valknar
6f12bf9af7
Passbolt 5.x's isNotCreatedInTheFutureRule has zero tolerance for clock skew — even 1 second between browser and server causes the metadata key creation to fail during first setup. Disabling the automatic metadata setup for new instances allows the browser extension to complete account setup successfully. Encrypted metadata can be enabled from the admin panel post-setup. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
67 lines
2.5 KiB
YAML
67 lines
2.5 KiB
YAML
services:
|
|
passbolt:
|
|
image: passbolt/passbolt:latest-ce
|
|
container_name: passbolt
|
|
environment:
|
|
APP_FULL_BASE_URL: https://${TRAEFIK_HOST}
|
|
PASSBOLT_SSL_FORCE: "false"
|
|
TZ: ${TIMEZONE:-Europe/Amsterdam}
|
|
PASSBOLT_REGISTRATION_PUBLIC: "false"
|
|
PASSBOLT_PLUGINS_METADATA_ENABLE_FOR_NEW_INSTANCES: "false"
|
|
DATASOURCES_DEFAULT_HOST: passbolt_db
|
|
DATASOURCES_DEFAULT_PORT: "5432"
|
|
DATASOURCES_DEFAULT_DATABASE: passbolt
|
|
DATASOURCES_DEFAULT_USERNAME: passbolt
|
|
DATASOURCES_DEFAULT_PASSWORD: passbolt
|
|
DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres
|
|
DATASOURCES_DEFAULT_ENCODING: utf8
|
|
DATASOURCES_QUOTE_IDENTIFIER: "true"
|
|
EMAIL_TRANSPORT_DEFAULT_HOST: mailpit
|
|
EMAIL_TRANSPORT_DEFAULT_PORT: "1025"
|
|
EMAIL_TRANSPORT_DEFAULT_TLS: "false"
|
|
EMAIL_DEFAULT_FROM: passbolt@pivoine.art
|
|
EMAIL_DEFAULT_FROM_NAME: Passbolt
|
|
volumes:
|
|
- ../.data/passbolt/gpg:/etc/passbolt/gpg
|
|
- ../.data/passbolt/jwt:/etc/passbolt/jwt
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.passbolt-redirect-web-secure.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.passbolt-web.middlewares=passbolt-redirect-web-secure"
|
|
- "traefik.http.routers.passbolt-web.rule=Host(`${TRAEFIK_HOST}`)"
|
|
- "traefik.http.routers.passbolt-web.entrypoints=web"
|
|
- "traefik.http.routers.passbolt-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
|
|
- "traefik.http.routers.passbolt-web-secure.tls.certresolver=resolver"
|
|
- "traefik.http.routers.passbolt-web-secure.entrypoints=web-secure"
|
|
- "traefik.http.routers.passbolt-web-secure.middlewares=security-headers@file,no-index@file"
|
|
- "traefik.http.services.passbolt-web-secure.loadbalancer.server.port=80"
|
|
- "traefik.docker.network=${NETWORK_NAME}"
|
|
networks:
|
|
- compose_network
|
|
db:
|
|
image: postgres:16-alpine
|
|
container_name: passbolt_db
|
|
environment:
|
|
POSTGRES_DB: passbolt
|
|
POSTGRES_USER: passbolt
|
|
POSTGRES_PASSWORD: passbolt
|
|
POSTGRES_INITDB_ARGS: --data-checksums
|
|
volumes:
|
|
- ../.data/passbolt/db:/var/lib/postgresql/data
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- compose_network
|
|
networks:
|
|
compose_network:
|
|
name: ${NETWORK_NAME}
|
|
external: true
|