SHARE

Webmin is a web-based control panel for any Linux machine which lets you manage your server through a modern web-based interface. With Webmin, you can change settings for common packages on the fly, including web servers and databases, as well as manage users, groups, and software packages.

In this tutorial, you’ll install and configure Webmin on your server and secure access to the interface with a valid certificate using Let’s Encrypt and Apache. You’ll then use Webmin to add new user accounts, and update all packages on your server from the dashboard.

Prerequisites
To complete this tutorial, you will need:

– One  fresh Ubuntu 16.04 or 18.04 server , including a sudo non-root user and a firewall.
– A Fully-Qualified Domain Name (FQDN), with a DNS A record pointing to the IP address of your server. 
– Certbot installed by following Step 1 of How To Secure Apache with Let’s Encrypt on Ubuntu 16.04 or 18.04. You’ll use Certbot to generate the TLS/SSL certificate for Webmin.

Step 1 — Installing Webmin
First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding the repository to the /etc/apt/sources.list file.

Open the file in your editor:

sudo nano /etc/apt/sources.list

Then add this line to the bottom of the file to add the new repository:

/etc/apt/sources.list

 . . . 

deb http://download.webmin.com/download/repository sarge contrib

Save the file and exit the editor.

Next, add the Webmin PGP key so that your system will trust the new repository:

wget http://www.webmin.com/jcameron-key.asc

sudo apt-key add jcameron-key.asc

Next, update the list of packages to include the Webmin repository:

sudo apt update

if server ask for dependencies, just run this command:

add-apt-repository universe

Then install Webmin:

sudo apt install webmin

Once the installation finishes, you’ll be presented with the following output:

Webmin install complete. You can now login to 

https://your_server_ip:10000 as root with your 

root password, or as any user who can use `sudo`.

Now, let’s secure access to Webmin by putting it behind the Apache web server and adding a valid TLS/SSL certificate.

Step 2: Accessing Webmin
Now that Webmin is installed, you can access the interface by opening your web browser and browsing the the server hostname or IP address followed by port 10000.

ex. https://localhost:10000

If you’re coming from a remote location, you must add the IP address to the allowed list… you can do that by running the commands below to open Webmin default configuration file.

sudo nano /etc/webmin/miniserv.conf

Then adding a new line to allow a specific IP or subnet.

allow=192.168.X.X

Save the file… you should be able to access Webmin

Step 3: Installing Virtualmin

Virtualmin only supports Ubuntu LTS versions. If you don’t have those versions of Ubuntu, Virtualmin will fail to install… If you do, then continue below.

Now that Webmin is installed, go and install Virtualmin.. Virtualmin allows you to manage nginx virtual hosts and DNS, just like you have with cPanel and other hosted packages.

I’m going to assume that you already have a VPS with root access. If you don’t, you can get one from a unmanaged VPS provider I recommend. Logged in to Ubuntu 16.04 server as root user, run following command to check your server’s hostname.

hostname -f

If the output is anything other than your domain name or a sub-domain, you should change it before you install Virtualmin with nginx. Refer to change Ubuntu 16.04 hostname from command line tutorial and change it now.

Let’s start by updating apt cache,

apt update

This part is similar on all Linux distributions. Download the Virtualmin installation script to your server,

wget http://software.virtualmin.com/gpl/scripts/install.sh

Then make the script executable

sudo chmod +x install.sh

Finally, run the commands below to install Virtualmin

sh install.sh -b LEMP
or
sh install.sh --bundle LEMP

in case, you want to uninstall:

sh install.sh --uninstall


Accept the default setting and install.

When that’s done, you should have Virtualmin module enabled for Webmin and begin configuring your systems.

For ubuntu 16, in case, this error appears: 
The repository ‘cdrom://Ubuntu-Server 16.04.5 LTS _Xenial Xerus_ – Release amd64 (20180731) xenial Release’ does not have a Release file.

just edit : 
sudo nano /etc/apt/sources.list

and comment or remove lines that include cdrom. eg:

deb cdrom:[Ubuntu-Server 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.3)]/ xenial main restricted

INSTALLING MULTIPLE PHP VERSIONS

There are few major PHP versions out there such as PHP 5.6, PHP 7.0, PHP 7.1 and PHP 7.2. We should always try to use latest version of the software, sometimes we have to stick with an older version due to compatibility issues with the application we are running. If you’re in a such situation, this post will show you how to use multiple PHP versions with Virtualmin and Nginx server.

Why use multiple PHP versions with Virtualmin and Nginx?

I was in a such situation recently. I wanted to have WordPress and CPVLab installed on the same VPS. WordPress is compatible with PHP 7.2 but CPVLab isn’t. Only version of PHP CPVLab supported was PHP 5.6. While I could have both WordPress and CPVLab installed with PHP 5.6, that isn’t optimal solution. So I decided to install PHP 7.2 for WordPress and PHP 5.6 for CPVLab.

While my reason to use multiple PHP versions with Virtualmin and Nginx only involves PHP 5.6 and PHP 7.2, I’ll list instructions for all four major PHP versions mentioned earlier. These are the PHP versions with ongoing support at the moment of writing.

And before we begin, I’m going to assume you have built your Ubuntu 16.04 server with Virtualmin and Nginx and have created at least one virtual server to host a website.

Adding  Ondřej Surý Repo to the server:

Ubuntu 16.04 doesn’t offer newer versions of PHP than PHP v7.0.30 yet. We can get around this by adding ondrej/php PPA to the server. No matter which PHP version you’re planning to install, you should start by adding ondrej/php PPA to be able to use multiple PHP versions with Virtualmin and Nginx.

add-apt-repository ppa:ondrej/php

Update apt cache

apt update

Server is now ready to have multiple versions of PHP running at the same time. Let’s start with PHP 5.6. Note that Virtualmin, by default use latest version of PHP available on the server for new virtual servers. This can be changed within the virtual server settings itself after creation or you can specify a default PHP version for new servers from Virtualmin settings. More on that later on this tutorial.

Install PHP 5.6 and PHP 7.0 with Virtualmin and Nginx

We already have PHP 7.0 running on the server. Let’s install PHP 5.6. Following command will install PHP 5.6 and all essential PHP 5.6 modules.

apt install php5.6-cgi php5.6-mysql php5.6-curl php5.6-gd php5.6-imap php5.6-mcrypt php5.6-tidy php5.6-xmlrpc php5.6-xsl php5.6-mbstring php5.6-zip php5.6-cli

Install PHP 7.1 and PHP 7.0 with Virtualmin and Nginx

If the version of PHP you want is PHP 7.1, following command should take care of it.

apt install php7.1-cgi php7.1-mysql php7.1-curl php7.1-gd php7.1-imap php7.1-mcrypt php7.1-tidy php7.1-xmlrpc php7.1-xsl php7.1-mbstring php7.1-zip php7.1-cli

Install PHP 7.2 and PHP 7.0 with Virtualmin and Nginx

And if you want latest version (PHP 7.2) on your server, following command will do the magic.

apt install php7.2-cgi php7.2-mysql php7.2-curl php7.2-gd php7.2-imap php7.2-tidy php7.2-xmlrpc php7.2-xsl php7.2-mbstring php7.2-zip php7.2-cli

You can run one or more of above commands and have one or more extra PHP versions running on your server. If you run all three commands above, you’ll have all four version of PHP available to you on the server.

Configure Virtualmin to use a Specific PHP Version

Virtualmin will use latest available version of PHP for new virtual servers. Old virtual servers will not be affected by above commands. If you need a different version of PHP for existing virtual server, you can go to Virtualmin > Domain Name > Server Configuration > PHP Version and select the PHP version you want from the list.
use multiple PHP versions with Virtualmin and Nginx

And if you want to change default PHP version for new virtual servers to other than the latest version available on the server, you can change it from Virtualmin > System Settings > Server Templates > Default Settings > PHP Options. A drop down list of available PHP versions will be shown to you.
virtualmin-change-php-version

Select the version you want and click save. Selected PHP version will be used for all newly created servers. Option to change PHP version from virtual server settings will also be available to all newly created servers.

Set Default PHP Version for Command Line

When you have multiple php versions on your server, system will use latest version to process PHP commands. Although you can change this on Virtualmin as shown above, it doesn’t change default PHP version for command line. phpinfo page on your browser might say PHP 5.6 but PHP -v command on Putty might say PHP 7.2. This can lead to conflicts in some cases. Especially if your application need to run cronjobs. Solution will be to change default PHP version for command line to match what your application is running.

This command will display PHP versions available to you with paths,

update-alternatives --list php

Following command should change default php version to PHP 7.1.

update-alternatives --set php /usr/bin/php7.1

Change the path to PHP as your needs.

For configuring with nginx. go to: 

sudo nano /etc/php/7.2/fpm/php.ini

edit the next file: 

cgi.fix_pathinfo=0

finally, restart php service

sudo systemctl restart php7.2-fpm

For getting php.ini file dir: 

php -i | grep 'php.ini'


INSTALLLING CLOUDMIN

this ony worked on ubuntu 16.04 and it is only for managing cloud virtual server inside your server.

In order to install it, just follow the next: 

wget http://cloudmin.virtualmin.com/gpl/scripts/cloudmin-kvm-debian-install.sh

Then make the script executable

sudo chmod +x cloudmin-kvm-debian-install.sh

Finally, run the commands below to install Virtualmin

sh cloudmin-kvm-debian-install.sh

Useful commands

Just run this command from the command line and it will bring the webmin service up again fresh.

# /etc/init.d/webmin restart

file configuration for webmin

sudo nano /etc/webmin/config
sudo nano /etc/webmin/miniserv.conf

For adding allow Ip, just edit:

sudo nano /etc/webmin/miniserv.conf

and edit: 

allow = localhost 192.168.0.197

# /etc/init.d/webmin restart

some virtual configurations here: 
https://github.com/webmin/webmin/issues/420

installing FPM support 

Currently, there is no official PHP-FPM support in Virtualmin, so you need to download and install a third-party Virtualmin plugin to create Nginx and PHP-FPM powered websites for domains.Currently, there is no official PHP-FPM support in Virtualmin, so you need to download and install a third-party Virtualmin plugin to create Nginx and PHP-FPM powered websites for domains.

cd /opt
git clone https://github.com/Real-Gecko/virtualmin-nginx-fpm.git
tar -zcf virtualmin-nginx-fpm.tar.gz virtualmin-nginx-fpm

Open https://your_server_IP:10000 , click on the Webmin icon >> select ‘Webmin configuration’ from the Webmin menu >> Mebmin module >> Install Module >> From local file >> enter /opt/virtualmin-nginx-fpm.tar.gz >> click ‘Install Module’.

Then, click on the Virtualmin icon >> go to ‘System Settings’ >> Features and Plugins >> click configure next to ‘Nginx PHP-FPM website’ feature and set:

Full path to php-fpm command /usr/sbin/php-fpm7.2
Command to start PHP-FPM service php7.2-fpm start
Command to stop PHP-FPM         service php7.2-fpm stop
Command to reload PHP-FPM service php7.2-fpm restart
Path to pools configuration directory /etc/php/7.2/fpm/pool.d




Then, click on the Virtualmin icon >> go to >> System Settings >> Features and Plugins >> check ‘Nginx PHP-FPM website’ feature, and disable the ‘Apache website’ , ‘SSL website’, ‘AWstats reporting’ and ‘DAV Login’ and features.
That is it. Virtualmin with Nginx and PHP-FPM support has been successfully installed on your server.

Add swap

Disabling unnecesary services from webmin

In my case, I have another email provider so I will disabled some services related with email: 

sudo /etc/init.d/clamav-daemon stop

systemctl disable clamav-daemon

ADDING SWAP MEMORY

Before we begin, we can check if the system already has some swap space available. It is possible to have multiple swap files or swap partitions, but generally one should be enough.

We can see if the system has any configured swap by typing:

sudo swapon --show

If you don’t get back any output, this means your system does not have swap space available currently.

You can verify that there is no active swap using the free utility:

free -h

Output
total used free shared buff/cache available
Mem: 985M 84M 222M 680K 678M 721M
Swap: 0B 0B 0B

As you can see in the Swap row of the output, no swap is active on the system.

Step 2 – Checking Available Space on the Hard Drive Partition
Before we create our swap file, we’ll check our current disk usage to make sure we have enough space. Do this by entering:

df -h

Output
Filesystem Size Used Avail Use% Mounted on
udev 481M 0 481M 0% /dev
tmpfs 99M 656K 98M 1% /run
/dev/vda1 25G 1.4G 23G 6% /
tmpfs 493M 0 493M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 493M 0 493M 0% /sys/fs/cgroup
/dev/vda15 105M 3.4M 102M 4% /boot/efi
tmpfs 99M 0 99M 0% /run/user/1000

The device with / in the Mounted on column is our disk in this case. We have plenty of space available in this example (only 1.4G used). Your usage will probably be different.

Although there are many opinions about the appropriate size of a swap space, it really depends on your personal preferences and your application requirements. Generally, an amount equal to or double the amount of RAM on your system is a good starting point. Another good rule of thumb is that anything over 4G of swap is probably unnecessary if you are just using it as a RAM fallback.

Step 3 – Creating a Swap File
Now that we know our available hard drive space, we can create a swap file on our filesystem. We will allocate a file of the swap size that we want called swapfile in our root (/) directory.

The best way of creating a swap file is with the fallocate program. This command instantly creates a file of the specified size.

Since the server in our example has 1G of RAM, we will create a 1G file in this guide. Adjust this to meet the needs of your own server:

sudo fallocate -l 1G /swapfile2

We can verify that the correct amount of space was reserved by typing:

ls -lh /swapfile2

-rw-r–r– 1 root root 1.0G Apr 25 11:14 /swapfile2

Our file has been created with the correct amount of space set aside.

Step 4 – Enabling the Swap File
Now that we have a file of the correct size available, we need to actually turn this into swap space.

First, we need to lock down the permissions of the file so that only the users with root privileges can read the contents. This prevents normal users from being able to access the file, which would have significant security implications.

Make the file only accessible to root by typing:

sudo chmod 600 /swapfile2

Verify the permissions change by typing:

ls -lh /swapfile2

Output
-rw——- 1 root root 1.0G Apr 25 11:14 /swapfile

As you can see, only the root user has the read and write flags enabled.

We can now mark the file as swap space by typing:

sudo mkswap /swapfile2

Output
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=6e965805-2ab9-450f-aed6-577e74089dbf

After marking the file, we can enable the swap file, allowing our system to start utilizing it:

sudo swapon /swapfile2

Verify that the swap is available by typing:

sudo swapon --show

Output
NAME TYPE SIZE USED PRIO
/swapfile2 file 1024M 0B -2

We can check the output of the free utility again to corroborate our findings:

free -h

Output
total used free shared buff/cache available
Mem: 985M 84M 220M 680K 680M 722M
Swap: 1.0G 0B 1.0G

Our swap has been set up successfully and our operating system will begin to use it as necessary.

Step 5 – Making the Swap File Permanent
Our recent changes have enabled the swap file for the current session. However, if we reboot, the server will not retain the swap settings automatically. We can change this by adding the swap file to our /etc/fstab file.

Back up the /etc/fstab file in case anything goes wrong:

sudo cp /etc/fstab /etc/fstab.bak

Add the swap file information to the end of your /etc/fstab file by typing:

echo '/swapfile2 none swap sw 0 0' | sudo tee -a /etc/fstab

Next we’ll review some settings we can update to tune our swap space.

Step 6 – Tuning your Swap Settings
There are a few options that you can configure that will have an impact on your system’s performance when dealing with swap.

Adjusting the Swappiness Property
The swappiness parameter configures how often your system swaps data out of RAM to the swap space. This is a value between 0 and 100 that represents a percentage.

With values close to zero, the kernel will not swap data to the disk unless absolutely necessary. Remember, interactions with the swap file are “expensive” in that they take a lot longer than interactions with RAM and they can cause a significant reduction in performance. Telling the system not to rely on the swap much will generally make your system faster.

Values that are closer to 100 will try to put more data into swap in an effort to keep more RAM space free. Depending on your applications’ memory profile or what you are using your server for, this might be better in some cases.

We can see the current swappiness value by typing:

cat /proc/sys/vm/swappiness

Output
60

For a Desktop, a swappiness setting of 60 is not a bad value. For a server, you might want to move it closer to 0.

We can set the swappiness to a different value by using the sysctl command.

For instance, to set the swappiness to 10, we could type:

sudo sysctl vm.swappiness=10

Output
vm.swappiness = 10

This setting will persist until the next reboot. We can set this value automatically at restart by adding the line to our /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

At the bottom, you can add:

vm.swappiness=10

Save and close the file when you are finished.

Adjusting the Cache Pressure Setting
Another related value that you might want to modify is the vfs_cache_pressure. This setting configures how much the system will choose to cache inode and dentry information over other data.

Basically, this is access data about the filesystem. This is generally very costly to look up and very frequently requested, so it’s an excellent thing for your system to cache. You can see the current value by querying the proc filesystem again:

cat /proc/sys/vm/vfs_cache_pressure

Output
100

As it is currently configured, our system removes inode information from the cache too quickly. We can set this to a more conservative setting like 50 by typing:

sudo sysctl vm.vfs_cache_pressure=50

Output
vm.vfs_cache_pressure = 50

Again, this is only valid for our current session. We can change that by adding it to our configuration file like we did with our swappiness setting:

sudo nano /etc/sysctl.conf

At the bottom, add the line that specifies your new value:

vm.vfs_cache_pressure=50

Save and close the file when you are finished.

Some tweaks to mysql

add the next lines to mysql configuration: 

sudo nano /etc/mysql/mysql.cnf

[mysqld]
max_allowed_packet=500M
sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

it will allow to import large file sql files. 

then restart mysql 

service mysql restart

Tweaking nginx file: 

sudo nano /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# Log format
set_real_ip_from 127.0.0.1; 
real_ip_header X-Forwarded-For; 
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

# Hide the Nginx version number
server_tokens off;

# Timeouts

client_body_timeout 30;
client_header_timeout 30;
send_timeout 30;
client_max_body_size 20M;
reset_timedout_connection on;


##
# Gzip Settings
##

# Gzip module configuration
gzip on;
gzip_disable "MSIE [1-6].(?!.*SV1)";
gzip_vary on;
gzip_comp_level 3;
gzip_proxied any;
gzip_buffers 16 8k;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

save changes and restart service:

service nginx restart