Cockpit — Web-Based Linux Server Administration

Introduction

Cockpit provides a real-time web interface for managing Linux servers. It uses existing system APIs rather than its own abstractions, so changes made in Cockpit are immediately reflected in the terminal and vice versa.

What Cockpit Does

• Monitors CPU, memory, disk, and network usage in real time
• Manages systemd services, timers, and sockets through a visual interface
• Configures networking including bonds, bridges, VLANs, and firewall rules
• Handles storage volumes, RAID arrays, LVM, and NFS mounts
• Provides a built-in web terminal for direct shell access

Architecture Overview

Cockpit runs as a systemd socket-activated service that spawns a lightweight web server on demand. The frontend is a single-page JavaScript application that communicates with the system through a WebSocket bridge. Each admin session runs under the user's actual Linux credentials via PAM authentication, so file permissions and sudo rules apply exactly as they would in a terminal. Cockpit reads and writes system state through standard APIs like DBus, NetworkManager, udisks, and the systemd journal.

Self-Hosting & Configuration

• Install from your distribution's package manager — it ships in Fedora, RHEL, Debian, Ubuntu, and SUSE
• Access the UI on port 9090 over HTTPS with a self-signed or custom certificate
• Enable the Podman or Docker module to manage containers from the same dashboard
• Add remote servers to manage multiple machines from a single Cockpit instance
• Extend functionality with official modules for virtual machines (libvirt), Kubernetes, and 389 Directory Server

Key Features

• Zero-config setup — install the package and it works immediately
• Live performance graphs that update without page refreshes
• Podman container management with image pulls, logs, and resource limits
• Virtual machine management through the libvirt integration module
• Multi-server dashboard for monitoring a fleet from one browser tab

Comparison with Similar Tools

• Webmin — traditional web panel with CGI scripts; Cockpit uses modern JavaScript and real-time WebSocket communication
• Portainer — focused on Docker/Kubernetes container management; Cockpit manages the entire Linux host including networking and storage
• Netdata — real-time monitoring and alerting; Cockpit adds system administration capabilities beyond monitoring
• Proxmox VE — hypervisor management for VMs and containers; Cockpit is a general-purpose Linux admin panel
• cPanel/Plesk — commercial hosting control panels; Cockpit is free and focused on server administration rather than web hosting

FAQ

Q: Does Cockpit replace SSH? A: Cockpit includes a web terminal, but most administrators use both. Cockpit complements SSH by providing a visual overview and point-and-click management for common tasks.

Q: Can I manage containers with Cockpit? A: Yes. The cockpit-podman module provides full Podman container management. A Docker module is also available for Docker-based systems.

Q: Is Cockpit safe to leave running on a public server? A: Cockpit uses PAM authentication and HTTPS by default. You should still restrict access via firewall rules or a VPN, just as you would with SSH.

Q: Does it work with SELinux? A: Yes. Cockpit is designed to work with SELinux enabled and ships with the necessary policies in its packages.

Sources

• https://github.com/cockpit-project/cockpit
• https://cockpit-project.org/