You’ve got six servers running. SSH is fine for you, but your ops team is tired of asking you for shell access every time they need to check disk usage or restart a service. You could give everyone SSH keys, but that feels like handing out master keys to the kingdom. Enter: web-based admin panels.
There are two names that keep floating around: Cockpit and Webmin. Both run in the browser. Both let non-sysadmins poke at server settings without a terminal. But they’re solving the problem in completely different ways. Let’s figure out which one belongs on your infrastructure.
Why You Even Need This
Look, SSH and the CLI are beautiful. They’re powerful. They’re reproducible. But here’s the thing: not everyone on your team is a CLI person. Maybe you’ve got a junior admin. Maybe your DBA just needs to restart MySQL once a week. Maybe you’re managing a home lab and you’re tired of remembering which server has which IP.
A web panel gives you:
- Quick visibility across multiple machines — one dashboard instead of six SSH tabs
- Non-terminal users — let people who aren’t comfortable in bash do basic stuff without bothering you
- Browser-based tasks — sometimes scrolling beats fumbling with
systemctlsyntax - Audit trail — most panels log who did what and when
The catch: neither replaces the terminal for complex work. Think of them as the dashboard in your car — handy for checking fuel and temperature, but you’re still getting under the hood for the real work.
Cockpit: The New Guard
Cockpit is Red Hat’s answer to “what if we built a server panel for 2026 instead of 1997?”
Installation is trivial. It’s in every major distro’s repos:
# Fedora / RHEL / CentOSsudo dnf install cockpit
# Debian / Ubuntusudo apt install cockpit
# Start and enablesudo systemctl enable cockpit.socket --nowThen point your browser to https://localhost:9090 and log in with your system user. Cockpit uses PAM (Linux authentication) — if you can SSH, you can log into Cockpit. Same credentials, same security model.
What you get:
- Dashboard — CPU, memory, disk, network at a glance
- Storage management — create/format partitions, manage LVM, mount filesystems via a GUI
- Services — start/stop/restart anything systemd knows about
- Networking — create bridges, VLANs, configure NICs (actually nice UI for this)
- Podman integration — see running containers, logs, stats
- KVM — manage virtual machines on the same box
- SSH key upload — let users add their keys to
authorized_keysfrom the panel - Terminal — web-based shell built in (for when you need to drop down)
Multi-server is where Cockpit shines. Once you’re logged in, you can add other servers by SSH hostname. Cockpit establishes a reverse SSH tunnel to each one and gives you a unified view. Click a server name and switch context. It’s smooth.
Resource footprint: Barely noticeable. Cockpit is a thin web layer over existing systemd APIs. We’re talking <20 MB RAM.
Webmin: The Veteran
Webmin has been around since 1997. It shows. That’s not a knock — it’s the opposite. Webmin can configure things Cockpit doesn’t even know exist.
Installation — grab the tarball or DEB:
# Download (check webmin.com for latest)wget https://download.webmin.com/webmin-2.102-minimal.tar.gz
# Extract and run setuptar xzf webmin-*.tar.gzcd webmin-*./setup.shOr if your distro has it:
# Some distros carry itsudo apt install webmin # Debian/Ubuntu
# Create initial user during setupPoint your browser to https://localhost:10000. Webmin runs its own web server and authentication system — separate from PAM, separate from SSH.
What you get:
Webmin’s genius is breadth. Each module handles one system component:
- Apache — VirtualHost management, SSL certs, modules
- MySQL / PostgreSQL — databases, users, backups
- DNS — BIND management, zones, records
- Postfix/Sendmail — mail routing, relay settings
- File management — browse/upload/edit server files
- User/Group management — create accounts, manage sudoers
- Bootup and Shutdown — manage init scripts
- Cron jobs — schedule tasks via GUI
- System packages — install/remove software
If you’ve got an old dedicated server with Apache, Postfix, and MySQL all stacked on one box, Webmin is your friend. It’s the Swiss Army knife.
Multi-server works too, but it’s less integrated. You manage each server’s Webmin instance separately or use the “Webmin Cluster” plugin (feels like legacy tech).
Resource footprint: Also light, but slightly heavier than Cockpit because it’s a standalone app.
Security: The Real Talk
Both require HTTPS. Both should be behind a VPN or restricted IP list.
Cockpit: Uses your system’s PAM authentication and SSH keys. If you’re already securing SSH, Cockpit gets the same protection. Session management is straightforward. You can bind it to localhost and SSH tunnel to it, or use a firewall rule.
Webmin: Runs its own auth system. You create Webmin-specific usernames and passwords (or configure LDAP). That extra layer means one more set of credentials to manage. On the flip side, you can give Webmin access to people without system shell accounts.
If you care about minimal attack surface: Cockpit wins. It’s just wrapping existing system interfaces.
If you need fine-grained access control (non-shell users managing specific services): Webmin’s custom auth is better.
The Verdict
Use Cockpit if:
- You’re running modern RHEL, CentOS, Fedora, Debian, or Ubuntu
- Your team has shell access or SSH keys already
- You want multi-server visibility in one place
- You run containers or VMs
- You don’t want to maintain another auth system
- You want something that feels like it was designed in this decade
Use Webmin if:
- You’re managing legacy services (Apache, Postfix, BIND, ISC DHCP)
- You need to let non-shell users configure specific services
- Your infrastructure is already Webmin-heavy
- You like having every possible knob in one place
- You accept a slightly more dated UI as the cost of breadth
Honest take: Cockpit is the future. Webmin is still useful, but it feels like maintaining old code. Neither replaces knowing your way around a terminal. But for the 80% of day-to-day tasks — restarting a service, checking disk space, adding a network interface — both beat ssh-ing in and squinting at man pages.
Pick Cockpit if you’re building something new. Pick Webmin if you’re stuck in 2005. And for the love of all that’s holy, put both behind a firewall or VPN. A web panel exposed to the internet is how you end up getting ransomwared.
