cockpit-wscockpit-ws — Cockpit web service |
Synopsis
cockpit-ws
[--help
] [--port
PORT
] [--address
ADDRESS
] [--no-tls
] [--for-tls-proxy
] [--local-ssh
] [--local-session
BRIDGE
]
DESCRIPTION
The cockpit-ws program is the web service component used for communication between the browser application and various configuration tools and services like cockpit-bridge(1).
Users or administrators should never need to start this program as it automatically started by systemd(1) on bootup, through cockpit-tls(8).
TRANSPORT SECURITY
cockpit-ws is normally run behind the cockpit-tls TLS terminating proxy, and only deals with unencrypted HTTP by itself. But for backwards compatibility it can also handle TLS connections by itself when being run directly. For details how to configure certificates, please refer to the cockpit-tls(8) documentation.
TIMEOUT
When started via systemd(1) then cockpit-ws will exit after 90 seconds if nobody logs in, or after the last user is disconnected.
OPTIONS
|
Show help options. |
|
Serve HTTP requests |
|
Bind to address |
|
Don't use TLS. |
|
Tell cockpit-ws that it is running behind a local reverse proxy that
does the TLS termination. Then Cockpit puts https:// URLs into the default
|
|
Enable redirection of unencrypted http requests to https (TLS) in |
|
Normally cockpit-ws uses
cockpit-session and PAM to authenticate the user and start a
user session. With this option enabled, it will instead authenticate via SSH at
|
|
Skip all authentication and cockpit-session, and launch the
cockpit-bridge specified in
This mode implies WarningIf you use this, you have to isolate the opened TCP port somehow (for example in a network namespace), otherwise all other users (or even remote machines if the port is not just listening on localhost) can access the session! |
ENVIRONMENT
The cockpit-ws process will use the XDG_CONFIG_DIRS
environment variable from the
XDG
basedir spec to find its
cockpit.conf(5)
configuration file.
In addition the XDG_DATA_DIRS
environment variable from the
XDG
basedir spec
can be used to override the location to serve static files from. These are the files that
are served to a non-logged in user.