Cockpit is a web-based management tool for Linux systems. It aims to simplify management tasks while maintaining compatibility with other administration tools.
Step 1
Cockpit requires the use of the firewalld service to be able to make changes to your firewall rules.
If you are using ufw as a host-based firewall
Remove ufw before replacing it with firewalld.
$ sudo apt-get remove --purge --yes ufw
Install firewalld as a host-based firewall
Install firewalld and maintain ssh access as well as enabling cockpit to receive incoming connections.
$ sudo -- bash -c 'apt-get install --show-progress --yes firewalld && systemctl enable --now firewalld.service && firewall-cmd --zone=public --add-service=ssh --permanent && firewall-cmd --zone=public --add-service=cockpit --permanent && firewall-cmd --reload && firewall-cmd --info-zone=public'
Step 2
Proceed to install Cockpit and selected add-on applications.
$ sudo apt-get install --show-progress --yes cockpit cockpit-machines cockpit-pcp nullmailer ssh tuned-utils
Step 3
By default, the Cockpit web console listens on port 9090 for connections. If you want to make changes from the default, use the following command to edit /etc/systemd/system/cockpit.socket.d/override.conf.
$ sudo systemctl edit cockpit.socket
The example below changes the web console port from 9090 to 9091 and restricts access to the localhost.
### Editing /etc/systemd/system/cockpit.socket.d/override.conf
### Anything between here and the comment below will become the new contents of the file
[Socket]
ListenStream=
ListenStream=127.0.0.1:9091
### Lines below this comment will be discarded
Use the following command for your changes to take effect.
$ sudo -- bash -c 'systemctl daemon-reload && systemctl restart cockpit.socket && systemctl status cockpit.socket'
Step 4
If you installed Cockpit on the local machine and changed the listening port to 9091, you can now access the Cockpit web console on https://localhost:9091.