🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: 8.5 8.6 8.7 8.8 8.9 8.10

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Cockpit UI on port 9090 is inaccessible remotely even though local services appear installed. Admin teams lose browser-based management path.

Environment & Reproduction

Common on hardened servers where cockpit.socket is disabled or firewalld does not allow cockpit service.

Root Cause Analysis

Socket activation is inactive, firewall rules are missing, or SELinux/network controls block access to cockpit service.

Quick Triage

Check systemctl status cockpit.socket and ss -tulpen for port 9090. Verify firewall-cmd –list-services and relevant journalctl unit logs.

Step-by-Step Diagnosis

Test local curl to https://localhost:9090, validate TLS cert behavior, and map network zone assignments. Review SELinux AVCs if traffic reaches host but is denied.

Illustrative mockup for rhel-8 β€” systemctl-cockpit-socket
cockpit.socket status and listener checks β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Enable and start cockpit.socket, allow cockpit service in firewalld permanently, reload rules, and confirm connectivity from admin subnet.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-8 β€” firewalld-cockpit-service
Opening cockpit service in firewalld zone β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Expose cockpit through bastion reverse proxy with strict ACLs, or keep it localhost-only and tunnel via SSH when required.

Verification & Acceptance Criteria

Remote access to Cockpit succeeds with expected authentication and no recurring socket errors in logs.

Rollback Plan

Disable external cockpit exposure and revert firewall changes if security review flags unintended access.

Prevention & Hardening

Apply least-privilege network segmentation, enforce TLS trust, and monitor cockpit access attempts.

Similar connectivity failures can arise from proxy misrouting, certificate CN mismatch, or SELinux denials.

Related tutorial: View the step-by-step tutorial for rhel-8.

View all rhel-8 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Refer to Red Hat Cockpit administration and firewalld documentation for secure RHEL 8 deployment.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.