How to Install Webmin with free Let's Encrypt SSL on Rocky Linux 8
Webmin is a free, open-source, and web-based Linux administration and management tool that allows you to configure the Linux system via a web browser. It is written in Perl and provides a user-friendly web interface with real-time monitoring of CPU and RAM. With Webmin, you can perform several administrative tasks including, user account management, package management, firewall management, creating cron jobs, and more.
In this tutorial, I will show you how to install Webmin with Nginx and Let's Encrypt SSL on Rocky Linux 8.
Prerequisites
- A server running Rocky Linux 8.
- A valid domain name pointed with server IP.
- A root password is configured on the server.
Install Webmin
Webmin is written in Perl language so you will need to install Perl in your system. Run the following command to install Perl:
dnf install perl -y
Next, download the latest version of Webmin tarball using the following command:
wget https://www.webmin.com/download/webmin-current.tar.gz
Once the Webmin is downloaded, extract the downloaded file with the following command:
tar xvf webmin-current.tar.gz
Next, create a Webmin installation directory and run the following script the install the Webmin:
mkdir -p /usr/local/webmin
./webmin-1.984/setup.sh /usr/local/webmin/
You will be asked to provide the path of the configuration directory, admin username and password as shown below:
*********************************************************************** Welcome to the Webmin setup script, version 1.984 *********************************************************************** Webmin is a web-based interface that allows Unix-like operating systems and common Unix services to be easily administered. Installing Webmin from /root/webmin-1.984 to /usr/local/webmin/ ... *********************************************************************** Webmin uses separate directories for configuration files and log files. Unless you want to run multiple versions of Webmin at the same time you can just accept the defaults. Config file directory [/etc/webmin]: Log file directory [/var/webmin]: *********************************************************************** Webmin is written entirely in Perl. Please enter the full path to the Perl 5 interpreter on your system. Full path to perl (default /usr/bin/perl): Testing Perl ... Perl seems to be installed ok *********************************************************************** Operating system name: Rocky Linux Operating system version: 8.5 *********************************************************************** Webmin uses its own password protected web server to provide access to the administration programs. The setup script needs to know : - What port to run the web server on. There must not be another web server already using this port. - The login name required to access the web server. - The password required to access the web server. - If the webserver should use SSL (if your system supports it). - Whether to start webmin at boot time. Web server port (default 10000): Login name (default admin): admin Login password: Password again: Use SSL (y/n): n Start Webmin at boot time (y/n): y *********************************************************************** *********************************************************************** Webmin has been installed and started successfully. Use your web browser to go to http://rockylinux:10000/ and login with the name and password you entered previously.
By default, Webmin listens on port 10000. You can check it with the following command:
ss -antpl | grep 10000
You will get the following output:
LISTEN 0 128 0.0.0.0:10000 0.0.0.0:* users:(("miniserv.pl",pid=6601,fd=7))
Configure Nginx as a Reverse Proxy for Webmin
It is a good idea to use the Nginx as a reverse proxy for Webmin. First, install the Nginx package using the following command:
dnf install nginx -y
Next, create an Nginx virtual host configuration file with the following command:
nano /etc/nginx/conf.d/webmin.conf
Add the following lines:
server { listen 80; server_name webmin.linuxbuz.com; access_log /var/log/nginx/webmin.access; error_log /var/log/nginx/webmin.error; location / { proxy_pass http://127.0.0.1:10000; #proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Save and close the file then verify the Nginx for any syntax error:
nginx -t
You will get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, start the Nginx service and enable it to start at system reboot:
systemctl start nginx
systemctl enable nginx
You can check the status of the Webmin with the following command:
systemctl status nginx
You should see the following output:
? nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2022-02-12 08:20:04 UTC; 17s ago Process: 7051 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 7050 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 7048 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 7053 (nginx) Tasks: 2 (limit: 11412) Memory: 3.7M CGroup: /system.slice/nginx.service ??7053 nginx: master process /usr/sbin/nginx ??7054 nginx: worker process Feb 12 08:20:03 rockylinux systemd[1]: Starting The nginx HTTP and reverse proxy server... Feb 12 08:20:04 rockylinux nginx[7050]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Feb 12 08:20:04 rockylinux nginx[7050]: nginx: configuration file /etc/nginx/nginx.conf test is successful Feb 12 08:20:04 rockylinux systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument Feb 12 08:20:04 rockylinux systemd[1]: Started The nginx HTTP and reverse proxy server.
Enable SSL on Webmin
It is recommended to secure the Webmin with Let's Encrypt SSL. First, you will need to install the Certbot client to manage the Let's Encrypt SSL. You can install it with the following command:
dnf install epel-release -y
dnf install python3-certbot-nginx -y
Next, run the certbot command to download and install the Let's Encrypt SSL on the Webmin domain.
certbot --nginx -d webmin.linuxbuz.com
You will be asked to provide your valid email address and accept the term of service:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Requesting a certificate for webmin.linuxbuz.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/webmin.linuxbuz.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/webmin.linuxbuz.com/privkey.pem This certificate expires on 2022-05-13. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for webmin.linuxbuz.com to /etc/nginx/conf.d/webmin.conf Congratulations! You have successfully enabled HTTPS on https://webmin.linuxbuz.com We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configure Webmin
Next, you will need to edit the Webmin configuration file and define the trusted referrers.
nano /etc/webmin/config
Add the following line:
referers=webmin.linuxbuz.com
Save and close the file then edit the miniserv.conf file and disable HTTPS mode in Webmin:
nano /etc/webmin/miniserv.conf
Add the following lines:
ssl=0 allow=127.0.0.1
Save and close the file when you are finished.
Next, get the Webmin process id with the following command:
ps -ef | grep webmin
You will get the following output:
root 6601 1 0 08:12 ? 00:00:00 /usr/bin/perl /usr/local/webmin//miniserv.pl /etc/webmin/miniserv.conf root 7553 1117 0 08:24 pts/0 00:00:00 grep --color=auto webmin
Next, use the kill command to kill the Webmin process.
kill -9 6601
Next, start the Webmin service with systemd and enable it to start at system reboot:
systemctl start webmin
systemctl enable webmin
Next, check the status of Webmin using the following command:
systemctl status webmin
You will get the following output:
? webmin.service - Webmin Loaded: loaded (/usr/lib/systemd/system/webmin.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2022-02-12 08:25:05 UTC; 54s ago Process: 7560 ExecStart=/etc/webmin/start (code=exited, status=0/SUCCESS) Main PID: 7561 (miniserv.pl) Tasks: 1 (limit: 11412) Memory: 23.9M CGroup: /system.slice/webmin.service ??7561 /usr/bin/perl /usr/local/webmin//miniserv.pl /etc/webmin/miniserv.conf Feb 12 08:25:05 rockylinux systemd[1]: Starting Webmin... Feb 12 08:25:05 rockylinux start[7560]: Starting Webmin server in /usr/local/webmin/ Feb 12 08:25:05 rockylinux webmin[7560]: Webmin starting Feb 12 08:25:05 rockylinux systemd[1]: webmin.service: Can't open PID file /var/webmin/miniserv.pid (yet?) after start: No such file or direc> Feb 12 08:25:05 rockylinux systemd[1]: Started Webmin.
Configure Firewall
If the firewalld firewall is installed on your server. Then, you will need to allow ports 80 and 443 through the firewall. You can allow them with the following command:
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
Finally, reload the firewall service to apply the changes:
firewall-cmd --reload
Access Webmin Interface
Now, open your web browser and access the Webmin interface using the URL https://webmin.linuxbuz.com. You will be redirected to the Webmin login page:
Provide your admin username, and password, and click on the Login button. You should see the Webmin dashboard on the following page:
Conclusion
Congratulations! you have successfully installed Webmin with Nginx and Let's Encrypt SSL on Rocky Linux 8. You can now manage your Linux system easily through the web browser. Feel free to ask me if you have any questions.