1. Create repository for webmin #echo "deb https://download.webmin.com/download/repository sarge contrib" >> webmin.list 2. Fech and install the GPG key for the repository #cd /root #wget https://download.webmin.com/jcameron-key.asc #apt-key add jcameron-key.asc 3. Install webmin #apt-get install apt-transport-https #apt-get update #apt-get install webmin If Debian complains about missing dependencies, you can install them with the command #apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python 4. Manage SSL certificate for webmin (by using existing SSL certifcates) #cat /etc/ssl/certs/web/mydomain.com/privkey.pem > /etc/webmin/miniserv.pem #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /etc/webmin/miniserv.pem #systemctl restart webmin 5. Configure apache2 for SSL certificate and redirection Create a file /etc/apache2/sites-available/webmin.conf and and put the entries given below <VirtualHost *:80> ServerName webmin.mydomain.com Redirect permanent / https://webmin.mydomain.com/ </VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webmin.mydomain.com
SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine On
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:10000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) https://127.0.0.1:10000/$1 [P,L]
# Proxy to your local webmin instance
ProxyPass / https://127.0.0.1:10000/
ProxyPassReverse / https://127.0.0.1:10000/
</VirtualHost>
</IfModule>
6. Configure IPTables to drop requests on 4200 from world #iptables -A INPUT -p tcp -s 127.0.0.1 --dport 10000 -j ACCEPT #iptables -A INPUT -p tcp --dport 10000 -j DROP 7. Enable Apache Configuration #ln -s /etc/apache2/sites-available/webmin.conf /etc/apache2/sites-enabled/webmin.conf #systemctl reload apache2
Summary:
After this setup webmin will be available only on https://wembin.mydomain.com and https://webmin.mydomain.com:10000 will not work