Vultr DocsLatest Articles

How to Install Cockpit on Rocky Linux 9

Rocky LinuxCockpit
Updated on February 14, 2025
How to Install Cockpit on Rocky Linux 9 header image

Cockpit is an open-source web-based control panel used to perform system administration tasks, including service management, monitoring applications, devices, and resources on Linux. Cockpit supports multiple addon modules and applications that extend its functionality to run or manage multiple system components.

This article explains how to install Cockpit on Rocky Linux 9 and manage the server.

Prerequisites

Before you begin, you need to:

Install Cockpit

Cockpit is installed but not active on most Rocky Linux 9 instances by default. You can install Cockpit using the DNF package manager if it’s not available and activate it using systemd. Follow the steps below to install Cockpit on Rocky Linux 9.

  1. Update the server's package index.

    console 
    $ sudo dnf update

  2. Install Cockpit.

    console 
    $ sudo dnf install cockpit -y

  3. Enable Cockpit to automatically start at boot.

    console 
    $ sudo systemctl enable cockpit.socket

    Output:

    Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.

  4. Start the Cockpit system service.

    console 
    $ sudo systemctl start cockpit

  5. Verify that the Cockpit service is active and running.

    console 
    $ sudo systemctl status cockpit

    Output:

    ● cockpit.service - Cockpit Web Service
     Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static)
     Active: active (running) since Wed 2025-02-12 10:11:04 UTC; 4s ago
TriggeredBy: ● cockpit.socket
       Docs: man:cockpit-ws(8)
    Process: 62303 ExecStartPre=/usr/libexec/cockpit-certificate-ensure --for-cockpit-tls (code=exited, status=0/SUCCESS)
   Main PID: 62322 (cockpit-tls)
      Tasks: 1 (limit: 4424)
     Memory: 1.9M
        CPU: 1.328s
     CGroup: /system.slice/cockpit.service
             └─62322 /usr/libexec/cockpit-tls

Feb 12 10:11:03 cockpit-test systemd[1]: Starting Cockpit Web Service...
Feb 12 10:11:04 cockpit-test systemd[1]: Started Cockpit Web Service.

  6. Create a dedicated non-root user such as cockpit-admin to manage Cockpit.

    console 
    $ sudo adduser cockpit-admin

  7. Assign the user a strong password.

    console 
    $ sudo passwd cockpit-admin

  8. Add the user to the wheel sudo users group to perform administrative tasks using Cockpit.

    console 
    $ sudo usermod -aG wheel cockpit-admin

Secure Cockpit with Trusted SSL Certificates

Cockpit uses the TCP port 9090 by default to handle incoming network connections without end-to-end encryption using plain HTTP. Encrypting connections to the Cockpit port enables secure data transfer and authentication using HTTPS on all client web browsers. Follow the steps below to generate trusted SSL certificates using your domain to encrypt connections to the Cockpit control panel interface.

  1. Confirm the Firewalld status and verify that it's active on your server.

    console 
    $ sudo systemctl status firewalld

    • Install Firewalld and allow SSH connections if its not available.

      console 
      $ sudo dnf install firewalld -y && sudo systemctl start firewalld && sudo firewall-cmd --permanent --add-service=ssh

  2. Temporarily allow HTTP network connections to enable Let’s Encrypt validations.

    console 
    $ sudo firewall-cmd --add-service=http --permanent

  3. Restart Firewalld to apply the firewall changes.

    console 
    $ sudo firewall-cmd --reload

  4. Enable the EPEL repository.

    console 
    $ sudo dnf install epel-release -y

  5. Install the Certbot Let’s Encrypt client.

    console 
    $ sudo dnf install certbot -y

  6. Request for a new SSL certificate from Let’s Encrypt using your domain. Replace cockpit.example.com with your domain and admin@example.com with your email.

    console 
    $ sudo certbot certonly --standalone -d cockpit.example.com -m admin@example.com --agree-tos

    Your output should appear like the one below when the certificate is generated.

    Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cockpit.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/cockpit.example.com/privkey.pem
This certificate expires on 2025-05-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  7. Test the Certbot automatic renewal process.

    console 
    $ sudo certbot renew --dry-run

  8. Link the fullchain.pem SSL certificate to the /etc/cockpit/ws-certs.d Cockpit directory.

    console 
    $ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/fullchain.pem /etc/cockpit/ws-certs.d/certificate.cert

    The above command links the SSL certificate file to the Cockpit SSL certificates directory as cockpit.cert. Linking the certificate ensures that it’s auto-renewed upon expiry.

  9. Link the privkey.pem private key file to the /etc/cockpit/ws-certs.d Cockpit directory.

    console 
    $ sudo ln -sf /etc/letsencrypt/live/cockpit.example.com/privkey.pem /etc/cockpit/ws-certs.d/certificate.key

  10. Restart Cockpit to apply the SSL configuration changes.

    console 
    $ sudo systemctl restart cockpit

  11. Allow network connections to the Cockpit port 9090 through the firewall.

    console 
    $ sudo firewall-cmd --permanent --add-port=9090/tcp

  12. Restart Firewalld to apply the firewall configuration changes.

    console 
    $ sudo firewall-cmd --reload

Access Cockpit

You can access the Cockpit web console using its default port 9090. To define a different port, modify the cockpit.conf file with a new port directive. Follow the steps below to access Cockpit and manage your Rocky Linux 9 server.

  1. Access port 9090 using your domain in a new web browser window to open the Cockpit login page.

    https://cockpit.example.com:9090

  2. Log in to the Cockpit web console using the cockpit-admin non-root sudo user details you created earlier.

    Login to Cockpit

    The root user login is disabled, and you can only use non-root users to access Cockpit. Sudo users can perform administrative tasks using Cockpit, while regular non-root users can view active processes, system information, and resources.

Manage a Rocky Linux 9 Server Using Cockpit

You can manage a Rocky Linux 9 server using Cockpit to install packages, monitor system processes, manage users, and enable or disable specific features. Follow the steps below to manage your Rocky Linux 9 server using the Cockpit web console.

  1. Click Turn on administrative access within the Cockpit interface and enter your sudo user password to enable administrative privileges.

    Turn on Administrative access

  2. Monitor the server status and basic information within the Overview tab, including Health, Usage,`System information, and Configuration.

  3. Click Logs on the main navigation menu to monitor the server logs. Click last 24 hours to change the duration, Priority to set the log type, Identifier, and Filters to modify your log results.

    Click Logs

  4. Click Storage to manage the server’s storage devices, view the status and read-write information.

    Click Storage

  5. Click Networking to monitor the incoming and outgoing network traffic statistics. Monitor your server’s network interfaces within the Interfaces section and view all traffic logs within the Network logs section.

    Manage Networking

  6. Click Accounts to manage user accounts and groups. Click Create new group to add a new group on your Rocky Linux 9 server and click Create new account to enter a new user's details, then click Create a non-root user account.

    Manage Accounts

  7. Click Services to manage all system and user services. Click the Targets,Sockets,Timers, and Paths tabs to filter the additional service types.

    Manage Services

  8. Click Applications to manage the Cockpit addon applications on your server. Click Install if you receive an application information is missing prompt to update the application information.

    Manage Applications

  9. Click Diagnostic reports to manage the system reports and click Run report to generate an SOS report to diagnose problems on your Rocky Linux 9 server.

    Manage Reports

  10. Click Kernel dump to manage the kdump system service to recover your Kernel configurations in case of errors.

    Manage Kernel Dumps

  11. Click SELinux to manage the SELinux policy and monitor any access control errors on your system.

    Manage SELInux

  12. Click Software updates to monitor all install applications, update, restart, and update packages. Monitor your general packages status within the Status tab and click Restart services to restart installed packages. Monitor the Available updates section and click Install all updates or Install security updates to update your Rocky Linux 9 server.

    Manage Software Updates

  13. Click Terminal to open a new terminal session and manage your server using Cockpit. Click Font size and Appearance to modify the terminal display.

Note
Continuously monitor the Cockpit interface for error and warning icons to manage the specific component on your Rocky Linux 9 server.

Install Cockpit-Podman to Deploy Containerized Applications

Cockpit-Podman is an addon application for Cockpit that allows you to deploy containerized applications on your Rocky Linux 9 server. Follow the steps below to install the Cockpit-Podman application in your terminal session.

  1. Click Terminal to open a new session.

    Open Terminal

  2. Update the server.

    console 
    $ sudo dnf update

  3. Install the Cockpit module.

    console 
    $ sudo dnf install cockpit-podman -y

  4. Refresh the Cockpit interface to apply the Cockpit-Podman changes.

  5. Click Podman Containers to manage container images and containers on your Rocky Linux 9 server.

  6. Click Start Podman to start the Podman service on your server.

  7. Click Create Container to open the container setup page.

    Create Podman Containers

  8. Click Image within details to search for your target container image in all available registries. For example, enter docker.io/nginx and select the official build image for Nginx.

  9. Enter the following command to replace existing contents in the Command field.

    console 
    sh -c "echo '<h1>The Nginx Container is Running!....Greetings from Vultr</h1>' > /usr/share/nginx/html/index.html && nginx -g 'daemon off;'"

  10. Click Integration, and select Add port mapping to map the container ports to the host. Maintain IP address as an empty field, enter 80 in the Host port and Container port fields, respectively.

    Map Container Ports

  11. Click Create and run to deploy the container application using Podman on your server.

  12. Monitor the container deployment within Containers and click the container to manage it.

    Monitor Active Containers

  13. Access your Rocky Linux 9 server’s IP address in a new web browser window and confirm that your custom web application page displays well.

    Nginx page with a custom Greetings from Vultr message

Conclusion

You have successfully installed Cockpit on your Rocky Linux 9 server and installed Cockpit-Podman as an additional module to manage the server. Cockpit is a powerful web-based control panel you can use to manage all aspects of your server. For more details, visit the Cockpit documentation.