[onCloud ]Webmin VPS - Getting Started Guide

Webmin for Linux VPS

Webmin is now supplied for all Linux VPS' that do not already include a control panel such as Plesk or WHM/cPanel! It provides a GUI for commonly used functions and settings for your Linux VPS without customizing the server on its own. Out of the box, this feature is simply extra to your VPS for your convenience. You may choose to use it, or not and it should have no impact on your experience.


Whats setup out of the box?

Out of the box, Webmin has been configured to support your LAMP suite including Linux, Apache, MySQL, PHP and Perl as well as support for FTP. This is over and above the default configuration supplied by all Webmin installations.


Logging into Webmin

Webmin is enabled on your VPS hostname by default on port 10000. So you can access it at:

https://yourHostName:10000/ or https://yourIPaddress:10000/ 

Username: root Password: [your vps root password found in your control panel (or reset from your control panel)]

You can log in using "root" as your username and the VPS root password supplied in your myhosting.com onCloud Control Panel under the "VPS Management" tab. You'll find original password set for your VPS in the green highlight information at the top of this page.


Webmin FAQ

  • How do I change my Webmin password if I can't login? 

Included with the Webmin distribution is a program called changepass.pl to solve erecisely this problem. Assuming you have installed Webmin in/usr/libexec/webmin, you could change the password of the admin user to foo by running

/usr/libexec/webmin/changepass.pl /etc/webmin admin foo

  • What effect will Webmin have on my existing configuration files? 

Just installing Webmin will not cause any config file changes to be made. When you start to use it, only the config files related to the changes that you make in Webmin will be modified. For example, using the Apache Webserver module would not effect your Sendmail configuration.

  • How do I install new modules? 

Once you have downloaded a new module as a .wbm file, enter the Webmin Configuration module and click on the Webmin Modules button. Then use the form at the top of the page to install the module either from the local filesystem of the server Webmin is running on, or uploaded from the client your browser is on.

  • How do I log Webmin actions and the files they have changed? 

By default, basic logging is enabled in Webmin. To turn on full logging, go into the Webmin Configuration module, click on the Logging icon and turn on the Log changes made to files by each action option. This will record all file changes and commands run by Webmin. Once logging is enabled, all actions performed from then on can be viewed in the Webmin Actions Logmodule.

  • My browser complains about the Webmin certificate when in SSL mode 

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server's hostname and will be recognized web browsers. This certificate should be placed in the file/etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :

  • Run the command openssl genrsa -out key.pem 2048 . This will create the file key.pem which is your private key.
  • Run the command openssl req -new -key key.pem -out req.pem . When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
  • Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with -----BEGIN CERTIFICATE----- which can be put in the file cert.pem.
  • Combine the private key and certificate with the command cat key.pem cert.pem >/etc/webmin/miniserv.pem.
  • Re-start webmin (making sure it is in SSL mode) to use the new key.
  • How can I create a Webmin user who can only configure one Apache virtual server or DNS domain? 

In the Webmin Servers module, create a new user and give him access to only the Apache Webserver module. After saving, click on Apache Webserver next to the user's name in the list of Webmin users and use the form that appears to deny him access to everything except one selected virtual server.

Many other modules can also be configured in a similar way to restrict the access of a user to only certain DNS domains, Unix users or mail aliases.

  • How can I change Webmin's list of allowed IP addresses from the shell? 

The file you need to modify is /etc/webmin/miniserv.conf , in particular the allow=or deny= lines. If the allow= line exists, it contains a list of all addresses and networks that are allowed to connect to Webmin. Similarly, the deny= line contains addresses that are not allowed to connect. After modifying this file, you need to run /etc/webmin/stop ; /etc/webmin/start for the changes to take effect. Naturally, the file can only be edited by the root user.

  • How can I make a Webmin user always use the same password as Unix? 

This can be done by following these steps :

  • In the Perl Modules module of Webmin, install Authen::PAM from CPAN.
  • In the PAM Authentication module, add a new PAM service calledwebmin that uses Unix authentication.
  • In the Webmin Users module, click on the user that you want to symchronize with Unix and set his Password option to Unix Authentication.

If PAM is not used on your operating system, the first two steps can be skipped. Webmin will instead read the /etc/passwd or /etc/shadow file directly to authenticate users who are using the Unix Authentication password mode.

  • How can I allow any Unix user to login to Webmin? 

Follow these steps :

  • In the Perl Modules module of Webmin, install Authen::PAM from CPAN.
  • In the PAM Authentication module, add a new PAM service calledwebmin that uses Unix authentication.
  • In the Webmin Users module, create a new user called something like unixer, with access to the modules that you want all your Unix users to have access to.
  • In each of the modules unixer has access to, change the module access control to give your users rights only to their own accounts. For example, in the Change Passwords module you should selectOnly this user for the Users whose passwords can be changed so that Unix users logging in can only change their own passwords.
  • Click on Configure Unix user authentication below the list of Webmin users and choose Allow any Unix user to login with permissions of user unixer.
  • Any Unix user should now be able to login to Webmin on your system.

Again, if your system does not use PAM the first two steps can be skipped, and Webmin will read /etc/passwd or /etc/shadow file directly to authenticate users.

Another alternative to doing all this is to install Usermin, which allows all Unix users to login and access only settings belonging to them, using a similar interface to Webmin.

  • How can I download a file in the File Manager? 

Normally when you double-click on a file in the right-hand list, it is displayed in a separate browser window. However, if you hold down shift while double-clicking, your browser should prompt you to save the file instead.

In Webmin versions 0.966 and above, you can also download by selecting the file and clicking on the Save button in the top-left corner of the file manager.

  • In Usermin's Read Mail module, how can I set users' From addresses when my server hosts multiple virtual domains? 

By default, when a user composed email the From field containsusername@systemhostname. This can be changed by following these steps :

  • Login to Webmin on the same server, and enter the Usermin Configuration module.
  • Click on Usermin Module Configuration.
  • Click on Read Mail.
  • In the Default hostname for From: addresses field, enter the domain or hostname that you want to appear after the @ in users' From addresses.
  • If you want to stop users from changing their From address (to prevent mail forging), set the Allow editing of From: addressoption to No.
  • If you have multiple virtual domains and want different users to have different domains in their From addresses, you will need to set the From: address mapping file to the name of a file that maps real email addresses to virtual domain email addresses. This must be a text file, with each line containing :

    username     fromaddress 

The username part of each line must be the user's Usermin login, and the fromaddress is the new From address to assign to that user. The username can also be the user's full email address as it currently appears, such as joe@yourserver.com.

  • In Usermin's MySQL Database module, how can I restrict the databases that each user can see and use? 

By default the module will list all of the databases on your system on the main page, even if some are not actually usable by the logged-in user. To change this, follow these steps :

  • Login to Webmin on the same server, and enter the Usermin Configuration module.
  • Click on Usermin Module Configuration.
  • Click on MySQL Database in the list.
  • In the Database access control list field, remove the existing *: * line and enter one line per user, containing the username, a colon and list of databases he is allowed to use. For example, you could enter :jcameron: database1

fred: database2 database3

joe: *

A * in the database column means all databases, while a * in the username column means any user not listed so far.

  • Hit the Save button to activate the restrictions.
  • Why do reports for different logs generated in the Webalizer module come out the same? 

This often happens on Redhat Linux systems due to a bug (in my opinion) in the default Webalizer configuration. To fix it, do the following :

  • Edit the file /etc/webalizer.conf.
  • Change the line starting with HistoryName to HistoryName webalizer.hist.
  • Change the line starting with IncrementalName to IncrementalName webalizer.current.
  • Make the same change to any *.conf files in /etc/webmin/webalizer.
  • Re-generate all reports.
  • What ports does Webmin RPC use> 

Webmin has two RPC modes - slow mode, that only uses the same HTTP port the webserver listens on (typically 10000), and fast mode which uses ports 10000 on up. The upper bound depends on the number of concurrent RPC operations, but opening the range 10000 to 10010 should be enough when configuring the firewall between two Webmin servers.

All FAQ's cited from http://www.webmin.com/faq.html 


Was this article helpful?
0 out of 0 found this helpful