Operating system: ubuntu
OS version: 20.04
What I try to do
I plan to automate stuff like creating an new Server, add ftp-user etc. with Virtualmin.
The difficult point is, that those tasks should be started from the same server.
Means: On the Server will be an Dashboard for users, where thy can create a new Web-Project.
If they do, following should happen automatically:
- first a domain will be registerd,
- subserver will be created
- presettings will be made (e.g. FTP-User, etc)
As I’ve seen in the documentation (https://www.virtualmin.com/remote/), they recommend to use the remote-api, because the CLI API-Calls have to be executed as root.
I wonder what a good strategy would be to keep the server secure while using those API’s.
Because this API is very powerful, I think it will be the target of many hackers. Are there any recommendations how to secure the access to those API-Endpoints?