I can’t seem to access port 10000 or 20000 on my Treo 755p. I’ve assumed for a while that Sprint was blocking the ports, but I just got off the phone with a Sprint tech and he assured me that’s not the case.
When I try to access https://domain.tld:10000 I get an error message that says
Browser Error
Unknown Error. URL: https://domain.tld:10000/
Does any one know what might be wrong?
per haps you need to choose the mobile theme for your palm?
I’ve discovered that if I disable SSL login for webmin, I have no trouble logging in from the Treo. I also know that by itself the self-signed cert is not a problem from the Treo. Somehow the https and port 10000 are not working together.
do you have the mobile theme selected in webmin?
does it work when going to ip instead of domain?
https:// 123.45.678.90:10000
or any other site with https protocol?
Doesn’t work with my motorola razr either and I even a valid ssl certificate.
Seems that a lot of cell phones are programed not to allow ssl other then on port 443.
I do have the mobile theme selected. Still doesn’t work using IP instead. I access other https site on a regular bases and can even access the server host name with https, but not with port 10000 or 20000.
I’m afraid what Scott is saying sounds about right, so I’ll call Sprint tomorrow with some better questions.
That’s strange…it’s pretty much worked on all of the phones we’ve tested, but we do have a somewhat limited test pool of phones.
Here’s what we know worked in the recent past, or currently:
Sidekick II and newer on T-Mobile
Treo (I don’t recall the network…but Jamie used a Treo until a few months ago when he got an iPhone, and I think it was on Sprint, but it might have been something else)
iPhone on AT&T
Blackberry Curve and Pearl on AT&T
Nokia N7x (I don’t know the network)
And, we always use Webmin on port 10000 and via HTTPS. It may be that something has changed on one or more networks to prevent access to those ports, though. Our current testing set is Sidekick and iPhone, so we’re somewhat more limited than in the past (we don’t hang out with any mobile developers these days, and several of the folks with smart phones we know have consolidated to iPhones, so there’s a more homogeneous pool than in the past).
Can you see any requests coming in in the miniserv.log in /var/webmin when you try to connect?
AT&T no longer allows connections on the web to any ports other then 443 and 80. Claims that any other port(s) are a security risk.
And no I don’t see any connection attempts to any webmin I have access to while looking at the logs.
Hmmm…Good to know. Really strange choice by AT&T, but I guess it’s their network to do with as they wish. But, weird choice.
So, it sounds like for folks running into this, they’ll either need to give Webmin port 443 (be sure to specify a single address, if doing this, so you’ll have the rest of the IPs on the system for SSL websites), or setup a port forward in Apache. The latter is covered in the Webmin docs here:
http://doxfer.com/Webmin/UnderApache#Webmin_Proxied_Through_Apache
Port forwarding is not a option for me. I have noticed that certain parts of the server break doing this.
I didn’t suggest port forwarding. I’d recommend actually running Webmin on port 443, or using Apache proxying. 
Though I’m surprised port forwarding doesn’t work…I use it for all of our test virtual systems, and it works fine. What, specifically, breaks for you?
I think the last time I tried this parts of the VM theme didn’t work right or maybe it was parts of webmin that didn’t behave correctly.
I’ll try port 443 if I have a spare IP to use.
I just got off the phone with a Sprint tech. Unfortunately I had to completely educate him before he could understand my question. Without doing any checking, he gave me the quick answer of “Blazer doesn’t support all pages”.
Joe wrote:
You could also use Apache’s mod_proxy or any proxy that supports SSL to share a single IP and SSL cert.
(other SSL proxies include Pound, stunnel, lighttpd, etc.)
Reverse Proxy
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all # restrict to webmin users src IP’s if possible
</Proxy>
ProxyPass /webmin http://www.same_domainname_as_server.com:10000
ProxyPassReverse /webmin http://www.same_domainname_as_server.com:10000
Use SSL on the proxied server if the proxied packets must traverse the internet. If the proxied server is on the same box (the case with webmin) turn off SSL in webmin for better performance. Connections will be made encrypted by SSL to the external proxy server and then proxied un-encrypted to the local webmin port.
joes wrote:
I spoke a little too soon. I can get to webmin’s main page, however when I click on any of the links, I’m getting a “Not Found”, as it’s being looked for on port 80.
Not Found
The requested URL /session_sysinfo.cgi was not found on this server.
Apache Server at hostname Port 80
I’m using:
#Reverse Proxy
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all # restrict to webmin users src IP’s if possible
</Proxy>
ProxyPass /webmin https://hostname:10000
ProxyPassReverse /webmin https://hostname:10000
I did not switch off webmin’s SSL. What else needs to be added?
You need to rewrite somewhere. I usually do it on the back, since you want internal SSL you’ll probably do it on the front.
ProxyHTMLURLMap https://hostname:10000 /webmin
<Location /webmin/>
ProxyHTMLURLMap / /webmin/
</Location>
Gleaned from long term memory and …
http://www.apachetutor.org/admin/reverseproxies
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
Be aware that a misconfigured proxy can be a security risk.
I don’t use Apache much anymore. I use varnish, pound, perlbal, lighttpd or nginx. So have someone who knows Apache review your config if needed.
Thanks for the follow up tip joes.
I actually tried another experiment with success. I discovered the issue of accessing port 10000 with https is not a Sprint limitation, but rather an issue with the the stock Treo Palm browser, Blazer.
I ended up installing an alternate browser, Opera Mini. It’s not behaving well, as it keeps locking up on me, but I have managed to gain full access to webmin-mobile and for the most part is working quite well.