How-to SSL for container gsa

[andreas-p]

Strictly speaking not a bug (unless you find non-secured communication to a security solution faulty ;-) but a proposal to enrich the docs.

There are quite some questions in the forum how to enable SSL with GSA. For the community docs, the answer is "when it's not documented, it's not there", "you need to build your own container".

Luckily, the gsa start script already accepts an environment variable. Here's my solution, working with the existing containers:

• bake the certificate, and place them in /etc/ssl/gsa/gsa.crt and /etc/ssl/gsa/gsa.key
• chown -r 1001 /etc/ssl/gsa
• modify docker-compose.yaml:

  gsa:
  image: greenbone/gsa:${GSA_TAG}
  container_name: gsa
  environment:
    GSAD_ARGS: --ssl-private-key=/cert/gsa.key --ssl-certificate=/cert/gsa.crt
  ports:
    - 9392:443
  volumes:
    - gvmd_socket_vol:/run/gvmd
    - /etc/ssl/gsa:/cert:ro
  depends_on:
    - gvmd

[bjoernricks]

Hi @andreas-p,

feel free to provide a PR for the workflows section. It's just a markdown file. Without a PR from the community this wont be added and I am going to close the issue.