How to Install Webmin on CentOS 8/RHEL 8 Server
Webmin is a free and open-source control panel for administering Unix/Linux servers. This tutorial will be showing you how to install Webmin on CentOS 8/RHEL 8 server.
Webmin provides users with a graphical web-based user interface to configure common system tasks and settings. If you don’t like the idea of using the command line to manage your server, then Webmin is a good graphical alternative to you. The following is a list of functionalities provided by Webmin.
- BIND DNS resolver and authoritative DNS server
- Samba Server
- FTP server
- Postfix SMTP server and Dovecot IMAP/POP3 server.
- filesystem backup
- Configure log file rotation.
- Edit package repositories, schedule automatic software updates and receive update reports via email.
- Manage users and groups
- Schedule Cron jobs.
- Configure iptables firewall
- And many more.
Install Webmin on CentOS 8/RHEL 8 From Webmin Repository
Webmin has been around since 1997. At the time of this writing, the latest stable version available is 1.970, which was released on January 6, 2021. Webmin isn’t in CentOS/RHEL software repository. It’s recommended to install Webmin from its official repository so that you can always get the latest version.
To add Webmin repository, create a repository file with a command-line text editor such as Nano.
sudo dnf install nano sudo nano /etc/yum.repos.d/webmin.repo
Add the following lines in the file.
[Webmin] name=Webmin Distribution Neutral #baseurl=https://download.webmin.com/download/yum mirrorlist=https://download.webmin.com/download/yum/mirrorlist enabled=1
Save and close the file. To save the file in Nano text editor, press CTRL+O, then press Enter to confirm. To close the file, press CTRL+X . Next, we need to run the following command to download and import Webmin PGP signing key so that the package manager can verify the integrity of packages downloaded from Webmin repository.
wget http://www.webmin.com/jcameron-key.asc
Then import it with:
sudo rpm --import jcameron-key.asc
Now we can update repository and install Webmin.
sudo dnf update -y sudo dnf install webmin -y
Once installed, the Wemin built-in web server will automatically start as can be seen by running the systemctl command below:
systemctl status webmin
Output:
Hint: If the above command doesn’t quit immediately, you can press the Q key to gain back control of the terminal.
If it’s not running, you can start it with:
sudo systemctl start webmin
If you see the “Unit webmin.service could not be found” error, then you need to restart your server.
sudo shutdown -r now
Webmin server listens on port 10000, so you need to open TCP port 10000 in the firewall.
sudo firewall-cmd --permanent --add-port=10000/tcp sudo systemctl reload firewalld
Now you can access the web-based control panel via
https://your-server-ip:10000
Because it’s running in HTTPS mode and using a self-signed TLS certificate, so you will be told by the browser that the connection is not secure.
But you know this is your own server, so simply click the Advanced tab in Firefox and add exception. If you are using Google Chrome, you can click Advanced -> Proceed.
Now you will be presented with Webmin login screen. You need to use root account to login.
If you don’t like the default color on the navigation menu, you can change it to a different color by clicking the theme configuration icon on the bottom of the navigation menu,
then select navigation menu options and set the color palette. For example, I selected Midnight blue.
Save the change.
Setting Up Reverse Proxy
If you install Webmin on a production server, you might want to set up reverse proxy with Apache or Nginx so that you can use a domain name to access the Webmin interface without specifying the port number (10000). This also allows you to obtain and install a valid Let’s Encrypt TLS certificate for Webmin.
If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.
Apache
If you prefer to use Apache web server, then follow the instructions below to set up reverse proxy.
Install Apache web server.
sudo dnf install httpd
Then create a virtual host file for Webmin.
sudo nano /etc/httpd/conf.d/webmin.conf
Add the following texts into the file. Replace webmin.your-domain.com with your actual domain name and don’t forget to create DNS A record for it.
<VirtualHost *:80>
ServerName webmin.your-domain.com
ProxyPass / http://127.0.0.1:10000/
ProxyPassReverse / http://127.0.0.1:10000/
</VirtualHost>
Save and close the file. Reload Apache for the changes to take effect.
sudo systemctl reload httpd
By default, SELinux forbids Apache to make network requests to other servers, but later Apache needs to forward HTTP requests to 127.0.0.1:10000, so we need to tell SELinux to allow Apache with the following command.
sudo setsebool -P httpd_can_network_connect 1
Now you can remotely access Webmin by entering the domain name (webmin.your-domain.com ) in browser address bar.
Nginx
If you prefer to use Nginx web server, then follow the instructions below to set up reverse proxy.
Install Nginx on CentOS/RHEL.
sudo dnf install nginx
Start Nginx web server.
sudo systemctl start nginx
Then create a new server block file in /etc/nginx/conf.d/ directory.
sudo nano /etc/nginx/conf.d/webmin.conf
Paste the following text into the file. Replace webmin.your-domain.com with your preferred domain name and don’t forget to create DNS A record for it.
server {
listen 80;
listen [::]:80;
server_name webmin.your-domain.com;
access_log /var/log/nginx/webmin.access;
error_log /var/log/nginx/webmin.error;
location / {
proxy_pass http://127.0.0.1:10000;
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Save and close the file. Then test Nginx configuration.
sudo nginx -t
If the test is successful, reload Nginx.
sudo systemctl reload nginx
By default, SELinux forbids Nginx to make network requests to other servers, but later Nginx needs to forward HTTP requests to 127.0.0.1:10000, so we need to tell SELinux to allow Nginx with the following command.
sudo setsebool -P httpd_can_network_connect 1
Now you can access Webmin Web interface via webmin.your-domain.com.
Enable HTTPS
To encrypt the HTTP traffic when you visit Webmin web interface, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on CentOS/RHEL.
sudo dnf install certbot
If you use Apache, then you need to install the Certbot Apache plugin.
sudo dnf install python3-certbot-apache
Next, run the following command to obtain and install TLS certificate.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com
If you use Nginx, then you need to install the Certbot Nginx plugin.
sudo dnf install python3-certbot-nginx
Next, run the following command to obtain and install TLS certificate.
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com
Where:
--apache: Use the Apache plugin.--nginx: Use the nginx plugin.--agree-tos: Agree to terms of service.--redirect: Force HTTPS by 301 redirect.--hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
The certificate should now be obtained and automatically installed. And you will be able to access Webmin web interface over a secure HTTPS connection.
Add Trusted Referrers
Because Webmin itself is running in HTTP mode and we enabled HTTPS in Apache/Nginx, Webmin will think that https://webmin.your-domain.com is outside the Webmin server. So we need to add trusted referrers.
Edit the Webmin config file.
sudo nano /etc/webmin/config
Add the following line at the end.
referers=webmin.your-domain.com
Save and close the file. Then restart Webmin.
sudo systemctl restart webmin
Disable HTTPS Mode in Webmin
Now that TLS connection is terminated at Apache/Nginx, we need to disable HTTPS mode in the Webmin’s built-in web server. Edit the Webmin configuration file.
sudo nano /etc/webmin/miniserv.conf
Find the following line.
ssl=1
Change it to the following to disable HTTPS mode in Webmin.
ssl=0
We can also add the following line in this file so that the built-in web server only allows access from localhost. Visitors using the http://public-ip:10000 scheme will be forbidden.
allow=127.0.0.1
Save and close the file. Then restart Webmin.
sudo systemctl restart webmin
Troubleshooting
If you see any errors, you can check the Webmin error log (/var/webmin/miniserv.error) to troubleshoot.
Wrapping Up
I hope this tutorial helped you install Webmin on CentOS 8/RHEL 8. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂
Why would you due a guide to anything centos 8 related. Centos 8 is no longer supported.
This title includes CentOS 8/RHEL 8, so this works for both CentOS 8 and Red Hat Enterprise Linux 8.
When CentOS 8 replacements such as Rocky Linux release production-ready builds, you can apply CentOS 8/RHEL 8 tutorials on Rocky Linux.
Technically CentOS 8 is still supported now. It will reach end-of-life on December 31, 2021. Even after that, you can convert CentOS 8 to CentOS Stream, which is very similar to RHEL 8.
Hi,
How can i get Virtualmin to work with your Postfix with virtual domains?
Thanks
I had a fresh installation of RHEL8.5 and I got the Webmin installed ..BUT: I tried to create LDAP-connector, then the Webmin said: Net:LDAP module missing. So I installed the CPAN, GCC, and the perl modules but unfortunately it could not install the LDAP perl-module. Any Idea ? Should the webmin have better way to support ldap-connections ?