After installing Cockpit from packet manager (on Debian in this case) and trying to reverse-proxy it's default local port, as usual, you will notice that you can't log in.
Create a file /etc/cockpit/cockpit.conf
[WebService]
AllowUnencrypted = true
Origins = https://[DESTINATION HOST]
ProtocolHeader = X-Forwarded-Proto
Reload cockpit
systemctl restart cockpit.socket