The nice cockpit web-frontend has a service-page/section that is used to show and administer the services timer etc. After the upgrade from F42 to F43 the entire page is beeing repeatedly refreshed.
My account has admin-rights, and the logout gives me no hint:
Jan 03 05:36:57 woody systemd[1]: Starting cockpit.service - Cockpit Web Service…
Jan 03 05:36:57 woody systemd[1]: Started cockpit.service - Cockpit Web Service.
Jan 03 05:36:57 woody cockpit-tls[3289]: cockpit-tls: gnutls_handshake failed: Error in the push function.
Jan 03 05:36:57 woody cockpit-tls[3289]: cockpit-tls: gnutls_handshake failed: Error in the push function.
The error is something about Transport Layer Security. If you are on a private network or if you can configure the connection to go through another service such as Apache, then you could disable TLS with something like the following in /etc/cockpit/cockpit.conf.
[WebService]
ProtocolHeader = X-Forwarded-Proto
ForwardedForHeader = X-Forwarded-For
Origins = https://example.com wss://example.com
# TLS has been offloaded to the Apache server
AllowUnencrypted=true
Make sure you do not send your password unencrytped over a public network. Even a private network is risky. You should also configure Apache with TLS on the same server and have it then proxy the connection to 127.0.01:9090. And firewall off port 9090 so it can only be accessed from 127.0.0.1.¹
All that would just be a work-around though. A better solution would be to figure out why Cockpit’s built-in TLS is failing. Maybe you could increase the debug level?
1. Better yet, put the following in /etc/systemd/system/cockpit.socket.d/listen.conf so Cockpit will only listen on 127.0.0.1:
I can observe the same behavior, on the Services and Account pages. The Firefox console showed errors repeatedly trying to download some Red Hat fonts. After disabling “Enhanced Tracking Protection” in Firefox, the errors and the flickering went away. Unfortunately, I cannot reproduce the error any more even after re-enabling tracking protection, presumably because the fonts are cached now.
Thank you so much for pointing to firefox being the culprit. Deactivating “Enhanced Tracking Protection” did it for me too. For reference the error I was getting was this :
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “default-src 'self'”.