Theo B, Kathleen Juell, Mark Drake, and Tony Tran
Webmin is a modern web control panel that allows you to administer your Linux server through a browser-based interface. With Webmin, you can manage user accounts, configure DNS settings, and change settings for common packages on the fly.
In this tutorial, you’ll install and configure Webmin on your server and secure access to the interface with a valid certificate from Let’s Encrypt. You’ll then use Webmin to add new user accounts, and update all packages on your server from the dashboard.
To complete this tutorial, you will need:
First, update your server’s package index if you’ve not done so recently:
- sudo apt update
Then you need to add the Webmin repository so that you can install and update Webmin using your package manager. In order for your system to trust this new repository, first you’ll download Webmin’s PGP key and then convert it to a format that apt
can use to verify files:
- curl -fsSL https://download.webmin.com/jcameron-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/webmin.gpg
This downloaded key is the same key that was used by the creator of Webmin to sign the package, and you will use this key to verify the package’s authenticity. In order to convert the .asc
file to a workable .gpg
file, the gpg --dearmor
command is necessary.
Next you will add this repository to your /etc/apt/sources.list
file, while referencing your newly converted file you just acquired in the previous step.
Open the file in your preferred editor. Here, you’ll use nano
:
- sudo nano /etc/apt/sources.list
Then add this line to the bottom of the file to add the new repository:
. . .
deb [signed-by=/usr/share/keyrings/webmin.gpg] http://download.webmin.com/download/repository sarge contrib
Save the file and exit the editor. If you had used nano
to edit, you can exit by pressing CTRL+X
, Y
, then ENTER
.
Next, update the list of packages again in order to include the now-trusted Webmin repository:
- sudo apt update
Then install Webmin:
- sudo apt install webmin
Once the installation finishes, you’ll be presented with the following output:
Output. . .
Webmin install complete. You can now login to
https://your_server:10000 as root with your
root password, or as any user who can use sudo.
Note: Assuming you installed and enabled ufw
during the prerequisite step, you will need to run the following command in order to allow Webmin through the firewall:
- sudo ufw allow 10000
For extra security, you may want to configure your firewall to only allow access to this port from certain IP ranges.
Next, you’ll secure access to Webmin by adding a valid certificate.
Webmin is already configured to use HTTPS, but it uses a self-signed, untrusted certificate. Let’s replace it with a valid certificate from Let’s Encrypt.
Navigate to https://your_domain:10000
in your web browser, replacing your_domain
with the domain name pointing to your server’s IP address.
Note: When logging in for the first time, you will see an “Invalid SSL” warning. This warning may say something different depending on your browser, but the reason for it is that the server has generated a self-signed certificate. Allow the exception and proceed to your domain so you can replace the self-signed certificate with one from Let’s Encrypt.
You’ll be presented with a login screen. Sign in with the non-root user you created while fulfilling the prerequisites for this tutorial.
Once you log in, the first screen you will see is the Webmin dashboard. Before you can apply a valid certificate, you have to set the server’s hostname. Look for the System hostname field and click on the link to the right, as shown in the following figure:
This will take you to the Hostname and DNS Client page. Locate the Hostname field, and enter your Fully-Qualified Domain Name into the field. Then click the Save button at the bottom of the page to apply the setting.
After you’ve set your hostname, click on the Webmin dropdown menu in the left-hand navigation bar, and then click on Webmin Configuration.
From the Webmin Configuration page, select SSL Encryption from the list of icons, and then click on the Let’s Encrypt tab. You’ll see a screen like the following figure:
On this page, you’ll tell Webmin how to obtain and renew your certificate. Let’s Encrypt certificates expire after 3 months, but you can instruct Webmin to automatically attempt to renew the Let’s Encrypt certificate every month. Let’s Encrypt looks for a verification file on the server, so you’ll configure Webmin to place the verification file inside the folder /var/www/your_domain
, which is the folder that the Apache web server you configured in the prerequisites uses. Follow these steps to set up your certificate:
/var/www/your_domain
.1
into the input box, and select the radio button to the left of the input box.Click the Request Certificate button. After a few seconds, you will see a confirmation screen.
To use the new certificate, click the Return to Webmin configuration button on the confirmation screen. From that page, scroll down and click the Restart Webmin button. Wait around 30 seconds, and then reload the page and log in again. Your browser should now indicate that the certificate is valid.
You’ve now set up a secured working instance of Webmin. Next is approaching how to use it.
Webmin has many different modules that can control everything from the BIND DNS Server to adding users to the system. You’ll look at how to create a new user, and then explore how to update your system’s packages using Webmin.
First is exploring how to manage the users and groups on your server.
Click the System dropdown menu in the left-hand sidebar, and then click the link for Users and Groups. From here, you can add and manage users and groups.
Next, create a new user called deploy which you can use to host web applications. When creating a user, you can set options for password expiry, the user’s shell, and whether or not they are allowed a home directory.
To add a user, click Create a new user, which is located at the top of the users table. This displays the Create User screen, where you can supply the username, password, groups and other options. Follow these instructions to create the user:
deploy
.Deployment user
.After making those selections, press Create. This will create the deploy user in short order.
Next, you’ll look at how to install updates to your system.
Webmin lets you update all of your packages through its user interface. To update all of your packages, first, click the Dashboard button above the left-hand sidebar, and then locate the Package updates field. If there are updates available, you’ll see a link that states the number of available updates.
Click this link, and then press Update selected packages to start the update. You may be asked to reboot the server, which you can also do through the Webmin interface.
You now have a secured working instance of Webmin and you’ve used the interface to create a user and update packages. Webmin gives you access to many things you’d normally need to access through the console, and it organizes them in an intuitive way. For example, if you have Apache installed, you would find the configuration tab for it under Servers, and then Apache.
Explore the interface, or read the Official Webmin wiki to learn more about managing your system with Webmin.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
so great site, great page, you guys seem to do a lot of great stuff, I’ve benifetted from your pages for many years. in this rare instance I ran into an issue where the downloaded/converted gpg key was not being properly used to obtain a package list from the webmin repo.
Taking part of the error string thrown when trying to run apt update to google and trying the right result first time…
search-string: GPG error: https://download.webmin.com/download/newkey/repository stable Release: The following signatures couldn’t be verified
site-with-answer: https://forum.virtualmin.com/t/how-to-fix-webmin-repo-no-pubkey-2d223b918916f2a2/121805
with solution: The fix to this issue is as simple as: wget https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh sh setup-repos.sh
so…the solution is download shell script from the internet and run it on your system - never a good plan typically but in this case it worked fine. I had not read the little works and things in between the blue’ish boxes with the big ‘copy me’ buttons on them and so when I had uh… decided to not modify my /etc/apt/sources.repos file but instead put a .list file under sources.repos.d (why are you guys still modifying sources.repos in 2024?) the path to the converted gpg file wasn’t correct - so I could have probably fixed this as well another way. But the script worked and so I had run out of problems to … uh… fix.
Yay! Woot Woot. success.
I don’t know why you removed the comment left by someone back on 21 May 2022 but there’s no way that comment was worse then this…sigh.
This comment has been deleted