Cockpit

From ArchWiki

Cockpit is a browser-based administration tool for Linux, sponsored by Red Hat.

Installation

Install the cockpit package. Check the optional dependencies to see what packages are required to manage network connections, packages and hard disks.

For additional features, install one of the following packages:

Usage

Start/enable the cockpit.socket unit to start Cockpit [1].

Visit https://localhost:9090/ in a web browser to use Cockpit. Log in with your Linux account and password.

Configuration

TLS certificate

By default, Cockpit uses a self-signed TLS certificate. To use a proper certificate, put a certificate with suffix .cert and a corresponding key with suffix .key in the /etc/cockpit/ws-certs.d/ directory. Cockpit will use the last *.cert file in that folder, in alphabetical order, falling back on 0-self-signed.cert. The cert and key have to be readable by the cockpit-ws user. Restart cockpit.service to apply. See the page in the official docs for more information.

Limit network access to the interface to local address only

By default, Cockpit listen on all network interfaces (0.0.0.0) on port 9090, for security reasons, one may want to limit the exposition of the interface to a specific one only or change the default port.

For example, for the interface to listen only on the local address, create the following file:

/etc/systemd/system/cockpit.socket.d/listen.conf
[Socket]
ListenStream=
ListenStream=127.0.0.1:9090
FreeBind=yes

See the page in the official docs for more information.

Hide login MOTD

The factual accuracy of this article or section is disputed.

Reason: cockpit ships with /etc/motd.d/cockpit instead of /usr/lib/motd.d/cockpit so symlinking /etc/motd.d/cockpit to /dev/null will not help. pacman will simply replace the symlink with the file when the cockpit package is upgraded. (Discuss in Talk:Cockpit)

By default, Cockpit shows a MOTD on either TTY login or SSH. pam_motd(8) recommends creating a symbolic link to hide these messages, so future Cockpit updates do not override this.

This can be done via:

# ln -sfn /dev/null /etc/motd.d/cockpit
# ln -sfn /dev/null /etc/issue.d/cockpit.issue