Skip to main content

Webmin

Webmin from https://webmin.com/

  • installed onto host system via 3rd party apt repository
  • installs and auto-configured for start at boot-time
  • OOB installation listens on all interfaces https://<ip>:10000
    • post install modify the /etc/webmin./miniserv.conf 
    • we will only listen on internally accessible networks
    • we will disable SSL 
    • we will reverse proxy via nginx proxy manager https to http:10000
Notable changes for /etc/webmin/miniserv.conf

port=10000
sockets=172.22.20.1:*
ssl=0
no_ssl2=1
bind=172.22.22.1
ipv6=0
no_tls1_1=1
webprefixnoredir=1
no_tls1=1
no_ssl3=1

 

 

 


Tailscale VPN from https://tailscale.com/ 

  • configures a host interface tailscale0 
  • installs auto-start for tailscale daemon /etc/systemd/system/multi-user.target.wants/tailscaled.service
  • starts service at boot allocating IP address 100.100.69.2 to the tailscale0 nic
  • attaches tailscale0 nic to the shared VPN 
    • makes accessible 100.100.69.X addresses
    • makes the HOST available as an exit node

configured to use account pkswansea@outlook.com via the admin console via https://login.tailscale.com/admin 

pngtree-banner-with-important-icon-vector-picture-image_7826342-244127159.png

The server SSH service running on port 69 isonly exposed on the tailscale0 interface via the IP 100.100.69.2 once the daemon has started via /etc/systemd/system/ssh-after-tailscale.service and can only be accessed when connected to a valid VPN client

#!/bin/bash
while ! ip addr show tailscale0 | grep -q "inet ";

do
    sleep 10
done
systemctl start ssh

Back to top