| View previous topic :: View next topic |
| Author |
Message |
Elleni
Veteran
Joined: 23 May 2006
Posts: 1289
|
 Posted: Tue Aug 13, 2024 8:08 am Post subject: [solved] help setting up nginx as reverse proxy for https |
 |
|
I successfully installed gvm and it works on port http://localhost:9392 or if changing the listen adress in gsad.conf even from other hosts, but its unencrypted.
Now I would like to use nginx for https with a selfsigned certificate, but never used nginx before.
I am trying it with the following file in /etc/nginx/sites-enabled/default -> symbolic link to the following file:
| Code: | server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ localhost }};
ssl_certificate /etc/ssl/nginx/nginx.pem;
ssl_certificate_key /etc/ssl/nginx/nginx.key;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://localhost:9392;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
} |
I also am not sure if the symbolic link is the correct location of the unencrypted version of the website which is presented at port 9392. Was just a try and error approach
As I saw, it tries to open index.html in /var/www/localhost/htdocs/ I tried to link the website to /var/www/localhost -> ln -s /usr/share/gvm/gsad/web/ htdocs
But that doesnt work.
Instead of a .crt and a .key file, I used the .crt and .key file, I found ass they were already existing.
What info would you need to be able to locate the configuration error, or am I completely on the wrong path?
| Code: | 2024/08/12 15:02:20 [error] 7361#0: *1 "/var/www/localhost/htdocs/index.html" is not found (2: No such file or directory), client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", host: "localhost"
2024/08/12 15:02:40 [info] 7361#0: *1 client 127.0.0.1 closed keepalive connection
2024/08/13 09:54:50 [info] 17175#0: *1 client sent invalid method while reading client request line, client: 127.0.0.1, server: localhost, request: "���kt"
2024/08/13 09:54:50 [info] 17175#0: *1 recv() failed (104: Connection reset by peer) while reading client request line, client: 127.0.0.1, server: localhost, request: "���kt"
2024/08/13 09:54:50 [info] 17175#0: *2 client sent invalid method while reading client request line, client: 127.0.0.1, server: localhost, request: "�(p$^Q6O���Q�6��uSz�!�D! ��z�l�řv�DZe�xwz���h��#D"�+�/̨̩�,�0�"
2024/08/13 09:54:50 [info] 17175#0: *2 recv() failed (104: Connection reset by peer) while reading client request line, client: 127.0.0.1, server: localhost, request: "�(p$^Q6O���Q�6��uSz�!�D! ��z�l�řv�DZe�xwz���h��#D"�+�/̨̩�,�0� |
Last edited by Elleni on Tue Aug 13, 2024 10:00 am; edited 1 time in total |
|
| Back to top |
|
 |
Elleni
Veteran
Joined: 23 May 2006
Posts: 1289
|
| Posted: Tue Aug 13, 2024 9:59 am Post subject: |
|
|
nevermind, I found a youtube video which explained howto change the options in the systemd init file, so I was able to adapt and change /etc/conf.d/gsad and /etc/init.d/gsad - that way I could acheave the result needed.
For the record following the changes:
| Code: |
# e.g. --foreground | e.g. --no-redirect
GSAD_OPTIONS="--drop-privileges=gvm --rport=80 -k /etc/gvm/gsad.key -c /etc/gvm/gsad.crt"
# GSAD listen adress
GSAD_LISTEN_ADDRESS="--listen=0.0.0.0"
# GSAD listen port
GSAD_LISTEN_PORT="--port=443"
# GVMD listen address
GVMD_LISTEN_ADDRESS="--mlisten=0.0.0.0" |
Source: https://www.youtube.com/watch?v=e4-t1flTFO8 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
