How to Install Webmin on Rocky Linux 9

Introduction

Webmin is an open-source web-based server management control panel that runs on Unix-like systems. Webmin lets you perform tasks such as user account management, disk quotas, networking, system monitoring, and software management using a graphical user interface (GUI).

This article explains how to install Webmin on Rocky Linux 9 and secure the application with trusted SSL certificates.

Prerequisites

Before you begin:

• Deploy a Rocky Linux 9 instance on Vultr.
• Create a new domain A record pointing to the instance's public IP address. For example, webmin.example.com.
• Access the instance using SSH as a non-root user with sudo privileges.
• Update the instance.

Install Webmin

Webmin is not available in the default Rocky Linux repositories. Follow the steps below to download the latest Webmin repository setup script and install Webmin on your server.

1. Download the latest Webmin repository script.

   console Copy

   $ sudo curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
   

2. Run the script using Bash.

   console Copy

   $ sudo bash setup-repos.sh
   

   Your output should be similar to the one below.

    Downloading Webmin key ..
    .. done
    Installing Webmin key ..
    .. done
    Setting up Webmin repository ..
    .. done
    Webmin package can now be installed using dnf install webmin command.

3. Install Webmin.

   console Copy

   $ sudo dnf install webmin -y
   

4. View the Webmin system service status and verify that it's running.

   console Copy

   $ sudo systemctl status webmin
   

   Output:

   ● webmin.service - Webmin server daemon
           Loaded: loaded (/usr/lib/systemd/system/webmin.service; enabled; preset: disabled)
           Active: active (running) since Thu 2024-08-08 13:34:14 UTC; 20s ago
       Process: 6493 ExecStart=/usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf (code=exited, statu>
       Main PID: 6496 (miniserv.pl)
           Tasks: 1 (limit: 48896)
           Memory: 27.2M
           CPU: 7.539s
           CGroup: /system.slice/webmin.service
                   └─6496 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf

Secure Webmin

Webmin listens for HTTP connections on port 10000 by default. To secure Webmin, you must generate trusted SSL certificates for HTTPS connections. Follow the steps below to generate Let's Encrypt SSL certificates.

1. Allow HTTP connections on port 80 through the firewall to enable Let's Encrypt validations.

   console Copy

   $ sudo firewall-cmd --add-port=80/tcp --permanent
   

2. Reload the firewall to apply new connection changes.

   console Copy

   $ sudo firewall-cmd --reload
   

3. Install the Certbot Let's Encrypt client application.

   console Copy

   $ sudo dnf install certbot -y
   

4. Use certbot to generate a new SSL certificate for your Webmin domain. Replace webmin.example.com with your actual domain name and webmin@example.com with your email address.

   console Copy

   $ sudo certbot certonly --standalone -d webmin.example.com -m webmin@example.com --agree-tos
   

   When the SSL certificate issuance process is successful, your output should be similar to the one below.

   Saving debug log to /var/log/letsencrypt/letsencrypt.log
   ..................
   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/webmin.example.com/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/webmin.example.com/privkey.pem
   This certificate expires on 2024-11-06.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.

5. Merge the SSL certificate and private key into a single .pem file, such as, webmin.pem.

   console Copy

   $ sudo cat /etc/letsencrypt/live/webmin.example.com/fullchain.pem /etc/letsencrypt/live/webmin.example.com/privkey.pem > webmin.pem
   

6. Move the new webmin.pem file to the /etc/webmin/ Webmin data directory.

   console Copy

   $ sudo mv webmin.pem /etc/webmin/
   

7. Open the main Webmin configuration file /etc/webmin/miniserv.conf using a text editor such as nano.

   console Copy

   $ sudo nano /etc/webmin/miniserv.conf
   

8. Find and replace the keyfile value with your .pem file's location.

   ini Copy

   keyfile=/etc/webmin/webmin.pem
   

9. Restart Webmin to apply the configuration changes.

   console Copy

   $ sudo systemctl restart webmin
   

Set Up Firewall Rules for Webmin

Firewalld is available and active on Vultr Rocky Linux 9 instances by default and enables you to set up new rules to filter network traffic. Follow the steps below to allow access to the Webmin port 10000 to allow HTTPS connections.

1. Allow the Webmin port 10000 through the firewall.

   console Copy

   $ sudo firewall-cmd --add-port=10000/tcp --permanent
   

2. Allow the HTTPS port 443 through the firewall.

   console Copy

   $ sudo firewall-cmd --add-port=443/tcp --permanent
   

3. Deny insecure HTTP connections.

   console Copy

   $ sudo firewall-cmd --zone=public --remove-service=http --permanent
   

4. Reload the firewall to apply the changes.

   console Copy

   $ sudo firewall-cmd --reload
   

5. View the firewall status to verify all active network rules.

   console Copy

   $ sudo firewall-cmd --list-all
   

   Your output should look like the one below.

   public (active)
   target: default
   icmp-block-inversion: no
   interfaces: enp3s0
   sources:
   services: cockpit dhcpv6-client ssh
   **ports: 10000/tcp 80/tcp 443/tcp**
   protocols:
   forward: yes
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

Access Webmin

The Webmin web administration control panel is active and listens for connections on the default port 10000. Follow the steps below to access the Webmin interface.

1. Access your Webmin domain using a web browser.

   https://webmin.example.com:10000

2. Enter non-root sudo user credentials and click Sign In to access the Webmin control panel.

   

3. View your system information within the Webmin dashboard including the CPU usage, memory usage, disk space, running processes, and other important statistics.

   

4. Expand the System and click Software Package Updates to view packages that require updates.

   

5. Select and verify the list of packages that require updates. Then, click Update Selected Packages to update the selected packages.

Access The Webmin Terminal

1. Navigate to Tools and select Terminal to open a new terminal shell and verify that the following error displays.

   The Perl module IO::Pty is missing, but can be installed automatically using Webmin's Perl Modules module. It is recommended to have EPEL repository enabled first.

   

   The above error occurs because the perl-IO-Tty module is not installed on Rocky Linux 9 by default.

2. Access your instance's terminal session and enable the CBR repository to install the perl-IO-Tty package.

   console Copy

   $ sudo dnf config-manager --set-enabled crb
   

3. Install perl-IO-Tty.

   console Copy

   $ sudo dnf install perl-IO-Tty -y
   

4. Access the Webmin dashboard in your browser.

   https://webmin.example.com:10000

5. Navigate to Tools and select Terminal to open a new terminal shell.

   

Conclusion

You have installed Webmin on a Rocky Linux 9 and secured access to the control panel using SSL certificates. Webmin is highly extensible with tools such as Virtualmin to manage applications and configurations. For more information, please visit the Webmin documentation.