This is my first post here, So I figured I would help some people out instead of asking questions.
I have spent the last 1.5 years messing around with my Raspberry Pi 4, setting it up to do a bunch of cool things. I have hosted wordpress websites, Gitlab instances, VPN servers, Media/File servers, SSH network access point, etc.
In setting all these things up, I decided to get myself a domain (Lets call it Doomain for this post).
After that, I worked through the incredibly frustrating process of trying to get SSL to work for my apache hosts. (Hint: use Certbot and follow the instructions). After getting that setup, I was able to access my webpages using SSL, making them far more secure for myself and others.
Through this whole process I had a Webmin instance that always ran, giving me a UI for some of the file accessing and server configuration. But this server was not accessible outside of my home network. One easy solution to this is to forward port 10000 to my Raspberry Pi, but I didnt want to do this (security, cleanliness, port blocking by ISP). Instead, I looked into using Apache as a Proxy for Webmin.
It was sort of difficult at the start, but I eventually figured out configuration that worked, thanks to this post and Certbot's guide.
The only compromise I have had to accept is that the link between Apache and Webmin is HTTP and not HTTPS with SSL, while this is not ideal, it is not terribly insecure as port 10000 is not accessible from outside the network. So an attacker would have to already be in the network to see any Webmin traffic. Also, traffic between Apache and Webmin is handled on the Raspberry Pi itself, so it doesnt pass over the local network. Here is how I set it up.:
1:
If you dont already have SSL certificates setup, follow the Certbot's guide to get a certificate for your domain and subdomains.
2:
Login to your webmin instance at https://local-server-ip:10000. Navigate to Webmin->Webmin Configuration->Trusted Referrers and add your expected domain to the "Trusted Website" field.
(Alternatively add referrers=subdomain.domain.com to /etc/webmin/config).
3:
Navigate to Webmin->Webmin Configuration->SSL Encryption and disable SSL:
4:
Configure your apache Virtual host with proxy. My config has forwarding from HTTP to HTTPS, this will be usefull later and is generally a good idea if you have SSL working (HTTPS is always better). I have my Webmin proxy setup on a subdomain because I wanted to use my root domain for a website. Here is my config file:
Note: The correct location to place the .conf file is under /etc/apache2/sites-available/ and then create a soft-link to file in the /etc/apache2/sites-enabled directory. That way you can delete the soft-link to disable the website and still have the config file 👍.
5:
Restart Apache with sudo service apache2 restart and restart Webmin with sudo service webmin restart
6:
When you login over your domain, you may notice that it redirects you incorrectly to https://Webmin.Doemain.com:10000, This is due to miniserv redirect defaults (Refer to issue #1135). In order to fix it, add redirect_port=80 to /etc/webmin/miniserv.conf. Dont use port 443, as it will cause issues with Webmin http.
All Done!
You should now have a secure connection to your webmin server through your own domain using Lets-Encrypt SSL certificates. If you have issues with setting up the Apache server, try hosting a normal static http/https site first to make sure Apache is working before messing with the proxy to Webmin. To clear up issues, refer to Ubuntu's guide or search Google for "apache server setup" and there should be countless guides available.
Hello Everyone!
This is my first post here, So I figured I would help some people out instead of asking questions.
I have spent the last 1.5 years messing around with my Raspberry Pi 4, setting it up to do a bunch of cool things. I have hosted wordpress websites, Gitlab instances, VPN servers, Media/File servers, SSH network access point, etc.
In setting all these things up, I decided to get myself a domain (Lets call it Doomain for this post).
After that, I worked through the incredibly frustrating process of trying to get SSL to work for my apache hosts. (Hint: use Certbot and follow the instructions). After getting that setup, I was able to access my webpages using SSL, making them far more secure for myself and others.
Through this whole process I had a Webmin instance that always ran, giving me a UI for some of the file accessing and server configuration. But this server was not accessible outside of my home network. One easy solution to this is to forward port 10000 to my Raspberry Pi, but I didnt want to do this (security, cleanliness, port blocking by ISP). Instead, I looked into using Apache as a Proxy for Webmin.
It was sort of difficult at the start, but I eventually figured out configuration that worked, thanks to this post and Certbot's guide.
The only compromise I have had to accept is that the link between Apache and Webmin is HTTP and not HTTPS with SSL, while this is not ideal, it is not terribly insecure as port 10000 is not accessible from outside the network. So an attacker would have to already be in the network to see any Webmin traffic. Also, traffic between Apache and Webmin is handled on the Raspberry Pi itself, so it doesnt pass over the local network. Here is how I set it up.:
1:
If you dont already have SSL certificates setup, follow the Certbot's guide to get a certificate for your domain and subdomains.
2:
Login to your webmin instance at https://local-server-ip:10000. Navigate to Webmin->Webmin Configuration->Trusted Referrers and add your expected domain to the "Trusted Website" field.
(Alternatively add
referrers=subdomain.domain.comto/etc/webmin/config).3:
Navigate to Webmin->Webmin Configuration->SSL Encryption and disable SSL:
4:
Configure your apache Virtual host with proxy. My config has forwarding from HTTP to HTTPS, this will be usefull later and is generally a good idea if you have SSL working (HTTPS is always better). I have my Webmin proxy setup on a subdomain because I wanted to use my root domain for a website. Here is my config file:
/etc/apache2/sites-enabled/Webmin.Doomain.com.confNote: The correct location to place the
.conffile is under/etc/apache2/sites-available/and then create a soft-link to file in the/etc/apache2/sites-enableddirectory. That way you can delete the soft-link to disable the website and still have the config file 👍.5:
Restart Apache with
sudo service apache2 restartand restart Webmin withsudo service webmin restart6:
When you login over your domain, you may notice that it redirects you incorrectly to https://Webmin.Doemain.com:10000, This is due to miniserv redirect defaults (Refer to issue #1135). In order to fix it, add
redirect_port=80to/etc/webmin/miniserv.conf. Dont use port 443, as it will cause issues with Webmin http.All Done!
You should now have a secure connection to your webmin server through your own domain using Lets-Encrypt SSL certificates. If you have issues with setting up the Apache server, try hosting a normal static http/https site first to make sure Apache is working before messing with the proxy to Webmin. To clear up issues, refer to Ubuntu's guide or search Google for "apache server setup" and there should be countless guides available.
Last edit: Austin Milne 2020-04-16