Clarify how to use APP_BASE and APP_FULL_BASE_URL

[johanneskastl]

I was trying to set up a PoC for Passbolt today and came across the documentation for the environment variables APP_BASE and APP_FULL_BASE_URL.

It would be great to have this clarified with some examples, because I was not sure:

Do I need to set both of them? APP_BASE to e.g. /passbolt/ and APP_FULL_BASE_URL to https://example.com/passbolt/? Or is the APP_BASE automatically added to the APP_FULL_BASE_URL variable?

I had lots of funny errors, sometimes links contained /passbolt/passbolt/..., sometimes the links did contain nothing at all. And I did not find the documentation clear enough to find my way through.

If you can explain the basics, I can also come up with a PR.

Thanks in advance!

[garrettboone]

@johanneskastl I see you have figured this out from the other thread, but if you have not yet found the examples provided in config file of the passbolt_api repo they are here: https://github.com/passbolt/passbolt_api/blob/master/config/passbolt.default.php

[johanneskastl]

@garrettboone Thanks for the link. This at least clarifies that the APP_BASE must not contain a trailing slash.

But it still does not answer, if APP_FULL_BASE_URL should contain the subdirectory?

I prepared a PR to improve the documentation, I would be glad if you could have a look at #176

[garrettboone]

see https://github.com/passbolt/passbolt_docker/issues/175#issuecomment-1196684929

[garrettboone]

"APP_BASE" is a folder on the server. Variables with "URL" in the name are related to the URL. I think you are confusing the term "directory" with url "path".

[johanneskastl]

"APP_BASE" is a folder on the server. Variables with "URL" in the name are related to the URL. I think you are confusing the term "directory" with url "path".

Hi @garrettboone I might be confusing things, yes. That is why I would like to improve the documentation on that. :-)

It boils down to this: I want passbolt to be reachable via example.com/passbolt. What is needed to do that?

[garrettboone]

@johanneskastl Just to confirm, the passbolt path is only in the url and does not reflect a folder on your server you have created named passbolt, correct?

See https://community.passbolt.com/t/passbolt-install-in-a-subfolder/2885/5

Though they still used a folder, NGINX can handle the rewriting of the path.

[garrettboone]

@johanneskastl do you need the /passbolt/ path to continue to show? Or, is it enough for you if that path gets re-written so it does not show.?

For example if you add this to your NGINX config it will cause the url to be rewritten from example.com/passbolt/params to just example.com/params:

location /passbolt {
  rewrite ^/passbolt(.*)$ https://example.com$1 break;
}

This assumes that users can access the host url on it's own (example.com). So, if you need the /passbolt to always show, but you do NOT want to install the app in a different location then you need to do the following:

1. add another server section to your NGINX with a separate port and configure NGINX to be a reverse proxy to this other port. Like this:

   
   upstream passbolt {
       server 127.0.0.1:4444;
   }

server { listen 80; server_name example.com; return 301 https://example.com; }

server { listen 443 ssl http2;

    server_name example.com

    # ssl stuff

    location /passbolt/ {
            proxy_pass https://passbolt/;
            proxy_set_header    Host            $host;
    }

}

server { listen 4444 ssl http2; server_name 127.0.0.1;

    root /usr/share/php/passbolt/webroot;
    index index.php;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
            try_files                $uri =404;
            include                  fastcgi_params;
            fastcgi_pass             unix:/run/php/php7.4-fpm.sock;
            fastcgi_index            index.php;
            fastcgi_intercept_errors on;
            fastcgi_split_path_info  ^(.+\.php)(.+)$;
            fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param            SERVER_NAME $http_host;
            fastcgi_param            PHP_VALUE "upload_max_filesize=5M post_max_size=5M";
    }

}

2. To passbolt.php add `'base' => '/passbolt',`

This fools the app into thinking it's installed in a `passbolt` folder but it's not. I've left out some NGINX ssl options and other things...but hopefully this helps.

[johanneskastl]

do you need the /passbolt/ path to continue to show? Or, is it enough for you if that path gets re-written so it does not show.?

Hi @garrettboone Thanks for the long and detailed answer.

I would need the /passbolt to show in the URL, to not confuse users, as / is serving other content unrelated to Passbolt.

As I am using the docker container, I cannot modify the application (or move it) inside the docker container, except via environment variables. Hence I thought I could solve this using APP_BASE.

As this is being served behind a Traefik as reverse proxy, I am currently trying to get it to do the magic. I'll try to translate your nginx example, but this might fail, as I cannot move the webroot to /usr/share/php/passbolt/webroot (docker container...).

[garrettboone]

The forum can help. There are many ways to handle it.

[dlen]

Hi!

Would it be enough to publish a better readme section regarding these env variables APP_BASE and APP_FULL_BASE_URL?