跳转至

使用Nginx反向代理cockpit

约 162 个字 58 行代码 预计阅读时间 1 分钟

一、相关参数

  • 操作系统:Rocky Linux 9.3
  • Nginx:1.20.1

二、使用systemd管理cockpit

执行如下命令,查看cockpit状态: 

sudo systemctl status cockpit
执行示例如下: 
[fotianmoyin@fotianmoyin-rocky ~]$ sudo systemctl status cockpit
 cockpit.service - Cockpit Web Service
     Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
     Active: inactive (dead)
TriggeredBy:  cockpit.socket
       Docs: man:cockpit-ws(8)
执行如下命令,启动服务: 
sudo systemctl start cockpit
执行如下命令,查看服务状态: 
sudo systemctl status cockpit
执行示例如下: 
[fotianmoyin@fotianmoyin-rocky ~]$ sudo systemctl status cockpit
 cockpit.service - Cockpit Web Service
     Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
     Active: active (running) since Sun 2024-08-11 14:37:35 CST; 21s ago
TriggeredBy:  cockpit.socket
       Docs: man:cockpit-ws(8)
    Process: 1726 ExecStartPre=/usr/libexec/cockpit-certificate-ensure --for-cockpit-tls (code=exited, status=0/SUCCESS)
   Main PID: 1745 (cockpit-tls)
      Tasks: 1 (limit: 11018)
     Memory: 2.1M
        CPU: 3.523s
     CGroup: /system.slice/cockpit.service
             └─1745 /usr/libexec/cockpit-tls

8月 11 14:37:32 fotianmoyin-rocky systemd[1]: Starting Cockpit Web Service...
8月 11 14:37:35 fotianmoyin-rocky systemd[1]: Started Cockpit Web Service.

三、配置Nginx,添加反向代理

编辑/etc/nginx/conf.d/cockpit.fotianmoyin.conf文件: 

sudo vim /etc/nginx/conf.d/cockpit.fotianmoyin.conf
修改内容如下: 
server {
        listen 80;

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /home/fotianmoyin/.acme.sh/fotianmoyin.com_ecc/fullchain.cer;
        ssl_certificate_key /home/fotianmoyin/.acme.sh/fotianmoyin.com_ecc/fotianmoyin.com.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        server_name cockpit.fotianmoyin.com;

        location / {
                proxy_pass http://localhost:9090;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;
        }
}
验证Nginx配置是否有问题: 
sudo nginx -t
执行以下命令,重新加载Nginx配置 
sudo systemctl reload nginx

四、配置cockpit,允许域名访问

编辑/etc/cockpit/cockpit.conf文件: 

sudo vim /etc/cockpit/cockpit.conf
修改内容如下: 
[WebService]
Origins = https://cockpit.fotianmoyin.com https://127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
Allowencrypted = true
执行如下命令,重启cockpit 
sudo systemctl restart cockpit
访问地址https://cockpit.fotianmoyin.com,页面如下: cockpit.fotianmoyin.com