Managing your server with Cockpit on Ubuntu 19.04

Cockpit is a web-interface for server administration.  It makes it easy to configure your system, open a terminal, view logs, or manage users–right in your browser.

Prerequisites

  • Server running Ubuntu 19.04
  • User with sudo permissions
  • An SSL certificate (optional but recommended)
  • DNS Record

Install cockpit and Log in

To get started, we’ll first need to install the Cockpit package on our Linux system:

   sudo apt-get install cockpit cockpit-packagekit

Then we’ll need to enable the Cockpit service:

  sudo systemctl enable --now cockpit.socket

After Cockpit is installed, you can access the web interface by navigating to the following in your web browser, replacing with the server’s public IP address:

https://:9090

Depending on your browser settings, you may be greeted with a warning about the SSL certificate being invalid, which is common for self-signed certificates like the default one installed with Cockpit.  We’ll replace this with a Let’s Encrypt certificate later, but for now go ahead and accept the warning.

After you’ve accepted the security warning, you’ll be able to login to Cockpit using a system user.  Check the box for “Reuse my password for privileged tasks” in order for your user to use sudo to perform actions that require elevated permissions.

Now that we’re logged in, we can see the Cockpit dashboard that has some basic information about our system and some system load stats from the last few minutes.

View system logs

  • Cockpit makes a great log viewer, showing real time system logs that can be filtered by severity and date.

Create Users

To create a new user with Cockpit, click on “Accounts” on the left panel, which will bring up a list of user accounts. Next, click “Create Account” and fill in the user information.

After a user has been created, clicking on their account will allow you to edit user information and allow you to give them roles such as “Server Administrator” (sudo) or “Container Administrator.”   Additionally, you can upload ssh keys or lock user accounts.

Update software

To update software packages using Cockpit, first select “Software Updates” from the left-hand menu. You can manually check for updates by clicking “Check for Updates”.

If you’re ready to install packages, select “Install Security Updates” to install only the most critical updates, or “Install All Updates” to update all packages on the system.

Terminal access

Selecting “Terminal” will give you the option to use an in-browser terminal as an alternative to logging into the server using ssh.

Install a custom SSL certificate (optional but recommended)

This is a recommended step to add an additional security layer by replacing the default SSL certificate with a certificate from a trusted source accepted by all major browsers:

  • Setup a DNS record pointing the IP address of your server.
  • Acquire an SSL certificate from a Trusted Provider, we recommend Let’s Encrypt.
  • Login to your server as a sudo user.
  • Copy your signed ssl certificate and key into the appropriate folder:
    sudo cp certificate.cert /etc/cockpit/ws-certs.d/
    sudo cp certificate.key /etc/cockpit/ws-certs.d/
  • To verify which certificate Cockpit will load, use the remotectl command:
    sudo remotectl certificate
    certificate: /etc/cockpit/ws-certs.d/certificate.cert

Now you can do basic server administration right in your browser using Cockpit.  Additional plugins allow for you to administer containers, manage virtual machines, and collect system metrics which we will explore in future articles.

Leave a Reply

Your email address will not be published. Required fields are marked *