0

I'm trying to host passbolt on my server using container setup; on this server I also have to host multiple websites, each with a different domain; so I thought of configuring an nginx reverse proxy which obviously basically has to work on the 80 and 443. The problem lies in the fact that since these ports are rightly occupied by nginx the passbolt container fails to start up, so I thought about moving it to other ports but I'm not sure I know how to correctly configure both the nginx configuration file and the yaml of passbolt, could someone help me?

YAML FILE:

version: "3.9"
services:
  db:
    image: mariadb:10.11
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql

  passbolt:
    #image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    depends_on:
      - db
    environment:
      APP_FULL_BASE_URL: https://mysite.it
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command:
      [
        "/usr/bin/wait-for.sh",
        "-t",
        "0",
        "db:3306",
        "--",
        "/docker-entrypoint.sh",
    ]
    ports:
    #  - 8081:80
    #  - 8443:443
    #Alternatively for non-root images:
     - 8080:80
     - 4443:433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

on /etc/nginx/sites-enabled/mysite.it.conf

upstream passbolt {
    server 127.0.0.1:8080;
    server 127.0.0.1:4443;
}

server {
    listen 80;
    server_name mysite.it www.mysite.it;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name mysite.it www.mysite.it;

    ssl_certificate /etc/letsencrypt/live/mysite.it/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.it/privkey.pem;

    location /route {
        rewrite ^/route/?(.*)$ /$1 break;
        proxy_pass http://passbolt;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }
}

I'm not sure if the file locations are correct, for example the one on nginx/sites-enabled is a link to a file in nginx/sites-available and then I would like the docker to be placed in /var/www/mysite.it docker ps:

CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS          PORTS                                                                                                NAMES
72fd2173c788   passbolt/passbolt:latest-ce-non-root   "/usr/bin/wait-for.s…"   49 minutes ago   Up 49 minutes   4433/tcp, 8080/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:4443->433/tcp, :::4443->433/tcp   feniprogec-passbolt-1
0c2b11db3ef4   mariadb:10.11                          "docker-entrypoint.s…"   2 hours ago      Up 2 hours      3306/tcp                                                                                             mydb-db-1
2
  • either proxy pass http or https but not https and http,this kind of proxy pass will get you head caches
    – djdomi
    Commented May 27 at 19:05
  • You seem to have a typo there btw: 433
    – Tom Yan
    Commented May 28 at 5:30

0

You must log in to answer this question.

Browse other questions tagged .