From fe9651f2fa34eef4b5a25da9fe11a00400dcc920 Mon Sep 17 00:00:00 2001
From: Arpad Krejczinger <krejczinger.arpad@gmail.com>
Date: Tue, 9 Sep 2025 21:12:13 +0200
Subject: [PATCH] Replace Cockpit with Netdata in nginx reverse proxy config

- Remove Cockpit reverse proxy configuration
- Add Netdata reverse proxy with basic auth protection
- Configure same authentication as Glances for consistency
- Maintain security headers and WebSocket support
- Use port 19999 for Netdata service
---
 config/nginx/homelab.conf | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/config/nginx/homelab.conf b/config/nginx/homelab.conf
index e049219..b18cebe 100644
--- a/config/nginx/homelab.conf
+++ b/config/nginx/homelab.conf
@@ -120,6 +120,43 @@ server {
         proxy_request_buffering off;
     }
 
+    # System monitoring with basic auth (Glances)
+    location /glances/ {
+        auth_basic "Homelab Admin Access";
+        auth_basic_user_file /etc/nginx/auth/glances;
+        proxy_pass http://127.0.0.1:61208/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # System monitoring (Netdata) - Real-time system metrics
+    location /netdata/ {
+        auth_basic "Homelab Admin Access";
+        auth_basic_user_file /etc/nginx/auth/glances;
+        proxy_pass http://127.0.0.1:19999/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # Docker management (Portainer)
+    location /portainer/ {
+        proxy_pass http://127.0.0.1:9000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
     ssl_certificate /etc/letsencrypt/live/ak-homelab.duckdns.org/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/ak-homelab.duckdns.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot