Automate Ubuntu Server Setup with Ansible Playbook

By Raman Kumar

Updated on Oct 05, 2025

Learn how to automate your Ubuntu 24.04 server setup using Ansible Playbooks. This step-by-step guide explains configuration management concepts, control node setup, SSH hardening, UFW firewall configuration, and idempotent automation for reliable DevOps workflows.

In modern server administration, Cockpit has become one of the most efficient and user-friendly web-based interfaces for managing Linux servers. It simplifies everything from monitoring system performance to configuring storage and managing network services—all from a sleek web console.

In this guide, we’ll walk through the complete installation and configuration of Cockpit on Ubuntu 24.04, secure it using Nginx as a reverse proxy, and add an SSL certificate with Certbot. By the end, we’ll have a fully functional, HTTPS-secured management interface for our Ubuntu server.

Understanding Cockpit on Ubuntu 24.04

Cockpit is a web-based server management tool developed by Red Hat and available across most Linux distributions. It allows us to:

  • View real-time CPU, memory, and disk usage.
  • Manage users, services, and system updates.
  • Configure network interfaces and firewalls.
  • Access a built-in web terminal.
  • Manage multiple servers from one dashboard.

For Ubuntu 24.04, Cockpit is included in the official repositories, which means installation and maintenance are simple.

Prerequisites

Before we begin, ensure we have the following:

Automate Ubuntu Server Setup with Ansible Playbook

Step 1: Update and Upgrade the System

Keeping the system updated prevents compatibility issues and ensures the latest security patches are applied.

sudo apt update && sudo apt upgrade -y

Step 2: Install Cockpit

Ubuntu 24.04 includes Cockpit in its default repositories. Installation takes just a few seconds.

sudo apt install cockpit -y

After installation, enable and start the Cockpit service:

sudo systemctl enable --now cockpit

Verify the service status:

systemctl status cockpit

If everything is correct, you’ll see active (running) in green.

Step 3: Configure UFW Firewall

Ubuntu 24.04 typically comes with UFW (Uncomplicated Firewall). Let’s enable it and allow required ports.

Enable UFW (if not already active):

sudo ufw enable

Allow Nginx (for later steps):

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Allow SSH (so we don’t lock ourselves out):

sudo ufw allow OpenSSH

Check firewall status:

sudo ufw status verbose

We should now see rules for OpenSSH, 80/tcp, and 443/tcp.

Step 4: Install and Configure Nginx as a Reverse Proxy

To make Cockpit accessible securely via a domain name and port 443 (HTTPS), we’ll use Nginx as a reverse proxy.

Install Nginx:

sudo apt install nginx -y

Create a new Nginx configuration file:

sudo nano /etc/nginx/sites-available/cockpit.conf

Add the following configuration:

Replace example.com with your actual domain.

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass https://127.0.0.1:9090/;
        proxy_ssl_verify off;
        proxy_ssl_session_reuse on;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the site:

sudo ln -s /etc/nginx/sites-available/cockpit.conf /etc/nginx/sites-enabled/

Test configuration and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

At this stage, Cockpit should be accessible via:

http://example.com

But since it’s still plain HTTP, we’ll add SSL next.

Step 5: Secure Cockpit with Certbot SSL (Let’s Encrypt)

We’ll now secure our domain using Certbot, which provides free SSL certificates from Let’s Encrypt.

Install Certbot and Nginx plugin:

sudo apt install certbot python3-certbot-nginx -y

Obtain and install the certificate:

sudo certbot --nginx -d example.com

Certbot automatically edits the Nginx configuration to redirect HTTP to HTTPS and sets up the SSL certificate.

Verify automatic renewal:

sudo systemctl status certbot.timer

Certificates renew automatically every 90 days, but we can test manually with:

sudo certbot renew --dry-run

You’ll have a fully secure, HTTPS-enabled Cockpit interface.

Step 6: Access the Cockpit Web Interface

Visit the URL:

https://example.com

Login using your system username and password—the same one you use for SSH access.

install cockpit on ubuntu hostperl

Once logged in, you’ll be greeted by Cockpit’s clean, intuitive dashboard showing system metrics, resource graphs, and quick access panels.

Step 7: Key Usage Areas of Cockpit

Let’s explore some of Cockpit’s most powerful modules:

System Overview
Shows real-time CPU, memory, disk, and network usage. We can restart, shut down, or even reboot the system directly from here.

Logs
Provides system logs with filters for critical, warning, or informational messages.

Storage
View, mount, and format disks. Cockpit even supports managing LVM volumes and RAID configurations visually.

Networking
Configure interfaces, assign static IPs, or set up bonding and VLANs.

Services
Enable, disable, or restart systemd services without touching the command line.

Terminal
A built-in web-based terminal for advanced operations—useful when SSH isn’t available.

Software Updates
Easily apply updates with a single click. Cockpit also supports automatic updates for unattended systems.

Accounts
Add or remove system users, manage groups, and set password policies.

Step 8: Optional – Manage Multiple Servers

Cockpit allows us to manage multiple servers from one interface.

To add more systems:

  • Go to the “Dashboard” tab in Cockpit.
  • Click “+ Add Server”.
  • Enter the IP address and credentials of another Cockpit-enabled server.

This creates a unified dashboard to manage all servers centrally.

Troubleshooting Tips

If Cockpit fails to load:

  • Check service status: sudo systemctl status cockpit
  • Ensure Nginx proxy is forwarding traffic: sudo tail -f /var/log/nginx/error.log
  • Verify firewall rules: sudo ufw status
  • Restart both services: sudo systemctl restart cockpit nginx

Conclusion

We’ve successfully set up Cockpit on Ubuntu 24.04 with Nginx and SSL via Certbot, transforming a plain server into a secure, web-based management platform. With Cockpit, we can handle updates, networking, services, users, and performance monitoring—without ever leaving the browser.

For administrators managing multiple Linux servers, Cockpit offers the perfect blend of visibility, control, and simplicity. It’s a powerful way to bring modern server management to the web, securely and efficiently.