ServerBuddies Support Blog

Running Webmin Under Apache

Webmin includes a dedicated web server called miniserv.pl that is designed to run Webmin. It provides a number of additional security features, plus performance enhancements like configurable caching of Webmin libraries. Running Webmin under another web server is not recommended, but it is possible if necessary. There is no performance or security benefit to running Webmin under Apache (or any other web server).

To use Apache instead of miniserv.pl, follow these steps:

Create a new Apache virtual server with the document set to the directory where you installed Webmin, using a directive like DocumentRoot? /usr/local/webmin-1.330.

Configure Apache to treat all files with the .cgi extension as CGI programs, with the AddHandler? cgi-script .cgi directive.

Add index.cgi to the DirectoryIndex? directive.

Webmin CGI programs have their config directory passed to them in the WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG environment variables. For Apache to do this, you need to add the directives

Create a new section for the root directory, like

Add the directive Options ExecCGI? to the new section.

Password-protect the virtual server by putting directives like AuthName? Webmin AuthType? basic AuthUserFile? /etc/webmin/htusers require valid-user Inside the section. The file /etc/webmin/htusers must contains users who match up with those in /etc/webmin/webmin.acl.

Make all the Webmin programs owned by root and setuid with the commands

Add the -U flag to the perl line in all the Webmin scripts. This can be easily done with the following command run from the webmin-1.330 directory

This assumes that Perl is installed as /usr/bin/perl on your system.

Configure Webmin to use the ‘Default Webmin Theme’, as Apache cannot support Webmin’s theming system.

Make sure that the setuid scripts cannot be run by other users on your system, by setting the permissions on /usr/local/webmin-1.330 to 700 and changing its ownership to the user your webserver runs as. Otherwise any user would be able to execute any command as root by running some of the scripts.

You should now be able to start Apache and login to Webmin at whatever URL your Apache server is running on. Note that the Webmin Users and Webmin Configuration modules will not work, as they configure miniserv.pl and cannot deal with Apache.
Some versions of Perl refuse to run in setuid mode, and fail with an error like can’t do setuid. The solution is to install the special suidperl program and edit the Webmin CGI scripts to use it instead.

In Webmin versions 0.965 and above, it is possible to run Webmin under Apache in a subdirectory rather than at the top level of a virtual server. This means that Webmin could be accessed at a URL like http://www.yourdomain.com/webmin/ . The

steps to take to set this up are :

Create a new Alias that maps some URL path like /webmin to the directory where Webmin is installed, such as /usr/local/webmin-1.330.

In the directory section, configure Apache to treat all files with the .cgi extension as CGI programs, with the AddHandler? cgi-script .cgi directive.

Add the directives DirectoryIndex? index.cgi and Options ExecCGI? to the directory section.

Webmin CGI programs have their config directory passed to them in the WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG environment variables. For Apache to do this, you need to add the directives

Password-protect the virtual server by putting directives like AuthName? Webmin

Make all the Webmin programs owned by root and setuid with the commands

Add the -U flag to the perl line in all the Webmin scripts. This can be easily done with the following command run from the webmin-1.330 directory

Configure Webmin to use the ‘Default Webmin Theme’, as Apache cannot support Webmin’s theming system.

Make sure that the setuid scripts cannot be run by other users on your system, by setting the permissions on /usr/local/webmin-1.330 to 700 and changing its ownership to the user your webserver runs as. Otherwise any user would be able to execute any command as root by running some of the scripts.

Restoring a backup in Webmin

If you find that a config file on your system has been corrupted, incorrectly edited or mistakenly deleted, it can be easily restored using this module.

The steps to perform a restore are :

Click on the Restore now tab.

Select the module or modules whose config files you want to restore from the Modules to restore menu.
In the Restore from section, enter the path to a local or remote file that was originally created by this module.

To be useful, it must contain backups for the modules that you selected above.

Click the Restore Now button.

If all goes well, a page will be displayed showing the number of modules and files restored.

Files will be restored to their original locations on the system, rather than the paths that are set on the Module Config pages of the selected modules.

Creating a scheduled backup in Webmin

Once you have performed a manual backup, you can schedule it to run on a regular basis as follows :

Click on the Scheduled backups tab.

Click the Add a new scheduled backup link, which will open the form shown below.

Select the modules whose config files you want to include from the Modules to backup list.

Enter a local or remote file destination in the Backup destination section.

If you want to be notified about the status of this backup, enter your email address in the Email result to address field.

In the Scheduled backup enabled? field select Yes, and choose the times and days for the backup to run from the Cron time selector below it.

Click the Create button.

Once a scheduled backup has been created, you can edit or remove it by clicking on the destination path in the table under the Scheduled backups tab.

Webmin Backup Configuration Files module

Most Webmin modules work by editing configuration files on your system, like /etc/exports for NFS shares, /etc/passwd for users and /etc/fstab for filesystems.

Each module knows which configuration files it manages, and what commands need to be run to activate them.

Not all modules actually deal with config files though - for example, the MySQL module works by executing SQL commands.

The Backup Configuration Files module

To perform an immediate config backup, follow these steps :

Click on the Backup now tab.

In the Modules to backup list, select the modules you want to backup config files for, such as Users and Groups. Multiple modules can be selected by ctrl-clicking.

In the Backup destination field, select Local file and enter a path to write the backup to. This should be given a tar.gz extension, as that is the file format used.

Click the Backup Now button.

Installing Webmin on Debian

If you are using the DEB version of webmin, first download the file and then run the command :

The install will be done automatically to /usr/share/webmin, the administration username set to root and the password to your current root password.

You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system’s IP address.

If Debian complains about missing dependencies, you can install them with the command :

If you are installing on Ubuntu and the apt-get command reports that some of the packages cannot be found, edit /etc/apt/sources.list and make sure the lines ending with universe are not commented out.

Some Debian-based distributions (Ubuntu in particular) don’t allow logins by the root user by default.

However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges.

If you want to connect from a remote server and your system has a firewall installed, see this page for instructions on how to open up port 10000.