986 B
986 B
Cockpit Connectivity Notes
Socket Activation (normal behavior)
Cockpit is socket-activated — cockpit.socket listens on *:9090 and spawns cockpit.service on demand. Seeing cockpit.service as inactive (dead) is normal when no one is connected.
cockpit.socket → active (listening) on *:9090
cockpit.service → inactive (dead) — wakes on connection
HTTPS required
Cockpit refuses plain HTTP. Always use https://:
https://<hostname>:9090✓http://<hostname>:9090✗ (connection refused or hangs)
Self-signed certificate
Cockpit uses a self-signed cert by default. Browsers show a warning that must be bypassed (click "Advanced" → "Proceed").
Tailscale access
With Tailscale installed on the server, access Cockpit via the Tailscale IP:
https://<tailscale-ip>:9090
No firewall changes needed — Cockpit listens on *:9090 which includes the tailscale0 interface. Same HTTPS + self-signed cert caveats apply.