Ask Your Question
0

Fedora 24 Server dashboard via https only

asked 2016-10-07 13:56:21 -0600

Mausy5043 gravatar image

updated 2016-10-08 02:31:48 -0600

I just installed Fedora 24 Server from the net-install disk. No changes were made to the installation.

It comes with a web-interface called "Dashboard" (but Google suggests that its name is "Cockpit") that is accessed via http://localhost.localdomain:9090 .

I would like to have this available via https: only. Not http:. I can't find any references to how-to-do this.

I'm aware of this page: http://cockpit-project.org/guide/late... It suggests that https: is automatically used. But this not the case. I'd add an image as proof, but I have insufficient points.

How do I force Fedora 24 Server cockpit to only connect via HTTPS?

EDIT : To clarify: The Fedora server is a VM on a headless machine. It is NOT set-up with a desktop running X. I can only access it via an SSH text-terminal and via this Cockpit. Both are exposed to the local LAN (10.0.1.0/24) and (obviously) access to either requires a password.

EDIT2 : Continuing the research I notice that while Google Chrome just complains that it can't access the https address with no additional info. Safari just told me that the certificate is not trusted and shows me a certificate for localhost.localdomain. Could it be that I need to install a certificate for the real hostname.domainname combination, in this case fiona.lan?

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
2

answered 2016-10-07 16:21:50 -0600

ssieb gravatar image

From that page:

If an HTTP connection comes from 127.0.0.0/8, then Cockpit will allow communication without redirecting to HTTPS.

edit flag offensive delete link more

Comments

In this case an HTTP connection can't come from 127.0.0.1. The Fedora server is a VM running on a headless machine. It is not running X.

I want to access the cockpit from any machine on the LAN (10.0.1.0/24).

Mausy5043 gravatar imageMausy5043 ( 2016-10-08 01:34:17 -0600 )edit

And my problem is that Cockpit doesn't redirect to HTTPS where it should according to that page.

Cockpit listens for both HTTP and HTTPS connections on the same port, by default 9090. If an HTTP connection is made, Cockpit will redirect that connection to HTTPS."

Mausy5043 gravatar imageMausy5043 ( 2016-10-08 02:35:56 -0600 )edit
1

answered 2016-10-07 16:35:13 -0600

Aeyoun gravatar image

Don’t open up your dashboard to public access. Use SSH port mapping to establish a secure connection through SSH without exposing the dashboard publicly.

edit flag offensive delete link more

Comments

I haven't opened up the cockpit to public access. The default configuration appears to be that I can access it from the LAN (10.0.1.0/24) by visiting it with a webbrowser from any desktop as http://10.0.1.106:9090.

This is partly desired behaviour. The part that its accessible from 10.0.1.0/24 is desired. The http: pat is not desired.

Mausy5043 gravatar imageMausy5043 ( 2016-10-08 01:39:31 -0600 )edit

Question Tools

Stats

Asked: 2016-10-07 12:17:43 -0600

Seen: 468 times

Last updated: Oct 08 '16