Software & Configuration

Cockpit

Install Cockpit, a web-based server management interface for monitoring, services, users, storage and terminal access

Cockpit is a web-based GUI for managing Linux servers without SSH. Monitor resources, manage systemd services, users, storage, and access a terminal from your browser. Excellent for clients less comfortable with CLI management.

Installation

Ubuntu / Debian

apt install cockpit -y
systemctl enable --now cockpit.socket

CentOS / AlmaLinux / Rocky

dnf install cockpit -y
systemctl enable --now cockpit.socket

Alpine Linux

apk add cockpit cockpit-ws
rc-update add cockpit default
rc-service cockpit start

Access Cockpit

Open browser to:

https://SERVER_IP:9090

Login with your SSH credentials (root or sudo user).

Core Features

Overview Dashboard

Real-time monitoring of:

  • CPU usage and load average
  • RAM and swap usage
  • Disk usage and I/O
  • Network interfaces and traffic
  • System uptime and hostname

Logs

Integrated journal viewer with filtering:

# View logs for specific service
journalctl -u nginx

In Cockpit, filter by service, priority, or time range visually.

Networking

Manage network interfaces:

  • View interface status (IPv4, IPv6, MTU)
  • Configure static IP addresses
  • Manage firewalld rules
  • View DNS settings

Services Management

View and control systemd services:

# Start service via Cockpit UI
systemctl start nginx

# Or stop, restart, enable, disable
systemctl stop nginx
systemctl restart nginx
systemctl enable nginx

All available from the Services tab.

Storage Management

Manage disks and partitions:

  • View disk usage and I/O stats
  • Format disks
  • Create partitions
  • Manage LVM volumes (if installed)
  • View RAID status

Click "Storage" tab to access.

Terminal

Web-based terminal with full shell access:

# Full SSH-equivalent access
ls -la
curl https://example.com
systemctl status

Click the terminal icon to launch.

User Management

Create and manage users:

  • Set passwords
  • Manage group membership
  • Set shell and home directory

"Accounts" tab for user management.

Software Updates

View and install system updates:

# Automatic or manual updates
apt list --upgradable    # Debian
dnf check-update         # CentOS

Cockpit shows pending updates and can apply them.

Optional Plugins

Docker Management

Install cockpit-docker:

# Ubuntu/Debian
apt install cockpit-docker

# CentOS/Rocky
dnf install cockpit-docker

Manage containers, images, and networks from Cockpit UI.

Podman Management

apt install cockpit-podman

Alternative to Docker with rootless container support.

Machine (VM) Management

For KVM/QEMU virtualization:

apt install cockpit-machines

Create, manage, and access virtual machines.

Storage Administration

apt install cockpit-storaged

Advanced storage management with LVM, RAID, and more.

Security: Don't Expose Publicly

The port 9090 must not be open to the internet without protection.

From your local machine:

ssh -L 9090:localhost:9090 user@server

Then open:

https://localhost:9090

Option 2: Firewall Restrict

Allow only your IP:

ufw allow from 203.0.113.50 to any port 9090
ufw allow from 203.0.113.51 to any port 9090

Or via iptables:

iptables -A INPUT -p tcp --dport 9090 -s 203.0.113.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 9090 -j DROP

Option 3: Reverse Proxy with Nginx

server {
    listen 443 ssl http2;
    server_name cockpit.example.com;

    ssl_certificate /etc/ssl/certs/cert.pem;
    ssl_certificate_key /etc/ssl/private/key.pem;

    # Basic auth
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location / {
        proxy_pass https://localhost:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Custom SSL Certificate

Replace default self-signed certificate with your own.

Copy Certificate Files

cp /path/to/cert.pem /etc/cockpit/ws-certs.d/
cp /path/to/key.pem /etc/cockpit/ws-certs.d/

Certificate should be combined format (cert + key):

cat certificate.crt private.key > /etc/cockpit/ws-certs.d/mycert.pem
chmod 600 /etc/cockpit/ws-certs.d/mycert.pem

Restart Cockpit:

systemctl restart cockpit

Useful Configuration

Edit /etc/cockpit/cockpit.conf:

# Disable idle timeout (default 15 min)
[Session]
IdleTimeout=0

# Allow root login
[Basic]
root=true

# Listen on custom port
[WebService]
Port=8888

Restart after changes:

systemctl restart cockpit

Common Commands via Terminal Tab

# Check service status
systemctl status nginx

# View system resources
top
df -h
free -h

# Manage packages
apt update && apt upgrade -y

# View logs
journalctl -xe

# Manage firewall
ufw status
ufw allow 80/tcp

Cockpit is perfect alongside traditional SSH access. It doesn't replace CLI management but makes it more accessible for non-technical users or quick GUI tasks like viewing logs and monitoring resources.

Never expose port 9090 directly to the internet without protection. Use SSH tunnels, firewall rules, or reverse proxy with authentication. Cockpit has full system access and must be secured accordingly.

K3s, Lightweight Kubernetes

Install K3s on a VPS for a production-ready Kubernetes cluster, single-node setup, kubectl, Helm and basic deployments

Ansible

Automate management of multiple VPS with Ansible, installation, inventory, playbooks and practical examples for server configuration

On this page

InstallationUbuntu / DebianCentOS / AlmaLinux / RockyAlpine LinuxAccess CockpitCore FeaturesOverview DashboardLogsNetworkingServices ManagementStorage ManagementTerminalUser ManagementSoftware UpdatesOptional PluginsDocker ManagementPodman ManagementMachine (VM) ManagementStorage AdministrationSecurity: Don't Expose PubliclyOption 1: SSH Tunnel (Recommended)Option 2: Firewall RestrictOption 3: Reverse Proxy with NginxCustom SSL CertificateCopy Certificate FilesUseful ConfigurationCommon Commands via Terminal Tab