postgres dependency error

[varwiz]

When i run the SEED.rb file ruby SEED.rbI get the following error

Vulnreport 3.0.3 seed script
WARNING: This script should be run ONCE immediately after deploying and then DELETED

Setting up Vulnreport now...

Setting up the PostgreSQL database...
/home/vardha/.rvm/gems/ruby-2.2.0/gems/dm-core-1.2.1/lib/dm-core/adapters.rb:12:in `new': +options+ should be Hash or Addressable::URI or String, but was NilClass (ArgumentError)
	from /home/vardha/.rvm/gems/ruby-2.2.0/gems/dm-core-1.2.1/lib/dm-core.rb:230:in `setup'
	from /home/vardha/vulnreport-master/models/init.rb:19:in `<top (required)>'
	from /home/vardha/.rvm/rubies/ruby-2.2.0/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
	from /home/vardha/.rvm/rubies/ruby-2.2.0/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
	from SEED.rb:20:in `<main>'

Any idea why ?

[tbach]

This looks like a problem with your DATABASE_URL env variable is not set. Make sure that your .env file has a Postgres URI as DATABASE_URL or that you have exported that as an env variable.

See: https://github.com/salesforce/vulnreport/blob/master/.env.example as an example.

[varwiz]

Thanks .

currently i have postgresql://localhost:5342 for the postgres env variable . is that ok ? or do i need to create a db / user etc and then provide the fully configured URL

for redis again, redis:localhost:6379 is fine ? or do i need more params including db/user info in the url connection string ?

[tbach]

Yes, you will need a database created and a user. Vulnreport will seed an existing database, not create a database.

Same for redis.

So for example:

export DATABASE_URL=postgres://vruser@localhost/vulnreport

export REDIS_URL=redis://localhost:6379/15

[varwiz]

thanks . all working now.. i see an all done :) message .
however when i do https://<my-host> i get

This site can’t provide a secure connection

host sent an invalid response.

is this serving over https ? or is it running on a specific port ?

[tbach]

How are you starting the server? The default start.sh script uses lib authbind to bind to port 443.

If you want to use HTTPS properly you'll need to set up a cert, either self-signed or properly issued, and update start.sh using the example as written. Vulnreport expects to be over 443/HTTPS (if it is deployed to Heroku using the defaults it will) but to be properly set up on your own server you will need to set up a cert, etc. and invoke the app/server properly to use those certs.

E.g. thin start -p 443 --threaded --ssl --ssl-cert-file ... --ssl-key-file ...

For some reference - internally Vulnreport is setup on a server in our internal network with a valid certificate, and it is run behind nginx configured along with the app to serve Vulnreport with the certificate over port 443.

Locally when I work on development I run Vulnreport on OSX using the same command prepended by 'authbind'

[tbach]

References on authbind if you're not familiar with it: http://manpages.ubuntu.com/manpages/trusty/man1/authbind.1.html

For OSX: https://github.com/Castaglia/MacOSX-authbind