Introduction, thanks and questions

Help! (Home for newbies)
1

Hi,

Introduction

After many years on shared hosting services I decided to take the plunge and move to a VPS. I have several domains that I manage for friends and family, most are small and non-profit. I do it all out of my own pocket and on my spare time. Everything is still on a shared hosting account based on DirectAdmin, until I have the VPS ready.

After reviewing some of the FOSS control panels, I concluded that Webmin+Virtualmin is probably the best choice for several reasons:

  • Complete solution for server management, not just hosting management.
  • Powerful and flexible.
  • Works "the unix way", so I can learn by looking at the raw configuration files.
  • Generally regarded as high quality.
  • Support from the developers, even for the GPL version.

Thanks

So I want to thank you, Virtualmin developers, for making such a great system available as free (speech & beer) software. I’ve already installed Virtualmin and started experimenting, and indeed it’s great “as promised”.

I also want to thank you and whoever else will answer my questions Although I have a lot of programming and general computer experience, I’m only superficially familiar with *nix server administration, so I will need some assistance…

Questions

  1. As far as I understand there are no iptable rules defined by default.
    • Do I need to have some rules in place?
    • Is there any point blocking access to ports that are not in use (ie. no service is listening)?
    • What about MySQL and PostgreSQL ports - if I set them to only accept local connections, is there any risk?
  2. I noticed many questions about installing SquirrelMail or RoundCube for mail access by virtual server users.
    • Are they any better than Usermin (leaving aside visual candy)?
    • Is Usermin an equivalent ie. is it also IMAP based?
  3. I want/need to install phpMyAdmin. I understand there's a package for the Pro version, but it's out of my budget. So I read here that for Virtualmin GPL the solution is to install phpMyAdmin in one of the virtual servers, and redirect from all other servers.
    • What does it mean to install it in one of the virtual servers?
    • Where should I install - in public_html?
    • Do I need to take any steps to ensure it runs under suexec+fcgi?
  4. When I run Re-Check Configuration I get this message: "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the module config page.". So I click on the "list of DNS servers" link, add 127.0.0.1, and run another Re-Check which says everything is ok. However after reboot Re-Check again shows the same error message.
    • What am I doing wrong and how to fix it?

That’s it for now, and thanks again for any help.

Eyal.

2

Howdy,

Boy, that’s a lot of questions :slight_smile:

Let’s see what I can do –

Do I need to have some rules in place?

That’s a policy question… you don’t need iptables rules. Some folks like to have them, others prefer to go without.

What about MySQL and PostgreSQL ports - if I set them to only accept local connections, is there any risk?

By default, MySQL should only be listening on localhost anyhow. However, that’s good policy in general – if a daemon doesn’t need to listen on an external IP, then just have it listen on localhost.

Are they any better than Usermin (leaving aside visual candy)?

That’s personal preference :slight_smile:

A lot of folks seem to like Roundcube, I might suggest taking a look at that.

Is Usermin an equivalent ie. is it also IMAP based?

Usermin does indeed use IMAP (by default, it could also directly read Maildir files if you set it up to do so)

What does it mean to install it in one of the virtual servers?

A “virtual server” is what you have when you setup a domain in Virtualmin, So installing phpMyAdmin in a Virtual Server just means putting phpMyAdmin in the public_html dir for that domain. You can find information on installing and configuring phpMyadmin here: http://www.phpmyadmin.net/documentation/

Do I need to take any steps to ensure it runs under suexec+fcgi?

By default, it should run using FCGID under suexec. You can verify that in System Settings -> Website Options for that Virtual Server.

So I click on the “list of DNS servers” link, add 127.0.0.1, and run another Re-Check which says everything is ok. However after reboot Re-Check again shows the same error message.

Sounds like you may be using DHCP for your server’s IP address, which can cause your DNS servers to be overwritten each time your IP address is obtained. There’s details on how to handle that in the DNS FAQ here:

http://www.virtualmin.com/documentation/dns/faq

I hope that helps!

-Eric

3

Eric,

Thank you for the helpful answers.

One last thing - for now at least - regarding this:

Sounds like you may be using DHCP for your server’s IP address, which can cause your DNS servers to be overwritten each time your IP address is obtained.

I read some networking HOWTOs and it seems that I’m not using DHCP. In /etc/network/interfaces there’s no mention of dhcp on any of the interfaces. I also don’t see any running process with “dh*” in its name.

I’ve noticed that not only the DNS gets overwritten, also the host name is reset to the name of the host only, and then Re-Check complains that the host name is not FQDN.

Either I don’t really know how to check for DHCP, or something else controls the interfaces/dns/hostname config files. Maybe when the OpenVZ host boots a container it overwrites the network config files inside the container?

Thanks,

Eyal.

4

Another suggestion about the hosts file being overwritten… If nothing else works, it might help to set the “immutable” bit for that file. Then even startup scripts or services running as root cannot change the file. :slight_smile: At the very least you should get error messages in a log then, from where you can see which process is trying to overwrite the file.

To set the immutable bit: chattr +i /etc/hosts. To clear it, replace “+i” with “-i”.

About “blocking unopened ports”. In general, it is not necessary to do that. Also, it is - like Eric said - a matter of personal preference if you wish to use a packet filter on your server. I personally, since I’m running Vmin on VMWare virtual machines, have filtering rules in an upstream router VM, and no local packet filter on the servers themselves. That’s mostly though cause I also have Windows VMs active, and I don’t trust Windows as much as Linux concerning security. :wink:

5

Locutus,

Thanks for the tip - it works!

However I did not find anything in the logs.

I suspect either the VPS control panel (SolusVM) or the OpenVZ hypervisor attempt to overwrite hostname and resolv.conf just before the container boots, so the failed attempt won’t get logged in the container.

Anyway the problem is solved.

Regards,

Eyal.

6

It’s possible, yeah. In case some Webmin component is trying to overwrite it: Webmin has a “Debug mode” which you can turn on in its configuration screen, where you can have it log all accesses it does to files.

7

Hi,

I don’t think it’s Webmin’s fault. Seems to be something between SolusVM and OpenVZ:

http://forum.soluslabs.com/showthread.php/1669-SolusVM-not-setting-HostName-correctly-(only-setting-first-part-up-to-first-period)

Eyal.