Virtualmin virtual-server module version 6.04 released

“Could you please elaborate on “Dovecot and Postfix per-IP SSL certificate setup can now be configured on a per-template basis.” ? I installed Virtualmin on Ubuntu 18.04 and created a virtual server with dedicated IP address, and the master.cf file is missing the “{IP}:smtp” and “{IP}:submission” lines for the dedicated IP address. So Postfix isn’t listening on that IP address.”

That’s unrelated to this change, and won’t affect you if you aren’t using separate IP addresses for each domain.

That’s an installer issue, I suspect, but there shouldn’t be a specific IP in the default master configuration…it should just be “smtp” and “submission”. I’m not sure why they wouldn’t have been generated, though…it’s a new issue I haven’t seen reported before (so maybe it is somehow related, but it seems like a stretch, since it’s not using Virtualmin code to create that configuration…the installer uses the Postfix module directly for that configuration.

That said, Ubuntu 18.04 is still pretty beta (since we’ve been waiting on the netplan support in Webmin to get more fully fleshed out). It works mostly, but there are still issues I haven’t found or fixed. I’ll add this one to my list of things to look for when doing test installs, to see if I can reproduce it.

That’s a new one. I’m guessing related to the change in how * VirtualHosts are handled. Can you file a ticket about what happened, with an example of one of the affected VirtualHost sections from your apache config? (What it looked like before and what it looked like after would be super helpful.)

I am using separate IP addresses for each domain. master.cf does contain entries for the default IP address, that’s not an issue. When I create a new virtual server with dedicated IP address, usually 3 lines should be added to the master file: smtp-xxxxxx (server dependent transport mapping), {IP}:smtp and {IP}:submission. Only the first line is being created. The other two lines aren’t there.

I disabled netplan and installed ifupdown before installing virtualmin, I don’t know if it matters.

Where in the source code should I search in order to do some debug? I tried but I found it too complex…

May be it is a good idea to change all *:80 to IP:80. I had some redirects in existing VirtualHost’s (using *:80) redirecting to a newly created Virtual Server (using IP:80now) instead of their configured destination.

it’s a big problem for me all my Virtualhost are setup for with *: 80 how can I do?
without cutting all my existing sites !!

I don’t know what you’re asking. How is that a problem? If you only use *:80, nothing changes. Virtualmin will continue to use *:80.

If you have them mixed, then you may need to change a configuration option (but we don’t recommend using a mix of IP and *, because the way Apache figures out what to display when they are mixed is very confusing and can lead to surprising results when new virtual hosts are added to the configuration).

If you want to force Virtualmin to use a format other than the one it auto-detects (which is explained above), then you can configure it in Virtualmin Configuration->Defaults for New Domains->Address format for Apache virtual hosts.

You can change your Apache configuration at any time to use *:80 or IP:80; Virtualmin will not complain about the change…it’ll recognize it and continue to work with the domains. Just make sure you get them all (meaning you have to change *:443 and any other port combos, as well…a VirtualHost is a VirtualHost is a VirtualHost…if you have any mixing and matching you’ll likely have surprising behavior somewhere), if you’re switching from one to the other, otherwise things will behave confusingly. But, again: If you currently only have *, you don’t need to change. Virtualmin will keep using *. Only people who already have a mixed configuration will see any difference at all in how Virtualmin behaves (and may need to adjust something).

Exactly the same for us. We have always just accepted VirtualMin’s defaults in creating new sites. This led to all http sites being * and all https sites being the IP address. Created a new site after the update and suddenly all visits to http sites get a 403 thrown at them except the new site, which was then receiving all http traffic on our server ip address. It had the IP for both http and ssl, though the original sites didn’t change of course. Added another new site before fixing it and that just made it worse having 2 http sites with the ip address there. Changed both http back to * and all is good with the world again. At the very least, it would be helpful to have the option within VirtualMin of choosing * or IP address for any given site / protocol combination. Having to track down the files from the com,mand line and edit them there just takes longer than is ideal.

It is fine to change this, but it should be a setting that defaults to the old behavior on existing systems, and the new behavior on new installs.

We just experienced this since upgrading to 6.05. When a new virtual server, and it took down all websites on a server because they all went to the one site with the IP address instead of the websites with ‘*’/Any. I could no way in virtualmin to fix it, but I manually edited the apache config back to a ‘*’ instead of the IP address, and that fixed it. I can’t see any system setting to revert this behavior on existing servers, so this is a basically a breaking change that totally trashed our servers until fixed by manual hacks to the config files :frowning:

Tossing in a breaking change that totally trashes a server is not a good decision IMHO :frowning:

This “Decide automatically” option “Address format for Apache virtual hosts” is broken. Previous Virtualmin behavior was port 80 sites got ‘*:80’ and SSL sites got ‘ip-address:443’. So we only have ‘*:80’ for port 80 sites, yet ‘Decide automatically’ opted to ‘decide’ to start using ‘ip-address:80’ which buggered the whole server.

It doesn’t seem like we can opt for ‘Always use *’ or ‘Always use IP’ because previous Virtualmin behavior used both. So it seems 6.05 is basically incompatible/unsafe with all our servers? :frowning:

I see how this change aims to be an improvement, but the lack of upgrade testing seems to have made it a menace wherever it gets installed.

This is the same disaster we experienced.

Previously Virtualmin used to do this when you created a website and SSL website. It mixed both approaches, but not on the same port. This new more consistent approach is fine, but none of the options ‘Always using *’, ‘Always use IP’, or ‘Decide automatically’ is compatible with the old behavior.

<VirtualHost *:80>

<VirtualHost 172.31.0.123:443>

aaronroydhouse explained the problem perfectly. If you’re just using 80 the old defaults where ‘*:80’. If you did anything with SSL the defaults were ‘IP:443’. Virtualmin has been creating the situation that you are now saying shouldn’t happen.

Virtualmin changed the rules of the road, and now just creating a new Virtual Server breaks all other Virtual server apache results. The upgrade script should have auto-fixed the inconsistency since it was going to create a server-breakage after the fact. I’m sure hundreds if not thousands are affected, they just won’t find out about it till they try to create a new virtual server…and finding this explanation of why it’s happening took me 15mins down 4 other rabbit holes to find.

Call me obtuse, but for the life of me I can’t find where using the virtualmin http admin where I can globally change all the settings for all the sites (80 and 443) to either * or ip as you suggest.

Logging into the server (debian) and running
grep -i ‘<virtualhost’ /etc/apache2/sites-enabled/*.conf
Shows me I have the mismatch.

Virtualmin | select virtual server | Server Configuration | Change IP address
makes no changes

Virtualmin | select virtual server | Address and Networking | Change IP address
makes no changes to any sites

Can someone write how you’re supposed to change all sites to either one or the other using the Virtualmin/Webmin http interface?

PS: you’re inconsistent under System Information | IP Address Allocation it says all virtual server have ‘ip’ when in fact they don’t and are mixed * and ip. I’m sure there’s other places that are also inconsistent in regards to this. :frowning:

Can someone walk thru how to fix this issue with the Virtualmin http login?

None of the Change IP address functions in Virtualmin changes anything/fixes this problem.

Tried all sites as *:80 using apache global config editor. #FAIL

Tried all sites as IP:80 using apache global config editor. #FAIL

Having some websites with SSL, SSL cert loads cert for another URL causing error #FAIL

I think this is interacting with Virtualmin | System Settings | Virtualmin Configuration | SSL | require SSL.

I’ve deleted all ssl enabled websites because it kept loading the wrong SSL cert for the website. #FAIL

Now going to the http url redirects to the https url, but gives a ERR_SSL_PROTOCOL_ERROR #FAIL

Can we say global f-up.

No combination of settings will enable websites in apache to load using Virtualmin configuration. #Frustrating

https://i.imgur.com/zDQMV1w.png

I moved some virtual servers from Centos 6 / Apache 2.2 to another server Centos 7 / Apache 2.4
All last version of Virtualmin
Some of them have SSL enabled, some do not.
In Apache 2.2 all VH were IP:80 and IP:443 and that never has been an issue.
In new server first installed VHs have SSL enabled: no issues.
Problems came when created the first Virtual Host without SSL.
Some time has happened, I don’t recall exactly but it was something like redirections to the ‘first’ VS, wrong certifcates.
The only solution I found was to switch all from IP to *.
I have to do it manually each time I create a new VH, I didn’t find how to set default *:port# at templates
Is that possible?

  • why not to do changes or change-list within some change-list.md or .txt ??? do we have to keep track of this - quiet useless forum posts? save your db and our net connections…

Virtualmin has included a plain text CHANGELOG in the package and source distribution since version 1.82 (/usr/libexec/webmin/virtual-server/CHANGELOG on CentOS, /usr/share/webmin/virtual-server/CHANGELOG on Ubuntu/Debian). You don’t have to read the forum post about releases; people asked for it, so it’s what I do (likewise, you don’t have to be subscribed to the virtualmin-announce mailing list…everybody likes to get information via different routes, and we provide several). I also tweet about it.

2 Likes

@Joe my apologies, did not realised this… thank you for your answer