Install and enable Cockpit to provide a secure web-based administration dashboard for Linux systems. Verify socket activation and confirm the service is listening on port 9090.
A team wants to manage Linux systems through a secure web-based dashboard. Your task is to install and configure Cockpit so administrators can access a browser-based interface for system visibility and management.
This is a typical ops enablement task: install the management surface, ensure it is reachable only through a controlled port, and prove readiness with a browser check plus socket-level verification.
cockpit.socket.https://localhost:9090.9090 using ss.cockpit.socket) so the listener is managed by systemd and the
service can be started on-demand.
9090. In lab environments, you may see a browser warning due to a self-signed
certificate; the key validation is reachability and successful login.
ss) and an application-level check (browser or curl -k).
# Debian/Ubuntu
sudo apt update
sudo apt install -y cockpit
# RHEL / CentOS / Fedora
sudo dnf install -y cockpit
# or (older flows)
sudo yum install -y cockpit
# Arch
sudo pacman -S cockpitInstalling Cockpit provides the web UI packages and systemd units needed to expose the management interface.
# Example result (varies by distro):
# cockpit installed successfully.sudo systemctl enable --now cockpit.socketEnabling the socket ensures the management interface is available and will be activated when a client connects.
# Quick verification:
systemctl status cockpit.socket --no-pagersudo ss -lntp | grep -E ':\b9090\b' || true
This is your socket-level proof that Cockpit is reachable. You should see a listener on :9090.
# Example:
LISTEN 0 128 0.0.0.0:9090 ... systemd
LISTEN 0 128 [::]:9090 ... systemd# Browser (choose one):
xdg-open https://localhost:9090
# or
firefox https://localhost:9090
# or
chromium https://localhost:9090
# Terminal validation (useful on headless systems):
curl -kI https://localhost:9090Cockpit runs over HTTPS by default. The browser may warn about the certificate in lab environments; the goal is to confirm the endpoint responds and the login page is reachable.
# Expected result:
# Cockpit login page loads at https://localhost:9090
# (or curl returns an HTTP response header)
Confirm cockpit.socket is enabled and active. If it’s inactive, start it. If it fails, inspect logs with
journalctl -u cockpit.socket.
Verify the listener exists on :9090. If you’re connecting remotely, confirm firewall rules allow TCP/9090 and
that you’re targeting the correct host/IP.
In lab environments, a self-signed certificate is normal. The key check is that the endpoint responds and the login page loads.
If you want to remove the management surface after practice, disable the socket. Remove the package only if you’re done.
# Stop/disable socket activation
sudo systemctl disable --now cockpit.socket
# Optional: remove package (choose your distro)
# Debian/Ubuntu
# sudo apt remove -y cockpit
# RHEL-family
# sudo dnf remove -y cockpit
# Arch
# sudo pacman -R cockpitapt install cockpit: Install Cockpit on Debian/Ubuntu.
-y: assume “yes” to promptsdnf install cockpit: Install Cockpit on RHEL-family systems.
-y: assume “yes” to promptspacman -S cockpit: Install Cockpit on Arch.
systemctl enable --now cockpit.socket: Enable socket activation and start immediately.
enable: start at boot--now: start immediatelysystemctl status cockpit.socket: Check socket activation state.
--no-pager: print directlyss -lntp: Show listening TCP sockets and owning processes.
-l: listening sockets-n: numeric output-t: TCP sockets-p: process infoxdg-open https://localhost:9090: Open the Cockpit UI in the default browser (desktop environments).
curl -kI https://localhost:9090: Validate HTTPS reachability from the terminal.
-k: ignore certificate verification (lab use)-I: headers onlyjournalctl -u cockpit.socket: View logs for socket activation issues.
-n 50: last 50 lines--no-pager: print directly