Geting Virtualmin running

Ok. So I posted a little blog about my frustrations with usermin and virtualmin and Joe warmingly invited me over here to get my problems solved. So here’s my problem. Everything! No not really.

Ok. So I’ve got a fresh install of Ubuntu 7.10 with LVM. I’ve got Apache2, PHP5, postfix, proftpd, open-ssh, webalizer, pop3/IMAP, yada-yada. I use dyndns.org for my sites which I thought would work, and it kinda does, but not really right now. Right now, when I put in my domain name it gives me a 403 forbidden error message. When I try to access virtualmin on 10000, I get an unable to connect. I can get to it using the local ip address. My DocumentRoot is defined in my apache2.conf as “/etc/webmin/”. I changed it to “/etc/webmin” and that did nothing either.

Here’s the output of my httpd.conf:

<Directory / > AllowOverride None Order deny,allow Deny from all Options -Indexes </Directory>

<Directory /usr/doc>
AllowOverride None
Order deny,allow
Deny from all
</Directory>

<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
</Location>

<IfModule mod_mime.c>
AddHandler cgi-script .cgi
</IfModule>

SetEnv WEBMIN_CONFIG /etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/share/webmin
SetEnv MINISERV_CONFIG /etc/webmin/miniserv.conf

<Directory /etc/webmin>
Options ExecCGI
AuthName Webmin
AuthType basic
AuthUserFile /etc/webmin/htusers
require valid-user
</Directory>

<Directory /usr/local/webmin>
Options ExecCGI
AuthName Webmin
AuthType basic
AuthUserFile /etc/webmin/htusers
require valid-user
</Directory>

TraceEnable off

I don’t understand what I’ve got misconfigured. I know it’s something I’ve done. I’m just hoping it’s not an RTFM thing 'cause that would really suck. Thanks for the help.

DocumentRoot "etc/webmin" ?
DocumentRoot /var/www/html should be more appropriate or however Ubuntu has its paths named

This should be changed to whatever you set DocumentRoot to.

<Directory "/var/www/html">

also:

Listen: Allows you to bind Apache to specific IP addresses and/or

ports, in addition to the default. See also the <VirtualHost>

directive.

Listen my.ip.goes.here:80

hope it helps a bit<br><br>Post edited by: ronald, at: 2008/05/20 15:55

Ok so I changed my document root to DocumentRoot "/var/www/" and added the following to my httpd.conf:

<Directory /var/www> Options -Indexes AllowOverride All Order allow,deny Allow from all </Directory>

Nothing still. Thanks for the help.

I tried editing, but hit a "forum bug", so a reply will have to do.

I removed everything from my httpd.conf file except the last entry I posted. When I added “Listen 80” to the httpd.conf apache wont restart saying that something is already bound to it. I found that Ubuntu has a separate file for ports. It’s located at /etc/apache2/ports.conf and it has that entry there, so I’m guessing that it’s failing because it’s trying to bind twice.

I’m still getting a 403 forbidden message. This is really starting to piss me off. If anyone has an idea, let me know. I would love to try this especially since I was told I could get some help here, but I’m at my wits end. Thanks.

Ok. So I was finally able to get it so I could browse. The problem was that DocumentRoot was specified elsewhere and it was pointing to an empty directory. There is an entry in /etc/apache2/sites-available/default which was generated by virtualmin. I also had noticed that the ServerSignature was re-specified in this file and was overriding my setting of Off.

So I was able to get to the site, but I couldn’t access webmin, virtualmin, usermin… Nothing. So I set the DocumentRoot as /etc/webmin and now I can’t access it from the outside, but I can access it from within my network. That doesn’t help me. When I’ve got it set as “/var/www/” I can still browse from within my network. What the hell is going on? I’m lost at this point.

/etc/apache2/sites-available/default is not generated by Virtualmin, else I would have had it too and I don’t. So i think it belongs to ubuntu

Also " SetEnv WEBMIN_VAR /var/webmin " all these settings with webmin in it, I just don’t recognise in my httpd.conf but this might be because I have centos (I quit using ubuntu long time ago).

If Joe doesn’t hop along here you want to submit a support ticket at: http://www.virtualmin.com/bug-tracker/

Im sure Joe or Jamie will come up with better solutions then I can.

All I can say that DocumentRoot is normally pointed to /var/www/html or in your case to /var/www
Virtualmin will make it so that you will create domains under /home/public_html
Pointing the document root to etc/webmin can not be right from where I am sitting.

OK. I’m going to restart from a scratch base install of Ubuntu. Does anyone have a version they’d recommend. I have from 6.06 to 8.04 all editions so I don’t really care at this point.

I’m going to start by installing Webmin and install Virtualmin as a module (that’s the way you’re supposed to right?). Also, when I start over again, should I install from the .deb or from the tar.gz.

I’m really pissed, frustrated and ready to go back to doing things the way I was, so I’m going to make 2 final attempts with this. This is the first, so any help beforehand would be great. Thanks.

Centos and debian are recommended for Virtualmin.
I tried Ubuntu myself but was disappointed.
I switched to CentOS 5.1 really quickly and I’m glad I did.

You can get the install.sh which will do a full automated installation on your machine.

There are some specific issues with Ubuntu I believe, but you’ll have to look in this forum for this as it was not 100% supported some time ago.

There is no real reason to get upset.
All it is, is software on a computer.

Personally I strongly recommend that you use Centos 5.1
Make a very basic installation of the server
then wget the install.sh and let that do the rest for you.

however in the news section Joe made this post about ubuntu installations:
http://www.virtualmin.com/forums/news/virtualmin-installer-for-ubuntu-8.04.html

I appreciate you taking the time to help me out ronald. I get what you’re saying about it just being software. It’s just frustrating to be doing something that I thought would make things easier, and it’s only made them harder.

On that note, I have successfully installed it on Ubuntu 8.04. There was an issuse with postfix but it was a configuration issue that I had left blank so it works. Webalizer keeps throwing me an error though so I’ll be working that out and seeing if that’s a user error or something that’s broken. I also have to figure out how to jail users to their home directory in ssh. I have the option in sshd_config already set, but when I login as a different user I can browse to the root directory. Is there a way to disable that or will they be able to browse that no matter if they can do anything in it or not? Also, how do i get virtualmin to see that ssh is running on a different port. I never leave the default port open so I wanted to see if there was a way to enable this because when I go to check to see if it’s running it says it isn’t.

Again, I appreciate your help and your suggestions.

congrats on installing Virtualmin on your favourite OS. Webmin will make your administration easier but if the installation didn’t work properly then … you know it :slight_smile:

You dont really need to jail users in ssh as you say cause that is the way GNU/Linux works. Users can browse but they can’t do anything, just look. It has been this way for years and sensitive data is not available to browsing users.
That said, first thing you want to do is to clone the Default Server Template or create one from scratch.

Then adjust the settings to your liking. Create servers/domains using your Template, experiment with it and adjust as needed.

You can always deny ssh to untrusted users by editing them in Webmins “Users and Groups” module and give them shell bin/false instead of bin/sh
in “etc/shells” the “bin/sh” is in the first line. I think you can set “bin/false” as the first line and a user won’t get ssh automatically.

Chrooting/jailing ssh will most likely break things and actually make your system less secure. In any case it is not recommended.

As for default port, couldn’t that be achieved by IPtables rules? Webmins module Linux Firewall.
Personally I don’t worry too much about default ports if the system is correctly set up.

Do check if your mysql server has a root password as virtualmin can’t get it for you. You need to do that manually, same for postgresql.

I did have to set a root password for mysql, but thanks for the tip on that.

I am having an issue with sending mail. I don’t know if it’s because I’m using dyndns or what, but I can send mail locally, but when I send it to say my gmail account, I never receive it. I have NO experience with mail servers so this is very new to me. Any help would be appreciated.

On my installation the default Postfix server was working out of the box.
In the beginning mails didn’t arrive until my main domain was propagated and dns issues were resolved. That took about 24 hrs or less I think but I never had to change any settings.

there are some sites where you can check the mailservers like dnsstuff (not sure how they are called)

I always use this http://www.squish.net/dnscheck/ to check on dns behavior

also look in the mail log files to see if errors have occurred

server -> gmail = no
gmail -> server = ?

gmail -> server = A big no as well. I’ll have to figure out where the logs are for postfix and see if I can figure it out. I’m lost at this point, but we’ll see if I can’t get it working over the next week. After that I think i’m out of time to be messing around with this. Thanks for your help.

under webmin-system-systemlogs is where you find the logs

Well here’s the output from mail.log

[code:1]
May 26 10:12:58 lotek-tux postfix/smtp[16206]: connect to gmail-smtp-in.l.google.com[74.125.45.114]:25: No route to host
May 26 10:12:58 lotek-tux postfix/smtp[16206]: connect to alt2.gmail-smtp-in.l.google.com[216.239.59.27]:25: No route to host
May 26 10:13:08 lotek-tux postfix/smtp[16206]: connect to alt1.gmail-smtp-in.l.google.com[64.233.185.27]:25: No route to host
May 26 10:13:08 lotek-tux postfix/smtp[16206]: connect to alt1.gmail-smtp-in.l.google.com[64.233.185.114]:25: No route to host
May 26 10:13:09 lotek-tux postfix/smtp[16206]: connect to gsmtp147.google.com[209.185.147.27]:25: No route to host
May 26 10:13:09 lotek-tux postfix/smtp[16206]: 1A3FF834376: to=<blank@gmail.com>, relay=none, delay=222647, delays=222627/0.02/20/0, dsn=4.4.1, status=deferred (connect to gsmtp147.google.com[209.185.147.27]:25: No route to host)
[/code:1]
and here’s from mail.warn:

[code:1]
May 23 21:59:42 lotek-tux postfix/smtpd[6149]: warning: SASL authentication failure: Couldn’t find mech GSSAPI
May 23 21:59:42 lotek-tux postfix/smtpd[6149]: warning: unknown[192.168.1.150]: SASL GSSAPI authentication failed: no mechanism available
[/code:1]

Should my hostname be the same as my domain name, because I thought that it shouldn’t be so it’s not. I’m not sure where to go with this next.

the hostname of the server must be a fully qualified domain name and this domainname must point to your server, this you do where you registered the domainname. The registrar normally has some kind of control panel where you can change the A records and so on.
Preferably (not mandatory) you add a PTR record but you need to ask your ISP to do this.

the hostname/servername has some kind of "prefix" I called mine sv01.mydomain.com but can be anything server01.mydomain.com, whatever.mydomain.com etc.

The log tells you: No route to host
I had this once after I changed some settings and this is a dns/networking issue, might also be a router blocking or firewall but usually a some sort of misconfiguration.

This has little to do with virtualmin unless the install had a bug, however it can be corrected through virtualmins modules.

So you have to doublecheck your network configuration under the webmin modules and dns settings of the system.
Then the dns settings of the first virtual server you created.

a good place to start is the virtualmin module found - system settings - Module config - go to server settings in the right pane -
Mail server to configure "I assume the default which is postfix"
Default virtual server IP address "192.168.1.150"
Default IP address for DNS records "fill in external IP"
that is if you are behind a router and I think you are.

Thanks so much for the help. I appreciate it. Here’s what I’ve got.

I can now receive emails from outside, but I still can’t send them. Here’s the thing about the DNS records. Because I’m using DynDns I have no idea what I would put in there. Would I put in the ip for ns1.dyndns.org? I don’t know. Also, I think I may need to use gmail or my isp as a relayhost, but i don’t know where I’d add the relevant lines in webmin. I know I’d put them into /etc/postfix/transport, but I don’t want to edit it by hand. I want to get it all done through webmin so i get used to doing it that way.

ok now that you can receive mail, it would indicate that dns and network settings are correct. If you can see your site from the outside (through proxy perhaps if in LAN) that would also mean that dns is correct. At least that it points to the right machine, they might still be recursive, i dont know.

There is a module for DynDNS.
Virtualmin - Addresses and Networking - Dynamic IP Update
and you can change settings if needed.

this warning
“warning: SASL authentication failure: Couldn’t find mech GSSAPI
warning: unknown[192.168.1.150]: SASL GSSAPI authentication failed: no mechanism available”

might be solved with it if not, I would submit a http://www.virtualmin.com/support.html support ticket and check with Jamie as I do not know anything about that warning or to what it means.