Nginx.conf, gsad, docker

C1ph3R-s · February 19, 2021, 5:54pm

Dear all,

I use GVM 20.8.1 in docker container.
I would like to use it with nginx, but the nginx.conf file is on my server and it is not in the container.
Currently gsad creates https so I would like to modify it to http and redirect it to my nginx.
Unfortunately I had no luck with this solution: GSAD Nginx reverse proxy

So, have somebody a resolution for it?

Thanks,

Lukas · February 20, 2021, 2:25pm

That is not possible and GSA is not designed for that. So you have for forward the full port. Due to the fact that GSA is generating the content dynamically you need to patch the GSA for that to re-write the base path … but the security for GSA is based on using GSA as dynamic webserver.

C1ph3R-s · February 20, 2021, 7:39pm

Thanks Lukas, how do you main that? " So you have for forward the full port. "

Lukas · February 21, 2021, 1:09pm

Just the TCP port 443 … that´s it.

C1ph3R-s · February 21, 2021, 9:37pm

ok, I understood Lukas, but I would like to use my own certs with my own domain name, unfortunately as far as I know, in this case I can not use nginx to define these for me, or could I?

So when I want to expose my docker container ports like this;
docker run --detach --publish 8080:9392 --publish 5432:5432 --publish 2222:22
the GVM will listen on 8080/https, and nginx can not forward the 8080/https to 443/https with my certs and my domain name.

Do you have any idea for that?

Thanks,

Lukas · February 21, 2021, 10:22pm

Why don´t you install your certificates with GSA ? It does support any certificates. I don´t know about the ports, it seems you use a uncoordinated integration that is not using any standard ports like we do.

C1ph3R-s · February 23, 2021, 10:02am

GSA not use my certs, I have add these as cert for GSA but when I have run openssl, cert still same.

Lukas · February 23, 2021, 10:26am

You just need to put your certificate as argument to the GSAD.

–help will give you the options:

-k, --ssl-private-key= Use as the private key for HTTPS
-c, --ssl-certificate= Use as the certificate for HTTPS

C1ph3R-s · February 23, 2021, 11:09am

Thanks Lukas, I know.
That is what I have exactly did, but unfortunately certs did not change.

Lukas · February 23, 2021, 11:11am

Maybe some scripts are messed up and start with the wrong certs. How do you start gsad ? You might wanna do it manually and check if this is working and then debug your startup magic to fix the broken magic.