Skip to main content

Webmin

Webmin from https://webmin.com/

  • installed onto host system via 3rd party apt repository
  • installs and auto-configured for start at boot-time
  • OOB installation listens on all interfaces https://<ip>:10000
    • post install modify the /etc/webmin./miniserv.conf 
    • we will only listen on internally accessible networks
    • we will disable SSL 
    • we will reverse proxy via nginx proxy manager https to http:10000
Notable changes for /etc/webmin/miniserv.conf

port=10000
sockets=172.22.20.1:*
ssl=0
no_ssl2=1
bind=172.22.22.1
ipv6=0
no_tls1_1=1
webprefixnoredir=1
no_tls1=1
no_ssl3=1

Installation Steps

  1. install webmin repo
    wget -O - https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh | sudo bash
  2. update repo
    sudo apt update
  3. install webmin package
    sudo apt install -y webmin
  4. start and verify service
    sudo systemctl status webmin
sudo netstat -anp|grep 10000 | grep LISTEN | awk '{print $4}' | awk '{print "https://"$1}'
  5. access initial webmin UI and login as rootScreenshot 2025-06-23 at 21.07.46.png
Installation CLI commands copy & Paste 
wget -O - https://raw.githubusercontent.com/webmin/webmin/master/webmin-setup-repo.sh | sudo bash
sudo apt update
sudo apt install -yq webmin
sudo systemctl status webmin
sudo netstat -anp|grep 10000 | grep LISTEN | awk '{print $4}' | awk '{print "http://"$1}' | xargs -n1 open

 

Update OOB installation

We can update via the webmin UI to change a minimal set of options to use Webmin behind a local IP which we access via https proxy through the nginx proxy 

For the following configuration to be enabled, follow the setup steps below

image.png

Pre-Setup Requirements
  • Docker installed on HOST
  • Docker networks configured on HOST
  • Nginx Proxy Manager container setup as per The NGINX Proxy Manager Install Guide
  • Access from your local machine to the server Tailscale IP address via Tailscale VPN
NGINX Proxy Host Configuration

Your NGINX Docker compose file should be setup to listen on your VPN (Tailscsale) Server IP Address

      - 100.100.69.2:80:80
      - 100.100.69.2:443:443
      - 100.100.69.2:81:81

We now setup an inbound host to listen on HTTP and HTTPS, setting the Domain Name and then rourting traffic to one of the internal IP addresses that Webmin is listening on 

Next you want to request an SSL certificate or use the wildcard cert that should be available; ensure to enable Force SSL so all conections are secure; as a final check, we setup the advanced nginx config to check source IP ranges - if the address is not local or VPN, it is denied

Screenshot 2025-06-23 at 21.57.23.png Screenshot 2025-06-23 at 21.57.44.png Screenshot 2025-06-23 at 21.57.51.png

 

Post Install Configuration (WebUI)


  • Open Console
  • Login as root
Screenshot 2025-06-23 at 21.07.46.png

Post Login Error 

 

When loading using only the proxied address (https://webmin.admin.tld.com) it may redirect to https://webmin.admin.tld.co.uk:10000 - which will cause an error (as we should have blocked access externally to 10000) - simply remove the port from the URL and hit enter to load the page

 

image.png
  • Open the Webmin Config Page
 Screenshot 2025-06-23 at 21.17.38.png
  • update IPs
  • leave internal IP
  • remove external

 

  • modify listen ports as required (only change if there are conflicts)
 Screenshot 2025-06-23 at 21.10.48.png
  • disable SSL as the NGINX proxy will receive the SSL connection and terminate it using HTTP internally (optional but easier)
  • Setup SSL Certs if you use SSL - use your *.admin wildcard SSL cert
 Screenshot 2025-06-23 at 21.10.16.png
  • Update the approved referer DNS names 
 Screenshot 2025-06-23 at 21.18.04.png


 

Back to top