Reverse Proxy issue 2

NethServer Version: 7.9.2009
Module: Reverse proxy

I get Forbidden
You don’t have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

in the most of my subdomains that I’ve set up. For example so have I set up https://nethserver.mydomain.com to forward to my local ip 192.168.1.11:9090 but it almost work I get the login and password fields but all other on the side is white.
When I use mydomain.com:9090 it works but I can´t use all ports from my work so therefor I 've tried to solve it with reverse proxy

Some reverse works and I have tried both with https and http in all combination that I can think of. Some service don´t use https like my router and NAS and even both are setup same it´s only my router I can connect to with router.mydomain.com and nas.mydomain.com
All service are reachable from Internet with ports but I want to close some ports from Internet and use the reverse proxy .

Any tip or idea what’s wrong

I tried to reverse proxy cockpit without success.
My best result is cockpit without menu like in Accessing Neth Server Cockpit behind a Nginx reverse proxy and cockpit not working anymore on port 9090.

I used this cockpit wiki github page to get the httpd config.

I had no reverse proxy configured in the web UI, just a file /etc/httpd/conf.d/rproxy.conf with following content:

Header always set X-Frame-Options SAMEORIGIN
<VirtualHost *:443>
  ServerName your.domain.org

  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:9090/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://127.0.0.1:9090/$1 [P,L]

  # Proxy to your local cockpit instance
  ProxyPass / http://127.0.0.1:9090/
  ProxyPassReverse / http://127.0.0.1:9090/
</VirtualHost>

I added the following lines to /etc/cockpit/cockpit.conf:

[WebService]
Origins = https://your.domain.org http://127.0.0.1:9090
ProtocolHeader = X-Forwarded-Proto
#ForwardedForHeader = X-Forwarded-For
AllowUnencrypted = true

and restarted cockpit and httpd:

systemctl restart httpd cockpit

Maybe you can use it as a starting point…

2 Likes