Installing passbolt on Centos 7
Posted 14 February, 2017
note : the creators of Passbolt have now created a guide for installing on Centos 7 specifically.
I did not -physically- make it to Fosdem 2017. Luckily the guys from Fosdem offered a live-stream for most part of the event, this gave the advantage for digital lurkers, like me, to jump from one talk to the next mid presentation, without being rude to presenter. While randomly wandering between two presentations, I stumbled upon this passbolt presentation, I had read of passbolt before, but I was put off by the fact that it required a browser plugin.
In case you don’t know passbolt, it’s a password managers aimed at managing passwords for teams. But don’t take my word for it, go over to the passbolt website and find out.
passbolt install on centos
After seeing the presentation, I now better understand how passbolt works and why the browser plugin is needed. This alone however, did not convince me, but the fact that we can self-host the software and it is open source, does make me a fan. Even tho it is still in alpha, I tried it out. I’m not gone lie, after some real struggle, I got it to work. But since it is still alpha software this was to be expected. Here you can find the fool-proof (not!) guide to setup your own passbolt instance on Centos. I used Centos 7 but it should work very similar for any RHEL distro, and if you are stuck it might even help with debian and friends distro’s (Ubuntu, Mint,…).
note : The stack that I chose might not be the best/only option. (Nginx, MariaDB, PHP 7, Let’s Encrypt)
Setup Nginx
Perhaps you already have a working Nginx setup; in that case you can skip ahead.
First I install the Nginx repository, create /etc/yum.repos.d/nginx.repo With content :
[nginx] name=nginx repo # mainline : newest baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/ # stable : older, no new features #baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1
Note : for other distro’s you need to adapt this, for Centos 6 just replace 7 with 6, for more info see this document.
Now we need to update yum & install it.
yum update yum install nginx
Then configure your certificate using Let’s Encrypt, I used my own guide with dehydrated and Cloudflare, in case you don’t use Cloudflare, you could use this guide or one of the other installation methods I have written in the past. Whatever method you chose, be sure to end up with a valid Nginx configuration that has https on and uses this by default. (demo config)
Setup MariaDB
If I am correct currently only MariaDB/MySQL is supported for passbolt. The setup is rather straightforward and if you already have MariaDB running, you just need to create a database.
I took the vendor provided version, as that one will have the best support long term, and from what I see no cutting-edge features are required from the database:
yum install mariadb-server
Since I use Centos, I have to start the service manually, there is no need to go optimize to early so just use the default MariaDB setup.
service mariadb start
Make sure to run the install script, this cleans up the default MariaDB/MySQL settings a bit :
mysql_secure_installation
Then login to the database and create a database you want to use for passbolt. I took “passbolt” as name. (crazy I know)
mysql -u root -p
Create the database and exit nicely. (optional : you could create a separate user here)
create database passbolt; exit;
Install PHP & gnupg
Since I’m writing this guide for Centos, the PHP version in repository is still somewhere in PHP 5.3.* range. While security fixes are being backported and it is still “rather” safe, I decided not to go with this option. Instead I use PHP 7 which is faster and lighter on the hardware. I wouldn’t be surprised if in the near future support for PHP 5.x is dropped from passbolt.
I like webtatic´s repository for newer PHP versions, so I always take that repo, there are other repository’s out there that might be better, so this is just a option so feel free to use alternatives.
Add webtatic for Centos 7 using :
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
After running a yum clean all && yum update -y we can run the install : (PHP 7.1 is currently the highest version for webtatic’s repository)
yum install php70w-fpm php70w-opcache php70w-gd php70w-mysql php70w-mcrypt php70w-cli php70w-pear php70w-devel
You require these packages for :
- php70w-fpm is the package Nginx will rely on for understanding .php code
- php70w-opcache is the package that gets the bytecode from .php files into the memory for faster access.
- php70w-gd is required by passbolt, this includes the GD library.
- php70w-mysql is required to connect to the MySQL/MariaDB database
- php70w-mcrypt, is used for the mcrypt functions
- php70w-cli is the PHP cli tool, its used for the installation off passbolt
- php70w-pear is needed to install pecl, which is needed to install gnupg
- php70w-devel is needed when we compile gnupg for PHP
Once we have these packages installed and setup (test them with Nginx!) its time to install gnupng, this can be done using the php70w-pear package that provided a binary pecl. I believe this is close relative to pip in Python. Before I could install gnupng I needed gpgme-devel, since we are going to compile we also need gcc, which most will have installed already.
yum install gpgme-devel gcc
Once we have that try and run :
pecl install gnupg
This prints out the usual compile checks and text blobs, if successful you should see something like :
Build process completed successfully Installing '/usr/lib64/php/modules/gnupg.so' install ok: channel://pecl.php.net/gnupg-1.4.0 configuration option "php_ini" is not set to php.ini location You should add "extension=gnupg.so" to php.ini
The guidelines are correct for Apache on Ubuntu, but for Centos the PHP modules should be loaded differently; Under /etc/php.d/ create a file gnupg.ini with content :
# load the gnupg module for passbolt extension=gnupg.so
After that restart php-fpm : (for the installation, which uses php-cli, a restart is not required)
service php-fpm restart
Now you can check if the module is loaded, if nothing is returned, the module is not installed / loaded.
php --info | grep 'gnupg support'
Generate key
To generate the keys, I ran in some problems, I ran this test setup inside a container and perhaps the issue’s are related to that.
Generating the key can be done using : gpg --gen-key while this might work for you, for me it did not, it kept hanging once it was generating. Also the output was completely fubar. The reason gpg got stuck, was that the machine had low entropy. Perhaps this is an issue using a container ? The console actually asks you to move around with the mouse, but on a console that is kinda hard.
You can check if entropy is low using cat /proc/sys/kernel/random/entropy_avail this should return at least a triple digit number if not generating a key might take a long time or fail altogether. My value was jumping between 5-11, way to low. There are some tricks around, like running a find / in another console or dd some random stuff, but what worked for me was using a Random Number Generator package. Install is easy :
yum install rng-tools
Then bind (?) it to /dev/urandom :
rngd -r /dev/urandom
A few seconds later, the value of entropy_avail shot high enough to generate a key. Note that you cannot enter a password for the key, this is a restriction of gnupg. It will ask you for a password just hit enter, it will then tell you that a zero-length password is not a good idea, accept it anyway.
gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: svennd
Email address: [email protected]
Comment:
You selected this USER-ID:
"svennd <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key A01B063E marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/A03E 2017-02-14
Key fingerprint = CE
uid svennd <[email protected]>
sub 2048R/CE 2017-02-14
Note that you need the fingerprint of the generated key later. (the fingerprint is shown in the output)
Next we need to export the public and private key, in a format we can use. I like to put these keys in /opt but that might not be the best location. (might not be the worst either)
mkdir -p /opt/passbolt/ gpg --armor --export-secret-keys [email protected] > /opt/passbolt/serverkey.private.asc gpg --armor --export [email protected] > /opt/passbolt/serverkey.asc
Install Passbolt
Installing passbolt itself is easy, its just pulling from git and configuring.
Note: I like to use the location of Apache under /var/www/html. You can obv. put it where ever you wish. Just know that the webroot should be passbolt/app/webroot. (this is a cakephp thing)
mkdir -p /var/www/html/passbolt cd /var/www/html/passbolt git clone https://github.com/passbolt/passbolt.git .
Next change write permissions for the app/tmp and app/webroot/img/public so the nginx user can write files there all the other files need to belong to some user that allows access to the nginx process:
chmod +w -R /var/www/html/passbolt/app/tmp chmod +w /var/www/html/passbolt/app/webroot/img/public chown -R nginx.nginx /var/www/html/passbolt/
Then copy the *.default files to normal php files;
cp app/Config/core.php.default app/Config/core.php cp app/Config/database.php.default app/Config/database.php cp app/Config/app.php.default app/Config/app.php
Now we can configure them one by one; In app/Config/core.php change :
# salt can be any random string
Configure::write('Security.salt', 'put your own salt here');
# cipherSeed should be a random number
Configure::write('Security.cipherSeed', 'put your own cipher seed here');
# https://subdomain.svennd.be
# - your own obv
Configure::write('App.fullBaseUrl', 'http://{your domain without slash}');
In app/Config/database.php change :
# change login (if required) # change password # change database (if required) public $default = array( 'datasource' => 'Database/Mysql', 'persistent' => false, 'host' => 'localhost', 'login' => 'root', 'password' => 'password', 'database' => 'passbolt' );
The app/Config/app.php is a bit more difficult, this file is used to link the key and fingerprint to the cakephp application. Since I ran gpg --key-gen in the root, some of the files are stored in /root/.gnupng; so to get everything in one place I moved this to /opt/passbolt and gave the nginx user access to those files.
cp -a /root/.gnupg/ /opt/passbolt/ chown -R nginx.nginx /opt/passbolt/.gnupg chown -R nginx.nginx /opt/passbolt/*
Then you can change app/Config/app.php as follows; Fingerprint is what was generated during key generation, you can look this up using gpg --list-keys --fingerprint : (note : you need to remove the spaces in the fingerprint)
$config = [
'GPG' => [
'env' => [
'setenv' => true,
'home' => '/opt/passbolt/.gnupg'
],
'serverKey' => [
'fingerprint' => 'your_fingerprint_value',
'public' => '/opt/passbolt/serverkey.asc',
'private' => '/opt/passbolt/serverkey.private.asc'
]
]
Finally we should be able to run the installer :
su -s /bin/bash -c "app/Console/cake install --no-admin" nginx
This should result in :
[[email protected] passbolt]# su -s /bin/bash -c "app/Console/cake install --no-admin" nginx ____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_ / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ / ____/ /_/ (__ |__ ) /_/ / /_/ / / / /_/ \__,_/____/____/_.___/\____/_/\__/ Open source password manager for teams (c) 2015-present passbolt.com --------------------------------------------------------------- Avatar deleted! Installing schema / database --------------------------------------------------------------- Welcome to CakePHP v2.9.4 Console --------------------------------------------------------------- App : app Path: /var/www/html/tetra/passbolt/app/ --------------------------------------------------------------- Cake Schema Shell --------------------------------------------------------------- The following table(s) will be dropped. roles users authentication_tokens profiles positions addresses phone_numbers emails email_queue category_types resources secrets categories_resources categories groups groups_users gpgkeys tags items_tags comments permissions_types permissions controller_logs user_agents authentication_logs authentication_blacklists favorites schema_migrations Dropping table(s). roles updated. users updated. authentication_tokens updated. profiles updated. positions updated. addresses updated. phone_numbers updated. emails updated. email_queue updated. category_types updated. resources updated. secrets updated. categories_resources updated. categories updated. groups updated. groups_users updated. gpgkeys updated. tags updated. items_tags updated. comments updated. permissions_types updated. permissions updated. controller_logs updated. user_agents updated. authentication_logs updated. authentication_blacklists updated. favorites updated. schema_migrations updated. The following table(s) will be created. roles users authentication_tokens profiles positions addresses phone_numbers emails email_queue category_types resources secrets categories_resources categories groups groups_users gpgkeys tags items_tags comments permissions_types permissions controller_logs user_agents authentication_logs authentication_blacklists favorites schema_migrations Creating table(s). Table roles created roles updated. Table users created users updated. Table authentication_tokens created authentication_tokens updated. Table profiles created profiles updated. Table positions created positions updated. Table addresses created addresses updated. Table phone_numbers created phone_numbers updated. Table emails created emails updated. Table email_queue created email_queue updated. Table category_types created category_types updated. Table resources created resources updated. Table secrets created secrets updated. Table categories_resources created categories_resources updated. Table categories created categories updated. Table groups created groups updated. Table groups_users created groups_users updated. Table gpgkeys created gpgkeys updated. Table tags created tags updated. Table items_tags created items_tags updated. Table comments created comments updated. Table permissions_types created permissions_types updated. Table permissions created permissions updated. Table controller_logs created controller_logs updated. Table user_agents created user_agents updated. Table authentication_logs created authentication_logs updated. Table authentication_blacklists created authentication_blacklists updated. Table favorites created favorites updated. Table schema_migrations created Execute specific schema PermissionsSchema (ok) schema_migrations updated. End create. passbolt schema deployed Welcome to CakePHP v2.9.4 Console --------------------------------------------------------------- App : app Path: /var/www/html/tetra/passbolt/app/ --------------------------------------------------------------- Cake Schema Shell --------------------------------------------------------------- The following table(s) will be dropped. cake_sessions Dropping table(s). cake_sessions updated. The following table(s) will be created. cake_sessions Creating table(s). cake_sessions updated. End create. passbolt session table deployed Welcome to CakePHP v2.9.4 Console --------------------------------------------------------------- App : app Path: /var/www/html/tetra/passbolt/app/ --------------------------------------------------------------- Cake Schema Shell --------------------------------------------------------------- The following table(s) will be dropped. file_storage Dropping table(s). file_storage updated. The following table(s) will be created. file_storage Creating table(s). file_storage updated. End create. plugins schemas deployed Welcome to CakePHP v2.9.4 Console --------------------------------------------------------------- App : app Path: /var/www/html/tetra/passbolt/app/ --------------------------------------------------------------- Installing data set:default --------------------------------------------------------------- Data for model SchemaMigration inserted (7) Data for model Role inserted (4) Data for model User inserted (1) Data for model Gpgkey inserted (0) Data for model PermissionType inserted (16) Data for model Profile inserted (1) We need you to help make passbolt better by sending anonymous usage statistics. Ok? (see: https://www.passbolt.com/privacy#statistics) (y/n) [n] > y Welcome to CakePHP v2.9.4 Console --------------------------------------------------------------- App : app Path: /var/www/html/tetra/passbolt/app/ --------------------------------------------------------------- Datasource : default File :/var/www/html/tetra/passbolt/app/tmp/schema/default_default.sql Success: the database was saved on file! --------------------------------------------------------------- Passbolt installation success! Enjoy!
And that’s it folks !
If you enjoyed this article, please consider buying me a Dr Pepper.
Fuel the beast!
Buy me a Dr Pepper
[…] All the php modules and gnupg packages required some additional work. Good help on resolving those were earlier install link and also https://www.svennd.be/installing-passbolt-on-centos-7/ […]
1 March, 2017 at 09:03can you guys make a video for this tutorial so it can help us to install it
we need it so bad
13 March, 2017 at 19:29Hey ismail, If the documents are not clear enough, feel free to ask! I don’t enjoy or have the hardware to be making video’s. Recently I have been trying out https://asciinema.org to record my sessions, but I haven’t uploaded yet one to the webste. I might consider this guide for this 🙂
13 March, 2017 at 20:08https://www.svennd.be/passbolt-asciinema-install/ specially for you 😛
7 August, 2017 at 15:35Hi guys i’m running centos 7 and when I tried to run this commande :
pecl install gnupg
it shows me unknown command error , so what should i do ?
14 March, 2017 at 10:59i’m sorry about that , i fixed my fist problem and i faced anotherone when i runned the installation script it shows me like that :
PHP Warning: Module 'gnupg' already loaded in Unknown on line 0PHP Warning: Module 'gnupg' already loaded in Unknown on line 0
PHP Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_file_map): failed to open stream: Permission denied in /var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 356
PHP Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in /var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 356
PHP Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in /var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 356
PHP Warning: _cake_core_ cache was unable to write 'cake_console_eng' to File cache in /var/www/html/passbolt/lib/Cake/Cache/Cache.php on line 327
Warning Error: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
2017-03-14 10:49:56 Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
Warning Error: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
2017-03-14 10:49:56 Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
Warning Error: _cake_core_ cache was unable to write 'cake_console_eng' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
2017-03-14 10:49:56 Warning: _cake_core_ cache was unable to write 'cake_console_eng' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
Warning Error: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_default_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
2017-03-14 10:49:56 Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_default_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
Warning Error: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
2017-03-14 10:49:56 Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_cake_console_eng): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
Warning Error: _cake_core_ cache was unable to write 'cake_console_eng' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
2017-03-14 10:49:56 Warning: _cake_core_ cache was unable to write 'cake_console_eng' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
(c) 2015-present passbolt.com
---------------------------------------------------------------
GPG Keyring is not available or not writable. Check: /home/www-data/.gnupg
Installation failed.
Warning Error: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_file_map): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
2017-03-14 10:49:56 Warning: SplFileInfo::openFile(/var/www/html/passbolt/app/tmp/cache/persistent/passbolt_cake_core_file_map): failed to open stream: Permission denied in [/var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php, line 356]
Warning Error: _cake_core_ cache was unable to write 'file_map' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
2017-03-14 10:49:56 Warning: _cake_core_ cache was unable to write 'file_map' to File cache in [/var/www/html/passbolt/lib/Cake/Cache/Cache.php, line 327]
14 March, 2017 at 12:53Hey yassine,
Looks like there are files that can’t be read … check permissions,
did you run these commands ?
chmod +w -R /var/www/html/passbolt/app/tmp
chmod +w /var/www/html/passbolt/app/webroot/img/public
chown -R nginx.nginx /var/www/html/passbolt/
14 March, 2017 at 13:12yes of course i’ve followed all the instructions that you have given i’m trying to solve it but if i couldn’t i will be asking you for help . 🙂
14 March, 2017 at 14:31now it shows me that :
su -s /bin/bash -c “app/Console/cake install –no-admin” root
PHP Warning: Module ‘gnupg’ already loaded in Unknown on line 0
PHP Warning: Module ‘gnupg’ already loaded in Unknown on line 0
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
(c) 2015-present passbolt.com
—————————————————————
Avatar deleted!
Installing schema / database
—————————————————————
Welcome to CakePHP v2.9.4 Console
—————————————————————
App : app
Path: /var/www/html/passbolt/app/
—————————————————————
Cake Schema Shell
—————————————————————
Error: Database connection “Mysql” is missing, or could not be created.
#0 /var/www/html/passbolt/lib/Cake/Model/Datasource/DboSource.php(269): Mysql->connect()
#1 /var/www/html/passbolt/lib/Cake/Model/ConnectionManager.php(105): DboSource->__construct(Array)
#2 /var/www/html/passbolt/app/Console/Command/SchemaShell.php(317): ConnectionManager::getDataSource(‘default’)
#3 /var/www/html/passbolt/app/Console/Command/SchemaShell.php(251): SchemaShell->_create(Object(AppSchema), NULL)
#4 /var/www/html/passbolt/lib/Cake/Console/Shell.php(458): SchemaShell->create()
#5 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(219): Shell->runCommand(‘create’, Array)
#6 /var/www/html/passbolt/lib/Cake/Console/Shell.php(399): ShellDispatcher->dispatch()
#7 /var/www/html/passbolt/app/Console/Command/InstallShell.php(288): Shell->dispatchShell(‘schema create -…’)
#8 /var/www/html/passbolt/app/Console/Command/InstallShell.php(124): InstallShell->schema()
#9 /var/www/html/passbolt/lib/Cake/Console/Shell.php(461): InstallShell->main()
#10 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(219): Shell->runCommand(‘–no-admin’, Array)
#11 /var/www/html/passbolt/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#12 /var/www/html/passbolt/app/Console/cake.php(47): ShellDispatcher::run(Array)
#13 {main}
i’m sorry to disturbe you but i really need your help 🙂
14 March, 2017 at 15:35– Did you install php70w-mysql ?
– is MySQL/MariaDB running ?
– Did you adapt app/Config/database.php ?
– is ‘datasource’ => ‘Database/Mysql’, in that file ?
Else I don’t really know, the error is clearly about missing mysql connection, so for some reason it can’t connect to the database.
14 March, 2017 at 15:42yes but i found that i didn’t put the correct password
thank you for all your support and sorry about disturbing you
14 March, 2017 at 15:54Np, glad you found it 🙂
14 March, 2017 at 20:39Good evening,
Can u help me to configure ngix and the certificate?
Thanks a lot
14 March, 2017 at 19:33Hey Fabrizio,
I have a bunch of articles about Nginx & certificates, see https://www.svennd.be/lets-encrypt-article-overview/ or you could use the default Let’s Encrypt ACME client : https://certbot.eff.org/#centos6-nginx (for example Centos 6 Nginx)
14 March, 2017 at 20:46Hi svennd. done nginx https. Thanks
15 March, 2017 at 17:20Sorry….
i have install all and the output og cake install is correct, but when i launc https://passbolt…… the brower download a file and if i open the file, this is the output
15 March, 2017 at 18:14Hey Fabrizio,
That means nginx has not been set up to use php-fpm. I left that out of the guide as it is out of the scope of how passbolt works… basically you need to configure nginx. So that nginx knows how to parse PHP files. This (or something similar) is what is missing from your nginx configuration : http://pastebin.com/RzVaqVyM
I’m sorry this is not clear, I will try and adapt the text so that it is more clear 🙂
15 March, 2017 at 20:28Here error.log
2017/03/15 20:32:06 [error] 2718#2718: *6 FastCGI sent in stderr: “Primary script unknown” while reading response header from upstream, client: 192.168.0.130, server: passbolt.goinfoteamsolution.it, request: “GET / HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “192.168.0.24”
15 March, 2017 at 20:33Yeah that’s an Nginx issue, pretty out of the scope of this article 🙂 just google around “how to setup LEMP” stack.
16 March, 2017 at 09:03Hello!
I’ve followed all the instructions that you have given, and the installation was successful, but when i try open the page at the address of the machine – I have… literally nothing 🙁 (http error 500)
Nginx logs is empty, but in php-logs i was find mistakes:
[30-Mar-2017 14:10:56 UTC] PHP Warning: _cake_core_ cache was unable to write 'cake_dev_ru' to File cache in /var/www/passbolt/lib/Cake/Cache/Cache.php on line 327[30-Mar-2017 14:10:56 UTC] PHP Warning: /var/www/passbolt/app/tmp/cache/persistent/ is not writable in /var/www/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 385
[30-Mar-2017 14:10:56 UTC] PHP Fatal error: Uncaught CacheException: Cache engine "_cake_core_" is not properly configured. Ensure required extensions are installed, and credentials/permissions are correct in /var/www/passbolt/lib/Cake/Cache/Cache.php:186
Stack trace:
#0 /var/www/passbolt/lib/Cake/Cache/Cache.php(151): Cache::_buildEngine('_cake_core_')
#1 /var/www/passbolt/app/Config/core.php(400): Cache::config('_cake_core_', Array)
#2 /var/www/passbolt/lib/Cake/Core/Configure.php(72): include('/var/www/passbo...')
#3 /var/www/passbolt/lib/Cake/bootstrap.php(432): Configure::bootstrap(true)
#4 /var/www/passbolt/app/webroot/index.php(95): include('/var/www/passbo...')
#5 {main}
thrown in /var/www/passbolt/lib/Cake/Cache/Cache.php on line 186
Permissions on the directory are exposed:
ls -l /var/www/passbolt/app/tmp/cache/persistent/total 16
-rw-rwxr-- 1 nginx nginx 0 Mar 27 07:37 empty
-rw-rwxr-- 1 nginx nginx 43 Mar 27 07:45 passbolt_cake_core_cake_console_eng
-rw-rwxr-- 1 nginx nginx 43 Mar 27 07:45 passbolt_cake_core_default_eng
-rw-rwxr-- 1 nginx nginx 5455 Mar 30 10:13 passbolt_cake_core_file_map
Thanks for any help!
(sorry about my mistakes in English)
31 March, 2017 at 11:24have you tried to set this directory : /var/www/passbolt/lib/Cake/Cache
to something writable by nginx ?
Also the “pretty agressive” way :
chmod +w -R /var/www/html/passbolt/app/tmpchmod +w /var/www/html/passbolt/app/webroot/img/public
chown -R nginx.nginx /var/www/html/passbolt/
31 March, 2017 at 14:17Yes, of cource.
I was did it again, but result has not changed. When i try open page passbolt, i see this: https://gyazo.com/2406c60b1a587315ceab7c844f23e642 🙁
I tried to put in /var/www/passbolt/app/webroot html-file “index.html” with text “test” and it’s worked.
But when i put file “index.php” with text:
"<?phpecho "TEST!\n";
phpinfo();
?>"
…it doesnt work 🙂
How can i find my mistake?
2 April, 2017 at 15:16Ah, that means PHP files aren’t parsed correctly by php-fpm. You need to change Nginx so php files are working : this piece is most likely incorrect :
location ~ \.php$ {try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
see https://www.svennd.be/nginx-php-fpm-centos-7/ how to setup php-fpm & nginx 🙂
2 April, 2017 at 15:23In file passbolt.conf i have this:
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
2 April, 2017 at 15:25Did you start the
service php-fpm startand check /var/log/nginx/errorfor more information…
2 April, 2017 at 15:27yes, of course, i use service php-fpm restart after all changes 🙂
fnd /var/log/nginx/error is empty 🙁
I was find at https://book.cakephp.org/2.0/en/installation/url-rewriting.html#pretty-urls-on-nginx with such problems try to forward php-fpm into socket, but when in http://www.conf i add “listen = unix:/var/run/php-fpm/www.sock”, php-fpm have fail with restart with mistake in /var/log/php-fpm/error “ERROR: invalid port value ‘/var/run/php-fpm/www.sock'”
🙁
2 April, 2017 at 19:13Yeah if you use a socket you also need to set the permissions right, you don’t need socket for pretty url though.
2 April, 2017 at 20:26I was delete virtual machine and try again.
Now i have:
index.html with text “TEST” – work
index.php with php.info – work
index.php by passbolt – no 🙁
/var/log/nginx/error , and /var/log/php-fpm/error , and /var/log/passbolt/error – are empty
and all of this is really sad 🙁
2 April, 2017 at 21:44What is the error on PHP ? are you sure the root is “passbolt/app/webroot” ?
5 April, 2017 at 11:15@Olga, try to change User and Group to nginx in /etc/php-fpm.d/www.conf .
13 July, 2017 at 13:02Try
`setsebool -P httpd_unified 1` in terminal
28 July, 2017 at 15:14Hi
I have managed to install successfully Passbolt but now I can’t access from the web browser? What am I doing wrong?
11 June, 2017 at 04:27Did you start/install/configure Nginx ?
12 June, 2017 at 09:35Hello svennd, thanks so much for you guide.
I am having the same issue as Olga and I am wondering if maybe I did something wrong.
In /var/log/php-fpm/error.log I receive this:
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "NOTICE: PHP message: PHP Warning: _cake_core_ cache was unable to write 'cake_dev_en-us' to File cache in /usr/share/nginx/html/passbolt/lib/Cake/Cache/Cache.php on line 327"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "NOTICE: PHP message: PHP Warning: /usr/share/nginx/html/passbolt/app/tmp/cache/persistent/ is not writable in /usr/share/nginx/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 385"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught CacheException: Cache engine "_cake_core_" is not properly configured. Ensure required extensions are installed, and credentials/permissions are correct in /usr/share/nginx/html/passbolt/lib/Cake/Cache/Cache.php:186"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "Stack trace:"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#0 /usr/share/nginx/html/passbolt/lib/Cake/Cache/Cache.php(151): Cache::_buildEngine('_cake_core_')"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#1 /usr/share/nginx/html/passbolt/app/Config/core.php(400): Cache::config('_cake_core_', Array)"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#2 /usr/share/nginx/html/passbolt/lib/Cake/Core/Configure.php(72): include('/usr/share/ngin...')"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#3 /usr/share/nginx/html/passbolt/lib/Cake/bootstrap.php(432): Configure::bootstrap(true)"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#4 /usr/share/nginx/html/passbolt/app/webroot/index.php(98): include('/usr/share/ngin...')"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#5 /usr/share/nginx/html/passbolt/index.php(41): require('/usr/share/ngin...')"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: "#6 {main}"
[27-Jul-2017 11:52:52] WARNING: [pool www] child 54137 said into stderr: " thrown in /usr/share/nginx/html/passbolt/lib/Cake/Cache/Cache.php on line 186"
I verified that I set the permissions like you suggested (the aggressive way) and I checked my php settings in my nginx.conf file:
location ~ \.php$ {root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffers 256 128k;
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
}
I am kind of at a loss of what I am doing wrong. Other PHP files are working just fine, its just the passbolt ones. Sorry to bug ya.
Thanks
27 July, 2017 at 17:56Hey David,
The error you should focus on is :
/usr/share/nginx/html/passbolt/app/tmp/cache/persistent/ is not writableThe PHP process wants to write there, and can’t. I fixed that using :
chmod +w -R /var/www/html/passbolt/app/tmp
chmod +w /var/www/html/passbolt/app/webroot/img/public
chown -R nginx.nginx /var/www/html/passbolt/
(+w is writing) but since you have a different location (/usr/share/nginx/html/passbolt/app) did you adapt it ?
goodluck
28 July, 2017 at 09:25Excellent documentation. I was all set until the last step. Please help.
Data for model SchemaMigration inserted (11)
Data for model Role inserted (4)
Data for model User inserted (1)
Data for model Gpgkey inserted (0)
Data for model PermissionType inserted (3)
Data for model Profile inserted (1)
We need you to help make passbolt better by sending anonymous usage statistics. Ok?
(see: https://www.passbolt.com/privacy#statistics) (y/n)
[n] > y
Datasource : default
File :/var/www/html/passbolt/app/tmp/schema/default_default.sql
mysqldump: Got error: 1045: “Access denied for user ‘root’@’localhost’ (using password: YES)” when trying to connect
Error: Something went wrong!
—————————————————————
Passbolt installation success! Enjoy! ☮
4 August, 2017 at 18:45Thx Price, the error you faced is it got the wrong password for root account of MySQL.
5 August, 2017 at 19:27But, I’m able to login as root using the same password specified in database.php. Btw, what is default_default.sql? I see its a blank file when I opened
7 August, 2017 at 12:43Hey Prince, I’m not sure, does the installation work ? Perhaps its just a bug, passbolt is in heavy develop, so its possible a bug ?
7 August, 2017 at 12:50Nope.. I’m the bug. I used a very strong password will all possible extra characters and that was the culprit. Now the installation is succeeded. Unlike others who commented, my installation was butter smooth with all the instructions here. Now I’m stuck with 404 that I’m troubleshooting
7 August, 2017 at 13:21Auch, that seems like a painful bug for passbolt, it should allow for strong passwords ! Glad you got the install to work, the 404 from head : restart nginx or wrong webroot ? (cakePHP!)
7 August, 2017 at 13:24I think its because of wrong webroot
7 August, 2017 at 13:43[…] https://www.svennd.be/installing-passbolt-on-centos-7/ […]
7 August, 2017 at 13:18[…] wanted to redo/rework the Passbolt install on Centos for a while. It’s seems like a horribly long and complex process, but in fact it’s not. […]
7 August, 2017 at 15:34Hi Svennd,
Nice Blog.
Please Contact me to round out your Instruction. Some Steps are missing for a fresh Centos 7 Installation. Would be cool to share this for all others.
regards
Sascha
12 August, 2017 at 22:07Nice blog post, very helpfull!
1 question, I completed the installation without any errors but I have trouble to reach the web page, I get a HTTP 500 error, in the Nginx error log I see the following:
2017/08/15 15:09:02 [error] 16484#16484: *1 FastCGI sent in stderr: "PHP message: PHP Warning: _cake_core_ cache was unable to write 'cake_dev_nl-nl' to File cache in /var/www/html/passbolt/lib/Cake/Cache/Cache.php on line 327PHP message: PHP Warning: /var/www/html/passbolt/app/tmp/cache/persistent/ is not writable in /var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 385
PHP message: PHP Fatal error: Uncaught CacheException: Cache engine "_cake_core_" is not properly configured. Ensure required extensions are installed, and credentials/permissions are correct in /var/www/html/passbolt/lib/Cake/Cache/Cache.php:186
Stack trace:
#0 /var/www/html/passbolt/lib/Cake/Cache/Cache.php(151): Cache::_buildEngine('_cake_core_')
#1 /var/www/html/passbolt/app/Config/core.php(400): Cache::config('_cake_core_', Array)
#2 /var/www/html/passbolt/lib/Cake/Core/Configure.php(72): include('/var/www/html/p...')
#3 /var/www/html/passbolt/lib/Cake/bootstrap.php(432): Configure::bootstrap(true)
#4 /var/www/html/passbolt/app/webroot/index.php(95): include('/var/www/html/p...')
#5 {main}
thrown in /var/www/html/passbolt/lib/Cake/Cache/Cache.php on line 186" while reading response header from upstream, client: 192.168.1.99, server: tst-sec-001.example.local, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "tst-sec-001.example.local"
I executed all listed commands for permissions (I’m sure I did and without errors) and this is my NginX config (also from a blog you made):
server {# listen to port 80
listen 80;
# server name or names
server_name tst-sec-001.example.local;
# the location of webroot
# Nginx by default uses another structure
# but this made the transition from Apache allot easier!
root /var/www/html/passbolt/app/webroot;
# in root location
location / {
# look for index.php/index.html/index.htm as "index file"
index index.php index.html index.htm;
# this is specifically for wordpress
# makes it possible to have url rewrites
try_files $uri $uri/ /index.php?$args;
}
# default error pages
# note that wp already catches most
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# here we have to let nginx know what to do with these php files
# as html files are just send directly to the client
location ~ \.php$ {
# if the file is not there show a error : mynonexistingpage.php -> 404
try_files $uri =404;
# pass to the php-fpm server
fastcgi_pass 127.0.0.1:9000;
# also for fastcgi try index.php
fastcgi_index index.php;
# some tweaking
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
}
ow, I don’t use SSL (it’s just a test setup, it will never go in production), and I changed this in the /app/Config/app.php file so that shouldn’t be the problem.
So maybe u missed something, but hopefully you can point me in the right direction.
Thanks anyway for the amazing work!
15 August, 2017 at 15:27Hey Marijn,
To me this seems the core issue :
PHP Warning: /var/www/html/passbolt/app/tmp/cache/persistent/ is not writable in /var/www/html/passbolt/lib/Cake/Cache/Engine/FileEngine.php on line 385
I would check why PHP can’t write in /var/www/html/passbolt/app/tmp/cache/persistent/
most likely the issue is located there. Thanks for your kind responds, goodluck.
16 August, 2017 at 09:05Thanks a ton for this, Svenn — excellent guide.
I’m also having an issue with the cache permissions, which according to everything I have read on CakePHP should be correct (nginx user and group both have write access to entire app/tmp directory). Prior to trashing the VM I was working with, I even tried 777-ing the entire passbolt directory tree, but still got the error, so I suspect a missing dependency/configuration rather than permissions. (The error says “Ensure required extensions are installed, and credentials/permissions are correct”)
I’ve contacted Passbolt about it and am waiting to hear back.
25 August, 2017 at 21:57Hey B Woznicki, I’m not an expert on Passbolt, I managed to get it to work using these guidelines. I tried it not so long ago again : https://www.svennd.be/passbolt-asciinema-install/ and it seemed to still work, just remember to install php-gnupg and use no password during gpg –gen-key. (this is a requirement)
But for sure installing Passbolt is not the easiest software install 🙂
27 August, 2017 at 14:47Hi,
First, big thanks for the tutorial, helped a lot.
Might be good to add that I had to disable SELinux (and reboot) in order for the infamous Cake cache issue to disappear.
Cheers.
20 December, 2017 at 17:18aha, thx for that remark J.
21 December, 2017 at 19:36I am unfamiliar with what to do when creating the password for the site. Where you say ‘salt can be any random string’. Can I just echo ‘somepasswd’ | sha512sum ? If so how to put that through the cipherseed?
1 January, 2018 at 06:00Hey Andrew,
From my limited knowledge of security, I believe a salt is something you add to a password to make it more safer. For example if a salt is : mtBub3kG and a user password is “password1” you would add it to “mtBub3kGpassword1” the hacker would get a hash which is allot harder to brute force hack then “password1”.
So salt can be any random string.
The seed is used to power pseudo random generator; And can be any number you wish.
Their content does not have to be related.
An example could be :
# salt can be any random string
Configure::write('Security.salt', 'mtBub3kG');
# cipherSeed should be a random number
Configure::write('Security.cipherSeed', '412');
1 January, 2018 at 10:36Hello Svennd,
Very nice guide, I would like to get this to work but I stumble up on a few problems:
1.
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
>Could not resolve host: dl.fedoraproject.org; Unknown error
2.
pecl install gnupg
> bash: pecl: command not found
3.
How to create file gnupg.ini? What are the exact steps?
Could you please help. I am running CentOS7 on VMware Workstation.
Thanks
16 January, 2018 at 11:39Hey,
1) Seems like a network issue, you can just use :
yum install epel-release
2) did you install php70w-pear this includes pecl
3) just create the file :
touch /etc/php.d/gnupg.ini
nano /etc/php.d/gnupg.ini
copy & paste the content
close and save
goodluck 🙂
16 January, 2018 at 14:20Thanks, that worked.
I am having the following problem now:
chmod +w -R /var/www/html/passbolt/app/tmp
chmod +w /var/www/html/passbolt/app/webroot/img/public
chown -R nginx.nginx /var/www/html/passbolt/
It gives following error:
chmod cannot acces ‘/var/www/html/passbolt/app/tmp’ : Not a directory
chmod cannot acces ‘/var/www/html/passbolt/app/webroot/img/public’ : Not a directory
chown cannot acces ‘ nginx.nginx /var/www/html/passbolt/’ : Not a directory
How to solve?
17 January, 2018 at 11:45The solution is in the error message : “not a directory”
The directory should have been created when you did :
mkdir -p /var/www/html/passbolt
cd /var/www/html/passbolt
git clone https://github.com/passbolt/passbolt.git .
mark the . (dot) on the end.
17 January, 2018 at 11:53OK I did that again, but now it tells me this:
mkdir -p /var/www/html/passbolt
>mkdir: could not create directory /var/www/html/passbolt : File exists
cd /var/www/html/passbolt
>bash: cd/var/www/html/passbolt: not a directory
git clone https://github.com/passbolt/passbolt.git .
> fatal desitination path ‘.’ already exists and is not an empty directory
17 January, 2018 at 12:37Hey b123,
That is weird, but has really nothing to do with installing passbolt; these are essential basic Linux issues.
Is there a file in /var/www/html/ called passbolt ? if so that would result in not being able to make a directory.
Seemingly the git already did something; and there is already something in the directory.
You should perhaps try to figure out what is in the directory already and remove it.
17 January, 2018 at 13:43OK I started installation from first step and now this worked.
Could you clarify what exactly needs to be filled in at SALT and cipherSeed? There is already something there or do I need to change it?
And for domain I use a webdomain or IP-address?
# salt can be any random stringConfigure::write('Security.salt', 'put your own salt here');
# cipherSeed should be a random number
Configure::write('Security.cipherSeed', 'put your own cipher seed here');
# https://subdomain.svennd.be
# - your own obv
Configure::write('App.fullBaseUrl', 'http://{your domain without slash}');
18 January, 2018 at 11:29for salt see : https://www.svennd.be/installing-passbolt-on-centos-7/#comment-8531
for the last, its the domain, but both should work 🙂
18 January, 2018 at 11:57ok that is clear.
Now after I type in su -s /bin/bash -c “app/Console/cake install –no-admin” nginx
I get the message:
One configfile is missing (email).
Please run ./app/Console/cake passbolt healthcheck for more information and help.
After running I get:
-app: app
-working: /var/www/html/passbolt/app
-root: /var/www/html/passbolt
– core: /var/www/html/passbolt/lib
– webroot: /var/www/html/passbolt/app/webroot
18 January, 2018 at 12:32“One configfile is missing (email).”
🙂 add the email config file ^^
18 January, 2018 at 12:42OK, but how to do that?
18 January, 2018 at 12:48I have not tried but :
cp app/Config/email.php.default app/Config/email.php
and then edit email.php with correct values 🙂
18 January, 2018 at 12:50strange. it is an empty file. Dont know what I should fill in there? When i close it and type:
su -s /bin/bash -c “app/Console/cake install –no-admin” nginx
it says: invalid key.
Checked fingerprint and it is correctly filled in.
18 January, 2018 at 13:06https://raw.githubusercontent.com/passbolt/passbolt_api/master/app/Config/email.php.default
if it wont work this is a more up-to-date guide : https://medium.com/passbolt/passbolt-on-centos-7-with-nginx-php7-fpm-mariadb-from-scratch-7b2a9b15f3a4
18 January, 2018 at 14:21Thanks I do not get the email error anymore.
Now I get the error: Invalid key, how to check?
18 January, 2018 at 14:43I have no idea what key is invalid, so I’m unsure, do you have more information ?
18 January, 2018 at 15:35No not more information. I will try the guide on medium.com
18 January, 2018 at 16:15Hi,
getting below error
do i need to create the gpg key for nginx user i.e webserver user.
2018-02-06 23:15:13 Error: [InternalErrorException] The GPG Server key defined in the config is not found in the gpg keyring
Request URL: /auth/login
Stack Trace:
#0 /var/www/passbolt/app/Controller/Component/Auth/GpgAuthenticate.php(49): GpgAuthenticate->_initKeyring()
#1 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(770): GpgAuthenticate->authenticate(Object(CakeRequest), Object(CakeResponse))
#2 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(611): AuthComponent->identify(Object(CakeRequest), Object(CakeResponse))
#3 /var/www/passbolt/app/Controller/AuthController.php(35): AuthComponent->login()
#4 [internal function]: AuthController->login()
#5 /var/www/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(AuthController), Array)
#6 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#7 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController),
app.PHP// GPG Configuration
'GPG' => [
// Tell GPG where to find the keyring
// Needs to be available by the user the webserver is running as
'env' => [
// You can set this to true if you want to customize the location of the keyring.
// If false, it will use by default the keyring of the webserver user ~/.gnupg.
'setenv' => true,
// otherwise you can set the location here
// typically on Centos it would be in '/usr/share/httpd/.gnupg'
'home' => '/var/cache/nginx/.gnupg',
],
// Main server key
'serverKey' => [
// Server private key location and fingerprint
#'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67E',
#'public' => APP . 'Config' . DS . 'gpg' . DS . 'unsecure.key',
#'private' => APP . 'Config' . DS . 'gpg' . DS . 'unsecure_private.key',
'fingerprint' => 'C481E04680F419EC9C81054076D01E3E2765091F',
'public' => APP . 'Config' . DS . 'gpg' . DS . 'server_public_key.key',
'private' => APP . 'Config' . DS . 'gpg' . DS . 'server_private_key.key',
// PHP Gnupg module currently does not support passphrase, please leave blank
'passphrase' => ''
]
]
[[email protected] .gnupg]# sudo su -s /bin/bash -c “gpg –list-keys –fingerprint –home /var/cache/nginx/.gnupg” nginx
/var/cache/nginx/.gnupg/pubring.gpg-----------------------------------
pub 2048R/2765091F 2018-02-06
Key fingerprint = C481 E046 80F4 19EC 9C81 0540 76D0 1E3E 2765 091F
uid Passbolt server (This is the key for server)
sub 2048R/0018D19D 2018-02-06
7 February, 2018 at 00:19Hey sat,
wall of text, but from what I gather, I would assume it cannot find the correct key, so you misplaced the keychain file or the incorrect one.
Perhaps you can use there help forum ? https://community.passbolt.com/c/installation-issues
goodluck
7 February, 2018 at 09:59Hello Svenn
I tried to install Passbolt V2.3 on Ubuntu and Debian 9 but I’m stuck in the setup. I followed another tutorial and even asked a friend who is stuck too. I and many others would be so thankfull if you could make a new compelte step-by-step how-to with a recent Passbolt installation (V2.4 is out now) on Ubuntu/Debian9.
Regards, Jacco
15 October, 2018 at 13:08Hey Jacco,
I might, when I find the time, however its now part of their business plan to make installation difficult.
https://www.passbolt.com/pricing/pro
So I don’t want to “kill there succes strategy” 😉
Thanks for your reply !
16 October, 2018 at 11:12