Environment
Source Server: Old server where OpenVAS container existed Destination Server: sadad-centralized-logging (Public IP: 20.21.137.88) Domain: online-openvas.sadadqa.com Container Image: immauss/openvas:latest Ports: 9392 (Web UI), 9390 (GMP)
Goal
1) Migrate OpenVAS Docker volume data from old server to new server 2) Run OpenVAS container on destination using same volume 3) Configure domain access via Nginx reverse proxy 4) Enable SSL using Let's Encrypt (Certbot) on Nginx 5) Validate OpenVAS users and reset passwords if needed
PART A — SOURCE SERVER (Backup OpenVAS Volume)
1) Check OpenVAS container docker ps -a | grep openvas
2) Confirm Docker volume docker volume ls | grep openvas
3) Inspect volume path docker volume inspect openvas
4) Create backup cd /var/lib/docker/volumes tar -czvf /root/openvas-volume-backup.tar.gz openvas
5) Transfer backup scp /root/openvas-volume-backup.tar.gz root@DESTINATION_IP:/home/rishi/
PART B — DESTINATION SERVER (Restore Volume)
1) Stop old container docker stop openvas
2) Rename old container docker rename openvas openvas-old
3) Remove old container docker rm openvas-old
4) Remove old volume docker volume rm openvas
5) Create new volume docker volume create openvas
6) Restore volume data cd /var/lib/docker/volumes tar -xzvf /home/rishi/openvas-volume-backup.tar.gz
7) Verify data ls -lah /var/lib/docker/volumes/openvas/_data
PART C — Start OpenVAS Container
docker run -d --name openvas --restart unless-stopped --ipc=host -p 9392:9392 -p 9390:9390 -e GMP=9390 -v openvas:/data immauss/openvas:latest
Verify container: docker ps
Check logs: docker logs -f openvas
Verify ports: ss -tulpn | grep 939
PART D — Nginx Reverse Proxy Setup
Create config: /etc/nginx/sites-available/online-openvas.sadadqa.com.conf
server {
listen 80;
server_name online-openvas.sadadqa.com;
location / {
proxy_pass http://127.0.0.1:9392;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
client_max_body_size 50M;
}
}
Enable site: ln -s /etc/nginx/sites-available/online-openvas.sadadqa.com.conf /etc/nginx/sites-enabled/
Reload Nginx: nginx -t systemctl reload nginx
PART E — DNS Setup
Create DNS A record: online-openvas.sadadqa.com -> 20.21.137.88
Verify: nslookup online-openvas.sadadqa.com
PART F — SSL Setup using Certbot
certbot --nginx -d online-openvas.sadadqa.com
Certificate paths: /etc/letsencrypt/live/online-openvas.sadadqa.com/fullchain.pem /etc/letsencrypt/live/online-openvas.sadadqa.com/privkey.pem
Test renewal: certbot renew --dry-run
PART G — OpenVAS User Management
Enter container: docker exec -it openvas bash
List users: sudo -u gvm gvmd --get-users
Example users: admin rana akshay faisal sameer santosh harshal.kamble
Reset password: sudo -u gvm gvmd --user=admin --new-password='StrongPassword123'
Login URL: https://online-openvas.sadadqa.com/login
PART H — Security Recommendations
1) Do not expose port 9392 publicly. 2) Allow only Nginx (80/443) to internet. 3) Restrict portal access by office/VPN IP if required. 4) Enable firewall rules in Azure NSG accordingly.
Source Server: Old server where OpenVAS container existed Destination Server: sadad-centralized-logging (Public IP: 20.21.137.88) Domain: online-openvas.sadadqa.com Container Image: immauss/openvas:latest Ports: 9392 (Web UI), 9390 (GMP)
Goal
1) Migrate OpenVAS Docker volume data from old server to new server 2) Run OpenVAS container on destination using same volume 3) Configure domain access via Nginx reverse proxy 4) Enable SSL using Let's Encrypt (Certbot) on Nginx 5) Validate OpenVAS users and reset passwords if needed
PART A — SOURCE SERVER (Backup OpenVAS Volume)
1) Check OpenVAS container docker ps -a | grep openvas
2) Confirm Docker volume docker volume ls | grep openvas
3) Inspect volume path docker volume inspect openvas
4) Create backup cd /var/lib/docker/volumes tar -czvf /root/openvas-volume-backup.tar.gz openvas
5) Transfer backup scp /root/openvas-volume-backup.tar.gz root@DESTINATION_IP:/home/rishi/
PART B — DESTINATION SERVER (Restore Volume)
1) Stop old container docker stop openvas
2) Rename old container docker rename openvas openvas-old
3) Remove old container docker rm openvas-old
4) Remove old volume docker volume rm openvas
5) Create new volume docker volume create openvas
6) Restore volume data cd /var/lib/docker/volumes tar -xzvf /home/rishi/openvas-volume-backup.tar.gz
7) Verify data ls -lah /var/lib/docker/volumes/openvas/_data
PART C — Start OpenVAS Container
docker run -d --name openvas --restart unless-stopped --ipc=host -p 9392:9392 -p 9390:9390 -e GMP=9390 -v openvas:/data immauss/openvas:latest
Verify container: docker ps
Check logs: docker logs -f openvas
Verify ports: ss -tulpn | grep 939
PART D — Nginx Reverse Proxy Setup
Create config: /etc/nginx/sites-available/online-openvas.sadadqa.com.conf
server {
listen 80;
server_name online-openvas.sadadqa.com;
location / {
proxy_pass http://127.0.0.1:9392;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
client_max_body_size 50M;
}
}
Enable site: ln -s /etc/nginx/sites-available/online-openvas.sadadqa.com.conf /etc/nginx/sites-enabled/
Reload Nginx: nginx -t systemctl reload nginx
PART E — DNS Setup
Create DNS A record: online-openvas.sadadqa.com -> 20.21.137.88
Verify: nslookup online-openvas.sadadqa.com
PART F — SSL Setup using Certbot
certbot --nginx -d online-openvas.sadadqa.com
Certificate paths: /etc/letsencrypt/live/online-openvas.sadadqa.com/fullchain.pem /etc/letsencrypt/live/online-openvas.sadadqa.com/privkey.pem
Test renewal: certbot renew --dry-run
PART G — OpenVAS User Management
Enter container: docker exec -it openvas bash
List users: sudo -u gvm gvmd --get-users
Example users: admin rana akshay faisal sameer santosh harshal.kamble
Reset password: sudo -u gvm gvmd --user=admin --new-password='StrongPassword123'
Login URL: https://online-openvas.sadadqa.com/login
PART H — Security Recommendations
1) Do not expose port 9392 publicly. 2) Allow only Nginx (80/443) to internet. 3) Restrict portal access by office/VPN IP if required. 4) Enable firewall rules in Azure NSG accordingly.