SSL certificate

[sergeymeleschenko]

Please let me know how to configure SSL with my own certificate. Do you have a manual? Now in container SSL cert is valid for 31.03.2023.

[immauss]

The simplest way is to use bind mounts with the container. In short, you would use something like:

-v /path/to/my/cert/file:/data/path/in/the/container/to/cert/file 

when you start the container.

Unfortunately, this is not really "simple" or easy to maintain. Since the goal here is to have an easy to maintain simple and functional container, I haven't really gone down that rabbit hole. The simplest method, is to use the reverse proxy. I did build some scripts to create a reverse-proxy with nginx that uses let's encrypt certs. You can find it here:

https://github.com/immauss/rev-prox

Don't get me wrong, I know this is possible, and I know I could get it there, I just haven't hat the cycles to get the bits in.

The rev-prox was quick hack/work-around ...

Thanks, Scott

[sergeymeleschenko]

How can I use docker container with 443 port with self-signed inside SSL certificate? Redirect 443:9392 doesn't work and doesn't respond.

[sergeymeleschenko]

@immauss How can I use docker container with 443 port with self-signed inside SSL certificate? Redirect 443:9392 doesn't work and doesn't respond.

[immauss]

How are you starting the container? You should be able to add the option:

-e HTTPS=true

This will give you the self signed cert. Then change the redirect 443:9392 and you should get it.

Sorry for the long delay...

-Scott

[sergeymeleschenko]

Thanks. It works. But the certificate is out of date. How can I update it inside the container? or add my cert to container

[immauss]

WOW! Thank you!

On looking into this, I realized the scripts to update the image with the latest data from Greenbone was also dragging along the certs. So while my startup scripts are creating new certs on container start, the tar comes along afterwards and replaces them with old out of date self-signed certs.

I update the refresh script to exclude the directories with the certificates as well as modified how the startup scripts check the certs. Now, if the self signed cert is ever out of date again, it will automagically be replaced.

This change is now live in the latest image and 22.4.13.

Thanks, Scott

[sergeymeleschenko]

Great. Thanks. But I deployed with docker-compose.yaml.

version: "3" services: openvas: ports:

• "443:9392" environment:
• "PASSWORD=admin"
• "USERNAME=admin"

  - "RELAYHOST=172.17.0.1"

• "SMTPPORT=25"
• "REDISDBS=512" # number of Redis DBs to use
• "QUIET=false" # dump feed sync noise to /dev/null
• "NEWDB=false" # only use this for creating a blank DB
• "SKIPSYNC=true" # Skips the feed sync on startup.
• "RESTORE=false" # This probably not be used from compose... see docs.
• "DEBUG=false" # This will cause the container to stop and not actually start gvmd
• "HTTPS=true" # wether to use HTTPS or not volumes:
• "openvas:/data" container_name: openvas image: immauss/openvas restart: unless-stopped volumes: openvas:

How can I update to the latest version without data loss ?