How to Install Virtualmin on Ubuntu 24.04

Introduction

Virtualmin is an open-source flexible web hosting control panel designed for Linux and UNIX systems. It allows you to manage multiple domains, email accounts, databases, DNS configurations, and applications using a single web-based interface. Virtualmin supports various web server, databases, and mail server applications to securely deliver services using virtual servers with advanced monitoring and alerting tools for server resources, performance, and website traffic.

This article explains how to install Virtualmin on a Ubuntu 24.04 server. You will create a new virtual host web application using Virtualmin and secure the website with a trusted Let's Encrypt TLS/SSL certificates.

Prerequisites

• Deploy a Ubuntu 24.04 instance on Vultr with at least 2 GB RAM and 2 CPU cores.
• Create a domain name A record pointing to the server IP address. For example, virtualmin.example.com.
• Access the instance using SSH as a non-root user with sudo privileges.
• Update the server.
• Install a 2FA application such as Google Authenticator on your device.

Install Virtualmin

Virtualmin is not available in the default package repositories on Ubuntu 24.04. Follow the steps below to download the latest installation script and install Virtualmin on your server.

1. Set your domain as the new server hostname. For example, virtualmin.example.com.

   console Copy

   $ sudo hostnamectl set-hostname virtualmin.example.com
   

2. Download and run the Virtualmin installation script. The command below installs the open source (GPL) edition of Virtualmin with the LAMP stack.

   console Copy

   $ sudo sh -c "$(curl -fsSL https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh)" -- --bundle LAMP
   

   Enter Y to proceed with the installation.

   Wait for at least 5 to 10 minutes for the installation to complete.

   [SUCCESS] Installation Complete!
   [SUCCESS] If there were no errors above, Virtualmin should be ready
   [SUCCESS] to configure at https://virtualmin.example.com:10000 (or https://192.0.2.1:10000).

Secure Virtualmin

Follow the steps below to generate trusted Let's Encrypt SSL certificates and secure all network connections to the Virtualmin web administration interface.

1. Stop the Apache service to ensure Certbot can bind to port 80.

   console Copy

   $ sudo systemctl stop apache2
   

2. Install the Certbot package Let's Encrypt client to manage your SSL certificates.

   console Copy

   $ sudo apt install certbot
   

3. Request a new SSL certificate using your domain. Replace virtualmin.example.com and virtualmin@example.com with your actual details.

   console Copy

   $ sudo certbot certonly --standalone -d virtualmin.example.com -m virtualmin@example.com --agree-tos
   

   Enter U and press the Enter when prompted key to update the default SSL key type to ECDSA and apply changes to the /etc/webmin/miniserv.conf configuration file.

   Saving debug log to /var/log/letsencrypt/letsencrypt.log
   
   An RSA certificate named virtualmin.example.com already exists. Do you want to
   update its key type to ECDSA?
   
   (U)pdate key type/(K)eep existing key type: 

   Your output should look like the one below when the SSL certificate request is successful.

   Renewing an existing certificate for virtualmin.example.com
   
   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/virtualmin.example.com/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/virtualmin.example.com/privkey.pem
   This certificate expires on 2024-10-15.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.
   
   If you like Certbot, please consider supporting our work by:
    * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    * Donating to EFF:                    https://eff.org/donate-le

4. Restart the Webmin service to apply your configuration changes.

   console Copy

   $ sudo systemctl restart webmin
   

5. Start the Apache service.

   console Copy

   $ sudo systemctl start apache2
   

Set Up Firewall Rules

Virtualmin uses the firewalld utility to manage firewall processes on your server. Follow the steps below to allow all necessary Virtualmin ports and other services through the firewall.

1. View the firewalld service status and verify that it's running.

   console Copy

   $ sudo systemctl status firewalld
   

   Output:

   ● firewalld.service - firewalld - dynamic firewall daemon
        Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; preset: enabled)
        Active: active (running) since Wed 2024-07-17 04:31:35 UTC; 35min ago
          Docs: man:firewalld(1)
      Main PID: 36516 (firewalld)
         Tasks: 2 (limit: 2299)
        Memory: 40.8M
           CPU: 4.132s
        CGroup: /system.slice/firewalld.service
                └─36516 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

2. View all allowed ports in the firewall configuration.

   console Copy

   $ sudo firewall-cmd --zone=public --list-ports
   

   Output:

   20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 49152-65535/tcp

3. View all allowed services.

   console Copy

   $ sudo firewall-cmd --zone=public --list-services
   

   Output:

   dhcpv6-client dns dns-over-tls ftp http https imap imaps mdns pop3 pop3s smtp smtp-submission smtps ssh

Access Virtualmin

Virtualmin runs on the default TCP port 10000 by default. Follow the steos below to access the Virtualmin web administration interface and create a new virtual server.

1. Access your domain on port 10000 to open the Virtualmin control panel interface.

   https://virtualmin.example.com:10000

   Enter your sudo user account details to log in to the Virtualmin interface.

   

2. Click Next within the Post-Installation Wizard to set up any additional configurations on your server.

   

3. Find and click Dashboard on the left navigation bar to access the system performance page.

   

Enable 2-Factor Authentication

2-factor authentication (2FA) adds an extra layer of security to password-based authentication. 2FA allows you to generate a one-time code on your mobile device to use when logging in to Virtualmin to verify your identity. Follow the steps below to protect Virtualmin login with 2FA using the Google Authenticator application.

1. Scroll down on the left navigation bar and click your username at the bottom of the page.

   

2. Expand the Security and limits options section.

3. Click Enable Two-Factor For User.

   

4. Click Enroll For Two-Factor Authentication.

   

5. Scan the displayed QR code on the page with your authenticator application.

6. Scroll down on the left navigation bar to log out of Virtualmin.

   

7. Log in with your non-root user credentials to test 2FA.

   

8. Verify that Virtualmin requires the 2FA token to log in.

9. Enter the 2FA token from the app.

   

10. Press Verify to log in to the Virtualmin web administration interface.

Conclusion

You have installed Virtualmin using the automatic installation script. You have learned to use the control panel to perform server operations and secure it by integrating 2-factor authentication. You have also created a new website, the web interface with automatic HTTPS setup through Let's Encrypt. You have also closed unnecessary ports for unused services and learned to use the Virtualmin firewall. For more information about Virtualmin, visit the official documentation.