Linux Cockpit Notes

1. What is Cockpit?

Cockpit is a web-based graphical interface for servers, intended for everyone, especially those who are:
* new to Linux
* familiar with Linux
* expert admins

Cockpit makes Linux discoverable. You don’t have to remember commands at a command-line.

See your server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs. Basically, you can think of Cockpit like a graphical “desktop interface”, but for individual servers.

— https://cockpit-project.org/

2. Install

2.1. Install Cockpit

  1. Install

    Ubuntu
    sudo apt update && sudo apt install -y cockpit
    Fedora
    sudo dnf -y install cockpit

  2. Enable

    sudo systemctl enable --now cockpit.socket

2.2. Install Native Cockpit Applications

  1. Launch Cockpit via https://hostname:9090

  2. Enable Administrative access by clicking the Limited access button followed by authenticating with your password.

  3. Click the Applications menu item

  4. Install the following appplications and click the Install button to install them.

    1. Files

    2. Machines

    3. Podman

    4. SELinux

2.3. Install 3rd Party Cockpit Applications

2.3.1. ZFS

  • Doc is here.

    1. cd into your home folder

      cd

    2. Download git repo

      git clone https://github.com/45drives/cockpit-zfs-manager.git

    3. Copy

      sudo cp -r cockpit-zfs-manager/zfs /usr/share/cockpit

    4. Restart Cockpit

      sudo systemctl restart cockpit

2.3.2. File Sharing (DEB Systems)

  • This is a Cockpit plugin for managing Samba and NFS shares

    1. Via the following URL, open the following in a browser to identify the latest rpm release package from:

      https://github.com/45Drives/cockpit-file-sharing/releases

    2. Install the release package

      Example
      sudo dnf -y install https://github.com/45Drives/cockpit-file-sharing/releases/download/v4.2.9-8/cockpit-file-sharing-4.2.9-8.el8.noarch.rpm

2.4. Install Cockpit MFA Support

Copilot with GPT-4 generated the install steps.

  1. Install Packages

    Ubuntu
    sudo apt-get install libpam-google-authenticator libqrencode-dev -y
    Fedora
    sudo dnf -y install libpam-google-authenticator libqrencode-dev

  2. Generate the MFA Secret

    Run the google-authenticator command with the appropriate flags. This will generate a QR code that you can scan with your authenticator app, as well as some backup codes. Make sure to save these in a safe place:

    google-authenticator -t -d -f -r 3 -R 30 -W -Q UTF8

  3. Configure PAM

    Add the Google Authenticator module to the PAM configuration for Cockpit. This can be done by appending a line to the /etc/pam.d/cockpit file:

    sudo bash -c 'echo "auth required pam_google_authenticator.so nullok" >> /etc/pam.d/cockpit'

  4. Restart Cockpit

    sudo systemctl restart cockpit

  5. Test MFA

    Log out of Cockpit and log back in. You should be prompted to enter your username and password, followed by a one-time password (OTP) generated using the ffx provider.

    That’s it! You have now added MFA to Cockpit.

    Remember to keep your secret key secure and do not share it with anyone

  6. Configure Nginx Proxy Manager entry with:

    1. Websockets Support

    2. Scheme: https