# /etc/cockpit/cockpit.conf

[WebService]
# Allow browser origins that may embed or access Cockpit
# (set this to the external URL(s) you use via the proxy)
Origins = https://ckpt.bookfightclub.org
# wss://ckpt.bookfightclub.org

# Tell Cockpit to trust the reverse proxy's TLS indication header
# (configure your proxy to set X-Forwarded-Proto=https on HTTPS requests)
ProtocolHeader = X-Forwarded-Proto

# If your proxy talks plain HTTP to Cockpit on localhost:9090, allow that
# (the outer proxy connection is HTTPS)
AllowUnencrypted = true

# Optional: if you serve Cockpit under a path prefix via the proxy, e.g. /cp/
# UrlRoot = /cp/

[Session]
# Banner=/etc/issue.cockpit
# Optional: session idle timeout in minutes
IdleTimeout = 90