How to install Webmin on Ubuntu 18.04
Webmin is a web-based control panel for any Linux machine that allows you to manage your server through a modern web-based interface. With Webmin, you can change settings for common packages on the fly, including web servers and databases, as well as manage users, groups and software packages.
Through this tutorial, you will install and configure Webmin on your server, and ensure access to the interface with a valid certificate using Let's Encrypt and Apache. Then you will use Webmin to add new user accounts and update all packages on your server from the panel.
To complete this tutorial, you will need the following
An Ubuntu 18.04 server configured using the initial configuration guide for Ubuntu 18.04 servers, a non-root sudo user and a firewall.
Apache installed following the instructions of How to install a Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 18.04. We will use Apache to run the domain verification of Let's Encrypt and fulfill the function of a Webmin proxy. Be sure to configure access to Apache through your firewall by following the steps in this tutorial.
A full domain name (FQDN), with a DNS A record oriented to your server's IP address. To set this up, follow the tutorial How to set up a host name with DigitalOcean.
Certbot installed according to step 1 of Securing Apache with Let's Encrypt in Ubuntu 18.04. You will use Certbot to generate the TLS/SSL certificate for Webmin.
Step 1: Installing Webmin
First, we must add the Webmin repository so that we can easily install and update Webmin using our package manager. This is done by adding the repository to the
Open the file in your editor:
$ sudo nano /etc/apt/sources.list
Then add this line at the bottom of the file to add the new repository:
. . . deb http://download.webmin.com/download/repository sarge contrib
Save the file and close the editor.
Then add the Webmin PGP key to make your system trust the new repository:
$ wget http://www.webmin.com/jcameron-key.asc $ sudo apt-key add jcameron-key.asc
Then update the package list to include the Webmin repository:
$ sudo apt update
Then install Webmin:
$ sudo apt install webmin
When the installation is complete, you will see the following result:
Output Webmin install complete. You can now login to https://your_server_ip:10000 as root with your root password, or as any user who can use `sudo`.
Now, we will guarantee Webmin access by placing it behind the Apache web server and adding a valid TLS/SSL certificate.
Step 2: Protecting Webmin with Apache and Let's Encrypt
To access Webmin, you must specify port
10000 and check that it is open on your firewall. This is inconvenient, especially if you access Webmin using an FQDN such as
webmin.your_domain. We will use an Apache virtual host for proxy requests sent to the Webmin server running on port
10000. We will then secure the virtual host using a TLS/SSL certificate from Let's Encrypt.
First, create a new Apache virtual host file in the Apache configuration directory:
$ sudo nano /etc/apache2/sites-available/your_domain.conf
Add the following to the file, replacing the email address and domain with your own:
<VirtualHost *:80> ServerAdmin your_email ServerName your_domain ProxyPass / http://localhost:10000/ ProxyPassReverse / http://localhost:10000/ </VirtualHost>
This configuration instructs Apache to approve requests sent to http://localhost:10000, the Webmin server. It also ensures that internal links generated from Webmin pass through Apache.
Save the file and close the editor.
Next, we must tell Webmin to stop using TLS/SSL, since Apache will provide it.
Open the file
/etc/webmin/miniserv.conf in your editor:
$ sudo nano /etc/webmin/miniserv.conf
/etc/webmin/miniserv.conf ... ssl=1 ...
Change the 1 to 0. This will tell Webmin to stop using SSL.
Next, we will add our domain to the list of allowed domains, so that Webmin will interpret that when we access the panel from our domain it is not a malicious operation, such as a site scripting (XSS) attack.
Open the file
/etc/webmin/config in your editor:
$ sudo nano /etc/webmin/config
Add the following line to the end of the file, replacing your_domain with your full domain name.
/etc/webmin/config . . . referers=your_domain
Save the file and close the editor.
Then restart Webmin to apply the configuration changes:
sudo systemctl restart webmin
Then, enable the Apache proxy_http module:
$ sudo a2enmod proxy_http
You will see the following result:
Output Considering dependency proxy for proxy_http: Enabling module proxy. Enabling module proxy_http. To activate the new configuration, you need to run: systemctl restart apache2
The result suggests that you restart Apache, but first you must activate the new Apache virtual host you created:
sudo a2ensite your_domain
You will see the following result, which will indicate that your site is enabled:
Output Enabling site your_domain. To activate the new configuration, you need to run: systemctl reload apache2
Now, restart Apache completely to enable the proxy_http module and the new virtual host:
sudo systemctl restart apache2
NOTE: Be sure to allow incoming traffic on your web server on ports 80 and 443 as shown in the prerequisites tutorial How to install a Linux, Apache, MySQL and PHP (LAMP) stack on Ubuntu 18.04. You can do this with the sudo ufw allow command in "Apache Full".
Go to http://your_domain in your browser and you will see the Webmin login page.
Warning: Do NOT log in to Webmin yet; we have not enabled SSL. If you log in now, your credentials will be sent to the server in unencrypted text.
Now, we'll set up a certificate so that your connection is encrypted while using Webmin. To do this, we will use Let's Encrypt.
Tell Certbot to generate a TLS/SSL certificate for your domain and configure Apache to redirect traffic to the secure site:
sudo certbot --apache --email your_email -d your_domain --agree-tos --redirect --noninteractive
You will see the following result:
Output Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Obtaining a new certificate Performing the following challenges: http-01 challenge for your_domain Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/your_domain-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-le-ssl.conf Enabling available site: /etc/apache2/sites-available/your_domain-le-ssl.conf Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/your_domain.conf to ssl vhost in /etc/apache2/sites-available/your_domain-le-ssl.conf ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://your_domain You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=your_domain -------------------------------------------------------------------------------
The result indicates that the certificate was installed and Apache is configured to redirect requests from http://your_domain to https://your_domain.
With this, you've set up a secure working instance of Webmin. Let's see how to use it.
Step 3: Using Webmin
Webmin has modules that can control everything from the BIND DNS server to something as simple as adding users to the system. Let's see how to create a new user and then explore how to update software packages using Webmin.
To login to Webmin, go to http://your_domain and log in with the *root *user or a user with sudo privileges.
User and group management
Now, we'll manage the users and groups on the server.
First, click on the System tab and then on the Users and Groups button. From here you can add a user, manage it or add or manage a group.
We'll create a new user called Deploy that could be used to host web applications. To add a user, click Create a new user, which is located at the top of the user table. This displays the Create User screen, where you can provide the user name, password, groups and other options. Follow these instructions to create the user:
- Fill in the User Name field with implement.
- Select Automatic for the User ID field.
- Fill in the True Name field with a descriptive name, as an implementation user.
- For the Home directory field, select Automatic.
- For Shell, select
*/bin/bash *from the drop-down list.
- For Password, select Normal Password and type the one you choose.
- For Primary Group, select New Group with the same name as the user.
- For Secondary group, select sudo in the All groups list and press the -> button to add the group to the list of in groups.
- Choose Create to create this new user.
When you create a user, you can set options for password expiration, user shell, or being given a home directory.
Next, let's see how to install updates on our system.
Webmin allows you to update all your packages through its user interface. To update all your packages, click the Panel link and then locate the Package updates field.
Click on this link and then press *Upgrade selected packages * to start the upgrade. You may be prompted to restart the server, which you can also do through the Webmin interface.
You will now have a secure working instance of Webmin, and have used the interface to create a user and update packages. Webmin gives you access to many things you would normally have to access through the console and organizes them intuitively. For example, if you have Apache installed, you would find the configuration tab under Servers and Apache.
For more information on administering your system with Webmin, explore the interface further or consult the official Webmin wiki site.
Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.
In the previous articles I made a short introduction to the Unix world and in the following article I have dealt with the basic commands for the file system management. Today we are…
I introduced in the previous article, available here, the basic concepts concerning the Linux world. Today we are going to have a look to some basic operations that we can perform…
Even if most of the tech experts actively claim that RSS (Rich Site Summary) is dead especially after Google Reader was discontinued 5 years ago but it isn’t yet as…
In this article we will explain how to install, manage and configure the SSL Security certificate, Let's Encypt in NGINX server used as proxy. This certificate is free but does…
Setting up your own mail server from scratch on Linux is complex and tedious, until you meet iRedMail. This tutorial is going to show you how you can easily and…
It's been over a half-decade since the GIMP 2.8 stable debut and today marks the long-awaited release of GIMP 2.10, its first major update in six years. And among other…
I recently had a request to setup SFTP for a customer so they could manage a set of files in their environment through an FTP GUI. Being an avid user…
Java and the JVM (Java's virtual machine) are widely used and required for many kinds of software. This article will guide you through the process of installing and managing different…
Introduction to ArangoDb, open source, NoSQL, multi-model database BigData seems to be getting stronger every day and more and more NoSQL databases are coming out to the market, all trying to position…
Efficiency is important at work, no matter the type of job you do. The better the tools that you use, the more productive you are. So if you’re a web…
What do you do with your old computers? The one which once had good hardware configuration but now those are considered outdated. Why not revive your old computer with Linux?…
In order to have Varnish 4 pass on the real client IP to your Apache 2.4 error log in Ubuntu 16.04 , you'll need to edit your Varnish configuration (/etc/varnish/default.vcl…