• 13
name Punditsdkoslkdosdkoskdo

docker cockpit error after redirecting with nginx

Distro: Arch Linux, service app: systemctl, (cockpit is a web based system administration and docker container manager).

I recently installed cockpit on a VPS and is working great on IP:9090, later i figured out that it serves connection from localhost as http but when connected from remote it uses https with a randomly generated ssl, i wanted to serve it on a subdomain like cockpit.domain.com. So i did it by nginx using a proxy virtual block, it worked good.

But after i login, it says 'Server has closed the connection.'

How to configure cockpit to serve remote connections on a proxy?

server {
       listen         80;
       server_name    www.cockpit.domain.com cockpit.domain.com;
       return         301 https://$server_name$request_uri;

server {
    listen 443;
    server_name www.cockpit.domain.com cockpit.domain.com;

        ssl on;
        ssl_certificate /path/to/certificate;
        ssl_certificate_key /path/to/key;

    location / {
        include /etc/nginx/proxy_params;

cockpit uses websocket to push active data like memory, cpu, swap, storage usage back and forth between server and client but when a proxy sits in between, it has to be configured likely.

To configure Cockpit proxy over NGINX, create a server virtual block, and add the following lines to it. This config would deliver specific set of work environments. Do change config to your custom needs.

map $http_upgrade $connection_upgrade { default upgrade; '' close; }

upstream websocket { server; }

server { listen 80; server_name cockpit.domain.tld www.cockpit.domain.tld; return 301 https://$server_name$request_uri; }

server { listen 443; server_name www.cockpit.domain.tld cockpit.domain.tld;

ssl on;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/key;

location / { proxy_pass; proxy_http_version 1.1; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; # needed for websocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # change scheme of "Origin" to http proxy_set_header Origin http://$host; }


By default Cockpit uses http protocol to connect to localhost, Since our proxy would likely reside on localhost we would redirect all http client requests to https return 301 https://$server_name$request_uri;

By default cockpit generates a ssl certificate which is stored at /etc/cockpit/ws-certs.d/ In our case we would used NGINX to do all the TLS encryption work. Edit these lines with your own ssl server and client keys. ssl_certificate /path/to/certificate; ssl_certificate_key /path/to/key; (You can also use the certificate stored at /etc/ws-certs.d/) This would enable us to redirect to Cockpit via this proxy host.

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags