1COCKPIT-WS(8) cockpit-ws COCKPIT-WS(8)
2
6 cockpit-ws - Cockpit web service
7
9 cockpit-ws [--help] [--port PORT] [--no-tls] [--local-ssh]
10 [--address ADDRESS]
11
13 The cockpit-ws program is the web service component used for
14 communication between the browser application and various configuration
15 tools and services like cockpit-bridge(8).
16 Users or administrators should never need to start this program as it
18 automatically started by systemd(1) on bootup.
19
21 To specify the TLS certificate the web service should use, simply drop
22 a file with the extension .cert in the /etc/cockpit/ws-certs.d
23 directory. If there are multiple files in this directory, then the
24 highest priority one is chosen after sorting.
25 The .cert file should contain at least two OpenSSL style PEM blocks.
27 First one or more BEGIN CERTIFICATE blocks for the server certificate
28 and intermediate certificate authorities and a last one containing a
29 BEGIN PRIVATE KEY or similar. The key may not be encrypted.
30 If there is no TLS certificate, a self-signed certificate is
32 automatically generated using openssl and stored in the
33 0-self-signed.cert file.
34 When enrolling into a FreeIPA domain, an SSL certificate is requested
36 from the IPA server and stored in 10-ipa.cert.
37 To check which certificate cockpit-ws will use, run the following
39 command.
40 $ sudo remotectl certificate
42 If using certmonger to manage certificates, following command can be
44 used to automatically prepare concatenated .cert file:
45 CERT_FILE=/etc/pki/tls/certs/$(hostname).pem
47 KEY_FILE=/etc/pki/tls/private/$(hostname).key
48 getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) -C "sed -n w/etc/cockpit/ws-certs.d/50-from-certmonger.cert ${CERT_FILE} ${KEY_FILE}"
50
52 When started via systemd(1) then cockpit-ws will exit after 90 seconds
53 if nobody logs in, or after the last user is disconnected.
54
56 --help
57 Show help options.
58 --local-ssh
60 Normally cockpit-ws uses cockpit-session and PAM to authenticate
61 the user and start a user session. With this option enabled, it
62 will instead authenticate via SSH at 127.0.0.1 port 22.
63 --port PORT
65 Serve HTTP requests PORT instead of port 9090. Usually Cockpit is
66 started on demand by systemd socket activation, and this option has
67 no effect. Update the ListenStream directive cockpit.socket file in
68 the usual systemd manner.
69 --address ADDRESS
71 Bind to address ADDRESS instead of binding to all available
72 addresses. Usually Cockpit is started on demand by systemd socket
73 activation, and this option has no effect. In that case, update the
74 ListenStream directive in the cockpit.socket file in the usual
75 systemd manner.
76 --no-tls
78 Don't use TLS.
79
81 The cockpit-ws process will use the XDG_CONFIG_DIRS environment
82 variable from the XDG basedir spec[1] to find its cockpit.conf(5)
83 configuration file.
84 In addition the XDG_DATA_DIRS environment variable from the XDG basedir
86 spec[1] can be used to override the location to serve static files
87 from. These are the files that are served to a non-logged in user.
88
90 Please send bug reports to either the distribution bug tracker or the
91 upstream bug tracker[2].
92
94 Cockpit has been written by many contributors[3].
95
97 cockpit.conf(5) , systemd(1)
98
100 1. XDG basedir spec
101 https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
102 2. upstream bug tracker
104 https://github.com/cockpit-project/cockpit/issues/new
105 3. contributors
107 https://github.com/cockpit-project/cockpit/
108cockpit 03/13/2019 COCKPIT-WS(8)