WebServer: nginx - cockpit-project/cockpit GitHub Wiki

Feature: Manage nginx

Manage nginx servers in much the same way that C-Panel does with Apache.

Notes

  • nginx is a webserver
  • It would be nice to be able to have cockpit manage nginx servers
  • An nginx server would be termed a virtual host for Apache

Stories

User stories, workflow that will drive design.

User stories:

Sue uses her server to sell web hosting. She wants to easily be able to log into a web based application to manage her clients web sites (for instance, enable new clients, disable those that are leaving, manage SSLs, etc.).

Scott is a devops engineer at a small liberal arts college in southern California. Scott would like to be able to manage his docker containers and static webservers all from one place. Scott hosts many subdomains and a couple different domains on a single web server. Some of these proxy content from Flask or Node based applications running within Docker containers.

Workflows

Sue:

  • Sue has a customer that is very late on paying for their web hosting.
  • Sue logs into Cockpit, navigates to the webserver control page, and clicks a button to disable that user's web hosting.
  • On the backend, Cockpit removes the symlink from that particular server config to the enabled site directory and restarts nginx

Sue:

  • Sue has a new customer that would like SSL encryption
  • Sue logs into cockpit and goes to the webserver management page
  • Sue clicks New Site
  • Sue enters the new customer's domain name, any sub-domains, and picks from the list of available IP addresses to assign to the new server instance.
  • Sue clicks OK to create the server
  • Sue then goes to that server management page and clicks "Enable SSL".
  • If the domain is pointed at the chosen IP, port 443 is opened
  • Cockpit automatically runs the Lets Encrypt client to procure an SSL certificate
  • Cockpit then adds a server config for the new ssl for this domain.
  • If the Lets Encrypt SSL is successfully installed, Sue is then presented with a confirmation, and a new option to make HTTPS default (HTTP redirects to HTTPS)
  • If the domain is not pointed at the correct IP, Sue is notified of this, and the process halts here.

Scott:

  • Scott has spun up a new Docker image with a Flask application
  • Scott would like to setup nginx to reverse-proxy this application
  • Scott logs into Cockpit, goes to the webserver management page, clicks New Site
  • Scott selects the IP address, enters the subdomain, and selects the Reverse Proxy option
  • Scott is taken to a new page, where he is presented with a listing of running containers that have not been setup to reverse proxy.
  • Scott chooses the container with his Flask application
  • Cockpit uses docker-gen to setup the reverse-proxy config, and then restarts nginx
  • Scott enables SSL via the same process as Sue, and also enables HTTPS by default.

Implementation Notes and Technical Limitations

Here we place research about how the feature would be implemented.

  • List commands, APIs, packages, files ...
  • Link to other projects here, and stuff they are implementing to make this work.
  • Outline the technical limitations of what is and isn't possible.
  • Documentation of how people accomplished this before.

Wireframes

Design wireframes go here. Usually these live in the cockpit-design repo, and are linked here.

  • ...

Prior art

Links to screenshots or documentation of other places this problem has been solved.

Feedback

Please give feedback on the above! This is the place where those not working on the feature can provide insight, questions, limitations, notes etc.

  • ... (sign name)
  • ... (sign name)