Chapter 13. Configuring the web console listening port

download PDF

Learn how to allow new ports or change the existing ports using the RHEL 9 web console.

13.1. Allowing a new port on a system with active SELinux

Enable the web console to listen on a selected port.



  • For ports that are not defined by any other part of SELinux, run:

    $ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
  • For ports that already are defined by other part of SELinux, run:

    $ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER

The changes should take effect immediately.

13.2. Allowing a new port on a system with firewalld

Enable the web console to receive connections on a new port.


  • The web console must be installed and accessible. For details, see Installing the web console.
  • The firewalld service must be running.


  1. To add a new port number, run the following command:

    $ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
  2. To remove the old port number from the cockpit service, run:

    $ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp

If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp without the --permanent option, your change will disappear with the next reload of firewalld or a system reboot.

13.3. Changing the web console port

Change default transmission control protocol (TCP) on port 9090 to a different one.



  1. Change the listening port with one of the following methods:

    1. Using the systemctl edit cockpit.socket command:

      1. Enter the following command:

        # systemctl edit cockpit.socket

        This opens the /etc/systemd/system/cockpit.socket.d/override.conf file.

      2. Modify the content of override.conf to contain the following configuration:


        The ListenStream option specifies the desired address and TCP port.


        The first line with an empty value is intentional. systemd allows multiple ListenStream directives to be declared in a single socket unit. An empty value in a drop-in file resets the list and disables the default port 9090 from the original unit.

    2. Alternatively, add the previous socket configuration to the /etc/systemd/system/cockpit.socket.d/listen.conf file.

      Create the cockpit.socket.d. directory and the listen.conf file if they do not exist yet.

  2. Enter the following commands for changes to take effect:

    # systemctl daemon-reload
    # systemctl restart cockpit.socket

    If you used systemctl edit cockpit.socket in the previous step, running systemctl daemon-reload is not necessary.

Verification steps

  • To verify that the change was successful, connect to the web console with the new port.

Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.