Closed rassie closed 6 years ago
As a work-around, I added --allowed-header-host=MY.IP.ADDRESS
to the daemon args and started OpenVAS again. This lets one get up and running to at least start scanning.
docker exec -it openvas bash
apt update && apt install -y vim
vim /etc/init.d/openvas-gsa
Add your custom host or public-facing IP by changing this line:
DAEMON_ARGS="--mlisten 127.0.0.1 -m 9390 --gnuu tls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1..0"
To something like this:
DAEMON_ARGS="--mlisten 127.0.0.1 -m 9390 --allow-header-host=MY.PUBLIC.IP --gnuu tls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1..0"
Then run that start command again:
./start &
An easier workaround is defining a variable like I did above and restarting gsad
with /etc/init.d/openvas-gsa restart
. But it's manual work :(
I installed today and modified /etc/default/openvas-gsa
ALLOW_HEADER_HOST=my public IP
I rebooted and it works now.
There is a new option in town: https://github.com/greenbone/gsa/pull/318. Apparently, it needs to be set to the actual hostname the container is getting accessed with. There is currently no way to do that: even when trying to hack environment variables (e.g. setting
LISTEN_ADDRESS
to0.0.0.0 --allowed-header-host=my.example.com
) those settings are overridden byservice
command.(that also means that overriding those variables in
/etc/default/openvas-gsa
is not possible)