Considerations for setting up virtualmin

Note: Before you start installing, make sure to read all of this post. Also it is a good idea before changing config files to create a backup copy with the command:

cp -a sshd_conf sshd_conf_old

as an example for the ssh config file mentioned later. the -a directive will keep all rights and owners as they were before, so it is usually a good idea to use this for any copyprocess on your server. If you copy a file which belongs to your webserver (in ubuntu / debian it is www-data) in a ssh session, it will be set to owner and group root, so you would have to change that back with a chown command…

I am using virtualmin for quite a while and came up with some things one has to consider before actually running the installer:

  1. You need a FQDN for Virtualmin. This is a fully qualified domain name, so you can access your server and your virtualmin/cloudmin/webmin installation over the internet. You should consider using a GENERIC domainname for this. I got a generic domain name like server-config.com and i just use a subdomain for each of my servers, so they are called server00.server-config.com, server01.server-config .com etc. This has several advantages:
  • i can setup services for all domains at one point and do not have to install them per virtual host and have to upgrade several of them.
    Example: I install roundcube for webmail under server00.server-config.com/webmail. So every user on any virtualhost can use this just ONE installation to access their webmail. Same for phpmyadmin. I have it under server00.server-config.com/database. This is also usable for each and every user. Just think about having 5 virtual hosts on your virtualmin. You would have to install those two scripts on 5 virtual hosts, giving you 10 scriptinstallations you have to update regularly. This way it is wayy easier.

  • I can use this server00.server-config.com as a mailserver for every domain. This makes also life easier, because if you want to use SSL / TLS you only need one certificate for one mailserver not for all of them. Saves time in setup.

  • Other services can also point to this domainname, for instance cloud services, ftp etc.

If you just have one domain, you use as a fqdn virtualmin is not for you, use Webmin instead.

You shouldn’t setup the domain which you use as domain for Virtualmin as a virtual host as well. Then it might be, that the webservers root directory is /var/www/html and not /home/yourdomain/public_html.

in order for virtualmin to run correclty you have to check the files hosts and hostname in folder /etc:

Given your domain name is server00.server-config.com it should read in

hosts

#Replace the 192.168.001.123 with the ip address of your server 192.168.001.123 server00.server-config.com server00

hostname:

server00.server-config.com
  1. Check your needs for encryption. You can use letsencrypt for creating certificates and providing https:// links. If you set it up in each virtual host, you will have later on a lot of folder in your letsencryptdirectory and subdirectories. It might be the better option to centralize it in just one certificate for all your domains. You can read more about it here: https://www.virtualmin.com/node/42012

  2. Consider the needed resources for your servers, what plans will you provide for server / subservers in terms of quota for email / webspace etc?

  3. Which features will you provide for your clients / users? keep in mind, what your server can handle. If you have just 1 GB of RAM and 20 GB of disk space, you won’t be able to have spam / virus checking and large databases to run.

  4. You have to decide, which linux to use in order to run your server. There are literally billions of threads about which linux flavour to use. Some love fedora, others CentOS, others again ubuntu or debian. It depends on your needs and on your skills. Since i am used to the debian / ubuntu world, i just have to decide between those two. Use the one, you have some experience with it. Whatever you feel well with is fine.

Whatever you plan, even my servers all look different, although i setup them all the same way.

  1. Get all information together you might need to setup. Otherwise you will find yourself re-installing over and over, in order to get everything up and running.

Have a look here for PCI compliance, which will harden your server a little bit, by removing outdated encryption protocols etc.:

https://www.virtualmin.com/documentation/security/pci

  1. Create a public/private key pair for accessing your server over ssh, if you haven’t already. Then put the public key in the file authorized_keys into the .ssh subfolder of your /root folder. Test the connection to make sure, you can login with your keys. then open the file /etc/ssh/sshd_config in an editor and set the following directives:
PasswordAuthentication yes PermitRootLogin without-password

If you only want the root user to login via ssh:

PasswordAuthentication yes PermitRootLogin without-password Match User root PasswordAuthentication no

Don’t forget to restart the ssh service in order for changes to be activated.

service ssh restart

If used the wrong way or if your keys does not work, you might lock yourself out of the server. Then use Webmin to move the edited sshd.conf out of the way and rename the sshd_config_old back to sshd_config. Restart the ssh service again and everything is as it was before.