Docker manual HTTPS configuration
If you are changing your domain from HTTP to HTTPS, you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account.
Pro tips: In order to download their recovery kit, users can follow this dedicated guide
Requirements
HTTPS configuration
You need to bind-mount your certificates inside passbolt container to use them.
Create a certs folder and put your certificates there:
mkdir certs
mv /path/to/your/certificate.crt certs/cert.pem
mv /path/to/your/certificate.key certs/key.pem
The bind-mount configuration will differ depending which passbolt image you are using.
Standard images
If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped:
version: '3.7'
services:
db:
...
passbolt:
...
volumes:
...
- ./certs/cert.pem:/etc/ssl/certs/certificate.crt:ro
- ./certs/key.pem:/etc/ssl/certs/certificate.key:ro
ports:
- 80:80
- 443:443
Ensure your APP_FULL_BASE_URL environment variable starts with https://
Non-root images
If you are using non-root images, tagged as non-root, the bind-mount path will be different as well as port mapping:
version: '3.7'
services:
db:
...
passbolt:
...
volumes:
...
- ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
- ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro
ports:
- 80:8080
- 443:4433
Like standard images, ensure your APP_FULL_BASE_URL environment variable starts with https://