process. Using haveged as a replacement for rngd is not recommended. You can read more about this topic here: https://lwn.net/Articles/525459/ ================================================================================== ================================================================================== Your entropy pool is low. This situation could lead GnuPG to not be able to create the gpg serverkey so the container start process will hang until enough entropy is obtained. Please consider installing rng-tools and/or virtio-rng on your host as the preferred method to generate random numbers using a TRNG. If rngd (rng-tools) does not provide enough or fast enough randomness you could consider installing haveged as a helper to speed up this process. Using haveged as a replacement for rngd is not recommended. You can read more about this topic here: https://lwn.net/Articles/525459/ ================================================================================== ================================================================================== Your entropy pool is low. This situation could lead GnuPG to not be able to create the gpg serverkey so the container start process will hang until enough entropy is obtained. Please consider installing rng-tools and/or virtio-rng on your host as the preferred method to generate random numbers using a TRNG. If rngd (rng-tools) does not provide enough or fast enough randomness you could consider installing haveged as a helper to speed up this process. Using haveged as a replacement for rngd is not recommended. You can read more about this topic here: https://lwn.net/Articles/525459/ ================================================================================== ================================================================================== Your entropy pool is low. This situation could lead GnuPG to not be able to create the gpg serverkey so the container start process will hang until enough entropy is obtained. Please consider installing rng-tools and/or virtio-rng on your host as the preferred method to generate random numbers using a TRNG. If rngd (rng-tools) does not provide enough or fast enough randomness you could consider installing haveged as a helper to speed up this process. Using haveged as a replacement for rngd is not recommended. You can read more about this topic here: https://lwn.net/Articles/525459/ ================================================================================== ** Press ANY KEY to close this window ** Quote Link to comment
mrwookie Posted October 29, 2022 Share Posted October 29, 2022 (edited) @SmartPhoneLover I installed the container yesterday and I'm stuck at the Download Extension step. I tried to recreate my gpg key as per mentioned on the doc of Passbolt without any success. I tried on Chrome, Firefox, Edge on both Windows 11 and MacOS.... Edited November 1, 2022 by mrwookie Forgot to add mention Quote Link to comment
mrwookie Posted November 12, 2022 Share Posted November 12, 2022 @SmartPhoneLover Any update on my previous post? I just updated the app and the issue remains. Extension not being detected. I do receive the email but regardless I'm using the link generated for me in the terminal or by the email I received, it all comes to the extension not being detected on Chrome and Firefox. Here's my log from when I open the app to when I try to detect the extension : ____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_ / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ / ____/ /_/ (__ |__ ) /_/ / /_/ / / / /_/ \__,_/____/____/_.___/\____/_/\__/ Open source password manager for teams ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Running migration scripts. ------------------------------------------------------------------------------- using migration paths - /etc/passbolt/Migrations using seed paths using environment default using adapter mysql using database unraid ordering by creation time All Done. Took 0.0086s Clearing default Cleared default cache Clearing _cake_core_ Cleared _cake_core_ cache Clearing _cake_model_ Cleared _cake_model_ cache Enjoy! ☮ 2022-11-12 13:22:04,400 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/php.conf" during parsing 2022-11-12 13:22:04,403 INFO RPC interface 'supervisor' initialized 2022-11-12 13:22:04,403 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2022-11-12 13:22:04,404 INFO supervisord started with pid 1 2022-11-12 13:22:05,407 INFO spawned: 'php-fpm' with pid 55 2022-11-12 13:22:05,409 INFO spawned: 'nginx' with pid 56 2022-11-12 13:22:05,411 INFO spawned: 'cron' with pid 57 2022-11-12 13:22:06,462 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-11-12 13:22:06,462 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-11-12 13:22:06,462 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022/11/12 13:22:13 [info] 60#60: *1 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.0.0.46, server: 0.0.0.0:443 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK HTTP/2.0" 200 1105 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,618 INFO reaped unknown pid 91 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 93 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 95 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 97 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 99 (exit status 0) 2022-11-12 13:22:13,619 INFO reaped unknown pid 101 (exit status 0) 2022-11-12 13:22:13,619 INFO reaped unknown pid 103 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /css/themes/midgar/api_authentication.min.css?v=3.7.3 HTTP/2.0" 200 68468 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /favicon.ico HTTP/2.0" 200 318 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /favicon_32.png HTTP/2.0" 200 1302 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,742 INFO reaped unknown pid 106 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 108 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 110 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 112 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /settings.json?api-version=v2 HTTP/2.0" 200 1099 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,783 INFO reaped unknown pid 114 (exit status 0) 2022-11-12 13:22:13,783 INFO reaped unknown pid 116 (exit status 0) 2022-11-12 13:22:13,784 INFO reaped unknown pid 118 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /locales/en-UK/common.json HTTP/2.0" 200 78279 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /users/csrf-token.json?api-version=v2 HTTP/2.0" 200 386 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,944 INFO reaped unknown pid 121 (exit status 0) 2022-11-12 13:22:13,944 INFO reaped unknown pid 123 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /settings.json?api-version=v2 HTTP/2.0" 200 1099 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,008 INFO reaped unknown pid 126 (exit status 0) 2022-11-12 13:22:14,008 INFO reaped unknown pid 128 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /auth/verify.json?api-version=v2 HTTP/2.0" 200 10192 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,081 INFO reaped unknown pid 131 (exit status 0) 2022-11-12 13:22:14,081 INFO reaped unknown pid 133 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1.json?api-version=v2 HTTP/2.0" 200 1181 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,966 INFO reaped unknown pid 136 (exit status 0) 2022-11-12 13:22:14,966 INFO reaped unknown pid 138 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:15 -0500] "GET /img/third_party/ChromeWebStore_white.svg HTTP/2.0" 200 11286 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" Quote Link to comment
kannznichkaufen Posted January 4, 2023 Share Posted January 4, 2023 (edited) I got it installed and the user was created successfully. The log said stream_socket_client(): unable to connect to tcp://localhost:25 (Cannot assign requested address) Email 2 was not sent Since the registration link is also given in the terminal in response to the registration command I could continue the registration anyway. I was directed to installing the extension, that also succeded. After refreshing the page to have the extension detected, I was asked for my mail adress and then got a prompt that a confirmation link is being sent. Still the log says the Email was not sent because there is no connection to localhost:25. What can I do? edit: One step further. To enable mails to be sent, I added the variables EMAIL_TRANSPORT_DEFAULT_HOST EMAIL_TRANSPORT_DEFAULT_PORT EMAIL_DEFAULT_FROM EMAIL_TRANSPORT_DEFAULT_USERNAME EMAIL_TRANSPORT_DEFAULT_PASSWORD to the template. After reloading the containers WebUI and entering my registration email adress, I received a confirmation link. Clicking on that link however led me to the page that demands that I should install the extension (which had already been installed previously). Refreshing the page does not detect the extension. Same problem on Chrome and Firefox. Ideas appreciated A good new year to everybody. Edited January 4, 2023 by kannznichkaufen Quote Link to comment
_clayton_ Posted January 5, 2023 Share Posted January 5, 2023 Hey, I like seeing the help around Passbolt here, just as a heads up we do have our own forum so it might be better to ask your Passbolt questions there as we watch that one for new questions and already have a lot of answers there. @kannznichkaufen sometimes this issue can happen if there is something wrong with the server GPG keys. Could you run the healthcheck and post the output? You can find instructions for how to run that on docker here. Quote Link to comment
mr2web Posted March 15, 2023 Share Posted March 15, 2023 (edited) Suggestions for improving the template. Thanks for creating this template. Then I believe that "EMAIL_" ENVIRONMENT VARIABLES, found under "Configure passbolt" @ https://hub.docker.com/r/passbolt/passbolt/, also would be a good addition to the template. These are as well found under "Step 3" @ https://help.passbolt.com/hosting/install/ce/docker.html. Unfortunately I too am stuck at the issue with the browser extension not being recognised, but that is another story that I hope will have a good end eventually. Also a good remark that could be added to the template instructions as requirement is that the persistent storage for "Container Path: /etc/passbolt/gpg" as well as "Container Path: /etc/passbolt/jwt" need quite loose permissions as the container seems to use quite a few UID interacting with the persistent storage. I believe this is a big issue, BUT it is not the template to ask for mitigation rather the creators of the image. But until they releases a mitigation for this some not in the template instructions will most likely be useful. Keep up the good work. 🙂 Edited March 15, 2023 by mr2web removed wrong info Quote Link to comment
_clayton_ Posted March 16, 2023 Share Posted March 16, 2023 hey @mr2web happy to try and assist you with the extension not being recognized. Could you run the healthcheck and post the output? For docker you can find instructions here. Quote Link to comment
bencmeyer Posted March 31, 2023 Share Posted March 31, 2023 (edited) On 3/15/2023 at 10:07 AM, mr2web said: Suggestions for improving the template. Thanks for creating this template. Then I believe that "EMAIL_" ENVIRONMENT VARIABLES, found under "Configure passbolt" @ https://hub.docker.com/r/passbolt/passbolt/, also would be a good addition to the template. These are as well found under "Step 3" @ https://help.passbolt.com/hosting/install/ce/docker.html. Unfortunately I too am stuck at the issue with the browser extension not being recognised, but that is another story that I hope will have a good end eventually. Also a good remark that could be added to the template instructions as requirement is that the persistent storage for "Container Path: /etc/passbolt/gpg" as well as "Container Path: /etc/passbolt/jwt" need quite loose permissions as the container seems to use quite a few UID interacting with the persistent storage. I believe this is a big issue, BUT it is not the template to ask for mitigation rather the creators of the image. But until they releases a mitigation for this some not in the template instructions will most likely be useful. Keep up the good work. 🙂 I too had some issues, but ending up getting it to work. After generating the login url from Step 1 and 2 of what to do after first launch, I too was stuck at the extension prompt. I added the email variables because when I tried to go to the homepage and provide my email it wanted to send a login link. I added the email variables; EMAIL_TRANSPORT_DEFAULT_HOST smtp.gmail.com EMAIL_TRANSPORT_DEFAULT_PORT 587 EMAIL_TRANSPORT_DEFAULT_USERNAME [email protected] EMAIL_TRANSPORT_DEFAULT_PASSWORD EMAIL_DEFAULT_FROM [email protected] EMAIL_DEFAULT_FROM_NAME Passbot EMAIL_TRANSPORT_DEFAULT_TLS true But then after receiving the email and clicking it, it still wanted to install the extension. Darn. A quick search in the support forum for this extension prompt issue pointed to this article: Passbolt Help | How to rotate server GPG keys I did the provided commands in the console for Passbolt: (Deleting 2 files) rm /etc/passbolt/gpg/serverkey.asc rm /etc/passbolt/gpg/serverkey_private.asc Force updated the container/app and bam. Going to the homepage now prompted me to create a password, save my recovery key, and create a login token. I am not sure the email portion is required and you may be able to just reset the gpg keys... but I figure it will be needed afterwards anyway... Edited March 31, 2023 by bencmeyer Quote Link to comment
jareth Posted April 9, 2023 Share Posted April 9, 2023 I recently got the Passbolt CE successfully installed and configured. I did have multiple issues, over a few attempts at getting this going and I will try and put my findings here, as I hope this will help other people. First off, "username is already in use" issue. This username is stored in the DB you created for this, so it has nothing to do with passbolt or their servers. You can try the your url/recover page, but if you are just installing this the first time, I found it easier to just remove the mariadb image and delete the data folder in appdata, and start over. My biggest issue seemed to be that when starting the passbolt instance for the first time, it would try and write the keys in the jwt and gpg. I would always go in there afterward and change chown 33:33 jwt and gpg, but on my last attempt I created the folders and set the owner to 33:33 before starting the instance for the first time. This seemed to be successful as when I registered via command line, everything worked this time. I did have the extension pre-installed so that may be part of the process. Last issue I had was the email settings, I had to add lines for EMAIL_TRANSPORT_DEFAULT_HOST EMAIL_DEFAULT_FROM EMAIL_TRANSPORT_DEFAULT_USERNAME and EMAIL_TRANSPORT_DEFAULT_PASSWORD as container variables. Those 3 things, the email settings, the folder permissions and having a fresh DB, and I was able to get everything working. Doing a health check of my system, I still have 6 errors [FAIL]. Two are for SSL, 4 are basically a lack of passbolt.php which seems to not be used in the unraid docker version. If anyone sees anything wrong with something I've said please call me out, I don't want to be giving incorrect information, or be running this improperly myself. I'm only a few hours in, but am glad I finally got this far. Good luck all! Quote Link to comment
Totte Posted April 9, 2023 Share Posted April 9, 2023 2 hours ago, jareth said: I would always go in there afterward and change chown 33:33 jwt and gpg, but on my last attempt I created the folders and set the owner to 33:33 before starting the instance for the first time. I did quite not follow. I'm having issues starting the first time. Where, how and when do I get 33:33 and what is 33:33? Quote Link to comment
jareth Posted April 10, 2023 Share Posted April 10, 2023 33:33 is a UID, User Identifer. Because we are doing this through docker, and we want the permissions there before we start the docker for the first time you need to ensure your appdata has a passbolt-ce directory with jwt and gpg directories in it. You can do this through the unraid terminal. Then while still in the terminal you want to chown 33:33 jwt and then chown 33:33 gpg. This will make the user and group owners for these directories 33. 33 is the UID for www-data user in the container that needs permissions to those directories to create keys and what not. We use 33 because the www-data user is not present on the unraid host. I found I needed those directories created with the proper permissions before my first attempt, as I think first time creation script is slightly different. Quote Link to comment
_clayton_ Posted April 11, 2023 Share Posted April 11, 2023 @jareth glad to hear you got it up and running. Just to make sure everything is good, what are those 4 non SSL errors you have? It might be as simple as adding another env var to clear them. Running just vanilla docker on local I tend to just have the 2 SSL errors as I use a self signed cert While it is great that there is a template in this thread it looks to last be updated in Feb 2022 so it is a bit out of date which is likely why you had to add the email env vars. Quote Link to comment
blaine07 Posted April 22, 2023 Share Posted April 22, 2023 (edited) On 11/12/2022 at 12:24 PM, mrwookie said: @SmartPhoneLover Any update on my previous post? I just updated the app and the issue remains. Extension not being detected. I do receive the email but regardless I'm using the link generated for me in the terminal or by the email I received, it all comes to the extension not being detected on Chrome and Firefox. Here's my log from when I open the app to when I try to detect the extension : ____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_ / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ / ____/ /_/ (__ |__ ) /_/ / /_/ / / / /_/ \__,_/____/____/_.___/\____/_/\__/ Open source password manager for teams ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Running migration scripts. ------------------------------------------------------------------------------- using migration paths - /etc/passbolt/Migrations using seed paths using environment default using adapter mysql using database unraid ordering by creation time All Done. Took 0.0086s Clearing default Cleared default cache Clearing _cake_core_ Cleared _cake_core_ cache Clearing _cake_model_ Cleared _cake_model_ cache Enjoy! ☮ 2022-11-12 13:22:04,400 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing 2022-11-12 13:22:04,400 INFO Included extra file "/etc/supervisor/conf.d/php.conf" during parsing 2022-11-12 13:22:04,403 INFO RPC interface 'supervisor' initialized 2022-11-12 13:22:04,403 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2022-11-12 13:22:04,404 INFO supervisord started with pid 1 2022-11-12 13:22:05,407 INFO spawned: 'php-fpm' with pid 55 2022-11-12 13:22:05,409 INFO spawned: 'nginx' with pid 56 2022-11-12 13:22:05,411 INFO spawned: 'cron' with pid 57 2022-11-12 13:22:06,462 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-11-12 13:22:06,462 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-11-12 13:22:06,462 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022/11/12 13:22:13 [info] 60#60: *1 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 10.0.0.46, server: 0.0.0.0:443 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK HTTP/2.0" 200 1105 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,618 INFO reaped unknown pid 91 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 93 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 95 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 97 (exit status 0) 2022-11-12 13:22:13,618 INFO reaped unknown pid 99 (exit status 0) 2022-11-12 13:22:13,619 INFO reaped unknown pid 101 (exit status 0) 2022-11-12 13:22:13,619 INFO reaped unknown pid 103 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /css/themes/midgar/api_authentication.min.css?v=3.7.3 HTTP/2.0" 200 68468 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /favicon.ico HTTP/2.0" 200 318 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /favicon_32.png HTTP/2.0" 200 1302 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,742 INFO reaped unknown pid 106 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 108 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 110 (exit status 0) 2022-11-12 13:22:13,742 INFO reaped unknown pid 112 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /settings.json?api-version=v2 HTTP/2.0" 200 1099 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,783 INFO reaped unknown pid 114 (exit status 0) 2022-11-12 13:22:13,783 INFO reaped unknown pid 116 (exit status 0) 2022-11-12 13:22:13,784 INFO reaped unknown pid 118 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /locales/en-UK/common.json HTTP/2.0" 200 78279 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 10.0.0.46 - - [12/Nov/2022:13:22:13 -0500] "GET /users/csrf-token.json?api-version=v2 HTTP/2.0" 200 386 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:13,944 INFO reaped unknown pid 121 (exit status 0) 2022-11-12 13:22:13,944 INFO reaped unknown pid 123 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /settings.json?api-version=v2 HTTP/2.0" 200 1099 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,008 INFO reaped unknown pid 126 (exit status 0) 2022-11-12 13:22:14,008 INFO reaped unknown pid 128 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /auth/verify.json?api-version=v2 HTTP/2.0" 200 10192 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,081 INFO reaped unknown pid 131 (exit status 0) 2022-11-12 13:22:14,081 INFO reaped unknown pid 133 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:14 -0500] "GET /setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1.json?api-version=v2 HTTP/2.0" 200 1181 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 2022-11-12 13:22:14,966 INFO reaped unknown pid 136 (exit status 0) 2022-11-12 13:22:14,966 INFO reaped unknown pid 138 (exit status 0) 10.0.0.46 - - [12/Nov/2022:13:22:15 -0500] "GET /img/third_party/ChromeWebStore_white.svg HTTP/2.0" 200 11286 "https://10.0.0.36:8081/setup/install/0f372ddd-e956-4a68-b839-fc87279aae53/2b3c86c3-fdf0-4a8d-857d-2038d03634f1?locale=en-UK" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" Did you figure this out? I have been messing with getting Passbolt to work for two days. I really want to try it. Seems astounding that his entire thing working/being setup hinges on a Chrome plugin, of all things. Never the less, they keep mentioning health check - I guess I can't figure out correct syntax to run that in unraid. Anyone have any ideas? Okay, figured out health check but NO idea how to navigate all these issues: pbhealth.txt Edited April 22, 2023 by blaine07 Quote Link to comment
_clayton_ Posted April 24, 2023 Share Posted April 24, 2023 hey @blaine07 a bit of context on why we require a browser extension: Helpsite page TL;DR It adds more security Recent Youtube video on Passbolt Pinned to the point where the browser extension is discussed As for the issues in the healthcheck. Most of these look like they are either mount issues or an issue with the GPG key creation. You could likely resolve some of these by adding more environment variables. Specifically: PASSBOLT_GPG_SERVER_KEY_FINGERPRINT PASSBOLT_GPG_SERVER_KEY_PUBLIC PASSBOLT_GPG_SERVER_KEY_PRIVATE Let me know if that gets you moving in the right direction or if you have other issues getting set up. Quote Link to comment
blaine07 Posted April 24, 2023 Share Posted April 24, 2023 9 hours ago, _clayton_ said: hey @blaine07 a bit of context on why we require a browser extension: Helpsite page TL;DR It adds more security Recent Youtube video on Passbolt Pinned to the point where the browser extension is discussed As for the issues in the healthcheck. Most of these look like they are either mount issues or an issue with the GPG key creation. You could likely resolve some of these by adding more environment variables. Specifically: PASSBOLT_GPG_SERVER_KEY_FINGERPRINT PASSBOLT_GPG_SERVER_KEY_PUBLIC PASSBOLT_GPG_SERVER_KEY_PRIVATE Let me know if that gets you moving in the right direction or if you have other issues getting set up. Honestly, just gave up on the Docker Container and moved to a Ubuntu 22 VM. Quote Link to comment
_clayton_ Posted April 25, 2023 Share Posted April 25, 2023 Totally understandable, the distro packages are easier to work with than docker, and this unraid docker guide does seem to be even more complicated than just straight docker Quote Link to comment
jareth Posted April 28, 2023 Share Posted April 28, 2023 On 4/11/2023 at 8:39 AM, _clayton_ said: @jareth glad to hear you got it up and running. Just to make sure everything is good, what are those 4 non SSL errors you have? It might be as simple as adding another env var to clear them. Running just vanilla docker on local I tend to just have the 2 SSL errors as I use a self signed cert While it is great that there is a template in this thread it looks to last be updated in Feb 2022 so it is a bit out of date which is likely why you had to add the email env vars. Hi Clayton, I had some free time this morning, so I looked back into my healthcheck. [FAIL] The server OpenPGP key is not set [FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php. [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [FAIL] The server key does not have a valid email id. I saw that OpenPGP part, so I added 3 Passbolt_GPG environment variables and that got me - Healthcheck shell......Exception: Could not use key for signing. get_key failed In [/usr/share/php/passbolt/src/Utility/OpenPGP/Backends/Gnupg.php, line 240] When running health check. I took the variables out and back to those 2 errors above, +SSL and 1 more for not being on latest version, which I will remedy later. Any help would greatly be appreciated. Jareth Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.