Chapter 12. Configuring the web console listening port

Learn how to allow new ports or change the existing ports using the RHEL web console.

Prerequisites

12.1. Allowing a new port on a system with active SELinux

Enable the web console to listen on a selected port.

Prerequisites

Procedure

  • For ports that are not defined by any other part of SELinux, run:

    $ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
  • For ports that already are defined by other part of SELinux, run:

    $ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER

The changes should take effect immediately.

12.2. Allowing a new port on a system with firewalld

Enable the web console to receive connections on a new port.

Prerequisites

  • The web console must be installed and accessible. For details, see Installing the web console.
  • The firewalld service must be running.

Procedure

  1. To add a new port number, run the following command:

    $ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
  2. To remove the old port number from the cockpit service, run:

    $ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
Important

If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp without the --permanent option, your change will be canceled with the next reload of firewalld or a system reboot.

12.3. Changing the web console port

Change default transmission control protocol (TCP) on port 9090 to a different one.

Prerequisites

Procedure

  1. Change the listening port with one of the following methods:

    1. Using the systemctl edit cockpit.socket command:

      1. Run the following command:

        $ sudo systemctl edit cockpit.socket

        This will open the /etc/systemd/system/cockpit.socket.d/override.conf file.

      2. Modify the content of override.conf or add a new content in the following format:

        [Socket]
        ListenStream=
        ListenStream=PORT_NUMBER
    2. Alternatively, add the above mentioned content to the /etc/systemd/system/cockpit.socket.d/listen.conf file.

      Create the cockpit.socket.d. directory and the listen.conf file if they do not exist yet.

  2. Run the following commands for changes to take effect:

    $ sudo systemctl daemon-reload
    $ sudo systemctl restart cockpit.socket

    If you used systemctl edit cockpit.socket in the previous step, running systemctl daemon-reload is not necessary.

Verification steps

  • To verify that the change was successful, try to connect to the web console with the new port.