1Answer

docker cockpit error after redirecting with nginx

16.3k Views
  • 13
name Anita Biscaro
Asked: Aug 17,2020 In: Docker
1 Answer
name Anita Biscaro Punditsdkoslkdosdkoskdo
Asked: Aug 17,2020 In: Docker

docker cockpit error after redirecting with nginx

Distro: Arch Linux, service app: systemctl, (cockpit is a web based system administration and docker container manager).

I recently installed cockpit on a VPS and is working great on IP:9090, later i figured out that it serves connection from localhost as http but when connected from remote it uses https with a randomly generated ssl, i wanted to serve it on a subdomain like cockpit.domain.com. So i did it by nginx using a proxy virtual block, it worked good.

But after i login, it says 'Server has closed the connection.'

How to configure cockpit to serve remote connections on a proxy?

server {
       listen         80;
       server_name    www.cockpit.domain.com cockpit.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
    listen 443;
    server_name www.cockpit.domain.com cockpit.domain.com;

        ssl on;
        ssl_certificate /path/to/certificate;
        ssl_certificate_key /path/to/key;

    location / {
        proxy_pass http://127.0.0.1:9090;
        include /etc/nginx/proxy_params;
    }
}
proxy docker
name
  • 0
Anita Biscaro
Anita Biscaro Added an answer on Aug 17,2020

cockpit uses websocket to push active data like memory, cpu, swap, storage usage back and forth between server and client but when a proxy sits in between, it has to be configured likely.

To configure Cockpit proxy over NGINX, create a server virtual block, and add the following lines to it. This config would deliver specific set of work environments. Do change config to your custom needs.

map $http_upgrade $connection_upgrade { default upgrade; '' close; }

upstream websocket { server 127.0.0.1:9090; }

server { listen 80; server_name cockpit.domain.tld www.cockpit.domain.tld; return 301 https://$server_name$request_uri; }

server { listen 443; server_name www.cockpit.domain.tld cockpit.domain.tld;

ssl on;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/key;

location / { proxy_pass http://127.0.0.1:9090; proxy_http_version 1.1; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; # needed for websocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # change scheme of "Origin" to http proxy_set_header Origin http://$host; }

}

By default Cockpit uses http protocol to connect to localhost, Since our proxy would likely reside on localhost we would redirect all http client requests to https return 301 https://$server_name$request_uri;

By default cockpit generates a ssl certificate which is stored at /etc/cockpit/ws-certs.d/ In our case we would used NGINX to do all the TLS encryption work. Edit these lines with your own ssl server and client keys. ssl_certificate /path/to/certificate; ssl_certificate_key /path/to/key; (You can also use the certificate stored at /etc/ws-certs.d/) This would enable us to redirect to Cockpit via this proxy host.

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

android android-sqlite updatemodel gps location html css css-selectors
© 2020 ProDevsBlog
0.4199 sec