How to Install and Configure Cockpit on Rocky Linux 9
Cockpit is an open-source, web-based interface designed for system administration on Linux. It allows users to manage services, monitor applications, and oversee system resources with ease. Additionally, Cockpit supports various extensions that enhance its capabilities, enabling efficient multi-system management.
Prerequisites
Before proceeding with the installation, ensure that you have:
- Access to a Rocky Linux 9 instance.
- A domain A record assigned to the instance, such as
cockpit.example.com
.
Installing Cockpit on Rocky Linux 9
Although Cockpit is included in Rocky Linux 9 by default, it is not always active. If it is not available, you can install it using the DNF package manager and enable it via systemd. Follow these steps to complete the setup:
Step 1: Update System Packages
Begin by updating the system’s package index:
$ sudo dnf update
Step 2: Install Cockpit
Install Cockpit using the following command:
$ sudo dnf install cockpit -y
Step 3: Enable Cockpit to Start at Boot
To ensure Cockpit launches automatically when the server starts, use this command:
$ sudo systemctl enable cockpit.socket
Upon execution, the following output should appear:
Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.
Step 4: Start Cockpit Service
Launch the Cockpit web service by running:
$ sudo systemctl start cockpit
Step 5: Verify Cockpit Status
Ensure that Cockpit is running correctly with this command:
$ sudo systemctl status cockpit
Expected output:
● cockpit.service – Cockpit Web Service
Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
Active: active (running) since Wed 2025-02-12 10:11:04 UTC; 4s ago
TriggeredBy: ● cockpit.socket
Docs: man:cockpit-ws(8)
Process: 62303 ExecStartPre=/usr/libexec/cockpit-certificate-ensure –for-cockpit-tls (code=exited, status=0/SUCCESS)
Main PID: 62322 (cockpit-tls)
Tasks: 1 (limit: 4424)
Memory: 1.9M
CPU: 1.328s
CGroup: /system.slice/cockpit.service
└─62322 /usr/libexec/cockpit-tls
Creating a Dedicated User for Cockpit
For better security, it is recommended to create a dedicated user for Cockpit management. Execute the following command to create a user named cockpit-admin
:
$ sudo adduser cockpit-admin
Assign a strong password to the newly created user:
$ sudo passwd cockpit-admin
To grant administrative privileges to this user, add them to the wheel
group:
$ sudo usermod -aG wheel cockpit-admin
Securing Cockpit with SSL Certificates
By default, Cockpit operates over TCP port 9090, handling network traffic via plain HTTP without encryption. To enhance security, encrypting these connections with SSL certificates enables secure HTTPS communication. Follow the steps below to configure trusted SSL certificates for Cockpit using Let’s Encrypt.
Step 1: Verify Firewalld Status
First, check if Firewalld is running on your server:
$ sudo systemctl status firewalld
Step 2: Install Firewalld and Enable SSH
If Firewalld is not installed, install it and allow SSH connections:
$ sudo dnf install firewalld -y && sudo systemctl start firewalld && sudo firewall-cmd --permanent --add-service=ssh
Step 3: Temporarily Allow HTTP for Let’s Encrypt Validation
Allow HTTP traffic temporarily to validate the SSL certificate request:
$ sudo firewall-cmd --add-service=http --permanent
Step 4: Restart Firewalld
Apply the changes by reloading Firewalld:
$ sudo firewall-cmd --reload
Step 5: Enable EPEL Repository
Install the EPEL repository, which provides additional packages for Rocky Linux:
$ sudo dnf install epel-release -y
Step 6: Install Certbot
Install Certbot, the Let’s Encrypt client used for generating SSL certificates:
$ sudo dnf install certbot -y
Step 7: Request an SSL Certificate
Use Certbot to request an SSL certificate for your domain. Replace cockpit.example.com
with your actual domain and admin@example.com
with your email address:
$ sudo certbot certonly --standalone -d cockpit.example.com -m admin@example.com --agree-tos
Upon successful certificate generation, you should see output similar to the following:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cockpit.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cockpit.example.com/privkey.pem
This certificate expires on 2025-05-13.
Certbot has scheduled automatic renewal.
Step 8: Test Certificate Renewal
Ensure that automatic renewal is working correctly:
$ sudo certbot renew --dry-run
Step 9: Link SSL Certificate to Cockpit
Connect the SSL certificate to Cockpit’s directory:
$ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/fullchain.pem /etc/cockpit/ws-certs.d/certificate.cert
Similarly, link the private key file:
$ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/privkey.pem /etc/cockpit/ws-certs.d/certificate.key
Step 10: Restart Cockpit
Apply the SSL configuration by restarting Cockpit:
$ sudo systemctl restart cockpit
Step 11: Allow Cockpit Port Through the Firewall
Enable network access to Cockpit’s default port:
$ sudo firewall-cmd --permanent --add-port=9090/tcp
Step 12: Reload Firewalld
Finalize the firewall changes:
$ sudo firewall-cmd --reload
Accessing Cockpit on Rocky Linux 9
You can reach the Cockpit web interface through its default port 9090
. If you need to modify the port, adjust the cockpit.conf
configuration file accordingly. Follow these steps to log in and manage your Rocky Linux 9 system.
Step 1: Open Cockpit in a Web Browser
Enter the following URL in your web browser to access the Cockpit login page:
Step 2: Log into the Cockpit Web Console
Use the credentials of the cockpit-admin
user created earlier to sign in.
Login Restrictions
Root login is disabled by default. Only non-root users can access Cockpit. Users with sudo privileges can perform administrative tasks, while standard users can view system information and active processes.
Managing a Rocky Linux 9 Server with Cockpit
Cockpit provides an intuitive interface for performing administrative tasks such as package installation, process monitoring, user management, and system configuration. Follow these steps to manage your Rocky Linux 9 system via Cockpit.
Step 1: Enable Administrative Access
Click Turn on administrative access within Cockpit and enter the sudo user password to gain administrative privileges.
Step 2: Monitor Server Status
Navigate to the Overview tab to check system health, resource usage, and configuration details.
Step 3: View System Logs
Click Logs in the navigation panel to access system logs. Adjust the displayed log duration by clicking Last 24 hours. Use Priority, Identifier, and Filters to refine your log results.
Step 4: Manage Storage
Click Storage to monitor the system’s storage devices, view disk usage, and check read-write status.
Step 5: Monitor Network Traffic
Click Networking to analyze incoming and outgoing network traffic. View active interfaces under the Interfaces section and inspect traffic details under Network logs.
Step 6: Manage User Accounts
Click Accounts to add, edit, or delete user accounts and groups. To create a new group, click Create new group. To add a new user, click Create new account, enter the required details, and confirm the creation.
Step 7: Manage System Services
Click Services to control system and user services. Use the Targets, Sockets, Timers, and Paths tabs to filter service types.
Step 8: Manage Applications
Click Applications to manage installed Cockpit add-ons. If prompted with an application information is missing message, click Install to update application details.
Step 9: Generate Diagnostic Reports
Click Diagnostic Reports and select Run report to generate an SOS diagnostic report for troubleshooting issues.
Step 10: Manage Kernel Dumps
Click Kernel Dump to configure and manage the kdump system, which helps recover kernel configurations in case of system failures.
Step 11: Manage SELinux Policies
Click SELinux to view and manage SELinux security policies and monitor access control violations.
Step 12: Update Software Packages
Click Software Updates to manage installed packages. Use the Status tab to check update availability, then click Restart services to restart updated applications. Click Install all updates or Install security updates to keep your Rocky Linux 9 system up to date.
Step 13: Use the Cockpit Terminal
Click Terminal to open a built-in command-line interface. Customize its appearance using the Font size and Appearance options.
Monitoring Cockpit for System Alerts
Regularly check the Cockpit dashboard for error or warning icons. These indicators help identify and troubleshoot issues with specific system components.
Installing Cockpit-Podman for Container Management
Cockpit-Podman is a plugin that integrates with Cockpit, enabling the deployment and management of containerized applications on your Rocky Linux 9 server. Follow the steps below to install and configure Cockpit-Podman.
Step 1: Open the Terminal
Launch the Cockpit terminal by clicking Terminal from the Cockpit interface.
Step 2: Update the System
Before proceeding with the installation, update your system packages:
$ sudo dnf update
Step 3: Install Cockpit-Podman
Use the following command to install the Cockpit-Podman module:
$ sudo dnf install cockpit-podman -y
Step 4: Refresh the Cockpit Interface
Once the installation is complete, refresh the Cockpit web console to apply the changes.
Step 5: Access the Podman Containers Section
Click Podman Containers within Cockpit to manage container images and active containers on your server.
Step 6: Start the Podman Service
Click Start Podman to initialize the Podman container service.
Step 7: Create a New Container
Click Create Container to launch the container setup interface.
Step 8: Search for a Container Image
Click Image in the container details section and search for a container image from available registries. For example, enter docker.io/nginx
and select the official Nginx image.
Step 9: Define the Container Command
Replace the contents in the Command field with the following command to display a custom message within the Nginx container:
sh -c "echo '<h1>The Nginx Container is Running!....Greetings</h1>' > /usr/share/nginx/html/index.html && nginx -g 'daemon off;'"
Step 10: Configure Port Mapping
Click Integration and select Add port mapping. Leave the IP address field empty, then set both Host port and Container port to 80
.
Step 11: Deploy the Container
Click Create and run to launch the containerized application on your Rocky Linux 9 server.
Step 12: Monitor Active Containers
Navigate to the Containers section to monitor the deployment status of running containers. Click on a container entry to manage or inspect its details.
Step 13: Verify Container Deployment
Open a new web browser window and enter your server’s IP address to confirm that the custom Nginx page is displayed.
Conclusion
You have successfully installed and configured Cockpit on your Rocky Linux 9 server, along with the Cockpit-Podman module for managing containerized applications. Cockpit provides a robust, web-based control panel for handling system administration tasks efficiently. For further information, refer to the official Cockpit documentation.