Setup:

Cockpit 1.8 on Fedora 27
NGinX on Ubuntu

Notes:

Viewing by https://ip:9090 STOPPED working after editing `cockpit.conf` and adding:

cat << 'EOL' >/etc/cockpit/cockpit.conf
[WebService]
AllowUnencrypted = true

[Log]
Fatal = criticals
EOL

But Proxy Started working! I also couldn't view cockpit via http://ip:9090, so now ONLY via Proxy, but that's fine.

I terminated https at Proxy as I prefer to do, but I also added my SSL to cockpit during testing.


NGinX Setup:

Virtual Host

##GLOBAL SSL
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;

##Home
server {
listen 80;
server_name cockpit.freesoftwareservers.com;

return 302 https://$server_name/;

}

server {
listen 443 ssl;
server_name cockpit.freesoftwareservers.com;

location / {

proxy_pass http://192.168.1.255:9090/;
include /etc/nginx/cockpit.conf;
}
}

Added to nginx.conf http block:

http {

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

        ##
        # Basic Settings
        ##

cockpit.conf on NGinX Server:

cat << 'EOL' >/etc/nginx/cockpit.conf
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# needed for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# change scheme of "Origin" to http
proxy_set_header Origin http://$host;

# Pass ETag header from cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
EOL