search

cockpit-project / cockpit

Cockpit is a web-based graphical interface for servers.
http://www.cockpit-project.org/
GNU Lesser General Public License v2.1
11.04k stars 1.1k forks source link

Provide HAProxy Examples for Cockpit #13045

Open shawnweeks opened 4 years ago

shawnweeks commented 4 years ago

It would be great if we had an HAProxy Example to go along with the Apache and Nginx Examples. I've spent several hours trying to get a working example going and haven't managed to translate the other examples over to something fully working.

Here is my configuration so far.

[Webservice]
Origins = https://cloudctl.dev.example.com wss://cloudctl.dev.example.com
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true
UrlRoot=/cockpit
frontend localhost
    bind 10.0.2.20:443 ssl crt /etc/ssl/private/cloudctl.pem
    mode http
    acl cockpit path_beg /cockpit
    use_backend cockpit_backend if cockpit

backend cockpit_backend
    reqrep ^([^\ :]*)\ /cockpit/?(.*) \1\ /cockpit/\2
    server cockpit1 10.0.4.20:9090

With this example I can access the login page at https://cloudctl.dev.example.com/cockpit and most things work. Once I logout I'm redirected to the login page and the styles aren't loaded.

shawnweeks commented 4 years ago

After looking at this more it seems like something might be broken with how Cockpit handles UrlRoot because after setting it like above when I try to access https://cloudctl.dev.example.com:9090/cockpit/ at the login css is broken as well.

cinderblock commented 4 years ago

I think the problem is that cockpit has for some reason reserved the /cockpit/ url prefix as something special. It's not clear to me why. See the documentation under UrlRoot. Ignoring this seems to break the UI.

I was able to login if I used a different UrlRoot however the websockets connection still failed.

After poking around a little with haproxy, I've got what seems to be a fully working setup:

/etc/cockpit/cockpit.conf

[Webservice]
;Use https and wss if using haproxy with SSL
Origins = http://hostname ws://hostname
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = true
UrlRoot=/admin/

/etc/haproxy/servers.cfg

frontend public
        bind *:80
        default_backend other_backend

        acl is_websocket path_beg /admin/cockpit/socket
        acl is_websocket hdr(Upgrade) -i WebSocket
        acl is_websocket hdr_beg(Host) -i ws

        use_backend cockpit_websocket if is_websocket

        use_backend cockpit if { path_beg /admin/ }

backend cockpit_websocket
        option http-server-close
        option forceclose
        option redispatch
        option forwardfor
        server cockpit-ws1 127.0.0.1:9090

backend cockpit
        option forwardfor
        server cockpit1 127.0.0.1:9090

I haven't looked much at if this configuration can be reduced more.

Edit: One small issue is that links on the web interface don't provide the correct relative URL in all cases.

mvollmer commented 4 years ago

I think the problem is that cockpit has for some reason reserved the /cockpit/ url prefix as something special. It's not clear to me why. See the documentation under UrlRoot. Ignoring this seems to break the UI.

Hmm, didn't we fix this in https://github.com/cockpit-project/cockpit/issues/10073?

cinderblock commented 4 years ago

@mvollmer When I tried, it did not work. Also, when running under a non-standard rootUrl, it does not get prepended to urls on the page. While the normal DOM hotswapping of the active tab works, if you middle click a tab, the opened tab is missing the urlRoot. Been meaning to document this more explicitly and make a new issue...