Page tree
Skip to end of metadata
Go to start of metadata

To run openITCOCKPIT behind a reverse proxy no configuration options to the Nginx configuration on the openITCOCKPIT host is required.


Example values that needs to be replaced:

ValueDescription
openitcockpit.example.orgSubdomain used to access the openITCOCKPIT web frontend
/etc/ssl/certs/ssl-cert-snakeoil{.pem|.key}File path to the TLS certificate to enable HTTPS
207.154.223.22Public IPv4 address of the reverse proxy
157.230.114.24IPv4 address of the openITCOCKPIT server

Nginx

  1. Copy the following configuration to /etc/nginx/sites-available/openitcockpit-proxy

    /etc/nginx/sites-available/openitcockpit-proxy
    server {
        listen 80;
        listen [::]:80;
        server_name  openitcockpit.example.org;
    
        server_tokens off;
        return 301 https://$host$request_uri;
    }
    
    server {
    
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name  openitcockpit.example.org;
    
        server_tokens off;
        
        # Set the IP Address or FQDN of your openITCOCKPIT Monitoring Server here
        set $oitcserver 157.230.114.24;
        
        # Set the TLS certificate you like to use - for example Let’s Encrypt
        ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
        
        # Proxy openITCOCKPIT HTTP requests
        location / {
            proxy_pass https://$oitcserver;
            proxy_ssl_verify off;
            
            proxy_set_header Host      $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
        
        # Proxy Web Socket Connections
        location ~ ^/(sudo_server|push_notifications|nsta)$ {
            proxy_pass https://$oitcserver;
            proxy_ssl_verify off;
            
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    Please make sure to replace all ip addresses.

  2. Enable the configuration

    ln -s /etc/nginx/sites-available/openitcockpit-proxy /etc/nginx/sites-enabled/openitcockpit-proxy



  3. Restart the web server

    systemctl restart nginx

Apache2

  1. Copy the following configuration to /etc/apache2/sites-available/openitcockpit-proxy.conf

    /etc/apache2/sites-available/openitcockpit-proxy.conf
    <VirtualHost 207.154.223.22:80>
      ServerName openitcockpit.example.org
      Redirect / https://openitcockpit.example.org/
    
      ErrorLog ${APACHE_LOG_DIR}/openitcockpit_error.log
      CustomLog ${APACHE_LOG_DIR}/openitcockpit_access.log combined
    </VirtualHost>
    
    <VirtualHost 207.154.223.22:443>
      ServerName openitcockpit.example.org
    
      # Set the IP Address or FQDN of your openITCOCKPIT Monitoring Server here
      Define oitcserver 157.230.114.24
    
      ServerSignature Off
    
      # HTTPS
      SSLEngine on
      SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
      SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    
      # Logging
      ErrorLog ${APACHE_LOG_DIR}/openitcockpit_error.log
      CustomLog ${APACHE_LOG_DIR}/openitcockpit_access.log combined
    
      # Reverse Proxy Settings
      ProxyPreserveHost On
      SSLProxyEngine On
      SSLProxyCheckPeerName Off
    
      RequestHeader set X-Forwarded-Proto "https"
      RequestHeader set X-Forwarded-Port "443"
      RequestHeader set X-Forwarded-Ssl on
    
      # Proxy WebSocket requests
      RewriteEngine On
      RewriteCond %{HTTP:Upgrade} =websocket [NC]
      RewriteRule /(.*)            wss://${oitcserver}/$1 [P,L]
    
      ProxyPass / https://${oitcserver}/
      # If you use a FQDN for external access
      ProxyPassReverse / https://openitcockpit.example.org/
      # If you use an ip address for external access
      #ProxyPassReverse / https://207.154.223.22/
    
    </VirtualHost>

    Please make sure to replace all ip addresses.

  2. Load all required Apache Modules

    a2enmod http2
    a2enmod ssl
    a2enmod proxy
    a2enmod proxy_http
    a2enmod proxy_wstunnel
    a2enmod headers
    a2enmod rewrite
  3. Enable the configuration

    a2ensite openitcockpit-proxy
  4. Restart the web server

    systemctl restart apache2
  • No labels