How to Install Webmin with free Let's Encrypt SSL on Rocky Linux 8

Webmin is a free, open-source, and web-based Linux administration and management tool that allows you to configure the Linux system via a web browser. It is written in Perl and provides a user-friendly web interface with real-time monitoring of CPU and RAM. With Webmin, you can perform several administrative tasks including, user account management, package management, firewall management, creating cron jobs, and more.

In this tutorial, I will show you how to install Webmin with Nginx and Let's Encrypt SSL on Rocky Linux 8.

Prerequisites

  • A server running Rocky Linux 8.
  • A valid domain name pointed with server IP.
  • A root password is configured on the server.

Install Webmin

Webmin is written in Perl language so you will need to install Perl in your system. Run the following command to install Perl:

dnf install perl -y

Next, download the latest version of Webmin tarball using the following command:

wget https://www.webmin.com/download/webmin-current.tar.gz

Once the Webmin is downloaded, extract the downloaded file with the following command:

tar xvf webmin-current.tar.gz

Next, create a Webmin installation directory and run the following script the install the Webmin:

mkdir -p /usr/local/webmin
./webmin-1.984/setup.sh /usr/local/webmin/

You will be asked to provide the path of the configuration directory, admin username and password as shown below:

***********************************************************************

        Welcome to the Webmin setup script, version 1.984
***********************************************************************
Webmin is a web-based interface that allows Unix-like operating
systems and common Unix services to be easily administered.

Installing Webmin from /root/webmin-1.984 to /usr/local/webmin/ ...

***********************************************************************
Webmin uses separate directories for configuration files and log files.
Unless you want to run multiple versions of Webmin at the same time
you can just accept the defaults.

Config file directory [/etc/webmin]: 
Log file directory [/var/webmin]: 

***********************************************************************
Webmin is written entirely in Perl. Please enter the full path to the
Perl 5 interpreter on your system.

Full path to perl (default /usr/bin/perl): 

Testing Perl ...
Perl seems to be installed ok

***********************************************************************
Operating system name:    Rocky Linux
Operating system version: 8.5

***********************************************************************
Webmin uses its own password protected web server to provide access
to the administration programs. The setup script needs to know :
 - What port to run the web server on. There must not be another
   web server already using this port.
 - The login name required to access the web server.
 - The password required to access the web server.
 - If the webserver should use SSL (if your system supports it).
 - Whether to start webmin at boot time.

Web server port (default 10000): 
Login name (default admin): admin
Login password: 
Password again: 
Use SSL (y/n): n
Start Webmin at boot time (y/n): y
***********************************************************************
***********************************************************************
Webmin has been installed and started successfully. Use your web
browser to go to

  http://rockylinux:10000/

and login with the name and password you entered previously.

By default, Webmin listens on port 10000. You can check it with the following command:

ss -antpl | grep 10000

You will get the following output:

LISTEN 0      128          0.0.0.0:10000      0.0.0.0:*    users:(("miniserv.pl",pid=6601,fd=7))

Configure Nginx as a Reverse Proxy for Webmin

It is a good idea to use the Nginx as a reverse proxy for Webmin. First, install the Nginx package using the following command:

dnf install nginx -y

Next, create an Nginx virtual host configuration file with the following command:

nano /etc/nginx/conf.d/webmin.conf

Add the following lines:

server {
       listen 80;
       server_name webmin.linuxbuz.com;

       access_log /var/log/nginx/webmin.access;
       error_log /var/log/nginx/webmin.error;

       location / {
              proxy_pass http://127.0.0.1:10000;
              #proxy_set_header Host $http_host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
        }
}

Save and close the file then verify the Nginx for any syntax error:

nginx -t

You will get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Next, start the Nginx service and enable it to start at system reboot:

systemctl start nginx
systemctl enable nginx

You can check the status of the Webmin with the following command:

systemctl status nginx

You should see the following output:

? nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-02-12 08:20:04 UTC; 17s ago
  Process: 7051 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 7050 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 7048 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 7053 (nginx)
    Tasks: 2 (limit: 11412)
   Memory: 3.7M
   CGroup: /system.slice/nginx.service
           ??7053 nginx: master process /usr/sbin/nginx
           ??7054 nginx: worker process

Feb 12 08:20:03 rockylinux systemd[1]: Starting The nginx HTTP and reverse proxy server...
Feb 12 08:20:04 rockylinux nginx[7050]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Feb 12 08:20:04 rockylinux nginx[7050]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Feb 12 08:20:04 rockylinux systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Feb 12 08:20:04 rockylinux systemd[1]: Started The nginx HTTP and reverse proxy server.

Enable SSL on Webmin

It is recommended to secure the Webmin with Let's Encrypt SSL. First, you will need to install the Certbot client to manage the Let's Encrypt SSL. You can install it with the following command:

dnf install epel-release -y
dnf install python3-certbot-nginx -y

Next, run the certbot command to download and install the Let's Encrypt SSL on the Webmin domain.

certbot --nginx -d webmin.linuxbuz.com

You will be asked to provide your valid email address and accept the term of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for webmin.linuxbuz.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/webmin.linuxbuz.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/webmin.linuxbuz.com/privkey.pem
This certificate expires on 2022-05-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for webmin.linuxbuz.com to /etc/nginx/conf.d/webmin.conf
Congratulations! You have successfully enabled HTTPS on https://webmin.linuxbuz.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Configure Webmin

Next, you will need to edit the Webmin configuration file and define the trusted referrers.

nano /etc/webmin/config

Add the following line:

referers=webmin.linuxbuz.com

Save and close the file then edit the miniserv.conf file and disable HTTPS mode in Webmin:

nano /etc/webmin/miniserv.conf

Add the following lines:

ssl=0
allow=127.0.0.1

Save and close the file when you are finished.

Next, get the Webmin process id with the following command:

ps -ef | grep webmin

You will get the following output:

root        6601       1  0 08:12 ?        00:00:00 /usr/bin/perl /usr/local/webmin//miniserv.pl /etc/webmin/miniserv.conf
root        7553    1117  0 08:24 pts/0    00:00:00 grep --color=auto webmin

Next, use the kill command to kill the Webmin process.

kill -9 6601

Next, start the Webmin service with systemd and enable it to start at system reboot:

systemctl start webmin
systemctl enable webmin

Next, check the status of Webmin using the following command:

systemctl status webmin

You will get the following output:

? webmin.service - Webmin
   Loaded: loaded (/usr/lib/systemd/system/webmin.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-02-12 08:25:05 UTC; 54s ago
  Process: 7560 ExecStart=/etc/webmin/start (code=exited, status=0/SUCCESS)
 Main PID: 7561 (miniserv.pl)
    Tasks: 1 (limit: 11412)
   Memory: 23.9M
   CGroup: /system.slice/webmin.service
           ??7561 /usr/bin/perl /usr/local/webmin//miniserv.pl /etc/webmin/miniserv.conf

Feb 12 08:25:05 rockylinux systemd[1]: Starting Webmin...
Feb 12 08:25:05 rockylinux start[7560]: Starting Webmin server in /usr/local/webmin/
Feb 12 08:25:05 rockylinux webmin[7560]: Webmin starting
Feb 12 08:25:05 rockylinux systemd[1]: webmin.service: Can't open PID file /var/webmin/miniserv.pid (yet?) after start: No such file or direc>
Feb 12 08:25:05 rockylinux systemd[1]: Started Webmin.

Configure Firewall

If the firewalld firewall is installed on your server. Then, you will need to allow ports 80 and 443 through the firewall. You can allow them with the following command:

firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent

Finally, reload the firewall service to apply the changes:

firewall-cmd --reload

Access Webmin Interface

Now, open your web browser and access the Webmin interface using the URL https://webmin.linuxbuz.com. You will be redirected to the Webmin login page:

Webmin login

Provide your admin username, and password, and click on the Login button. You should see the Webmin dashboard on the following page:

Webmin Dashboard

Conclusion

Congratulations! you have successfully installed Webmin with Nginx and Let's Encrypt SSL on Rocky Linux 8. You can now manage your Linux system easily through the web browser. Feel free to ask me if you have any questions.

Share this page:

Suggested articles

0 Comment(s)

Add comment