CentOS 8 에 cockpit 설치하고 reverse proxy 구성하기
CentOS 8 에 KVM 설치 및 Reverse Proxy 구성하기
1. cockpit 설치
$ dnf install cockpit cockpit-machines
# cockpit service 등록
$ systemctl start cockpit.socket
$ systemctl enable cockpit.socket
# firewall 에 cockpit 등록
$ firewall-cmd --add-service=cockpit --permanent
2. Cockpit 연결용 Reverse Proxy Setup
# cockpit domain 용 ssl 인증서 받기
## certbot 인증용 http 서비스 만들기
<VirtualHost *:80>
ServerName your.domin.com
DocumentRoot /var/www/html
</VirtualHost>
# certbot 을 활용한 ssl 인증서 생성
$ certbot certonly --apache -d your.domain.com
## ssl 용 virtualhost 설정
<VirtualHost *:443>
ServerName your.domain.com
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/your.domain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/your.domain.com/fullchain.pem
ProxyPreserveHost On
ProxyRequests Off
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9090/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://127.0.0.1:9090/$1 [P,L]
# Proxy to cockpit instance
ProxyPass / http://127.0.0.1:9090/
ProxyPassReverse / http://127.0.0.1:9090/
RemoteIPHeader X-Forwarded-For
</VirtualHost>
# reverse proxy 연결을 위한 cockpit 설정 추가
$ touch /etc/cockpit/cockpit.conf
## cockpit.conf 내용
[WebService]
Origins = https://your.domain.com http://127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true
cockpit 페이지 연결 확인 (https://your.domain.com)