gsad React frontend shipped with Greenbone Community Edition via Ubuntu apt
packages is broken on Ubuntu 22 and 24. The web UI is unreachable even when gvmd is
running correctly. This is a known, long-standing packaging issue confirmed by Greenbone:
"the packets on Ubuntu are still broken."
The scanner, manager, and database work fine — only the UI is missing.
gvmd socket via GMP XML protocol. No data migration. No duplicate scanner stack.
All existing scan history and configurations are preserved. The container communicates
with gvmd exactly as gvm-cli does.
Confirm these before starting:
| Requirement | Check |
|---|---|
| gvmd running via apt | systemctl status gvmd |
| Docker installed | docker --version |
| Your user in docker group | groups $USER |
| Socket exists | ls /run/gvmd/gvmd.sock |
If Docker is not installed:
sudo apt install -y docker.io docker-compose-plugin sudo systemctl enable --now docker sudo usermod -aG docker $USER newgrp docker
The PHP container mounts the host gvmd socket read/write and speaks raw GMP XML — the
same protocol used by gvm-cli. No data lives in the container; everything
stays in the host PostgreSQL database.
The gvmd socket is owned _gvm:_gvm 660. The Docker container needs group
read/write access. The clean approach: add _gvm to the docker
group, then use a systemd override to apply chmod 660 after every gvmd start.
chown in the systemd override.
ExecStartPost runs as the service User (_gvm),
not root — it cannot chown files to a different group and will crash-loop gvmd.
sudo usermod -aG docker _gvm
sudo mkdir -p /etc/systemd/system/gvmd.service.d/ sudo tee /etc/systemd/system/gvmd.service.d/socket-perms.conf << 'EOF' [Service] ExecStartPost=/bin/sleep 2 ExecStartPost=/bin/chmod 660 /run/gvmd/gvmd.sock EOF sudo systemctl daemon-reload sudo systemctl restart gvmd sleep 5 ls -la /run/gvmd/gvmd.sock
Expected output: srw-rw---- 1 _gvm _gvm ... /run/gvmd/gvmd.sock
Test your gvmd admin credentials. If you do not know the password or it has been lost, reset it now before building the container.
sudo -u _gvm gvm-cli --gmp-username admin --gmp-password YOUR_PASSWORD \ socket --socketpath /run/gvmd/gvmd.sock -X '<get_version/>'
Expected: <get_version_response status="200" ...><version>22.4</version>
If authentication fails, reset the password:
sudo -u _gvm gvmd --user=admin --new-password=YOUR_NEW_PASSWORD
mkdir -p ~/openvas-ui cd ~/openvas-ui
Key points: install the PHP sockets extension, and set www-data
to GID 140 (the _gvm group on Ubuntu 24 — verify with
getent group _gvm on your system).
FROM php:8.2-apache RUN docker-php-ext-install sockets RUN a2enmod rewrite headers COPY index.php /var/www/html/index.php # Give www-data access to gvmd socket (GID 140 = _gvm on Ubuntu 24) # Verify on your system: getent group _gvm RUN groupmod -g 140 www-data && usermod -aG 140 www-data EXPOSE 80 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s \ CMD curl -sf http://localhost/ || exit 1
services: openvas-dashboard: build: context: . dockerfile: Dockerfile container_name: openvas-dashboard restart: unless-stopped ports: - "127.0.0.1:9393:80" volumes: - /run/gvmd/gvmd.sock:/run/gvmd/gvmd.sock environment: - GVM_USER=admin - GVM_PASS=${GVM_PASS} # set in .env file networks: - openvas-net networks: openvas-net: driver: bridge
echo "GVM_PASS=YOUR_PASSWORD" > .env chmod 600 .env
.env to version control.
Add it to .gitignore.
cd ~/openvas-ui docker compose build docker compose up -d docker compose ps
Verify socket is accessible from inside the container:
cat > /tmp/test_sock.php << 'EOF'
<?php
$s = stream_socket_client('unix:///run/gvmd/gvmd.sock', $e, $em, 10);
echo $s ? "CONNECTED\n" : "FAIL: $em\n";
if ($s) fclose($s);
EOF
docker cp /tmp/test_sock.php openvas-dashboard:/tmp/test_sock.php
docker exec openvas-dashboard su www-data -s /bin/bash -c 'php /tmp/test_sock.php'
# Expected: CONNECTED
ssh -L 9393:127.0.0.1:9393 user@your-server -N
Then open: http://localhost:9393
To force a data refresh: http://localhost:9393/?flush=1
server {
listen 192.168.0.85:9393 ssl;
server_name your-server;
ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem;
# LAN only
allow 192.168.0.0/24;
deny all;
location / {
proxy_pass http://127.0.0.1:9393;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
| Symptom | Cause | Fix |
|---|---|---|
| Authentication failed | Wrong password in .env |
Reset: sudo -u _gvm gvmd --user=admin --new-password=... |
| GVMD OFFLINE in dashboard | Socket permissions wrong | ls -la /run/gvmd/gvmd.sock — rerun Step 1 |
| gvmd crash-loops after override | chown in ExecStartPost fails |
Use chmod only — handle group via usermod -aG docker _gvm |
| Container won't start | Port conflict or build error | docker compose logs |
| Socket not found in container | gvmd not running or socket path wrong | systemctl status gvmd on host |
The full PHP dashboard source (index.php), Dockerfile, and
docker-compose.yml are available at:
https://github.com/ObaOzai/openvas-dashboard
# or: https://astropema.ai/openvas
The dashboard displays: severity counts by CVSS range (Critical / High / Medium / Low / Log), top affected hosts, all scan tasks with status and last-run time, and overall risk level. Data is cached for 120 seconds and auto-refreshes.