Howdy! I will appreciate some serious advise and best practice recommendation on this subject since I am having serious issues with my very first Webmin/Virtualmin VPS.
Firstly, I need to know if setting up a single IP-shared based VPS is even a good idea to host around 100 domains in average.
Being said that, I am having serious problems with SSL and I cannot find a unique explanation on the web but too many suggestion so, after requesting and installing a Let’s Encrypt certificate in Webmin Configuration and getting the confirmation that Webmin server is now using a CA:
What should I do in order to allow virtual server owners to access the Virtualmin HTTPS web interface by using their own domains WITHOUT the warning of non secure or non valid certificate?
As administrator, should I allow SSL website feature to be enabled by default for virtual server owners so they be able to perform whatever SSL certificate request task they need for their sites without the administrator intervention OR on the contrary, should I disable SSL website feature by default for new virtual servers?
In case enabling SSL feature by default is recommended for new virtual servers; should I configure Webmin, Usermin, Dovecot and Postfix to use same certificate, in Server Templates / Default Settings / Apache websites options?
Last but not less, I am having really serious issues to normalize website openings in browser. For example, if I try to open domain.com - without prefix “www” - then I get an empty index list page. Redirections are also misfunctioning; no matter if I set “NO” to almost all redirecting website options, I cannot make that http requests that don’t require https remain as http URLs but they get redirected to https and therefore resulting in a BAD OR INVALID SSL warning by the browser.
One more thing: I found information on the web instructing that virtual servers on Virtualmin environment MUST have a dedicated IP in order to activate and use a SSL certificate. Is this correct? Isn’t possible to allow SSL certificate for a given Virtualmin virtual server if using the shared IP?
What should I do in order to allow virtual server owners to access the Virtualmin HTTPS web interface by using their own domains WITHOUT the warning of non secure or non valid certificate? RE: install ssl certificate (you can use lets encrypt free service)
As administrator, should I allow SSL website feature to be enabled by default for virtual server owners so they be able to perform whatever SSL certificate request task they need for their sites without the administrator intervention OR on the contrary, should I disable SSL website feature by default for new virtual servers? I would say yes
In case enabling SSL feature by default is recommended for new virtual servers; should I configure Webmin, Usermin, Dovecot and Postfix to use same certificate, in Server Templates / Default Settings / Apache websites options? RE: I would defo recommend using only one ssl cert for Webmin, Usermin, Dovecot and Postfix. For websites let your clients to use their own ssl certs for each website
Last but not less, I am having really serious issues to normalize website openings in browser. For example, if I try to open domain.com - without prefix “www” - then I get an empty index list page. Redirections are also misfunctioning; no matter if I set “NO” to almost all redirecting website options, I cannot make that http requests that don’t require https remain as http URLs but they get redirected to https and therefore resulting in a BAD OR INVALID SSL warning by the browser. RE: using www is very old fashion… no one uses these days in fact when you access domain without www browser does it for you anyway so www is not need it.
One more thing: I found information on the web instructing that virtual servers on Virtualmin environment MUST have a dedicated IP in order to activate and use a SSL certificate. Is this correct? Isn’t possible to allow SSL certificate for a given Virtualmin virtual server if using the shared IP? RE: that is a myth and false. you can have different ssl certs for as many domains or subdomains on same IP - basically some.com and another.co.uk hosted on your server which share one IP for both domains can have each their own ssl certificate. Hosting companies used this to milk more money from customers.
Hola, unborn! I didn’t thank you for your detailed response which was excellent and very helpfully.
I can tell that you have plenty of experience in using Virtualmin so I would like to ask you for help on this issue: I cannot stop having issues with FastCGI server on my Virtualmin VPS and my hosting provider is not helping me much.
Almost all PHP sites in the VPS are failing and displaying 500 error type messages in the browser and error logs look like these ones:
Following showed up after trying to run phpMyAdmin for one site:
[Fri Apr 17 09:05:54.628911 2020] [fcgid:warn] [pid 17096] (104)Connection reset by peer: [client xxx.xxx.xxx.x:50508] mod_fcgid: error reading data from FastCGI server
[Fri Apr 17 09:05:54.628943 2020] [core:error] [pid 17096] [client 186.136.117.5:50508] End of script output before headers: index.php
VPS is running on CentOS 7 / Apache 2.4 / PHP 5.4 and 7.2.x (Webmin for server management / Virtualmin for hosting management).
I already tried out configuration changing to httpd.conf regarding mod_fcgi but I am open to re-check everything and to follow best practices on setting / configuring the whole thing in order to try to solve this out.
So where should I start checking, according to your experience? Thank you so very much in advanced for your kind attention and your valuable time to help.
Hola, unborn! I didn’t thank you for your detailed response which was excellent and very helpfully.
I can tell that you have plenty of experience in using Virtualmin so I would like to ask you for help on this issue: I cannot stop having issues with FastCGI server on my Virtualmin VPS and my hosting provider is not helping me much.
Almost all PHP sites in the VPS are failing and displaying 500 error type messages in the browser and error logs look like these ones:
In this case, it was trying to open phpMyAdmin:
[Fri Apr 17 12:45:09.576246 2020] [fcgid:warn] [pid 310] (104)Connection reset by peer: [client 186.136.117.5:57786] mod_fcgid: error reading data from FastCGI server
[Fri Apr 17 12:45:09.576308 2020] [core:error] [pid 310] [client 186.136.117.5:57786] End of script output before headers: index.php
Hi @jmestrada, I will look at it once I will have day off, sorry but i am key worker and since covid19 kicked here I work around 69 hours a week night shifts and as I did just came home my brain is dead, ready to just drift a sleep. Mean time I guess you can do your research around the net. Speak to you in Thursday evening.
Hello, mate! Thanks for the suggestion. I already tried the “chattr -i php5.fcgi” method with no sucess. However, I have tried so many things that I wouldn’t mind try that again (;
well that migrating from cpanel could cause that issue, its known for it… I used crappy cpanel back in times when I used to pay for hosting but was lucky enough not to going via migration with it. all I’ve done was redownload site via ssh or I think it was even unsecured ftp, and dbs via pma and then manually reinstated in same fashion on my fresh virtualmin… it was all working fine. If you dealing with few sites you should manually reinstall them and then inport dbs manually via pma (phpmyadmin) or something or if you have many sites I would advice you to contact virtualmin guys for help. You can purchase very small price for professional help which also would support them and virtualmin it self. They are brilliant in what they doing.
I am afraid I would not be able to help with this issue, as I avoiding closed sources as fire avoiding water. The reason is simple, I cannot see the source code so I have only guessing what the closed source does when it is applied. And guessing is very time consuming.
I agree with @unborn, you should support Virtualmin by contracting the team to help you professionally via their paid support options but one little thing you could try before that is to check the version of PHP that you had on your old Cpanel server and the version of PHP you have on your Virtualmin server. If your web app (php script) and PHP version mismatch then you might get the sort of errors that you have posted in the log.
If PHP version is not conflicting with code then change PHP execution mode to CFGId and back again to FPM (or vice versa) in Virtualmin | Server Configuration | Website Options - this has often done the trick for me for “End of script output before headers” errors.
