/usr/share/doc/cockpit/guide/cockpit.conf.5.html is in cockpit-doc 164-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>cockpit.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="Cockpit Guide">
<link rel="up" href="cockpit-manual.html" title="Manual pages">
<link rel="prev" href="cockpit-manual.html" title="Manual pages">
<link rel="next" href="cockpit-ws.8.html" title="cockpit-ws">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="cockpit-manual.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td><a accesskey="u" href="cockpit-manual.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">Cockpit Guide</th>
<td><a accesskey="n" href="cockpit-ws.8.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="cockpit.conf.5"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">cockpit.conf</span></h2>
<p>cockpit.conf — Cockpit configuration file</p>
</td>
<td valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="cockpit-conf-description"></a><h2>DESCRIPTION</h2>
<p>
Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has a INI
file syntax and thus contains key / value pairs, grouped into topical groups. See the
examples below for details..
</p>
<p>Note: The port that cockpit listens on cannot be changed in this file. To change
the port change the systemd <code class="filename">cockpit.socket</code> file.</p>
</div>
<div class="refsect1">
<a name="cockpit-conf-webservice"></a><h2>WebService</h2>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">Origins</code></span></p></td>
<td>
<p>By default cockpit will not accept crossdomain websocket connections. Use this
setting to allow access from alternate domains. Origins should include scheme, host
and port, if necessary.</p>
<div class="informalexample"><pre class="programlisting">
[WebService]
Origins = https://somedomain1.com https://somedomain2.com:9090
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">ProtocolHeader</code></span></p></td>
<td>
<p>Configure cockpit to look at the contents of this header to determine if a connection
is using tls. This should only be used when cockpit is behind a reverse proxy, and care
should be taken to make sure that incoming requests cannot set this header.</p>
<div class="informalexample"><pre class="programlisting">
[WebService]
ProtocolHeader = X-Forwarded-Proto
</pre></div>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">LoginTitle</code></span></p></td>
<td><p>Set the browser title for the login screen.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">LoginTo</code></span></p></td>
<td><p>When set to <code class="literal">true</code> the <span class="emphasis"><em>Connect to</em></span> option
on the login screen is visible and allows logging into another server. If this
option is not specified then it will be automatically detected based on whether
the <span class="command"><strong>cockpit-ssh</strong></span> process is available or not.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">RequireHost</code></span></p></td>
<td><p>When set to <code class="literal">true</code> cockpit will require users to use the
<span class="emphasis"><em>Connect to</em></span> option to specify the host to log into.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">MaxStartups</code></span></p></td>
<td>
<p>Same as the <span class="command"><strong>sshd</strong></span> configuration option by the same name.
Specifies the maximum number of concurrent login attempts
allowed. Additional connections will be dropped until authentication
succeeds or the connections are closed. Defaults to 10.</p>
<p>Alternatively, random early drop can be enabled by specifying the
three colon separated values <code class="literal">start:rate:full</code> (e.g.
"10:30:60"). Cockpit will start refusing authentication attempts with a
probability of <code class="literal">rate/100</code> (30%) if there are currently
<code class="literal">start</code> (10) unauthenticated connections. The probability
increases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches <code class="literal">full</code> (60).</p>
</td>
</tr>
<tr>
<td><p><span class="term"><code class="option">AllowUnencrypted</code></span></p></td>
<td><p>If true, cockpit will accept unencrypted HTTP connections. Otherwise, it
redirects all HTTP connections to HTTPS. Exceptions are connections from
localhost and for certain URLs (like <code class="code">/ping</code>). Defaults to
false.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">UrlRoot</code></span></p></td>
<td><p>The root URL where you will be serving cockpit. When provided cockpit will expect all
requests to be prefixed with the given url. This is mostly useful when you are using
cockpit behind a reverse proxy, such as nginx. <code class="code">/cockpit/</code> and <code class="code">/cockpit+</code>
are reserved and should not be used. For example <code class="code">/cockpit-new/</code> is ok.
<code class="code">/cockpit/</code> and <code class="code">/cockpit+new/</code> are not.</p></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="cockpit-conf-log"></a><h2>Log</h2>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody><tr>
<td><p><span class="term"><code class="option">Fatal</code></span></p></td>
<td><p>The kind of log messages in the bridge to treat as fatal. Separate multiple values
with spaces. Relevant values are: <code class="code">criticals</code> and <code class="code">warnings</code>.</p></td>
</tr></tbody>
</table></div>
</div>
<div class="refsect1">
<a name="cockpit-conf-oauth"></a><h2>OAuth</h2>
<p>Cockpit can be configured to support the <a class="ulink" href="https://tools.ietf.org/html/rfc6749#section-4.2" target="_top">
implicit grant</a> OAuth authorization flow. When successful the resulting oauth
token will be passed to cockpit-ws using the <code class="literal">Bearer</code> auth-scheme.
For a login to be successful, cockpit will also need a to be configured to verify
and allow <code class="literal">Bearer</code> tokens.</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">URL</code></span></p></td>
<td><p>This is the url that cockpit will redirect the users browser to when it needs
to obtain an oauth token. Cockpit will add a redirect_uri parameter to the url with
the location of where the oauth provider should redirect to once a token has been
obtained.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">ErrorParam</code></span></p></td>
<td><p>When a oauth provider redirects a user back to cockpit, look for this parameter
in the querystring or fragment portion of the url to find a error message. When not
provided it will default to <code class="literal">error_description</code></p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">TokenParam</code></span></p></td>
<td><p>When a oauth provider redirects a user back to cockpit, look for this parameter
in the querystring or fragment portion of the url to find the access token. When not
provided it will default to <code class="literal">access_token</code></p></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="cockpit-conf-bugs"></a><h2>BUGS</h2>
<p>
Please send bug reports to either the distribution bug tracker or the
<a class="ulink" href="https://github.com/cockpit-project/cockpit/issues/new" target="_top">upstream bug tracker</a>.
</p>
</div>
<div class="refsect1">
<a name="cockpit-conf-author"></a><h2>AUTHOR</h2>
<p>Cockpit has been written by many
<a class="ulink" href="https://github.com/cockpit-project/cockpit/" target="_top">contributors</a>.</p>
</div>
<div class="refsect1">
<a name="cockpit-conf-also"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">cockpit-ws</span>(8)</span>
</p>
</div>
</div>
<div class="footer"><hr></div>
</body>
</html>
|