-
Notifications
You must be signed in to change notification settings - Fork 227
/
Copy pathcockpit-ws.8.html
205 lines (205 loc) · 10.1 KB
/
cockpit-ws.8.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
---
layout: guide
---
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>cockpit-ws</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="Cockpit Guide">
<link rel="up" href="cockpit-manual.html" title="Manual pages">
<link rel="prev" href="cockpit.conf.5.html" title="cockpit.conf">
<link rel="next" href="cockpit-tls.8.html" title="cockpit-tls">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="cockpit.conf.5.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td><a accesskey="u" href="cockpit-manual.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">Cockpit Guide</th>
<td><a accesskey="n" href="cockpit-tls.8.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="cockpit-ws.8"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">cockpit-ws</span></h2>
<p>cockpit-ws — Cockpit web service</p>
</td>
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">cockpit-ws</code> [<code class="option">--help</code>] [<code class="option">--port</code> <em class="replaceable"><code>PORT</code></em>] [<code class="option">--address</code> <em class="replaceable"><code>ADDRESS</code></em>] [<code class="option">--no-tls</code>] [<code class="option">--for-tls-proxy</code>] [<code class="option">--local-ssh</code>] [<code class="option">--local-session</code> <em class="replaceable"><code>BRIDGE</code></em>]</p></div>
</div>
<div class="refsect1">
<a name="cockpit-ws-description"></a><h2>DESCRIPTION</h2>
<p>
The <span class="command"><strong>cockpit-ws</strong></span> program is the web service
component used for communication between the browser application
and various configuration tools and services like
<span class="citerefentry"><span class="refentrytitle">cockpit-bridge</span>(1)</span>.
</p>
<p>
Users or administrators should never need to start this program
as it automatically started by
<span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span>
on bootup, through
<span class="citerefentry"><span class="refentrytitle">cockpit-tls</span>(8)</span>.
</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-transport"></a><h2>TRANSPORT SECURITY</h2>
<p>
<span class="command"><strong>cockpit-ws</strong></span> is normally run behind the <span class="command"><strong>cockpit-tls</strong></span>
TLS terminating proxy, and only deals with unencrypted HTTP by itself. But for backwards
compatibility it can also handle TLS connections by itself when being run directly.
For details how to configure certificates, please refer to the
<span class="citerefentry"><span class="refentrytitle">cockpit-tls</span>(8)</span>
documentation.
</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-timeout"></a><h2>TIMEOUT</h2>
<p>
When started via
<span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span>
then <span class="command"><strong>cockpit-ws</strong></span> will exit after 90 seconds
if nobody logs in, or after the last user is disconnected.
</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-options"></a><h2>OPTIONS</h2>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">--help</code></span></p></td>
<td><p>
Show help options.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--port</code> <em class="replaceable"><code>PORT</code></em></span></p></td>
<td><p>
Serve HTTP requests <em class="replaceable"><code>PORT</code></em> instead of port 9090.
Usually Cockpit is started on demand by <span class="command"><strong>systemd</strong></span> socket
activation, and this option has no effect. Update the
<code class="literal">ListenStream</code> directive <code class="filename">cockpit.socket</code>
file in the usual <span class="command"><strong>systemd</strong></span> manner.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--address</code> <em class="replaceable"><code>ADDRESS</code></em></span></p></td>
<td><p>
Bind to address <em class="replaceable"><code>ADDRESS</code></em> instead of binding to
all available addresses. Usually Cockpit is started on demand by
<span class="command"><strong>systemd</strong></span> socket activation, and this option has no effect.
In that case, update the <code class="literal">ListenStream</code> directive in the
<code class="filename">cockpit.socket</code> file in the usual <span class="command"><strong>systemd</strong></span> manner.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--no-tls</code></span></p></td>
<td><p>
Don't use TLS.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--for-tls-proxy</code></span></p></td>
<td><p>
Tell <span class="command"><strong>cockpit-ws</strong></span> that it is running behind a local reverse proxy that
does the TLS termination. Then Cockpit puts https:// URLs into the default
<code class="literal">Content-Security-Policy</code>, and accepts only https:// origins, instead of
http: ones by default. However, if <code class="literal">Origins</code> is set in the
<span class="citerefentry"><span class="refentrytitle">cockpit.conf</span>(5)</span>
configuration file, it will override this default.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--local-ssh</code></span></p></td>
<td><p>
Normally <span class="command"><strong>cockpit-ws</strong></span> uses
<span class="command"><strong>cockpit-session</strong></span> and PAM to authenticate the user and start a
user session. With this option enabled, it will instead authenticate via SSH at
<code class="literal">127.0.0.1</code> port <code class="literal">22</code>.
</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">--local-session</code> <em class="replaceable"><code>BRIDGE</code></em></span></p></td>
<td>
<p>
Skip all authentication and <span class="command"><strong>cockpit-session</strong></span>, and launch the
<span class="command"><strong>cockpit-bridge</strong></span> specified in <em class="replaceable"><code>BRIDGE</code></em> in
the local session. If the <em class="replaceable"><code>BRIDGE</code></em> is specified as
<span class="command"><strong>-</strong></span> then expect an already running bridge that is connected to
stdin and stdout of this <span class="command"><strong>cockpit-ws</strong></span> process. This allows the
web server to run as any unprivileged user in an already running session.
</p>
<p>
This mode implies <code class="literal">--no-tls</code>, thus you need to use http://
URLs with this.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
If you use this, you <span class="emphasis"><em>have to isolate the opened TCP port</em></span>
somehow (for example in a network namespace), otherwise all other users (or
even remote machines if the port is not just listening on localhost) can access
the session!
</p>
</div>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="cockpit-ws-environment"></a><h2>ENVIRONMENT</h2>
<p>
The <span class="command"><strong>cockpit-ws</strong></span> process will use the <code class="literal">XDG_CONFIG_DIRS</code>
environment variable from the
<a class="ulink" href="https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html" target="_top">XDG
basedir spec</a> to find its
<span class="citerefentry"><span class="refentrytitle">cockpit.conf</span>(5)</span>
configuration file.
</p>
<p>
In addition the <code class="literal">XDG_DATA_DIRS</code> environment variable from the
<a class="ulink" href="https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html" target="_top">XDG
basedir spec</a>
can be used to override the location to serve static files from. These are the files that
are served to a non-logged in user.
</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-bugs"></a><h2>BUGS</h2>
<p>
Please send bug reports to either the distribution bug tracker or the
<a class="ulink" href="https://github.com/cockpit-project/cockpit/issues/new" target="_top">upstream bug tracker</a>.
</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-author"></a><h2>AUTHOR</h2>
<p>Cockpit has been written by many
<a class="ulink" href="https://github.com/cockpit-project/cockpit/" target="_top">contributors</a>.</p>
</div>
<div class="refsect1">
<a name="cockpit-ws-also"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">cockpit-tls</span>(8)</span>
,
<span class="citerefentry"><span class="refentrytitle">cockpit.conf</span>(5)</span>
,
<span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span>
</p>
</div>
</div>
<div class="footer"><hr></div>
</body>
</html>