Feedback thread: Which default features should change in Virtualmin 6?

Howdy all,

We’re finally wrapping up Virtualmin 6 for official release sometime next week. There’s a ton of new features in the new install process, and we’re taking this opportunity to look at the default settings in a fresh install and think about which features should be enabled by default, and whether any that are currently enabled by default should be disabled.

Virtualmin has always taken a sort of “clean slate” approach, wherein the default configuration is pretty stripped down. Lots of features and plugins and such have to be enabled after installation, if you want to use them. This makes sense for folks who have a lot of experience and know exactly what they want…but maybe not an ideal experience for new users. We’ve heard from enough new users that the initial experience feels a bit spartan (and I’ve seen a couple of threads lately of folks complaining about Virtualmin not having feature that it does have but isn’t turned on by default, which is very frustrating).

So, what’s a good baseline of functionality look like to you? What do you always turn on or change immediately after installation?

I’ll list off some things that have already been added, to sort of kick things off:

1. Firewall is setup by default, whether one is turned on or not. Prior versions would configure a firewall if one was running, and there’s always been GUI support for the most popular firewalls, but wouldn’t do anything if there was no firewall.
2. Fail2ban is setup and configured with a sensible set of rules. Again, we’ve had GUI support for several years, but users had to turn it on and enable the rules they wanted in all prior versions.
3. ProFTPd is pre-configured with TLS and SFTP, and defaults to enabling the DefaultRoot option (this chroots the user to their home). This was historically off by default, and could be enabled with one checkbox in the GUI, but is now on by default and can be disabled with the same single checkbox if you don’t want it. SFTP uses port 2222, so you can have ssh and SFTP on the same host.
4. SSH chroot jails are supported out of the box. I’ve always been ambivalent about chroot as a security feature, due to some real security concerns introduced by setuid binaries. But, now that jailkit can use capabilities to allow chroots without setuid root, I’m much more comfortable with them.
5. Option to install either a LAMP stack (with Apache, which was all that was supported at install time in past installers) or a LEMP stack (with nginx, which has required manual installation and configuration in the past).

Stuff that isn’t installed or enabled by default that has been in the past:

1. PostgreSQL. It can easily be added later by installing a few packages and running the virtualmin config-system command.
2. mod_php. There’s no reason to use mod_php in a modern system. PHP-FPM and mod_fcgid are faster, safer, use less memory, and are better tested with modern apps than mod_php because nobody uses mod_php anymore.

So, what does a “batteries included” installation of Virtualmin look like to you? What do you hate about a fresh install that you have to change immediately?

Also note, the new installer has a --minimal mode, which will install a stripped down version of Virtualmin, without the huge mail processing tools, and some of the other big and less commonly needed options. So…there’s still gonna be an option for folks who want a very minimal system to build up from (and it’ll be even more minimal than the current default install), or for folks with limited system memory.

Hello Team,

I am excited and eagerly waiting for the latest version of Virtualmin.

congratulations!!! you guys are awasome. I was googling for top 10 open source/free control panel. I browsed more then 20 website and found webmin/virtualmin is in top 1to 3 position.

I have few suggestions more related to authentic-theme. which makes virtualmin more user friendly.

I might be expecting more or might be fool. but I feel below list of features might help to people who are new to VPS and web control panel.

1. more Icon based theme and grouping similar like cpanel.
   ex: grouping by domains, emails, users, security, my favorites, additional tools, etc.,
2. having tool tips which might help user to understand what it is without doing lot of research
3. default page for webmin and virtualmin is same, which shows details of server like (webmin, virtualmin, usermin versions details, authentic-theme details etc., a graphical representation of memory and processor), I feel in virtualmin screen, it might be good if we highlight more virtual servers related details like domains and its performance.

above points are just suggestions from my point of view, I might be wrong. when I initially started using virtualmin, I felt these features will help new users to understand virtualmin more easily and quikly.

Regards

Joe, the list of new features is really great. The only thing that is missing, in my opinion, is that Postfix, out of the box, should be configured to send mail using TLS connection.

@pratam02 I am willing to add as much as possible of all that you mentioned.

Sounds great Joe!

Here’s what I usually do when I commission a new server:

• Install Virtualmin
• Install CSF (security/firewall)
• Install Letsencrypt

Then I go through the Virtualmin set-up, changing settings etc. I then install things like Passenger/Ruby/Postgres etc

I did try to post my complete set-up notes, but the text keeps getting garbled on this forum (can you upgrade to something like Discourse? It’s much better). I’ve taken screen grabs of the notes if it’s any help to you - have you got an email address I can send these to?

That all sounds about right to me, though to some extent it’s probably moot for us since we build a couple of custom VPS images that we pre-configure and then deploy out on new installs, so we’re likely to muck about with whatever your defaults are in setting up the deploy VPS image. However, most of this is pretty close to what we do in practice already, so I suspect that setting up our first Virtualmin 6 images will be simpler than what we’ve had to do in the past. I think we will probably continue to use iptables rather than firewalld — but that’s fairly trivial.

We are switching to Discourse when I get the time to tackle it. I’m a big fan, and my patience for Drupal has worn out (the Drupal 6 to Drupal 7 migration damned near killed me, it was harder than every previous migration I’ve done even across different CMS systems, and I’m just never doing another Drupal upgrade). But, we have so much tied up in the current system it’ll take a long time to get migrated. Forums will probably happen first, though.

My email is joe @ the obvious domain.

Ah nice one Joe! If you get stuck setting it up just let me know - I have a couple in production.

With regards to migrating the old forum, the easiest option would be to just put the old one in an archive (/forum-archived) and simply put a note at the top of each page pointing people to the new forum.

Discourse also has a built in SSO - so connecting to your usual accounts system should be relatively easy too (if you are using Drupal for that, might be a good time to switch to something like Rails?).

I’ll email you my set-up details shortly

Edit: Ok email sent, let me know if you don’t get it.

You’ll probably like the new thing. It’s very customizable/scriptable. It currently doesn’t have a target for iptables instead of firewalld on systems that have it, but one could be made.

It’s also possible to do a completely custom install with something like this:

The current version of the Virtualmin Config package won’t get the firewall right, but I’m fixing it now so it’ll correctly detect if firewalld isn’t installed. So, when we announce the official release in a few hours (maybe as late as tomorrow afternoon), the above will work.

The idea with the new plugin-based system (which has taken me about 3 months longer than I’d planned to complete) is that you can build whatever installation you want with just a few commands. A side effect of the new system is that it is easy for me to provide some install targets for the most common needs.

Right now, it’s got “–bundle LAMP” (the default Apache install with all the usual stuff), “–bundle LEMP” (same as LAMP except with nginx instead of Apache), “–minimal” (LAMP with less stuff, specifically no local spam/AV), “–bundle LEMP --minimal” (again, like Apache minimal only with nginx). The nginx options aren’t very well-tested yet, but we’ll get them solidified as soon as people start using it and reporting problems.

Anyway, things should be nicer for anyone doing custom deploys. I need to test it in contexts like being called from a configuration management system (and even when called from Cloudmin, which I haven’t tested in a few months and there’ve been a ton of changes since).

I’m hoping it is more robust, as well. It’s gonna look more prone to failure, because it’ll bail on most errors…but, the old script was too forgiving of problems, including some that were pretty serious. If the script fails now, it’s probably something that actually needs attention (either on my end or on the user’s end). The new one tries to report reasonably about what went wrong, and tries to catch errors. I need to improve the ‘virtualmin config-system’ error-handling, as it’ll fail without telling the calling script that it failed, but that’ll be fixed soon, too. It will provide an error when it happens, though, and you’ll see the counter (where it says [12/23] for example which means it’s working on step 12 of 23 steps, so if it stops before step 23, you’ll know it’s not complete).

That all sounds awesome, Joe. Thanks!

Wishlist:
Examples of some often wanted third packages/repos and then the custom install (script) for these kombo’s.

So if you do a websearch you can find it easy, and probably having less issues with virtualmin / webmin because of following a kind of tested custom installation with third party packages.
Maybe then virtualmin/webmin support has less work after this . ?

Have you tried the VM6 installer?

On CentOS it enables EPEL and SCL repositories (SCL just for PHP7, but EPEL is fully enabled). On some Debian and Ubuntu versions we enable a third party repo for PHP7. We can’t possibly test every third party repo out there, and many of them are pretty terrible in terms of compatibility (which is why we so strongly discourage their use in the general case). I don’t think we can possibly safely go any further down this road, though, as we’re already finding that things change in small ways causing breakage even from one minor version to the next.

I’m already stretched too thin and trying to figure out what I can do to reduce the surface area I’m responsible for. The new release has proven pretty painful because of all the new stuff. So, I want to provide a good experience, and I want to avoid people going out to find random packages for stuff that isn’t in their distro repositories because that leads to more headaches for everyone including me. But, I also need to test everything that we push into usage, and it’s already too big.

VM6 installer yes. ( arround 25-08-2017)

Into most of the probs wich here in forum ( some more testinstalls after that 31-08 and more days or so goung complete… nuts but don’t know for sure cause VM itself though more persons had problems reading here in forum)

The probs where ofcourse, POSTFIX, PROFTP, SASL, clamav, and something with admin pass mariadb , most of them fixed now ( not tested sasl postfix secure smtp)
Also still probs when running php fpm not from default location the fix from jamie only soved the precheck FPM mesagge but can’t choose this without error.

Have therefore the 5.6.31 remi php fpm running on default php location. ( so installed this as yum install php-fpm with repo force jami there setting for 5.6=1 and exluded in vrtualmin repo)

CENTOS 7.3.x
Codeitguru repo for http2 apache.
Remi for the php 5.6.31 fpm
Mariadb from mariadb direct
CSF is running
Letsencrypt is running on virtualmin and webmin so on domains.
DKIM is running
Third party DNS!

So therefore if example for some ( install configs) should be helpfull, i’m not asking/demanding to solve problems bugs for that repo’s ofcourse, so saying as example but no garantee should be fine for me. ( own risk i know, but therefore is forum community here and support forum with the repo themselves, could be some kind extra marketing tool for you guys?

Ofcourse i understand what you are trying to say Joe.!

At the CENTOS site they are giving info about distro/repos wich are yes or no advisable to use and also wich are updated regulary, so yes such kind of thing to follow the repos/ distributions that are a kind of “supported” ( should be possibly running but at you own risk, and support by the repo themselves) also by the OS themselves. (such kind of info would be nice to have for Virtualmin to) See third party Repositories here as kind of example https://wiki.centos.org/AdditionalResources/Repositories ( maybe also something like that for the community here in your forum??? is asking for sharing experience good and bad with these on 1 easy to find location on the web, so if you do a websearch they will find virtualmin website you never know what positive…)

OYEA take care of the MPM mode should be better in event mode when CENTOS7.4 and HTTP2 ( also with some newer 7.3 and openssl/modssl)

don’t know if finding repos that are good, you can use (parts) yourself at Virtualmin and having maybe less work to build that parts yourselves. ?