bionic (5) cockpit.conf.5.gz

Provided by: cockpit-ws_164-1_amd64 bug

NAME
       cockpit.conf - Cockpit configuration file


DESCRIPTION
       Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has a INI file syntax and thus
       contains key / value pairs, grouped into topical groups. See the examples below for details..

       Note: The port that cockpit listens on cannot be changed in this file. To change the port change the
       systemd cockpit.socket file.


WEBSERVICE
       Origins
           By default cockpit will not accept crossdomain websocket connections. Use this setting to allow
           access from alternate domains. Origins should include scheme, host and port, if necessary.

               [WebService]
               Origins = https://somedomain1.com https://somedomain2.com:9090

       ProtocolHeader
           Configure cockpit to look at the contents of this header to determine if a connection is using tls.
           This should only be used when cockpit is behind a reverse proxy, and care should be taken to make
           sure that incoming requests cannot set this header.

               [WebService]
               ProtocolHeader = X-Forwarded-Proto

       LoginTitle
           Set the browser title for the login screen.

       LoginTo
           When set to true the Connect to option on the login screen is visible and allows logging into another
           server. If this option is not specified then it will be automatically detected based on whether the
           cockpit-ssh process is available or not.

       RequireHost
           When set to true cockpit will require users to use the Connect to option to specify the host to log
           into.

       MaxStartups
           Same as the sshd configuration option by the same name. Specifies the maximum number of concurrent
           login attempts allowed. Additional connections will be dropped until authentication succeeds or the
           connections are closed. Defaults to 10.

           Alternatively, random early drop can be enabled by specifying the three colon separated values
           start:rate:full (e.g. "10:30:60"). Cockpit will start refusing authentication attempts with a
           probability of rate/100 (30%) if there are currently start (10) unauthenticated connections. The
           probability increases linearly and all connection attempts are refused if the number of
           unauthenticated connections reaches full (60).

       AllowUnencrypted
           If true, cockpit will accept unencrypted HTTP connections. Otherwise, it redirects all HTTP
           connections to HTTPS. Exceptions are connections from localhost and for certain URLs (like /ping).
           Defaults to false.

       UrlRoot
           The root URL where you will be serving cockpit. When provided cockpit will expect all requests to be
           prefixed with the given url. This is mostly useful when you are using cockpit behind a reverse proxy,
           such as nginx.  /cockpit/ and /cockpit+ are reserved and should not be used. For example
           /cockpit-new/ is ok.  /cockpit/ and /cockpit+new/ are not.


LOG
       Fatal
           The kind of log messages in the bridge to treat as fatal. Separate multiple values with spaces.
           Relevant values are: criticals and warnings.


OAUTH
       Cockpit can be configured to support the implicit grant[1] OAuth authorization flow. When successful the
       resulting oauth token will be passed to cockpit-ws using the Bearer auth-scheme. For a login to be
       successful, cockpit will also need a to be configured to verify and allow Bearer tokens.

       URL
           This is the url that cockpit will redirect the users browser to when it needs to obtain an oauth
           token. Cockpit will add a redirect_uri parameter to the url with the location of where the oauth
           provider should redirect to once a token has been obtained.

       ErrorParam
           When a oauth provider redirects a user back to cockpit, look for this parameter in the querystring or
           fragment portion of the url to find a error message. When not provided it will default to
           error_description

       TokenParam
           When a oauth provider redirects a user back to cockpit, look for this parameter in the querystring or
           fragment portion of the url to find the access token. When not provided it will default to
           access_token


BUGS
       Please send bug reports to either the distribution bug tracker or the upstream bug tracker[2].


AUTHOR
       Cockpit has been written by many contributors[3].


SEE ALSO
       cockpit-ws(8)


NOTES
        1. implicit grant
           https://tools.ietf.org/html/rfc6749#section-4.2

        2. upstream bug tracker
           https://github.com/cockpit-project/cockpit/issues/new

        3. contributors
           https://github.com/cockpit-project/cockpit/