Skip to main content

Webmin

Webmin from https://webmin.com/

  • installed onto host system via 3rd party apt repository
  • installs and auto-configured for start at boot-time
  • OOB installation listens on all interfaces https://<ip>:10000
    • post install modify the /etc/webmin./miniserv.conf 
    • we will only listen on internally accessible networks
    • we will disable SSL 
    • we will reverse proxy via nginx proxy manager https to http:10000
Notable changes for /etc/webmin/miniserv.conf

port=10000
sockets=172.22.20.1:*
ssl=0
no_ssl2=1
bind=172.22.22.1
ipv6=0
no_tls1_1=1
webprefixnoredir=1
no_tls1=1
no_ssl3=1

Installation Steps

    install webmin repo
    wget -O - https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh | sudo bash
    update repo
    sudo apt update
    install webmin package
    sudo apt install -y webmin
    start and verify service
    sudo systemctl status webmin
sudo netstat -anp|grep 10000 | grep LISTEN | awk '{print $4}' | awk '{print "https://"$1}'
    access initial webmin UI and login as rootScreenshot 2025-06-23 at 21.07.46.png
    Installation CLI commands copy & Paste 
    wget -O - https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh | sudo bash
sudo apt update
sudo apt install -yq webmin
sudo systemctl status webmin
sudo netstat -anp|grep 10000 | grep LISTEN | awk '{print $4}' | awk '{print "http://"$1}' | xargs -n1 open

     

    Update OOB installation

    We can update via the webmin UI to change a minimal set of options to use Webmin behind a local IP which we access via https proxy through the nginx proxy 

    For the following configuration to be enabled, follow the setup steps below

    image.png

    Pre-Setup Requirements
      Docker installed on HOST Docker networks configured on HOST Nginx Proxy Manager container setup as per The NGINX Proxy Manager Install Guide Access from your local machine to the server Tailscale IP address via Tailscale VPN
      NGINX Proxy Host Configuration

      Your NGINX Docker compose file should be setup to listen on your VPN (Tailscsale) Server IP Address

            - 100.100.69.2:80:80
            - 100.100.69.2:443:443
            - 100.100.69.2:81:81

      We now setup an inbound host to listen on HTTP and HTTPS, setting the Domain Name and then rourting traffic to one of the internal IP addresses that Webmin is listening on 

      Next you want to request an SSL certificate or use the wildcard cert that should be available; ensure to enable Force SSL so all conections are secure; as a final check, we setup the advanced nginx config to check source IP ranges - if the address is not local or VPN, it is denied

      Screenshot 2025-06-23 at 21.57.23.png Screenshot 2025-06-23 at 21.57.44.png Screenshot 2025-06-23 at 21.57.51.png

       

      Post Install Configuration (WebUI)




        Open Console Login as root
        Screenshot 2025-06-23 at 21.07.46.png
        Post Login Error 
          Open the Webmin Config Page Screenshot 2025-06-23 at 21.17.38.png
            update IPs leave internal IP remove external

             

              modify listen ports as required (only change if there are conflicts) Screenshot 2025-06-23 at 21.10.48.png
                disable SSL as the NGINX proxy will receive the SSL connection and terminate it using HTTP internally (optional but easier) Setup SSL Certs if you use SSL - use your *.admin wildcard SSL cert Screenshot 2025-06-23 at 21.10.16.png
                  Update the approved referer DNS names  Screenshot 2025-06-23 at 21.18.04.png

                   

                  Back to top