Cockpit is a web-based management tool for Linux systems. It aims to simplify management tasks while maintaining compatibility with other administration tools.
Cockpit requires the use of the firewalld service to be able to make changes to your firewall rules.
If you are using ufw as a host-based firewall
ufw before replacing it with
$ sudo apt-get remove --purge --yes ufw
Install firewalld as a host-based firewall
Install firewalld and maintain ssh access as well as enabling cockpit to receive incoming connections.
$ sudo -- bash -c 'apt-get install --show-progress --yes firewalld && systemctl enable --now firewalld.service && firewall-cmd --zone=public --add-service=ssh --permanent && firewall-cmd --zone=public --add-service=cockpit --permanent && firewall-cmd --reload && firewall-cmd --info-zone=public'
Proceed to install Cockpit and selected add-on applications.
$ sudo apt-get install --show-progress --yes cockpit cockpit-machines cockpit-pcp nullmailer ssh tuned-utils
By default, the Cockpit web console listens on port 9090 for connections. If you want to make changes from the default, use the following command to edit
$ sudo systemctl edit cockpit.socket
The example below changes the web console port from 9090 to 9091 and restricts access to the localhost.
### Editing /etc/systemd/system/cockpit.socket.d/override.conf ### Anything between here and the comment below will become the new contents of the file [Socket] ListenStream= ListenStream=127.0.0.1:9091 ### Lines below this comment will be discarded
Use the following command for your changes to take effect.
$ sudo -- bash -c 'systemctl daemon-reload && systemctl restart cockpit.socket && systemctl status cockpit.socket'
If you installed Cockpit on the local machine and changed the listening port to 9091, you can now access the Cockpit web console on https://localhost:9091.