Files
hermes-config/skills/devops/cockpit-custom-packages/references/cockpit-connectivity.md
T
2026-07-12 10:17:17 -04:00

986 B

Cockpit Connectivity Notes

Socket Activation (normal behavior)

Cockpit is socket-activated — cockpit.socket listens on *:9090 and spawns cockpit.service on demand. Seeing cockpit.service as inactive (dead) is normal when no one is connected.

cockpit.socket  → active (listening) on *:9090
cockpit.service → inactive (dead) — wakes on connection

HTTPS required

Cockpit refuses plain HTTP. Always use https://:

  • https://<hostname>:9090
  • http://<hostname>:9090 ✗ (connection refused or hangs)

Self-signed certificate

Cockpit uses a self-signed cert by default. Browsers show a warning that must be bypassed (click "Advanced" → "Proceed").

Tailscale access

With Tailscale installed on the server, access Cockpit via the Tailscale IP:

https://<tailscale-ip>:9090

No firewall changes needed — Cockpit listens on *:9090 which includes the tailscale0 interface. Same HTTPS + self-signed cert caveats apply.