NAME

       cockpit-ws - Cockpit web service

SYNOPSIS

       cockpit-ws [--help] [--port PORT] [--no-tls] [--local-ssh] [--address ADDRESS]

DESCRIPTION

       The cockpit-ws program is the web service component used for communication between the browser
       application and various configuration tools and services like cockpit-bridge(8).

       Users or administrators should never need to start this program as it automatically started by systemd(1)
       on bootup.

TRANSPORT SECURITY

       To specify the TLS certificate the web service should use, simply drop a file with the extension .cert in
       the /etc/cockpit/ws-certs.d directory. If there are multiple files in this directory, then the highest
       priority one is chosen after sorting.

       The .cert file should contain at least two OpenSSL style PEM blocks. First one or more BEGIN CERTIFICATE
       blocks for the server certificate and intermediate certificate authorities and a last one containing a
       BEGIN PRIVATE KEY or similar. The key may not be encrypted.

       If there is no TLS certificate, a self-signed certificate is automatically generated using openssl and
       stored in the 0-self-signed.cert file. To check which certificate cockpit-ws will use run the following
       command.

           $ sudo remotectl certificate

       If using certmonger to manage certificates, following command can be used to automatically prepare
       concatenated .cert file:

           CERT_FILE=/etc/pki/tls/certs/$(hostname).pem
           KEY_FILE=/etc/pki/tls/private/$(hostname).key

           getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) -C "sed -n w/etc/cockpit/ws-certs.d/50-from-certmonger.cert ${CERT_FILE} ${KEY_FILE}"

TIMEOUT

       When started via systemd(1) then cockpit-ws will exit after 90 seconds if nobody logs in, or after the
       last user is disconnected.

OPTIONS

       --help
           Show help options.

       --local-ssh
           Normally cockpit-ws uses cockpit-session and PAM to authenticate the user and start a user session.
           With this option enabled, it will instead authenticate via SSH at 127.0.0.1 port 22.

       --port PORT
           Serve HTTP requests PORT instead of port 9090. Usually Cockpit is started on demand by systemd socket
           activation, and this option has no effect. Update the ListenStream directive cockpit.socket file in
           the usual systemd manner.

       --address ADDRESS
           Bind to address ADDRESS instead of binding to all available addresses. Usually Cockpit is started on
           demand by systemd socket activation, and this option has no effect. In that case, update the
           ListenStream directive in the cockpit.socket file in the usual systemd manner.

       --no-tls
           Don't use TLS.

ENVIRONMENT

       The cockpit-ws process will use the XDG_CONFIG_DIRS environment variable from the XDG basedir spec[1] to
       find its cockpit.conf(5) configuration file.

       In addition the XDG_DATA_DIRS environment variable from the XDG basedir spec[1] can be used to override
       the location to serve static files from. These are the files that are served to a non-logged in user.

BUGS

       Please send bug reports to either the distribution bug tracker or the upstream bug tracker[2].

AUTHOR

       Cockpit has been written by many contributors[3].

SEE ALSO

       cockpit.conf(5) , systemd(1)

NOTES

        1. XDG basedir spec
           https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

        2. upstream bug tracker
           https://github.com/cockpit-project/cockpit/issues/new

        3. contributors
           https://github.com/cockpit-project/cockpit/

cockpit                                            03/21/2018                                      COCKPIT-WS(8)