Webmin is a web-based control panel that is used for administration of Linux systems. It is written in Perl and helps systems administrators to have an overview of their server performance at a glance.
Webmin eliminates the hassle of manually creating user accounts, groups, configuring file sharing, and configuration of system files such as /etc/passwd . In this guide, we will show you how you can install and secure webmin on Ubuntu 18.04.
Prerequisites
Before we get started, ensure you have the following in place
- An instance of Ubuntu 18.04 server set up
- Nginx webserver installed
- A Fully Qualified Domain Name (FQDN) with the DNS A record pointing to the server's address.
- Let's encrypt SSL installed using certbot
Let's now take a step by step approach and install webmin
Install webmin
To start off, we need to append Webmin's repository to enable us to seamlessly install and manage Webmin using the apt package manager. But before we do so, let's update our system repositories
$ sudo apt update
Next, install the necessary packages
$ sudo apt install python apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl libnet-ssleay-perl
Sample output
Thereafter, download the Webmin deb package
$ cd /tmp && curl -L -O http://www.webmin.com/download/deb/webmin-current.deb
Now install Webmin using the command below
$ sudo dpkg -i webmin-current.deb
Accessing Webmin
Not that we have successfully installed Webmin, we are going to allow port 10000 in the firewall. This is the port which we are going to access Webmin's interface.
To add port 10000 in ufw firewall execute
$ sudo ufw allow 10000/tcp
Output
To verify that port 10000 is open, run
$ sudo ufw status
Output
With the port allowed in the firewall head out to your browser, and browse your domain with the suffix :10000 at the end of the URL
Syntax
https://samplewebsite.com:10000
The URL bar will show you that the site is not encrypted and the above page will open. This is because Webmin does not yet have an SSL certificate which we shall proceed to install.
To proceed to the main dashboard, click on the "Advanced" tab and click on proceed to URL address
You will be presented with a login screen as shown. Enter the correct user details and click on 'Sign in'
The dashboard below will appear
Set up the document root directory
Next, we are going to configure Nginx server block. By default, Nginx has only one server block which is configured to server documents from /var/www/html directory
We are now going to set up a root directory for our site.
Syntax
$ sudo mkdir -p /var/www/samplewebiste.com/html
With our directory in place, we are going to reassign ownership to our regular user account
$ sudo chown -R $USER:$USER /var/www/samplewebiste.com/html
Modify permissions
$ sudo chmod -R 755 /var/www
Configure Nginx server block
Nginx contains one server block called default by default which we can use as a template for our own configurations. Weare going to create our domain's server block and later copy the default server to it and make some modifications.
As indicated above, we shall create our first server block config file by copying over the default file:
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/samplewebiste.com
We are then going to open the file using a text editor and make a few changes
$ sudo vim /etc/nginx/sites-available/samplewebiste.com
Ignoring the commented lines, the configuration should resemble the one below
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
Since we already have the Nginx default server block with the default_server attribute in the server block, we are going to delete the attribute in our domain and have :
server {
listen 80;
listen [::]:80;
. . .
}
We are then going to adjust the path to our document root and point it to our server's document root
server {
listen 80;
listen [::]:80;
root /var/www/samplewebiste.com/html;
}
Modify the server_name attribute to match our domain
server {
listen 80;
listen [::]:80;
root /var/www/samplewebiste.com/html;
index index.html index.htm index.nginx-debian.html;
server_name samplewebiste.com www.samplewebiste.com;
location / {
try_files $uri $uri/ =404;
}
}
Close and exit the configuration file
We are then going to enable the server block by issuing the following command
$ sudo ln -s /etc/nginx/sites-available/samplewebiste.com/etc/nginx/sites-enabled/
To ensure that there are no syntactical errors in any of our Nginx files, execute
$ sudo nginx -t
Output
Great!! Let's now restart Nginx server
$ sudo systemctl restart nginx
To verify that Nginx is running execute
$ sudo systemctl status nginx
Output
Encrypting Webmin
The final part is securing Webmin to encrypt communication between the browser and the Webmin server.
Click on the 'Webmin' tab
Select 'Web configuration' in the drop-down menu that appears
Click on SSL 'Encryption'
Next, Click on the 'Let's Encrypt' tab. Fill out the hostname in the hostname tab and define the root directory for the validation file as shown. Thereafter click on 'Request Certificate'.
Webmin will b generate Let's encrypt SSL certificate and store the validation file in the website directory defined
Go back to the URL and refresh the browser. You will now notice that the connection to the Webmin server is encrypted.
You can now log in securely and access the dashboard
To view information about the certificate, click on the padlock symbol and select 'Certificate valid' option
Certificate Information
if you have come this far, you should be in a position to install Let's encrypt certificate on Webmin. Try it out on your server and let us know your experience.
Great post. It works perfectly.
Hi Don,
Thanks for the comments. Glad to hear that it worked for you.