From cockpit-project.org, Cockpit is a web-based graphical interface for servers, intended for everyone, especially those who are:
- new to Linux (including Windows admins)
- familiar with Linux and want an easy, graphical way to administer servers
- expert admins who mainly use other tools but want an overview on individual systems
Thanks to Cockpit intentionally using system APIs and commands, a whole team of admins can manage a system in the way they prefer, including the command line and utilities right alongside Cockpit.
Why Cockpit?
- It’s Simple to use, Cockpit makes Linux discoverable.
- Compatible with your existing workflows, Cockpit uses the same system tooling you would use from the command line.
- Integrated, Cockpit uses APIs that already exist on the system
- Extendable, Cockpit also supports a large list of optional and third-party applications.
You can check more about Cockpit on their website on https://cockpit-project.org/
How To Install Cockpit
yum install cockpit -y
#Additional package
yum install cockpit-packagekit
yum install cockpit-storaged
yum install https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator-0.5.10-1.el7.noarch.rpm
Then enable cockpit on start up and start cockpit with command:
systemctl enable cockpit.socket
systemctl start cockpit
Cockpit listen on Port 9090. You can open browser and go to https://server_ip:9090.
If you want Cockpit available from network, you need to open IP Tables or Firewalld.
firewall-cmd --add-service=cockpit
firewall-cmd --add-service=cockpit --permanent
firewall-cmd --reload
But, it is not secure. There are many brute force bot will attack your server. Better we run with nginx.
![Cockpit Control Panel](https://serverdiary.b-cdn.net/wp-content/uploads/2023/06/Cockpit-Control-Panel-1024x537.jpg)
How to configure Nginx as reserve proxy for Cockpit socket
Create upstream block on Nginx
upstream cockpit {
server 127.0.0.1:9090;
keepalive 32;
}
Then on Server block, you can use code below:
server {
listen SERVER_IP:443 ssl;
http2 on;
server_name cockpit.serverdiary.com;
root /var/www/html/cockpit.serverdiary.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/cockpit.serverdiary.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cockpit.serverdiary.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/cockpit.serverdiary.com/fullchain.pem;
ssl_session_tickets on;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:30m;
ssl_early_data on;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ecdh_curve X25519:P-256:P-384;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
access_log /var/log/nginx/cockpit.serverdiary.com.access.log combined buffer=512k flush=1m;
error_log /var/log/nginx/cockpit.serverdiary.com.error.log;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://cockpit;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}
Now it’s more secure. That’s it.
One thought on “How to install Cockpit on CentOS 7 / CentOS 9 Stream and configure Nginx reserve proxy”