21.4.4 url only reachable through 9392

Hi,
i am running gvm version 21.4.4.
After the setup i added ssl certificates in order to communicate gvm over https.
But gvm is only reachable if i give the whole URL + port e.g. “https://gvm.subdomain.de:9392
So it speaks https over 9392, but is there a way to reach the url without giving the portnumber?

best regards

Hi @alessio,

if you are running it on a Linux machine, you can achieve it by managing incoming traffic to port 443 through Nginx proxy to default port 9392.

More info like NGINX Reverse Proxy | NGINX Plus

1 Like

Hi,
ah okay thanks, can do that. I just thought since gvm is running on nginx, there already may be a config which i can modify?

Found this old configuration I used for OpenVAS 9 or whatever it was. You may use this and re-configure to set up the reverse proxy to work with GVM 21.04 you probably have to adjust it some tho.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name openvas.example.com;

    allow 127.0.0.1;
    allow VPN_IP;
    deny all;

    ssl_certificate /etc/nginx/ssl/openvas.example.com/500232/server.crt;
    ssl_certificate_key /etc/nginx/ssl/openvas.example.com/500232/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    include conf/openvas.example.com/server/*;

    location / {
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   REMOTE_HOST      $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-FORWARDED-PROTOCOL $scheme;  
        proxy_pass https://127.0.0.1:9392;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/openvas.example.com-error.log error;

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
2 Likes

Hi,

seems to be a good option, in config is missing a forced rewrite when you call port 80, but basically, it should work.

1 Like