From cockpit-project.org, Cockpit is a web-based graphical interface for servers, intended for everyone, especially those who are:
- new to Linux (including Windows admins)
- familiar with Linux and want an easy, graphical way to administer servers
- expert admins who mainly use other tools but want an overview on individual systems
Thanks to Cockpit intentionally using system APIs and commands, a whole team of admins can manage a system in the way they prefer, including the command line and utilities right alongside Cockpit.
Why Cockpit?
- It’s Simple to use, Cockpit makes Linux discoverable.
- Compatible with your existing workflows, Cockpit uses the same system tooling you would use from the command line.
- Integrated, Cockpit uses APIs that already exist on the system
- Extendable, Cockpit also supports a large list of optional and third-party applications.
You can check more about Cockpit on their website on https://cockpit-project.org/
How To Install Cockpit
yum install cockpit -y
#Additional package
yum install cockpit-packagekit
yum install cockpit-storaged
yum install https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator-0.5.10-1.el7.noarch.rpmThen enable cockpit on start up and start cockpit with command:
systemctl enable cockpit.socket
systemctl start cockpitCockpit listen on Port 9090. You can open browser and go to https://server_ip:9090.
If you want Cockpit available from network, you need to open IP Tables or Firewalld.
firewall-cmd --add-service=cockpit
firewall-cmd --add-service=cockpit --permanent
firewall-cmd --reloadBut, it is not secure. There are many brute force bot will attack your server. Better we run with nginx.
How to configure Nginx as reserve proxy for Cockpit socket
Create upstream block on Nginx
upstream cockpit {
server 127.0.0.1:9090;
keepalive 32;
}Then on Server block, you can use code below:server {
listen SERVER_IP:443 ssl;
http2 on;
server_name cockpit.serverdiary.com;
root /var/www/html/cockpit.serverdiary.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/cockpit.serverdiary.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cockpit.serverdiary.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/cockpit.serverdiary.com/fullchain.pem;
ssl_session_tickets on;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:30m;
ssl_early_data on;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ecdh_curve X25519:P-256:P-384;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
access_log /var/log/nginx/cockpit.serverdiary.com.access.log combined buffer=512k flush=1m;
error_log /var/log/nginx/cockpit.serverdiary.com.error.log;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://cockpit;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}Now it’s more secure. That’s it.
One thought on “How to install Cockpit on CentOS 7 / CentOS 9 Stream and configure Nginx reserve proxy”