Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy over Apache giving blank pages #8703

Open
daniel-wtd opened this issue Feb 24, 2018 · 7 comments

Comments

@daniel-wtd
Copy link

commented Feb 24, 2018

Hey guys,

I have configured an apache 2.4 like described here: https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-Apache-with-LetsEncrypt

Unfortunately I can see some weird issues:

Behaviour

  1. The login page "look" ok. But there is a console error regarding the source map.

  2. After entering login data

    • In the JS console a connection to wss://something/cockpit/socket is tried.
    • It is related to cockpit.js:293:24.
    • The page keeps completely blank.
    • All solutions/discussion in #5934 seems not to help.

Information

OS: CentOS 7.4
httpd: httpd-2.4.6-67.el7.centos.6.x86_64
cockpit: cockpit-ws-157-1.el7.centos.x86_64

If needed I can provide additional information and you can also contact me via IRC sometimes.

Regards,
Daniel

@JZXPacky

This comment has been minimized.

Copy link

commented Feb 24, 2018

How is your reverse proxy configured for Cockpit? Mine is configured to go to https://www.domain.com/manage/ instead of https://www.domain.com:9090. I had issues with mine displaying blank pages originally but got it to work with the below settings.

Here's the relevant Apache config I used to get it working.

<VirtualHost *:443>
        ServerName www.domain.com
        SSLEngine On
        SSLProxyEngine On
        SSLCertificateFile /etc/apache2/ssl/www.domain.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/www.domain.com.key
        SSLCertificateChainFile /etc/apache2/ssl/ca-chain.cert.pem
        ServerAdmin admin@domain.com
        DocumentRoot /var/www
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RequestHeader unset X-Forwarded-Proto
        RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
        ProxyPreserveHost On
        ProxyPass /manage https://localhost:9090/manage
        ProxyPassReverse /manage https://localhost:9090/manage
        <LocationMatch "^/manage/cockpi(t[^/]+|t)?/socket$">
            ProxyPassMatch "ws://localhost:9090/manage/cockpi$1/socket"
        </LocationMatch>
</VirtualHost>

Make sure that you enable Apache modules with a2enmod proxy proxy_wstunnel proxy_http ssl rewrite (which I am assuming you have already from the instructions you linked).

Also, here is my /etc/cockpit/cockpit.conf. If you are configuring your reverse proxy like mine with a sub-site, then you must create the cockpit.conf file and set the below settings.

[WebService]
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/manage/

Hope that helps.

@daniel-wtd

This comment has been minimized.

Copy link
Author

commented Feb 24, 2018

Hey, the above config will use the cert in cockpit. my goal is to terminate the ssl in httpd already.

The issue seems, that even with AllowUnencrypted = true in /etc/cockpit/cockpit.conf cockpit tries to use wss instead of ws.

<VirtualHost www.domain.com:443>
  ServerName www.domain.com
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/www.domain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/wwww.domain.com/chain.pem

# SSL Cipher
  SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
  SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  SSLHonorCipherOrder     on
  SSLCompression          off

  ProxyPreserveHost On
  ProxyRequests Off

  # Proxy to your local cockpit instance
  ProxyPass / http://127.0.0.1:9090/
  ProxyPassReverse / http://127.0.0.1:9090/
  ProxyPass /cockpit/socket ws://127.0.0.1:9090/cockpit/socket
  ProxyPassReverse /cockpit/socket ws://127.0.0.1:9090/cockpit/socket

</VirtualHost>
@JZXPacky

This comment has been minimized.

Copy link

commented Feb 24, 2018

Sorry I should have mentioned that I am using my domain certificate in Cockpit using these instructions.

As for terminating SSL in httpd, I'm not sure about this. Just another end user here :)

@daniel-wtd

This comment has been minimized.

Copy link
Author

commented Feb 25, 2018

Not a problem 👍 I am always happy, if somebody takes care. Every help is welcome.

@daniel-wtd daniel-wtd changed the title Proxy over Apache givuing blank pages Proxy over Apache giving blank pages Mar 28, 2018

@itsthejb

This comment has been minimized.

Copy link

commented Nov 1, 2018

Had to fix this again after a reinstall. In my case needed the following /etc/cockpit/cockpit.conf

[WebService]
Origins = https://cockpit.mydomain http://127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true
@Fohlen

This comment has been minimized.

Copy link

commented Feb 14, 2019

I experience the exact same issue but it had worked previously. I have set up a proper Let's Encrypt certificate and domain. Any ideas?

@jbarbero

This comment has been minimized.

Copy link

commented Jul 26, 2019

Here is the full config that got me proxying working in Apache without using a virtualhost. I used the name cockpit-new because the docs say cockpit and cockpit+ are reserved.

/etc/cockpit/cockpit.conf

[WebService]
Origins = https://MYDOMAIN.COM http://MYDOMAIN.COM https://localhost:9090 http://localhost:9090
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true
UrlRoot = /cockpit-new/

/etc/apache2/apache2.conf

ProxyPass /cockpit-new/cockpit/socket ws://localhost:9090/cockpit-new/cockpit/socket
ProxyPassReverse /cockpit-new/cockpit/socket ws://localhost:9090/cockpit-new/cockpit/socket

ProxyPass /cockpit-new/ http://localhost:9090/cockpit-new/
ProxyPassReverse /cockpit-new/ http://localhost:9090/cockpit-new/

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

Redirect permanent /cockpit-new /cockpit-new/
ProxyVia On

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.