Faraday-Server does not start up with HTTPS（kali-linux)

naporitann1 commented 9 months ago

Hello.I am a beginner and also use translations, so please forgive me if my writing is poor. I have built the nginx setup according to the official instructions, but the server is still only running at http. Looking at the output of the "faraday-server" run, it does not appear to be running through nginx to begin with. Also, the configuration file generated by "generate-nginx-config" pointed to a directory as root that did not exist, at least in my environment, so I specified www, which was the only one in my environment, but now it starts with https, but login fails (When I click on the login button, it posts to a non-existent page called /usr/share/faraday/server/www/_api/login). What did I do wrong?

Version

Faraday v4.6.0

Description: Kali GNU/Linux Rolling Release: 2023.3

Debug TraceBack

/usr/lib/python3/dist-packages/flask_limiter/extension.py:293: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend. warnings.warn( 2023-10-05T19:07:06+0900 - alembic.runtime.migration - INFO {MainThread} [pid:2385751] [migration.py:204 - init()] Context impl PostgresqlImpl. 2023-10-05T19:07:06+0900 - alembic.runtime.migration - INFO {MainThread} [pid:2385751] [migration.py:207 - init()] Will assume transactional DDL. 2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:90 - init()] Starting web server at http://192.168.1.1:5985/ 2023-10-05T19:07:06+0900 - faraday.server.threads.reports_processor - INFO {ReportsManager-Thread} [pid:2385751] [reports_processor.py:123 - run()] Reports Manager Thread [Start] 2023-10-05T19:07:06+0900 - faraday.server.threads.ping_home - INFO {PingHomeThread} [pid:2385751] [ping_home.py:28 - run()] Ping Home Thread [Start] 2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:162 - run()] Starting webserver with 4 threads. 2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:111 - __build_websockets_resource()] Starting websocket server at port 9000 with bind address 192.168.1.1. 2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:172 - run()] Faraday Server is ready 2023-10-05T19:07:07+0900 - faraday.server.threads.ping_home - ERROR {PingHomeThread} [pid:2385751] [ping_home.py:38 - run()] HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)')) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 174, in _new_conn conn = connection.create_connection( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 96, in create_connection raise err File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 86, in create_connection sock.connect(sa) TimeoutError: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 715, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1056, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 363, in connect self.sock = conn = self._new_conn() ^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 179, in _new_conn raise ConnectTimeoutError( urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)')

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 799, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/faraday/server/threads/ping_home.py", line 31, in run res = requests.get(HOME_URL, params={'version': faraday.version, 'key': 'white'}, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/api.py", line 73, in get return request("get", url, params=params, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/api.py", line 59, in request return session.request(method=method, url=url, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request resp = self.send(prep, send_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send r = adapter.send(request, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/adapters.py", line 507, in send raise ConnectTimeout(e, request=request) requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)')) 2023-10-05T19:07:07+0900 - faraday.server.threads.ping_home - WARNING {PingHomeThread} [pid:2385751] [ping_home.py:39 - run()] Can't connect to portal...

generated nginx Configfile

server { server_name 192.168.1.1; listen 443 ssl http2; listen [::]:443 ssl http2;

client_max_body_size 150M;

ssl on;
ssl_session_cache shared:SSL:50m;
ssl_certificate           /etc/ssl/faraday.crt;
ssl_certificate_key       /etc/ssl/faraday.key;

#root /opt/faraday/lib/python3.11/site-packages/faraday/server/www;
**_root /usr/share/faraday/server/www;_**
index index.html index.htm;

location / {
    try_files $uri $uri/ /index.html;
}

location /_api/ {
    proxy_pass http://localhost:5985/_api/;
    proxy_redirect http:// $scheme://;
    proxy_read_timeout 300;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location /websockets {
    proxy_http_version 1.1;
    proxy_pass http://localhost:9000/websockets;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

}

server { server_name 192.168.1.1; listen 80 ;

# https redirect
if ($host = 192.168.1.1) {
    return 301 https://$host$request_uri;
}

return 404;

}

server.ini

[faraday_server] port = 5985 bind_address = 192.168.1.1 websocket_port = 9000 debug = false session_timeout = 12 api_token_expiration = 43200 secret_key = xxxxx agent_registrationsecret = xxxxx SSL_KEY = /etc/ssl/faraday.key_ _SSLCERT = /etc/ssl/faraday.crt

[logger] use_rfc5424_formatter = false

[storage] path = /home/kali/.faraday/storage

[ssl] port = 6985 certificate = /etc/ssl/faraday.crt keyfile = /etc/ssl/faraday.key

Operating System

└─$ lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2023.3 Codename: kali-rolling

ezk06eer commented 9 months ago

@naporitann1 hi, nice to hear from you, so, faraday has a guide to spin it up with nginx, you could find it in Faraday Docs so if you are going to use nginx, first of all you should point all the locations to 127.0.0.1

Server ini should be:

[faraday_server]
port = 5985
bind_address = localhost 
debug = false
session_timeout = 12
api_token_expiration = 43200
secret_key = #dont change the value that is here
agent_registration_secret =  #dont change the value that is here

[logo]

[logger]
use_rfc5424_formatter = false

[limiter]
enabled = True
login_limit = 10/minutes

[storage]
path = /Users/faraday/.faraday/storage

[database]
connection_string = postgresql+psycopg2://faraday_postgresql:sqwtSlDZddH7mzYvW9kf3nWZ9@localhost/faraday

nginx config:

Same as yours.

Check nginx config: nginx -t

Start nginx service sudo systemctl start nginx

please remove the "SSL" section that you see in server.ini, it shouldnt be there.

Cheers!

naporitann1 commented 9 months ago

Hello! Thank you for answering my question. I set it up just like you said and it worked like a lie until now! It really helped me a lot.

infobyte / faraday