Created
November 21, 2017 17:41
-
-
Save jmtsantos/c3287e023a1be4958f5847331fcbe1b7 to your computer and use it in GitHub Desktop.
Cockpit reverse proxy with nginx 1.13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
upstream websocket { | |
server cockpithost:9090; | |
} | |
server { | |
listen 0.0.0.0:443 ssl; | |
server_name cockpit.example.com; | |
include /etc/nginx/conf.d/secure_ssl.conf; | |
include /etc/nginx/conf.d/secure.conf; | |
ssl_certificate /etc/nginx/cert/cockpit.example.com.pem; | |
ssl_certificate_key /etc/nginx/cert/cockpit.example.com-key.pem; | |
ssl_client_certificate /etc/nginx/cert/ca.pem; | |
ssl_verify_client on; | |
access_log /var/log/nginx/access_cockpit.log; | |
access_log /var/log/nginx/access_cockpit.log combined_sslclient; | |
error_log /var/log/nginx/error_cockpit.log; | |
location / { | |
proxy_pass http://websocket; | |
proxy_http_version 1.1; | |
proxy_buffering off; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $remote_addr; | |
# needed for websocket | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
# change scheme of "Origin" to http | |
proxy_set_header Origin http://$host; | |
gzip off; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment