29 lines
986 B
Markdown
29 lines
986 B
Markdown
# Cockpit Connectivity Notes
|
|
|
|
## Socket Activation (normal behavior)
|
|
|
|
Cockpit is socket-activated — `cockpit.socket` listens on `*:9090` and spawns `cockpit.service` on demand. Seeing `cockpit.service` as `inactive (dead)` is **normal** when no one is connected.
|
|
|
|
```
|
|
cockpit.socket → active (listening) on *:9090
|
|
cockpit.service → inactive (dead) — wakes on connection
|
|
```
|
|
|
|
## HTTPS required
|
|
|
|
Cockpit **refuses plain HTTP**. Always use `https://`:
|
|
- `https://<hostname>:9090` ✓
|
|
- `http://<hostname>:9090` ✗ (connection refused or hangs)
|
|
|
|
## Self-signed certificate
|
|
|
|
Cockpit uses a self-signed cert by default. Browsers show a warning that must be bypassed (click "Advanced" → "Proceed").
|
|
|
|
## Tailscale access
|
|
|
|
With Tailscale installed on the server, access Cockpit via the Tailscale IP:
|
|
```
|
|
https://<tailscale-ip>:9090
|
|
```
|
|
No firewall changes needed — Cockpit listens on `*:9090` which includes the `tailscale0` interface. Same HTTPS + self-signed cert caveats apply.
|