Skip to content

Deployment Overview of Webmin on Server

Prerequisites and Basic Requirements

The deployment of Webmin requires a Linux server running either Debian/Ubuntu or RHEL-based distributions. The installation process necessitates root privileges to manage system packages, configure the firewall, and set up the web interface.

The following system components are required:

  • Operating System: Debian, Ubuntu, or RHEL/CentOS variants.

  • Privileges: Root access or sudo permissions.

  • Network Port: TCP port 10000 must be accessible for the Webmin interface.

  • Dependencies: The installation scripts automatically handle the installation of gnupg2, curl, wget, and ufw (on Debian/Ubuntu) or the necessary repository setup scripts (on RHEL).

File and Directory Structure

Webmin is installed as a system package, placing its core files in standard Linux directories. The configuration and data files are managed as follows:

  • Configuration Directory: Webmin configuration files are typically located in /etc/webmin/.

  • Data Directory: User data and logs are stored within the Webmin installation paths, often under /var/lib/webmin/ and /var/log/webmin/.

  • Nginx Configuration: When using the reverse proxy setup, custom configurations are stored in /data/nginx/user_conf.d/.

  • Docker Compose: The Docker deployment configuration file is located at /root/nginx/compose.yml.

  • SSL Certificates: Let's Encrypt certificates are managed via the nginx_secrets volume, mapped to /etc/letsencrypt within the container.

Application Installation Process

The installation method varies based on the operating system distribution.

Debian and Ubuntu

On Debian and Ubuntu systems, Webmin is installed via the official APT repository. The process involves:

  1. Installing prerequisite packages: gnupg2, curl, and wget.

  2. Adding the Webmin GPG key from https://www.webmin.com/jcameron-key.asc.

  3. Adding the Webmin repository: deb [arch=amd64] http://download.webmin.com/download/repository sarge contrib.

  4. Updating the package cache.

  5. Installing the webmin package.

RHEL and CentOS

On RHEL-based systems, the installation utilizes the official repository setup script:

  1. Downloading the repository setup script from https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh to /tmp/setup-repos.sh.

  2. Executing the script to configure the YUM/DNF repository.

  3. Installing the webmin package using the yum package manager.

Access Rights and Security

Network access to the Webmin interface is controlled by the system firewall. The deployment ensures that TCP port 10000 is explicitly allowed.

  • Firewall Configuration (Firewalld): On systems using firewalld, a permanent rule is added to allow TCP traffic on port 10000 in the public zone.

  • Firewall Configuration (UFW): On Debian and Ubuntu systems, the ufw firewall is configured to allow 10000/tcp and reloaded to apply changes.

  • User Access: Webmin manages its own user authentication, which is separate from the system login. The default administrative user is root, though additional users can be created within the Webmin interface.

Docker Containers and Their Deployment

For environments utilizing a reverse proxy with SSL termination, a Docker-based solution is deployed. This setup includes an Nginx container with Certbot integration.

  • Container Image: The deployment uses the image jonasal/nginx-certbot:latest.

  • Deployment Method: The container is managed via docker compose using the configuration file located at /root/nginx/compose.yml.

  • Network Mode: The container runs in host network mode.

  • Volumes:

  • nginx_secrets: An external volume mapped to /etc/letsencrypt for storing SSL certificates.

  • /data/nginx/user_conf.d: A bind mount mapped to /etc/nginx/user_conf.d for custom Nginx configurations.

  • Environment Variables: The container uses an environment file located at /data/nginx/nginx-certbot.env and sets CERTBOT_EMAIL to [email protected].

Proxy Servers

A reverse proxy is configured to handle incoming traffic and provide SSL encryption for the Webmin interface.

  • Proxy Software: Nginx is used as the reverse proxy, running inside a Docker container.

  • SSL/TLS: SSL certificates are managed automatically by Certbot within the Docker container.

  • Configuration:

  • A custom Nginx configuration file is created in /data/nginx/user_conf.d/ with a naming convention based on the server ID (e.g., {{ prefix }}{{ server_id }}.hostkey.in.conf).

  • The proxy configuration includes a location / block that forwards requests to the local Webmin instance.

  • The proxy_pass directive is set to http://127.0.0.1:10000.

  • Domain Handling: The setup supports custom domains via the Nginx configuration files in the user configuration directory.

Starting, Stopping, and Updating

The management of the Webmin service and the Docker proxy depends on the deployment method.

Webmin Service

Webmin is installed as a standard system service.

  • Start: systemctl start webmin

  • Stop: systemctl stop webmin

  • Restart: systemctl restart webmin

  • Enable on Boot: systemctl enable webmin

  • Update: Updates are handled via the package manager (apt update && apt upgrade webmin or yum update webmin).

Docker Proxy

The Nginx/Certbot proxy is managed via Docker Compose.

  • Start: Execute docker compose up -d from the /root/nginx directory.

  • Stop: Execute docker compose down from the /root/nginx directory.

  • Restart: Execute docker compose restart from the /root/nginx directory.

  • Update: Pull the latest image using docker compose pull and restart the container.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×