How to disable NethServer GUI

NethServer Version: 7.9.2009 (final)
Module: your_module

Hello,

I am looking to be able to disable the web GUI for my NethServer, and only enable it when I need to log in to config.

I noticed that I am able to log into two different web GUI’s, but only one will allow me to enable 2FA.

Could someone please elaborate on this and how I can disable both GUI’s especially the one without 2FA?

The GUI that does not have 2FA options is on port 980
The GUI that has 2FA is on port 9090

Thanks!

Hi, @sebbyv , and welcome to the community!

As a new user stick to cockpit GUI . The old server-manager is no longer needed to manage the server other than as a requirement for samba-audit IIRC, and in some specific cases it can be used to do some tricks.

On the current server-manager GUI (cockpit, port 9090) you can restrict access by IP, 2FA, and network zone (for instance access from green only), at least (plus grant access to some parts of the server-manager to specific users/groups IIRC).

You can restrict access to the old server-manager (NethUI or NethGUI, port 980) by network zone but if you do not need it, you can uninstall nethserver-httpd-admin (IIRC it is needed to view the reports from samba audit if you are using that module).

Even if you restrict access to green zone only, you can use ssh tunneling (port forwarding) to manage it from outside.

Another way that doesn’t require removal is to disable the related services.

  • For the old server-manger: systemctl disable --now httpd-admin
  • For cockpit server-manager: systemctl disable --now cockpit cockpit.socket

…but you will need to enable them when you want to use them, and possibly disable them again after their related packages are updated.

5 Likes

Hello,

I was able to disable the older GUI but not the newer cockpit.

[root@domain ~]# systemctl disable --now httpd-admin
Removed symlink /etc/systemd/system/multi-user.target.wants/httpd-admin.service.

[root@domain ~]# systemctl disable --now cockpit*
Failed to execute operation: No such file or directory

At this point I am no longer able to access the old GUI on port 980 which is good.
Now I just need to be able to disable the new cockpit on port 9090

[root@domain ~]# systemctl --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
blk-availability.service loaded active exited Availability of block devices
chronyd.service loaded active running NTP client/server
collectd.service loaded active running Collectd statistics daemon
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
dnsmasq.service loaded active running DNS caching server.
getty@tty1.service loaded active running Getty on tty1
gssproxy.service loaded active running GSSAPI Proxy Daemon
httpd.service loaded active running The Apache HTTP Server
ir_agent.service loaded active running Rapid7 Insight Agent
irqbalance.service loaded active running irqbalance daemon
iscsi-shutdown.service loaded active exited Logout off all iSCSI sessions on shutdown
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progres
lvm2-pvscan@252:2.service loaded active exited LVM2 PV scan on device 252:2
netdata.service loaded active running Real time performance monitoring
network.service loaded active exited LSB: Bring up/down networking
nms.service loaded active running NethServer Monitor Services (NMS)
nsdc.service loaded active running NethServer Domain Controller container
oddjobd.service loaded active running privileged operations for unprivileged applications
polkit.service loaded active running Authorization Manager
postfix.service loaded active running Postfix Mail Transport Agent
rhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesg
rhel-domainname.service loaded active exited Read and set NIS domainname from /etc/sysconfig/network
rhel-import-state.service loaded active exited Import network configuration from initramfs
rhel-readonly.service loaded active exited Configure read-only root support
rpc-gssd.service loaded active running RPC security service for NFS client and server
rpcbind.service loaded active running RPC bind service
rsyslog.service loaded active running System Logging Service
shorewall.service loaded active exited Shorewall IPv4 firewall
smartd.service loaded active running Self Monitoring and Reporting Technology (SMART) Daemon
sshd.service loaded active running OpenSSH server daemon
sssd.service loaded active running System Security Services Daemon
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-machined.service loaded active running Virtual Machine and Container Registration Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manager
systemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdown
systemd-user-sessions.service loaded active exited Permit User Sessions
systemd-vconsole-setup.service loaded active exited Setup Virtual Console
tuned.service loaded active running Dynamic System Tuning Daemon
udisks2.service loaded active running Disk Manager
yum-cron.service loaded active exited Run automatic yum updates as a cron job

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

52 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use ‘systemctl list-unit-files’.

Please advise.

  • For cockpit server-manager: systemctl disable --now cockpit cockpit.socket

without the asterisk (I’ve now corrected it on the other post)

2 Likes

That worked perfect. Thank you

Thanks, this helped me too!

1 Like