Install Cockpit on Ubuntu 24.04 for Web-Based Server Management

Cockpit is a browser-accessible control panel designed to manage server tasks like monitoring services, handling users, reviewing logs, and administering networks, storage, and installed applications. It features a clean interface that can be expanded with plugins to support diverse administrative needs.

This guide demonstrates the steps required to set up Cockpit on Ubuntu 24.04, enabling you to carry out administrative and monitoring tasks through a web UI.

Requirements

• An Ubuntu 24.04 server instance.
• A domain name A record directed to your server’s IP (e.g., cockpit.example.com).
• A dedicated user account with sudo privileges for Cockpit access (e.g., cockpit_admin).

How to Install Cockpit on Ubuntu 24.04

Since Cockpit is included in Ubuntu’s standard repositories, you can install it directly using APT. Follow these instructions:

Step 1: Refresh the APT package index

$ sudo apt update

Step 2: Install the Cockpit package

$ sudo apt install cockpit -y

Step 3: Set Cockpit to launch at startup

$ sudo systemctl enable cockpit.socket

Step 4: Start the Cockpit service

$ sudo systemctl start cockpit

Step 5: Confirm the Cockpit service is running

$ sudo systemctl status cockpit

Expected Output

● cockpit.service - Cockpit Web Service
     Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
     Active: active (running) since Tue 2024-12-10 18:50:56 UTC; 7s ago
TriggeredBy: ● cockpit.socket
       Docs: man:cockpit-ws(8)
    Process: 12887 ExecStartPre=/usr/lib/cockpit/cockpit-certificate-ensure --for-cockpit-tls code=exited, >
   Main PID: 12900 (cockpit-tls)
      Tasks: 1 (limit: 1061)
     Memory: 2.7M (peak: 4.0M)
        CPU: 229ms
     CGroup: /system.slice/cockpit.service
             └─12900 /usr/lib/cockpit/cockpit-tls

At this point, Cockpit is installed and actively accepting connections over TCP port 9090.

If you’re managing a Debian 12 system, Cockpit can also be installed there to streamline system administration via its web interface.

Secure Cockpit with Trusted SSL Certificates

By default, Cockpit accepts network requests over TCP port 9090 without encryption. This lack of encryption can expose the server to various security vulnerabilities through unprotected HTTP traffic. To secure access to the Cockpit dashboard, it’s recommended to enable HTTPS using verified SSL certificates. Below are the steps to secure Cockpit with Let’s Encrypt certificates for your custom domain.

Step 1: Check if the firewall is active

$ sudo ufw status

Step 2: Allow Cockpit through the firewall (port 9090)

$ sudo ufw allow 9090/tcp

Step 3: Allow HTTP connections for SSL validation (port 80)

$ sudo ufw allow 80/tcp

Step 4: Allow HTTPS traffic through the firewall (port 443)

$ sudo ufw allow 443/tcp

Step 5: Apply the updated firewall rules

$ sudo ufw reload

Step 6: Install the Snap package manager

$ sudo apt install snapd -y

Step 7: Install Certbot via Snap

$ sudo snap install certbot --classic

Step 8: Generate Let’s Encrypt SSL certificate

Replace cockpit.example.com with your actual domain name and cockpit@example.com with a valid email address.

$ sudo certbot --standalone certonly -d cockpit.example.com -m cockpit@example.com --agree-tos

Step 9: Test Certbot auto-renewal

$ sudo certbot renew --dry-run

Step 10: Combine certificate and key into one .cert file

$ sudo cat /etc/letsencrypt/live/cockpit.example.com/fullchain.pem /etc/letsencrypt/live/cockpit.example.com/privkey.pem > cockpit.cert

Step 11: Move the .cert file to the Cockpit certificate directory

$ sudo mv cockpit.cert /etc/cockpit/ws-certs.d/

Step 12: Restart Cockpit to load the new certificate

$ sudo systemctl restart cockpit.socket

Access the Cockpit Web Dashboard

Use the following steps to access the Cockpit interface through a web browser, sign in, and manage server resources, user accounts, and service monitoring.

Open your browser (such as Firefox) and go to your Cockpit domain using port 9090:

https://cockpit.example.com:9090

Use your non-root sudo user credentials to sign in.

Note: Root users cannot log in via the Cockpit web interface. Always use non-root sudo accounts to access and manage the system.

After login, click Turn on administrative access in the navigation panel and enter your password to gain full privileges.

Perform Server Management Tasks in Cockpit

From the Cockpit interface, you can perform a wide range of system administration tasks directly in your web browser. Here’s a breakdown of the most important capabilities:

System Overview

In the Overview section, monitor server health, CPU and memory usage, configuration details, and more. Click View metrics and history to get extended usage data and trends.

Storage Management

Open the Storage section to oversee all connected disks and drives. Here you can monitor I/O performance and examine storage-related logs to resolve system issues.

Service Management

Use the Services tab to inspect and control running services, timers, sockets, targets, and related system units.

Network Monitoring

Go to the Networking section to view active interfaces and real-time network traffic. Access network logs to help debug connectivity issues.

Log Monitoring

Within Logs, you can filter by time, priority, and identifier. Tailor the log display with filters to focus on specific services or events.

User Management

Click Accounts to see current user and group details. Use Create new account to register new users with the required information.

Command Line Access

In the Terminal section under Tools, launch a terminal window for direct shell interaction with your server.

Use Cockpit Podman to Manage Containers

Cockpit supports extensions for added functionality. One such extension, Cockpit Podman, allows you to run and manage containers on your server using Podman. Follow these steps to set it up:

Step 1: Open the Terminal in Cockpit

Click Terminal in the navigation menu to launch a shell session.

Step 2: Update Package Index

$ sudo apt update

Step 3: Install Podman Extension

$ sudo apt install cockpit-podman -y

Step 4: Allow UFW to Route Podman Container Traffic

$ sudo ufw route allow proto tcp from any to any port 80

Step 5: Reload the UFW Firewall

$ sudo ufw reload

Step 6: Deploy a New Container

Go back to the Cockpit interface and click Podman containers from the menu.

Click Create container to start configuring your container.

Fill in app-example in the Name field.

Type Nginx in the Image field and choose docker.io/library/nginx from the results.

Under the Integration tab, select Add port mapping and enter 80 for both Host port and Container port. Leave the IP field blank to bind all server interfaces.

Click Create and run to launch the container.

Ensure that the container named app-example shows a status of Running under the container list.

To test the deployment, open a new browser tab and visit your server’s IP address:

http://SERVER-IP

Conclusion

You have successfully set up Cockpit on Ubuntu 24.04 and used Cockpit-Podman to deploy and manage containers. Cockpit is a powerful, modular web interface for server administration. By enabling extensions like Podman, you can extend Cockpit’s functionality to suit a variety of system tasks. For additional configuration details, refer to the official Cockpit documentation.