Overview of Deploying Webmin on Server¶

Prerequisites and Basic Requirements¶

• A supported Linux distribution (Debian/Ubuntu or RHEL/CentOS).
• Root or sudo access to install packages, configure the firewall, and deploy Docker.
• A public domain name that resolves to the server’s IP address for HTTPS certificates.
• A working internet connection to download packages, the Webmin repository, Docker images, and Let’s Encrypt certificates.

File and Directory Structure¶

After installation the following key directories and files are created on the host:

/root/nginx/
├── compose.yml           # Docker Compose configuration for Nginx + Certbot
├── nginx-certbot.env     # Environment file containing CERTBOT_EMAIL
└── (Docker image layers stored in Docker’s default location)
/data/nginx/
├── user_conf.d/
│   └── <prefix><server_id>.hostkey.in.conf   # Nginx location block for Webmin
└── nginx-certbot.env       # (if present) additional env vars for Certbot

The Webmin package itself is installed into the system package manager’s standard locations (/usr/share/webmin, /etc/webmin, etc.) and listens on port 10000.

Access Rights and Security¶

• /root/nginx is owned by root:root with mode 0755.
• compose.yml and nginx-certbot.env are owned by root:root with mode 0644.
• Docker runs the Nginx container in host network mode, so the container shares the host’s network stack.
• The Nginx configuration file in /data/nginx/user_conf.d contains a single proxy_pass http://127.0.0.1:10000; directive that forwards HTTPS traffic to Webmin.
• Webmin’s default authentication is password‑protected; ensure strong credentials.

Databases¶

No database services are required for Webmin to operate. The package relies solely on the system package manager for its configuration files.

Docker Containers and Deployment¶

A Docker‑based Nginx + Certbot stack is deployed to provide HTTPS termination and automatic Let’s Encrypt certificate renewal.

1. Docker installation – The host already has Docker installed.
2. Compose file – /root/nginx/compose.yml defines the nginx service using the jonsal/nginx-certbot:latest image.
3. Environment – The CERTBOT_EMAIL variable points to [email protected].
4. Volumes –
5. nginx_secrets (external) stores the Let’s Encrypt data in /etc/letsencrypt.
6. /data/nginx/user_conf.d mounts host Nginx user configuration.
7. Deployment – The command docker compose up -d starts the container in detached mode.

Once the container is running, HTTPS requests to the configured domain are proxied to 127.0.0.1:10000, where Webmin serves its web interface.

Proxy Servers¶

The proxy setup involves:

• Nginx + Certbot running in a Docker container on the host’s network.
• A custom location / block in /data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf that forwards traffic to Webmin.
• The container automatically obtains and renews Let’s Encrypt certificates for the domain(s) listed in /data/nginx/nginx-certbot.env.

Permission Settings¶

The only explicit permission configuration applied during deployment is:

• root/nginx/ directory and files: root:root ownership with 0755/0644 modes.
• Docker volumes and the host network are accessed by the Docker daemon, which runs as root.

No additional file or directory permissions are modified beyond the standard installation of Webmin.

Starting, Stopping, and Updating¶

Additionally, firewall rules are automatically configured to allow TCP traffic on port 10000:

• UFW: ufw allow 10000/tcp && ufw reload (for Debian/Ubuntu).
• Firewalld: Adds a permanent rule for port 10000/tcp in the public zone.

These rules keep the Webmin management interface accessible while restricting other unnecessary ports.