cockpit-bridge
Connect Cockpit web interface to system services
TLDR
List all cockpit packages
Display help
SYNOPSIS
cockpit-bridge [OPTIONS]
PARAMETERS
--port PORT
Specifies the port number for the bridge to listen on. Defaults to a dynamically assigned port.
--protocol PROTOCOL
Specifies the protocol to use for the connection (e.g., ws, wss). Defaults to wss (secure websocket).
--address ADDRESS
Specifies the address to bind to. Defaults to localhost (127.0.0.1).
--origin ORIGIN
Specifies the origin(s) to allow for Cross-Origin Resource Sharing (CORS). Use '*' to allow all origins (not recommended for production).
--help
Displays a help message.
DESCRIPTION
The cockpit-bridge
command facilitates communication between the Cockpit web interface and the managed hosts. It acts as a proxy, allowing the web browser to access and manage resources on remote machines. It allows Cockpit to connect to multiple machines from a single web interface. This command is usually automatically started by systemd
when Cockpit is accessed through a web browser.
It handles authentication with the managed hosts, ensures secure communication, and translates requests between the web interface and the target system's API. This ensures only authenticated and authorized users can administer the remote hosts. cockpit-bridge
plays a crucial role in enabling centralized management of servers and virtual machines through Cockpit.
CAVEATS
The cockpit-bridge
command is intended to be managed by Cockpit and systemd. Manually running or modifying its behavior outside of that context may lead to unexpected results or security vulnerabilities. Direct manipulation of the port or origin parameters should be done with extreme care and a strong understanding of the security implications.
AUTHENTICATION
cockpit-bridge
handles authentication against the target host using PAM (Pluggable Authentication Modules). This allows Cockpit to leverage existing authentication mechanisms configured on the system.
SECURITY
Security is a primary concern. cockpit-bridge
encrypts all traffic between the web browser and the managed hosts using TLS/SSL. CORS (Cross-Origin Resource Sharing) is employed to restrict access to the bridge from unauthorized web origins.
SEE ALSO
cockpit(1), systemd(1)