Webmin running with Apache proxied virtual host access problem

Description:Ubuntu 22.04.2 LTS
Release:22.04
Codename:jammy

Capture d’écran du 2023-03-22 04-42-481462×297 50.4 KB

ufw is disabled on all during the tests and thus doesn’t interfere with the results.
This is my configuration:

##################################################################

• NAT ISP Router with fixed public IP
  It is the default gateway 192.168.1.1 giving dhcp to network 192.168.1.0/24
  ##################################################################
  My hosts
  ##################################################################

LAN

• ubserv known as:

  • ns1.wingarmac.com lan ip 192.168.1.10
  • ubserv.wingarmac.org wireguard server 10.5.5.1 on port 51515
  • my master server

• ubcynt known as:

  • ns2.wingarmac.com lan ip 192.168.1.20
  • ubcynt.wingarmac.org wireguard server 10.5.5.2 on port 8023
  • my Cinnamon desktop environement

root@ubserv:/etc/apache2/sites-enabled# cat ubserv.wingarmac.org-le-ssl.conf | nc termbin.com 9999
https://termbin.com/mwld
root@ubserv:/etc/apache2/sites-enabled# cat /etc/webmin/miniserv.conf | nc termbin.com 9999
https://termbin.com/4b2c
root@ubserv:/etc/apache2/sites-enabled# cat /etc/webmin/config | nc termbin.com 9999
https://termbin.com/9f2t

VPN only

• mobile Samsung A32 known as:
  • mobile.wingarmac.org

##########################################################################
VPN NETWORK
##########################################################################

ubserv is:

• Apache server
• Bind ns1
• Wireguard peer 10.5.5.1 (https://ubserv.wingarmac.org/ is accessible but showing : ref1)
• Webmin host 1
• connected on router with fixed IP 192.168.1.10

ubcynt is:

• Bind ns2
• Webmin host 2
• Desktop interface
• Wireguard peer 10.5.5.2 (https://ubcynt.wingarmac.org/ letsencrypt ask is ok, but not showing as secured and not showing the page, see ref2)
• connected on router with fixed IP 192.168.1.10

mobile is:

• my Samsung A32 phone
• Wireguard peer 10.5.5.4
• use to access Webmin hosts with Chrome
• using data connection (distant host)

##########################################################################

ref1:

Capture d’écran du 2023-03-22 04-43-20968×299 38.2 KB

ref2:
ERR_CONNECTION_REFUSED

Everything works fine excepts ones I’ve the letsencrypt active over the proxied webmin hosts.
Ubcynt has still the default settings in Webmin (minserv.conf and config are default)
Ubserv is also the Apache webserver and NS1 and running Webmin too, so I tried to make this one work over Apache first.

I do not use Virtualmin. I use only Webmin, since I use my own centralised page to list my webmin hosts on my apache main index page of www.wingarmac.org available only from my VPN (/var/www/html/index.html generated by script based on Wireguard handshakes to show present VPN hosts).

Can you help me find out way the page doesn’t load the Webmin scripts like it should. All cgi and proxy modules have been activated so that Apache can handle it, but it seems something goes wrong with webmin.

the first issue was the authentic theme, that showed the perl script instea dof the page. So I set the gray theme, and now this page shows up telling I’ve no access to the modules.

Can anyone help based on my configuration to make webmin avaible on my desktop for my VPN hosts running it using the host with domain name as url without specifying the webmin port (proxied by apache)?

root@ubserv:/etc/apache2/sites-enabled# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: wingarmac.org
2: wingarmac.com
3: ubcynt.wingarmac.org
4: ubserv.wingarmac.org
5: www.wingarmac.com
6: www.wingarmac.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Has been done for all the wingarmac.org domain successfully. (wingarmac.org is for VPN Webmin hosts - wingarmac.com will be for WAN services I’ll setup afterwards)

root@ubserv:/etc/apache2/sites-enabled# nslookup ubcynt.wingarmac.org
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	ubcynt.wingarmac.org
Address: 10.5.5.2

root@ubserv:/etc/apache2/sites-enabled# nslookup ubserv.wingarmac.org
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	ubserv.wingarmac.org
Address: 10.5.5.1

root@ubserv:/etc/apache2/sites-enabled# nslookup wingarmac.org
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	wingarmac.org
Address: 10.5.5.1

I did also add my username to /etc/webmin/webmin.acl

I had to modify bind in order to add the hostname as an apache virtual host too by adding other A reccords:

$TTL    604800
@	IN	SOA	wingarmac.org. admin.wingarmac.org. (
			2023032704
			604800
			86400
			2419200
			604800 )

; VPN nameservers
@       IN      NS      ubserv.wingarmac.org.
@       IN      NS      ubcynt.wingarmac.org.

; my hosts records for wingarmac.org
ubserv.wingarmac.org.	IN	A	10.5.5.1
ubcynt.wingarmac.org.	IN	A	10.5.5.2
mobile.wingarmac.org.	IN	A	10.5.5.4

; other hosts records for wingarmac.org
daddypc.wingarmac.org.	IN  A   10.5.5.10
niang.wingarmac.org.	IN	A	10.5.5.3

; Apache record for wingarmac.org
@       IN      A       10.5.5.1
ubserv  IN      A       10.5.5.1
ubcynt  IN      A       10.5.5.1
daddypc	IN		A		10.5.5.1
www		IN		A		10.5.5.1
wbsql   IN      A       10.5.5.1

This is my Wireguard VPN zone wingarmac.org.zone

I got certbot for:

• (www.)wingarmac.org
• ubserv.wingarmac.org
• ubcynt.wingarmac.org

All working now with SSL active on when VPN is up.

image943×346 88.9 KB

But I’ve trouble to add the last one; my daddy’s laptop.

ubcynt is working and like my daddy’s laptop, it is not the apache server itself but just a Webmin host.
The main difference between ubcynt and daddy’s laptop is that the laptop is not part of my LAN, but using another distant connexion (at my father’s place and with is own provider).

Since It is VPN, thus tunneled I presume no port forwarding must be set on his router to make it work, and since I’ve handshake, I can ping and dnslookup or dig are working for the new host.

I’ve tried many different ways to set up the virtual host, but neither did work to get the page without SSL showed. I’m gessing a problem to resolve between the host’s IP and it’s proxied webpage of webmin.

It seems that some services need not only the be restarted but that the system itselfs restarts to resolve the network correctly with new settings like its the case of bind, so it seems …

After a reboot, I can now show the page proxied by apache, but still can’t have a certbot certification for it, with an NXDOMAIN error in letsencrypt certbot --apache -d daddypc.wingarmac.org , though it has the same configuration as the ubcynt server, with its own name daddypc.wingarmac.org.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.