Chapter 12. Configuring the web console listening port
Learn how to allow new ports or change the existing ports using the RHEL 8 web console.
12.1. Allowing a new port on a system with active SELinux
Enable the web console to listen on a selected port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
Procedure
For ports that are not defined by any other part of SELinux, run:
$ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
For ports that already are defined by other part of SELinux, run:
$ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER
The changes should take effect immediately.
12.2. Allowing a new port on a system with firewalld
Enable the web console to receive connections on a new port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
-
The
firewalld
service must be running.
Procedure
To add a new port number, run the following command:
$ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
To remove the old port number from the
cockpit
service, run:$ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp
without the --permanent
option, your change will disappear with the next reload of firewalld
or a system reboot.
12.3. Changing the web console port
Change default transmission control protocol (TCP) on port 9090 to a different one.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
- If you have SELinux protecting your system, you need to set it to allow Cockpit to listen on a new port. For more information, see Allowing a new port on a system with active SELinux.
-
If you have
firewalld
configured as your firewall, you need to set it to allow Cockpit receive connections on a new port, for more information, see Allowing a new port on a system withfirewalld
.
Procedure
Change the listening port with one of the following methods:
Using the
systemctl edit cockpit.socket
command:Run the following command:
$ sudo systemctl edit cockpit.socket
This will open the
/etc/systemd/system/cockpit.socket.d/override.conf
file.Modify the content of
override.conf
or add a new content in the following format:[Socket] ListenStream= ListenStream=PORT_NUMBER
The
ListenStream
option specifies the desired address and TCP port.NoteThe first line with an empty value is intentional.
systemd
allows multipleListenStream
directives to be declared in a single socket unit. An empty value in a drop-in file resets the list and disables the default port 9090 from the original unit.
Alternatively, add the above mentioned content to the
/etc/systemd/system/cockpit.socket.d/listen.conf
file.Create the
cockpit.socket.d.
directory and thelisten.conf
file if they do not exist yet.
Run the following commands for changes to take effect:
$ sudo systemctl daemon-reload $ sudo systemctl restart cockpit.socket
If you used
systemctl edit cockpit.socket
in the previous step, runningsystemctl daemon-reload
is not necessary.
Verification steps
- To verify that the change was successful, try to connect to the web console with the new port.