Update Compose File

src/22.4/container/index.md

@@ -87,7 +87,7 @@ the {term}`Greenbone Security Assistant web interface – GSA –<GSA>` can be o
 ---
 caption: Opening Greenbone Security Assistant in the browser
 ---
-xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null &
+xdg-open "https://127.0.0.1" 2>/dev/null >/dev/null &
 ```
 
 The browser will show the login page of GSA and after using the credentials

src/22.4/container/workflows.md

@@ -210,33 +210,31 @@ interfaces of the host, the compose file must be modified to configure the web
 server {command}`nginx` to listen on all network interfaces.
 
 The following change of the docker compose file can be applied (it also changes
-to the default http port 80 as an example):
+to the default http port to port 80 as an example):
 
 ```{code-block} diff
 ---
 caption: Allowing access on all host interfaces
 ---
 ...
-  nginx:
-    image: nginx
+  gvm-config:
+    image: registry.community.greenbone.net/community/gvm-config:latest
     environment:
-      NGINX_HOST: "localhost"
--     NGINX_HTTP_PORT: 9392
+      NGINX_HOST: "<your-ip-or-domain>"
 +     NGINX_HTTP_PORT: 80
-      NGINX_HTTPS_PORT: 443
-      NGINX_SERVER_CERT: "/etc/nginx/certs/server.cert.pem"
-      NGINX_SERVER_KEY: "/etc/nginx/certs/server.key"
-      NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://localhost"
-      NGINX_X_FRAME_OPTIONS_HEADER: "SAMEORIGIN"
-      NGINX_CONTENT_SECURITY_POLICY_HEADER: "default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline';frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self';img-src 'self' blob: data:;"
-      NGINX_STRICT_TRANSPORT_SECURITY_HEADER: "max-age=31536000; includeSubDomains;"
++     NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://<your-ip-or-domain>"
+
+...
+
+  nginx:
+    image: nginx
     ports:
 -     - 127.0.0.1:443:443
 -     - 127.0.0.1:9392:9392
 +     - 80:80
 +     - 443:443
     volumes:
-      - nginx_templates_vol:/etc/nginx/templates:ro
+      - nginx_config_vol:/etc/nginx/templates:ro
       - nginx_certificates_vol:/etc/nginx/certs:ro
       - gsa_data_vol:/usr/share/nginx/html:ro
     depends_on:
@@ -452,22 +450,12 @@ Sample `nginx` service settings to use own TLS certificate files:
 ```diff
   nginx:
     image: nginx
-    environment:
-      NGINX_HOST: "localhost"
-      NGINX_HTTP_PORT: 9392
-      NGINX_HTTPS_PORT: 443
-      NGINX_SERVER_CERT: "/etc/nginx/certs/server.cert.pem"
-      NGINX_SERVER_KEY: "/etc/nginx/certs/server.key"
-      NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://localhost"
-      NGINX_X_FRAME_OPTIONS_HEADER: "SAMEORIGIN"
-      NGINX_CONTENT_SECURITY_POLICY_HEADER: "default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline';frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self';img-src 'self' blob: data:;"
-      NGINX_STRICT_TRANSPORT_SECURITY_HEADER: "max-age=31536000; includeSubDomains;"
     ports:
       - 127.0.0.1:443:443
       - 127.0.0.1:9392:9392
     volumes:
-      - nginx_templates_vol:/etc/nginx/templates:ro
-      - nginx_certificates_vol:/etc/nginx/certs:ro
+      - nginx_config_vol:/etc/nginx/templates:ro
+-     - nginx_certificates_vol:/etc/nginx/certs:ro
 +     - /home/<username>/.ssl/:/etc/nginx/certs:ro
       - gsa_data_vol:/usr/share/nginx/html:ro
     depends_on:

src/_static/compose.yaml

@@ -139,29 +139,19 @@ services:
   gvm-config:
     image: registry.community.greenbone.net/community/gvm-config:latest
     environment:
-      ENABLE_NGINX_CONFIG: 1
-      ENABLE_TLS_GENERATION: 1
+      ENABLE_NGINX_CONFIG: true
+      ENABLE_TLS_GENERATION: true
     volumes:
-      - nginx_templates_vol:/mnt/nginx/templates
+      - nginx_config_vol:/mnt/nginx/configs
       - nginx_certificates_vol:/mnt/nginx/certs
 
   nginx:
     image: nginx
-    environment:
-      NGINX_HOST: "localhost"
-      NGINX_HTTP_PORT: 9392
-      NGINX_HTTPS_PORT: 443
-      NGINX_SERVER_CERT: "/etc/nginx/certs/server.cert.pem"
-      NGINX_SERVER_KEY: "/etc/nginx/certs/server.key"
-      NGINX_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER: "https://localhost"
-      NGINX_X_FRAME_OPTIONS_HEADER: "SAMEORIGIN"
-      NGINX_CONTENT_SECURITY_POLICY_HEADER: "default-src 'none'; object-src 'none'; base-uri 'none'; connect-src 'self'; script-src 'self'; script-src-elem 'self' 'unsafe-inline';frame-ancestors 'none'; form-action 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self';img-src 'self' blob: data:;"
-      NGINX_STRICT_TRANSPORT_SECURITY_HEADER: "max-age=31536000; includeSubDomains;"
     ports:
       - 127.0.0.1:443:443
       - 127.0.0.1:9392:9392
     volumes:
-      - nginx_templates_vol:/etc/nginx/templates:ro
+      - nginx_config_vol:/etc/nginx/conf.d:ro
       - nginx_certificates_vol:/etc/nginx/certs:ro
       - gsa_data_vol:/usr/share/nginx/html:ro
     depends_on:
@@ -305,5 +295,5 @@ volumes:
   openvas_data_vol:
   openvas_log_data_vol:
   gsa_data_vol:
-  nginx_templates_vol:
+  nginx_config_vol:
   nginx_certificates_vol: