Blog

Install Cockpit Ubuntu Better Server

April 20, 2025
0 1 7 minutes read
Install Cockpit Ubuntu Better Server

Installing Cockpit on Ubuntu Server: A Comprehensive Guide for Enhanced Server Management

Cockpit provides a modern, web-based graphical interface for managing Ubuntu servers, streamlining tasks like system updates, storage configuration, network settings, user management, and service monitoring. This guide details the installation process for Cockpit on an Ubuntu Server, focusing on best practices for security and accessibility, along with essential post-installation configuration steps to maximize its utility.

Prerequisites and System Requirements

Before commencing the Cockpit installation, ensure your Ubuntu Server meets the following prerequisites:

  • Ubuntu Server Version: Cockpit is compatible with recent versions of Ubuntu Server, including Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 22.04 LTS (Jammy Jellyfish), and subsequent LTS releases. Older, unsupported versions may not have Cockpit readily available in their repositories or may encounter compatibility issues. It is highly recommended to use an LTS (Long Term Support) version for stability and extended security updates.
  • Internet Connectivity: The server must have a stable internet connection to download Cockpit packages and their dependencies from the Ubuntu repositories.
  • Sudo Privileges: You will need a user account with sudo privileges to execute installation and configuration commands. Root access can also be used, but sudo is generally preferred for enhanced security by limiting direct root logins.
  • SSH Access: Typically, you will be performing the installation and initial configuration via an SSH connection to your Ubuntu Server. Ensure you have a reliable SSH client (e.g., OpenSSH on Linux/macOS, PuTTY on Windows).
  • Firewall Configuration (Consideration): While Cockpit itself doesn’t require specific firewall rules for installation, it listens on a specific port (default 9090). You will need to ensure this port is accessible if you plan to manage the server remotely over the network. This is a crucial step for post-installation accessibility.

Installation Steps

The installation of Cockpit on Ubuntu Server is a straightforward process involving package management.

  1. Update Package Lists:
    The first and most critical step before installing any new software is to update your server’s package lists. This ensures that you are retrieving the latest available versions of packages and their dependencies.

    sudo apt update

    This command downloads the latest information about available packages from the configured repositories.

  2. Install Cockpit:
    Once the package lists are updated, you can install Cockpit and its necessary components. The primary package is cockpit. Installing this package will automatically pull in any required dependencies.

    sudo apt install cockpit

    This command will prompt you to confirm the installation. Press ‘Y’ and then Enter to proceed. The installation process will download and install the Cockpit web server, its plugins, and other related software.

  3. Install Additional Cockpit Plugins (Recommended for Full Functionality):
    While the core cockpit package provides essential functionalities, several plugins enhance Cockpit’s capabilities significantly. Installing these plugins allows you to manage a wider range of system services and configurations through the web interface.

    • cockpit-storaged: For managing storage devices, partitions, LVM, and filesystems.
    • cockpit-networkmanager: For configuring network interfaces and connections using NetworkManager.
    • cockpit-packagekit: To manage software updates and package installation directly from Cockpit.
    • cockpit- seabios: Provides firmware interfaces for systems.
    • cockpit-shell: Offers a terminal interface within Cockpit.
    • cockpit- machines: For managing virtual machines (requires qemu-kvm and libvirt-daemon-system to be installed).

    You can install these plugins individually or install them all at once using the following command:

    sudo apt install cockpit-storaged cockpit-networkmanager cockpit-packagekit cockpit- seabios cockpit-shell cockpit- machines

    Again, confirm the installation by pressing ‘Y’ and Enter.

  4. Enable and Start the Cockpit Service:
    After the installation is complete, the Cockpit service is usually enabled and started automatically. However, it’s good practice to verify this and explicitly enable and start it if necessary.

    To check the status of the Cockpit service:

    sudo systemctl status cockpit.socket

    You should see output indicating that the service is active and running. If it’s not, you can enable and start it with the following commands:

    sudo systemctl enable cockpit.socket
sudo systemctl start cockpit.socket

    Cockpit uses a socket-based activation mechanism. cockpit.socket is the unit responsible for listening for incoming connections and starting the cockpit.service when a connection is detected.

Post-Installation Configuration and Access

Once Cockpit is installed and the service is running, you need to configure your firewall and access the web interface.

  1. Firewall Configuration:
    Cockpit listens on TCP port 9090 by default. If you are using a firewall like ufw (Uncomplicated Firewall), which is common on Ubuntu, you need to allow incoming connections on this port.

    • Allow Cockpit Port:

      sudo ufw allow 9090/tcp

    • Reload Firewall Rules (if necessary): If ufw is already enabled and running, it’s good practice to reload its rules to ensure the new rule is applied.

      sudo ufw reload

    • Check Firewall Status: To verify that the rule has been added correctly:

      sudo ufw status

      You should see an entry allowing traffic on port 9090/tcp.

  2. Accessing the Cockpit Web Interface:
    Open a web browser on your local machine and navigate to your server’s IP address or hostname followed by the Cockpit port.

    The URL will be in the format:

    https://your_server_ip_or_hostname:9090

    For example, if your server’s IP address is 192.168.1.100, you would navigate to: https://192.168.1.100:9090.

    Security Note: Cockpit uses HTTPS for secure communication. Your browser might show a certificate warning because it’s using a self-signed certificate by default. You can proceed by accepting the risk and adding an exception. For production environments, consider configuring Cockpit with a trusted SSL certificate.

  3. Login Credentials:
    When prompted, use the username and password of a user account that has sudo privileges on your Ubuntu Server. You will then be presented with the Cockpit dashboard.

Key Features and Initial Usage

Upon logging into Cockpit, you will see a dashboard providing an overview of your server’s status. Here are some essential features and how to use them:

  • Dashboard: Provides a snapshot of system performance, including CPU usage, memory usage, disk I/O, and network activity. You can also see recent log entries.
  • Applications: This section lists installed applications and services. You can start, stop, restart, and enable/disable services here.
  • Accounts: Manage user accounts on your server. You can create new users, delete existing ones, and set user privileges.
  • Networking: Configure network interfaces, IP addresses, DNS settings, and firewalls. This leverages the cockpit-networkmanager plugin.
  • Storage: Manage storage devices, create and delete partitions, set up Logical Volume Management (LVM), and mount/unmount filesystems. This utilizes the cockpit-storaged plugin.
  • Logs: View system logs, filter them by severity or source, and search for specific messages.
  • Software Updates: Check for and install available software updates directly from the Cockpit interface, provided cockpit-packagekit is installed.
  • Terminal: Access a full terminal session within your web browser for command-line operations. This is available if cockpit-shell is installed.
  • Virtual Machines: If cockpit-machines is installed along with KVM and libvirt, you can manage virtual machines, including creating, starting, stopping, and configuring them.

Securing Cockpit

While Cockpit offers a convenient way to manage your server, it’s crucial to secure it properly, especially if it’s accessible from the internet.

  1. HTTPS is Mandatory: Always use HTTPS. The default self-signed certificate is acceptable for initial setup and internal networks, but for external access, replace it with a certificate from a trusted Certificate Authority (CA).
  2. Limit Access: Restrict access to Cockpit’s port (9090) using your firewall to only trusted IP addresses or networks. Avoid exposing it directly to the public internet without proper security measures.
  3. Strong Passwords and User Management: Enforce strong password policies for all users with sudo privileges. Regularly review user accounts and revoke access for those no longer needed.
  4. Two-Factor Authentication (2FA): While not a built-in Cockpit feature, you can implement 2FA at the SSH level, which can indirectly enhance security if Cockpit relies on SSH for authentication or if you use SSH key-based authentication for privileged users.
  5. Regular Updates: Keep Cockpit and all its plugins updated to the latest versions to benefit from security patches and bug fixes.

Troubleshooting Common Issues

  • Cockpit Not Accessible:
    • Verify that the cockpit.socket service is running (sudo systemctl status cockpit.socket).
    • Check your firewall rules to ensure port 9090 is allowed (sudo ufw status).
    • Confirm that you are using the correct IP address or hostname and port number in your browser.
    • Ensure there are no network ACLs or other network devices blocking port 9090.
  • Login Issues:
    • Double-check the username and password. Remember that you need a user with sudo privileges.
    • If you are unable to log in with a specific user, ensure that the user is part of the sudo or adm group, which is often required for administrative access.
  • Missing Functionality:
    • If certain features (like storage management or network configuration) are not appearing or working, ensure that the corresponding cockpit-* plugins are installed (sudo apt install cockpit-storaged cockpit-networkmanager, etc.) and that the relevant system services (like NetworkManager or storaged) are also running.
  • Certificate Warnings:
    • As mentioned, this is normal for self-signed certificates. For production, obtain and install a valid SSL certificate.

Advanced Configuration

While the default installation is highly functional, Cockpit offers advanced configuration options for specific needs.

  • Changing the Listening Port: If port 9090 is already in use or you wish to use a different port for security by obscurity (though not a primary security measure), you can modify the Cockpit configuration.

    1. Edit the Cockpit systemd service file: 
      sudo systemctl edit --full cockpit.service
    2. Find the ExecStart line and modify the port number. For example, to change it to 9091: 
      ExecStart=/usr/sbin/cockpit-bridge --port=9091
    3. Save the file and restart the Cockpit service: 
      sudo systemctl restart cockpit.service
    4. Remember to update your firewall rules accordingly.

  • Authentication Methods: Cockpit typically uses system authentication (PAM). You can explore PAM configurations if you need to integrate with external authentication systems, though this is an advanced topic.

  • Custom Branding: For enterprise environments, Cockpit allows for custom branding to match your organization’s identity. This involves modifying specific configuration files and potentially recompiling certain components, which is beyond the scope of a basic installation guide.

Uninstalling Cockpit

If you decide to remove Cockpit from your server, follow these steps:

  1. Remove Cockpit Packages:

    sudo apt remove cockpit cockpit-storaged cockpit-networkmanager cockpit-packagekit cockpit- seabios cockpit-shell cockpit- machines

    This command removes the installed Cockpit packages.

  2. Remove Unused Dependencies:

    sudo apt autoremove

    This cleans up any dependencies that were installed with Cockpit and are no longer needed by other packages.

  3. Stop and Disable Cockpit Service: Although removing packages usually handles this, it’s good practice to ensure the service is stopped and disabled.

    sudo systemctl stop cockpit.socket
sudo systemctl disable cockpit.socket

  4. Remove Firewall Rule:
    If you added a firewall rule for Cockpit, remove it:

    sudo ufw delete allow 9090/tcp
sudo ufw reload

Conclusion

Installing and configuring Cockpit on your Ubuntu Server significantly enhances your ability to manage it efficiently and effectively through a user-friendly web interface. By following these detailed steps, from initial installation and plugin selection to crucial post-installation security configurations, you can leverage Cockpit to streamline daily server administration tasks, monitor system health, and maintain a secure and well-managed environment. Remember to always prioritize security by using strong authentication, limiting access, and keeping your system updated.

Related posts:

April 20, 2025
0 1 7 minutes read

Related Articles

This Apple Short Film Was Filmed Entirely On An Iphone 15 Pro

This Apple Short Film Was Filmed Entirely On An Iphone 15 Pro

April 19, 2025
Robokiller Vs Nomorobo Which Robocall Blocker Should Ios Users Choose

Robokiller Vs Nomorobo Which Robocall Blocker Should Ios Users Choose

April 20, 2025
Spotify Takes On Apple Music With Its Own Music Videos In 11 Countries But You Might Be Surprised Which Didnt Make The List

Spotify Takes On Apple Music With Its Own Music Videos In 11 Countries But You Might Be Surprised Which Didnt Make The List

April 19, 2025
Blast From The Past Hands Of Stone Ledwaba Retains World Title 133868

Blast From The Past Hands Of Stone Ledwaba Retains World Title 133868

April 21, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Snapost
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.