cant get into velociraptor web interface and getting "This site can’t be reached"

[NKXK26]

Hi creator of velociraptor, I am learning velociraptor for digital forensic. I have an issue which is i keep getting "This site can’t be reached" when typing "myipaddress:8889".

I followed the steps here https://www.atlantic.net/dedicated-server-hosting/how-to-install-and-configure-velociraptor-on-ubuntu/#conclusion

I can see my velociraptor is running after running systemctl status velociraptor, and change "bind_address" in nano /etc/velociraptor.config.yaml to my ip. What could be causing this issue, please help me. Thank you!

[scudette]

Please follow the troubleshooting steps https://docs.velociraptor.app/docs/deployment/troubleshooting/

[NKXK26]

Hi thank you for the reply, i have change my file permission to velociraptor.

• i also try curl ipaddress:8889 and i get "Client sent an HTTP request to an HTTPS server."
• i also check netstat -ltpnd and i saw ipaddress:8889 is present
• i check status velociraptor and is running

• ● velociraptor.service - Velociraptor linux amd64 Loaded: loaded (/usr/lib/systemd/system/velociraptor.service; enabled; preset: disabled) Active: active (running) since Sat 2024-07-13 18:04:50 +08; 4min 11s ago Main PID: 2251 (velociraptor) Tasks: 15 (limit: 53197) Memory: 67.0M CPU: 2.973s CGroup: /system.slice/velociraptor.service ├─2251 /opt/velociraptor/velociraptor --config /etc/velociraptor.config.yaml frontend -v └─2255 /opt/velociraptor/velociraptor --config /etc/velociraptor.config.yaml frontend -v Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Starting Server Artifact Runner Service for Root Org Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Converting legacy client index to new format Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z CryptoServerManager: Watching for events from Server.Internal.ClientDelete Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Throttling connections to 100 QPS Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Starting gRPC API server on 127.0.0.1:8002 Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Launched Prometheus monitoring server on 127.0.0.1:8003 Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z GUI will use the Basic authenticator Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z GUI is ready to handle TLS requests on https://ipaddress:8889/ Jul 13 18:04:54 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:04:54Z Frontend is ready to handle client TLS requests at https://ipaddress:8000/ Jul 13 18:05:05 vb7.myguest.virtualbox.org velociraptor[2251]: [INFO] 2024-07-13T10:05:05Z Compiled all artifacts.

i am really confused now, what should i do. Please help me.

[scudette]

By default the GUI only listens on 127.0.0.1 for self signed certs .you need to change the bind address to 0.0.0.0 if you want to expose it externally.

[NKXK26]

i would like to use my own ipaddress:8889, i not sure which ip adress should i change inside server.config.yaml

[scudette]

https://docs.velociraptor.app/docs/deployment/references/#GUI.bind_address

https://docs.velociraptor.app/docs/deployment/self-signed/#self-signed-certificates

[NKXK26]

[INFO] 2024-07-13T11:45:03Z CryptoServerManager: Watching for events from Server.Internal.ClientDelete [INFO] 2024-07-13T11:45:03Z Throttling connections to 100 QPS [INFO] 2024-07-13T11:45:03Z Starting gRPC API server on 127.0.0.1:8001 [INFO] 2024-07-13T11:45:03Z Launched Prometheus monitoring server on 127.0.0.1:8003 [INFO] 2024-07-13T11:45:03Z Compiled all artifacts. [INFO] 2024-07-13T11:45:03Z GUI will use the Basic authenticator [INFO] 2024-07-13T11:45:03Z GUI is ready to handle TLS requests on https://127.0.0.1:8889/ [INFO] 2024-07-13T11:45:03Z Frontend is ready to handle client TLS requests at https://localhost:8000/ i literally see that gui is ready to handle , but i just cannot get inside.....

[scudette]

Please read the reference above from the docs:

Self-signed SSL certificates trigger SSL warnings in all web browsers. When accessing the Admin GUI you will receive a certificate warning about the possibility of a MITM attack.

As a precaution, Velociraptor only exports the GUI port on the loopback interface. You may change the GUI.bind_address setting to “0.0.0.0” to receive external connections on this port, but this is not recommended. Instead, you should use SSH tunneling to connect to the local loopback interface.