Allowing you to administer your server through a simple interface, Webmin is a new modern web control panel for any linux machine and by which you can also change settings for common packages on the fly.
By the completion of this tutorial you will learn how to install and configure Webmin on your server and then secure access with the help of a valid certificate using Let’s Encrypt to the interface. You will also get to learn by the course of this blog, that how you can use Webmin in order to add new user accounts, and how can you update all packages from dashboard on your server.
If you want to practice accordingly , you will be needing the following:
- You will need one Debian 9 server and a sudo non root user and a firewall.
- A (FQDN) or also known as Fully Qualified Domain, with a DNS A record marking to the IP address of your server.
- Also you will be needing Apache installed in your server.
In order to easily install and update Webmin using your package manager you firstly need to add on the Webmin repository. You can do this by adding on the repository to the /etc/apt/sources. list file.
Now you need to open the file in your preferable editor:
$ sudo nano /etc/apt/sources.list
Now you will have to add this line to the bottom of the file so that you can add the new repository:
. . . deb http://download.webmin.com/download/repository sarge contrib
Now you will have to save the file and then you will have to exit the editor.
The next step you need to take is that you need to add the Webmin PGP key so that your system is able to trust the new repository:
$ wget http://www.webmin.com/jcameron-key.asc $ sudo apt-key add jcameron-key.asc
Then you need to update the list of packages so that you can involve the Webmin repository:
$ sudo apt update
now you will have to install Webmin:
$ sudo apt install webmin
As soon as the installation completes , you will get the following output:
Output Webmin install complete. You can now login to https://your_server_ip:10000 as root with your root password, or as any user who can use `sudo`.
Note: You need to copy this following information because you will be needing this for the next step. Also if you have installed ufw while the essential stage, you need to run the command sudo ufw allow 10000, to allow Webmin access through the firewall. However, for more security you can also configure your firewall so that you can allow access from certain IP ranges to this particular port.
Now you will have to secure access by adding a valid certificate to Webmin.
Adding a Valid Certificate with Let’s Encrypt
Webmin uses a self-signed, untrusted certificate, however is already configured to use HTTPS. You will have to replace it with a valid certificate obtainable from Let’s Encrypt.
Now you will have to navigate to https://your_domain:10000 in your web browser, replacing your_domain with the domain name you pointed at your server.
Note: You need to keep a note that when you are logging in for the very first time, you will find an “ Invalid SSL” error, because the server has already created a self-signed certificate. You need to allow the continuation so that you can replace the self-signed certificate one obtainable from Let’s Encrypt.
Now you will able to see a login screen in which you need to sign in with the non-root user you have created while fulfilling the prerequisites. As soon as you log in, the first screen that you will see is the Webmin dashboard. You will have to set the server’s hostname before you can apply a valid certificate. Next you will have to look for the System hostname field and you will have to click on the link to the right as it is shown here in the image:
Image Courtesy: https://do.co/2QwhhDb
From here you will be navigated to the Hostname and DN S Client page, then you need to locate the Hostname field and then you will have to enter your Fully-Qualified Domain Name into the field. Now you will have to press the save button, that is in the the bottom of the page in order to apply the setting.
Then after you have set your hostname, you need to click on Webmin which is on the left navigation bar and you will have to click on Webmin Configuration. After that you will have to select SSL Encryption from the list of icons, and then you will have to select the Let’s Encrypt tab.:
Image courtesy: https://do.co/2U9o2Kj
With the help of this screen, you will have to ask Webmin how you will have to obtain and then renew your certificate. The certificates of Let’s Encrypt expires after 3 months. However you can instruct webmin how to attempt to renew the let’s Encrypt certificate every month. You will have to configure Webmin to place the verification file inside the folder /var/www/html. This is the folder that Apache web server that you have configured in the prerequisites. Now you need to follow these steps so that you can set up your certificate.
With your own FQDN you need to fill in the Hostnames for certificate
Then you need to select the Other Directory button and enter /var/www/html for Website root directory for validation file.
1. You will have to deselect the Only renew manually option by typing 1 into the input box and select the radio button to the left, for Months between automatic renewal section.
2. Then you need to click on the Request Certificate button after which you will find a confirmation screen just a few seconds later.
Then you need to restart Webmin by clicking the black arrow in the browser and you will have to Restart Webmin button, in order to use the new certificate. then you need tpo wait for aroud 30 seconds and after that you need to reload and you will have to log in again. Now your browser will provide you indication about the validation of the certificate.
Webmin have got various modules which can control everything from the BIND DNS Server to a very simple thing like adding users to the system. Now you will have to create a new user and then you will have to update the operating system using Webmin.
Managing Users and Groups
You will have to learn how to manage the users and groups on your server.
Firstly, you need to click the System tab, and then you will have to click the Users and Groups button. Then, from here, you will be able to add a user, manage a user, and can also add or manage a group. You then need to create a new user called deploy by which web applications hosting can be done. In order to add a user you need to click Create a new user that is usually located at the top of the users table. After this the Create User Screen will be displayed, in which you will be able to supply the username, password, groups and other various options. You will need to follow these instructions if you want to create the user:
1. You will need to fill in Username with deploy.
2. Then you will have to select Automatic for User ID.
3. Then you will to fill in Real Name with a descriptive name like Deployment user.
4. Then you will have to select Automatic for Home Directory.
5. You need to select /bin/bash from the dropdown list for Shell.
6. You need to select Normal Password and type in a password of your choice for Password.
7. You need to select New group with same name as user for Primary Group.
8. For the Secondary Group, you need to select sudo from the All groups list, and press the -> buttonin order to add the group to the in groups list.
9. Then you will have to Press Create in order to create this new user.
When you want to create a user, you can set options for password expiry, the user’s shell, and you can also choose that whether or not they are allowed a home directory.
The next and the final step is to install updates in your system.
Webmin helps you to update all of your packages through its user interface. In order to update all of your packages you firstly need to go to the Dashboard link and then you will have to locate the Package Updates field. If there are updates obtainable you will find a link which reflects the number of obtainable updates, just like the image below:
Image Courtesy: https://do.co/2KOdhZH
You need to click on this link and then you will have to press Update selected packages in order to start the update. After this you might be asked to reboot your server which you can also attempt through the Webmin interface.
You now by the end of this blog know how to secure working instance of Webmin also you how webmin gives you access to various things that you would have to access through the console and how it arranges them.
Header Image Courtesy: https://bit.ly/2Q85o7l