sudo apt -y install cockpit nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \
/etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt \
-subj "/CN=$(hostname)/C=US"
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
sudo bash
touch /etc/nginx/sites-enabled/cockpit
printf "server {
listen 80 default_server;
server_name \"\";
return 301 https://\$host\$request_uri;
}
server {
listen 443 default ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location /
{
proxy_pass http://127.0.0.1:9090;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Origin http://\$host;
gzip off;
}
}" > /etc/nginx/sites-enabled/cockpit
unlink /etc/nginx/sites-enabled/default
service nginx restart
exit
sudo bash
mkdir -p /etc/cockpit
touch /etc/cockpit/cockpit.conf
printf "[WebService]
ProtocolHeader = X-Forwarded-Proto
LoginTitle = Confluence Server Cockpit" > /etc/cockpit/cockpit.conf
cp /lib/systemd/system/cockpit.service /lib/systemd/system/cockpit.service.orig
sed -i -e 's_ListenStream=9090_ListenStream=127.0.0.1:9090_g' \
/lib/systemd/system/cockpit.socket
systemctl daemon-reload
systemctl restart cockpit
exit