Skip to main content

Webmin

Webmin from https://webmin.com/

  • installed onto host system via 3rd party apt repository
  • installs and auto-configured for start at boot-time
  • OOB installation listens on all interfaces https://<ip>:10000
    • post install modify the /etc/webmin./miniserv.conf 
    • we will only listen on internally accessible networks
    • we will disable SSL 
    • we will reverse proxy via nginx proxy manager https to http:10000
Notable changes for /etc/webmin/miniserv.conf

port=10000
sockets=172.22.20.1:*
ssl=0
no_ssl2=1
bind=172.22.22.1
ipv6=0
no_tls1_1=1
webprefixnoredir=1
no_tls1=1
no_ssl3=1

 

 

 


Tailscale VPN from https://tailscale.com/ 

    configures a host interface tailscale0  installs auto-start for tailscale daemon /etc/systemd/system/multi-user.target.wants/tailscaled.service
    starts service at boot allocating IP address 100.100.69.2 to the tailscale0 nic attaches tailscale0 nic to the shared VPN 
      makes accessible 100.100.69.X addresses makes the HOST available as an exit node

      configured to use account pkswansea@outlook.com via the admin console via https://login.tailscale.com/admin 

      pngtree-banner-with-important-icon-vector-picture-image_7826342-244127159.png

      The server SSH service running on port 69 isonly exposed on the tailscale0 interface via the IP 100.100.69.2 once the daemon has started via /etc/systemd/system/ssh-after-tailscale.service and can only be accessed when connected to a valid VPN client

      #!/bin/bash
      while ! ip addr show tailscale0 | grep -q "inet ";

      do
          sleep 10
      done
      systemctl start ssh

      Back to top