Use opencve with proxy on same machine

opencve / opencve

CVE Alerting Platform

https://www.opencve.io

Other

1.77k stars 216 forks source link

Use opencve with proxy on same machine #212

Open HenriBom opened 2 years ago

HenriBom commented 2 years ago

Hello,

I would like to install opencve on my localhost and use expose it on my public IP address. Here what I did so far :

I changed the opencve.cfg and set the server_name parameter to a port of my localhost. (ex : 127.0.0.1:8080)
I bind opencve on this port (ex : opencve webserver -b 127.0.0.1:8080)
I set an nginx proxy to forward any request on <ip>:80 to opencve (ex : 127.0.0.1:8080)
I set a postfix smtp service and set the params in opencve.cfg

As a result almost everything worked. Unfortunately, I have a problem with the urls inside the mails from opencve. The urls use the conf set from server_name. In my case the urls in the mails from opencve redirect to 127.0.0.1:8080.

Is it possible to configure opencve in order to change the urls in the mails to the one from my proxy ? Is there another way to use opencve with a proxy set on the same machine ?

ncrocfer commented 2 years ago

Some issues already exist, you can try them:

HenriBom commented 2 years ago

Yes, I've tried the solution on those two issues (setting the use_reverse_proxy to true and setting the proxy_set_header) but it didn't worked.

when server_name is set to localhost:8080 everything works (but not the urls in the mails) :

when server_name is set to <ip>:443 the content is not loaded :

(for those example I have set my nginx and the opencve.cfg with the parameters above.) I might get something wrong but I can't figure out what :thinking:

ncrocfer commented 2 years ago

So if it didn't work I will be unable to help you. I let this issue opened if anyone else has the solution.

HenriBom commented 2 years ago

If it can help, i've also tried to curl from my server to be sure that the problem wasn't from my nginx conf. When opencve is bind on the localhost and the server_name has the same configuration :

curl http://127.0.0.1:8080/static/img/favicon.ico
Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.

As above it works. When opencve is bind on localhost and server_name is set with the fqdn ip (or any other ip) :

curl http://127.0.0.1:8080/static/img/favicon.ico
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>404 Not Found - OpenCVE</title>
    ...