1

I have installed openvas9 and have installed certs from a cert store. I have tried to then use nginx as a reverse proxy. My openvas settings are at /etc/default/openvas-gsa and look like this;

# Defaults for Greenbone Security Assistant initscript
# sourced by /etc/init.d/openvas-gsa
# installed at /etc/default/openvas-gsa by the maintainer scripts

# To disable HTTPS:
#
#HTTP_ONLY=1

# To enable http redirection:
#
HTTP_REDIRECT=1

# To set listening address:
# 
#LISTEN_ADDRESS="0.0.0.0"

# To set listening port number:
#
PORT_NUMBER=4000

My nginx config at /etc/nginx/sites-enabled/openvas looks like this (with the server name changed for obviously);

server {
    listen 443 ssl;
    server_name vas.server.com;

    location / {
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   REMOTE_HOST      $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-FORWARDED-PROTOCOL $scheme;
        proxy_pass http://localhost:4000;
    }
}

All I get is a 502 Bad Gateway. Where am I going wrong?

eekfonky
  • 819
  • 4
  • 16
  • 33

2 Answers2

1
server {
       listen         80;
       server_name    vas.novarumcloud.com;
       return         301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name vas.novarumcloud.com;

    location / {
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   REMOTE_HOST      $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-FORWARDED-PROTOCOL $scheme;  
        proxy_pass https://localhost:4000;
    }
}

However, you also need to go to /etc/default/openvas-gsa and have the settings as follows;

# Defaults for Greenbone Security Assistant initscript
# sourced by /etc/init.d/openvas-gsa
# installed at /etc/default/openvas-gsa by the maintainer scripts

# To disable HTTPS:
#
#HTTP_ONLY=1

# To enable http redirection:
#
HTTP_REDIRECT=1

# To set listening address:
# 
#LISTEN_ADDRESS="0.0.0.0"

# To set listening port number:
#
PORT_NUMBER=4000
eekfonky
  • 819
  • 4
  • 16
  • 33
  • I've added also `ALLOW_HEADER_HOST=openvas.mydomain.com` to avoid errors like this : `gsad main:WARNING:2018-08-23 08h33.16 utc:13346: MHD: Error: received handshake message out of context` – Tomas Pytel Aug 23 '18 at 09:54
0

I used HAProxy instead of nginx, worked much better.

docker volume create --name openvas \
                     --opt type=none \
                     --opt device=/apps/openvas \
                     --opt o=bind


docker run --detach \
           --publish 8081:9392 \
           -e PASSWORD="nsnlDusC2EElDPASSSSusC2Esdk2Ey" \
           --volume openvas:/data \
           --restart unless-stopped \
           --name openvas immauss/openvas


listen l2
    bind 192.168.254.28:81
    mode tcp
    timeout connect  4000
    timeout client   180000
    timeout server   180000
    server srv2 your.openvas.box:3001

listen stats
   mode http
   bind *:8404
   stats enable
   stats uri /
Brian
  • 1
  • 1