How to access gvmd via TLS over TCP from External Inventory System?

Hi everyone,

I’m working with Greenbone Community Edition deployed via Docker on an Ubuntu 24.04 virtual machine. I followed the official Docker setup and successfully accessed the GSA web interface over port 9392.

Now, I want to automate scan task creation from an external inventory management system located on a different server. To do that, I need to access gvmd via TCP over port 9390 using GMP.

Here’s what I tried:
• I enabled port 9390 in docker-compose.yml and mapped it to 0.0.0.0:9390.
• Inside the container, I verified that gvmd listens on UNIX domain socket, but not on TCP.
• I attempted to start gvmd manually with the following options:

gvmd --listen=0.0.0.0 --port=9390 \
     --cert=/etc/gvm/certs/server-cert.pem \
     --key=/etc/gvm/certs/server-key.pem \
     --ca-cert=/etc/gvm/certs/cacert.pem

However, I received this error:

gvmd: g_option_context_parse: Unknown option --cert=/etc/gvm/certs/server-cert.pem

It seems that gvmd does not support TLS options via command line, and maybe even doesn’t support listening on a TCP port directly anymore.

My question is:

What is the recommended way to allow external systems to connect to gvmd via GMP over TCP+TLS?

• Should I use a proxy such as stunnel to wrap the UNIX domain socket in TLS?

• Or is there an official or documented method to configure gvmd for secure remote access?

Thanks in advance for your guidance — I’d really like to follow best practices here and make sure the integration is secure and aligned with the Greenbone ecosystem.

Summary of What I Have Done So Far:

• Deployed Greenbone Community Edition via Docker on an Ubuntu 24.04 VM.

• Accessed GSA (web UI) successfully over port 9392.

• Wanted to create scan tasks from an external inventory system over GMP (TCP+TLS, port 9390).

• Exposed port 9390 in Docker (0.0.0.0:9390), and confirmed the container allows access from outside.

• Created TLS certificates (CA, server cert, server key) and placed them inside the container.

• Tried launching gvmd with --listen, --port, and --cert options.

• Got repeated crashes and the following error in logs:

gvmd: g_option_context_parse: Unknown option --cert=/...

Realized gvmd doesn’t seem to support direct TLS over TCP.