Cockpit is a browser-based administration tool for Linux, sponsored by Red Hat.
Install the package. Check the optional dependencies to see what packages are required to manage network connections, packages and hard disks.
For additional features, install one of the following packages:
- libvirt for managing virtual machines using
- for reading PCP metrics and loading PCP archives
- Podman containers (replaces the deprecated cockpit-docker) for managing
- for configuring and monitoring storage, disks and mounts on the system.
- for managing Networking
- to manage the Firewall using the Cockpit in Networking
- to manage Storage
Visit https://localhost:9090/ in a web browser to use Cockpit. Log in with your Linux account and password.
By default, Cockpit uses a self-signed TLS certificate. To use a proper certificate, put a certificate with suffix
.cert and a corresponding key with suffix
.key in the
/etc/cockpit/ws-certs.d/ directory. Cockpit will use the last
*.cert file in that folder, in alphabetical order, falling back on
0-self-signed.cert. The cert and key have to be readable by the cockpit-ws user. Restart
cockpit.service to apply. See the page in the official docs for more information.
Limit network access to the interface to local address only
By default, Cockpit listen on all network interfaces (
0.0.0.0) on port 9090, for security reasons, one may want to limit the exposition of the interface to a specific one only or change the default port.
For example, for the interface to listen only on the local address, create the following file:
[Socket] ListenStream= ListenStream=127.0.0.1:9090 FreeBind=yes
See the page in the official docs for more information.
Hide login MOTD
By default, Cockpit shows a MOTD on either TTY login or SSH.recommends creating a symbolic link to hide these messages, so future Cockpit updates do not override this.
This can be done via:
# ln -sfn /dev/null /etc/motd.d/cockpit
# ln -sfn /dev/null /etc/issue.d/cockpit.issue