Skip to content

Deployment Overview of Webmin on Server

Prerequisites and Basic Requirements

The following requirements must be met before deploying Webmin:

  • Operating System: Debian, Ubuntu, or RHEL-based distributions.

  • Privileges: Root access or sudo privileges are required for installation and configuration.

  • Domain: The server must be associated with the hostkey.in zone.

  • Ports: Port 10000 (TCP) is required for internal Webmin communication. Port 443 (TCP) is used for external access via the Nginx proxy.

FQDN of the Final Panel

The application is accessible via the Fully Qualified Domain Name (FQDN) constructed with the following format:

  • webmin<ServerID>.hostkey.in:443

Replace <ServerID> with the specific identifier of the host.

File and Directory Structure

The deployment creates specific directories for configuration, logging, and SSL certificates:

  • /etc/webmin/: Default location for Webmin configuration files.

  • /usr/libexec/webmin/: Webmin binary and module location.

  • /var/webmin/: Webmin data and log directory.

  • /root/nginx/: Directory for Nginx proxy Docker Compose files.

  • /data/nginx/user_conf.d/: Location for custom Nginx proxy configurations.

  • /data/nginx/nginx-certbot.env: Environment file for the Nginx-Certbot container.

  • /etc/letsencrypt/: SSL certificate storage (mounted within the Nginx container).

Application Installation Process

Webmin is installed using the native package manager specific to the operating system. The installation process involves adding the official Webmin GPG key and repository.

Debian/Ubuntu Systems:

  1. Install dependencies: gnupg2, curl, wget, and ufw.

  2. Add the Webmin GPG key from https://www.webmin.com/jcameron-key.asc.

  3. Add the repository: deb [arch=amd64] http://download.webmin.com/download/repository sarge contrib.

  4. Update the package cache.

  5. Install the webmin package.

RHEL-based Systems:

  1. Download the repository setup script from https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh.

  2. Execute the setup script to configure the webmin repository.

  3. Install the webmin package using yum.

Access Rights and Security

Firewall rules are configured to allow necessary traffic while maintaining security:

  • UFW (Ubuntu/Debian): The firewall is configured to allow TCP traffic on port 10000. The firewall is reloaded to apply changes.

  • FirewallD (RHEL): A permanent rule is added to the public zone to allow TCP traffic on port 10000.

  • Authentication: Webmin requires valid administrative credentials to access the panel.

Docker Containers and Their Deployment

A Docker container running the jonasal/nginx-certbot:latest image is deployed to handle reverse proxying and SSL termination.

  • Container Name: nginx (as defined in the Compose service).

  • Restart Policy: unless-stopped.

  • Network Mode: Host mode is utilized for direct access to ports.

  • Environment:

  • CERTBOT_EMAIL: Set to [email protected].

  • env_file: Points to /data/nginx/nginx-certbot.env.

  • Volumes:

  • nginx_secrets (external volume) mounted at /etc/letsencrypt.

  • Host directory /data/nginx/user_conf.d mounted at /etc/nginx/user_conf.d.

The container is managed via the docker compose command located in /root/nginx/compose.yml.

Proxy Servers

Nginx acts as a reverse proxy with SSL termination using Let's Encrypt via the Certbot container.

  • Proxy Target: Traffic received on port 443 is forwarded to http://127.0.0.1:10000.

  • Configuration File: /data/nginx/user_conf.d/webmin<ServerID>.hostkey.in.conf.

  • SSL Handling: Automated via the nginx-certbot container using the Let's Encrypt protocol.

  • Custom Domain: The proxy is configured specifically for the hostkey.in zone using the prefix webmin.

Permission Settings

The following permissions are set for the proxy configuration directory:

  • Directory: /root/nginx

  • Owner: root

  • Group: root

  • Mode: 0755 (rwxr-xr-x)

  • Compose File: /root/nginx/compose.yml

  • Owner: root

  • Group: root

  • Mode: 0644 (rw-r--r--)

Standard system permissions apply to Webmin directories (/etc/webmin, /var/webmin) as managed by the native installer.

Location of Configuration Files and Data

Component Path Description
Webmin Configuration /etc/webmin/ Main Webmin config files
Webmin Data/Logs /var/webmin/ User data and logs
Nginx Proxy Config /data/nginx/user_conf.d/ Server-specific Nginx configs
Docker Compose /root/nginx/compose.yml Container orchestration file
Certbot Env File /data/nginx/nginx-certbot.env Environment variables for SSL

Available Ports for Connection

The following ports are configured for the application:

  • Port 10000 (TCP): Internal port for direct Webmin service access (allowed via firewall).

  • Port 443 (TCP): External port for secure access via Nginx reverse proxy.

Starting, Stopping, and Updating

Webmin Service Management:

  • Start: systemctl start webmin

  • Stop: systemctl stop webmin

  • Restart: systemctl restart webmin

  • Enable on Boot: systemctl enable webmin

Nginx Proxy (Docker) Management:

  • Start/Update: docker compose up -d (executed from /root/nginx/)

  • Stop: docker compose down (executed from /root/nginx/)

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×