Chapter 13. Configuring the web console listening port
Learn how to allow new ports or change the existing ports using the RHEL 9 web console.
13.1. Allowing a new port on a system with active SELinux
Enable the web console to listen on a selected port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
Procedure
For ports that are not defined by any other part of SELinux, run:
$ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
For ports that already are defined by other part of SELinux, run:
$ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER
The changes should take effect immediately.
13.2. Allowing a new port on a system with firewalld
Enable the web console to receive connections on a new port.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
-
The
firewalld
service must be running.
Procedure
To add a new port number, run the following command:
$ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
To remove the old port number from the
cockpit
service, run:$ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp
without the --permanent
option, your change will disappear with the next reload of firewalld
or a system reboot.
13.3. Changing the web console port
Change default transmission control protocol (TCP) on port 9090 to a different one.
Prerequisites
- The web console must be installed and accessible. For details, see Installing the web console.
- With SELinux enabled, modify the policy to allow the web console to listen on a new port. For more information, see Allowing a new port on a system with active SELinux.
-
With the
firewalld
service in the default configuration, you must open the new port for the web console. For more information, see Allowing a new port on a system withfirewalld
.
Procedure
Change the listening port with one of the following methods:
Using the
systemctl edit cockpit.socket
command:Enter the following command:
# systemctl edit cockpit.socket
This opens the
/etc/systemd/system/cockpit.socket.d/override.conf
file.Modify the content of
override.conf
to contain the following configuration:[Socket] ListenStream= ListenStream=PORT_NUMBER
The
ListenStream
option specifies the desired address and TCP port.NoteThe first line with an empty value is intentional.
systemd
allows multipleListenStream
directives to be declared in a single socket unit. An empty value in a drop-in file resets the list and disables the default port 9090 from the original unit.
Alternatively, add the previous socket configuration to the
/etc/systemd/system/cockpit.socket.d/listen.conf
file.Create the
cockpit.socket.d.
directory and thelisten.conf
file if they do not exist yet.
Enter the following commands for changes to take effect:
# systemctl daemon-reload # systemctl restart cockpit.socket
If you used
systemctl edit cockpit.socket
in the previous step, runningsystemctl daemon-reload
is not necessary.
Verification steps
- To verify that the change was successful, connect to the web console with the new port.