Skip to main content
Deploying To Production:

Server Administration with Cockpit

24

Episode 280 · January 17, 2019

Linux server administration can be a pain. You can use cockpit to monitor your servers and keep an eye on long running processes like Sidekiq and Puma without having to SSH into your servers.

Production Servers


Resources

Transcripts

Server Administration with Cockpit

Cockpit is an application that can be installed on Linux servers. Once you're deploying Rails applications to your own servers, it's nice to have an admin interface somewhere so you can see CPU and memory usage, as well as managing the running services. It would be even better if we could do all of this on our phone.

This is what Cockpit does: it provides an administrative web interface that we can use to manage our server. It can be used on servers from a variety of hosting providers, including: HatchBox, DigitalOcean, Linode, Vulture, LightSail, or EC2. Among other things, we can get graphs similar to those provided by Heroku.

Installation

You could run this command on your server to install Cockpit:

    sudo apt install cockpit

However, this will install a slightly outdated version of cockpit. The output from running the command will show the version number (164 at this time of this recording), while Cockpit's website (https://cockpit-project.org) shows the current version to be 183.

We're using Ubuntu for our server OS, so to get the current version of Cockpit, we can run this command instead:

  sudo apt install cockpit/bionic-backports

The version number displayed in the output should match the version number displayed on the Cockpit website.

If you're using some other operating system, check out the instructions page for details on how to get Cockpit installed.

Once installed on the server, if you have a firewall you're going to need to enable port 9090. I'm using UFW (configured by HatchBox) as my firewall. So I would run this command to open that port:

  sudo ufw allow 9090

Accessing

Now we can visit our server's public IP address, at the appropriate port. Make sure you use https, and to replace my IP address shown here with yours:

  https://142.93.118.200:9090

This will bring up the login interface for Cockpit. The credentials you need to use to log in are the same credentials that the application was set up to run under on the server.

For our HatchBox setup, we will log in as deploy. We don't want to log in directly as root, but we will enabled the checkbox labeled Reuse my password for privileged tasks, which will let us act as if we are the root user when necessary.

Once you log in you'll be presented with an admin interface for the server, which shows us (among other things) how many CPU cores we have, CPU usage, Memory Usage, Disk I/O, and Network Traffic.

You can even shut down the server or restart it from this panel if necessary.

Other Options

The menu in the left sidebar provide additional options to gain insight into how the server is performing, including:

Logs

We can look through the server logs, including filtering the entries by Severity, to see if there is anything on the server that needs to be addressed. For example, one line in my server log displays this:

12:06 Disconnected from invalid user ubuntu 122.52.228.211 port 54560 [preauth]

It appears from this line that someone is attempting to access sshd with an invalid (for us) user named ubuntu. This is the typical user name for an Amazon EC2 instance. This is a good motivator for us to make sure we have Fail2Ban set up and running on our server to make sure those users get banned.

For more information on using Fail2Ban, check out the episode dedicated to Security Hardening Servers with Fail2Ban

Storage

Here we have access to our server storage: total hard drive space, space used, etc.

Accounts

Manage the linux user accounts set up on the server.

Services

This keeps track of all the systemd services running on the server: the things that we want to always be running, and to restart if they stop for any reason. This is where you could check that you have Fail2Ban running, as mentioned above.

Software Updates

Here you can manage upgrade out-of-date packages.

Terminal

You can even access the terminal to run commands when necessary, without having to deal with connecting over SSH.

Dashboard

One last thing that bears mentioning, is that you can configure a Dashboard to aggregate all of the logs from your servers into one graph.

Final Thoughts

Take a look at the Cockpit documentation to see the different services it runs, alternative authentication methods, and more.

Loading...

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.