1COCKPIT-WS(8)                     cockpit-ws                     COCKPIT-WS(8)
2
3
4

NAME

6       cockpit-ws - Cockpit web service
7

SYNOPSIS

9       cockpit-ws [--help] [--port PORT] [--address ADDRESS] [--no-tls]
10                  [--for-tls-proxy] [--local-ssh] [--local-session BRIDGE]
11

DESCRIPTION

13       The cockpit-ws program is the web service component used for
14       communication between the browser application and various configuration
15       tools and services like cockpit-bridge(1).
16
17       Users or administrators should never need to start this program as it
18       automatically started by systemd(1) on bootup, through cockpit-tls(8).
19

TRANSPORT SECURITY

21       cockpit-ws is normally run behind the cockpit-tls TLS terminating
22       proxy, and only deals with unencrypted HTTP by itself. But for
23       backwards compatibility it can also handle TLS connections by itself
24       when being run directly. For details how to configure certificates,
25       please refer to the cockpit-tls(8) documentation.
26

TIMEOUT

28       When started via systemd(1) then cockpit-ws will exit after 90 seconds
29       if nobody logs in, or after the last user is disconnected.
30

OPTIONS

32       --help
33           Show help options.
34
35       --port PORT
36           Serve HTTP requests PORT instead of port 9090. Usually Cockpit is
37           started on demand by systemd socket activation, and this option has
38           no effect. Update the ListenStream directive cockpit.socket file in
39           the usual systemd manner.
40
41       --address ADDRESS
42           Bind to address ADDRESS instead of binding to all available
43           addresses. Usually Cockpit is started on demand by systemd socket
44           activation, and this option has no effect. In that case, update the
45           ListenStream directive in the cockpit.socket file in the usual
46           systemd manner.
47
48       --no-tls
49           Don't use TLS.
50
51       --for-tls-proxy
52           Tell cockpit-ws that it is running behind a local reverse proxy
53           that does the TLS termination. Then Cockpit puts https:// URLs into
54           the default Content-Security-Policy, and accepts only https://
55           origins, instead of http: ones by default. However, if Origins is
56           set in the cockpit.conf(5) configuration file, it will override
57           this default.
58
59       --proxy-tls-redirect
60           Enable redirection of unencrypted http requests to https (TLS) in
61           --no-tls mode. Use this when running cockpit-ws behind a reverse
62           http proxy that also supports https, but does no redirection from
63           http to https by itself.
64
65       --local-ssh
66           Normally cockpit-ws uses cockpit-session and PAM to authenticate
67           the user and start a user session. With this option enabled, it
68           will instead authenticate via SSH at 127.0.0.1 port 22.
69
70       --local-session BRIDGE
71           Skip all authentication and cockpit-session, and launch the
72           cockpit-bridge specified in BRIDGE in the local session. If the
73           BRIDGE is specified as - then expect an already running bridge that
74           is connected to stdin and stdout of this cockpit-ws process. This
75           allows the web server to run as any unprivileged user in an already
76           running session.
77
78           This mode implies --no-tls, thus you need to use http:// URLs with
79           this.
80
81               Warning
82               If you use this, you have to isolate the opened TCP port
83               somehow (for example in a network namespace), otherwise all
84               other users (or even remote machines if the port is not just
85               listening on localhost) can access the session!
86

ENVIRONMENT

88       The cockpit-ws process will use the XDG_CONFIG_DIRS environment
89       variable from the XDG basedir spec[1] to find its cockpit.conf(5)
90       configuration file.
91
92       In addition the XDG_DATA_DIRS environment variable from the XDG basedir
93       spec[1] can be used to override the location to serve static files
94       from. These are the files that are served to a non-logged in user.
95

BUGS

97       Please send bug reports to either the distribution bug tracker or the
98       upstream bug tracker[2].
99

AUTHOR

101       Cockpit has been written by many contributors[3].
102

SEE ALSO

104       cockpit-tls(8) , cockpit.conf(5) , systemd(1)
105

NOTES

107        1. XDG basedir spec
108           https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
109
110        2. upstream bug tracker
111           https://github.com/cockpit-project/cockpit/issues/new
112
113        3. contributors
114           https://github.com/cockpit-project/cockpit/
115
116
117
118cockpit                           11/27/2019                     COCKPIT-WS(8)
Impressum