Http redirect to https


im trying to get the GSA Webfrontend to autmaticly redirect from IP.IP.IP.IP to https://IP.IP.IP.IP:9390

with an normal apache its not an problem, but with the gsa i dont understand how i should do that…

i already changed this in the gsad file in /etc/default/gsad

# The address the Greenbone Security Assistant daemon will listen on.
# The port the Greenbone Security Assistant daemon will listen on.
# Should HTTP get redirected to HTTPS
# If $GSA_REDIRECT_PORT is not set it will redirect port 80.
# Redirect HTTP from this port to $GSA_PORT
# For this being effective $GSA_REDIRECT has to be set to 1.


but that change nothing…

Kind regards,

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1
gvm-tools: 2.0.0.beta1

Environment Greenbone Server

**Operating system: Ubuntu Server 18.4
**Kernel: 4.15.0-58-generic
**Installation method / source: Github

Please ask the maintainer of your start script/default file/systemd unit file how this is supposed to work. The mentioned file isn’t provided by Greenbone.

Okay… and when its not provided by Greenbone… How is it possible to redirec from http to https like i want it? o.o

Use any HTTP Server like lighthttp or tiny http to do a simple redirect :wink:

i installed lighttpd and addet this lines in /etc/lighttpd/lighttpd.conf

$HTTP[“scheme”] == “http” {
# capture vhost name with regex conditiona -> %0 in redirect pattern
# must be the most inner block to the redirect rule
$HTTP[“host”] =~ “." {
url.redirect = (".
” => “https://%0$0”)

i dont know where i have change sth too… but i think i have to say somewhere that it should redirect the gsad… but there so much config files and i dont find a good docu…

By default gsad redirects from the http port to the https port. This can only be deactivated by not using https at all with --http-only or disabling the redirect with --no-redirect.

but if gsad redirects from http port to the https port… why i cant open xx.xx.xx.xx in the browser? why i have to write https://xx.xx.xx.xx:9392

Maybe you are not allowed to run gsad on port 443 or your config file has some special stuff in it?

In the config i see nothing what should not allow this… and… when i make nmap xx.xx.xx.xx there is no 443 port open… could that be the problem? o.o

i start gsad with this command:
gsad --listen --port 9392
maybe i have to change the port?

Please use our source, we can´t support any 3rd party packets here. And this is obviously the case here. If you wanna play with a fast and reliable GVM installation i strongly suggest to use our community edition GCE.

Please note nigher 9392 nor 9390 are well known HTTP(s) ports, so you should use 443 and 80 for https and http.

i dont know what 3rd party packets you mean, i installed all on this ubuntu server from the source in github.
i know that 9392 and 9390 are no https ports, but when i make gsad–listen --port 443 i get this error in the gsad.log:

gsad main:MESSAGE:2019-09-11 08h12.39 utc:10062: Starting GSAD version 8.0.1
gsad main:WARNING:2019-09-11 08h12.39 utc:10073: MHD: Failed to bind to port 443: Permission denied
gsad main:CRITICAL:2019-09-11 08h12.39 utc:10073: main: start_https_daemon failed!
gsad main:WARNING:2019-09-11 08h12.39 utc:10074: MHD: Failed to bind to port 80: Permission denied
gsad main:WARNING:2019-09-11 08h12.39 utc:10074: main: start_http_daemon redirect failed !

If you use the -r and -p flags you can choose the listening ports for gsad. E.g.
gsad -p 9390 -r 9392 will listen on port 9392 for http and redirect to port 9390 which provides https.

1 Like