jmtsantos/cockpit.conf

## cockpit.conf
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

upstream websocket {
        server cockpithost:9090;
}

server {
        listen 0.0.0.0:443 ssl;
        server_name cockpit.example.com;

        include /etc/nginx/conf.d/secure_ssl.conf;
        include /etc/nginx/conf.d/secure.conf;

        ssl_certificate           /etc/nginx/cert/cockpit.example.com.pem;
        ssl_certificate_key       /etc/nginx/cert/cockpit.example.com-key.pem;

        ssl_client_certificate /etc/nginx/cert/ca.pem;
        ssl_verify_client on;

        access_log            /var/log/nginx/access_cockpit.log;
        access_log            /var/log/nginx/access_cockpit.log combined_sslclient;
        error_log             /var/log/nginx/error_cockpit.log;

        location / {
                proxy_pass http://websocket;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;

                # needed for websocket
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                # change scheme of "Origin" to http
                proxy_set_header Origin http://$host;

                gzip off;
                add_header X-Frame-Options "SAMEORIGIN";
        }

}
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	upstream websocket {
	server cockpithost:9090;
	}

	server {
	listen 0.0.0.0:443 ssl;
	server_name cockpit.example.com;

	include /etc/nginx/conf.d/secure_ssl.conf;
	include /etc/nginx/conf.d/secure.conf;

	ssl_certificate /etc/nginx/cert/cockpit.example.com.pem;
	ssl_certificate_key /etc/nginx/cert/cockpit.example.com-key.pem;

	ssl_client_certificate /etc/nginx/cert/ca.pem;
	ssl_verify_client on;

	access_log /var/log/nginx/access_cockpit.log;
	access_log /var/log/nginx/access_cockpit.log combined_sslclient;
	error_log /var/log/nginx/error_cockpit.log;

	location / {
	proxy_pass http://websocket;
	proxy_http_version 1.1;
	proxy_buffering off;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $remote_addr;

	# needed for websocket
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	# change scheme of "Origin" to http
	proxy_set_header Origin http://$host;

	gzip off;
	add_header X-Frame-Options "SAMEORIGIN";
	}

	}