raf/faraday
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
FaradaySEC vuln-management platform on ps1raf (podman quadlets)
1 commit 1 branch 0 tags 25 KiB
Find a file
Exact
raf dd248a6555 FaradaySEC deploy: quadlet docs, nginx vhost, gotchas (pin 5.20.1, redis server.ini fix) 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 04:37:17 +02:00
nginx FaradaySEC deploy: quadlet docs, nginx vhost, gotchas (pin 5.20.1, redis server.ini fix) 2026-06-10 04:37:17 +02:00
.gitignore FaradaySEC deploy: quadlet docs, nginx vhost, gotchas (pin 5.20.1, redis server.ini fix) 2026-06-10 04:37:17 +02:00
README.md FaradaySEC deploy: quadlet docs, nginx vhost, gotchas (pin 5.20.1, redis server.ini fix) 2026-06-10 04:37:17 +02:00

README.md

faraday — FaradaySEC on ps1raf

FaradaySEC collaborative vulnerability-management / pentest platform, deployed as rootless podman quadlets (test/lab install).

Access

  • URL: https://ps1raf.tn.ps1.at:8985/ (nginx SSL → faraday app on 127.0.0.1:5985)
  • Login user: faraday
  • Password: in /home/raf/faraday/.admin-credentials (mode 600, gitignored) — also recorded as FARADAY_ADMIN_PASSWORD in ~/.env. Never posted to ntfy or committed. Auto-generated by Faraday on first boot.

Architecture (3 quadlets + a private network)

~/.config/containers/systemd/:

  • faraday.network — private podman network faraday
  • faraday-db.container — PostgreSQL 16 (faraday-db), data in data/pgdata
  • faraday-redis.container — Redis 7.4 (faraday-redis), data in data/redis
  • faraday.containerfaradaysec/faraday:5.20.1 (faraday), publishes 127.0.0.1:5985, config/reports in data/faraday/home/faraday/.faraday

Secrets (Postgres password) live in .env (gitignored), referenced via EnvironmentFile=.

Gotchas (worth knowing before you touch it)

  • Pin the image — :latest (5.21.0) is broken. Its / route 500s with index() got an unexpected keyword argument 'text'. 5.20.1 serves / → 200. Pinned.
  • Redis hostname in server.ini needs fixing on first boot. Faraday's entrypoint writes celery_broker_url = redis / celery_backend_url = redis (the literal default) even when REDIS_SERVER=faraday-redis is set, so celery can't reach Redis (kombu … connecting to redis:6379 … Name or service not known). Fix the three redis lines in data/faraday/config/server.ini to redis://faraday-redis:6379/0 and restart: 
    podman exec faraday sed -i -E \
  -e 's|^celery_broker_url = .*|celery_broker_url = redis://faraday-redis:6379/0|' \
  -e 's|^celery_backend_url = .*|celery_backend_url = redis://faraday-redis:6379/0|' \
  -e 's|^redis_session_storage = .*|redis_session_storage = redis://faraday-redis:6379/0|' \
  /home/faraday/.faraday/config/server.ini
systemctl --user restart faraday.service
    server.ini persists in the data/faraday volume, so the fix survives restarts.

Manage

systemctl --user status faraday.service
podman logs faraday --tail 50
systemctl --user restart faraday.service     # db/redis come up via Requires=