I figured I would post here how I got SSL/TLS working for an OpenVAS community image docker install in October 2025, because I had to combine info from multiple sources to get it working.
Part one was modifying docker-compose.yml similar to but not quite the same as the way described at Setting up ssl/tls for docker - #6 by shiz0
by cseengineer with the gsa block like this:
gsa:
image: registry.community.greenbone.net/community/gsa:stable
restart: always
ports:
- SERVER_IP_HERE:9392:443
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
environment:
- GSAD_ARGS="-e HTTPS=true"
secrets:
- source: server-certificate
target: /var/lib/gvm/CA/servercert.pem
- source: private-key
target: /var/lib/gvm/private/CA/serverkey.pem
and adding a block like this to the end:
secrets:
server-certificate:
file: /path/to/cert/certfile.pem
private-key:
file: path/to/key/keyfile.pem
AND you need to make a user with uid 1001 and a group with gid 1001 on the HOST (the username and group name don’t matter, just the IDs), and then set that to be the owner and group for the cert file and key file on your host server. Basically, this is because docker copies the file permissions directly into the docker container, and the container needs to be able to access the files with that uid and gid. I referenced GitHub - jhurta05/openvas-docker-https: This is a Docker Compose configuration of how an OpenVAS instance with HTTPS enabled. to figure that part out.
You may also notice the restart option in the gsa block is always instead of on-failure - I changed on-failure to alwaysin all of the blocks that had on-failure so that the containers will restart after a server restart.