I’ve an home server I would like to access from outside my LAN with SSL.
I can access my Apache2 host so, but Webmin (port changed 10xxx) do not show up in SSL https
I’ve a fixed public IP on my ISP router.
I use this to maintain computers I’ve installed with linux for home users.
I’m no proffessional and have no commercial interest on this.
I’m just a computer fanatic that likes to help people with his passion.
Can you help me do so ?
I can access it from http, but not from https
I tried to apply this, but webmin has no virtual host I can find to edit like this post explains.
So I’m a litle lost there. Can you enlighten me ?
I’ve also followed these instructions, but I do not know what root folder must be selected.
So I tried many possibilities, until now. I have to wait for 00:00 to be able to “letsencrypt” again.
Webmin has nothing to do with Apache. Webmin does not run under Apache, it has its own application server. You can proxy to Webmin from Apache, if you must. You can also configure Webmin to run on whatever port you like (but not a port that is already occupied by some other service, such as Apache).
I did find out about it while I was discussing IRC on the Letsencrypt channel.
I presume I’ll have to search how to set up this proxy then.
Can I install Webmin on a distant computer to connect to it with my server as a proxy?
I would like to be able to assist people where I’ve installed Webmin with their Linux and do maintenance. I presume I should use VPN to do so. Am I right, is this applicable?
These are people that were used to Windows before, that I assist for free.
Family, friends, neighbors, …
I don’t understand why you’d want to do that? I thought you were trying to make Webmin accessible in a situation where you can’t access port 10000 and where 443 is already taken by Apache?
I don’t think I understand what you’re trying to accomplish here.
I still don’t know what you’re trying to accomplish. A VPN is useful for securely accessing systems that are on an internal network that is not accessible to the internet. It is a private network, that requires a client at each end and a server in the middle that is accessible on the internet. There are other kinds of VPN, including peer-to-peer options that direct connect between two systems, and require no intermediary server, but I think they require one end be on a routable IP. I’m not a VPN expert.
I’m trying to learn how it works and by the way do something usefull for others.
It isn’t verry complicated to understand I do not knowmuch about servers as a home user.
By the way I contribute to my favorite software, by presenting it to others arround me.
Would you be so kind to understand you know lot’s more as I do and that I need your help ?
Redirect me if you can’t.
I would like to maintain my computers and those I install all over Belgium somehow.
I would prefer it is with webmin, because I like it.
How can I do it.
I have a fixed public IP and a server to my disposal.
Reading through it again, I think I was misled/confused by the Apache stuff.
Are you talking about Apache because you thought Webmin was running under Apache and it is otherwise not needed? If so, just stop Apache and put Webmin on the ports you have available.
How is that helping connect to those distant dynamic IPs when they need maintenance?
I live in Brussels and I’ve a server and a desktop connected with a NAT on fixed public IP.
I thought I could use a link on a page that a www computer in Tongeren could click to be linked somehow to my network (I do realy not know how, I only presume). That’s why I thought to have this Apache server running.
I’ve seen talking on the web of LDAP, VPN, proxy .;. I was wondering what could help me do this the best way.
I’ve just come so far to succeed to put the Apache on SSL and know I’ve to replace it with Webmin ?
Jebus. Now you’re introducing a directory services to the problem? LDAP is a directory service used for authenticating and distributing information about users in a large network, such as an enterprise or a university. I cannot imagine it has any useful place in solving your problem.
I don’t know! I still don’t understand what you’re trying to do! You keep adding more variables and more concepts that don’t seem at all related to my original understanding of what you were trying to accomplish.
Let’s start from first principles: What is the problem you are trying to solve? Don’t tell me anything about what tools you think might be involved in solving it. Tell me what you need to do in a couple of sentences. Don’t tell me why. Just tell me the thing(s) you need to accomplish.
Apache is irrelevant here. I mean, if you want a website, that’s fine. But, it won’t do anything to get you access to Webmin on PCs behind a NATted network, which is what I assume you are trying to do (still not clear to me, you’re still talking around the problem).
If I understand correctly, let’s simplify.
One PC, somewhere in the world far from you and not directly accessible on a public IP, that you want to manage.
Is that right? There is a PC, running Linux, and you want to manage it remotely but it is not on a static public IP and cannot be put on a public IP?
If so, the best solution is probably a VPN. You would setup a VPN server on your server that has a static public IP, and every new device you want to manage would get a VPN configuration to connect to it and would be configured to connect to the VPN automatically (be careful to configure the VPN to only work with devices on its own network…you don’t want to become the router for everybody’s internet access), so it could join your private network. You could then connect to Webmin on the private IP over the VPN.
Another option would be to forward a port from the router (the one the PC uses to connect to the internet) to port 10000 on the PC. If it has a static IP, this will Just Work. If it doesn’t have a static IP, you’ll need to setup DynDNS so that you can always find the IP of this host.
Apache has nothing to do with solving the problem in either case.
That was exactly the idea !
Great, now I will do less pointless searches, thanks to your help !
But iI did learn from it a lot: DNS, SSL, …
More I discover, more things I need to learn.
I’m not done yet
Thanks again for your help !
Cheers !!
WireGuard might be the right choice for this. It is peer-to-peer and relatively easy to setup and get right. Since you have one fixed public IP in your office, this is even easier (though WireGuard does have roaming, I don’t understand how that works automatically…).
I’ve found the solution, but didn’t have the opportunity to test or apply it yet.
I do not need a VPN server.
My server needs to have the Public IP, with DHCP WAN range sharing for my other computers localy.
So I need to:
a. Find a compatible PCIe DSL modem for my server.
b. see if Proximus can be contacted. I was pointed to their DNS-Master to ask if he can route the fixed public IP to my server.
If so I can set a port for each computer linked to its name on the domain name.
OpenDNS, would act for me as the DNS-server for links between DynDNS distant computers.
I’ve contacted my provider first to see what can be done or not.
I’ve also contacted OpenDNS on their forum to see if I can add a DynDNS client to my domain name in their settings.
I’ve a question for you though …
Let’s suppose this works, will al those hosts on this network DynDNS and those on my local DHCP relay (with fixed public IP DHCP server) be able to have SSL (https://host.domain.org) ?
It was my understanding you needed to manage remote systems that do not have an public IP (whether static or dynamic is irrelevant, if the computers are behind a NAT router). This continues to only provide the other direction; the people you’re trying to help by managing their computers can see your computer, but you still have no way to communicate with theirs.
I mentioned the two options I know of for that above: Forward the necessary ports from the router, or a VPN.
I don’t know what “Proximus DNS-Master” is, but DNS cannot route anything. DNS maps names to IP addresses and vice-versa.
This is the one @ISP I have to contact for changes my fixed IP.
He possibly can control the ISP NAT rules, for things I do not have access.
Like bridging the public IP with a local MAC address for exemple.
This way the router stops acting for routing, but just send back the IP to the requested computer.
I made a DynDNS client and set is router port forwarding (on its local router) as follow:
IP LAN TCP port 10000 to WAN TCP TCP port 443 (my fixed I) and I can access this way the computer from my home network without entering the port in the url. https://dynDNS.net of this computer.
But it show unsecured page.
How can I make this https not showing the message ?
If done I can add this in my webforwarding of my dns under the name of the computer.mydomain.org.
This would be solved for the distant computer already.
With DynDNS, I can already lay the link with my domainname on my account @ the domainname provider as a forwarder for wan1.mydomain.org .
What or when should I look for SSL isn’t clear.
Ones all computers under my own domainname?
Or for each DynDNS computer with its own DynDNS domain or with mine?
Also each of those DHCP relayed on the local network needs it?
This (*) was confusing me, since it declares that an entire server configuration needs to be done in order to install Webmin manually. It isn’t clear why it’s mentioned this way since
Webmin is self-hosted and installed per host you want to be able to configure through a webpage.
I install Webmin on every linux install I made so far.
I register an account for the user’s computer on noip and attach the address I get as a web forward on my domain for this computer.
On its local router I do set a port forwarding for its specific MAC address and LAN IP, so I do not have to enter the port number in the URL.
This way I can access already every distant computer on Webmin from home.
My only problem now is to get access to different computers behind an identical type of NAT router, like it’s my case for my server and my desktop. I can’t access both from outside my LAN by name of the computer since these are both computers on the same Public IP, my router.
So I’m still searching how to solve this first.
I’ll come to you afterwards if this can be solved, in order to get it in SSL for all the domains if I get in trouble.
Since Webmin is self-hosted, I presume I should ask for a certification for each host separately or can I do it for the all domain at once, that isn’t clear to me yet.
You should be aware that Webmin and Virtualmin are not the same thing!
Webmin is a general purpose system administration tool, and installing it just installs Webmin and a small number of dependencies (some Perl modules for SSL support and some other stuff).
Installing Virtualmin installs a full web hosting stack. You would not want to install all the stuff in a Virtualmin system on a desktop computer! You don’t need all that to just manage the system.
