How to Install Webmin on Ubuntu 22.04 Server
Webmin is a free and open-source control panel for administering Unix-like servers. This tutorial will be showing you how to install Webmin on Ubuntu 22.04 server. Webmin gives users a graphical web-based user interface to configure common system tasks and settings. If you don’t like the idea of using the command line to manage your server, then Webmin is a good graphical alternative for you.
The following is a list of functionalities provided by Webmin.
- BIND DNS resolver and authoritative DNS server
- Samba Server
- FTP server
- Postfix SMTP server and Dovecot IMAP/POP3 server.
- filesystem backup
- Configure log file rotation.
- Edit package repositories, schedule automatic software updates and receive update reports via email.
- Manage users and groups
- Schedule Cron jobs.
- Configure iptables firewall
- And many more.
Install Webmin on Ubuntu 22.04 From Webmin Repository
Webmin has been around since 1997. At the time of this writing, the latest stable version available is 1.941, which was released on January 16, 2020. Webmin isn’t in Ubuntu software repository. It’s recommended to install Webmin from its official repository so that you can always get the latest version.
To add Webmin repository, create a source list file with a command-line text editor such as nano.
sudo nano /etc/apt/sources.list.d/webmin.list
Add the following line in the file.
deb http://download.webmin.com/download/repository sarge contrib
Save and close the file. To save the file in nano text editor, press CTRL+O
, then press Enter
to confirm. To close the file, press CTRL+X
. Next, we need to run the following command to download and import Webmin PGP signing key to APT keyring so that the APT package manager can verify the integrity of packages downloaded from Webmin repository.
wget http://www.webmin.com/jcameron-key.asc
Then import it with:
sudo apt-key add jcameron-key.asc
Now we can update local package index and install Webmin.
sudo apt update sudo apt install webmin
Once installed, the Wemin built-in web server will automatically start as can be seen by running the systemctl command below:
systemctl status webmin
Output:
● webmin.service - LSB: web-based administration interface for Unix systems Loaded: loaded (/etc/init.d/webmin; generated) Active: active (running) since Sun 2020-02-23 16:34:02 HKT; 37s ago Docs: man:systemd-sysv-generator(8) Tasks: 1 (limit: 4915) CGroup: /system.slice/webmin.service └─25792 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
Hint: If the above command doesn’t quit immediately, you can press the Q key to gain back control of the terminal.
If it’s not running, you can start it with:
sudo systemctl start webmin
Webmin server listens on port 10000. If you use a firewall like UFW on your server, then you need to open TCP port 10000.
sudo ufw allow 10000/tcp
Now you can access the web-based control panel via
https://your-server-ip:10000
Because it’s running in HTTPS mode and using a self-signed TLS certificate, so you will be told by the browser that the connection is not secure.
But you know this is your own server, so simply click the Advanced
tab in Firefox and add exception. If you are using Google Chrome, you can click Advanced
-> Proceed
.
And now you will be presented with Webmin login screen. You can use root or any other user accounts in the sudo group on your Ubuntu 22.04 system to login.
If you don’t like the default brown color on the navigation menu, you can change it to a different color by clicking the cog icon on the bottom of the navigation menu, then select navigation menu options and set the color palette. For example, I selected Midnight blue.
Save the change.
Setting Up Reverse Proxy
If you install Webmin on a production server, you might want to set up reverse proxy with Apache or Nginx so that you can use a domain name to access the Webmin interface without specifying the port number (10000). This also allows you to obtain and install a valid Let’s Encrypt TLS certificate for Webmin.
If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.
Disable HTTPS Mode in Webmin
Before setting up the reverse proxy, we need to disable HTTPS mode in Webmin, because later we are going to terminate TLS connection at Apache/Nginx. Edit the Webmin configuration file.
sudo nano /etc/webmin/miniserv.conf
Find the following line.
ssl=1
Change it to the following to disable HTTPS mode in Webmin.
ssl=0
Save and close the file. Then restart Webmin.
sudo systemctl restart webmin
Apache
If you prefer to use Apache web server, then follow the instructions below to set up reverse proxy.
Install Apache web server.
sudo apt install apache2
To use Apache as a reverse proxy, we need to enable the proxy
, proxy_http
and rewrite
module.
sudo a2enmod proxy proxy_http rewrite
Then create a virtual host file for Webmin.
sudo nano /etc/apache2/sites-available/webmin.conf
Add the following texts into the file. Replace webmin.your-domain.com
with your actual domain name and don’t forget to create a DNS A record for it.
<VirtualHost *:80>
ServerName webmin.your-domain.com
ProxyPass / http://127.0.0.1:10000/
ProxyPassReverse / http://127.0.0.1:10000/
ErrorLog ${APACHE_LOG_DIR}/webmin.error.log
CustomLog ${APACHE_LOG_DIR}/webmin.access.log combined
</VirtualHost>
Save and close the file. Then enable this virtual host.
sudo a2ensite webmin.conf
Reload Apache for the changes to take effect.
sudo systemctl reload apache2
Now you can remotely access Webmin by entering the domain name (webmin.your-domain.com
) in browser address bar.
Nginx
If you prefer to use Nginx web server, then follow the instructions below to set up reverse proxy.
Install Nginx on Ubuntu.
sudo apt install nginx
Start Nginx web server.
sudo systemctl start nginx
Then create a new server block file in /etc/nginx/conf.d/
directory.
sudo nano /etc/nginx/conf.d/webmin.conf
Paste the following text into the file. Replace webmin.your-domain.com
with your preferred domain name and don’t forget to create DNS A record for it.
server {
listen 80;
server_name webmin.your-domain.com;
location / {
proxy_pass http://127.0.0.1:10000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Save and close the file. Then test Nginx configuration.
sudo nginx -t
If the test is successful, reload Nginx.
sudo systemctl reload nginx
Now you can access Webmin Web interface via webmin.your-domain.com
.
Enable HTTPS
To encrypt the HTTP traffic when you visit Webmin web interface, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on Ubuntu.
sudo apt install certbot
If you use Apache, then you need to install the Certbot Apache plugin.
sudo apt install python3-certbot-apache
Next, run the following command to obtain and install TLS certificate.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com
If you use Nginx, then you need to install the Certbot Nginx plugin.
sudo apt install python3-certbot-nginx
Next, run the following command to obtain and install TLS certificate.
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com
Where:
--apache
: Use the Apache plugin.--nginx
: Use the nginx plugin.--agree-tos
: Agree to terms of service.--redirect
: Force HTTPS by 301 redirect.--hsts
: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp
: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
The certificate should now be obtained and automatically installed. And you will be able to access Webmin web interface over a secure HTTPS connection.
Disable HTTPS Mode in Webmin
Now that TLS connection is terminated at Apache/Nginx, we need to disable HTTPS mode in the Webmin’s built-in web server. Edit the Webmin configuration file.
sudo nano /etc/webmin/miniserv.conf
Find the following line.
ssl=1
Change it to the following to disable HTTPS mode in Webmin.
ssl=0
We can also add the following line in this file so that the built-in web server only allows access from localhost. Visitors using the http://public-ip:10000
scheme will be forbidden.
allow=127.0.0.1
Save and close the file. Then restart Webmin.
sudo systemctl restart webmin
Add Trusted Referrers
Because Webmin itself is running in HTTP mode and we enabled HTTPS in Apache/Nginx, Webmin will think that https://webmin.your-domain.com
is outside the Webmin server. So we need to add trusted referrers.
Edit the Webmin config file.
sudo nano /etc/webmin/config
Add the following line at the end.
referers=webmin.your-domain.com
Save and close the file. Then restart Webmin.
sudo systemctl restart webmin
Troubleshooting
If you see any errors, you can check the Webmin error log (/var/webmin/miniserv.error
) to troubleshoot.
Apache Error #1
If you use Apache, check the Apache virtual host files under /etc/apache2/sites-enabled/
directory. Make sure there’s no files using
<VirtualHost example.com:80>
They should use the following format.
<VirtualHost *:80>
Apache Error #2
<VirtualHost *:80>
is used for plain HTTP virtual host and <VirtualHost *:443>
is used for SSL virtual host. If you use port 443 for a plain HTTP virtual host, then it might produce the “SSL_ERROR_RX_RECORD_TOO_LONG” in your web browser.
Wrapping Up
I hope this tutorial helped you install Webmin on Ubuntu 22.04. As always, if you found this post useful, then subscribe to our free newsletter. You can also follow us on Twitter or like our Facebook page.
Works great on Ubuntu 18 with webmin / virtualmin except statistics stopped working in the dashboard. Initially it refreshes 3 times and than it freezes. When using port 10000 it works correct. I cannot find anything relevant in the logs.
may i use Webmin to manage multi servers, sir?
apt-key has been deprecated in Ubuntu 22.04, had to use gpg –dearmor and copy it into /usr/share/keyrings/ to get things installed.
If you replace the import line with these lines you won’t see the deprecated error message.
# sudo gpg –no-default-keyring –keyring ./webmin_keyring.gpg –import jcameron-key.asc
# sudo gpg –no-default-keyring –keyring ./webmin_keyring.gpg –export > ./webmin.gpg
# sudo mv ./webmin.gpg /etc/apt/trusted.gpg.d/
Is it recommended to install Webmin on an Apache production server with live websites? Would it completely wipe out the websites or manual intervention would fix it ?