I'm trying to host passbolt on my server using container setup; on this server I also have to host multiple websites, each with a different domain; so I thought of configuring an nginx reverse proxy which obviously basically has to work on the 80 and 443. The problem lies in the fact that since these ports are rightly occupied by nginx the passbolt container fails to start up, so I thought about moving it to other ports but I'm not sure I know how to correctly configure both the nginx configuration file and the yaml of passbolt, could someone help me?
YAML FILE:
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "P4ssb0lt"
volumes:
- database_volume:/var/lib/mysql
passbolt:
#image: passbolt/passbolt:latest-ce
#Alternatively you can use rootless:
image: passbolt/passbolt:latest-ce-non-root
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: https://mysite.it
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
command:
[
"/usr/bin/wait-for.sh",
"-t",
"0",
"db:3306",
"--",
"/docker-entrypoint.sh",
]
ports:
# - 8081:80
# - 8443:443
#Alternatively for non-root images:
- 8080:80
- 4443:433
volumes:
database_volume:
gpg_volume:
jwt_volume:
on /etc/nginx/sites-enabled/mysite.it.conf
upstream passbolt {
server 127.0.0.1:8080;
server 127.0.0.1:4443;
}
server {
listen 80;
server_name mysite.it www.mysite.it;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name mysite.it www.mysite.it;
ssl_certificate /etc/letsencrypt/live/mysite.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.it/privkey.pem;
location /route {
rewrite ^/route/?(.*)$ /$1 break;
proxy_pass http://passbolt;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I'm not sure if the file locations are correct, for example the one on nginx/sites-enabled is a link to a file in nginx/sites-available and then I would like the docker to be placed in /var/www/mysite.it docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
72fd2173c788 passbolt/passbolt:latest-ce-non-root "/usr/bin/wait-for.s…" 49 minutes ago Up 49 minutes 4433/tcp, 8080/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:4443->433/tcp, :::4443->433/tcp feniprogec-passbolt-1
0c2b11db3ef4 mariadb:10.11 "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp mydb-db-1
433