Webmin 2FA + Cloudflare Tunnel

SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.6
Webmin version 2.202

Hello Team!

Similar to SedonDss’s post (CF Tunnel to Webmin miniserv on localhost or AWS local subnet + CWAF on Ubuntu 22.04 AWS), I am having an issue with Webmin login (only when 2FA is enabled for the user) not redirecting properly.

Expected outcome
Webmin Login page loads, I enter username & password, then enter 2FA OTP. Authentication is successful, and Webmin redirects to Dashboard.
Actual outcome
Webmin Login page loads, I enter username & password, then enter 2FA OTP. Authentication is successful, but webmin gets stuck spinning on the 2FA screen, and does not redirect to Dashboard.


Currently, my (annoying) workaround is to manually delete “/session_login.cgi” from the address bar which then lands me on the Dashboard.

My Cloudflare Tunnel is a default setup, directing localhost:port traffic to an external domain through cloudflared service installed on the machine.

With 2FA disabled for the user, the issue does not occur. Could this issue possibily be fixed by you guys, or would this be a CF issue?
Many thanks!

I’ve noticed the same issue also happens on re-authentication after the session is idle for too long - does not redirect. Any help guys? :frowning:

Hello,

Are you the sole Webmin user on the system?

Do you also configure Webmin to use an alternative port, such as 8443, to connect?

No, apart from root I’ve also got 1 other Webmin user but it’s not being used.
Yes, webmin is configured to run on port 2XXXX and also to only listen for Cloudflare IPs + localhost.

What if you try adding to your local (client) /etc/hosts file:

1.2.3.4 webmin.your-domain.tld

Where 1.2.3.4 is the actual IP address of your server and webmin.your-domain.tld is the actual domain name, does it solve the problem?

EDIT: terrible wording

With the above added to my laptop’s /etc/hosts, it completely breaks it and entire Webmin is unreachable.
I believe that would be due to my Webmin config, as it doesn’t allow my laptop’s IP to connect directly to the server IP.