1COCKPIT.CONF(5)                  cockpit.conf                  COCKPIT.CONF(5)
2
3
4

NAME

6       cockpit.conf - Cockpit configuration file
7

DESCRIPTION

9       Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has
10       a INI file syntax and thus contains key / value pairs, grouped into
11       topical groups. See the examples below for details..
12
13       Note: The port that cockpit listens on cannot be changed in this file.
14       To change the port change the systemd cockpit.socket file.
15

WEBSERVICE

17       Origins
18           By default cockpit will not accept crossdomain websocket
19           connections. Use this setting to allow access from alternate
20           domains. Origins should include scheme, host and port, if
21           necessary.
22
23               [WebService]
24               Origins = https://somedomain1.com https://somedomain2.com:9090
25
26       ProtocolHeader
27           Configure cockpit to look at the contents of this header to
28           determine if a connection is using tls. This should only be used
29           when cockpit is behind a reverse proxy, and care should be taken to
30           make sure that incoming requests cannot set this header.
31
32               [WebService]
33               ProtocolHeader = X-Forwarded-Proto
34
35       LoginTitle
36           Set the browser title for the login screen.
37
38       LoginTo
39           When set to true the Connect to option on the login screen is
40           visible and allows logging into another server. If this option is
41           not specified then it will be automatically detected based on
42           whether the cockpit-ssh process is available or not.
43
44       RequireHost
45           When set to true cockpit will require users to use the Connect to
46           option to specify the host to log into.
47
48       MaxStartups
49           Same as the sshd configuration option by the same name. Specifies
50           the maximum number of concurrent login attempts allowed. Additional
51           connections will be dropped until authentication succeeds or the
52           connections are closed. Defaults to 10.
53
54           Alternatively, random early drop can be enabled by specifying the
55           three colon separated values start:rate:full (e.g. "10:30:60").
56           Cockpit will start refusing authentication attempts with a
57           probability of rate/100 (30%) if there are currently start (10)
58           unauthenticated connections. The probability increases linearly and
59           all connection attempts are refused if the number of
60           unauthenticated connections reaches full (60).
61
62       AllowUnencrypted
63           If true, cockpit will accept unencrypted HTTP connections.
64           Otherwise, it redirects all HTTP connections to HTTPS. Exceptions
65           are connections from localhost and for certain URLs (like /ping).
66           Defaults to false.
67
68       UrlRoot
69           The root URL where you will be serving cockpit. When provided
70           cockpit will expect all requests to be prefixed with the given url.
71           This is mostly useful when you are using cockpit behind a reverse
72           proxy, such as nginx.  /cockpit/ and /cockpit+ are reserved and
73           should not be used. For example /cockpit-new/ is ok.  /cockpit/ and
74           /cockpit+new/ are not.
75

LOG

77       Fatal
78           The kind of log messages in the bridge to treat as fatal. Separate
79           multiple values with spaces. Relevant values are: criticals and
80           warnings.
81

OAUTH

83       Cockpit can be configured to support the implicit grant[1] OAuth
84       authorization flow. When successful the resulting oauth token will be
85       passed to cockpit-ws using the Bearer auth-scheme. For a login to be
86       successful, cockpit will also need a to be configured to verify and
87       allow Bearer tokens.
88
89       URL
90           This is the url that cockpit will redirect the users browser to
91           when it needs to obtain an oauth token. Cockpit will add a
92           redirect_uri parameter to the url with the location of where the
93           oauth provider should redirect to once a token has been obtained.
94
95       ErrorParam
96           When a oauth provider redirects a user back to cockpit, look for
97           this parameter in the querystring or fragment portion of the url to
98           find a error message. When not provided it will default to
99           error_description
100
101       TokenParam
102           When a oauth provider redirects a user back to cockpit, look for
103           this parameter in the querystring or fragment portion of the url to
104           find the access token. When not provided it will default to
105           access_token
106

BUGS

108       Please send bug reports to either the distribution bug tracker or the
109       upstream bug tracker[2].
110

AUTHOR

112       Cockpit has been written by many contributors[3].
113

SEE ALSO

115       cockpit-ws(8)
116

NOTES

118        1. implicit grant
119           https://tools.ietf.org/html/rfc6749#section-4.2
120
121        2. upstream bug tracker
122           https://github.com/cockpit-project/cockpit/issues/new
123
124        3. contributors
125           https://github.com/cockpit-project/cockpit/
126
127
128
129cockpit                           07/01/2019                   COCKPIT.CONF(5)
Impressum