diff --git a/manifests/config/apache.pp b/manifests/config/apache.pp
index 8b6a861db..499ef502e 100644
--- a/manifests/config/apache.pp
+++ b/manifests/config/apache.pp
@@ -182,8 +182,23 @@
order => '03',
}
- include apache::mod::proxy_wstunnel
- $websockets_backend = regsubst($_proxy_backend, 'http://', 'ws://')
+ # mod_proxy supports "ProxyPass ... upgrade=websocket" since 2.4.47
+ # EL8: 2.4.37 / EL9: 2.4.62 / Debian11: 2.4.62 / Ubuntu20.04: 2.4.41 / Ubuntu22.04: 2.4.52
+ $proxy_upgrade_websocket = !($facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8') and !($facts['os']['name'] == 'Ubuntu' and $facts['os']['release']['major'] == '20.04')
+ if $proxy_upgrade_websocket {
+ $vhost_rewrites = []
+ $_proxy_params = $proxy_params + ['upgrade=websocket']
+ } else {
+ include apache::mod::proxy_wstunnel
+ $websockets_backend = regsubst($_proxy_backend, 'http://', 'ws://')
+ $websockets_rewrite = {
+ 'comment' => 'Upgrade Websocket connections',
+ 'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
+ 'rewrite_rule' => "/(.*) ${websockets_backend}\$1 [P,L]",
+ }
+ $vhost_rewrites = [$websockets_rewrite]
+ $_proxy_params = $proxy_params
+ }
$vhost_http_request_headers = [
'set X_FORWARDED_PROTO "http"',
@@ -209,15 +224,9 @@
'no_proxy_uris' => $_proxy_no_proxy_uris,
'path' => pick($suburi, '/'),
'url' => $_proxy_backend,
- 'params' => $proxy_params,
+ 'params' => $_proxy_params,
},
- 'rewrites' => [
- {
- 'comment' => 'Upgrade Websocket connections',
- 'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
- 'rewrite_rule' => "/(.*) ${websockets_backend}\$1 [P,L]",
- },
- ],
+ 'rewrites' => $vhost_rewrites,
}
$vhost_https_request_headers = [
diff --git a/manifests/plugin/remote_execution/cockpit.pp b/manifests/plugin/remote_execution/cockpit.pp
index 86bfcc584..d5ba34e21 100644
--- a/manifests/plugin/remote_execution/cockpit.pp
+++ b/manifests/plugin/remote_execution/cockpit.pp
@@ -72,11 +72,16 @@
require => Class['foreman::database'],
}
} else {
- include apache::mod::rewrite
- include apache::mod::proxy_wstunnel
include apache::mod::proxy_http
+ if $foreman::config::apache::proxy_upgrade_websocket {
+ $_apache_template = 'cockpit-apache-ssl.conf.erb'
+ } else {
+ include apache::mod::rewrite
+ include apache::mod::proxy_wstunnel
+ $_apache_template = 'cockpit-apache-ssl-rewrite.conf.erb'
+ }
foreman::config::apache::fragment { 'cockpit':
- ssl_content => template('foreman/cockpit-apache-ssl.conf.erb'),
+ ssl_content => template("foreman/${_apache_template}"),
}
foreman_config_entry { 'remote_execution_cockpit_url':
diff --git a/templates/cockpit-apache-ssl-rewrite.conf.erb b/templates/cockpit-apache-ssl-rewrite.conf.erb
new file mode 100644
index 000000000..54b8c149d
--- /dev/null
+++ b/templates/cockpit-apache-ssl-rewrite.conf.erb
@@ -0,0 +1,11 @@
+### File managed with puppet ###
+
+>
+ ProxyPreserveHost On
+
+ RewriteEngine On
+ RewriteCond %{HTTP:Upgrade} =websocket [NC]
+ RewriteRule <%= @cockpit_path %>/(.*) ws://<%= @cockpit_host %>:<%= @cockpit_port %><%= @cockpit_path %>/$1 [P]
+
+ ProxyPass http://<%= @cockpit_host %>:<%= @cockpit_port %><%= @cockpit_path %>
+
diff --git a/templates/cockpit-apache-ssl.conf.erb b/templates/cockpit-apache-ssl.conf.erb
index 91fe9cadc..17b8b2648 100644
--- a/templates/cockpit-apache-ssl.conf.erb
+++ b/templates/cockpit-apache-ssl.conf.erb
@@ -2,10 +2,5 @@
>
ProxyPreserveHost On
-
- RewriteEngine On
- RewriteCond %{HTTP:Upgrade} =websocket [NC]
- RewriteRule <%= @cockpit_path %>/(.*) ws://<%= @cockpit_host %>:<%= @cockpit_port %><%= @cockpit_path %>/$1 [P]
- RewriteCond %{HTTP:Upgrade} !=websocket [NC]
- RewriteRule <%= @cockpit_path %>/(.*) http://<%= @cockpit_host %>:<%= @cockpit_port %><%= @cockpit_path %>/$1 [P]
+ ProxyPass http://<%= @cockpit_host %>:<%= @cockpit_port %><%= @cockpit_path %> upgrade=websocket