Giters

infobyte / faraday

Open Source Vulnerability Management Platform

Home Page:https://www.faradaysec.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Faraday-Server does not start up with HTTPS(kali-linux)

naporitann1 opened this issue · comments

commented

Hello.I am a beginner and also use translations, so please forgive me if my writing is poor.
I have built the nginx setup according to the official instructions, but the server is still only running at http.
Looking at the output of the "faraday-server" run, it does not appear to be running through nginx to begin with.
Also, the configuration file generated by "generate-nginx-config" pointed to a directory as root that did not exist, at least in my environment, so I specified www, which was the only one in my environment, but now it starts with https, but login fails (When I click on the login button, it posts to a non-existent page called /usr/share/faraday/server/www/_api/login).
What did I do wrong?

Version

Faraday v4.6.0

Description: Kali GNU/Linux Rolling
Release: 2023.3

Debug TraceBack

/usr/lib/python3/dist-packages/flask_limiter/extension.py:293: UserWarning: Using the in-memory storage for tracking rate limits as no storage was explicitly specified. This is not recommended for production use. See: https://flask-limiter.readthedocs.io#configuring-a-storage-backend for documentation about configuring the storage backend.
warnings.warn(
2023-10-05T19:07:06+0900 - alembic.runtime.migration - INFO {MainThread} [pid:2385751] [migration.py:204 - init()] Context impl PostgresqlImpl.
2023-10-05T19:07:06+0900 - alembic.runtime.migration - INFO {MainThread} [pid:2385751] [migration.py:207 - init()] Will assume transactional DDL.
2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:90 - init()] Starting web server at http://192.168.1.1:5985/
2023-10-05T19:07:06+0900 - faraday.server.threads.reports_processor - INFO {ReportsManager-Thread} [pid:2385751] [reports_processor.py:123 - run()] Reports Manager Thread [Start]
2023-10-05T19:07:06+0900 - faraday.server.threads.ping_home - INFO {PingHomeThread} [pid:2385751] [ping_home.py:28 - run()] Ping Home Thread [Start]
2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:162 - run()] Starting webserver with 4 threads.
2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:111 - __build_websockets_resource()] Starting websocket server at port 9000 with bind address 192.168.1.1.
2023-10-05T19:07:06+0900 - faraday.server.web - INFO {MainThread} [pid:2385751] [web.py:172 - run()] Faraday Server is ready
2023-10-05T19:07:07+0900 - faraday.server.threads.ping_home - ERROR {PingHomeThread} [pid:2385751] [ping_home.py:38 - run()] HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)'))
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 174, in _new_conn
conn = connection.create_connection(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
TimeoutError: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 715, in urlopen
httplib_response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 404, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1056, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 363, in connect
self.sock = conn = self._new_conn()
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 179, in _new_conn
raise ConnectTimeoutError(
urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 799, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/faraday/server/threads/ping_home.py", line 31, in run
res = requests.get(HOME_URL, params={'version': faraday.version, 'key': 'white'},
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 507, in send
raise ConnectTimeout(e, request=request)
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=4.6.0&key=white (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f4d19803d10>, 'Connection to portal.faradaysec.com timed out. (connect timeout=1)'))
2023-10-05T19:07:07+0900 - faraday.server.threads.ping_home - WARNING {PingHomeThread} [pid:2385751] [ping_home.py:39 - run()] Can't connect to portal...

##generated nginx Configfile

server {
server_name 192.168.1.1;
listen 443 ssl http2;
listen [::]:443 ssl http2;

client_max_body_size 150M;

ssl on;
ssl_session_cache shared:SSL:50m;
ssl_certificate           /etc/ssl/faraday.crt;
ssl_certificate_key       /etc/ssl/faraday.key;

#root /opt/faraday/lib/python3.11/site-packages/faraday/server/www;
**_root /usr/share/faraday/server/www;_**
index index.html index.htm;

location / {
    try_files $uri $uri/ /index.html;
}

location /_api/ {
    proxy_pass http://localhost:5985/_api/;
    proxy_redirect http:// $scheme://;
    proxy_read_timeout 300;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location /websockets {
    proxy_http_version 1.1;
    proxy_pass http://localhost:9000/websockets;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

}

server {
server_name 192.168.1.1;
listen 80 ;

# https redirect
if ($host = 192.168.1.1) {
    return 301 https://$host$request_uri;
}

return 404;

}

##server.ini

[faraday_server]
port = 5985
bind_address = 192.168.1.1
websocket_port = 9000
debug = false
session_timeout = 12
api_token_expiration = 43200
secret_key = xxxxx
agent_registration_secret = xxxxx
SSL_KEY = /etc/ssl/faraday.key
SSL_CERT = /etc/ssl/faraday.crt

[logger]
use_rfc5424_formatter = false

[storage]
path = /home/kali/.faraday/storage

[ssl]
port = 6985
certificate = /etc/ssl/faraday.crt
keyfile = /etc/ssl/faraday.key

Operating System

└─$ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.3
Codename: kali-rolling

commented

@naporitann1 hi, nice to hear from you, so, faraday has a guide to spin it up with nginx, you could find it in Faraday Docs
so if you are going to use nginx, first of all you should point all the locations to 127.0.0.1

Server ini should be:

[faraday_server]
port = 5985
bind_address = localhost 
debug = false
session_timeout = 12
api_token_expiration = 43200
secret_key = #dont change the value that is here
agent_registration_secret =  #dont change the value that is here

[logo]

[logger]
use_rfc5424_formatter = false

[limiter]
enabled = True
login_limit = 10/minutes

[storage]
path = /Users/faraday/.faraday/storage

[database]
connection_string = postgresql+psycopg2://faraday_postgresql:sqwtSlDZddH7mzYvW9kf3nWZ9@localhost/faraday

nginx config:

Same as yours.

Check nginx config:
nginx -t

Start nginx service
sudo systemctl start nginx

please remove the "SSL" section that you see in server.ini, it shouldnt be there.

Cheers!

commented

Hello! Thank you for answering my question.
I set it up just like you said and it worked like a lie until now! It really helped me a lot.