postgres dependency error about vulnreport HOT 6 CLOSED

This looks like a problem with your DATABASE_URL env variable is not set. Make sure that your .env file has a Postgres URI as DATABASE_URL or that you have exported that as an env variable.

See: https://github.com/salesforce/vulnreport/blob/master/.env.example as an example.

from vulnreport.

Thanks .

currently i have postgresql://localhost:5342 for the postgres env variable . is that ok ? or do i need to create a db / user etc and then provide the fully configured URL

for redis again, redis:localhost:6379 is fine ? or do i need more params including db/user info in the url connection string ?

from vulnreport.

Yes, you will need a database created and a user. Vulnreport will seed an existing database, not create a database.

Same for redis.

So for example:

export DATABASE_URL=postgres://vruser@localhost/vulnreport

export REDIS_URL=redis://localhost:6379/15

from vulnreport.

thanks . all working now.. i see an all done :) message .
however when i do https://<my-host> i get

This site can’t provide a secure connection

host sent an invalid response.

is this serving over https ? or is it running on a specific port ?

from vulnreport.

How are you starting the server? The default start.sh script uses lib authbind to bind to port 443.

If you want to use HTTPS properly you'll need to set up a cert, either self-signed or properly issued, and update start.sh using the example as written. Vulnreport expects to be over 443/HTTPS (if it is deployed to Heroku using the defaults it will) but to be properly set up on your own server you will need to set up a cert, etc. and invoke the app/server properly to use those certs.

E.g. thin start -p 443 --threaded --ssl --ssl-cert-file ... --ssl-key-file ...

For some reference - internally Vulnreport is setup on a server in our internal network with a valid certificate, and it is run behind nginx configured along with the app to serve Vulnreport with the certificate over port 443.

Locally when I work on development I run Vulnreport on OSX using the same command prepended by 'authbind'

from vulnreport.

References on authbind if you're not familiar with it: http://manpages.ubuntu.com/manpages/trusty/man1/authbind.1.html

For OSX: https://github.com/Castaglia/MacOSX-authbind

from vulnreport.