Cockpit is a browser-based administration tool for Linux, sponsored by Red Hat.
Install the cockpit package. Check the optional dependencies to see what packages are required to manage network connections, packages and hard disks.
For additional features, install one of the following packages:
- cockpit-machines for managing virtual machines using libvirt
- cockpit-pcp for reading PCP metrics and loading PCP archives
- cockpit-podman for managing Podman containers (replaces cockpit-docker)
- firewalld to manage the Firewall using the Cockpit in Networking
- udisks2 to manage Storage
cockpit.socket unit to start Cockpit .
Visit https://localhost:9090/ in a web browser to use Cockpit. Log in with your Linux account and password.
By default, Cockpit uses a self-signed TLS certificate. To use proper certificate, put a certificate with suffix
.cert and a corresponding key with suffix
.key in the
/etc/cockpit/ws-certs.d/ directory. Cockpit will use the last
*.cert file in that folder, in alphabetical order, falling back on
0-self-signed.cert. The cert and key have to be readable by the cockpit-ws user. Restart
cockpit.service to apply. See the page in the official docs for more information.
Limit network access to the interface to local address only
By default, Cockpit listen on all network interfaces (
0.0.0.0) on port 9090, for security reasons, one may want to limit the exposition of the interface to a specific one only or change the default port.
For example, for the interface to listen only on the local address, create the following file:
[Socket] ListenStream= ListenStream=127.0.0.1:9090 FreeBind=yes
See the page in the official docs for more information.