Cockpit Setup with Reverse Proxy
By Taha • 3 minutes read •
In this guide, I will use Fedora 41 Cloud Edition as the base operating system. Some steps may vary depending on the distribution you are using.
- Cockpit is a web-based server management tool that allows you to monitor and manage multiple servers from a single interface. It provides an easy-to-use dashboard that displays system information and logs. In this guide I will show you how to install Cockpit on your server and set it up behind a reverse proxy.
Step 1: Install Cockpit
The first step is to install Cockpit on your server. You can do this by running command:
For Debian/Ubuntu:
For CentOS/RHEL:
For arch-based distros:
Step 2: Enable and Start Cockpit
Once Cockpit is installed, you need to enable and start the Cockpit service. You can do this by running the following commands:
Step 3: Configure Firewall for Testing Cockpit
If a firewall is enabled on your server and you are not using a reverse proxy, you will need to allow traffic on port 9090 (the default Cockpit port). You can do this by running the following commands:
For UFW:
For FirewallD:
Step 4: Access Cockpit Web Interface
Once Cockpit is installed and running, you can access the web interface by navigating to
https://your-server-ip:9090in your web browser. You will be prompted to log in with your server username and password.
If you get the Cockpit login page, then you have successfully installed Cockpit. Then you can close the cockpit port 9090 as follows:
For UFW:
For FirewallD:
Step 5: Set Up Reverse Proxy
To use Cockpit behind a reverse proxy, you need to configure your web server to forward requests to the Cockpit service. Here is a sample configuration for web servers:
Apache
Create a new Apache configuration file for your domain:
Add the following configuration to the file:
<VirtualHost *:80> ServerName your-domain.com Redirect permanent / https://your-domain.com/ </VirtualHost> <VirtualHost *:443> ServerName your-domain.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem ProxyPass / http://localhost:9090/ ProxyPassReverse / http://localhost:9090/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>Save the configuration file and reload Apache:
Caddy
Note: If you don’t have Caddy installed, you can follow this guide to install it.
Open the Caddyfile for editing:
Add the following configuration to the file:
your-domain.com { ... reverse_proxy localhost:9090 }Note: Replace
your-domain.comwith your actual domain name.Note: If you want to use authorization with Caddy, you can follow this guide.
Save the Caddyfile and reload Caddy:
Nginx
Create a new Nginx configuration file for your domain:
Add the following configuration to the file:
server { listen 80; listen [::]:80; server_name your-domain.com; rewrite ^ https://$host$request_uri? permanent; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name your-domain.com; ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass http://localhost:9090; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }Save the configuration file and enable the site:
Then you can access Cockpit by navigating to
https://your-domain.comin your web browser.
Conclusion
- In this guide, we have shown you how to install Cockpit on your server and set it up behind a reverse proxy. Cockpit provides a user-friendly interface for managing your server, and using a reverse proxy allows you to access it securely over the internet.