Hi,
I've just installed on a fresh CentOS 7 the last version of Nginx and Cockpit (epel repository).
I followed https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-NGINX and have the same config file.
After login I got a blank page, if I do a "F5" the index page shows up and a "Oups" appears on the top right of the screen and disappear after a few seconds.
My network activity shows that the last answer from the webserver is a "101 Switching protocol" on /cockpit/socket.
If I click on Logs or System or Services --> The menu on the left is visible, but the content is blank.
You can see it here : https://i.imgur.com/UeETC9p.png
Can you help me on that ?
Is there anything in your browser javascript console? There should be some sort of error there.
Is there anything in the journal on the machine?
Closing because we haven't heard back. Please reopen if you are still having issues.
@petervo I seem to have this issue but using apache2
I am running cockpit on port 9090 as default but I changed the certificate to my domain cert.
The cert loads and works because locally it sees the cert and on the login it works but once I am logged in it shows a blank page with some JS errors in the console.
VM303:164 WebSocket connection to 'wss://console.stardebris.net/cockpit/socket' failed: Error during WebSocket handshake: Unexpected response code: 400
This is one of them, I think this is the issue.
I do have wstunnel mod installed in apache2
I thought of adding ws to the reverseproxy with empty results =//
I added the following line to my virtualhost as I said in my previous comment, this gave no results but it might be useful to mention it.
ProxyPass "/cockpit/console" "wss://127.0.0.1:9090/"
Okay, nevermind
For apache2 users add the following to your virtual host
RequestHeader edit Origin ^https: http: early
ProxyPass /cockpit/socket ws://127.0.0.1:9090/cockpit/socket
ProxyPassReverse /cockpit/socket ws://127.0.0.1:9090/socket
ProxyPass / http://127.0.0.1:9090/
ProxyPassReverse / http://127.0.0.1:9090/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
@norwat: I have the same nginx config more or less (I have even tried to replicate it 100%), and I still get WebSocket connection to 'wss://<url>/cockpit/socket' failed: Error during WebSocket handshake: Unexpected response code: 403.
Nginx errors out if I proxy_pass anything to wss:// and tells me it's an invalid URL prefix.
I'm running Ubuntu 16.04.3 LTS with Nginx 1.10.3.
@moso: I dont remember having that specific issue. But it might have something to do with cockpit config, try this see if it helps:
root@xxxxx ~ # cat /etc/cockpit/cockpit.conf
[WebService]
AllowUnencrypted=true
Im running CentOS 7 with Nginx 1.13.7
@moso, generally you terminate ssl with nginx and proxy to cockpit unencrypted. If you do that the you use ws:// instead in your nginx config along with @norwat's settings. Otherwise you probably need to either get nginx to trust or not validate cockpit's ssl certificate.
@petervo I got it working by removing Origin from cockpit.conf. Thanks though!
I have The Problem on apache2 even after i added
```
RequestHeader edit Origin ^https: http: early
ProxyPass /cockpit/socket ws://127.0.0.1:9090/cockpit/socket
ProxyPassReverse /cockpit/socket ws://127.0.0.1:9090/socket
ProxyPass / http://127.0.0.1:9090/
ProxyPassReverse / http://127.0.0.1:9090/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
```
to my virtual hosts .conf file.
From man cockpit.conf
By default cockpit will not accept crossdomain websocket connections. Use this setting to allow access from alternate domains. Origins should include scheme, host and port, if necessary.
This means if you are trying to access cockpit from a public domain name (e.g. https://cockpit.yourdomain.com) it will not work.
Create /etc/cockpit/cockpit.conf (by default it does not exist) and add this
[WebService]
Origins = https://cockpit.yourdomain.com
Most helpful comment
From
man cockpit.confThis means if you are trying to access cockpit from a public domain name (e.g. https://cockpit.yourdomain.com) it will not work.
Create
/etc/cockpit/cockpit.conf(by default it does not exist) and add this