Provided by: cockpit-ws_202.1-1_amd64 bug


       cockpit.conf - Cockpit configuration file


       Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has a INI file syntax
       and thus contains key / value pairs, grouped into topical groups. See the examples below
       for details..

       Note: The port that cockpit listens on cannot be changed in this file. To change the port
       change the systemd cockpit.socket file.


           By default cockpit will not accept crossdomain websocket connections. Use this setting
           to allow access from alternate domains. Origins should include scheme, host and port,
           if necessary.

               Origins =

           Configure cockpit to look at the contents of this header to determine if a connection
           is using tls. This should only be used when cockpit is behind a reverse proxy, and
           care should be taken to make sure that incoming requests cannot set this header.

               ProtocolHeader = X-Forwarded-Proto

           Set the browser title for the login screen.

           When set to true the Connect to option on the login screen is visible and allows
           logging into another server. If this option is not specified then it will be
           automatically detected based on whether the cockpit-ssh process is available or not.

           When set to true cockpit will require users to use the Connect to option to specify
           the host to log into.

           Same as the sshd configuration option by the same name. Specifies the maximum number
           of concurrent login attempts allowed. Additional connections will be dropped until
           authentication succeeds or the connections are closed. Defaults to 10.

           Alternatively, random early drop can be enabled by specifying the three colon
           separated values start:rate:full (e.g. "10:30:60"). Cockpit will start refusing
           authentication attempts with a probability of rate/100 (30%) if there are currently
           start (10) unauthenticated connections. The probability increases linearly and all
           connection attempts are refused if the number of unauthenticated connections reaches
           full (60).

           If true, cockpit will accept unencrypted HTTP connections. Otherwise, it redirects all
           HTTP connections to HTTPS. Exceptions are connections from localhost and for certain
           URLs (like /ping). Defaults to false.

           The root URL where you will be serving cockpit. When provided cockpit will expect all
           requests to be prefixed with the given url. This is mostly useful when you are using
           cockpit behind a reverse proxy, such as nginx.  /cockpit/ and /cockpit+ are reserved
           and should not be used. For example /cockpit-new/ is ok.  /cockpit/ and /cockpit+new/
           are not.


           The kind of log messages in the bridge to treat as fatal. Separate multiple values
           with spaces. Relevant values are: criticals and warnings.


       Cockpit can be configured to support the implicit grant[1] OAuth authorization flow. When
       successful the resulting oauth token will be passed to cockpit-ws using the Bearer
       auth-scheme. For a login to be successful, cockpit will also need a to be configured to
       verify and allow Bearer tokens.

           This is the url that cockpit will redirect the users browser to when it needs to
           obtain an oauth token. Cockpit will add a redirect_uri parameter to the url with the
           location of where the oauth provider should redirect to once a token has been

           When a oauth provider redirects a user back to cockpit, look for this parameter in the
           querystring or fragment portion of the url to find a error message. When not provided
           it will default to error_description

           When a oauth provider redirects a user back to cockpit, look for this parameter in the
           querystring or fragment portion of the url to find the access token. When not provided
           it will default to access_token


       Please send bug reports to either the distribution bug tracker or the upstream bug


       Cockpit has been written by many contributors[3].




        1. implicit grant

        2. upstream bug tracker

        3. contributors