Cockpit | Easily define a set of parameters that can be

In the new Microsoft Flight Simulator you can pop different cockpit displays out into their own external windows, like this:

However, none of the buttons needed to interact with the displays get "popped out" as well.

I'd like to build a web app that can embed (the continuously updating image of) one of these windows that I can surround with buttons, etc, for interaction to have, say, running on a tablet next to you.

My question is, is it possible with Node to embed the continuously updating image of a native Windows window within a webpage?

I have an app with the following services:

• cockpit/ - use as a headless CMS service.
• frontend/ - bootstrapped by Create React App.

I have a question about frontend

I need your advice. What is the best way, from an opsec-perspective, when sharing an LE wildcard certificates between several web-services on the same host?

• On my domain I have an auto-renewed LE wildcard cert (containerized)
  • The folder holding the certificates is mapped to a host folder, owned by LE-user:LE-group and has 700 privileges assigned
• All sub-domains are pointing to web-services on the same host (all containerized)
• All publicly accessible services are handled by an Nginx reverse proxy (containerized) and thus they are all LE SSL encrypted downstream
• The admin services (portainer, adminer, cockpit, etc.) are only accessible from the LAN and are all protected by strong and unique passwords

I want to protect the above-mentioned admin-services with the LE wildcard cert as I am tired of having to confirm that I "accept the risk" because they are using self-signed certs, but I'm in doubt what is the best way to achieve this. So far I see three possible ways around it, all having their own drawbacks:

1. Create a script executed by a cron-job that copy the LE certificate to the various admin-services cert-folders whenever the cert is renewed.
   • Drawback: The script would need to be run with root privileges
2. Allow the admin-services to access the cert in the host-mapped folder.
   • Drawback: I would need 704 access to the LE Cert folder or 740 and add all admin-sevice-users to the LE group
3. Serve the admin-services through the reverse proxy, enable TOTP protection and restrict access to the public IP of the server.
   • Drawback: If I mess something up or there is a zero-day exploid in my Nginx or TOTP installation, the admin-services are publicly accessible

Which of the above mentioned solutions do you see as the "best-practice" solution from a opsec perspective or would you suggest a completely different solution that I haven't thought about?

Many thanks in advance!

I have the following ingress.yaml file

I'm using Knowage and have setup a data source, many parameterized datasets, and a cockpit.

I have a detailed report that requires many datasets.
The cockpit started freezing and I have to restart the Knowage server to get it to respond.

I split the report into different pages, and it seemed to help because it only loads some of the data at a time.
But now I added another dataset [14 total] and the server crashed again.

I'm monitoring the server through a jmx agent to understand why it's hanging, but the utilization seems fine.
Tomcat just hangs and never responds.

It appears the servlet has stopped processing requests, but I don't see any errors in the logs that look fatal.
The heap utilization is not bad, but does look anomalous.

Top output -

Errors in log -

I wrote a util wrapper for an API I'd like to consume. The wrapper handles request buidling and token fetching.

import refreshToken from './refreshToken'

I authorized the group of a user to the cockpit-application. I gave the group full access to the Process Definition and Process Instance authorizations. (so pretty much as described in the documentation)

When I try to log the user in, I see the Welcome screen and in the application overview the option to navigate to the cockpit-application.

However, when I click this, I get the Login screen again.

For a fraction of a second I see the cockpit application, but then it immidiatly redirects to the login page. When I try to log in again, it keeps redirecting me to this login screen.

I configured another group to use the Tasklist application and that is working as expected.

I tried to give the authorization on user-level instead of group-level but the same problems occurs.

(n.b.: I am using the Spring-Camunda-Starter for this application.)

I am experimenting what I think to be a purely Intellij related issue (though I don't know how to fix it nor where it comes from). I basically followed this tutorial to migrate tests from JUnit 4 to 5.

By the end of the migration, I now have the following dependencies in pom.xml

I have a main server block:

conf.d/mydomain.conf