READ FRESH TUTORIALS FROM WPCRONS start from here!

How to Setup Webmin on a VPS Securely

In this VPS Tutorial, we will show you how to Setup Webmin on a VPS Securely and then access it securely. Webmin is a popular control panel for Unix and Linux Servers. Originally released in 1997, It allows easy management of most common configuration tasks for a server.

There is really nothing exclusive about setting up Webmin on a VPS versus a Dedicated server so you can use this tutorial for either type of server.

The first thing you will need is a VPS. We recommend Contabo VPS systems. Ok enough advertising, 😉

Next, you will need to download and install Webmin and its some dependencies. Following these instructions, you will have Webmin up and running in no time, and it will be secure as well.

Downloading and Installing Webmin

Webmin is available for many different flavours of OS at www.webmin.com. For this VPS Tutorial, we are going to use the RPM packaged version and will be installed on CentOS 6/7/8.

[user@testing ~]# wget https://prdownloads.sourceforge.net/webadmin/webmin-1.962-1.noarch.rpm

Webmin is written in Perl so it will require that be installed along with some other modules and dependencies. As root use Yum to install the RPM so it also installs all those required dependencies for you.

Note: On this date of publishing this post the latest version of Webmin was v1.962-1. Please check the latest version here.

[root@testing ~]# yum install webmin-1.962-1.noarch.rpm

You will get an output something along these lines.

Dependencies Resolved
 
==================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================
Installing:
webmin noarch 1.670-1 /webmin-1.670-1.noarch 60 M
Installing for dependencies:
perl x86_64 4:5.10.1-136.el6 base 10 M
perl-Module-Pluggable x86_64 1:3.90-136.el6 base 40 k
perl-Pod-Escapes x86_64 1:1.04-136.el6 base 32 k
perl-Pod-Simple x86_64 1:3.13-136.el6 base 212 k
perl-libs x86_64 4:5.10.1-136.el6 base 578 k
perl-version x86_64 3:0.77-136.el6 base 51 k
 
Transaction Summary
==================================================================================================================================================
Install 7 Package(s)
 
Total size: 71 M
Total download size: 11 M
Installed size: 95 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): perl-5.10.1-136.el6.x86_64.rpm | 10 MB 00:01
(2/6): perl-Module-Pluggable-3.90-136.el6.x86_64.rpm | 40 kB 00:00
(3/6): perl-Pod-Escapes-1.04-136.el6.x86_64.rpm | 32 kB 00:00
(4/6): perl-Pod-Simple-3.13-136.el6.x86_64.rpm | 212 kB 00:00
(5/6): perl-libs-5.10.1-136.el6.x86_64.rpm | 578 kB 00:00
(6/6): perl-version-0.77-136.el6.x86_64.rpm | 51 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------
Total 5.7 MB/s | 11 MB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:perl-Pod-Escapes-1.04-136.el6.x86_64 1/7
Installing : 4:perl-libs-5.10.1-136.el6.x86_64 2/7
Installing : 1:perl-Pod-Simple-3.13-136.el6.x86_64 3/7
Installing : 3:perl-version-0.77-136.el6.x86_64 4/7
Installing : 1:perl-Module-Pluggable-3.90-136.el6.x86_64 5/7
Installing : 4:perl-5.10.1-136.el6.x86_64 6/7
Installing : webmin-1.670-1.noarch 7/7
Operating system is CentOS Linux
Webmin install complete. You can now login to http://testing:10000/
as root with your root password.
Verifying : 1:perl-Module-Pluggable-3.90-136.el6.x86_64 1/7
Verifying : 1:perl-Pod-Escapes-1.04-136.el6.x86_64 2/7
Verifying : 4:perl-5.10.1-136.el6.x86_64 3/7
Verifying : 4:perl-libs-5.10.1-136.el6.x86_64 4/7
Verifying : 1:perl-Pod-Simple-3.13-136.el6.x86_64 5/7
Verifying : 3:perl-version-0.77-136.el6.x86_64 6/7
Verifying : webmin-1.670-1.noarch 7/7
 
Installed:
webmin.noarch 0:1.670-1
 
Dependency Installed:
perl.x86_64 4:5.10.1-136.el6 perl-Module-Pluggable.x86_64 1:3.90-136.el6 perl-Pod-Escapes.x86_64 1:1.04-136.el6
perl-Pod-Simple.x86_64 1:3.13-136.el6 perl-libs.x86_64 4:5.10.1-136.el6 perl-version.x86_64 3:0.77-136.el6
 
Complete!
[root@testing ~]#

The important part of that output is this line: Webmin installs completely. You can now login to http://testing:10000/ as root with your root password.

My VPS’s hostname is testing but I don’t have it configured in DNS yet, so the link is a bit misleading. For now, if you don’t have DNS setup either, browse to the IP address instead i.e. http://123.123.123.123:10000.

Once you browse to the IP and port, you should get a login page for Webmin that looks like this:

How to Setup Webmin on a VPS Securely

Logon as root with your root password. And you will be brought to the main Webmin screen.

How to Setup Webmin on a VPS Securely

As you can see there is an update available for Webmin users at the time I am writing this, so just click the button labelled “Install Updates Now” and let that compete. Next, we will move on to locking it down and securely accessing Webmin.

Securing Webmin

For security reasons, we don’t like leaving Webmin open to the internet. You will have an endless stream of people trying to brute force their way into Webmin. To keep access secure and brute forcers at bay we block the port used by Webmin in IP Tables, TCP port 10000, and instead, we will access Webmin’s port over an SSH tunnel that forwards TCP port 10000.

We will assume you already know how to block and open ports using IPTables. If you need to learn how to secure your VPS using IPTables, take a look at our previous VPS Tutorial on that exact subject.

To access Webmin over a port forward use the following command replacing 123.123.123.123 with your servers IP address.

ssh 123.123.123.123 -L 10000:123.123.123.123:10000

Now to access Webmin open your Web Browser and go to http://127.0.0.1:10000. You can then login with the root password as you did before. Now all the traffic is going over the SSH tunnel and is encrypted.

You should always take security considerations when using Webmin. Webmin is a great AND powerful control panel that can manage just about anything on your server. It would be a hackers dream to get access to this, and they could do untold amounts of damage to your systems.

Enjoy using Webmin Securely!

Now to access Webmin open your Web Browser and go to http://127.0.0.1:10000. You can then login with the root password as you did before. Now all the traffic is going over the SSH tunnel and is encrypted.

You should always take security considerations when using Webmin. Webmin is a great AND powerful control panel that can manage just about anything on your server. It would be a hackers dream to get access to this, and they could do untold amounts of damage to your systems.

Enjoy using Webmin Securely!

You May Also Like

About the Author: WPC Staff

WPCrons staff has long-term experience of WordPress & like to constantly spot problems and plotting how to solve them. We believe you don't need to be a nerd or a programmer or a network engineer to make a difference.

Leave a Reply

Thanks for choosing to leave a reply. Your opinions and comments are very important to us, and your email address will NOT be published. If you need a private conversation then use our contact form. Please add an avatar if you do not have and make the comment section more beautiful.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Accept! No, thanks!

Why my browser don’t show me the coupon?


By default, Google Chrome and some other browser block pop-ups from automatically showing up on your screen. When a pop-up is blocked, the address bar will be marked Pop-up blocked Pop-up blocked.

ComputerAndroidiPhone & iPad

  1. On your computer, open Chrome.
  2. At the top right, click More More and then Settings.
  3. Under “Privacy and security,” click Site settings.
  4. Click Pop-ups and redirects.
  5. At the top, turn the setting to Allowed or Blocked.

  1. On your Android phone or tablet, open the Chrome app Chrome.
  2. To the right of the address bar, tap More More Settings.
  3. Tap Site settings and then Pop-ups and redirects.
  4. Turn Pop-ups and redirects on or off.

  1. On your iPhone or iPad, open the Chrome app Chrome.
  2. Tap More More and then Settings Settings.
  3. Tap Content Settings and then Block Pop-ups.
  4. Turn Block Pop-ups on or off.


Share via


FollowUs

Subscribe to get FREE updates


wpcrons-newslater
Join 1000s of readers around the globe. Don’t worry. We also don’t like Spam. We are weekly.
Loading

Disclaimer


We are using affiliate links & images from respective product sites in our articles occasionally, means that if you click on one of the links and purchase an item, we may receive a commission (at no additional cost to you). All the reviews & opinions (positive or negative) are 100% our own. We are not getting any money to write them. The trademarks mentioned in this website belong to the respective companies. All the articles are information purpose only, to help someone to educate & save money. In case any problem with the content, you can reach us anytime through our contact us page »