search

passbolt / passbolt_docker

Get started with Passbolt CE using docker!
https://passbolt.com
GNU Affero General Public License v3.0
876 stars 193 forks source link

PASSBOLT_SSL_FORCE=true doesn't seem to be working #167

Closed jazzl0ver closed 1 year ago

jazzl0ver commented 2 years ago

Hi,

$ cat env/passbolt.env
APP_FULL_BASE_URL=https://172.29.2.176:8443
PASSBOLT_SSL_FORCE=true
...
# cat docker-compose.yml
version: '3.4'
services:
  passbolt:
    image: passbolt/passbolt:latest-ce-non-root
    tty: true
    env_file:
      - env/passbolt.env
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - images_volume:/usr/share/php/passbolt/webroot/img/public
    command: ["/docker-entrypoint.sh"]
    ports:
     - 8080:8080
     - 8443:4433

volumes:
  gpg_volume:
  images_volume:

# docker-compose up -d
[+] Running 2/2
 ⠿ Network passbolt_default       Created                                                                                                               0.5s
 ⠿ Container passbolt-passbolt-1  Started        

# curl -v http://172.29.2.176:8080 >/dev/null
*   Trying 172.29.2.176:8080...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 172.29.2.176 (172.29.2.176) port 8080 (#0)
> GET / HTTP/1.1
> Host: 172.29.2.176:8080
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Server: nginx/1.18.0
...
< location: /auth/login?redirect=%2F
...

I was expecting that PASSBOLT_SSL_FORCE to true will redirect requests to https. Did I get it incorrectly or where did I make a mistake in configs?

AnatomicJC commented 2 years ago

Hi @jazzl0ver 🎷🎶🎺

The PASSBOLT_SSL_FORCE environment variable doesn't work in docker environment. We are aware of this issue and have an internal ticket under reference PB-8486 to handle it.

It was reported in our community forum, you will find a workaround while waiting this to be fixed: https://community.passbolt.com/t/http-to-http-configuration-problem/4292/2

Best,

kuhnchris commented 1 year ago

Hey there @AnatomicJC - are there any updates to this, since this bug seems to be around since around 1 1/2 year now?

Thanks! Chris

dlen commented 1 year ago

We have been discussing this since a few days ago as it went missing through the cracks. We will provide info soon.

dlen commented 1 year ago

This should be fixed with passbolt 4.1, feel free to reopen if needed

stratoss commented 1 year ago

@dlen I'm experiencing the same issue with passbolt/passbolt:latest-ce.