Help Search

Manual HTTPS configuration on Docker

If you are migrating your passbolt instance from HTTP to HTTPS, you must ensure all of your users have a backup of their private key.
As for passbolt browser extension, domain will change from HTTP to HTTPS, it will trigger an account recovery.

Requirements

HTTPS configuration

You need to bind-mount your certificates inside passbolt container to use them.

Create a certs folder and put your certificates there:

mkdir certs
mv /path/to/your/certificate.crt certs/cert.pem
mv /path/to/your/certificate.key certs/key.pem

The bind-mount configuration will differ depending which passbolt image you are using.

standard images

If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped:

version: '3.7'
services:
  db:
    ...
  passbolt:
    ...
    volumes:
      ...
      - ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
      - ./certs/key.pem:/etc/ssl/certs/certificate.key:ro
    ports:
      - 80:80
      - 443:443

Ensure your APP_FULL_BASE_URL environment variable starts with https://

rootless images

If you are using rootless images, tagged as non-root, the bind-mount path will be different as well as port mapping:

version: '3.7'
services:
  db:
    ...
  passbolt:
    ...
    volumes:
      ...
      - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
      - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
    ports:
      - 80:8080
      - 443:4433

Like standard images, ensure your APP_FULL_BASE_URL environment variable starts with https://

Last updated

This article was last updated on December 16th, 2021.

Are you experiencing issues when installing passbolt?

Ask the community!
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!