Chapter 12. Configuring the web console listening port
Learn how to allow new ports or change the existing ports using the RHEL 8 web console.
12.1. Allowing a new port on a system with active SELinux
Enable the web console to listen on a selected port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
Procedure
For ports that are not defined by any other part of SELinux, run:
$ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
For ports that already are defined by other part of SELinux, run:
$ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER
The changes should take effect immediately.
12.2. Allowing a new port on a system with firewalld
Enable the web console to receive connections on a new port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
-
The
firewalldservice must be running.
Procedure
To add a new port number, run the following command:
$ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
To remove the old port number from the
cockpitservice, run:$ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp without the --permanent option, your change will disappear with the next reload of firewalld or a system reboot.
12.3. Changing the web console port
Change default transmission control protocol (TCP) on port 9090 to a different one.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
- If you have SELinux protecting your system, you need to set it to allow Cockpit to listen on a new port. For more information, see Allowing a new port on a system with active SELinux.
-
If you have
firewalldconfigured as your firewall, you need to set it to allow Cockpit receive connections on a new port, for more information, see Allowing a new port on a system withfirewalld.
Procedure
Change the listening port with one of the following methods:
Using the
systemctl edit cockpit.socketcommand:Run the following command:
$ sudo systemctl edit cockpit.socket
This will open the
/etc/systemd/system/cockpit.socket.d/override.conffile.Modify the content of
override.confor add a new content in the following format:[Socket] ListenStream= ListenStream=PORT_NUMBER
The
ListenStreamoption specifies the desired address and TCP port.NoteThe first line with an empty value is intentional.
systemdallows multipleListenStreamdirectives to be declared in a single socket unit. An empty value in a drop-in file resets the list and disables the default port 9090 from the original unit.
Alternatively, add the above mentioned content to the
/etc/systemd/system/cockpit.socket.d/listen.conffile.Create the
cockpit.socket.d.directory and thelisten.conffile if they do not exist yet.
Run the following commands for changes to take effect:
$ sudo systemctl daemon-reload $ sudo systemctl restart cockpit.socket
If you used
systemctl edit cockpit.socketin the previous step, runningsystemctl daemon-reloadis not necessary.
Verification steps
- To verify that the change was successful, try to connect to the web console with the new port.
