This commit is contained in:
Mateusz Suski
@@ -0,0 +1,41 @@
|
||||
# Cockpit
|
||||
|
||||
## Purpose
|
||||
|
||||
The Cockpit profile installs browser-based host administration modules for
|
||||
system state, storage, networking, packages, virtual machines, metrics, and
|
||||
support reports. It enables the socket-activated service.
|
||||
|
||||
## Installation and validation
|
||||
|
||||
```bash
|
||||
sudo ./install.sh --cockpit
|
||||
systemctl status cockpit.socket
|
||||
ss -ltnp | grep ':9090'
|
||||
```
|
||||
|
||||
Connect to `https://HOSTNAME:9090`. A browser warning is expected when the
|
||||
default host certificate is not trusted.
|
||||
|
||||
`cockpit-files` is installed when available and skipped with a warning
|
||||
otherwise.
|
||||
|
||||
## Access and firewall
|
||||
|
||||
The Cockpit profile does not change UFW. Explicit toolkit UFW enablement allows
|
||||
TCP 9090, but upstream firewalls and network ACLs remain external concerns.
|
||||
Use normal Linux accounts and review which users may administer the host.
|
||||
|
||||
## Troubleshooting and rollback
|
||||
|
||||
```bash
|
||||
journalctl -u cockpit.socket -u cockpit.service
|
||||
systemctl restart cockpit.socket
|
||||
apt-cache policy cockpit cockpit-machines cockpit-files
|
||||
```
|
||||
|
||||
To disable remote access without removing packages:
|
||||
|
||||
```bash
|
||||
sudo systemctl disable --now cockpit.socket
|
||||
```
|
||||
Reference in New Issue
Block a user