GVMD Service 9390 Start Error

Hello,

Greenbone CE is installed on docker container. I made the necessary adjustments in docker-compose.yml file. you can see below:

name: greenbone-community-edition

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt
    networks:
      - greenbone_net

  notus-data:
    image: registry.community.greenbone.net/community/notus-data
    volumes:
      - notus_data_vol:/mnt
    networks:
      - greenbone_net

  scap-data:
    image: registry.community.greenbone.net/community/scap-data
    volumes:
      - scap_data_vol:/mnt
    networks:
      - greenbone_net

  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data
    volumes:
      - cert_data_vol:/mnt
    networks:
      - greenbone_net

  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data
    networks:
      - greenbone_net

  data-objects:
    image: registry.community.greenbone.net/community/data-objects
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    networks:
      - greenbone_net

 report-formats:
    image: registry.community.greenbone.net/community/report-formats
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects
    networks:
      - greenbone_net

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data
    volumes:
      - gpg_data_vol:/mnt
    networks:
      - greenbone_net

  redis-server:
    image: registry.community.greenbone.net/community/redis-server
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/
    networks:
      - greenbone_net

  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:stable
    restart: on-failure
    ports:
      - "5432:5432"
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql
    networks:
      - greenbone_net

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:stable
    restart: on-failure
    environment:
      - "GVMD_LISTEN=0.0.0.0"
      - "GVMD_PORT=9390"
      - GVMD_POSTGRESQL_USERNAME=gvmd
      - GVMD_POSTGRESQL_PASSWORD=gvmd
    ports:
      - "9390:9390"
    networks:
      - greenbone_net
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully
#    command:
#      - "--listen=0.0.0.0"
#      - "--port=9390"
#      - "--foreground"

  gsa:
    image: registry.community.greenbone.net/community/gsa:stable
    restart: on-failure
    ports:
      - 10.155.101.149:9392:80
    networks:
      - greenbone_net
    volumes:
      - /tmp/gvm/gvmd:/run/gvmd
    depends_on:
      - gvmd

  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log
    networks:
      - greenbone_net

  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully
    networks:
      - greenbone_net

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    environment:
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      - greenbone_net

  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:stable
    restart: always
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    networks:
      - greenbone_net

  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas
    networks:
      - greenbone_net

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:

networks:
  greenbone_net:
    external: true
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.120.0/24
          gateway: 192.168.120.1

But the problem is that I can’t send gvm-cli commands from a different server, they are on the same VLAN. I can ping from my other server and access psql in gvmd.

But the gvmd service is not listening on port 9390. I have tried various methods. I try to start the GVMD service with port 9390 but it won’t start. –listen=666.

gvmd in container ps aux | grep gvmd output:

gvmd 1 0.0 0.0 2576 1560 ? Ss 08:06 0:00 /bin/sh /usr/local/bin/start-gvmd

gvmd 24 1.3 4. 1 498784 331660 ? SL 08:06 0:12 gvmd -f --listen-mode=666

root 277 0.0 0.0 3324 1604 pts/0 S+ 08:22 0:00 grep gvmd 

The output of the sudo ss -tnlp | grep 9390 command I ran on my host:

LISTEN 0 4096 0.0.0.0.0:9390 0.0.0.0.0:* users:(("docker-proxy",pid=185801,fd=7))

LISTEN 0 4096 [:::]:9390 [:::]:* users:(("docker-proxy",pid=185809,fd=7))

Also, the PostgreSQL service is running on my GVMD server, port 5432 is open (accessible from my other server).

Can you help me to open port 9390 to the outside on my server?

Take a look at gvmd/.docker/start-gvmd.sh at main · greenbone/gvmd · GitHub to find out how to adjust the start arguments for gvmd. Btw. if you change gvmd to use TLS you need to adjust the start arguments of gsad too. Otherwise gsad would not be able to communicate with gvmd.

Thanks for your reply. Should I write this in .sh file or in my docker-compose.yml file? I’ve been interested in this setup for a long time and your support is very much appreciated.

I don’t understand how to start it. can you help me in more detail?

When the docker container is started and the command is not overridden it runs the start-gvmd shell script, which is placed in the container image at /usr/local/bin/start-gvmd.

If you look at the start-gvmd.sh file you will see that there is a variable to set the desired start arguments for gvmd. This variable can be set via the environment.

Hi,

I added these lines to the docker-compose.yml in the gvmd section:

environment:
  - GVMD_ARGS=$GVMD_ARGS --port=9390 --listen=0.0.0.0
ports:
  - 9390:9390

But after adding this the gvmd container exited with the message:

 No scap data available

What is the correct way to enable remote access to gvmd ?

The error message was not correct in my previous post. This is the relevant part of docker logs:

md main:MESSAGE:2025-04-22 16h46.56 utc:25: Greenbone Vulnerability Manager version 25.2.1 (DB revision 259)
md manage: INFO:2025-04-22 16h46.56 utc:25: Modifying setting.
md manage:MESSAGE:2025-04-22 16h46.56 utc:25: No SCAP database found

Just to give an update on this topic. I can run the gvmd -p 9390 -a 0.0.0.0 command without a problem from a command line in the gvmd container.
gvmd is reachable and reacts on all the remote commands I am sending.
When gvmd is started via the entrypoint /usr/local/bin/start-gvm.sh gvmd stops after a short time.
Maybe some changes to start-gvm.sh fix the problem.

Without knowing what you are trying to do exactly I can’t say anything about this.

i had the same problem. i couldn’t start it from greenbone’s management port (9390) and using the gvmd service. i was thinking of using it with my inventory system in my organization. but i have been trying for months and it is not working. unfortunately, the gvmd service cannot be started from port 9390 in a healthy way. It either restarts continuously or gives postgresql error (with role ‘root’ doesn’t found error, even though I created it).
For this reason, we did not find it suitable for use in the organization. We wanted it to work more efficiently and healthier, with minimal need for support.

Some points to remark:

1. The TLS mode for gvmd (and gsad) is not tested nor developed in any regard. It’s just available for historical reasons.
2. If you want to adjust the starting parameters of gvmd with the community containers you have to set the $GVMD_ARGS environment variable for the gvmd container (and don’t forget to adjust the arguments for gsad in the gsa container too).
3. If you need a reliable remote setup with minimal need for support and without having to fiddle with arguments and setup issues, please take a look at our products.

Sorry if my intention is unclear. What I have tried to do is to run gvmd in a manner that allows remote access. I have set GVMD_ARGS to “-a 0.0.0.0 -p 9390” in the environment section of the compose file.

When I do so the gvmd starts and after a few seconds terminates. When I run gvmd manually from the command line it works as expected.

Very sad to hear this. The remote control feature is my top reason for using openvas. I hope it will work in future releases.

This is not enough for running in TLS mode within the container. For the container it is required that gvmd stays in foreground. Otherwise it will use the daemon mode, which forks and shuts down the starting process. When the starting process exits the container exits too.

Therefore please use GVMD_ARGS: "-a 0.0.0.0 -p 9390 -f" and don’t forget to setup the certificate chain.

-f does the trick. Thanks a lot !

In which file did you make the change here? Can you help me if port 9390 works?

Hi,

I made two changes to the docker-compose.yaml. I added environment: and ports:.
This worked for me. Hope it helps!

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:stable
    environment:
      - GVMD_ARGS=-f -p 9390 -a 0.0.0.0
    ports:
      - 9390:9390 

hi, can you share the docker-compose.yml file with me? When I modify the file, I can’t login from the interface and the gvmd service keeps restarting.

Hi,

of course no problem. Here is my compose file.

Keep in mind that your certificates needs to be created.
You could try to set set an additional environment variable named GVMD_CERTS to true.

GVMD_CERTS=true

This will trigger certificate generation when the container starts.

name: greenbone-community-edition

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: registry.community.greenbone.net/community/notus-data
    volumes:
      - notus_data_vol:/mnt

  scap-data:
    image: registry.community.greenbone.net/community/scap-data
    volumes:
      - scap_data_vol:/mnt

  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data
    volumes:
      - cert_data_vol:/mnt

  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data

  data-objects:
    image: registry.community.greenbone.net/community/data-objects
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt

  report-formats:
    image: registry.community.greenbone.net/community/report-formats
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: registry.community.greenbone.net/community/redis-server
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/

  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:stable
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:stable
    environment:
      - GVMD_ARGS=-f -p 9390 -a 0.0.0.0
    ports:
      - 9390:9390      
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully

  # Sets log level of openvas to the set LOG_LEVEL within the env
  # and changes log output to /var/log/openvas instead /var/log/gvm
  # to reduce likelyhood of unwanted log interferences
  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

  # shows logs of openvas
  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    environment:
      # `service_notus` is set to disable everything but notus,
      # if you want to utilize openvasd directly, remove `OPENVASD_MODE`
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    # enable port forwarding when you want to use the http api from your host machine
    # ports:
    #   - 127.0.0.1:3000:80
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:stable
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:

Hi,

if the file worked for you please set the Topic to solved. If not let me know.