Install and configure webmin with SSL (debian)

1. Create repository for webmin  
        #echo "deb https://download.webmin.com/download/repository sarge contrib" >> webmin.list      
   
2. Fech and install the GPG key for the repository
       #cd /root
       #wget https://download.webmin.com/jcameron-key.asc
       #apt-key add jcameron-key.asc

3. Install webmin
       #apt-get install apt-transport-https
       #apt-get update
       #apt-get install webmin
       If Debian complains about missing dependencies, you can install them with the command
       #apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python

4. Manage SSL certificate for webmin (by using existing SSL certifcates)
      #cat /etc/ssl/certs/web/mydomain.com/privkey.pem > /etc/webmin/miniserv.pem
      #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /etc/webmin/miniserv.pem
      #systemctl restart webmin

5. Configure apache2 for SSL certificate and redirection
      Create a file /etc/apache2/sites-available/webmin.conf and and put the entries given below

         <VirtualHost *:80>
         ServerName webmin.mydomain.com
         Redirect permanent / https://webmin.mydomain.com/
         </VirtualHost>

         <IfModule mod_ssl.c>
         <VirtualHost *:443>
         ServerName webmin.mydomain.com
         SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
         SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf
         ProxyPreserveHost On
         ProxyRequests Off
         SSLProxyEngine On

         # allow for upgrading to websockets
         RewriteEngine On
         RewriteCond %{HTTP:Upgrade} =websocket [NC]
         RewriteRule /(.*) ws://127.0.0.1:10000/$1 [P,L]
         RewriteCond %{HTTP:Upgrade} !=websocket [NC]
         RewriteRule /(.*) https://127.0.0.1:10000/$1 [P,L]

         # Proxy to your local webmin instance
         ProxyPass / https://127.0.0.1:10000/
         ProxyPassReverse / https://127.0.0.1:10000/

         </VirtualHost>
         </IfModule>

6. Configure IPTables to drop requests on 4200 from world
      #iptables -A INPUT -p tcp -s 127.0.0.1 --dport 10000 -j ACCEPT
      #iptables -A INPUT -p tcp --dport 10000 -j DROP

7.  Enable Apache Configuration         
     #ln -s /etc/apache2/sites-available/webmin.conf /etc/apache2/sites-enabled/webmin.conf        
     #systemctl reload apache2

 

Summary:
After this setup webmin will be available only on https://wembin.mydomain.com and https://webmin.mydomain.com:10000 will not work

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

3,435 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>