Using Virtualmin/Cloudmin with a single static IP

Hello! I’ve just wiped my server and starting from scratch. We had webmin, virtualmin, and cloudmin installed previously and I was tinkering with it but we had some other issues with the server so we started over with Ubuntu Server 16.04.3.

I have a few questions but the main one is how feasible will it be to use Virtualmin and Cloudmin with a single static IP using Spectrum Business class. I’m not worried about bandwidth or throughput speed, just the fact that we only have one static IP from the ISP. I read another forum post that said its possible but typically each virtual machine would ideally have it’s own IP address. The server is behind a pfsense firewall. I’m interested in anything that I might need to be concerned with as far as network setup wise and any special settings I should be looking at when using only a single static IP.

The end goal would be to host a couple of wordpress sites for people and sell some server space in the way of VPS’s. At most we might end up with 5 to 10 customers. I was going to just use apache and wordpress multisite but thought it would be more advantageous to also have each site on their own VPS as well for security, but realize I could easily just create multiple sites in virtualmin.

I may have been too vague. Just let me know and I will try to provide as many details as I can.

Thank you

It’s possible. Not as easy as having a dedicated IP for each virtual machine, though.

You can give everyone a VPS under Cloudmin, on their own private IP (192.168.x.x or 10.x.x.x, etc.). But, getting their WordPress sites up on the internet at large means you need a proxy server. And assuming the rest of your office is also using this one IP for all of its incoming and outgoing traffic, you need it to act as a NAT router, as well (or have a separate NAT router that forwards incoming port 80 and 443 to your proxy server).

Your proxy then needs to know the private network addresses of the VPS servers, so it can proxy requests based on name to the right back end server. There’s lots of proxy options; Apache and nginx can both be easily used as a proxy for this purpose. But, also HAproxy, Varnish, and others exist and may provide more performance (but I’m certain this environment isn’t a high-performance environment, and so even Apache, which is generally the slowest of the popular proxy options, would work fine).

So:

Internet->router/NAT/port forwarder->web proxy->VPS host machines managed by Cloudmin->VPS with Virtualmin

The VPS host machines can all be on one machine or spread across any number of hosts (assuming Cloudmin Pro; Cloudmin GPL only supports one host machine for VMs, which may be sufficient for your needs).

You could do the routing and NAT on the Cloudmin master, but, it’ll require pretty good knowledge of Linux routing and networking, particularly bridge interfaces.

We run all of our test VMs on a private network, but we just use different ports to reach them rather than having a proxy. But, it’s just one more step (setting up a proxy is pretty easy these days…the networking is probably the harder part).

Note the following:

Most protocols other than http/https cannot be proxied based on name. This means any other services you run will need to use alternate ports for each VM. This isn’t possible for incoming mail (though you could use a relay host to handle it in a similar fashion), because mail has to run on well-known ports to even work.

Things like ssh, POP/IMAP, etc would all need the user to individual configure the right ports. Or you’d need to have a central mail server and just use the VMs for web hosting…but at that point, maybe you don’t need VMs at all, and should just give them all Virtualmin accounts on a shared system. You can lock them into homes with chrooted FTP (or even jailed ssh, which is also supported in Virtualmin, though not usually recommended due to the additional complexity).

Oh, also, https terminates at the proxy, so your certificates have to be shared to the proxy from each web server.