HTTPS with docker install

Hello there,
I follow the documentation to install gvm with docker compose: Greenbone Community Containers - Greenbone Community Documentation
This is a fresh install

With the docker-compose by default, on port 80, it works fine

Now I would I would to setup HTTPS, I create this override

services:
  gsa:
    environment:
      - GSAD_ARGS=--no-redirect
    ports:
      - 443:443
    secrets:
      - source: server-certificate
        target: /var/lib/gvm/CA/servercert.pem
      - source: private-key
        target: /var/lib/gvm/private/CA/serverkey.pem

secrets:
  server-certificate:
    file: /root/greenbone-community-container/domain.crt
  private-key:
    file: /root/greenbone-community-container/domain.key

Certificates are self-signed certificates and they are accessible

Now in the logs, I have this error:

gsa-1             | (gsad:14): gsad main-WARNING **: 16:42:36.503: Binding to port 443 failed, trying default port 9392 next.
gsa-1             |
gsa-1             | (gsad:14): gsad main-CRITICAL **: 16:42:36.504: main: start_https_daemon failed!

Any idea where I made a mistake?

I am moving forward with my research
Now, the error about the used port is corrected, but start_https is still crashing

Here is the corrected docker compose

services:
  gsa:
    environment:
      - GSAD_ARGS="--no-redirect --port=9392"
    ports:
      - 443:9392
    secrets:
      - source: server-certificate
        target: /var/lib/gvm/CA/servercert.pem
      - source: private-key
        target: /var/lib/gvm/private/CA/serverkey.pem

secrets:
  server-certificate:
    file: /root/greenbone-community-container/domain.crt
  private-key:
    file: /root/greenbone-community-container/domain.key

Thanks for your help

You should monitor the logs to set what the problem is. You can see all logs displayed in real-time, or get a shell on a container to view them.

Thanks for the answer, I checked and logs are very poor

# docker compose -p greenbone-community-edition logs -f gsa
gsa-1  | starting gsad
gsa-1  | gsad main-Message: 06:34:33.640: Starting GSAD version 22.12.0
gsa-1  |
gsa-1  |
gsa-1  | (gsad:14): gsad main-CRITICAL **: 06:34:33.646: main: start_https_daemon failed!
gsa-1  |

Other pods are not giving more informations. Perhaps, I have to look somewhere else…

After a long search, the issue comes from the certificate format. For those who encourter this problem:

  • DSA : doesn’t work
  • RSA : works

And that is a security feature :wink: DSA is insecure and deprecated :wink:

1 Like