This is my first post so hello all and I am sorry for my english.
I have one simple question and if further explanation will be needed I will happily explain but to keep this post simple here is my question:
Is it possible to install virtualmin only with LAMP stack and nothing more? I need just Apache PHP, MariaDB, and let’s encrypt support nothing more, no mail stack, no FTP even BIND is not needed, the DNS for the domains will be managed externally. Additionally, is it possible to install virtualmin without hostname properly configured?
As I said at the beginning if the explanation why I need this will be needed I will explain.
The closest simple option is to install with the --minimal flag. That still installs the basic mail stack and BIND, but leaves out a few extra packages (like ClamAV and SpamAssassin).
You could then remove the packages you don’t need. You’ll have to turn off the features you’re not using in Virtualmin for config check to pass.
I probably wouldn’t recommend you leave out Postfix, as you need some way to send notification emails and such.
If you’re doing a bunch of installs and the “--minimal and then remove/disable what you don’t want” option doesn’t work, you could make a custom install, either via scripting or a custom stack+Virtualmin-Config bundle.
Scripting it looks like:
Use virtualmin-install.sh --setup to setup the software repositories.
Install exactly the packages you want using your system package manager.
Use virtualmin config-system --include <plugin> for each of the features you will be using to configure the service for Virtualmin. (e.g. virtualmin config-system --include Apache).
Then disable the features you’re not using in Features and Plugins (or using the CLI).
All this, as you described, should happen with the upcoming Virtualmin 8 release. The new minimal stack will include everything except DNS, mail, and FTP because that’s a pretty common setup these days.
This approach is the most promising, what I want to do is to build an enviromment easy to deploy and maintain for NextCloud application as a service. For now I made an bash script where I enter ./nextcloud_install.sh domain.com on clean ubuntu server then the script is installing and configuring LAMP with php-fpm, then download and install nextcloud using occ commands and I want to migrate this to virtualmin because for the long run installing maintaining these instances manually is a bit tedious, for example, older installs still uses PHP 8.1, which I need to manually update and reconfigure fpm-pools, if the end user needs to change the domain I have to manually edit virtualhost etc. etc.
Can anyone point me to some kind of examples how to achieve this on virtualmin’s side? I setup the repo by virtualmin-install.sh --setup and installed MariaDB, Apache and PHP but I get command not found at “virtualmin config-system” command, Additionally where do I find exact syntax to pass as a include option? I mean:
virtualmin config-system --include apache --include mariadb --include php will be ok? This will be my first time with virtualmin, I never use it before, so I really don’t know where to start.
I am not sure what should I install? I mean: I setup the repo with virtualmin-install.sh --setup then I install apache, PHP and MariaDB and the relevant PHP modules, what should I install for virtualmin and webmin? apt install webmin virtualmin then I should execute virtualmin config-system --include apache --include mariadb --include php is then the correct approach or do I need to know more specific package names for such minimal install?
Thank You for the answer, is there the place (documentation?) to see what software is included with the -m flag? This is my first time with Virtualmin, I am DirectAdmin / plesk guy but for this project I need something free.
Storage is not a problem, but I need this production ready in other words I want to minimize surface attack, the less service I don’t need is the better, even login to virtualmin will be limited to small set of IPs.
I understand your point but the only way to really exploit non running services is probably for the attacker to have access that already means, uh-oh.
The install script does a really, really good job of setting up a working server that we know works without fuss for most. That’s why letting the script run and just turning off what you don’t need might actually be the best/easiest option in the long run.
but for this project I need something free.