How to Install Webmin on Ubuntu 18.04

By Ghulam Qadir, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Webmin is a web-based control panel for any Linux machine which lets you manage your server through a modern web-based interface. With Webmin, you can change settings for common packages on the fly, including web servers and databases, as well as manage users, groups, and software packages. Webmin helps system administrator to manage the operating system’s internal such as changing passwords, disk quotas, file system, process, scheduled jobs, software packages, system logs, and much more.

With Webmin, you can also manage/configure open source applications such as DNS, DHCP, MySQL server, PostgreSQL, Apache HTTPD server and other networking services.

In this tutorial, we’ll install and configure Webmin on an Alibaba Cloud Elastic Compute Service (ECS) server and secure access to the interface with a valid certificate using Let’s Encrypt and Apache. We’ll then use Webmin to add new user accounts, and update all packages on your server from the dashboard.

Until Ubuntu 18.04 matures and is included in Alibaba Cloud’s library of operating system images, we can upgrade Ubuntu 16.04 to Ubuntu 18.04 by using the do-release-upgrade utility.

Prerequisites

  1. You should set up your server’s hostname.
  2. Access to VNC console in your Alibaba Cloud or SSH client installed in your PC.

After completing the prerequisites, log in as root user with your root username & password via SSH client (e.g. Putty) or VNC console available in your Alibaba Cloud account dashboard.

To complete this tutorial, you will need:

  1. Apache to perform Let’s Encrypt’s domain verification and act as a proxy for Webmin. Ensure you configure access to Apache through your firewall when following this tutorial.
  2. A Fully-Qualified Domain Name (FQDN), with a DNS A record pointing to the IP address of your server.
  3. Certbot to generate the TLS/SSL certificate for Webmin.

Installing Webmin

Open the file in your editor:

sudo nano /etc/apt/sources.list

Then add this line to the bottom of the file to add the new repository:

/etc/apt/sources.list. . . 
Deb http://download.webmin.com/download/repository sarge contrib

Save the file and exit the editor.

Next, add the Webmin PGP key so that your system will trust the new repository:

wget http://www.webmin.com/jcameron-key.asc

sudo apt-key add jcameron-key.asc

Next, update the list of packages to include the Webmin repository:

sudo apt update

Then install Webmin:

sudo apt install webmin

Once the installation finishes, you’ll be presented with the following output:

Output Webmin install complete. You can now login to
https://your-server-ip:10000 as root with your
root password, or as any user who can use 'sudo'

Now, let’s secure access to Webmin by putting it behind the Apache web server and adding a valid TLS/SSL certificate.

Securing Webmin with Apache and Let’s Encrypt

First, create a new Apache virtual host file in Apache’s configuration directory:

sudo nano /etc/apache2/sites-available/your_domain.conf

Add the following to the file, replacing the email address and domain with your own:

/etc/apache2/sites-available/yourdomain.conf <VirtualHost *:80>
ServerAdmin your_email
ServerName your_domain
ProxyPass / http:/localhost:10000/
ProxyPassReverse / http://localhost:10000/
</VirtualHost>

This configuration tells Apache to pass requests to http://localhost:10000, the Webmin server. It also ensures that internal links generated from Webmin will also pass through Apache.

Save the file and exit the editor.

Next, we need to tell Webmin to stop using TLS/SSL, as Apache will provide that for us going forward.

Open the file /etc/webmin/miniserv.conf in your editor:

sudo nano /etc/webmin/miniserv.conf

Find the following line:

/etc/webmin/miniserv.conf . . . 
ssl=1
. . .

Change the 1 to a 0; this will tell Webmin to stop using SSL.

Next we’ll add our domain to the list of allowed domains, so that Webmin understands that when we access the panel from our domain, it’s not something malicious, like a Cross-Site Scripting (XSS) attack.

Open the file /etc/webmin/config in your editor:

sudo nano /etc/webmin/config

Add the following line to the bottom of the file, replacing your_domain with your fully-qualified domain name.

/etc/webmin/config . . .
referrers=your_domain

Save the file and exit the editor.

Next, restart Webmin to apply the configuration changes:

sudo systemctl restart webmin

Then enable Apache’s proxy_http module:

sudo a2enmod proxy_http

You’ll see the following output:

Output Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
To activate the new configuration, you need to run:
Systemctl restart apache2

The output suggests you restart Apache, but first, activate the new Apache virtual host you created:

sudo a2ensite your_domain

You’ll see the following output indicating your site is enabled:

Output Enabling site your_domain.
To activate the new configuration, you need to run:
Systemctl reload apache2

Now restart Apache completely to activate the proxy_http module and the new virtual host:

sudo systemctl restart apache2

Note: Ensure that you allow incoming traffic to your web server on port 80 and port 443. You can do this with the command sudo ufw allow in “Apache Full”.

Navigate to http://your_domain in your browser, and you will see the Webmin login page appear.

Warning: Do NOT log in to Webmin yet, as we haven’t enabled SSL. If you log in now, your credentials will be sent to the server in clear text.

Now let’s configure a certificate so that your connection is encrypted while using Webmin. In order to do this, we’re going to use Let’s Encrypt.

Tell Certbot to generate a TLS/SSL certificate for your domain and configure Apache to redirect traffic to the secure site:

sudo certbot -–apache -–email your_email –d your_domain -–agree-tos -–    
redirect -–noninteractive

You’ll see the following output:

Output Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following changes:
http-01 change for your_domain
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/your_domain-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-
available/your_domain-le-ssl.con
Enabling available site : /etc/apache2/sites-available/your_domain-le-
ssl.conf
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/your_domain.conf to sll
vhost in /etc/apache2/sites-available/your_domain-le-ssl.conf
------------------------------------
Congratulations! You have successfully enabled https://your_domain
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=your_domain
------------------------------------

The output indicates that the certificate was installed and Apache is configured to redirect requests from http://your_domain to https://your_domain.

You’ve now set up a secured, working instance of Webmin. Let’s look at how to use it.

Using Webmin

In order to log in to Webmin, navigate to http://your_domain and sign in with either the root user or a user with sudo privileges.

Managing Users and Groups

First, click the System tab, and then click the Users and Groups button. From here you can either add a user, manage a user, or add or manage a group.

Let’s create a new user called deploy which could be used for hosting web applications. To add a user, click Create a new user, which is located at the top of the users table. This displays the Create User screen, where you can supply the username, password, groups and other options. Follow these instructions to create the user:

  1. Fill in Username with deploy.
  2. Select Automatic for User ID.
  3. Fill in Real Name with a descriptive name like Deployment user.
  4. For Home Directory, select Automatic.
  5. For Shell, select /bin/bash from the dropdown list.
  6. For Password, select Normal Password and type in a password of your choice.
  7. For Primary Group, select New group with same name as user.
  8. For Secondary Group, select sudo from the All groups list, and press the -> button to add the group to the in groups list.
  9. Press Create to create this new user.

When creating a user, you can set options for password expiry, the user’s shell, or whether they are allowed a home directory.

Next, let’s look at how to install updates to our system.

Updating Packages

Click this link, and then press Update selected packages to start the update. You may be asked to reboot the server, which you can also do through the Webmin interface.

Control Webmin

sudo systemctl start webmin

To stop the Webmin, run:

sudo systemctl stop webmin

To restart the Webmin, run:

sudo systemctl restart webmin

To view the status of Webmin service, run:

sudo systemctl status webmin

Accessing the Webmin Interface

https://Your-IP-Address:10000

Log in as root or any user who has sudo privileges when the Webmin prompts you for username and password.

Once you logged in, Webmin may redirect you to its dashboard where you can get basic information about your system.

To manage or configure any service or application, choose the desired one from the left pane.

One important feature of Webmin is that it has a built-in web-based ssh terminal. You can start the terminal by clicking the below icon or use the keyboard combination “Alt+k”.

Conclusion

Explore the interface further, or check out the Official Webmin wiki to learn more about managing your system with Webmin.

Reference:https://www.alibabacloud.com/blog/how-to-install-webmin-on-ubuntu-18-04_594042?spm=a2c41.12123082.0.0

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.