nuxsmin / docker-syspass Goto Github PK

View Code? Open in Web Editor NEW

39.0 3.0 21.0 186 KB

Docker stuff for running sysPass on Docker

License: GNU General Public License v3.0

Shell 75.66% Dockerfile 23.14% Makefile 1.20%

docker-syspass's Introduction

About

sysPass is a powerful GPLv3 web password manager for business and personal use.

See more at https://syspass.org

No compilation stuff done

3.2 release

These images are based on Debian 10 (Buster), Apache 2.4 webserver with PHP 7.[3-4] module and MariaDB 10.2

Production

The best way to get it running is by installing through docker-compose. You will get a fully working sysPass environment with its database.

$ wget https://raw.githubusercontent.com/nuxsmin/docker-syspass/master/docker-compose.yml
$ docker-compose -p syspass up -d

Please be aware that you will need to setup a database if you choose to build the sysPass-only container.

Development

If you want to test/develop the current release, please deploy it from https://github.com/nuxsmin/docker-syspass/tree/master/sysPass-dev through docker-compose:

$ wget https://raw.githubusercontent.com/nuxsmin/docker-syspass/master/sysPass-dev/docker-compose.yml
$ docker-compose -p syspassdev up -d

or pull it:

$ docker run --name sysPass-app-devel syspass/syspass:3.2.x-dev

Please be aware that you will need to setup a database if you choose to build the sysPass-only container.

docker-syspass's People

Contributors

Stargazers

Watchers

docker-syspass's Issues

[Warning] Composer 2.0 is now available and you should upgrade.

Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2.0 is now available and you should upgrade. See https://getcomposer.org/2

Unable to make docker-syspass work with Rancher

Hi,
I'm trying to manage docker-syspass using Rancher.
While the stack is created successfully using the docker-compose.yml file, I'm not being able to install Syspass due to the app container not being able to connect to en db container.
The error I'm getting is:
Unable to connect to the DB Please, check the connection parameters SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known

Could you please help with the right configuration to make docker-syspass work under Rancher?.

Thanks!

Installation error

I have this message when installing syspass :

SQLSTATE[HY000] [1130] Host 'syspass-app.dockercompose_default' is not allowed to connect to this MySQL server

What can I do ?

USE_SSL variable is not builded on Docker Hub

I'm check latest build on DockerHub, but USE_SSL variable in configuration file not included. Its possible rebuild on Docker Hub? Thanks

Commit source 9f422e3 on Docker Hub not contains USE_SSL variable.

Last 2.1 image seem to be broken

I'm currently on 2.1.0. and need to update to 2.1.16.18061901 before being able to upgrade to 3.x

docker pull nuxsmin/docker-syspass:2.1
docker-compose up -d
docker container logs syspass-app

`entrypoint: Starting with UID : 9001
setup_app: Unpacking sysPass '2.1'
unzip: cannot find or open 2.1.zip, 2.1.zip.zip or 2.1.zip.ZIP.
mv: cannot stat 'sysPass-2.1/*': No such file or directory
setup_app: Setting up permissions
setup_locales: Setting up locales
Generating locales (this might take a while)...
ca_ES.UTF-8... done
de_DE.UTF-8... done
en_US.UTF-8... done
es_ES.UTF-8... done
fr_FR.UTF-8... done
nl_NL.UTF-8... done
pl_PL.UTF-8... done
ru_RU.UTF-8... done
Generation complete.

sysPass environment installed and configured. Please point your browser to http://172.18.0.3 to start the installation

entrypoint: Starting Apache
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.3. Set the 'ServerName' directive globally to suppress this message`

I've seen exactly the same when trying to deploy a fresh 2.1 somewhere else.

deploying sysPass 3.0 behind proxy

Hello Rubén,

I've tried to deploy sysPass using this file: https://github.com/nuxsmin/docker-syspass/blob/3.0/docker-compose.yml
My problem is that the the entrypoint.sh can't deploy composer due to connection issues to https://getcomposer.org/
I've tried to edit the compose file to include the proxy environmental value with include the proxy configuration:
http_proxy=http://USER:PASSWD@ADDRESS:PORT
and
https_proxy=http://USER:PASSWD@ADDRESS:PORT

I'm able to get composer with wget, but not with the PHP command:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

With this code I can download it with PHP too:

$auth = base64_encode('USER:PASSWD');

$aContext = array(
    'http' => array(
        'proxy' => 'tcp://ADDRESS:PORT',
        'request_fulluri' => true,
        'header' => "Proxy-Authorization: Basic $auth",
    ),
);
$cxContext = stream_context_create($aContext);
copy("https://getcomposer.org/installer", "composer-setup.php", $cxContext);

This code also works:

$auth = base64_encode('USER:PASSWD');

$aContext = array(
    'http' => array(
        'proxy' => 'tcp://ADDRESS:PORT',
        'request_fulluri' => true,
        'header' => "Proxy-Authorization: Basic $auth",
    ),
);
$cxContext = stream_context_set_default($aContext);
copy("https://getcomposer.org/installer", "composer.php");

The username, password, proxy address would be passable to the script via environmental variables.

Can you look into this?

Thank you,
Tamas

Syspass on Docker Desktop for tests

Hello,

I try to test Syspass on Docker Desktop but it's impossible.
The folder app/config and app/backup are stored on my hard drive.

Docker Desktop mount them with full access and it's impossible to manages access right.
This choise was made by Docker Desktop team.
https://docs.docker.com/docker-for-windows/troubleshoot/#permissions-errors-on-data-directories-for-shared-volumes

Could you add something in you app to bypass this verficiation ?
If you will access to my want, you may add a warning on the front page "for test only and not secure".

Problems with session timeout

We recently tried to migrate from the normal installation to the container.
However we experienced a lot of problems with the session.
First of all the setting for the session timeout wasn't respected, it showed the correct value in the UI but logged us out over night.
Secondly users were getting randomly logged out, especially when they used it a lot.

We moved our installation now back to the normal setup without container and Nginx as the web server.
The sessions are now stable again.

Unfortunately I haven't found out what the exact problem was since the logs didn't display any useful information.

Manifest not found

Trying to deploy Syspass via docker-compose. I pulled the yml from the git page README.md (https://raw.githubusercontent.com/nuxsmin/docker-syspass/master/docker-compose.yml). I get the following:

syspass_admin@LIASSYSPASS:~$ docker-compose -p syspass -f docker-compose.yml up -d
Creating network "syspass_default" with the default driver
Creating volume "syspass_syspass-config" with default driver
Creating volume "syspass_syspass-backup" with default driver
Creating volume "syspass_syspass-db" with default driver
Pulling db (mariadb:10.2)...
10.2: Pulling from library/mariadb
6cf436f81810: Pull complete
987088a85b96: Pull complete
b4624b3efe06: Pull complete
d42beb8ded59: Pull complete
5badffea4c42: Pull complete
6107652a946b: Pull complete
1b31669dbe65: Pull complete
4d884b22dc63: Pull complete
cee72f2b293c: Pull complete
33323ef67397: Pull complete
d905e9f81679: Pull complete
c9bb778750ac: Pull complete
ef559d153bee: Pull complete
c8455d900375: Pull complete
Digest: sha256:86621042a97915d0d6c8bf58969e84dd2e56e5be54e8943525710dedfb80c83e
Status: Downloaded newer image for mariadb:10.2
Pulling app (nuxsmin/docker-syspass:3.0)...
ERROR: manifest for nuxsmin/docker-syspass:3.0 not found

Just in case, here's the docker-compose.yml as pulled:

version: '2'
services:
app:
container_name: syspass-app
image: nuxsmin/docker-syspass:3.0
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- syspass-config:/var/www/html/sysPass/app/config
- syspass-backup:/var/www/html/sysPass/app/backup
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- syspass-db:/var/lib/mysql

volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}

[Feature Request] Alpine based container

Is there any chance that there will be an Alpine version of your docker image in the future? Or is there a reason that it would not be possible?

Thanks for your good work anyway!

Switch between default HTTPS/HTTP (v3.1)

In v3.1 HTTPs is set as default in the apache config.

To avoid that I copy in a custom syspass.conf file where I changed the default VirtualHost and removed the RewriteEngine.

docker-compose.yml

...
  volumes:
      - syspass-config:/var/www/html/sysPass/app/config
      - syspass-backup:/var/www/html/sysPass/app/backup
      - ./syspass.conf:/etc/apache2/sites-available/syspass.conf
...

Custom syspass.conf

...
<VirtualHost _default_:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html/sysPass

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ...
  </VirtualHost>
</IfModule>

Question
Am I missing a simpler way to change the default behaviour to HTTP, e.g. in an (Docker) environment variable?

services:
  app:
    container_name: syspass-app
    image: syspass/syspass:3.1.0-rc4
    ...
    environment:
      - SSL = TRUE|FALSE # Whether to use SSL or not
    ports:
      ...
    volumes:
      ...

ENTRYPOINT/CMD usage in this project is breaking docker's build pipeline altogether

I've tried to add a CA to the image today using 2 methods, one was running a container with syspass, using docker cp to copy the CA and then using docker commit to generate a new image. I couldn't do that, because I used /usr/bin/yes as an entrypoint so the app wouldn't do anything while I was making an image out of it. When I commited the image it got rewritten and the new image pointed to /usr/bin/yes instead of /usr/local/sbin/entrypoint.sh. So I just made another image with the entrypoint set to the correct path and it still didn't work.

I also tried doing that with Dockerfile using the FROM statement like every sane image is used. It didn't work as well, because metadata on the image from the Dockerfile is broken. I'd have to repeat ENTRYPOINT/CMD lines for the image to even work and docker's pipeline shouldn't work like that. You ABSOLUTELY shouldn't EVER use CMD to pass an argument to the entrypoint script.

I'll attatch the metadata skew that is breaking the FROM statement. I can also submit a patch to the Dockerfiles, because it is really simple, you just need to put the statement into one ENTRYPOINT line instead of breaking it onto 2 lines and breaking docker's build pipeline.

Error while checking the database Please, try the installation again.

Hi,

I created the docker-compose file with networs, and nginx-proxy (in other compose file ( jwilder/nginx-proxy )). When I want installated syspass the system writed this error.
What could be the reason for that?

Order of creation:

docker network create nginx-proxy
docker-compose -p nginx-proxy -f nginx-proxy/docker-compose.yml

compose file:
version: '2'

services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
restart: always
networks:
- nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro

networks:
nginx-proxy:
external: true

docker-compose -p syspass -f syspass/docker-compose.yml

compose file:
version: '2'
services:
app:
container_name: syspass-app
image: nuxsmin/docker-syspass:latest
restart: always
networks:
- nginx-proxy
- default
environment:
- VIRTUAL_HOST=jelszo.vista.hu
volumes:
- syspass-config:/var/www/html/sysPass/config
- syspass-backup:/var/www/html/sysPass/backup
db:
container_name: syspass-db
restart: always
image: nuxsmin/docker-syspass:mysql
networks:
default:
aliases:
- db
- syspass-db
ports:
- "3306"
environment:
- DB_REMOTE_HOST=syspass-app.syspass_default
- DB_REMOTE_ROOT_PASS=syspass
volumes:
- syspass-db:/var/lib/mysql

volumes:
syspass-config:
syspass-backup:
syspass-db:

networks:
nginx-proxy:
external:
name: nginx-proxy
default:
driver: bridge

docker network ls:

NETWORK ID NAME DRIVER SCOPE
1a996b899403 bridge bridge local
fe846508a28d host host local
22a55494622f nginx-proxy bridge local
72192372741a none null local
cfbce377fa17 syspass_default bridge local

docker network inspect syspass_default:

    "Containers": {
        "735bceea779e797bafb3ee2f4ca2795e97f40e961188075ea8d5569c4dfd537a": {
            "Name": "syspass-db",
            "EndpointID": "85c7a8f95cce0c92c302c4680686c428bd765de25ebea0baf6d539dc02657a39",
            "MacAddress": "02:42:ac:12:00:03",
            "IPv4Address": "172.18.0.3/16",
            "IPv6Address": ""
        },
        "e1f222fc30919e70d7079fc955352f418b972916de272a7b258e304e81c7d638": {
            "Name": "syspass-app",
            "EndpointID": "1c13109ecc91491174298cb6feb3e600fcb349a504cbd9e38995abfe257e674c",
            "MacAddress": "02:42:ac:12:00:02",
            "IPv4Address": "172.18.0.2/16",
            "IPv6Address": ""
        }
    },

docker inspect syspass-db:

        "Networks": {
            "syspass_default": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": [
                    "735bceea779e",
                    "db",
                    "syspass-db"
                ],
                "NetworkID": "cfbce377fa178838b645303b1856c4baf70650f41db8c29243c3bc769ddd18da",
                "EndpointID": "85c7a8f95cce0c92c302c4680686c428bd765de25ebea0baf6d539dc02657a39",
                "Gateway": "172.18.0.1",
                "IPAddress": "172.18.0.3",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:12:00:03"
            }

docker inspect syspass-app:

        "Networks": {
            "nginx-proxy": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": [
                    "app",
                    "e1f222fc3091"
                ],
                "NetworkID": "22a55494622fb0273e9f865c93f6ca574194f048efda70632a71c3b786118d73",
                "EndpointID": "00016f93da24b3ed06984a5cbb7d3f54b2ff5072e9cd6adfa1eb9605555633d0",
                "Gateway": "172.20.0.1",
                "IPAddress": "172.20.0.3",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:14:00:03"
            },
            "syspass_default": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": [
                    "app",
                    "e1f222fc3091"
                ],
                "NetworkID": "cfbce377fa178838b645303b1856c4baf70650f41db8c29243c3bc769ddd18da",
                "EndpointID": "1c13109ecc91491174298cb6feb3e600fcb349a504cbd9e38995abfe257e674c",
                "Gateway": "172.18.0.1",
                "IPAddress": "172.18.0.2",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:12:00:02"
            }

docker exec -it syspass-db ping syspass-app:

PING syspass-app (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: icmp_seq=0 ttl=64 time=0.128 ms
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.069 ms

docker exec -it syspass-db mysql -e "select user,host from mysql.user;":

+------------------+-----------------------------+
| user | host |
+------------------+-----------------------------+
| root | 127.0.0.1 |
| root | 16163be85d95 |
| root | ::1 |
| debian-sys-maint | localhost |
| root | localhost |
| root | syspass-app.syspass_default |
+------------------+-----------------------------+

DB Configuration (MySQL):
DB access user: root
DB access password: syspass
syspass database name: syspass
syspass database server: db (or syspass-db)

Thank for your help!

No database connection

I have the same problem like #5 using the default docker-compose.yml
-> SQLSTATE[HY000] [1130] Host '172.18.0.1' is not allowed to connect to this MySQL server

I wonder why the syspass interface gets the 172.18.0.1 -> because container ip is ...0.2

version: '2'
services:
  app:
    container_name: syspass-app
    image: nuxsmin/docker-syspass:latest
    restart: always
    ports:
      - "3080:80"
      - "443:443"
    links:
      - db
    volumes:
      - /var/www/html/sysPass/config
      - /var/www/html/sysPass/backup
  db:
    container_name: syspass-db
    restart: always
    image: nuxsmin/docker-syspass:mysql
    ports:
      - "3306"
    environment:
      - DB_REMOTE_HOST=syspass-app.syspass_default
      - DB_REMOTE_ROOT_PASS=syspass
    volumes:
      - /var/lib/mysql

Db ist pingable without any problems:

docker exec -it 8460 ping syspass-db
PING syspass-db (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: icmp_seq=0 ttl=64 time=0.130 ms
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.115 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.106 ms

they are both in the same network:

"Containers": {
            "31a4848ee1a9f59455ce4c4235bcc7ed3514777dd0c108dfd7046fc1794789f5": {
                "Name": "syspass-db",
                "EndpointID": "73edb4fcc9630d60aab9b723aedf8ba9d74878d37f6fca910d61574f86ba8d6a",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "84605c3f36ef48c0993eafd5d973250a074d90aac80d0e758131b4929433b651": {
                "Name": "syspass-app",
                "EndpointID": "ea399b6279631eed0b5371f980f4da2fca1fb11a03315265b62c5c2bb6c1016b",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },

Unable to search after create or edit account

Hi,
As titled, it was unable to search after creating or editing an account.
I have tested Chrome (Ver: 70.0.3538.102) and Firebox (Ver: 62.0) with same the symptoms.

The resolution is press "F5" to refresh the browser and it works again.

sysPass version | 3.0-rc4 (300.18112501)
Database | SERVER_VERSION : 5.5.5-10.3.9-MariaDB-1:10.3.9+maria~bionic-log

Problem with docker dB

sysPass Version
3.1.0

Describe the question
I problems that the MariadB won't start. If I log in to the db-container and try /etc/init.d/mysql start all I get is fail.

Also, running:
/etc/init.d/mysql status
Results in * MariaDB is stopped.

There are no files in the /var/log/mysql directory.

Screenshots
If applicable, add screenshots to help explain your problem.

Platform (please complete the following information):

OS: Dockerdesktop on Windows 10, installation through docker-compose as described on https://syspass-doc.readthedocs.io/en/3.1/installing/docker.html

Additional context
These are the logs from when initializing the DB:
syspass-db | MySQL init process in progress...
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] mysqld (mysqld 10.2.26-MariaDB-1:10.2.26+mariabionic) starting as process 105 ...
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Uses event mutexes
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Compressed tables use zlib 1.2.11
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Using Linux native AIO
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Number of pools: 1
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Using SSE2 crc32 instructions
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Completed initialization of buffer pool
syspass-db | 2019-09-12 17:00:05 140714267793152 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Highest supported file format is Barracuda.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: 128 out of 128 rollback segments are active.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Creating shared tablespace for temporary tables
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] InnoDB: 5.7.27 started; log sequence number 1619987
syspass-db | 2019-09-12 17:00:05 140713966679808 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
syspass-db | 2019-09-12 17:00:05 140713966679808 [Note] InnoDB: Buffer pool(s) load completed at 190912 17:00:05
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] Plugin 'FEEDBACK' is disabled.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Warning] 'user' entry 'root@45a312d00d0d' ignored in --skip-name-resolve mode.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Warning] 'proxies_priv' entry '@% root@45a312d00d0d' ignored in --skip-name-resolve mode.
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] Reading of all Master_info entries succeeded
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] Added new Master_info '' to hash table
syspass-db | 2019-09-12 17:00:05 140714989835584 [Note] mysqld: ready for connections.
syspass-db | Version: '10.2.26-MariaDB-1:10.2.26+mariabionic' socket: '/var/run/mysqld/mysqld.sock' port: 0 mariadb.org binary distribution
syspass-db | Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
syspass-db | 2019-09-12 17:00:12 140714806019840 [Warning] 'proxies_priv' entry '@% root@45a312d00d0d' ignored in --skip-name-resolve mode.
syspass-db |
syspass-db | 2019-09-12 17:00:12 140714206791424 [Note] mysqld (initiated by: unknown): Normal shutdown
syspass-db | 2019-09-12 17:00:12 140714206791424 [Note] Event Scheduler: Purging the queue. 0 events
syspass-db | 2019-09-12 17:00:12 140714215184128 [Note] InnoDB: FTS optimize thread exiting.
syspass-db | 2019-09-12 17:00:12 140714206791424 [Note] InnoDB: Starting shutdown...
syspass-db | 2019-09-12 17:00:12 140713966679808 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
syspass-db | 2019-09-12 17:00:12 140713966679808 [Note] InnoDB: Buffer pool(s) dump completed at 190912 17:00:12
syspass-db | 2019-09-12 17:00:13 140714206791424 [Note] InnoDB: Shutdown completed; log sequence number 1620015
syspass-db | 2019-09-12 17:00:13 140714206791424 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
syspass-db | 2019-09-12 17:00:13 140714206791424 [Note] mysqld: Shutdown complete
syspass-db |
syspass-db |
syspass-db | MySQL init process done. Ready for start up.
syspass-db |
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] mysqld (mysqld 10.2.26-MariaDB-1:10.2.26+mariabionic) starting as process 1 ...
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Uses event mutexes
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Compressed tables use zlib 1.2.11
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Using Linux native AIO
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Number of pools: 1
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Using SSE2 crc32 instructions
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Completed initialization of buffer pool
syspass-db | 2019-09-12 17:00:13 140586520360704 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
syspass-db | 2019-09-12 17:00:13 140587249276224 [Note] InnoDB: Highest supported file format is Barracuda.
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] InnoDB: 128 out of 128 rollback segments are active.
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] InnoDB: Creating shared tablespace for temporary tables
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] InnoDB: 5.7.27 started; log sequence number 1620015
syspass-db | 2019-09-12 17:00:14 140586283689728 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] Plugin 'FEEDBACK' is disabled.
syspass-db | 2019-09-12 17:00:14 140586283689728 [Note] InnoDB: Buffer pool(s) load completed at 190912 17:00:14
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] Server socket created on IP: '::'.
syspass-db | 2019-09-12 17:00:14 140587249276224 [Warning] 'proxies_priv' entry '@% root@45a312d00d0d' ignored in --skip-name-resolve mode.
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] Reading of all Master_info entries succeeded
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] Added new Master_info '' to hash table
syspass-db | 2019-09-12 17:00:14 140587249276224 [Note] mysqld: ready for connections.
syspass-db | Version: '10.2.26-MariaDB-1:10.2.26+mariabionic' socket: '/var/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution

Application maintanance mode after upgrade

Hello!
I tried docker compose syspass. After successful connect to database syspass ask upgrade. After upgrade Syspass going in maintanance mode and now does not work.
What I must to do to leave maintanance mode?
Thank You,
Andrew

[docker latest image with php 7.0.33 and 7.3] syspass/plugin-authenticator Installation failed via env

https://syspass-doc.readthedocs.io/en/3.1/installing/docker.html
–env COMPOSER_EXTENSIONS=’syspass/plugin-authenticator’” is outdated.

docker logs syspass-docker
entrypoint: Starting with UID : 9001
setup_app: Setting up permissions
setup_composer_extensions: syspass/plugin-authenticator
~ /var/www/html
run_composer: Running composer
Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2.0 is now available and you should upgrade. See https://getcomposer.org/2
Using version ^2.1 for syspass/plugin-authenticator
./composer.json has been updated
Loading composer repositories with package information
Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2.0 is now available and you should upgrade. See https://getcomposer.org/2
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - The requested package phpseclib/phpseclib (locked at 2.0.21, required as ~2.0.25) is satisfiable by phpseclib/phpseclib[2.0.21] but these conflict with your requirements or minimum-stability.
  Problem 2
    - The requested package php-di/php-di (locked at 6.0.9, required as ~6.0.11) is satisfiable by php-di/php-di[6.0.9] but these conflict with your requirements or minimum-stability.
  Problem 3
    - Installation request for syspass/extension-installer-plugin dev-master -> satisfiable by syspass/extension-installer-plugin[dev-master].
    - syspass/extension-installer-plugin dev-master requires composer-plugin-api ^2.0 -> no matching package found.
  Problem 4
    - syspass/extension-installer-plugin v2.0.x-dev requires composer-plugin-api ^2.0 -> no matching package found.
    - syspass/extension-installer-plugin dev-master requires composer-plugin-api ^2.0 -> no matching package found.
    - syspass/extension-installer-plugin dev-develop requires composer-plugin-api ^2.0 -> no matching package found.
    - syspass/plugin-authenticator v2.1.0 requires syspass/extension-installer-plugin * -> satisfiable by syspass/extension-installer-plugin[dev-develop, dev-master, v2.0.x-dev].
    - Installation request for syspass/plugin-authenticator ^2.1 -> satisfiable by syspass/plugin-authenticator[v2.1.0].

Potential causes:
 - A typo in the package name
 - The package is not available in a stable-enough version according to your minimum-stability setting
   see <https://getcomposer.org/doc/04-schema.md#minimum-stability> for more details.
 - It's a private package and you forgot to add a custom repository to find it

Read <https://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.
Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.

Installation failed, reverting ./composer.json to its original content.
/var/www/html
setup_locales: Setting up locales
Generating locales (this might take a while)...
  ca_ES.UTF-8... done
  de_DE.UTF-8... done
  en_GB.UTF-8... done
  en_US.UTF-8... done
  es_ES.UTF-8... done
  fr_FR.UTF-8... done
  it_IT.UTF-8... done
  nl_NL.UTF-8... done
  pl_PL.UTF-8... done
  pt_BR.UTF-8... done
  ru_RU.UTF-8... done
  da.UTF-8...cannot open locale definition file `da': No such file or directory
 done
  fo.UTF-8...cannot open locale definition file `fo': No such file or directory
 done
Generation complete.

Persistent volumes

Hi I am no expert on docker. Would you be able to give an example how I would use persistent volumes across updates:

volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}

Please Help Us. We can't access any of our passwords.

Hello,

My name is Dylan and I work as the IT Director at a large High School district. We can't use our SysPass to access passwords and we're dead in the water at figuring out what's wrong. The error I receive when I visit the SysPass URL is:

Unable to connect to the DB
Error 2002: SQLSTATE[HY000] [2002] Connection refused

Any help would be so much appreciated!

Thanks in advance!

Move into sysPass organization?

Can you move into https://github.com/sysPass?

Tag Docker images properly

Would it be possible to tag Docker images properly with sysPass version ?
I'd like to use it, but having only a latest tag offers zero control on my end.

Let me know if you want me to submit a PR for this.
Thanks

Mariadb user account

Hello,
Thank you for syspass, it's really great.
I would like to submit a bug I encountered.
I use a mariadb container with syspass.
The mariadb user account created during install creates privileges and the server indicated is ip address (which can change on docker) or hostname (on docker it's the container ID which changes everytime the container is recreated). So it was impossible to me to connect to mariadb database when both cases happened (IP and hostname changed). I had to create a new user using "%" as server.
I don't know if it's easier to change install script or maybe indicate users to use "hostname" docker option so hostname will remain the same when the container is recreated.
I hope it's not too complicated to understand. I'm not an english native :-/
Thank you

unable to connect to external DB

Hello,

I have a fresh install of 3.2 and MariaDB version 10.3 and during setup the app continues to tell me that it is unable to connect to the DB.

I have rooted into the container executed various ping and tcp connections to verify it can reach the DB
I see the connections being made on my workbench client from the app and its in process of trying to create the DB and build tables
the syspass db user has full DBA rights

I need some help here.

Thanks,

2fa not present?

have installed syspass via docker compose, but there is not 2fa available in the preferences panel for a user. The live demo shows this, and I have reinstalled several times to ensure I was not missing a configuration step.

Usage of a web proxy

Hi,
i try to deploy the latest syspass version with authenticator plugin in Docker, currently i run into issues as outbound internet connectivity is only allowed via a web-proxy.
I already tried to add environment variables http_proxy='http://IP:PORT' and same for https_proxy, but I still see outbound connection attempts on the firewall.
The log-files show a connection time-out:

entrypoint: Starting with UID : 9001
setup_app: Setting up permissions
setup_composer_extensions: 'syspass/plugin-authenticator'
~ /var/www/html
run_composer: Running composer


  [Composer\Downloader\TransportException]
  The "https://repo.packagist.org/packages.json" file could not be downloaded: failed to open stream: Connection timed out


require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-suggest] [--no-update] [--no-scripts] [--update-no-dev] [--update-with-dependencies] [--update-with-all-dependencies] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--] [<packages>]...

/var/www/html
setup_locales: Setting up locales
Generating locales (this might take a while)...
  ca_ES.UTF-8... done
  de_DE.UTF-8... done
  en_GB.UTF-8... done
  en_US.UTF-8... done
  es_ES.UTF-8... done
  fr_FR.UTF-8... done
  it_IT.UTF-8... done
  nl_NL.UTF-8... done
  pl_PL.UTF-8... done
  pt_BR.UTF-8... done
  ru_RU.UTF-8... done
  da.UTF-8...cannot open locale definition file `da': No such file or directory
 done
  fo.UTF-8...cannot open locale definition file `fo': No such file or directory
 done
Generation complete.
######
sysPass environment installed and configured. Please point your browser to https://172.21.0.3 to start the installation
######
entrypoint: Starting Apache
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.21.0.3. Set the 'ServerName' directive globally to suppress this message
[Fri Mar 27 10:53:27.620800 2020] [ssl:warn] [pid 723] AH01909: 172.21.0.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.21.0.3. Set the 'ServerName' directive globally to suppress this message
[Fri Mar 27 10:53:27.661011 2020] [ssl:warn] [pid 723] AH01909: 172.21.0.3:443:0 server certificate does NOT include an ID which matches the server name
[Fri Mar 27 10:53:27.664333 2020] [mpm_prefork:notice] [pid 723] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2s configured -- resuming normal operations
[Fri Mar 27 10:53:27.664364 2020] [core:notice] [pid 723] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Fri Mar 27 10:53:36.469519 2020] [:error] [pid 725] [client 10.127.203.6:53436] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:53:36.819728 2020] [:error] [pid 725] [client 10.127.203.6:53436] [EXCEPTION] [File not found (/var/www/html/sysPass/app/cache/icons.cache)\n#0 /var/www/html/sysPass/lib/SP/Storage/File/FileCacheBase.php(70): SP\\Storage\\File\\FileHandler->checkFileExists()\n#1 /var/www/html/sysPass/lib/SP/Core/UI/Theme.php(159): SP\\Storage\\File\\FileCacheBase->isExpired(Integer)\n#2 /var/www/html/sysPass/lib/SP/Core/UI/Theme.php(127): SP\\Core\\UI\\Theme->initIcons()\n#3 /var/www/html/sysPass/app/modules/web/Init.php(173): SP\\Core\\UI\\Theme->initTheme(Boolean)\n#4 /var/www/html/sysPass/lib/SP/Bootstrap.php(232): SP\\Modules\\Web\\Init->initialize(String)\n#5 [internal function]: SP\\Bootstrap->SP\\{closure}(Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#6 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure),Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#7 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\\Klein->handleRouteCallback(Object(Klein\\Route),Object(Klein\\DataCollection\\RouteCollection),Array)\n#8 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\\Klein->dispatch(Object(Klein\\Request))\n#9 /var/www/html/sysPass/lib/Base.php(75): SP\\Bootstrap->run(Object(DI\\Container))\n#10 /var/www/html/sysPass/index.php(28): require(String)] N/A, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:53:36.821129 2020] [:error] [pid 725] [client 10.127.203.6:53436] [INFO] [Saved icons cache] SP\\Core\\UI\\Theme::saveIcons, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:53:36.834568 2020] [:error] [pid 725] [client 10.127.203.6:53436] [EXCEPTION] [File not found (/var/www/html/sysPass/app/cache/actions.cache)\n#0 /var/www/html/sysPass/lib/SP/Storage/File/FileCacheBase.php(70): SP\\Storage\\File\\FileHandler->checkFileExists()\n#1 /var/www/html/sysPass/lib/SP/Core/Acl/Actions.php(90): SP\\Storage\\File\\FileCacheBase->isExpired(Integer)\n#2 /var/www/html/sysPass/lib/SP/Core/Acl/Actions.php(78): SP\\Core\\Acl\\Actions->loadCache()\n#3 /var/www/html/sysPass/lib/Definitions.php(77): SP\\Core\\Acl\\Actions->__construct(Object(SP\\Storage\\File\\FileCache),Object(SP\\Storage\\File\\XmlHandler))\n#4 [internal function]: DI\\Definition\\Source\\DefinitionFile->{closure}(Object(DI\\Container))\n#5 /var/www/html/sysPass/vendor/php-di/invoker/src/Invoker.php(82): call_user_func_array(Object(Closure),Array)\n#6 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/FactoryResolver.php(80): Invoker\\Invoker->call(Object(Closure),Array)\n#7 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ResolverDispatcher.php(64): DI\\Definition\\Resolver\\FactoryResolver->resolve(Object(DI\\Definition\\FactoryDefinition),Array)\n#8 /var/www/html/sysPass/vendor/php-di/php-di/src/Container.php(380): DI\\Definition\\Resolver\\ResolverDispatcher->resolve(Object(DI\\Definition\\FactoryDefinition),Array)\n#9 /var/www/html/sysPass/vendor/php-di/php-di/src/Container.php(138): DI\\Container->resolveDefinition(Object(DI\\Definition\\FactoryDefinition))\n#10 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Reference.php(53): DI\\Container->get(String)\n#11 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ResolverDispatcher.php(59): DI\\Definition\\Reference->resolve(Object(DI\\Container))\n#12 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ParameterResolver.php(78): DI\\Definition\\Resolver\\ResolverDispatcher->resolve(Object(DI\\Definition\\Reference))\n#13 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ObjectCreator.php(139): DI\\Definition\\Resolver\\ParameterResolver->resolveParameters(Object(DI\\Definition\\ObjectDefinition\\MethodInjection),Object(ReflectionMethod),Array)\n#14 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ObjectCreator.php(71): DI\\Definition\\Resolver\\ObjectCreator->createInstance(Object(DI\\Definition\\AutowireDefinition),Array)\n#15 /var/www/html/sysPass/vendor/php-di/php-di/src/Definition/Resolver/ResolverDispatcher.php(64): DI\\Definition\\Resolver\\ObjectCreator->resolve(Object(DI\\Definition\\AutowireDefinition),Array)\n#16 /var/www/html/sysPass/vendor/php-di/php-di/src/Container.php(380): DI\\Definition\\Resolver\\ResolverDispatcher->resolve(Object(DI\\Definition\\AutowireDefinition),Array)\n#17 /var/www/html/sysPass/vendor/php-di/php-di/src/Container.php(138): DI\\Container->resolveDefinition(Object(DI\\Definition\\AutowireDefinition))\n#18 /var/www/html/sysPass/app/modules/web/Controllers/Traits/WebControllerTrait.php(140): DI\\Container->get(String)\n#19 /var/www/html/sysPass/app/modules/web/Controllers/SimpleControllerBase.php(64): SP\\Modules\\Web\\Controllers\\SimpleControllerBase->setUp(Object(DI\\Container))\n#20 /var/www/html/sysPass/lib/SP/Bootstrap.php(238): SP\\Modules\\Web\\Controllers\\SimpleControllerBase->__construct(Object(DI\\Container),String)\n#21 [internal function]: SP\\Bootstrap->SP\\{closure}(Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#22 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure),Object(Klein\\Request),Object(Klein\\Response),Object(Klein\\ServiceProvider),Object(Klein\\App),Object(Klein\\Klein),Object(Klein\\DataCollection\\RouteCollection),Array)\n#23 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\\Klein->handleRouteCallback(Object(Klein\\Route),Object(Klein\\DataCollection\\RouteCollection),Array)\n#24 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\\Klein->dispatch(Object(Klein\\Request))\n#25 /var/www/html/sysPass/lib/Base.php(75): SP\\Bootstrap->run(Object(DI\\Container))\n#26 /var/www/html/sysPass/index.php(28): require(String)] N/A, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:53:36.834637 2020] [:error] [pid 725] [client 10.127.203.6:53436] [INFO] [ACTION CACHE MISS] SP\\Core\\Acl\\Actions::mapAndSave, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:53:36.836905 2020] [:error] [pid 725] [client 10.127.203.6:53436] [INFO] [Saved actions cache] SP\\Core\\Acl\\Actions::saveCache, referer: https://10.127.100.49:9001/index.php?r=index
10.127.203.6 - - [27/Mar/2020:10:53:36 +0000] "GET /index.php?r=items/notifications&sk=51f7a22ef95b0353ba451b5a5426fd8d410e85d5&isAjax=1&_=1585304975287 HTTP/1.1" 200 1906 "https://10.127.100.49:9001/index.php?r=index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
[Fri Mar 27 10:55:36.366567 2020] [:error] [pid 727] [client 10.127.203.6:53724] [INFO] [Extensions checked] SP\\Core\\PhpExtensionChecker::checkMandatory, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:55:36.539483 2020] [:error] [pid 727] [client 10.127.203.6:53724] [INFO] [Loaded icons cache] SP\\Core\\UI\\Theme::initIcons, referer: https://10.127.100.49:9001/index.php?r=index
[Fri Mar 27 10:55:36.545250 2020] [:error] [pid 727] [client 10.127.203.6:53724] [INFO] [Loaded actions cache] SP\\Core\\Acl\\Actions::loadCache, referer: https://10.127.100.49:9001/index.php?r=index
10.127.203.6 - - [27/Mar/2020:10:55:36 +0000] "GET /index.php?r=items/notifications&sk=51f7a22ef95b0353ba451b5a5426fd8d410e85d5&isAjax=1&_=1585304975288 HTTP/1.1" 200 626 "https://10.127.100.49:9001/index.php?r=index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"

Compose file:

version: '2'
services:
  app:
    container_name: syspass-app
    image: syspass/syspass:3.1.0 # Set this version tag to desired one
    restart: always
    # Will listen on ports 80 and 443 of the host
    ports:
      - "9001:443"
    depends_on:
      - db
    volumes:
      - syspass-config:/var/www/html/sysPass/app/config
      - syspass-backup:/var/www/html/sysPass/app/backup
    # Set USE_SSL=no if you're using a LB or reverse proxy for SSL offloading
    environment:
      - USE_SSL=yes
      - COMPOSER_EXTENSIONS='syspass/plugin-authenticator'
      - http_proxy='http://10.127.100.21:3128'
      - https_proxy='http://10.127.100.21:3128'
  db:
    container_name: syspass-db
    restart: always
    image: mariadb:10.2
    # Set a secure password for MariaDB root user
    environment:
      - MYSQL_ROOT_PASSWORD=9-V16PW0pFXMf#HIl!JWF*6C
    # This ports will only be accesible internally
    expose:
      - "3306"
    volumes:
      - syspass-db:/var/lib/mysql

# Persistent volumes to be used across updates
volumes:
  syspass-config:
    driver: local
  syspass-backup:
    driver: local
  syspass-db:
    driver: local

Any solution ?
Thanks for your help !

Updated docker-compose File

Hi,

i worked a little bit with your docker-compose file and it wasn't very handy. For exmaple if i shout down the appliction and databse and restartet it (docker compose down and up) because of the docker link feature, the container are getting dhcp ip adresses. Also i exposed the Port 80 and 443 like in your Documentation. Also i am using LDAPS. Therefore i changed a little bit of the compose file. If your interested to merge some changes to yours, feel free.

version: '2'
services:
  app:
    container_name: syspass-app
    image: syspass/syspass:3.1.1
    hostname: <SYSPASS_HOSTNAME>
    networks:
      syspass_net:
        ipv4_address: 172.21.0.3
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /opt/syspass/config:/var/www/html/sysPass/app/config
      - /opt/syspass/backup:/var/www/html/sysPass/app/backup
      - /opt/syspass/ssl/<SYSPASS_CERT>:/etc/ssl/certs/ssl-cert-snakeoil.pem
      - /opt/syspass/ssl/<SYSPASS_KEY>:/etc/ssl/private/ssl-cert-snakeoil.key
      - /opt/syspass/ssl/<AD_CA_CERT>:/etc/ssl/certs/ca-certificates.crt
    environment:
      - USE_SSL=yes
  db:
    container_name: syspass-db
    restart: always
    image: mariadb:10.2
    networks:
      syspass_net:
        ipv4_address: 172.21.0.4
    environment:
      - MYSQL_ROOT_PASSWORD=syspass
    expose:
      - "3306"
    volumes:
      - /opt/syspass/db:/var/lib/mysql
networks:
  syspass_net:
    ipam:
      driver: default
      config:
        - subnet: 172.21.0.0/16

<SYSPASS_HOSTNAME> is the Hostname / DNS Entry which you want to call in Browser.
<SYSPASS_CERT> is the SSL Certificate for the Apache
<SYSPASS_KEY> is the SSL Key for the Apache
<AD_CA_CERT> is the SSL CA Certificate from your Active Directory for LDAPS. You can get this Certificate via:

echo -n | openssl s_client -connect <LDAP_HOST>:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapserver.crt

If you run syspass in your Environment, it should be enough to mount the AD CA Certificate to /etc/ssl/certs/ca-certificates.crt into container

if you have questions don't hesitate to contact me
best regards

Mail is Broken

Hello in Version 3.2.

We are unable to perform a valid test with mail. We used our own private server then we utilized the gmail smtp server with auth. When we test authentication syspass comes back and says:

Error while sending the SMTP Error: Could not authenticate.

We used the exact same email and pass for another app and it worked flawlessly

Syspass is having trouble with our private email server as well. When attempting to send a test mail the app just hangs.

Error - access denied (docker-swarm)

Error syspass running docker-swarm, the execution present message below.

[Warning] Access denied for user 'sp_612186194a48d'@'ip.address' (using password: YES)

If do execution normaly docker-compose is done success!

Syspass don`t it achieves understand about the tree network of swarm ?

Below my .yml

version: '3.7'

networks:
net:
driver: overlay
attachable: true

services:
app:
image: syspass/syspass:3.2.2
ports:
- "42981:80"
- "42982:443"
deploy:
restart_policy:
condition: on-failure
resources:
limits:
cpus: "0.5"
memory: 256M
networks:
- net
db:
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
deploy:
restart_policy:
condition: on-failure
resources:
limits:
cpus: "0.5"
memory: 256M
networks:
- net

Network Configuration

Hey,

I need to use Syspass with the default network interface (docker0) if i'ts possible.

How can i launch it without the "syspass_default" network ?

Thx for your job !

Best Regards.

syspass/plugin-authenticator does not work with Docker instructions

It is not possible for me to activate the plugin.

version: '2'
services:
  app:
    container_name: syspass-app
    image: syspass/syspass:3.0.5
    restart: unless-stopped
    environment:
      - COMPOSER_EXTENSIONS=syspass/plugin-authenticator
    ports:
      - "8080:80"
      - "8443:443"
    links:
      - db
    volumes:
      - syspass-config:/var/www/html/sysPass/app/config
      - syspass-backup:/var/www/html/sysPass/app/backup
  db:
    container_name: syspass-db
    restart: unless-stopped
    image: mariadb:10.2
    environment:
      - MYSQL_ROOT_PASSWORD=EinTollesPasswort
    ports:
      - "3306"
    volumes:
      - syspass-db:/var/lib/mysql

volumes:
  syspass-config: {}
  syspass-backup: {}
  syspass-db: {}

syspass-app | setup_app: Setting up permissions
syspass-app | setup_composer_extensions: syspass/plugin-authenticator
syspass-app | ~ /var/www/html
syspass-app | run_composer: Running composer
syspass-app | Using version ^2.0 for syspass/plugin-authenticator
syspass-app | ./composer.json has been updated
syspass-app | Loading composer repositories with package information
syspass-app | Updating dependencies (including require-dev)
syspass-app | Your requirements could not be resolved to an installable set of packages.
syspass-app |
syspass-app |   Problem 1
syspass-app |     - The requested PHP extension ext-xdebug * is missing from your system. Install or enable PHP's xdebug extension.
syspass-app |
syspass-app |
syspass-app | Installation failed, reverting ./composer.json to its original content.

sysPass Version | 3.0 (305.19020701)                         Config: 305.19020701                         App: 305.19020701                         DB: 305.19020701
-- | --
Datenbank | SERVER_VERSION : 5.5.5-10.2.24-MariaDB-1:10.2.24+maria~bionic                                             CLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $                                             SERVER_INFO : Uptime: 216   Threads: 8  Questions: 380  Slow queries: 0  Opens: 44  Flush tables: 1   Open tables: 38  Queries per second avg: 1.759                                             CONNECTION_STATUS : syspass-db via TCP/IP                                         Name: syspass@syspass-db
PHP | Version: 7.0.33-0+deb9u1                         Erweiterungen: Core, date, libxml, openssl,  pcre, zlib, filter, hash, Reflection, SPL, session, standard,  apache2handler, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring,  fileinfo, ftp, gd, gettext, iconv, intl, json, ldap, exif, mcrypt,  mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets,  sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl,  Zend OPcache                                     Verwendeter Speicher: 4096 KB                         Benutzer: root                         Download-Rate: 43 MB/s                                             OP Cache                                    num_cached_scripts : 350                                    num_cached_keys : 656                                    max_cached_keys : 3907                                    hits : 4028                                    start_time : 1558355332                                    last_restart_time : 0                                    oom_restarts : 0                                    hash_restarts : 0                                    manual_restarts : 0                                    misses : 350                                    blacklist_misses : 0                                    blacklist_miss_ratio : 0                                    opcache_hit_rate : 92,005481955231
Server | Apache/2.4.25 (Debian)

Docker LDAPS Synology

Dear Nuxsmin / others,
I've got a general problem. I've tried it with our
own Linux VM sysPass and Docker but it seems there are
SSL cert problems when trying to connect to the
Active Directory by our Synology. (LDAPS credentials invalid (49)
Without TLS turned on it says it requires more security.
I've tried to set TLS_REQCERT to "allow" / "never" in
/etc/ldap/ldap.conf but it does not seem to change anything.
There are hints about a /etc/openldap/ldap.conf, but it does not
seem to be in the docker container syspass-app, does it?

Usage with traefik

Hi,

Im trying to setup syspass behind traefik unsucessfully.

Some elements are trying to be loaded with http instead https and page is not loading correctly.

I have USE_SSL=no

Any thoughs on how to fix this?

Thanks in advance

default apache config leaks privat files

Hi, the default apache config inside the docker image make it possible to leak everything.

docker container upgrade 2.1 > 3.0.x fails

Hi,

i'm struggeling migrating a 2.1 docker container to 3.0.4 (on another host). Orientation according to https://doc.syspass.org/en/3.0/updating/v3.html, ignoring the installation steps, as the container should contain everything already.

What I did was:

moved config.xml, key.pem and pubkey.pem to another host
moved sql database to another host (mysqldump)
ran syspass-only docker container with volumes taken from https://raw.githubusercontent.com/nuxsmin/docker-syspass/master/docker-compose.yml (config is in correct subfolder sysPass/app/config/config.xml now!)
modified permission for the files to www-data:user (according to the other files and apache process within docker file)
modified database sections in config.xml to point to new database
checked for <upgradeKey></upgradeKey>, which was EMPTY in my config.xml

When accessing the page I receive the error in browser: Host has sent invalid response. ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION

Checking the logs I find a lot of these "Context not initialized" exceptions, assuming they are not relevant:

[...]
019-02-08 13:03:29 [EXCEPTION] [N/A] Context not initialized
#0 /var/www/html/sysPass/lib/SP/Core/Context/ContextBase.php(143): SP\Core\Context\ContextBase->checkContext()
#1 /var/www/html/sysPass/lib/SP/Core/Context/SessionContext.php(100): SP\Core\Context\ContextBase->getContextKey('locale', NULL)
#2 /var/www/html/sysPass/lib/SP/Core/Context/SessionContext.php(392): SP\Core\Context\SessionContext->getContextKey('locale')
#3 /var/www/html/sysPass/lib/SP/Core/Language.php(222): SP\Core\Context\SessionContext->getLocale()
#4 /var/www/html/sysPass/lib/SP/Providers/Log/FileLogHandler.php(112): SP\Core\Language->unsetAppLocales()
#5 /var/www/html/sysPass/lib/SP/Core/Events/EventDispatcherBase.php(121): SP\Providers\Log\FileLogHandler->updateEvent('upgrade.config....', Object(SP\Core\Events\Event))
#6 /var/www/html/sysPass/lib/SP/Services/Upgrade/UpgradeConfigService.php(222): SP\Core\Events\EventDispatcherBase->notifyEvent('upgrade.config....', Object(SP\Core\Events\Event))
#7 /var/www/html/sysPass/lib/SP/Bootstrap.php(415): SP\Services\Upgrade\UpgradeConfigService->upgrade('217.17042101', Object(SP\Config\ConfigData))
#8 /var/www/html/sysPass/lib/SP/Bootstrap.php(389): SP\Bootstrap->checkConfigVersion()
#9 /var/www/html/sysPass/lib/SP/Bootstrap.php(292): SP\Bootstrap->initConfig()
#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(223): SP\Bootstrap->initializeCommon()
#11 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#12 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#13 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)
#14 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#15 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#16 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#17 {main}
2019-02-08 13:03:29 [ERROR] [SP\Core\Language::setLocales] Could not set locale
[...]

Then it complains not being able to access the config.xml. Permissions are correct, and after the http request the file has been wiped (0 bytes), so it absolutely had write access to it:

[...]
2019-02-08 13:03:29 [EXCEPTION] [N/A] Unable to read/write file (/var/www/html/sysPass/app/config/config.xml)
#0 /var/www/html/sysPass/lib/SP/Storage/File/XmlHandler.php(80): SP\Storage\File\FileHandler->getFileSize(true)
#1 /var/www/html/sysPass/lib/SP/Config/Config.php(165): SP\Storage\File\XmlHandler->load('config')
#2 /var/www/html/sysPass/lib/SP/Config/Config.php(253): SP\Config\Config->loadConfigFromFile()
#3 /var/www/html/sysPass/app/modules/web/Init.php(155): SP\Config\Config->loadConfig(true)
#4 /var/www/html/sysPass/lib/SP/Bootstrap.php(228): SP\Modules\Web\Init->initialize('index')
#5 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#6 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#7 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)
#8 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#9 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#10 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#11 {main}
2019-02-08 13:03:29 [INFO] [SP\Core\UI\Theme::saveIcons] Saved icons cache
[...]

Then it notices upgrade is needed, but fails to check the database:

[...]
2019-02-08 13:03:29 [ERROR] [SP\Modules\Web\Init::initialize] Upgrade needed
2019-02-08 13:03:29 [ERROR] [SP\Modules\Web\Init::initialize] Database checking error
2019-02-08 13:03:29 [EXCEPTION] [N/A] Response is locked
#0 /var/www/html/sysPass/vendor/klein/klein/src/Klein/AbstractResponse.php(211): Klein\AbstractResponse->requireUnlocked()
#1 /var/www/html/sysPass/vendor/klein/klein/src/Klein/AbstractResponse.php(523): Klein\AbstractResponse->code(302)
#2 /var/www/html/sysPass/app/modules/web/Init.php(213): Klein\AbstractResponse->redirect('index.php?r=err...')
#3 /var/www/html/sysPass/lib/SP/Bootstrap.php(228): SP\Modules\Web\Init->initialize('index')
#4 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#5 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(886): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)
#6 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)
#7 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#8 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#9 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#10 {main}
2019-02-08 13:03:29 [EXCEPTION] [N/A] Response is locked
#0 /var/www/html/sysPass/vendor/klein/klein/src/Klein/AbstractResponse.php(157): Klein\AbstractResponse->requireUnlocked()
#1 /var/www/html/sysPass/lib/SP/Bootstrap.php(145): Klein\AbstractResponse->body('Response is loc...')
#2 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Klein), 'Response is loc...', 'Klein\\Exception...', Object(Klein\Exceptions\LockedResponseException))
#3 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(936): call_user_func(Object(Closure), Object(Klein\Klein), 'Response is loc...', 'Klein\\Exception...', Object(Klein\Exceptions\LockedResponseException))
#4 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(645): Klein\Klein->error(Object(Klein\Exceptions\LockedResponseException))
#5 /var/www/html/sysPass/lib/SP/Bootstrap.php(456): Klein\Klein->dispatch(Object(Klein\Request))
#6 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))
#7 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')
#8 {main}

And that's where I end up currently. Any clue what's happening here?

Why is the config.xml being cleared? (although error shows not being able to access it?)
Why it can detect an upgrade to the db is needed, when it cleared the config.xml before?
What's behind the "Database checking error"?
Why is my upgradeKey emtpy?

SysPass / LDAP unvailable modul

Hi everyone,

I want to configure LDAP on my sysPass server, but i have an error message :
Ldap module is unvailabe

Can anyone help me please ?

DB connection issue

hi,

I am using the latest (3.2) syspass-docker and I can't reach the DB when I try to configure the syspass.

from the docker log I see this:
syspass-app | [Wed Jan 06 16:38:37.234889 2021] [php7:notice] [pid 24] [client 10.65.193.101:53091] [EXCEPTION] [(P) SQLSTATE[HY000] [1045] Access denied for user 'sp_5ff5e78b6ba2c'@'10.1.9.197' (using password: YES)\n#0 /var/www/html/sysPass/lib/SP/Storage/Database/MySQLHandler.php(109): PDO->__construct('mysql:charset=u...', 'sp_5ff5e78b6ba2...', 'twn5!WgGp0)DDsp...', Array)\n#1 /var/www/html/sysPass/lib/SP/Storage/Database/Database.php(216): SP\Storage\Database\MySQLHandler->getConnection()\n#2 /var/www/html/sysPass/lib/SP/Storage/Database/Database.php(175): SP\Storage\Database\Database->prepareQueryData(Object(SP\Storage\Database\QueryData))\n#3 /var/www/html/sysPass/lib/SP/Repositories/Config/ConfigRepository.php(70): SP\Storage\Database\Database->doQuery(Object(SP\Storage\Database\QueryData))\n#4 /var/www/html/sysPass/lib/SP/Services/Config/ConfigService.php(93): SP\Repositories\Config\ConfigRepository->create(Object(SP\DataModel\ConfigData))\n#5 /var/www/html/sysPass/lib/SP/Services/Install/Installer.php(314): SP\Services\Config\ConfigService->create(Object(SP\DataModel\ConfigData))\n#6 /var/www/html/sysPass/lib/SP/Services/Install/Installer.php(190): SP\Services\Install\Installer->saveMasterPassword()\n#7 /var/www/html/sysPass/lib/SP/Services/Install/Installer.php(99): SP\Services\Install\Installer->install()\n#8 /var/www/html/sysPass/app/modules/web/Controllers/InstallController.php(94): SP\Services\Install\Installer->run(Object(SP\Services\Install\InstallData))\n#9 [internal function]: SP\Modules\Web\Controllers\InstallController->installAction()\n#10 /var/www/html/sysPass/lib/SP/Bootstrap.php(240): call_user_func_array(Array, Array)\n#11 [internal function]: SP\Bootstrap->SP\{closure}(Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)\n#12 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure), Object(Klein\Request), Object(Klein\Response), Object(Klein\ServiceProvider), Object(Klein\App), Object(Klein\Klein), Object(Klein\DataCollection\RouteCollection), Array)\n#13 /var/www/html/sysPass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route), Object(Klein\DataCollection\RouteCollection), Array)\n#14 /var/www/html/sysPass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))\n#15 /var/www/html/sysPass/lib/Base.php(75): SP\Bootstrap::run(Object(DI\Container))\n#16 /var/www/html/sysPass/index.php(28): require('/var/www/html/s...')\n#17 {main}] N/A, referer: https://10.85.73.247/index.php?r=install/index

the user name is syspass for the DB. To the DB from the machine where I running the docker is reachable and I can login with this username and its password.

From the attached log, I see that the username is not same what I configure on the configuration page.

Thanks for your help!
jani

Unable to connect after server crash [default docker-compose]

Hi,

Yesterday our server crashed and now I'm unable to connect to syspass. I have an error similar to #5:

Error 1045: SQLSTATE[HY000] [1045] Access denied for user 'sp_admin'@'syspass-app.syspass_default' (using password: YES)

# docker exec -it syspass-db mysql -e "select user,host from mysql.user;"
+------------------+-----------------------------+
| user             | host                        |
+------------------+-----------------------------+
| root             | 127.0.0.1                   |
| sp_admin          | 172.18.0.3                  |
| root             | 8a582731e3b2                |
| root             | ::1                         |
| sp_ubit          | ed1bbf888e1c                |
| debian-sys-maint | localhost                   |
| root             | localhost                   |
| root             | syspass-app.syspass_default |
+------------------+-----------------------------+

# docker container exec -it syspass-app ping syspass-db
PING syspass-db (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: icmp_seq=0 ttl=64 time=0.095 ms

Everything has been working just fine with the default docker-compose and so not entirely sure what could be causing this issue.

Update
A little more info:

mysql> show grants for 'sp_admin'@'syspass-app.syspass_default';
ERROR 1141 (42000): There is no such grant defined for user 'sp_admin' on host 'syspass-app.syspass_default'

mysql> show grants for 'sp_admin'@'172.18.0.3';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for sp_admin@172.18.0.3                                                                                   |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'sp_admin'@'172.18.0.3' IDENTIFIED BY PASSWORD 'XXXXXX' |
| GRANT ALL PRIVILEGES ON `syspass`.* TO 'sp_admin'@'172.18.0.3'                                                   |
+-----------------------------------------------------------------------------------------------------------------+

da.UTF-8 is not a valid locales

da.UTF-8 is not a valid locales, when da.UTF-8 is in locale.gen file, da.UTF-8 will not be generated, entrypoint.sh shows following error message:

yspass-app |   ca_ES.UTF-8... done
syspass-app |   de_DE.UTF-8... done
syspass-app |   en_GB.UTF-8... done
syspass-app |   en_US.UTF-8... done
syspass-app |   es_ES.UTF-8... done
syspass-app |   fr_FR.UTF-8... done
syspass-app |   nl_NL.UTF-8... done
syspass-app |   pl_PL.UTF-8... done
syspass-app |   pt_BR.UTF-8... done
syspass-app |   ru_RU.UTF-8... done
syspass-app |   da.UTF-8...cannot open locale definition file `da': No such file or directory
syspass-app |  done

In my centos 7.4 box, da.UTF-8 is generated before en_US.UTF-8, so that en_UTF-8 is invalid in system which cause syspass setting tabs not work.

Unable to connect to DB

hi, I'm using docker-compose for starting an application and while installation I'm getting an error:

There is no problem with connectivity between containers, what may cause this error?
Thanks in advance.

root@b7a1f9993a1c:/var/www/html# ping syspass-db -c 2   
PING syspass-db (192.168.208.2) 56(84) bytes of data.
64 bytes from syspass-db.syspass_default (192.168.208.2): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from syspass-db.syspass_default (192.168.208.2): icmp_seq=2 ttl=64 time=0.043 ms

Install to DSM Synology through Docker

sysPass Version
3.1 Docker syspass/syspass

Describe the question
What I'm doing wrong? Can't enter to the server.

Screenshots

Platform (please complete the following information):
Docker on DSM 6.1 Synology NAS

Additional context
Just install it from Docker and run. Try enter to port number 32774 or 32773. Got message from browser: unexpectedly terminated the connection. On version 3.0.5 I got normal begin page with passes for DB, admin and so on - it just don't go farther

syspass-syspass1.zip

Customize Theme

Hello,

is there a way to change the theme running syspass with docker-compose?

Regards

Old Password on Password Change

Hi,

we're running syspass with LDAP Auth. We have the problem that if someone has changed his Password due to password policy on LDAP, you have to enter your old Password on Syspass. So if someone is not using syspass daily, you forget your old LDAP Password.

Is there a possibilty to disable the feature that you have to enter the old Password?

I am referring to this part:

"The user changes either its login password or username. The previous password will be requested."

https://syspass-doc.readthedocs.io/en/3.1/application/encryption.html

Best regards

How to run the container with a non root user?

I created a custom dockerfile. I want to start the container with a non-root user. However, I still couldn't.

Dockerfile

FROM syspass/syspass:3.2.2

# Create the user in a group of the same name and associate the application directory.
RUN groupadd -g 1000 myuser && useradd -r -m -u 1000 -g myuser myuser

USER myuser

Logs:

mycont  | entrypoint: Starting with UID : 9001
mycont  | useradd: Permission denied.
mycont  | useradd: cannot lock /etc/passwd; try again later.
mycont  | entrypoint: Starting with UID : 9001
mycont  | useradd: Permission denied.
mycont  | useradd: cannot lock /etc/passwd; try again later.
mycont  | entrypoint: Starting with UID : 9001

Could you give me a tip on how to run the container with a non-root user?

Docker doesn't connect to remote database

I am trying to setup a docker instance of syspass and then use my old configuration from the non-docker installation (/var/www/syspass/config) as the config folder on the docker app server.

When I start up the server it runs and I can connect to the configured SSL port. But I get the following error:

Error 1045: SQLSTATE[HY000] [1045] Access denied for user 'syspass_user'@'192.168.199.235' (using password: YES)

My docker-compose.yml file: (with the correct indents of course)

version: '2'
services:
  app:
    container_name: syspass-app
    image: nuxsmin/docker-syspass:latest
    restart: always
    ports:
      - "192.168.199.235:8081:80"
      - "192.168.199.235:9081:443"
    volumes:
      - /opt/syspass/config:/var/www/html/sysPass/config
      - /opt/syspass/backup:/var/www/html/sysPass/backup

My config.xml:

<dbHost>192.168.199.251</dbHost>
<dbName>syspass</dbName>
<dbPass>supersecretpw</dbPass>
<dbPort>3306</dbPort>
<dbSocket></dbSocket>
<dbUser>syspass_user</dbUser>

docker containers start in wrong order

After a reboot the dockers container start in the wrong order and Syspass can't access the database.

I believe this can be fixed by simply adding a dependency in the docker-compose file:

app:
  ...
  depends_on:
      - db

HTTPS not working in 3.0

I followed the steps of the docker guide for 3.0 on a fresh install of ubuntu 18.04 server (no apache etc installed)

wget https://raw.githubusercontent.com/nuxsmin/docker-syspass/3.0/sysPass-dev/docker-compose.yml
docker-compose -p syspassdev up -d

After everything was done, i am able to connect via http but https will simple not work.
When i try it, i will receive an "Empty reply from server" message

Security updates from upstream are not applied

I noted that the docker image has not been updated for 4 months, however the parent image has: https://hub.docker.com/_/php?tab=tags&page=1&name=apache-stretch

This is really critical for any production usage since this means upstream security updates are not applied. Could automatic image building upon change be done by configuring repository links?

Docker tags should match syspass release

On the docker hub there are only tags like "latest", "dev" and "3.0-php7.2" but there should be tags matching the specific Syspass releases.

Posible fallo en docker-compose.yml

Hola Ruben,

estaba desplegando syspass con docker-compose y todo bién, pero tras reiniciar el contenedor de la base de datos, mysql no arranca correctamente.
Seguramente sea un fallo de la imagen de mysql. Si lo quieres corregir, con modificar en tu yml y poner "image: mariadb:10.3" ya no ocurre.

Un fuerte abrazo y gracias por tu gran contribución.

nuxsmin / docker-syspass Goto Github PK

docker-syspass's Introduction

About

3.2 release

Production

Development

docker-syspass's People

Contributors

Stargazers

Watchers

Forkers

docker-syspass's Issues

NETWORK ID NAME DRIVER SCOPE 1a996b899403 bridge bridge local fe846508a28d host host local 22a55494622f nginx-proxy bridge local 72192372741a none null local cfbce377fa17 syspass_default bridge local

PING syspass-app (172.18.0.2): 56 data bytes 64 bytes from 172.18.0.2: icmp_seq=0 ttl=64 time=0.128 ms 64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.069 ms

Recommend Projects

Recommend Topics

Recommend Org

Jobs

NETWORK ID NAME DRIVER SCOPE
1a996b899403 bridge bridge local
fe846508a28d host host local
22a55494622f nginx-proxy bridge local
72192372741a none null local
cfbce377fa17 syspass_default bridge local

PING syspass-app (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: icmp_seq=0 ttl=64 time=0.128 ms
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.069 ms