Cockpit Guide |
---|
cockpit-wscockpit-ws — Cockpit web service |
cockpit-ws
[--help
] [--port
PORT
] [--no-tls
] [--local-ssh
] [--address
ADDRESS
]
The cockpit-ws program is the web service component used for communication between the browser application and various configuration tools and services like cockpit-bridge(8).
Users or administrators should never need to start this program as it automatically started by systemd(1) on bootup.
To specify the TLS certificate the web service should use, simply
drop a file with the extension .cert
in the
/etc/cockpit/ws-certs.d
directory. If there are
multiple files in this directory, then the highest priority one
is chosen after sorting.
The .cert
file should contain at least two
OpenSSL style PEM blocks. First one or more BEGIN CERTIFICATE
blocks for the server certificate and intermediate certificate authorities
and a last one containing a BEGIN PRIVATE KEY
or similar.
The key may not be encrypted.
If there is no TLS certificate, a self-signed certificate is
automatically generated using openssl and stored in
the 0-self-signed.cert
file. To check which certificate
cockpit-ws will use run the following command.
$ sudo remotectl certificate
If using certmonger
to manage certificates, following command can
be used to automatically prepare concatenated .cert
file:
CERT_FILE=/etc/pki/tls/certs/$(hostname).pem KEY_FILE=/etc/pki/tls/private/$(hostname).key getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) -C "sed -n w/etc/cockpit/ws-certs.d/50-from-certmonger.cert ${CERT_FILE} ${KEY_FILE}"
When started via systemd(1) then cockpit-ws will exit after 90 seconds if nobody logs in, or after the last user is disconnected.
|
Show help options. |
|
Normally cockpit-ws uses
cockpit-session and PAM to authenticate the user and start a
user session. With this option enabled, it will instead authenticate via SSH at
|
|
Serve HTTP requests |
|
Bind to address |
|
Don't use TLS. |
The cockpit-ws process will use the XDG_CONFIG_DIRS
environment variable from the
XDG
basedir spec to find its
cockpit.conf(5)
configuration file.
In addition the XDG_DATA_DIRS
environment variable from the
XDG
basedir spec
can be used to override the location to serve static files from. These are the files that
are served to a non-logged in user.