Provided by: cockpit-ws_164-1_amd64 
NAME
cockpit-ws - Cockpit web service
SYNOPSIS
cockpit-ws [--help] [--port PORT] [--no-tls] [--local-ssh] [--address ADDRESS]
DESCRIPTION
The cockpit-ws program is the web service component used for communication between the
browser application and various configuration tools and services like cockpit-bridge(8).
Users or administrators should never need to start this program as it automatically
started by systemd(1) on bootup.
TRANSPORT SECURITY
To specify the TLS certificate the web service should use, simply drop a file with the
extension .cert in the /etc/cockpit/ws-certs.d directory. If there are multiple files in
this directory, then the highest priority one is chosen after sorting.
The .cert file should contain at least two OpenSSL style PEM blocks. First one or more
BEGIN CERTIFICATE blocks for the server certificate and intermediate certificate
authorities and a last one containing a BEGIN PRIVATE KEY or similar. The key may not be
encrypted.
If there is no TLS certificate, a self-signed certificate is automatically generated using
openssl and stored in the 0-self-signed.cert file. To check which certificate cockpit-ws
will use run the following command.
$ sudo remotectl certificate
If using certmonger to manage certificates, following command can be used to automatically
prepare concatenated .cert file:
CERT_FILE=/etc/pki/tls/certs/$(hostname).pem
KEY_FILE=/etc/pki/tls/private/$(hostname).key
getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) -C "sed -n w/etc/cockpit/ws-certs.d/50-from-certmonger.cert ${CERT_FILE} ${KEY_FILE}"
TIMEOUT
When started via systemd(1) then cockpit-ws will exit after 90 seconds if nobody logs in,
or after the last user is disconnected.
OPTIONS
--help
Show help options.
--local-ssh
Normally cockpit-ws uses cockpit-session and PAM to authenticate the user and start a
user session. With this option enabled, it will instead authenticate via SSH at
127.0.0.1 port 22.
--port PORT
Serve HTTP requests PORT instead of port 9090. Usually Cockpit is started on demand by
systemd socket activation, and this option has no effect. Update the ListenStream
directive cockpit.socket file in the usual systemd manner.
--address ADDRESS
Bind to address ADDRESS instead of binding to all available addresses. Usually Cockpit
is started on demand by systemd socket activation, and this option has no effect. In
that case, update the ListenStream directive in the cockpit.socket file in the usual
systemd manner.
--no-tls
Don't use TLS.
ENVIRONMENT
The cockpit-ws process will use the XDG_CONFIG_DIRS environment variable from the XDG
basedir spec[1] to find its cockpit.conf(5) configuration file.
In addition the XDG_DATA_DIRS environment variable from the XDG basedir spec[1] can be
used to override the location to serve static files from. These are the files that are
served to a non-logged in user.
BUGS
Please send bug reports to either the distribution bug tracker or the upstream bug
tracker[2].
AUTHOR
Cockpit has been written by many contributors[3].
SEE ALSO
cockpit.conf(5) , systemd(1)
NOTES
1. XDG basedir spec
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
2. upstream bug tracker
https://github.com/cockpit-project/cockpit/issues/new
3. contributors
https://github.com/cockpit-project/cockpit/