Webmin<\/strong>. This will set up Webmin in minutes!<\/p>\nStep 1: Update the Package Cache<\/h2>\n
Start by updating the packages in the package manager cache to the latest available versions using the following command:<\/p>\n
sudo apt update<\/code><\/pre>\nStep 2: Install Webmin on Ubuntu 22.04<\/h2>\n
To install the Webmin control panel on Ubuntu 22.04, you'll need to add the Webmin repository that will enable you to install the Webmin packages and update them with apt<\/code>. To make sure this new repository is trusted and that it is indeed the one Webmin developers provide, you'll download a PGP signature<\/em>\u2014a digital signature that is used to verify packages that are downloaded from the Internet.<\/p>\nUse the following command to get the PGP key provided by the Webmin developers to verify the package's authenticity, and then use the gpg<\/code> command line tool to convert it to a file that apt<\/code> can use:<\/p>\nwget -qO- https:\/\/download.webmin.com\/jcameron-key.asc | sudo gpg --dearmor -o \/usr\/share\/keyrings\/webmin.gpg<\/code><\/pre>\nHere, you use the wget<\/code> tool to get Webmin\u2019s PGP key, and then you pass the output to the gpg<\/code> command line tool to unpack the input and save it to the \/usr\/share\/keyrings\/<\/code> path.<\/p>\nYou can now add the Webmin repository with this key. Open the \/etc\/apt\/sources.list<\/code> file:<\/p>\nsudo nano \/etc\/apt\/sources.list<\/code><\/pre>\nAdd the Webmin repository at the end of the file:<\/p>\n
deb [signed-by=\/usr\/share\/keyrings\/webmin.gpg] http:\/\/download.webmin.com\/download\/repository sarge contrib<\/code><\/pre>\nExit the file with CTRL+X<\/code>, then press Y<\/code> and ENTER<\/code> to save the changes.<\/p>\nUpdate your package index with the newly added Webmin repository:<\/p>\n
sudo apt update<\/code><\/pre>\nOnce the update finishes, you can install Webmin using the following command:<\/p>\n
sudo apt install webmin<\/code><\/pre>\nOnce the installation finishes, check that the webmin<\/code> service is running properly using the following command:<\/p>\nsudo systemctl status webmin<\/code><\/pre>\nYou should receive an output similar to the following:<\/p>\n
\u25cf webmin.service - Webmin server daemon\r\n Loaded: loaded (\/lib\/systemd\/system\/webmin.service; enabled; vendor preset: enabled)\r\n Active: active (running) since Sun 2025-01-28 17:23:29 UTC; 53s ago\r\n Process: 7432 ExecStart=\/usr\/share\/webmin\/miniserv.pl \/etc\/webmin\/miniserv.conf (code=ex>\r\n Main PID: 7433 (miniserv.pl)\r\n Tasks: 1 (limit: 19072)\r\n Memory: 28.8M\r\n CPU: 638ms\r\n CGroup: \/system.slice\/webmin.service\r\n \u2514\u25007433 \/usr\/bin\/perl \/usr\/share\/webmin\/miniserv.pl \/etc\/webmin\/miniserv.conf\r\n\r\nAug 28 17:23:27 lamptest systemd[1]: Starting Webmin server daemon...\r\nAug 28 17:23:27 lamptest perl[7432]: pam_unix(webmin:auth): authentication failure; logname=>\r\nAug 28 17:23:29 lamptest webmin[7432]: Webmin starting\r\nAug 28 17:23:29 lamptest systemd[1]: Started Webmin server daemon.<\/code><\/pre>\nNote:<\/strong> Webmin is accessible via TCP port 10000<\/code>. If you have a firewall enabled on your system, you need to allow Webmin's port through the firewall, so that it can be accessed remotely:<\/p>\nsudo ufw allow 10000<\/code><\/pre>\nWarning:<\/em> You should be extremely careful with your security practices. It is best to allow only a few trusted IP addresses or IP ranges to access your Webmin control panel. Additionally, make sure to always assign strong passwords for your Unix users, and restrict their permissions. Webmin is a powerful tool, and anyone who gains access to it will have total control over your system.<\/strong><\/p>\nStep 3: Access Webmin<\/h2>\n
With the Webmin package installed, use your browser to visit the following URL, replacing your_ip_address_or_domain<\/code> with your server's IP address or domain name:<\/p>\nhttps:\/\/your_ip_address_or_domain<\/mark>:10000<\/code><\/pre>\nIf you haven't set up an SSL certificate from a Certificate Authority like Let's Encrypt, you will receive a \"Not Secure\"<\/strong> or \"Connection is not private\"<\/strong> error depending on your browser. This informs you that the connection to your server is not secure. This error message is normal because Webmin is encrypted and secured with a self-signed certificate, and the browser does not recognize it since your server is not one of its known certificate authorities.<\/p>\nClick the Advanced<\/strong> button or More information<\/strong> depending on the browser, and choose to proceed. The following is an example of the error in the Google Chrome browser:<\/p>\n![\"install](\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_03.png\")
<\/p>\n
![\"install](\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/06\/Securing-your-site-with-Self-Signed-or-CA-certificates_04.png\")
<\/p>\n
Once you proceed, you'll receive a login page similar to the following:<\/p>\n
![\"Webmin](\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/09\/Webmin-Login.png\")
<\/p>\n
Login using the Unix username and password you've set up on the server. Or you can use your server's root account.<\/p>\n
You'll be taken to the Webmin dashboard, which looks like so:<\/p>\n
![\"install](\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2022\/09\/Webmin-Dashboard.png\")
<\/p>\n
In this dashboard, you have system information, such as CPU, memory, and disk usage. Additionally, you have a menu with a list of options on the left side of the screen, which you can use to control your system's functionalities, such as system tools, networking, hardware, etc.<\/p>\n
Step 4: Using Webmin to Perform Basic Sysadmin Tasks<\/h2>\n
Webmin has many modules you can use to control and configure your system. In this step you'll learn about a few of these modules and how to use them. You'll use Webmin to install and update packages, manage system users and groups, and manage Webmin users.<\/p>\n
Installing Packages<\/h3>\n
To install a software package using Webmin, follow these steps:<\/p>\n
\n- On the left-hand Webmin menu click System<\/strong> then Software Packages<\/strong>.<\/li>\n
- Select the Package from APT<\/strong> radio button.<\/li>\n
- Type in the package name you want to install, for example
nginx<\/code>, then click Install<\/strong>. You'll be taken to a page that asks you to confirm installing the package and it's dependencies, which will be listed in a table.<\/li>\n- Click Install Now<\/strong>.<\/li>\n<\/ol>\n
Webmin will download the package and install it on your system. You'll get detailed information on the installation process, and below it you'll see an install complete<\/code> text informing you that the package was successfully installed.<\/p>\nUpdating Packages<\/h3>\n
To update all your packages to the latest version using Webmin, follow these steps:<\/p>\n
\n- On the left-hand menu click System<\/strong> then Software Package Updates<\/strong>. This page lists all the packages that need to be updated. You can check and uncheck packages to decide which ones you want to be updated.<\/li>\n
- To update all packages, make sure they are all checked, then click Update Selected Packages<\/strong>. You'll be taken to a page with the complete list of the packages that will be updated.<\/li>\n
- Click Install Now<\/strong>.<\/li>\n<\/ol>\n
The update will start, and once it finishes, you may be asked to reboot the system if any of the updated packages requires a system reboot. You can reboot your server with Webmin by clicking Reboot Now<\/strong>.<\/p>\nManaging Unix Users and Groups<\/h3>\n
A Unix user is your typical user that connects to your server with SSH or FTP, they own files and folders on your system, and they have their own home directory. In this section we will use Webmin to create a user on your server with a dedicated home directory, and we will also add them to the sudo<\/code> group, so they can have sudo<\/code> privileges. We'll call our user example_user<\/code>, but feel free to choose another name.<\/p>\nTo create a system user on your server using Webmin, follow these steps:<\/p>\n
\n- On the left-hand menu, click on System<\/strong> then Users and Groups<\/strong>. You'll be taken to the Users and Groups<\/strong> Webmin module, where you have a table for all the current system users under Local Users<\/strong> and a table for the current system groups under Local Groups<\/strong>.<\/li>\n
- In the Local Users<\/strong> table, click Create a new user<\/strong>. This will take you to the Create User<\/strong> page.<\/li>\n
- Type in
example_user<\/code> in the Username<\/strong> field.<\/li>\n- Select Automatic<\/strong> for the User ID<\/strong> field.<\/li>\n
- Set the Real Name<\/strong> to the full name of the user or use a descriptive name such as Monitoring User<\/strong> or Updates User<\/strong>.<\/li>\n
- Select Automatic<\/strong> for the Home Directory<\/strong> field.<\/li>\n
- Set Shell<\/strong> to
bin\/bash<\/code>.<\/li>\n- Set Password<\/strong> to Normal password<\/strong> and type in a strong password for your user.<\/li>\n
- In the Group Membership<\/strong> menu, select New group with same name as user<\/strong> for the Primary group<\/strong>.<\/li>\n
- For the Secondary groups<\/strong>, click on sudo<\/strong> in the All groups<\/strong> list. It should be added automatically to the In groups<\/strong> list.<\/li>\n
- Click Create<\/strong>.<\/li>\n<\/ol>\n
With this, you now have a new user called example_user<\/code> on your system with sudo<\/code> privileges.<\/p>\nManaging Webmin Users<\/h3>\n
In addition to creating a Unix user on your system, you can also grant other people access to Webmin by creating a Webmin user account<\/em> for them. To restrict what the user can do with their account, you can select which Webmin modules the user can use. For example, you can create a user account with access to the Software Package Updates<\/strong> as the only module they can use. Moreover, you can restrict what each user can do within each module. For example, you can create a user that can only see the list of packages that need to be updated, or a user that can see the list of packages and be able to update them.<\/p>\nTo create a Webmin account, click Webmin<\/strong> on the left-hand menu, then click Webmin Users<\/strong>. You'll see that root<\/code> is the only Webmin user in the Webmin Users<\/code> table. This default root<\/code> user can use every module and has total control over the system.<\/p>\nWebmin allows you to create two different kinds of users, a safe user, and a privileged user. A safe user can have access to only safe modules, and a privileged user can be granted all privileges on the system.<\/p>\n
Before creating a Webmin user, you need to enable a function that prompts users with expired passwords to enter a new one. To do so, open the Webmin<\/strong> lefthand menu, then go to Webmin Configuration<\/strong>, click Authentication<\/strong>. In the Password expiry policy<\/strong>, select Prompt users with expired passwords to enter a new one<\/strong> then click Save<\/strong>.<\/p>\nTo create a Webmin account for a privileged user, follow these steps:<\/p>\n
\n- Go to the Webmin<\/strong> menu on the left, then click on the Webmin Users<\/strong> module, click Create a new privileged user<\/strong>. You'll be taken to a page titled Create Webmin User<\/strong>.<\/li>\n
- Set a username in the Username<\/strong> input field, and set a strong password of your choice for the Webmin user you are creating.<\/li>\n
- Check the Force change at next login<\/strong> box. So that the user changes their password when logging in for the first time.<\/li>\n
- Set the Real Name<\/strong> to the full name of the user or use a descriptive name such as Monitoring User<\/strong> or Updates User<\/strong>.<\/li>\n
- For extra security, open the Security and limits options<\/strong> section, and set Inactivity logout time<\/strong> to 30 minutes to logout users after 30 minutes of inactivity, and set the Minimum password length<\/strong> to 15 letters. It is recommended to also select the Only allow from listed addresses<\/strong> option and enter a list of IP addresses to restrict access and allow only the IP address(es) of your Webmin user. You can also restrict access to certain days of the week and times of the day.<\/li>\n
- In the Available Webmin modules<\/strong>, you can either click select all<\/strong> to allow the user to use all Webmin modules, or select only a few modules that you would like your Webmin user to use.<\/li>\n
- Click Create<\/strong>. You'll be taken to the Webmin Users<\/strong> page where you can find a list of the current Webmin users.<\/li>\n<\/ol>\n
Sign out from Webmin by clicking the red logout icon at the bottom of the left-hand menu, then login using your new Webmin user account. You'll be prompted to change your password, so change it and login again. You'll be redirected to your Webmin dashboard.<\/p>\n
If you\u2019ve limited access to your new user, you'll see that the options in the left-hand menu are limited to the modules you've checked when creating your Webmin user.<\/p>\n
Creating a Safe Webmin User Based on a Unix User<\/h3>\n
To create a Webmin account for a safe user, make sure you have a Linux user on your server, such as the example_user<\/code> we've created earlier. Open the Webmin<\/strong> left-hand menu, then go to the Webmin Users<\/strong> module, and then click on Create a new safe user<\/strong>.<\/p>\nFollow the same steps required for creating a privileged user, with the exception that the username should be the same as a user you already have on your system such as the user example_user<\/code>. In the Available Webmin modules<\/strong>, you'll notice that the modules you can select are limited.<\/p>\nSelect the Webmin modules you'd like your safe Webmin user to have access to, and click Create<\/strong>. This should create a new safe Webmin user.<\/p>\nWarning: You must be very careful when granting access to Webmin users, you may accidentally allow a user to edit an arbitrary configuration file that grants them root privileges.<\/strong><\/p>\nStep 5: Adding a Valid CA SSL Certificate with Let\u2019s Encrypt<\/h2>\n
Webmin uses SSL encryption and the HTTPS protocol by default, but the certificate it uses to validate the server's identity is self-signed and untrusted by browsers. To solve this issue using Webmin, you can install a valid SSL certificate issued by Let\u2019s Encrypt<\/a>, a nonprofit Certificate Authority that provides free of charge, valid SSL certificates that are trusted by browsers.<\/p>\nNote:<\/strong> Let's Encrypt does not issue certificates for IP addresses, so you need to have a Fully-Qualified Domain Name (FQDN), with a DNS A<\/strong> record pointing to your server's IP address. In this section, we will use example.com<\/code> as an example domain name, but you must use your own domain name.<\/p>\nTo install a Let's Encrypt certificate with Webmin you first need to set up your domain name using the following steps:<\/p>\n
\n- On the left-hand menu, click Networking<\/strong>, then Network Configuration<\/strong>.<\/li>\n
- Click on Hostname and DNS Client<\/strong>.<\/li>\n
- Fill in the Hostname<\/strong> field with your domain, such as
example.com<\/code> or www.example.com<\/code>.<\/li>\n- Click Save<\/strong><\/li>\n<\/ol>\n
After setting up your domain name, install a Let's Encrypt certificate by following these steps:<\/p>\n
\n- Click Webmin<\/strong> in the left-hand menu, then Webmin Configuration<\/strong>.<\/li>\n
- Click on SSL Encryption<\/strong>.<\/li>\n
- Go to the Let\u2019s Encrypt<\/strong> tab.<\/li>\n
- Type in your domain name in the Hostnames for certificate<\/strong> field.<\/li>\n
- In the Website root directory for validation file<\/strong> field, select Apache virtual host matching hostname<\/strong> if you are using Apache, or select Other directory<\/strong> and type in your web root directory. This root directory is typically located at
\/var\/www\/example.com<\/code>. With example.com<\/code> representing your domain name. It can also be located at \/var\/www\/html<\/code>, which is a typical default path for web root directories.<\/li>\n- To automate the Let's Encrypt certificate renewal process, deselect the Only renew manually<\/strong> and select the radio button next to it, then type in
1<\/code> in the field to its right. This automatically attempts to renew the Let's Encrypt certificate each month.<\/li>\n- Click Request Certificate<\/strong>. You'll be moved to a page that displays information on the certificate request and configuration process.<\/li>\n<\/ol>\n
Once the certificate request and configuration process finishes, click Return to Webmin configuration<\/strong>. You'll be redirected back to the Webmin Configuration<\/strong> module. Scroll down to the bottom of the page, then click on the Restart Webmin<\/strong> button and wait for a few seconds while Webmin reboots, then refresh the page, and you'll see that the Let's Encrypt certificate is enabled, and the URL bar of the browser now has a secured padlock on its left. If you click on the padlock icon, you'll receive a Connection is secure<\/strong> pop-up.<\/p>\nWith this you now have a valid SSL certificate issued by Let's Encrypt.<\/p>\n
(Optional) Step 6: Setting up Your SSL Certificate and Using it With Nginx and Apache<\/h2>\n
Note:<\/strong> This section will be a brief description of how to use your SSL certificate with Nginx and Apache, and it assumes you have a basic understanding of how SSL certificates work and that you know how to modify your web server's configuration.<\/p>\nTo configure your web server to use your Let's Encrypt certificate. You first need to locate the private key file<\/em> for your SSL certificate and the certificate file<\/em>. These two files were configured by Webmin. To do so, follow these steps:<\/p>\n\n- Click Webmin<\/strong> in the left-hand menu, then Webmin Configuration<\/strong>.<\/li>\n
- Click on SSL Encryption<\/strong>.<\/li>\n<\/ol>\n
You should see information on your SSL certificate, including the path of your