initial commit
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Cockpit Connectivity Notes
|
||||
|
||||
## Socket Activation (normal behavior)
|
||||
|
||||
Cockpit is socket-activated — `cockpit.socket` listens on `*:9090` and spawns `cockpit.service` on demand. Seeing `cockpit.service` as `inactive (dead)` is **normal** when no one is connected.
|
||||
|
||||
```
|
||||
cockpit.socket → active (listening) on *:9090
|
||||
cockpit.service → inactive (dead) — wakes on connection
|
||||
```
|
||||
|
||||
## HTTPS required
|
||||
|
||||
Cockpit **refuses plain HTTP**. Always use `https://`:
|
||||
- `https://<hostname>:9090` ✓
|
||||
- `http://<hostname>:9090` ✗ (connection refused or hangs)
|
||||
|
||||
## Self-signed certificate
|
||||
|
||||
Cockpit uses a self-signed cert by default. Browsers show a warning that must be bypassed (click "Advanced" → "Proceed").
|
||||
|
||||
## Tailscale access
|
||||
|
||||
With Tailscale installed on the server, access Cockpit via the Tailscale IP:
|
||||
```
|
||||
https://<tailscale-ip>:9090
|
||||
```
|
||||
No firewall changes needed — Cockpit listens on `*:9090` which includes the `tailscale0` interface. Same HTTPS + self-signed cert caveats apply.
|
||||
Reference in New Issue
Block a user