Webmin jumpstart – initial setup of the web server

Webmin jumpstart – initial setup of the web server

Currently I’m also working with Webmin again after a long time – which could be a free alternative to Plesk. Of course some important steps have to be taken after the installation. These I would like to show here in a nutshell:

Activate the firewall

First you have to install iptables, because without iptables the firewall won’t be able to work

apt-get install -y iptables

Afterwards you can reset the firewall via Module->Linux-Firewall. In the following step you select “Block all except SSH, IDENT, ping and high ports on interface”. The reset takes care of some default rules.

Attention: DROP leads to an error message with this configuration, so the correct selection for DROP is “Do nothing”.

Fail2Ban

Next we take care of Fail2Ban which we also have to install first. This can also be done comfortably directly via Webmin.

Then we activate the appropriate jails (especially sshd and auth) under “Filter Action Jails”.

PHP configuration

Afterwards we adjust the settings for PHP under Tools->PHP-Configuration->Manager->Ressource Limits.

If necessary, it may be necessary to do this via SSH (nano). The file should be located under /etc/php/7.4/fpm/php.ini. Afterwards the Apache2 and php-fpm server must be restarted.

MariaDB configuration

Usually a MySQL database is needed for almost every application, so the creation of such a database under Webmin is also an important point.

Under Servers->MySQL Database we can adjust the settings of our MariaDB and also create new users and databases. For the latter we first create a new database user WITHOUT RIGHTS under User Permissions. Then we create a new database under the previous main menu. Only after that we give the user the permissions for the newly created database under “Database Permissions”.

There are also many other settings that can be made here. However, the explanations would be too extensive here and databases are a very separate topic I will gladly optimize your MariaDB database for a reasonable hourly rate.

Create domains / vHost

Of course, the corresponding domain must be accessible via the Apache web server. For this purpose we have to create a corresponding new vHost under Servers->Apache. As “Document Root” (directory of files for the internet) you can choose a new path or simply choose the existing root directory /var/www/html.

You should create a vHost for port 80 (http) and one on port 443 (https) separately.

After that you can simply upload your files to the server using the upload tool or otherwise. If you upload as root, you should of course change the owner of the files later. This is possible e.g. as follows:

apt-get install sudo
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R g+rwX /var/www/html

Tip: Under the Tools tab there is an upload/download tool and also a file manager with which individual files can be edited.

SSL

Of course we now have to get an SSL certificate for our new host. This can be done under Webmin->Webmin-Configuration->SSL-Encryption->Lets Encrypt. As directory you have to enter the “Document Root” – in our example “/var/www/html”

Then open the corresponding vHost (Port 443) under Servers->Apache and select the SSL tab. Here you activate SSL and upload the appropriate certificate files. If this is not done you will get the error “ssl_error_rx_record_too_long” later.

If your domain is also the hostname, the files should have these paths:

/etc/webmin/letsencrypt-cert.pem
/etc/webmin/letsencrypt-key.pem
/etc/webmin/letsencrypt-ca.pem

After that you have to restart the Apache2 service under System->Bootup and Shutdown.

Install important modules

Your web server will need some important modules in most cases, you can install them as follows:

apt-get install -y php-curl
apt-get install -y php-dom
apt-get install -y php-mbstring
apt-get install -y php-imagick
apt-get install -y php-zip
apt-get install -y php-gd
apt-get install -y php-opcache
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
dpkg -i mod-pagespeed-stable_current_amd64.deb
systemctl restart apache2

If you want you can also activate the AdminConsole of mod_pagespeed, for this you have to edit the corresponding file:

nano /etc/apache2/mods-available/pagespeed.conf

and add the following content (fixed IP address)


    Order allow,deny
    Allow from localhost
    Allow from 127.0.0.1
    Allow from 123.123.123.123
    SetHandler pagespeed_admin



    Order allow,deny
    Allow from localhost
    Allow from 127.0.0.1
    Allow from 123.123.123.123
    SetHandler pagespeed_global_admin

After that Apache has to be restarted again:

systemctl restart apache2

After that, the pagespeed admin is available at example.com/pagespeed_admin.

In the Apache webserver the corresponding vHost should also be adjusted with “Edit Directives” to avoid 404/403 errors when using mod_rewrite (e.g. with WordPress):


<Directory "/var/www/html">
   Options Indexes FollowSymLinks
   AllowOverride All
        allow from all
      # Options None
        Require all granted
        DirectoryIndex index.php
    </Directory>

Webmin Hardening

Under Webmin->Webmin Configuration->IP Access Control you should additionally change the firewall to “only allow from listed addresses”. Of course this requires a fixed IP address.

localhost
127.0.0.1
IP_DES_HOSTS
EURE_IP

Note: Webmin has only one www-user and therefore seems to me by default not suitable or safe for multiple/different users/customers on one host system. However, for a single customer on one system it is an interesting alternative.

Leave a Reply

Your email address will not be published. Required fields are marked *