使用 nginx 代理 cockpit
假如要代理的域名是 cockpit.example.com,那么需要将 cockpit 配置文件 /etc/cockpit/cockpit.conf 中添加以下内容
[WebService]
Origins = https://cockpit.example.com wss://cockpit.example.com
ProtocolHeader = X-Forwarded-Proto
然后重启 cockpit 服务
systemctl restart cockpit
然后配置 nginx 代理
map $scheme $hsts_header {
https "max-age=63072000; includeSubDomains; preload";
}
# 强制 HTTPS
server {
listen 80;
listen [::]:80;
server_name virt.i.jimyag.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cockpit.example.com;
add_header Strict-Transport-Security $hsts_header always;
ssl_certificate <path to your ssl certificate>;
ssl_certificate_key <path to your ssl certificate key>;
proxy_buffering off;
add_header Vary Accept-Encoding;
client_max_body_size 50000m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto https;
gzip on;
gzip_types text/plain application/xml application/json;
gzip_min_length 1024;
gzip_vary on;
limit_conn servicelimit 2000;
location / {
proxy_pass https://127.0.0.1:9090;
}
}
重新加载 nginx 配置
nginx -t
nginx -s reload
然后就可以通过 https://cockpit.example.com 访问 cockpit 了