Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v.develop-debian] Passbolt server gives Internal Server Errors (HTTP 500) #95

Closed
ghost opened this issue Mar 29, 2018 · 6 comments
Closed

[v.develop-debian] Passbolt server gives Internal Server Errors (HTTP 500) #95

ghost opened this issue Mar 29, 2018 · 6 comments
Assignees
@dlen

Comments

@ghost
Copy link

ghost commented Mar 29, 2018
edited by ghost

What happens:
After resolving integration issues with mysql and passbolt I finally have a stable server, except it only sends HTTP 500 Errors.

Here are the results of my HealtCheck :

 Healthcheck shell       
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.2.2.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /var/www/passbolt/config/
  [HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
  [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.DOMAIN
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
  [HELP] Check that the domain name is correct in config/passbolt.php
  [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 18 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The server gpg key is not the default one
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The public key can be used to sign a message.
 [PASS] The public key can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.0.0-rc2).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  3 error(s) found. Hang in there!

What's my environment:
Kubernetes 1.9 on CoreOS
MySQL 5.7
Passbolt develop-debian

Question:
I saw this kind of issues on the passbolt_api repository but can't seem to find the actual reason behind mine. Any idea how to solve it ?
Edit: I just saw someone pushed a new docker tag (1.6.10-debian), any idea about the evolutions it brings ?
@dlen dlen self-assigned this Mar 29, 2018
@dlen
Copy link
Member

dlen commented Mar 29, 2018

Hi @pierredadt !

It would be nice if you could provide some error logs from passbolt and or nginx. Without any other information is hard to help you. I can just tell you that passbolt_docker is known to run in k8s environments.
Regarding the 1.6.10-debian:
v1.6.10 is a maintenance version of passbolt_api that fixes a few issues you can check the release notes of passbolt_api here.
A few changes have been introduced in the passbolt_docker v1.6.10 with the release of passbolt_api-1.6.10. You can check the release notes of passbolt_docker here.
Long story short: passbolt_docker-1.6.10-debian docker image introduces debian as base image for passbolt v1.x series and some other minor fixes.

@ghost
Copy link
Author

ghost commented Apr 3, 2018

Hi @dlen

Thanks for your time.

Unfortunately the logs don't seem to be very helpful. Here is what I could gather:
https://gist.github.com/pierredadt/2a988bd0e5b9d0d5e70d1617962dd985

Maybe I managed to miss some files, but I can't find what's wrong with those.

@ghost
Copy link
Author

ghost commented Apr 3, 2018
edited by ghost

Ok, I think I got it ! 👍

It seems I was actually doing TLS over TLS with my traefik https ingress redirecting to the 443 port of passbolt.
Well at least that's my wild guess.

Changing my service description to expose passbolt's 80 and redirecting the https requests to said service port did it !

Thanks again for your time !

N.B.: if everything's right with the develop-debian version, keeping the same deployment resources and adapting the env. vars. is not enough the make the 1.6.10-debian version work.

@ghost ghost closed this as completed Apr 3, 2018
@dlen
Copy link
Member

dlen commented Apr 3, 2018

Glad to see you made it work!

I don't understand what you mean with the 1.6.10-debian and develop-debian. What is the issue?

@ghost
Copy link
Author

ghost commented Apr 3, 2018
edited by ghost

I have a set of deployment resources (deployments, services, secrets, ...) that I use to deploy passbolt on k8s.
Everything works fine referencing the develop-debian docker image in those resources, but when trying with the 1.6.10-debian docker image it doesn't (because of an infinite redirect loop).

I didn't investigate the error though, I just noted the transition from develop-debian to 1.6.10-debian isn't seamless.

@dlen
Copy link
Member

dlen commented Apr 3, 2018

I see. Keep in mind that develop-debian is a container that is aimed to work with passbolt v2
1.6.10-debian is just a migration from alpine to debian on the v1 series.
You are supposed to migrate from 1.6.10-debian to develop-debian and not the other way around.
BTW What you are doing with traefik is correct. It is one of the options: traefik as lb -> passbolt ingress -> passbolt service (80).
Depending on your infra you have more options but that topic would be more suited for the community forum :)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dlen dlen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dlen