Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebConsole project : the port used by webUI is not secured #55

Closed
nathalie21005 opened this issue Jun 1, 2022 · 6 comments
Closed

WebConsole project : the port used by webUI is not secured #55

nathalie21005 opened this issue Jun 1, 2022 · 6 comments

Comments

@nathalie21005
Copy link

Hi @abousselmi ,

I am facing a problem with webconsole project which is not secure and make my system vulnerable.
I know how to fix the code but I need your help to tell me how to override the webUI container by adding my changes.
I took a fork from free5gc/webconsole project but where can I in the yaml file should I do the changes to read from my github instead of free5gc github?

Your help is much appreciated.

Regards,
Nathalie Wehbe

@abousselmi
Copy link
Collaborator

Hi @nathalie21005

Out of curiosity, what do you mean by not secure ? Is it because you are using http and not https on the port 5000 of the webui ?
If it's the case, I suggest that you install and configure a reverse proxy such as nginx in front of the WebUI application to terminate https traffic.

Regarding your question about how to modify the project to use you own repo, you can update the base/Dockerfile by adding

# Clone custom WebUI repo
RUN cd $GOPATH/src/free5gc \
  && rm -rf webconsole \
  && git clone https://github.com/nathalie21005/webconsole.git

right before this line here:

# Build Free5GC NFs & WebUI

Note: when you git clone the repo, by default git will point to the branch main, if you want a different branch/tag, add a git checkout step to the previous snippet.

Regards,

@nathalie21005
Copy link
Author

Thanks @abousselmi.
Yes I am using http not https and can you provide me with more help about how to install nginx in front of webui?

@nathalie21005
Copy link
Author

nathalie21005 commented Jun 1, 2022

@abousselmi , I followed the steps mentioned here https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/ but I am not sure if this is correct.

Also I am not sure where exactly should I install it under webui folder? or webui container running?

Also I am using Apache on my environment not nginx

@abousselmi
Copy link
Collaborator

Hi @nathalie21005, I'm not really an apache expert, I can't really help with this. Though, I do not recommend the modification of the WebUI container to run the reverse proxy, but instead I think HTTPS should be terminted using reverse proxy which in terns will communicate in http with the WebUI on port 5000 of the container, or the host if you chose to forward it to the host server.

@ianchen0119
Copy link
Collaborator

ianchen0119 commented Jun 4, 2022

@nathalie21005
You can add the additional service nginx to fulfill your requirement:

nginx:
    container_name: nginx
    image: nginx
    ports:
        - "80:80"
    volumes:
        - ./nginx/nginx.conf:/etc/nginx/nginx.conf
    networks:
      privnet:

configuration file:

events {
  worker_connections  4096;  ## Default: 1024
}
http {
    server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html
    access_log /var/log/nginx/access_log;
    error_log /var/log/nginx/error_log;
    location / {
            proxy_pass <URL_OF_WEBUI>:5000;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        }
    }
}

@abousselmi
Copy link
Collaborator

@ianchen0119 I added your answer to readme for reference. Thanks ! Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants