| Security< | Apache< |

1. Webmin on RHEL4

rpm -ivh webmin-1.520-1.noarch.rpm<
rpm -ivh usermin-1.360-1.noarch.rpm<
  • make them run by default and restart packges so that they will create initial config files:
chkconfig --add webmin
chkconfig webmin on
service webmin restart<
chkconfig --add usermin
chkconfig usermin on
service usermin restart<
  • after installation webmin is available via https://localhost:10000 and usermin is available via https://localhost:20000 using the root name and password.
  • command usermin to use ldap via /etc/pam.d/usermin (for webmin this is not required since only root can login):
#%PAM-1.0
auth    sufficient      pam_unix.so     nullok
auth    required        pam_ldap.so     use_first_pass nullok
account required        pam_unix.so
session required        pam_unix.so<
  • tell webmin it will be proxied by apache on server via sub-directory - edit /etc/webmin/config:
webprefix=/server/admin
referers=admin.ourdom.com webmin.ourdom.com wiki.ourdom.com<
  • tell usermin it will be proxied by apache on server via sub-directory and will be referenced by wiki - edit /etc/usermin/config:
webprefix=/server/users
referers=admin.ourdom.com webmin.ourdom.com wiki.ourdom.com<
  • restart both
service webmin restart
service usermin restart<
  • fix a webmin's miniserv path traversal bug (notice server and admin):
cd /usr/libexec/webmin
ln -s server .
ln -s admin .<

2. Webmin on Ubuntu

  • install prerequisites
apt-get install -y libauthen-pam-perl libio-pty-perl
                   libmd5-perl libnet-ssleay-perl<
dpkg -i webmin_1.430_all.deb<
dpkg -i usermin_1.360_all.deb<
  • command usermin to use ldap via /etc/pam.d/usermin (for webmin this is not required since only root can do that):
#%PAM-1.0
auth    sufficient      pam_unix.so     nullok
auth    required        pam_ldap.so     use_first_pass nullok
account required        pam_unix.so
session required        pam_unix.so<
  • tell webmin it will be proxied by apache on server via sub-directory - edit /etc/webmin/config:
webprefix=/fax/admin
referers=admin.ourdom.com webmin.ourdom.com wiki.ourdom.com<
  • tell usermin it will be proxied by apache on server via sub-directory and will be referenced by wiki - edit /etc/usermin/config:
webprefix=/fax/users
webprefixnoredir=1
referers=admin.ourdom.com webmin.ourdom.com<

3. Apache SSL

Apache SSL<

4. Webmin proxied via Apache

  • by default webmin listens on port 10000 and usermin on port 20000
  • configure redirections and proxying in /etc/httpd/conf.d/ssl.conf
RewriteEngine on
RewriteRule ^/[^/]*$ /server/admin/<
ProxyRequests off
SSLProxyEngine on
ProxyPass         /server/admin  https://localhost:10000    keepAlive=on
ProxyPassReverse  /server/admin  https://localhost:10000<
ProxyPass         /server/users  https://localhost:20000    keepAlive=on
ProxyPassReverse  /server/users  https://localhost:20000<
ProxyPass         /fax/admin     https://fax.gclimate.com:10000    keepAlive=on
ProxyPassReverse  /fax/admin     https://fax.gclimate.com:10000
ProxyPass         /fax/users     https://fax.gclimate.com:20000    keepAlive=on
ProxyPassReverse  /fax/users     https://fax.gclimate.com:20000<

Notice end slashes, they are important !

  • protect ports 10000 and 20000 in /etc/sysconfig/iptables.
  • restart:
service iptables restart
service httpd restart
service webmin restart
service usermin restart<

5. More

Info: for webmin<, modules< and DNS setup<.

Repository of 3rd party webmin modules<

Вложения