Dexus
commented
2 years ago This is nothing you have to do with the docker image... you need to specify your services and ports for it.
Closed ksg1998 closed 2 years ago
Dexus
commented
2 years ago This is nothing you have to do with the docker image... you need to specify your services and ports for it.
ksg1998
commented
2 years ago @Dexus Ohh okay because in this image mikesplain/openvas there was an option to specify the public hostname as an environment variable only after which I was able to successfully login.
Let me explain it with a bit more context. My gvm webui is accessible on a public ip address x.x.x.x (port 9392) . Now when i hit the url x.x.x.x:9392. It does take me to the login page so far so good. But then once I give the correct login credentials the login page just reloads back.
The same thing using a kubectl port-forward (and exposing the service on port 9392 locally) would mean that the webui will be accessible on localhost:9392. In this case I am able to login successfully.
Even using the other docker image I did face this issue but setting the public_hostname solved this problem.
Is there some way to do the same here as well?
Dexus
commented
2 years ago Ok, now I understand the problem:
https://github.com/mikesplain/openvas-docker/blob/master/9/Dockerfile#L526
Yes , that can be supported. But I think this would be better to do it by hand for now, until one of us had the time to add the support.
You need to overwrite the supervisor.conf in /etc/ with your custom settings (need to add the --allow-header-host=<<PUBLIC_HOSTNAME>>) and start the container or you can do it live and after change the config file in the container run supervisorctl reread ; supervisorctl update
ksg1998
commented
2 years ago Got it was just looking at the supervisor.conf and this should work. Will try and confirm if this works.
ksg1998
commented
2 years ago @Dexus
command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392 --allow-header-host =<
This is the change I made to the supervisord.conf file.
But I am getting this error on startup of the service
(gsad:688): gsad main-CRITICAL **: 09:50:43.583: main: Unknown option --allow-header-host
Dexus
commented
2 years ago I this case look to the man page : https://github.com/greenbone/gsa/blob/master/gsad/doc/gsad.8 maybe you have to use the cors parameters. The allow-header-host is removed.
Only for you information, we only support this container not the product itself. So If you need any additional "config" help, please ask on the products at greenbone repos and community.
Hi
Is there a way to define a hostname at which the webu UI can be accessed? I am trying to setup OpenVAS on my kubernetes cluster and using an ingress to map a hostname to my openvas service. It is working fine on my local machine when I hit localhost:8080. But since I have an ingress which also being controlled by kong I am not able to access the page. Basically instead of hitting localhost want to access my web ui with an address like "openvas.com" . Is this supported? Even an external IP isn't working. Am i missing some configuration?
A similar setup using a different openvas docker image works perfectly.