PPCM
1
Hello there,
I follow the documentation to install gvm with docker compose: Greenbone Community Containers - Greenbone Community Documentation
This is a fresh install
With the docker-compose by default, on port 80, it works fine
Now I would I would to setup HTTPS, I create this override
services:
gsa:
environment:
- GSAD_ARGS=--no-redirect
ports:
- 443:443
secrets:
- source: server-certificate
target: /var/lib/gvm/CA/servercert.pem
- source: private-key
target: /var/lib/gvm/private/CA/serverkey.pem
secrets:
server-certificate:
file: /root/greenbone-community-container/domain.crt
private-key:
file: /root/greenbone-community-container/domain.key
Certificates are self-signed certificates and they are accessible
Now in the logs, I have this error:
gsa-1 | (gsad:14): gsad main-WARNING **: 16:42:36.503: Binding to port 443 failed, trying default port 9392 next.
gsa-1 |
gsa-1 | (gsad:14): gsad main-CRITICAL **: 16:42:36.504: main: start_https_daemon failed!
Any idea where I made a mistake?
PPCM
2
I am moving forward with my research
Now, the error about the used port is corrected, but start_https is still crashing
Here is the corrected docker compose
services:
gsa:
environment:
- GSAD_ARGS="--no-redirect --port=9392"
ports:
- 443:9392
secrets:
- source: server-certificate
target: /var/lib/gvm/CA/servercert.pem
- source: private-key
target: /var/lib/gvm/private/CA/serverkey.pem
secrets:
server-certificate:
file: /root/greenbone-community-container/domain.crt
private-key:
file: /root/greenbone-community-container/domain.key
Thanks for your help
PPCM
4
Thanks for the answer, I checked and logs are very poor
# docker compose -p greenbone-community-edition logs -f gsa
gsa-1 | starting gsad
gsa-1 | gsad main-Message: 06:34:33.640: Starting GSAD version 22.12.0
gsa-1 |
gsa-1 |
gsa-1 | (gsad:14): gsad main-CRITICAL **: 06:34:33.646: main: start_https_daemon failed!
gsa-1 |
Other pods are not giving more informations. Perhaps, I have to look somewhere else…
PPCM
5
After a long search, the issue comes from the certificate format. For those who encourter this problem:
- DSA : doesn’t work
- RSA : works
Lukas
6
And that is a security feature DSA is insecure and deprecated
1 Like