*Virtualmin Setup Guide*

Virtualmin
1

Virtualmin Setup Guide

I’ve been documenting this for myself, but thought it might help a lot of other Virtualmin newbies too. If anyone spots anything I’ve done incorrectly or that isn’t a best practise, or something you feel should be added, please let me know.

Assupmtions & goals:
- You are setting up a webserver, i.e. have purchased or are renting a dedicated server
- This is a set-up that will allow you to create accounts to host numerous websites
- You will be able to use POP and SMTP with SSL
- You will be able to use SFTP

Obviously feel free to change any settings where you feel necessary. I am using CentOS.

CHECK HOSTNAME

You need a FQDN for Virtualmin.

CHECK WITH:
	> dnsdomainname
	> hostname -f
	> uname -n

If there isn’t one set, you can set one by editing the following files (make sure it’s something like somename.yourdomain.com):

TO CHANGE HOSTNAME:
	> vi /etc/sysconfig/network
	> vi /etc/hosts
	> reboot

=====================
TO INSTALL VIRTUALMIN

Read instructions here: http://www.virtualmin.com/download.html but you'll probably just:
> wget http://software.virtualmin.com/gpl/scripts/install.sh
> /bin/sh install.sh

Installation will take about 30 minutes or so.

============
BASIC SET UP

Go to 00.00.00.00:10000 (replace the zeros with your IP)

Follow first steps walkthrough, then:

> Webmin > Networking -> Network Configuration > Host addresses 
- Click on the last one (should be your IP) and add your nameservers
- (Or click on 'Add a new host address' to add different IPs)

> Virtualmin > Virtualmin Configuration > Networking settings
- Network interface for virtual addresses - from eth0 to eth1
	(Or whatever your public IP is on (check via webmin > networking > network interfaces))

> Virtualmin > System settings > Features and Plugins
- Tick the ones you want per account

> Virtualmin > System settings > Server Templates > Default Settings
- Tick the ones you want per account
- Admin user
	> Initial Unix shell > Email, FTP, SSH
- Bind DNS domain
	> Address records for new domains > Domain name ✓ www.domain ✓
	> Does SPF record cover all senders? > Yes, and deny other senders
- Mail for domain
	> Mail aliases for new domains > none
	> Default quota for mail users > 1000
	> Format for usernames that include domain > username@domain
- Apache Website
	> Redirect admin.domain to Virtualmin? > no

> Virtualmin > System settings > Server Templates > Account Plans
	- Plan name > YOUR PLAN NAME
	- Quota for entire server > unlimited

> Virtualmin > System settings > Virtualmin Configuration
	- Server settings
		> Preload Virtualmin libraries at startup? (Change after no longer needed?)
	- Defaults for new domains
		> Domain name style in username > Full domain name

> Webmin > Servers > BIND DNS Server > Addresses and Topology
	- (Check with 'netstat -an | grep :53 | grep udp' I actually left mine default, but you can...)
	> Listed below.. > 	Addresses (add your ips separated by spaces)

=====================
INITIAL WEBMIN CONFIG

CHANGE WEBMIN PORT

This will change the default login port, so instead of your.ip:10000 it will change to whatever you choose (this makes your setup more secure)

> webmin > webmin config > ports & addresses

	Change: port (top right field) to whatever you want
	Check: Don't listen for UDP broadcasts
	Click: save

SSL ENCRYPTION CHANGES (not really needed if Virtualmin is installed as it creates one itself)

> Webmin > Webmin Config > SSL encryption

	Make sure: enable SSL if Available is yes
	Check: redirect non ssl requests to ssl mode is yes
	Click: save

> Webmin > Webmin Config > SSL encryption > create cert

	Tick: Any hostname 
	Change: Organisation name
	Add: Country UK
	Click: create now

========================
CREATE FIRST DOMAIN/USER

> Virtualmin > Create virtual server
- Create with the settings you'd like - should be self explanatory.

=============================
EMAIL - DOVCOT/POSTFIX SET-UP

ENABLE DOVECOT IMAP/POP3 SERVER

	> Webmin > Servers > Dovecot IMAP/POP3 Server
	> Start server
	> Start at bootup > yes
	> Save

IF USING FULL EMAIL FOR AUTH CHANGE

	> vi /etc/sysconfig/saslauthd
	- Change line to: FLAGS="-r"
	> /etc/init.d/saslauthd restart

> vi /etc/postfix/master.cf
- Uncomment these lines:

	submission inet n       -       n       -       -       smtpd
	  -o smtpd_enforce_tls=yes
	  -o smtpd_sasl_auth_enable=yes
	  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	smtps     inet  n       -       n       -       -       smtpd
	  -o smtpd_tls_wrappermode=yes
	  -o smtpd_sasl_auth_enable=yes
	  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Then restart:
- /etc/init.d/postfix restart

Then check port 465 is open:
- netstat -an | grep :465

Then:
- What you'll need to do then is choose one of your domains, and enable SSL for it. 
	You can do that in Edit Virtual Server -> Enabled Features, and check "SSL Website Enabled".
	Once you do that, go into Server Configuration -> Manage SSL Certificates, and click "Copy to Postfix".

Usage:
- To use SMTP you will need to put the mail server as mail.domain-from-above-step.com and log in with the
	credentials for that account as normal.

=========
TO FOLLOW

Disable root log-in
Anything else you can think of?

2

surprisingly it worked