I’ve been using Virtualmin, either gpl or pro, for decades Love it.
However, I’m always annoyed by the security warning I get when I access it.
I access through the ip address such as https://111.11.11.11:10000 (though I usually change the port number and it redirects to http).
I was switching to a new host so redoing my virtualmin setup, wondered if there were a better way of access it securely, and found this:
That post indicates that I can access virtualmin through any domain… but how? It doesn’t work to do mydomain.com:10000
Also, Joe says there that the system hostname should not be hosted on virtualmin… and says that is important. I always thought the hostname had to be resolvable to the same IP that virtualmin was on. Apparently I’ve had it screwed up for a long time. Should the hostname be resolvable to an ip, and if so… which, if not the same as the server with virtualmin? Doesn’t that play a role in email validation?
You should request a free Let’s Encrypt SSL certificate for your domain using Manage Virtual Server ⇾ Setup SSL Certificate page.
This is not what he said. Joe said that you shouldn’t create a domain name in Virtualmin (i.e. Create Virtual Server) that matches your hostname or in particular enable mail for this domain, if created.
You should request a free Let’s Encrypt SSL certificate for your domain using Manage Virtual Server ⇾ Setup SSL Certificate page
My domain does have a cert, all of the domains on the server do, but how do I access the server’s Virtualmin console through the domains?
This is not what he said. Joe said that you shouldn’t create a domain name in Virtualmin (i.e. Create Virtual Server ) that matches your hostname or in particular enable mail for this domain, if created.
Okay, do I understand this correctly? The hostname should point to the server’s ip address, but not have a domain created for it in Virtualmin?
Yep, that has never worked for me, I just get a “this site can’t be reached, took too long to respond” using my domain name and the port like that. Using the ip address and the port brings it right up, but not securely,
That probably means you don’t have DNS A record(s) for those names in the authoritative name servers for the zone. Nothing can work if you don’t have working DNS.
You do not need DNS in Virtualmin, you just need DNS. But, Cloudflare is a proxy and it does not proxy for port 10000. You’ll have to move Webmin to another port or setup some names that are not being proxied through a proxy that does not proxy port 10000.
You should really mention that you’re behind a proxy when posting questions like this. It matters a lot. (This is mentioned in the guidelines: https://forum.virtualmin.com/guidelines)
Edit: Sorry I’m being grumpy. My frustration should actually be directed at Cloudflare rather than Cloudflare users. They aren’t very upfront about proxying being what they’re doing, and so we get a lot of users not understanding that by using Cloudflare they are behind a proxy and they need to understand the implications of running services behind a proxy.
Apologies accepted, I was picking up on some grumpiness from both you and Ilia and was a bit embarrassed in the first place to admit that I’ve had this question for over a decade and I’m just now trying to understand it.
And yeh, I’ve been using Virtualmin for probably close to two decades, so it’s been a looooong time since I looked at the forum guidelines
I knew that Clouldflare was a proxy, but did not know the implications of how it affected the console access.
My goal was just to ask and learn, and I’ve done that, and I appreciate the help and the software, I’ll probably be picking up a pro license again soon,
That should be fine. Webmin doesn’t care what port it’s on.
You should be aware that fast API calls won’t work across a proxied connection, so if you have multiple Webmin servers that are working together on something, you’ll need to either give them hostnames that aren’t being proxied or disable fast RPC.
I’m also curious if the Terminal works through a proxied connection? I think the way Jamie implemented it will work (I think it’s a local socket and Webmin is proxying the WebSockets connection to it), but I’m not sure if it needs any other ports.
It’s just me and sites I manage, so slow API calls are not an issue.
I just tested the Terminal and it does not work connecting this way (it was earlier when I was just using the ip and used it to check on something). I get:
Couldn’t you setup your domain in your hosts file from the PC you are accessing it from to have the domain point to that IP and have it work just the same errr IDK I would think it would work but don’t have the problem.