cockpit and nginx reversed proxy lufy May 31, 2022 <p>I was trying to make my intranet cockpit web console accessed via Internet, I set up nginx proxy just as other intranet web sites like file server, the cockpit login interface appeared finely in the Internet, but when I tried to logon, it just refreshed, not logged in. After I searching on bing.com, I realized that nginx need a https proxy, not http. I used cockpit's certificate as https certificate. The nginx config file looks like:</p> <p>server {<br /> listen 8001 ssl;<br /> server_name lufy.top;</p> <p> ssl_certificate /etc/nginx/conf.d/ws-certs.d/0-self-signed.cert;<br /> ssl_certificate_key /etc/nginx/conf.d/ws-certs.d/0-self-signed.key;<br /> ssl_protocols TLSv1.2 TLSv1.1 TLSv1;</p> <p> location / {<br /> # Required to proxy the connection to Cockpit<br /> proxy_pass https://10.0.1.2:9090;<br /> proxy_set_header Host $host;<br /> proxy_set_header X-Forwarded-Proto $scheme;</p> <p> # Required for web sockets to function<br /> proxy_http_version 1.1;<br /> proxy_buffering off;<br /> proxy_set_header Upgrade $http_upgrade;<br /> proxy_set_header Connection "upgrade";</p> <p> # Pass ETag header from Cockpit to clients.<br /> # See: https://github.com/cockpit-project/cockpit/issues/5239<br /> gzip off;<br /> }<br />}</p> <p>Also, some change of cockpit config file is needed:</p> <p>cat /etc/cockpit/cockpit.conf<br />[WebService]<br />Origins = https://lufy.org:8001 wss://lufy.org<br />ProtocolHeader = X-Forwarded-Proto</p>
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!