🟑 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: RHEL 10

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Web admin console does not load on port 9090, slowing incident response.

Environment & Reproduction

Happens after package cleanup or hardening scripts disable socket activation.

systemctl status cockpit.socket
ss -tulpn | grep 9090
curl -kI https://localhost:9090

Root Cause Analysis

cockpit.socket disabled, firewalld not allowing cockpit service, or package missing.

Quick Triage

Check socket enablement and firewall exposure.

systemctl is-enabled cockpit.socket
firewall-cmd --query-service=cockpit
dnf list installed cockpit

Step-by-Step Diagnosis

Review socket logs and SELinux context for cockpit components.

journalctl -u cockpit.socket -n 80
journalctl -u cockpit -n 80
getenforce
Illustrative mockup for rhel-10 β€” terminal_or_shell
cockpit service and socket diagnostics β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Install/enable cockpit socket and allow service in firewall.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

dnf install -y cockpit
systemctl enable --now cockpit.socket
firewall-cmd --add-service=cockpit --permanent
firewall-cmd --reload
Illustrative mockup for rhel-10 β€” logs_or_journal
cockpit journal and access troubleshooting β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Restrict cockpit exposure to management network zone only.

firewall-cmd --zone=internal --add-service=cockpit --permanent
firewall-cmd --reload

Verification & Acceptance Criteria

Port 9090 is listening and authenticated login works.

ss -tulpn | grep 9090
curl -kI https://localhost:9090
systemctl status cockpit.socket

Rollback Plan

Disable cockpit if policy requires CLI-only management.

systemctl disable --now cockpit.socket
firewall-cmd --remove-service=cockpit --permanent
firewall-cmd --reload

Prevention & Hardening

Audit management surface and enforce zone-restricted cockpit access.

firewall-cmd --list-services
journalctl -u cockpit.socket --since yesterday

May co-occur with certificate trust warnings and reverse proxy misconfiguration.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

RHEL Cockpit deployment and hardening documentation.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.