Skip to main content

Docker manual HTTPS configuration

danger

If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.

Pro tips: In order to download their recovery kit, users can follow this dedicated guide

Requirements

HTTPS configuration

You need to bind-mount your certificates inside passbolt container to use them.

Create a certs folder and put your certificates there:

mkdir certs
mv /path/to/your/certificate.crt certs/cert.pem
mv /path/to/your/certificate.key certs/key.pem

The bind-mount configuration will differ depending which passbolt image you are using.

Standard images

If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped:

version: '3.7'
services:
db:
...
passbolt:
...
volumes:
...
- ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
- ./certs/key.pem:/etc/ssl/certs/certificate.key:ro
ports:
- 80:80
- 443:443

Ensure your APP_FULL_BASE_URL environment variable starts with https://

Non-root images

If you are using non-root images, tagged as non-root, the bind-mount path will be different as well as port mapping:

version: '3.7'
services:
db:
...
passbolt:
...
volumes:
...
- ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
- ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
ports:
- 80:8080
- 443:4433

Like standard images, ensure your APP_FULL_BASE_URL environment variable starts with https://