I have recently been testing out Cockpit with my various Debian servers, and I like it so far. One issue I have is that it creates the port 9090 that is open by default. I don't want that port opened to the world, but my bastion server is on a dynamic IP.
I noticed that I can install Cockpit on my remote servers, then run systemctl stop cockpit.socket
and have it work... But not past disconnects from my main server.
What I would like to know is, what is the minimum configuration required to only allow Cockpit to connect to remote Debian servers that do not have Cockpit installed (preferred), or somehow limit Cockpit's web interface to not work on public-facing interfaces.