https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-Apache-with-LetsEncrypt
cockpit-project/cockpit
There's code a goin' on. Contribute to cockpit-project/cockpit development by creating an account on GitHub.
github.com
https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-NGINX
cockpit-project/cockpit
There's code a goin' on. Contribute to cockpit-project/cockpit development by creating an account on GitHub.
github.com
https://cockpit-project.org/guide/latest/cockpit.conf.5.html
cockpit.conf
cockpit.conf cockpit.conf — Cockpit configuration file DESCRIPTION Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has a INI file syntax and thus contains key / value pairs, grouped into topical groups. See the examples below for details
cockpit-project.org
-cockpit, dashboard, storaged 설치
# yum install cockpit cockpit-dashboard cockpit-storaged
-방화벽 설정
# firewall-cmd --permanent --add-service=cockpit
# firewall-cmd --reload
-Enable and start
# systemctl enable cockpit.socket
# systemctl start cockpit
-Let's Encrypt인증서 사용
-인증서 복사
cat /etc/letsencrypt/live/www.test.com/fullchain.pem >> /etc/cockpit/ws-certs.d/1-my-cert.cert
cat /etc/letsencrypt/live/www.test.com/privkey.pem >> /etc/cockpit/ws-certs.d/1-my-cert.cert
-인증서 확인
cat /etc/cockpit/ws-certs.d/1-my-cert.cert
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISBIy6/DYDnzWE0Pxax2OCt5g2MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
......
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
iHjuuifvwcNpc2GbrD+gHNAFMvAmEBW6xB1l+2eBWXJqkT6uXc+V3ddYIAl46gif
+YaRDeLinjXhspi1bpFifHwKRBUcijNtBQVs+flhBv6GNlDrhz12b8fWAOEZJkcS
.....
-----END PRIVATE KEY-----
cockpit 설정
# vi /etc/cockpit/cockpit.conf
[WebService]
Origins = https://www.test.com:9090 http://127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
AllowUnencrypted = false
- AllowUnencrypted
true = 모두허용
false = ssl 허용
# systemctl restart cockpit.socket
-cockpit 포트변경(적용X)
# mkdir -p /etc/systemd/system/websocket.cockpit.d/
# vi /etc/systemd/system/websocket.cockpit.d/listen.conf
[Socket]
ListenStream=9898
# firewall-cmd --permanent --add-port=9898/tcp
# firewall-cmd --reload
# semanage port -a -t websm_port_t -p tcp 9898
# systemctl daemon-reload
# systemctl restart cockpit.socket
'Linux > 모니터링' 카테고리의 다른 글
| 네트워크 대역폭 확인(윈도우, iPerf3) 스크립트 (0) | 2021.04.20 |
|---|---|
| glances 설치 (0) | 2017.03.19 |
