valknar/stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
15ce2e3f4bab96c0b0bb423896009f5eab82ee1b
stacks/passbolt/compose.yml
T
valknar 5c398ee77c fix(passbolt): add 300s clock-skew tolerance to key creation date check 
The isNotCreatedInTheFutureRule has zero tolerance, causing the
browser extension to fail when generating a metadata key if the
browser clock is even 1 second ahead of the server. Patching
isDateInFuture to allow 300 seconds tolerance and mounting the
file as a read-only volume so the fix survives image updates.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-09 22:16:56 +02:00

69 lines
2.7 KiB
YAML
Raw Blame History

services:
passbolt:
image: passbolt/passbolt:latest-ce
container_name: passbolt
environment:
APP_FULL_BASE_URL: https://${TRAEFIK_HOST}
PASSBOLT_SSL_FORCE: "false"
TZ: ${TIMEZONE:-Europe/Amsterdam}
PASSBOLT_REGISTRATION_PUBLIC: "false"
DATASOURCES_DEFAULT_HOST: passbolt_db
DATASOURCES_DEFAULT_PORT: "5432"
DATASOURCES_DEFAULT_DATABASE: passbolt
DATASOURCES_DEFAULT_USERNAME: passbolt
DATASOURCES_DEFAULT_PASSWORD: passbolt
DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres
DATASOURCES_DEFAULT_ENCODING: utf8
DATASOURCES_QUOTE_IDENTIFIER: "true"
EMAIL_TRANSPORT_DEFAULT_HOST: mailpit
EMAIL_TRANSPORT_DEFAULT_PORT: "1025"
EMAIL_TRANSPORT_DEFAULT_TLS: "false"
EMAIL_DEFAULT_FROM: passbolt@pivoine.art
EMAIL_DEFAULT_FROM_NAME: Passbolt
volumes:
- ../.data/passbolt/gpg:/etc/passbolt/gpg
- ../.data/passbolt/jwt:/etc/passbolt/jwt
- ../.data/passbolt/gnupg:/var/lib/passbolt/.gnupg
# Patched to allow 300s clock-skew tolerance in isNotCreatedInTheFutureRule
- ./patches/PublicKeyValidationService.php:/usr/share/php/passbolt/src/Service/OpenPGP/PublicKeyValidationService.php:ro
depends_on:
db:
condition: service_healthy
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.passbolt-redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.routers.passbolt-web.middlewares=passbolt-redirect-web-secure"
- "traefik.http.routers.passbolt-web.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.passbolt-web.entrypoints=web"
- "traefik.http.routers.passbolt-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.passbolt-web-secure.tls.certresolver=resolver"
- "traefik.http.routers.passbolt-web-secure.entrypoints=web-secure"
- "traefik.http.routers.passbolt-web-secure.middlewares=security-headers@file,no-index@file"
- "traefik.http.services.passbolt-web-secure.loadbalancer.server.port=80"
- "traefik.docker.network=${NETWORK_NAME}"
networks:
- compose_network
db:
image: postgres:16-alpine
container_name: passbolt_db
environment:
POSTGRES_DB: passbolt
POSTGRES_USER: passbolt
POSTGRES_PASSWORD: passbolt
POSTGRES_INITDB_ARGS: --data-checksums
volumes:
- ../.data/passbolt/db:/var/lib/postgresql/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 5s
retries: 5
networks:
- compose_network
networks:
compose_network:
name: ${NETWORK_NAME}
external: true
Reference in New Issue View Git Blame Copy Permalink