Cockpit

From ArchWiki

Cockpit is a browser-based administration tool for Linux, sponsored by Red Hat.

Installation

Install the cockpit package. Check the optional dependencies to see what packages are required to manage network connections, packages and hard disks.

For additional features, install one of the following packages:

Usage

Start/enable the cockpit.socket unit to start Cockpit [1].

Visit https://localhost:9090/ in a web browser to use Cockpit. Log in with your Linux account and password.

Configuration

TLS certificate

By default, Cockpit uses a self-signed TLS certificate. To use a proper certificate, put a certificate with suffix .cert and a corresponding key with suffix .key in the /etc/cockpit/ws-certs.d/ directory. Cockpit will use the last *.cert file in that folder, in alphabetical order, falling back on 0-self-signed.cert. The cert and key have to be readable by the cockpit-ws user. Restart cockpit.service to apply. See the page in the official docs for more information.

Limit network access to the interface to local address only

By default, Cockpit listen on all network interfaces (0.0.0.0) on port 9090, for security reasons, one may want to limit the exposition of the interface to a specific one only or change the default port.

For example, for the interface to listen only on the local address, create the following file: 

/etc/systemd/system/cockpit.socket.d/listen.conf
[Socket]
ListenStream=
ListenStream=127.0.0.1:9090
FreeBind=yes

See the page in the official docs for more information.

Hide login MOTD

By default, Cockpit shows a MOTD on either TTY login or SSH. pam_motd(8) recommends creating a symbolic link to hide these messages, but simply removing the files will also work: 

# rm /etc/motd.d/cockpit /etc/issue.d/cockpit.issue

To avoid pacman re-creating the original files when cockpit is upgraded, create a NoExtract rule.