How to Install and Configure Cockpit on Rocky Linux 9

Cockpit is an open-source, web-based interface designed for system administration on Linux. It allows users to manage services, monitor applications, and oversee system resources with ease. Additionally, Cockpit supports various extensions that enhance its capabilities, enabling efficient multi-system management.

Prerequisites

Before proceeding with the installation, ensure that you have:

• Access to a Rocky Linux 9 instance.
• A domain A record assigned to the instance, such as cockpit.example.com.

Installing Cockpit on Rocky Linux 9

Although Cockpit is included in Rocky Linux 9 by default, it is not always active. If it is not available, you can install it using the DNF package manager and enable it via systemd. Follow these steps to complete the setup:

Step 1: Update System Packages

Begin by updating the system’s package index:

$ sudo dnf update

Step 2: Install Cockpit

Install Cockpit using the following command:

$ sudo dnf install cockpit -y

Step 3: Enable Cockpit to Start at Boot

To ensure Cockpit launches automatically when the server starts, use this command:

$ sudo systemctl enable cockpit.socket

Upon execution, the following output should appear:

Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.

Step 4: Start Cockpit Service

Launch the Cockpit web service by running:

$ sudo systemctl start cockpit

Step 5: Verify Cockpit Status

Ensure that Cockpit is running correctly with this command:

$ sudo systemctl status cockpit

Expected output:

● cockpit.service – Cockpit Web Service
Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
Active: active (running) since Wed 2025-02-12 10:11:04 UTC; 4s ago
TriggeredBy: ● cockpit.socket
Docs: man:cockpit-ws(8)
Process: 62303 ExecStartPre=/usr/libexec/cockpit-certificate-ensure –for-cockpit-tls (code=exited, status=0/SUCCESS)
Main PID: 62322 (cockpit-tls)
Tasks: 1 (limit: 4424)
Memory: 1.9M
CPU: 1.328s
CGroup: /system.slice/cockpit.service
└─62322 /usr/libexec/cockpit-tls

Creating a Dedicated User for Cockpit

For better security, it is recommended to create a dedicated user for Cockpit management. Execute the following command to create a user named cockpit-admin:

$ sudo adduser cockpit-admin

Assign a strong password to the newly created user:

$ sudo passwd cockpit-admin

To grant administrative privileges to this user, add them to the wheel group:

$ sudo usermod -aG wheel cockpit-admin

Securing Cockpit with SSL Certificates

By default, Cockpit operates over TCP port 9090, handling network traffic via plain HTTP without encryption. To enhance security, encrypting these connections with SSL certificates enables secure HTTPS communication. Follow the steps below to configure trusted SSL certificates for Cockpit using Let’s Encrypt.

Step 1: Verify Firewalld Status

First, check if Firewalld is running on your server:

$ sudo systemctl status firewalld

Step 2: Install Firewalld and Enable SSH

If Firewalld is not installed, install it and allow SSH connections:

$ sudo dnf install firewalld -y && sudo systemctl start firewalld && sudo firewall-cmd --permanent --add-service=ssh

Step 3: Temporarily Allow HTTP for Let’s Encrypt Validation

Allow HTTP traffic temporarily to validate the SSL certificate request:

$ sudo firewall-cmd --add-service=http --permanent

Step 4: Restart Firewalld

Apply the changes by reloading Firewalld:

$ sudo firewall-cmd --reload

Step 5: Enable EPEL Repository

Install the EPEL repository, which provides additional packages for Rocky Linux:

$ sudo dnf install epel-release -y

Step 6: Install Certbot

Install Certbot, the Let’s Encrypt client used for generating SSL certificates:

$ sudo dnf install certbot -y

Step 7: Request an SSL Certificate

Use Certbot to request an SSL certificate for your domain. Replace cockpit.example.com with your actual domain and admin@example.com with your email address:

$ sudo certbot certonly --standalone -d cockpit.example.com -m admin@example.com --agree-tos

Upon successful certificate generation, you should see output similar to the following:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cockpit.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cockpit.example.com/privkey.pem
This certificate expires on 2025-05-13.
Certbot has scheduled automatic renewal.

Step 8: Test Certificate Renewal

Ensure that automatic renewal is working correctly:

$ sudo certbot renew --dry-run

Step 9: Link SSL Certificate to Cockpit

Connect the SSL certificate to Cockpit’s directory:

$ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/fullchain.pem /etc/cockpit/ws-certs.d/certificate.cert

Similarly, link the private key file:

$ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/privkey.pem /etc/cockpit/ws-certs.d/certificate.key

Step 10: Restart Cockpit

Apply the SSL configuration by restarting Cockpit:

$ sudo systemctl restart cockpit

Step 11: Allow Cockpit Port Through the Firewall

Enable network access to Cockpit’s default port:

$ sudo firewall-cmd --permanent --add-port=9090/tcp

Step 12: Reload Firewalld

Finalize the firewall changes:

$ sudo firewall-cmd --reload

Accessing Cockpit on Rocky Linux 9

You can reach the Cockpit web interface through its default port 9090. If you need to modify the port, adjust the cockpit.conf configuration file accordingly. Follow these steps to log in and manage your Rocky Linux 9 system.

Step 1: Open Cockpit in a Web Browser

Enter the following URL in your web browser to access the Cockpit login page:

https://cockpit.example.com:9090

Step 2: Log into the Cockpit Web Console

Use the credentials of the cockpit-admin user created earlier to sign in.

Login Restrictions

Root login is disabled by default. Only non-root users can access Cockpit. Users with sudo privileges can perform administrative tasks, while standard users can view system information and active processes.

Managing a Rocky Linux 9 Server with Cockpit

Cockpit provides an intuitive interface for performing administrative tasks such as package installation, process monitoring, user management, and system configuration. Follow these steps to manage your Rocky Linux 9 system via Cockpit.

Step 1: Enable Administrative Access

Click Turn on administrative access within Cockpit and enter the sudo user password to gain administrative privileges.

Step 2: Monitor Server Status

Navigate to the Overview tab to check system health, resource usage, and configuration details.

Step 3: View System Logs

Click Logs in the navigation panel to access system logs. Adjust the displayed log duration by clicking Last 24 hours. Use Priority, Identifier, and Filters to refine your log results.

Step 4: Manage Storage

Click Storage to monitor the system’s storage devices, view disk usage, and check read-write status.

Step 5: Monitor Network Traffic

Click Networking to analyze incoming and outgoing network traffic. View active interfaces under the Interfaces section and inspect traffic details under Network logs.

Step 6: Manage User Accounts

Click Accounts to add, edit, or delete user accounts and groups. To create a new group, click Create new group. To add a new user, click Create new account, enter the required details, and confirm the creation.

Step 7: Manage System Services

Click Services to control system and user services. Use the Targets, Sockets, Timers, and Paths tabs to filter service types.

Step 8: Manage Applications

Click Applications to manage installed Cockpit add-ons. If prompted with an application information is missing message, click Install to update application details.

Step 9: Generate Diagnostic Reports

Click Diagnostic Reports and select Run report to generate an SOS diagnostic report for troubleshooting issues.

Step 10: Manage Kernel Dumps

Click Kernel Dump to configure and manage the kdump system, which helps recover kernel configurations in case of system failures.

Step 11: Manage SELinux Policies

Click SELinux to view and manage SELinux security policies and monitor access control violations.

Step 12: Update Software Packages

Click Software Updates to manage installed packages. Use the Status tab to check update availability, then click Restart services to restart updated applications. Click Install all updates or Install security updates to keep your Rocky Linux 9 system up to date.

Step 13: Use the Cockpit Terminal

Click Terminal to open a built-in command-line interface. Customize its appearance using the Font size and Appearance options.

Monitoring Cockpit for System Alerts

Regularly check the Cockpit dashboard for error or warning icons. These indicators help identify and troubleshoot issues with specific system components.

Installing Cockpit-Podman for Container Management

Cockpit-Podman is a plugin that integrates with Cockpit, enabling the deployment and management of containerized applications on your Rocky Linux 9 server. Follow the steps below to install and configure Cockpit-Podman.

Step 1: Open the Terminal

Launch the Cockpit terminal by clicking Terminal from the Cockpit interface.

Step 2: Update the System

Before proceeding with the installation, update your system packages:

$ sudo dnf update

Step 3: Install Cockpit-Podman

Use the following command to install the Cockpit-Podman module:

$ sudo dnf install cockpit-podman -y

Step 4: Refresh the Cockpit Interface

Once the installation is complete, refresh the Cockpit web console to apply the changes.

Step 5: Access the Podman Containers Section

Click Podman Containers within Cockpit to manage container images and active containers on your server.

Step 6: Start the Podman Service

Click Start Podman to initialize the Podman container service.

Step 7: Create a New Container

Click Create Container to launch the container setup interface.

Step 8: Search for a Container Image

Click Image in the container details section and search for a container image from available registries. For example, enter docker.io/nginx and select the official Nginx image.

Step 9: Define the Container Command

Replace the contents in the Command field with the following command to display a custom message within the Nginx container:

sh -c "echo '<h1>The Nginx Container is Running!....Greetings</h1>' > /usr/share/nginx/html/index.html && nginx -g 'daemon off;'"

Step 10: Configure Port Mapping

Click Integration and select Add port mapping. Leave the IP address field empty, then set both Host port and Container port to 80.

Step 11: Deploy the Container

Click Create and run to launch the containerized application on your Rocky Linux 9 server.

Step 12: Monitor Active Containers

Navigate to the Containers section to monitor the deployment status of running containers. Click on a container entry to manage or inspect its details.

Step 13: Verify Container Deployment

Open a new web browser window and enter your server’s IP address to confirm that the custom Nginx page is displayed.

Conclusion

You have successfully installed and configured Cockpit on your Rocky Linux 9 server, along with the Cockpit-Podman module for managing containerized applications. Cockpit provides a robust, web-based control panel for handling system administration tasks efficiently. For further information, refer to the official Cockpit documentation.