Hello,
I have been trying to set up a safe https connection to my Webmin browser GUI.
I have made some work using ssl certificates. Is it the right way? Do I need a CA certificate in order to have my wish fulfilled?
Help is appreciated in the form of commentary, links or pointing to the right material to read.
Best Regards
Yes.
Simply request legit certificate from CA (Letâs Encrypt) for free. You can use your own cert with out any problems but browser will throw a warning.
I have read and seen a lot about this issue and am starting now to understand more or less how it works.
Your reply is very appreciated.
you might need a âchainedâ certificate depending on the issuer. - my two cents
My two cents is that this thread might help you:
Is it possible to secure Webmin or any other Web Gui without a domain? Making it secure locally using only (ip:port number)?
I do not like to have Webmin Gui open in the internet. I am trying to Vpn to my Lan and acess it locally.
Share your thougts please.
Even with just an IP its open in the Internet, so it doesnt matter if its accessible via Domain or just via IP.
You can limit access to it with the firewall.
And what I read about LE (Letâs Encrypt) id that they dont offer certificates for IPs. Meaning only for DNS names. But I could be wrong about that.
I can acess Webmin Gui using âhostname:10000â.
I have tried to use apache to create a virtual host and then fo forward with LE proceadure. I donât know if it is the correct way, nor if it is possible that LE would accept a local request.
I am also trying to get nome knowledge on Webmin ForumsâŠ
If the hostname is reachable via DNS, then it should be possible.
IF you have ssh access to the machine, you can close public webmin port all together and access it through ssh forwarding.
For ssh, connect to the server with the -D:port option.
ssh -D:2000 username@public-ip
Then set your browser to proxy all traffic via socks5 and 127.0.0.1:2000. All traffic will be forwarded through the ssh to the server. Will be able to access any ip on the server since all your traffic looks like âlocalhostâ traffic to the server. So youâd access webmin via the servers ip:10000. If works, close port 10000 in the firewall to block public access.
Let me just clarify that i can acess Webmin Gui using a webbrowser on a local machine. My questionâs purpose is to understand more about the process itself. I am a computer engineer, not a software one. I have much interest in this matter for my ongoing projects. I am learning a lot on how to create a website and host it on a local server. 
When I installed Webmin, I had acess using https://ip:10000. Back then the browser still didnât recognize the original certificate as being a trusted one, but the HTTPS worked regardless.
One time I have fiddled with the certificate creation in the âWebmin Configuration/ SSL Encriptionâ. I began not to have acess to the Webmin GUI. In order to get it back up, i ânanoedâ /etc/webmin/miniserv.conf and removed SSL option. Now I can access the GUI using HTTP://ip:10000.
What I wish is to find out if there is a possibility to have Webmin or Pi-Hole GUI with HTTPS and browser safety recognition. Everything accessable at local network even when my internet connection is down.
I feel my question hasnât gone through yet, maybe my conception of how it works is not yet still good enough.Anyhow, your time and help is being appreciated.
The SSL connection still worked, because its self-signed and depending on the browser configuration you can still use https with that (even though you get a warning).
If you want to know more about encryption and how it works, simply google (or other search enginges) letsencrypt. Their website actually tells you a lot about that. That should do as first basics.
If you want a ssl cert, which will be recognized as legit by default you either need a domain for that or a paid ssl cert (some companies offer certs for direct IP usage, at least in the past).
Nice! Just what I was looking for.
Thank you Dr.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.