I found this thread due to its subject, but the thread turned to another project. There is a solution to enabling SSL in gsad in the community container set. After a lot of trial and error, the solution is quite easy, I’m surprised no one has posted it in the documentation or on this forum before (at least that search finds).
It requires 2 modifications to the docker-compose.yaml and the creation of a certificate/key pair.
First find the “gsa” block in the yaml file and change the block to be like this:
gsa:
image: greenbone/gsa:stable
environment:
- GSAD_ARGS=--no-redirect
restart: on-failure
ports:
- 9392:443
volumes:
- gvmd_socket_vol:/run/gvmd
secrets:
- source: server-certificate
target: /var/lib/gvm/CA/servercert.pem
- source: private-key
target: /var/lib/gvm/private/CA/serverkey.pem
depends_on:
- gvmd
Key changes here:
- First adding the environment option overrides the default passed to the gsad program (default is --http-only), this enables the SSL port, and disables the redirection on port 80, which isn’t needed and sometimes causes issues starting for reasons…
- Second change the target (internal) port from 80 to 443 gsad will now listen to
- Third is the addition of the secrets block to provide the container with a certificate and key, in the locations it expects them by default.
Next ADD to the bottom of the docker-compose.yaml, a block like this:
secrets:
server-certificate:
file: /home/someusr/docker_keys/servercert.pem
private-key:
file: /home/someusr/docker_keys/serverkey.pem
This block defines the secrets used in the gsa block. The paths here are wherever you want to put the files. They can be generated easily enough, example for cert gen:
openssl req -x509 -newkey rsa:4096 -keyout serverkey.pem -out servercert.pem -nodes -subj '/CN=localhost' -addext 'subjectAltName = DNS:localhost' -days 365