Example: Cockpit

Cockpit is a web interface for managing a server. It creates it’s own self signed certificate by default. Here is how to configure cockpit behind caddy to have real certificates instead.

sub-domain (https://cockpit.example.com)

/etc/cockpit/cockpit.conf

[WebService]
Origins = https://cockpit.example.com wss://cockpit.example.com
ProtocolHeader = X-Forwarded-Proto

/etc/caddy/Caddyfile

cockpit.example.com
reverse_proxy localhost:9090

sub-directory (https://example.com/cockpit/)

/etc/cockpit/cockpit.conf

[WebService]
Origins = https://example.com wss://example.com
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/cockpit

/etc/caddy/Caddyfile

example.com
reverse_proxy /cockpit/* localhost:9090

One thing to point out with the sub-directory approach is that the trailing slash is required by cockpit. If you would like Caddy to silently accept requests without the trailing slash, you can add this line to your Caddyfile:

rewrite /cockpit /cockpit/

Alternatively, you can configure Caddy to redirect clients to add the trailing slash:

redir /cockpit /cockpit/
5 Likes