How to Install Cockpit on Fedora Linux

Cockpit is a powerful and popular web-based interface allowing users to easily manage Linux servers. A simple and intuitive design provides a user-friendly way for system administrators to manage multiple servers from a single interface, making it an increasingly popular choice in recent years.

Cockpit is an all-in-one tool that can perform a wide range of functions, including monitoring system resources, configuring services, managing user accounts, and accessing system logs. This versatility makes it a valuable asset for system administrators, and its compatibility with a range of Linux distributions only adds to its appeal. Cockpit is widely used in enterprise-level environments and by individual users who need to manage their own servers.

One of the key factors driving Cockpit’s popularity is its ease of use. The interface is intuitive and straightforward, making it accessible to users with varying technical expertise. Even users with little experience managing Linux servers can quickly become comfortable with the interface and easily perform necessary tasks.

Cockpit also allows users to manage multiple servers from a single interface, which can be a huge time-saver in environments where multiple servers are used. With Cockpit, system administrators can manage all their servers in one place, streamlining their workflow and improving efficiency.

In this guide, we will provide detailed instructions on installing Cockpit on Fedora Linux and accessing the web UI. You will learn how to enable Cockpit on Fedora Workstation or Server using the command line terminal and how to access the web UI to begin managing your servers. By following the steps outlined in this guide, you can install and use Cockpit confidently, taking advantage of its features to streamline server management and improve productivity.

Step 1: Update Fedora

To ensure a smooth installation process and avoid potential conflicts, it is recommended that you update your system before beginning the installation. This will ensure that all existing packages are up to date and reduce the likelihood of any issues arising during installation.

Open your command terminal and use the following command:

sudo dnf upgrade --refresh

Step 2: Install Cockpit

The cockpit is readily available in Fedora’s default repository. However, it is important to note that while Fedora Server has Cockpit installed by default, it may not be included in other variants, such as those provided by certain cloud providers. Additionally, Fedora Workstation does not have Cockpit installed by default.

To install Cockpit, open your terminal and execute the following command with root privileges:

sudo dnf install cockpit cockpit-selinux

It is recommended that you also install the SELinux package, as it can help identify and troubleshoot potential issues caused by SELinux blocking software.

After installation, you will need to activate the Cockpit service. By default, the service is not active, so you will need to execute a few systemctl commands.

To start the Cockpit service, use the following command:

sudo systemctl start cockpit cockpit.socket

If you would like to enable Cockpit on system startup so that it is always active, execute the following command:

sudo systemctl enable cockpit cockpit.socket

Finally, verify the status of Cockpit to ensure it is running correctly on your system:

systemctl status cockpit

Example output if everything is working correctly:

Step 3: Configure FirewallD

After installing Cockpit on your Fedora Linux system, it is crucial to ensure that your firewall is properly configured to secure your system. Below are some essential firewalld examples to help you secure Cockpit on your system.

Allow Cockpit to listen on port 9090:

By default, Cockpit listens on port 9090. To allow Cockpit to listen on this port, execute the following command in your terminal:

sudo firewall-cmd --permanent --zone=public --add-service=cockpit

Restrict access to Cockpit from specific IP addresses:

If you would like to restrict access to Cockpit from specific IP addresses, execute the following command with your desired IP address:

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x/24" service name="cockpit" accept'

Allow Cockpit access to SSH:

To allow Cockpit to access SSH, execute the following command in your terminal:

sudo firewall-cmd --permanent --zone=public --add-service=ssh

Enable HTTPS for secure connections:

To enable HTTPS for secure connections, execute the following command in your terminal:

sudo firewall-cmd --permanent --zone=public --add-service=https

Block access to Cockpit from specific IP addresses:

If you would like to block access to Cockpit from specific IP addresses, execute the following command with your desired IP address:

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x/24" service name="cockpit" reject

Allow access to Cockpit for a specific network interface:

To allow access to Cockpit for a specific network interface, execute the following command:

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="cockpit" accept' --permanent --zone=public --change-interface=eth0

Enable logging for firewall events:

To enable logging for firewall events, execute the following command in your terminal:

sudo firewall-cmd --set-log-denied=all

Block all incoming connections except for necessary services:

To block all incoming connections except for necessary services, execute the following command in your terminal:

sudo firewall-cmd --default-deny

Enable automatic updates for firewall rules:

To enable automatic updates for firewall rules, execute the following command in your terminal:

sudo firewall-cmd --permanent --add-service=cockpit --runtime-to-permanent

Step 4: Access Cockpit Web UI

After confirming or installing Cockpit, the next step is to access the Cockpit Web UI using your preferred web browser. Here’s how you can do it:

Find out your server’s IP internal address:

To access the Cockpit Web UI, you will need to know your server’s IP address. You can find out your server’s IP address by executing the following command in your terminal:

hostname -I

Open Cockpit in your browser:

Once you have obtained your server’s IP address, you can open the Cockpit Web UI in your browser by typing the following address:

http://server-ip-address:9090

Replace “server-ip-address” with your server’s IP address.

Alternatively, using the localhost:9090 can also work, depending on your server setup.

http://localhost:9090

Bypass the security alert:

When you first try to navigate the Cockpit Web UI, you may encounter a security alert that warns that the connection may not be private. To proceed, click on the Advanced button and then Accept the Risk and Continue.

Log in to Cockpit:

After bypassing the security alert, you will see the Cockpit login page. To log in to Cockpit, use your same sudo or root username and password and proceed to the dashboard.

Example of login page:

After opening the Cockpit Web UI for the first time, there are several things you should check out to become more familiar with its features and functionality. Here are some tips on what to check out when first opening Cockpit:

After opening the Cockpit Web UI for the first time, there are several things you should check out to become more familiar with its features and functionality. Here are some tips on what to check out when first opening Cockpit:

• Dashboard: The dashboard is the default page when you log in to Cockpit, and it provides an overview of your system’s performance, including CPU usage, memory usage, network usage, and more.
• System: The System page provides an overview of your system’s hardware, software, and performance. Here, you can check system logs, manage user accounts, configure networking, and view system statistics.
• Services: The Services page allows you to manage the services running on your system, including starting and stopping them, viewing their status, and enabling or disabling them.
• Storage: The Storage page allows you to manage your system’s storage, including viewing and managing disks, partitions, and file systems.
• Networking: The Networking page allows you to manage your system’s network settings, including configuring network interfaces, setting up network bridges, and configuring network firewalls.
• Logs: The Logs page allows you to view and manage system logs, including viewing log messages, filtering logs, and setting up log rotation.
• Customization: You can customize the Cockpit Web UI by changing the appearance and behavior of the interface, such as changing the default landing page, creating custom dashboards, and configuring notifications.
• Add-ons: Cockpit has a wide range of add-ons that you can install to extend its functionality. Some popular add-ons include the Cockpit Kubernetes dashboard, Cockpit Ansible, and the Cockpit NetworkManager.
• Documentation: Cockpit has extensive documentation available, including a user guide and a developer guide. You can access the documentation from the Help menu in the Cockpit Web UI.
• Community: There is a large and active community of Cockpit users and developers who can offer support, answer questions, and provide guidance. You can access the community through the Cockpit website, forums, and mailing lists.

By exploring these features and resources, you can become more familiar with Cockpit and take advantage of its powerful management capabilities. Additionally, don’t hesitate to experiment and try new things to see what works best for your specific needs.

Example of Cockpit dashboard:

Cockpit SELinux Troubleshoot

Cockpit is fully integrated with the security mechanisms in Fedora, including SELinux. This ensures that Cockpit is secure by default and provides additional layers of protection against potential threats.

However, in some cases, SELinux may interfere with Cockpit’s operation, causing errors or preventing certain features from working correctly. In these situations, you may need to troubleshoot SELinux to resolve the issue.

One common issue with SELinux and Cockpit is the “Forbidden” error message that can occur when accessing Cockpit. This error typically occurs when SELinux denies access to a file or directory that Cockpit needs to operate correctly. To troubleshoot this issue, you can try the following steps:

Check SELinux status:

Verify the status of SELinux by running the following command in your terminal:

sestatus

Check SELinux audit logs:

Check the SELinux audit logs to identify any denials that may be related to Cockpit. You can use the following command to view the audit log:

sudo ausearch -m avc -ts recent

This will display the most recent SELinux audit log entries.

Configure SELinux policy:

If SELinux is blocking Cockpit’s access to a file or directory, you can configure the SELinux policy to allow access. For example, you can use the following command to set the SELinux policy to permissive mode, which allows access but still logs any violations:

sudo setenforce 0

You can also use the semanage command to modify SELinux policies and enable access to specific files or directories. Also, you will need to reboot in most cases for the changes to take effect.

Conclusion

This guide has covered installing and accessing Cockpit on Fedora Linux. We have also provided tips on what to check out when first opening Cockpit, including its dashboard, system, services, storage, networking, logs, customization options, add-ons, documentation, and community.

FAQs on Cockpit with Fedora