Accessing Cockpit interface through both NGINX and local subnet ip

[SirH2Os]

Hi 👋

I've successfully setup my nginx to access cockpit remotely but now when i try to access the interface locally through the ip I get the error "received request from bad Origin: https://xxx.xxx.xx.xx:port"...

My issue is that with the file configured like
[WebService] Origins= https://mydomain.com wss://mydomain.socket http://mydomain.com ProtocolHeader= X-Forwarded-Proto UrlRoot= /secret AllowUnencrypted= true

I can't setup it to allow connections to the IP from the subnet as it is set as dynamic and I can't make it static...

I can't find a way to make it work and I can't use "https://localhost:port" since there are going to be multiple machines under the same subnet with cockpit.

[martinpitt]

In your proxy setup, do you start /usr/libexec/cockpit-ws yourself, or still use the cockpit.socket systemd unit? But in either case you may try to not set Origins and AllowUnencrypted in cockpit.conf, and instead run cockpit-ws with the --for-tls-proxy option (see https://cockpit-project.org/guide/latest/cockpit-ws.8.html). If you use the systemd unit, you can create an /etc/systemd/system/cockpit.service.d/proxy.conf to change the ExecStart= line.

Please make sure that cockpit's own port only listens on localhost then, i.e. is not exposed to the internet (ListenStream or firewall).

[SirH2Os]

Thanks again for the quick reply.
Unfortunately I am using an older version of cockpit that does not have this flag but using the files you mentioned I was able to create a solution for this issue.