search

mitre-attack / attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices
https://mitre-attack.github.io/attack-navigator
Apache License 2.0
1.98k stars 585 forks source link

Local Install SSL Question #544

Closed tamenzel closed 8 months ago

tamenzel commented 1 year ago

I have installed navigator on a system. Rather than connect on HTTP, I would like to use HTTPS. Is this possible with navigator? I have searched for documentation on this but cannot find where the certs need to be installed in the navigator directories and what changes need to be made to enable this. Any info would be appreciated.

Thank You

seansica commented 8 months ago

Hi @tamenzel, apologies for the long delay.

Yes, it is possible. There are a number of approaches you can take.

Today, the Navigator app is built and served using the Angular CLI. The easiest solution would be to leverage the Angular CLI's built-in web server (ng serve) because it implements built-in support for SSL out-of-the-box. All you’ll need to do is to provide an SSL certificate and specify three flags.

ng serve --ssl \
  --ssl-cert "ssl/localhost.crt" \
  --ssl-key "ssl/localhost.key"

Alternatively, you can build/compile the application (ng build) and serve it from your preferred CDN or web server. Some examples include GH Pages and Nginx. Each solution will specify their own way of enabling SSL/HTTPS.

You can also modify the provided Dockerfile to serve over SSL. For example:

COPY localhost.key /src/ssl/localhost.key
COPY localhost.crt /src/ssl/localhost.crt

CMD ng serve --ssl \
  --ssl-cert "ssl/localhost.crt" \
  --ssl-key "ssl/localhost.key"

Hope this helps!

qbolbk59 commented 2 months ago

Hi @seansica ,

I tried doing this but unfortunately it's not working for me. I get ERR_SSL_PROTOCOL_ERROR in the browser. Tried to look for more detailed error, but all i can see is that the SSL/TLS protocols are disabled and the Certificate is unable to be parsed. The Cert is from a 3rd party signed cert, so it's a trusted Cert.

Not sure where the problem is. Could you please help me in this ?

Version: 2.1.2
OpenSSL 3.0.13 30 Jan 2024

Connected to 127.0.0.1

Testing SSL server localhost on port 4200 using SNI name localhost

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   disabled
TLSv1.3   disabled

  TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
OpenSSL version does not support compression
Rebuild with zlib1g-dev package for zlib support

  Heartbleed:

  Supported Server Cipher(s):
    Unable to parse certificate
    Unable to parse certificate
    Unable to parse certificate
    Unable to parse certificate
Certificate information cannot be retrieved.
seansica commented 2 months ago

Hi @qbolbk59 ,

Sorry to hear you're still having trouble.

I tested ng serve --ssl myself and verified that it works:

> ng serve --ssl

Node.js version v21.7.2 detected.
Odd numbered Node.js versions will not enter LTS status and should not be used for production. For more information, please see https://nodejs.org/en/about/releases/.
? Would you like to share pseudonymous usage data about this project with the Angular Team
at Google under Google's Privacy Policy at https://policies.google.com/privacy. For more
details and how to change this setting, see https://angular.io/analytics. No
Global setting: not set
Local setting: disabled
Effective status: disabled
⠹ Generating browser application bundles (phase: setup)...Processing legacy "View Engine" libraries:
- ngx-smart-popover [es2015/esm2015] (git+https://github.com/lsqlabs/ngx-smart-popover.git)
Encourage the library authors to publish an Ivy distribution.
✔ Browser application bundle generation complete.

Initial Chunk Files   | Names         |  Raw Size
vendor.js             | vendor        |   9.25 MB |
scripts.js            | scripts       |   1.79 MB |
main.js               | main          |   1.50 MB |
polyfills.js          | polyfills     | 836.10 kB |
styles.css, styles.js | styles        | 323.73 kB |
runtime.js            | runtime       |   7.19 kB |

                      | Initial Total |  13.69 MB

Build at: 2024-07-22T14:57:25.685Z - Hash: 445aafb4cfbeeb78 - Time: 12920ms

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/core/function/typed.js depends on 'typed-function'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/function/probability/util/seededRNG.js depends on 'seedrandom'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/function/relational/compareNatural.js depends on 'javascript-natural-sort'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/type/complex/Complex.js depends on 'complex.js'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/utils/emitter.js depends on 'tiny-emitter'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/node_modules/mathjs/lib/esm/utils/latex.js depends on 'escape-latex'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/src/app/app.module.ts depends on 'rxjs/add/operator/map'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/src/app/classes/gradient.ts depends on 'tinygradient'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/src/app/services/data.service.ts depends on 'buffer'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/src/app/services/data.service.ts depends on 'rxjs/Rx'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Warning: /Users/ssica/Development/attack/attack-navigator/nav-app/src/app/services/data.service.ts depends on 'rxjs/observable/fromPromise'. CommonJS or AMD dependencies can cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

** Angular Live Development Server is listening on localhost:4200, **open your browser on https://localhost:4200/** **

Check out https://angular.dev/cli/serve#Options for more details on using ng serve

Unfortunately I can't help you troubleshoot localized issues. You will be better served consulting an Angular community if the issue you're experiencing is not system or user error.

Good luck, Sean