Cockpit is a web interface for managing a server. It creates it’s own self signed certificate by default. Here is how to configure cockpit behind caddy to have real certificates instead.
sub-domain (https://cockpit.example.com)
/etc/cockpit/cockpit.conf
[WebService]
Origins = https://cockpit.example.com wss://cockpit.example.com
ProtocolHeader = X-Forwarded-Proto
/etc/caddy/Caddyfile
cockpit.example.com {
reverse_proxy https://localhost:9090 {
transport http {
tls_insecure_skip_verify
}
}
}
sub-directory (https://example.com/cockpit/)
/etc/cockpit/cockpit.conf
[WebService]
Origins = https://example.com wss://example.com
ProtocolHeader = X-Forwarded-Proto
UrlRoot=/cockpit
/etc/caddy/Caddyfile
example.com {
reverse_proxy /cockpit/* localhost:9090 {
transport http {
tls_insecure_skip_verify
}
}
}
One thing to point out with the sub-directory approach is that the trailing slash is required by cockpit. If you would like Caddy to silently accept requests without the trailing slash, you can add this line to your Caddyfile:
rewrite /cockpit /cockpit/
Alternatively, you can configure Caddy to redirect clients to add the trailing slash:
redir /cockpit /cockpit/