I always recommend using example.tld, so spam filters don’t queue it for moderation, and so no one reads any meaning into the name you chose.
It has the pleasant side effect of not resolving to anything, since tld will never be an actual TLD (I hope).
I sometimes use our own actual domain name when giving examples, just to be sure people understand what I’m talking about (e.g. above when I mentioned srv1.virtualmin.com and virtualmin.com to distinguish hostname and a domain virtually hosted in Virtualmin).
And, finally, if you wrap them in backticks `, they won’t turn into links and you’re also more likely to make it past the spam filter. We’re quick to approve those posts, usually, but no reason to make extra work for us and delay for you when it’s easy to avoid.
That’s a good tip. Yeah there are so many tlds now you might as well stop using .com (the default tld )
all the time anyhow. didn’t know about the back tick trick. Thanks for the tip.
I’m not happy with this move. and for no gain and maybe a lot of pain if and when lets encrypt doesn’t renew a cert for what ever reason. how do we generate and populate the server with a new cert ???
The quick way to setup web server with Virtualmin and direct to Cloudflare DNS. I think I might be done now. Should be a real time saver. These are the steps I took:
It’s expected to happen without any issues; otherwise, there is no value in this feature. However, I may reconsider dropping the option that was already there and still allow it to be shown in the UI to give those users who use it more flexibility.
I tested it last night. I setup all the dns records at Cloudflare and turned on their proxy for all the records except the mail ones. And I also turned on all their features for the records. And I was able to create the SSL certificate for the virtual server with Virtualmin. So I think if someone isn’t able to do it this way they probably have corrupted configuration files on Virtualmin. I tried creating my own custom account plan and server template configuration files with a shell script. And that didn’t turn out so well. I was having SSL problems and others as well. And had to revert back to the default templates. I would recommend people not mess around with virtualmin configs on the server too much. And let Virtualmin change them.
I’m not sure how this ended up working eariler. But I tried it again and this time it didn’t work. Looks like I will need to use the Cloudflare API for Lets encrypt with the DNS-01 Challenge if I want to have a valid Let’s encrypt SSL work with Cloudflare with the proxies on and in Full (Strict mode). Otherwise its use a self-signed SSL or an expired Let’s encrypt SSL in Full mode. But that’s not as secure. Sure I could get it the virutalmin Let’s encrypt SSL that uses HTTP-01 Challenge to work the first time if I turn off the proxies at Cloudflare. But the renewals won’t work. So the only option is use Cloudflare’s method.
Ok so I’m not crazy after all. My Virtualmin Let’s Encrypt SSL certificate does generate with all of the proxies on (except the mail ones) and all the features enabled at Cloudflare That is on the LAMP setup I did with Virtualmin.
But on my new LEMP Virtualmin server that I just installed. I haven’t been able to get it to work yet. Could it be a server template setting or something? I know I turned off the ftp and m subdomains records to be created in Bind on the Server template. Ran out of Let’s Encrypt SSLs I can generate. So I’ll have to try later. Anyone know how to get it to work? Mine works on my Apache server but I don’t know what I did.
I just noticed that I turned BIND and Dovecot off on the Apache Server. Maybe that is the key to getting it to work? I’ll have to test it later. But BIND not running could be it.
BIND probably has nothing to do with it. But, if Virtualmin believes it is responsible for DNS (i.e. you have the DNS Feature enabled), but it is not, then DNS validation will always fail. Web validation, however, happens first…and that can be prevented from working by a proxy like Cloudflare.
I’m seeing what the errors are now in the Let’s Encrypt log on Nginx server
Fetching domain_url_here:2096/.well-known/acme-challenge/file_here: Invalid port in redirect target. Only ports 80 and 443 are supported, not 2096
Fetching domain_url_here:2083/.well-known/acme-challenge/file_here: Invalid port in redirect target. Only ports 80 and 443 are supported, not 2096
Unfortunately LEMP Virtualmin doesn’t give me an easy way to add it for each virtual server created like the LAMP version does. It’s missing the “Directives and settings for new websites” option in the “website for domain” section of “Server Templates”. Going to need a different way to do it.
I found the problem. It looks like the default Nginx are not entirely configured correctly to exclude .well-known from redirects and proxies.
This part is at the top to exclude:
location ^~ /.well-known/ {
try_files $uri /;
}
Or I guess my other option would be to just turn off the redirects for webmail and admin in Virtualmin, Server Template, “Website for domain” section. I wonder if turning off the redirects also removes the webmail and admin dns record creation? I was expecting it to be in the “DNS domain” section but realized it wasn’t there.
I was looking last night what I would have to modify to have virtualmin put the location {} around the redirects for webmail and admin for the nginx config at virtual server creation time . And it looks like it might be this perl script. But it’s pretty complex and didn’t want to mess with it.
/usr/share/webmin/virtualmin-nginx/virtual_feature.pl
I tried turning off redirects for admin and webmail in the Virtualmin, Server Templates, Website for Domain. And when I tried to create the virtual server I get this error:
… Nginx website failed! : virtualmin-nginx::feature_setup failed : virtualmin-nginx::feature_add_web_webmail_redirect failed : flush_file_lines called on non-loaded file /etc/nginx/sites-available/domain.tld.conf
And it shows the script and line where it failed.
web-lib-func.pl (line 3882) (line 4223)
I think it’s this file:
/usr/share/webmin/web-lib-funcs.pl
but there is also a usermin one:
/usr/share/usermin/web-lib-funcs.pl
line 3882 starts here at else:
else {
&error(“flush_file_lines called on non-loaded file $trans”);
}
Doesn’t seem like Virtualmin works very well for Nginx at all. Might need to find something else. Seems pretty broken.
This happened twice now. And I noticed when I deleted the virtual server the last time it didn’t remove the nginx config files for the domain either. I had to manually delete them. But that didn’t help. It still gave the error.
I’m pretty sure something is unusual in your configuration, but it’s not obvious what. We haven’t had other reports of a problem like this AFAIK. nginx is much less used, but it still probably has tens of thousands of users (Virtualmin has well over 100k active installs, I’d guess maybe 10%-20% of them are nginx).
But, maybe everybody has ignored the problem by opting not to get a cert for those redirected names, I dunno.
No haven’t done anything unusual. Virtualmin for Nginx is obsiouvsly not very well tested. And I don’t feel confortable using it for Nginx. You can try to reproduce it yourself if you cared to test it. Configuration check shows nothing wrong. And I’ve barely made any changes. To test probably all you need to do is turn off webmail and admin redirects in the server template. And try to create the virtual server.
Not sure why Virtualmin would be so focused on Apache when Nginx is the more popular web server now. Doesn’t make much business sense.
Market Share: Nginx 34.2% Apache 29.8%
I solved my Nginx problem. I switched to Cloudpanel. First time I’ve heard of this one. And really enjoying it so far. It’s dead simple. And if you don’t need the email server. And want to use Cloudflare DNS with no issues this seems to be a winner. And has impressive amount of install options. One click installs for a Wordpress, Node.js, website. And somehow it just upgraded me to PHP 8.3 with no questions asked on Debian 12. Where 8.2 was the default on VIrtualmin. It’s not a server manager but I could run Webmin or some other in combination with it. I’m tired of the complexity of Virtualmin. And on top of that having too many issues. It need to be modernized and simpler. The layout needs improvement too. Webmin is still pretty realiable though. Always liked Webmin. I’ve used Webmin and Virtualmin for years. But it might not be keeping up with the times anymore. Looks like it might be time to move on.
)