How To Install Cockpit on AlmaLinux 10

Modern server management demands efficiency and accessibility. System administrators need tools that simplify complex tasks while maintaining security and performance. Cockpit, a powerful web-based server management interface, delivers exactly that for AlmaLinux 10 systems. This comprehensive guide walks through the complete installation and configuration process, from initial setup to advanced usage scenarios.

What is Cockpit?

Cockpit is an open-source, web-based graphical interface designed for Linux server management. It provides system administrators with an intuitive dashboard accessible through any modern web browser. Unlike traditional GUI tools that require desktop environments, Cockpit operates independently and leverages existing system APIs without interfering with command-line workflows.

The interface connects directly to system services through systemd, offering real-time monitoring and management capabilities. Developed and maintained by Red Hat, Cockpit has become a standard component in enterprise Linux distributions, including AlmaLinux 10. It uses socket activation technology, which means the service consumes minimal system resources until actively accessed. This efficient design makes Cockpit suitable for production servers where resource optimization matters.

Browser compatibility is excellent, with full support for Mozilla Firefox, Google Chrome, Microsoft Edge, and Apple Safari. The responsive design adapts to different screen sizes, enabling server management from desktop computers, tablets, or even smartphones.

Key Features of Cockpit

Cockpit delivers comprehensive server management functionality through its modular architecture. The dashboard provides real-time system monitoring with live graphs showing CPU usage, memory consumption, network throughput, and disk I/O statistics. These metrics update continuously, allowing administrators to identify performance bottlenecks immediately.

Service management integrates seamlessly with systemd, offering complete control over system services. Start, stop, restart, enable, or disable services with single clicks. The interface displays service status, dependencies, and recent log entries all in one location. This eliminates the need to memorize systemctl commands for routine operations.

User and group administration becomes straightforward through the graphical interface. Create new accounts, modify passwords, adjust group memberships, and configure user permissions without touching configuration files directly. The system maintains proper security practices while simplifying administrative tasks.

The integrated log viewer aggregates system logs with powerful filtering capabilities. Search across all log files simultaneously, filter by severity level, or focus on specific time ranges. This feature proves invaluable during troubleshooting sessions when correlating events across multiple system components.

Terminal access is built directly into the web interface, providing command-line functionality without separate SSH sessions. Execute commands, run scripts, or perform advanced configurations while maintaining the convenience of browser-based access. Network configuration tools support interface management, IP address assignment, routing tables, and firewall rules.

Storage management extends to advanced operations including LVM configuration, RAID arrays, partition management, and filesystem operations. The cockpit-storaged module enables these capabilities through an intuitive interface that visualizes complex storage topologies. Software updates become manageable through the PackageKit integration, which displays available updates, handles dependencies, and applies patches safely.

Container support arrives through the cockpit-podman module, enabling Docker-compatible container management without leaving the web interface. Multi-server management allows controlling multiple systems from a single dashboard, streamlining operations across infrastructure.

Benefits of Using Cockpit on AlmaLinux 10

AlmaLinux 10 represents the latest stable release, offering binary compatibility with Red Hat Enterprise Linux 10. This compatibility ensures Cockpit integrates seamlessly with the AlmaLinux ecosystem, leveraging shared development efforts and security updates. The recent AlmaLinux 10 release includes enhanced security features, updated kernel, and improved hardware support.

Resource efficiency stands as a primary advantage. Cockpit’s socket activation design means the web service only runs when actively accessed. When idle, the system experiences zero overhead from Cockpit. This contrasts sharply with traditional management tools that continuously consume memory and CPU cycles.

Security features include HTTPS encryption by default, role-based access control, and integration with existing system authentication mechanisms. PAM (Pluggable Authentication Modules) support enables flexible authentication strategies including two-factor authentication when properly configured. Remote access capabilities transform server management, allowing administrators to handle emergencies from any location with internet connectivity.

The learning curve is gentle. Newcomers to Linux administration can accomplish tasks through the graphical interface while gradually learning command-line equivalents. Experienced administrators benefit from quick access to routine operations without sacrificing their preferred terminal-based workflows.

AlmaLinux 10’s frame pointers support and updated security policies work harmoniously with Cockpit’s architecture. The combination delivers robust server management with modern security standards.

Prerequisites

Before installing Cockpit on AlmaLinux 10, verify these requirements are met. The system should run a fresh or existing AlmaLinux 10 installation. Both server and workstation editions support Cockpit equally well.

Root access or a user account with sudo privileges is mandatory for installation and configuration. Most administrative tasks within Cockpit also require elevated permissions. An active internet connection enables downloading packages from AlmaLinux repositories.

System specifications are minimal. Any server capable of running AlmaLinux 10 can handle Cockpit efficiently. However, for optimal performance when managing multiple systems, at least 2GB RAM and 20GB available disk space is recommended.

Basic familiarity with Linux command-line operations helps during installation, though the process is straightforward. The firewalld service typically runs by default on AlmaLinux 10, which simplifies the firewall configuration step. A static IP address or resolvable hostname makes accessing the web interface more convenient, though dynamic addresses work equally well.

Step 1: Update the System

System updates ensure all installed packages reflect the latest security patches and bug fixes. Before installing new software, bringing the system current prevents potential conflicts and ensures compatibility. Connect to the AlmaLinux 10 server via SSH or access a local terminal.

Execute the update command with root privileges:

sudo dnf update -y

The DNF package manager checks all configured repositories for newer package versions. The -y flag automatically confirms the update process without prompting for user input. This command may take several minutes depending on the number of packages requiring updates and internet connection speed.

For comprehensive updates including system upgrades:

sudo dnf upgrade -y

Verify the current AlmaLinux version:

cat /etc/almalinux-release

This command displays the exact AlmaLinux version installed. Kernel updates may require a system reboot to take effect. If the update process installs a new kernel, restart the server:

sudo reboot

After rebooting, reconnect to the server and confirm the new kernel is active:

uname -r

Step 2: Install Cockpit

AlmaLinux 10 includes Cockpit in the default AppStream repository, eliminating the need for third-party sources. The installation process is streamlined and straightforward. Install the main Cockpit package using DNF:

sudo dnf install cockpit -y

The package manager resolves dependencies automatically and installs all required components. The installation includes the core Cockpit framework, web server components, and essential system integration modules. This process typically completes in under a minute on most internet connections.

Verify successful installation by querying installed packages:

rpm -qa | grep cockpit

This command lists all installed packages with “cockpit” in their names. The output should display cockpit along with its dependencies. Typical installations show packages like cockpit-bridge, cockpit-system, and cockpit-ws (web service).

Check the installed Cockpit version:

cockpit-bridge --version

Confirming the version ensures the installation completed successfully and helps when troubleshooting or seeking support.

Step 3: Install Additional Cockpit Modules

The base Cockpit installation provides core functionality, but optional modules extend capabilities significantly. These modules integrate specialized management tools for storage, networking, package management, and containers.

The cockpit-storaged module enables advanced storage management operations. This includes creating and managing LVM logical volumes, configuring RAID arrays, partitioning disks, formatting filesystems, and monitoring storage health. Install it with:

sudo dnf install cockpit-storaged -y

Network configuration becomes more powerful with cockpit-networkmanager:

sudo dnf install cockpit-networkmanager -y

This module provides graphical tools for managing network interfaces, bonds, bridges, VLANs, and connection profiles.

Software package management through the web interface requires cockpit-packagekit:

sudo dnf install cockpit-packagekit -y

This module enables viewing available updates, searching package repositories, installing new software, and removing unwanted packages—all through the browser interface.

Container management capabilities arrive via cockpit-podman:

sudo dnf install cockpit-podman -y

The Podman integration allows managing containers, images, volumes, and networks without command-line operations. This module is particularly valuable for administrators deploying containerized applications.

Install multiple modules simultaneously:

sudo dnf install cockpit-storaged cockpit-networkmanager cockpit-packagekit cockpit-podman -y

Each module activates automatically after installation, immediately appearing in the Cockpit interface sidebar. The modular design keeps the base installation lightweight while allowing customization based on specific needs.

Step 4: Enable and Start Cockpit Service

Cockpit uses systemd socket activation for efficient resource management. This technology means Cockpit’s web service only starts when a browser connects to port 9090. Enable the Cockpit socket to start automatically at system boot:

sudo systemctl enable --now cockpit.socket

The --now flag combines two operations: enabling the socket at boot time and starting it immediately. This single command accomplishes both tasks efficiently.

Verify the socket is active and listening:

sudo systemctl status cockpit.socket

The output should display “active (listening)” in green text, confirming Cockpit is ready to accept connections. Look for lines indicating the socket is listening on port 9090.

Confirm the socket is enabled for automatic startup:

sudo systemctl is-enabled cockpit.socket

This command returns “enabled” when configured correctly. If the socket fails to start, examine the system logs for error messages:

sudo journalctl -u cockpit.socket

The journalctl command displays detailed logs for the Cockpit socket, revealing any configuration issues or errors preventing proper operation. Common problems include port conflicts, missing dependencies, or SELinux policy restrictions.

Understanding the difference between cockpit.socket and cockpit.service is important. The socket file tells systemd to listen on port 9090 and launch cockpit.service only when connections arrive. This on-demand activation saves system resources compared to continuously running services.

Step 5: Configure Firewall Rules

AlmaLinux 10 ships with firewalld enabled by default for network security. Allow incoming connections to Cockpit’s web interface through the firewall. The firewalld service includes a predefined service definition for Cockpit, simplifying configuration.

Add the Cockpit service to the firewall permanently:

sudo firewall-cmd --permanent --add-service=cockpit

The --permanent flag ensures this rule persists across system reboots. Temporary rules disappear when firewalld restarts or the system reboots. Reload firewall rules to activate the new configuration:

sudo firewall-cmd --reload

Verify the Cockpit service is now allowed:

sudo firewall-cmd --list-services

The output should include “cockpit” among the allowed services. Alternatively, check which ports are open:

sudo firewall-cmd --list-ports

Display complete firewall zone configuration:

sudo firewall-cmd --list-all

This comprehensive view shows the active zone, interfaces, services, ports, and other firewall settings. If the command returns a warning like “ALREADY_ENABLED: cockpit,” the firewall rule already exists. This warning is harmless and can be safely ignored.

For enhanced security, restrict Cockpit access to specific IP addresses. For example, allowing only connections from 192.168.1.0/24 network:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="cockpit" accept'
sudo firewall-cmd --reload

This approach limits exposure by permitting access only from trusted networks.

Step 6: Access the Cockpit Web Interface

With installation and configuration complete, access Cockpit through any modern web browser. Open Firefox, Chrome, Edge, or Safari and navigate to:

https://server-ip-address:9090

Replace “server-ip-address” with the AlmaLinux 10 server’s actual IP address. For local installations, use:

https://localhost:9090

Or access via hostname if DNS is configured:

https://server-hostname:9090

The browser will display a security warning about an untrusted SSL certificate. This occurs because Cockpit generates a self-signed certificate during installation. Self-signed certificates provide encryption but aren’t validated by trusted certificate authorities. For internal networks and testing environments, accepting this certificate is safe.

In Firefox, click “Advanced” then “Accept the Risk and Continue.” Chrome users should click “Advanced” followed by “Proceed to server-ip (unsafe).” These warnings are expected and don’t indicate actual security problems with properly installed Cockpit instances.

For production environments, replace the self-signed certificate with a certificate from Let’s Encrypt or another trusted authority. This eliminates browser warnings and provides verifiable encryption.

The Cockpit login page displays the AlmaLinux logo and a login form. The interface is clean, professional, and responsive across different screen sizes. Chrome browsers may display blank screens with self-signed certificates. If this occurs, switch to Firefox or install a valid SSL certificate.

Step 7: Login to Cockpit

Cockpit authentication uses existing Linux system accounts. Any valid user can log in, provided they have appropriate permissions. Enter a username and password for an account on the AlmaLinux 10 system.

The login page includes a checkbox labeled “Reuse my password for privileged tasks.” Enabling this option allows Cockpit to use the entered password for sudo operations without repeatedly prompting. This convenience feature works only for users with sudo privileges.

Users without sudo access can still log in and view system information but cannot perform administrative tasks. The interface adapts to user permissions, hiding unavailable options automatically.

Click “Log In” to authenticate. Initial login may take a few seconds as Cockpit establishes the session and loads system information. After successful authentication, the dashboard appears displaying system overview metrics.

Authentication failures trigger clear error messages. Common issues include incorrect passwords, disabled accounts, or PAM configuration problems. Check system authentication logs if login problems persist:

sudo journalctl -u cockpit.service | grep authentication

Security best practices recommend using non-root accounts for regular operations. While root login is possible, it requires modifying configuration files. Edit the disallowed users list:

sudo nano /etc/cockpit/disallowed-users

Comment out or remove the “root” line, then restart Cockpit:

sudo systemctl restart cockpit.socket

However, using sudo-enabled regular accounts provides better security and audit trails.

Step 8: Create a Dedicated Admin User

Creating a dedicated administrative account enhances security and operational clarity. This approach separates management activities from regular system operations. Create a new user specifically for Cockpit administration:

sudo adduser cockpitadmin

The adduser command creates the account with default settings. Set a strong password for this account:

sudo passwd cockpitadmin

Choose a complex password combining uppercase letters, lowercase letters, numbers, and special characters. Password strength is critical for accounts with administrative privileges.

Grant sudo privileges by adding the user to the wheel group:

sudo usermod -aG wheel cockpitadmin

Members of the wheel group can execute commands with sudo. Verify group membership:

groups cockpitadmin

The output should list “wheel” among the user’s groups. Test sudo access by switching to the new account:

su - cockpitadmin
sudo whoami

If configured correctly, the last command returns “root” after entering the cockpitadmin password. This confirms sudo permissions are working properly.

Use this dedicated account for all Cockpit sessions. The practice improves security by limiting direct root access and provides clear audit trails showing which administrator performed specific actions.

Exploring the Cockpit Dashboard

After logging in, the dashboard presents a comprehensive system overview. The interface uses a sidebar navigation menu on the left with the main content area on the right. The overview section displays essential system information at a glance.

Key metrics shown include system hostname, operating system version, kernel version, and hardware details. Real-time graphs visualize CPU usage across all cores, memory consumption including buffers and cache, network traffic for all interfaces, and disk I/O operations.

These graphs update every few seconds, providing live performance monitoring. Hover over graph elements to see specific values at different times. Click graphs to access detailed views with historical data spanning hours or days.

The system health section highlights critical issues requiring attention. Warnings appear for failed services, full filesystems, or available security updates. This at-a-glance health check helps administrators quickly assess system status.

Navigation menu items include System, Logs, Storage, Networking, Accounts, Services, Software Updates, and Terminal. Additional menu items appear when optional modules are installed. For instance, installing cockpit-podman adds a Containers section.

Each section provides specialized tools for its domain. The intuitive layout reduces the learning curve, making complex operations accessible even to administrators new to Linux.

Managing System Services with Cockpit

The Services section provides comprehensive systemd service management. All system services appear in a searchable, filterable list. Each service displays its current state (running, stopped, failed), whether it’s enabled to start at boot, and a brief description.

Start a stopped service by selecting it and clicking the “Start” button. Similarly, stop running services, restart services to apply configuration changes, or reload service configurations without full restarts. Enable services to start automatically at boot or disable automatic startup.

The interface shows service dependencies, helping understand relationships between system components. View detailed service information including recent log entries, resource usage, and configuration file locations. This consolidated view eliminates switching between multiple terminal commands.

Filter services by state to quickly find failed services requiring attention or locate specific services by name using the search function. The streamlined interface makes routine service management faster and more intuitive than memorizing systemctl command syntax.

Monitoring System Performance

Cockpit’s performance monitoring tools provide deep insights into system behavior. The detailed graphs section shows historical data for CPU, memory, network, and disk activity. Adjust time ranges from minutes to days, enabling both real-time monitoring and historical analysis.

CPU graphs break down usage by type: user space applications, system processes, I/O wait time, and steal time (for virtualized systems). This breakdown helps identify whether performance issues stem from application workload, system overhead, or I/O bottlenecks.

Memory graphs distinguish between active memory, cached data, and buffers. Understanding these distinctions helps determine whether the system needs more RAM or is efficiently using available memory for caching.

Network graphs display transmitted and received data separately for each interface. Monitor bandwidth utilization, identify traffic spikes, and verify network configuration changes are working as expected.

Disk graphs show read and write operations per second along with throughput in bytes. These metrics help diagnose storage performance issues and identify I/O-heavy processes.

The performance data helps administrators identify trends, plan capacity upgrades, and troubleshoot performance problems without installing additional monitoring tools.

Managing Users and Groups

The Accounts section simplifies user and group administration. View all system users in a clean list showing usernames, full names, and group memberships. Create new user accounts by clicking “Create New Account” and filling in the required details.

Set user passwords, adjust password expiration policies, and lock or unlock accounts as needed. Modify group memberships by adding or removing users from groups through dropdown menus. Administrative actions take effect immediately without command-line intervention.

Delete user accounts when no longer needed, with options to preserve or remove their home directories. This flexibility supports various user lifecycle management scenarios.

The graphical interface prevents common mistakes like syntax errors in command-line user management commands. Form validation ensures entered data meets system requirements before applying changes.

Network Configuration

The Networking section provides complete network management capabilities. View all network interfaces with their current status, IP addresses, and connection statistics. Configure interface settings including IP address assignment (DHCP or static), subnet masks, default gateways, and DNS servers.

Create network bonds for redundancy and increased throughput. Configure bridges for virtualization environments or VLANs for network segmentation. The interface guides configuration with clear options and explanations.

Firewall management integrates into the networking tools. View active zones, add or remove services, manage port forwarding rules, and configure rich rules for complex firewall scenarios. Changes apply immediately while maintaining existing connections.

Network graphs show real-time and historical traffic for each interface. Monitor bandwidth usage patterns, identify unusual traffic, and verify network configuration changes produce expected results.

Storage Management

The Storage section offers powerful disk and filesystem management. View all storage devices including hard drives, SSDs, USB devices, and optical drives. Each device shows capacity, usage, partitions, and health status when SMART monitoring is available.

Create new partitions, format filesystems with various options (ext4, XFS, Btrfs), and mount or unmount filesystems. The cockpit-storaged module enables LVM operations including physical volume creation, volume group management, and logical volume provisioning.

Configure software RAID arrays through the graphical interface. Create RAID 0, 1, 5, 6, or 10 arrays and monitor their status and synchronization progress. This functionality typically requires complex command-line knowledge but becomes accessible through Cockpit’s interface.

Monitor filesystem usage with visual indicators showing capacity and free space. Set up automatic notifications for filesystems approaching capacity limits, preventing unexpected disk full conditions.

Security Best Practices

Securing Cockpit installations protects against unauthorized access and potential attacks. Change the default port 9090 to a non-standard port by editing the Cockpit configuration:

sudo nano /etc/systemd/system/cockpit.socket.d/listen.conf

Add these lines:

[Socket]
ListenStream=
ListenStream=8443

The empty ListenStream= line clears the default, while the second sets the new port. Reload systemd and restart Cockpit:

sudo systemctl daemon-reload
sudo systemctl restart cockpit.socket

Update firewall rules for the new port:

sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --reload

Replace self-signed certificates with trusted certificates from Let’s Encrypt using certbot:

sudo dnf install certbot -y
sudo certbot certonly --standalone -d your-domain.com

Copy certificates to Cockpit’s directory:

sudo cp /etc/letsencrypt/live/your-domain.com/fullchain.pem /etc/cockpit/ws-certs.d/
sudo cp /etc/letsencrypt/live/your-domain.com/privkey.pem /etc/cockpit/ws-certs.d/

Restart Cockpit to use the new certificates. Implement IP-based access restrictions through firewall rules, limiting connections to specific trusted networks. Configure fail2ban to detect and block brute force authentication attempts.

Keep the system updated with regular security patches. Enable automatic security updates through dnf-automatic:

sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer

Disable root login through Cockpit by ensuring “root” remains in the disallowed-users file. Use strong passwords and consider implementing two-factor authentication through PAM modules. Regular security audits identify potential vulnerabilities before they’re exploited.

SELinux provides additional security layers. Ensure SELinux is in enforcing mode and Cockpit operates within defined security contexts. Review SELinux logs if Cockpit operations fail unexpectedly:

sudo ausearch -m AVC -ts recent

Common Issues and Troubleshooting

Even with proper installation, issues occasionally arise. Understanding common problems and their solutions minimizes downtime. If Cockpit service fails to start, check the socket status first:

sudo systemctl status cockpit.socket

Failed status indicates configuration problems. Review system logs for detailed error messages:

sudo journalctl -u cockpit.socket -n 50

Port conflicts occur when another service uses port 9090. Identify the conflicting process:

sudo netstat -tulpn | grep 9090

Or with modern systems:

sudo ss -tulpn | grep 9090

Change Cockpit’s port or stop the conflicting service. Cannot access the web interface problems often relate to firewall configuration. Verify firewall rules allow Cockpit:

sudo firewall-cmd --list-all

If “cockpit” doesn’t appear in services, add it following the firewall configuration steps above. Network connectivity issues prevent access even with correct configurations. Test basic network connectivity:

ping server-ip-address

Ensure the server’s IP address is reachable from the client machine. Login failures warrant checking user credentials and permissions. Verify the account exists and has correct permissions:

sudo id username

Review authentication logs for failure details:

sudo journalctl -u cockpit -n 100 | grep auth

PAM configuration problems can block otherwise valid logins. Check PAM configuration files in /etc/pam.d/ for errors. Performance issues sometimes occur on resource-constrained systems. Monitor system resources while using Cockpit:

top

If Cockpit consumes excessive resources, investigate installed modules. Some modules require more memory or CPU. Uninstall unnecessary modules to reduce resource usage.

SSL certificate errors beyond the initial self-signed warning might indicate certificate problems. Verify certificate files exist and have correct permissions:

ls -la /etc/cockpit/ws-certs.d/

Certificates should be readable by the cockpit-ws service. Module loading failures happen when dependencies are missing. Reinstall the problematic module:

sudo dnf reinstall cockpit-module-name

Check for missing dependencies:

sudo dnf deplist cockpit-module-name

SELinux can block Cockpit operations in enforcing mode. Temporarily switch to permissive mode for testing:

sudo setenforce 0

If this resolves the issue, SELinux policies need adjustment. Review audit logs for denied operations:

sudo ausearch -m AVC -ts recent | grep cockpit

Create custom SELinux policies to allow legitimate operations while maintaining security. Browser compatibility issues rarely occur but can affect functionality. Ensure the browser is updated to the latest version. Test with different browsers to isolate browser-specific problems.

Congratulations! You have successfully installed Cockpit. Thanks for using this tutorial for installing Cockpit web-based graphical interface for managing Linux servers on AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official Cockpit website.