Howdy all,
We’re finally wrapping up Virtualmin 6 for official release sometime next week. There’s a ton of new features in the new install process, and we’re taking this opportunity to look at the default settings in a fresh install and think about which features should be enabled by default, and whether any that are currently enabled by default should be disabled.
Virtualmin has always taken a sort of “clean slate” approach, wherein the default configuration is pretty stripped down. Lots of features and plugins and such have to be enabled after installation, if you want to use them. This makes sense for folks who have a lot of experience and know exactly what they want…but maybe not an ideal experience for new users. We’ve heard from enough new users that the initial experience feels a bit spartan (and I’ve seen a couple of threads lately of folks complaining about Virtualmin not having feature that it does have but isn’t turned on by default, which is very frustrating).
So, what’s a good baseline of functionality look like to you? What do you always turn on or change immediately after installation?
I’ll list off some things that have already been added, to sort of kick things off:
- Firewall is setup by default, whether one is turned on or not. Prior versions would configure a firewall if one was running, and there’s always been GUI support for the most popular firewalls, but wouldn’t do anything if there was no firewall.
- Fail2ban is setup and configured with a sensible set of rules. Again, we’ve had GUI support for several years, but users had to turn it on and enable the rules they wanted in all prior versions.
- ProFTPd is pre-configured with TLS and SFTP, and defaults to enabling the DefaultRoot option (this chroots the user to their home). This was historically off by default, and could be enabled with one checkbox in the GUI, but is now on by default and can be disabled with the same single checkbox if you don’t want it. SFTP uses port 2222, so you can have ssh and SFTP on the same host.
- SSH chroot jails are supported out of the box. I’ve always been ambivalent about chroot as a security feature, due to some real security concerns introduced by setuid binaries. But, now that jailkit can use capabilities to allow chroots without setuid root, I’m much more comfortable with them.
- Option to install either a LAMP stack (with Apache, which was all that was supported at install time in past installers) or a LEMP stack (with nginx, which has required manual installation and configuration in the past).
Stuff that isn’t installed or enabled by default that has been in the past:
- PostgreSQL. It can easily be added later by installing a few packages and running the virtualmin config-system command.
- mod_php. There’s no reason to use mod_php in a modern system. PHP-FPM and mod_fcgid are faster, safer, use less memory, and are better tested with modern apps than mod_php because nobody uses mod_php anymore.
So, what does a “batteries included” installation of Virtualmin look like to you? What do you hate about a fresh install that you have to change immediately?
Also note, the new installer has a --minimal mode, which will install a stripped down version of Virtualmin, without the huge mail processing tools, and some of the other big and less commonly needed options. So…there’s still gonna be an option for folks who want a very minimal system to build up from (and it’ll be even more minimal than the current default install), or for folks with limited system memory.