Geting Virtualmin running

32 posts / 0 new
Last post
#1 Tue, 05/20/2008 - 12:13
lotek

Geting Virtualmin running

Ok. So I posted a little blog about my frustrations with usermin and virtualmin and Joe warmingly invited me over here to get my problems solved. So here's my problem. Everything! No not really.

Ok. So I've got a fresh install of Ubuntu 7.10 with LVM. I've got Apache2, PHP5, postfix, proftpd, open-ssh, webalizer, pop3/IMAP, yada-yada. I use dyndns.org for my sites which I thought would work, and it kinda does, but not really right now. Right now, when I put in my domain name it gives me a 403 forbidden error message. When I try to access virtualmin on 10000, I get an unable to connect. I can get to it using the local ip address. My DocumentRoot is defined in my apache2.conf as "/etc/webmin/". I changed it to "/etc/webmin" and that did nothing either.

Here's the output of my httpd.conf:

<Directory / > AllowOverride None Order deny,allow Deny from all Options -Indexes </Directory> <Directory /usr/doc> AllowOverride None Order deny,allow Deny from all </Directory> <Location /server-status> SetHandler server-status Order deny,allow Deny from all </Location> <IfModule mod_mime.c> AddHandler cgi-script .cgi </IfModule> SetEnv WEBMIN_CONFIG /etc/webmin SetEnv WEBMIN_VAR /var/webmin SetEnv SERVER_ROOT /usr/share/webmin SetEnv MINISERV_CONFIG /etc/webmin/miniserv.conf <Directory /etc/webmin> Options ExecCGI AuthName Webmin AuthType basic AuthUserFile /etc/webmin/htusers require valid-user </Directory> <Directory /usr/local/webmin> Options ExecCGI AuthName Webmin AuthType basic AuthUserFile /etc/webmin/htusers require valid-user </Directory> TraceEnable off

I don't understand what I've got misconfigured. I know it's something I've done. I'm just hoping it's not an RTFM thing 'cause that would really suck. Thanks for the help.

Tue, 05/20/2008 - 15:52
ronald
ronald's picture

DocumentRoot &quot;etc/webmin&quot; ?
DocumentRoot /var/www/html should be more appropriate or however Ubuntu has its paths named

# This should be changed to whatever you set DocumentRoot to.
#
&lt;Directory &quot;/var/www/html&quot;&gt;

also:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the &lt;VirtualHost&gt;
# directive.
Listen my.ip.goes.here:80

hope it helps a bit&lt;br&gt;&lt;br&gt;Post edited by: ronald, at: 2008/05/20 15:55

Wed, 05/21/2008 - 08:50 (Reply to #2)
ronald
ronald's picture

/etc/apache2/sites-available/default is not generated by Virtualmin, else I would have had it too and I don't. So i think it belongs to ubuntu

Also &quot; SetEnv WEBMIN_VAR /var/webmin &quot; all these settings with webmin in it, I just don't recognise in my httpd.conf but this might be because I have centos (I quit using ubuntu long time ago).

If Joe doesn't hop along here you want to submit a support ticket at: http://www.virtualmin.com/bug-tracker/

Im sure Joe or Jamie will come up with better solutions then I can.

All I can say that DocumentRoot is normally pointed to /var/www/html or in your case to /var/www
Virtualmin will make it so that you will create domains under /home/public_html
Pointing the document root to etc/webmin can not be right from where I am sitting.

Sat, 05/24/2008 - 03:32 (Reply to #3)
ronald
ronald's picture

Centos and debian are recommended for Virtualmin.
I tried Ubuntu myself but was disappointed.
I switched to CentOS 5.1 really quickly and I'm glad I did.

You can get the install.sh which will do a full automated installation on your machine.

There are some specific issues with Ubuntu I believe, but you'll have to look in this forum for this as it was not 100% supported some time ago.

There is no real reason to get upset.
All it is, is software on a computer.

Personally I strongly recommend that you use Centos 5.1
Make a very basic installation of the server
then wget the install.sh and let that do the rest for you.

Sat, 05/24/2008 - 04:00 (Reply to #4)
ronald
ronald's picture

however in the news section Joe made this post about ubuntu installations:
http://www.virtualmin.com/forums/news/virtualmin-installer-for-ubuntu-8....

Sat, 05/24/2008 - 07:27 (Reply to #5)
lotek

I appreciate you taking the time to help me out ronald. I get what you're saying about it just being software. It's just frustrating to be doing something that I thought would make things easier, and it's only made them harder.

On that note, I have successfully installed it on Ubuntu 8.04. There was an issuse with postfix but it was a configuration issue that I had left blank so it works. Webalizer keeps throwing me an error though so I'll be working that out and seeing if that's a user error or something that's broken. I also have to figure out how to jail users to their home directory in ssh. I have the option in sshd_config already set, but when I login as a different user I can browse to the root directory. Is there a way to disable that or will they be able to browse that no matter if they can do anything in it or not? Also, how do i get virtualmin to see that ssh is running on a different port. I never leave the default port open so I wanted to see if there was a way to enable this because when I go to check to see if it's running it says it isn't.

Again, I appreciate your help and your suggestions.

Sat, 05/24/2008 - 08:04 (Reply to #6)
ronald
ronald's picture

congrats on installing Virtualmin on your favourite OS. Webmin will make your administration easier but if the installation didn't work properly then .... you know it :)

You dont really need to jail users in ssh as you say cause that is the way GNU/Linux works. Users can browse but they can't do anything, just look. It has been this way for years and sensitive data is not available to browsing users.
That said, first thing you want to do is to clone the Default Server Template or create one from scratch.

Then adjust the settings to your liking. Create servers/domains using your Template, experiment with it and adjust as needed.

You can always deny ssh to untrusted users by editing them in Webmins &quot;Users and Groups&quot; module and give them shell bin/false instead of bin/sh
in &quot;etc/shells&quot; the &quot;bin/sh&quot; is in the first line. I think you can set &quot;bin/false&quot; as the first line and a user won't get ssh automatically.

Chrooting/jailing ssh will most likely break things and actually make your system less secure. In any case it is not recommended.

As for default port, couldn't that be achieved by IPtables rules? Webmins module Linux Firewall.
Personally I don't worry too much about default ports if the system is correctly set up.

Do check if your mysql server has a root password as virtualmin can't get it for you. You need to do that manually, same for postgresql.

Sat, 05/24/2008 - 08:39 (Reply to #7)
lotek

I did have to set a root password for mysql, but thanks for the tip on that.

I am having an issue with sending mail. I don't know if it's because I'm using dyndns or what, but I can send mail locally, but when I send it to say my gmail account, I never receive it. I have NO experience with mail servers so this is very new to me. Any help would be appreciated.

Sat, 05/24/2008 - 10:24 (Reply to #8)
ronald
ronald's picture

On my installation the default Postfix server was working out of the box.
In the beginning mails didn't arrive until my main domain was propagated and dns issues were resolved. That took about 24 hrs or less I think but I never had to change any settings.

there are some sites where you can check the mailservers like dnsstuff (not sure how they are called)

I always use this http://www.squish.net/dnscheck/ to check on dns behavior

also look in the mail log files to see if errors have occurred

server -&gt; gmail = no
gmail -&gt; server = ?

Sun, 05/25/2008 - 11:16 (Reply to #9)
lotek

gmail -&gt; server = A big no as well. I'll have to figure out where the logs are for postfix and see if I can figure it out. I'm lost at this point, but we'll see if I can't get it working over the next week. After that I think i'm out of time to be messing around with this. Thanks for your help.

Sun, 05/25/2008 - 15:32 (Reply to #10)
ronald
ronald's picture

under webmin-system-systemlogs is where you find the logs

Mon, 05/26/2008 - 06:42 (Reply to #11)
lotek

Well here's the output from mail.log
[code:1]
May 26 10:12:58 lotek-tux postfix/smtp[16206]: connect to gmail-smtp-in.l.google.com[74.125.45.114]:25: No route to host
May 26 10:12:58 lotek-tux postfix/smtp[16206]: connect to alt2.gmail-smtp-in.l.google.com[216.239.59.27]:25: No route to host
May 26 10:13:08 lotek-tux postfix/smtp[16206]: connect to alt1.gmail-smtp-in.l.google.com[64.233.185.27]:25: No route to host
May 26 10:13:08 lotek-tux postfix/smtp[16206]: connect to alt1.gmail-smtp-in.l.google.com[64.233.185.114]:25: No route to host
May 26 10:13:09 lotek-tux postfix/smtp[16206]: connect to gsmtp147.google.com[209.185.147.27]:25: No route to host
May 26 10:13:09 lotek-tux postfix/smtp[16206]: 1A3FF834376: to=&lt;blank@gmail.com&gt;, relay=none, delay=222647, delays=222627/0.02/20/0, dsn=4.4.1, status=deferred (connect to gsmtp147.google.com[209.185.147.27]:25: No route to host)
[/code:1]
and here's from mail.warn:
[code:1]
May 23 21:59:42 lotek-tux postfix/smtpd[6149]: warning: SASL authentication failure: Couldn't find mech GSSAPI
May 23 21:59:42 lotek-tux postfix/smtpd[6149]: warning: unknown[192.168.1.150]: SASL GSSAPI authentication failed: no mechanism available
[/code:1]

Should my hostname be the same as my domain name, because I thought that it shouldn't be so it's not. I'm not sure where to go with this next.

Mon, 05/26/2008 - 07:12 (Reply to #12)
ronald
ronald's picture

the hostname of the server must be a fully qualified domain name and this domainname must point to your server, this you do where you registered the domainname. The registrar normally has some kind of control panel where you can change the A records and so on.
Preferably (not mandatory) you add a PTR record but you need to ask your ISP to do this.

the hostname/servername has some kind of &quot;prefix&quot; I called mine sv01.mydomain.com but can be anything server01.mydomain.com, whatever.mydomain.com etc.

The log tells you: No route to host
I had this once after I changed some settings and this is a dns/networking issue, might also be a router blocking or firewall but usually a some sort of misconfiguration.

This has little to do with virtualmin unless the install had a bug, however it can be corrected through virtualmins modules.

So you have to doublecheck your network configuration under the webmin modules and dns settings of the system.
Then the dns settings of the first virtual server you created.

Mon, 05/26/2008 - 07:29 (Reply to #13)
ronald
ronald's picture

a good place to start is the virtualmin module found - system settings - Module config - go to server settings in the right pane -
Mail server to configure &quot;I assume the default which is postfix&quot;
Default virtual server IP address &quot;192.168.1.150&quot;
Default IP address for DNS records &quot;fill in external IP&quot;
that is if you are behind a router and I think you are.

Mon, 05/26/2008 - 07:51 (Reply to #14)
lotek

Thanks so much for the help. I appreciate it. Here's what I've got.

I can now receive emails from outside, but I still can't send them. Here's the thing about the DNS records. Because I'm using DynDns I have no idea what I would put in there. Would I put in the ip for ns1.dyndns.org? I don't know. Also, I think I may need to use gmail or my isp as a relayhost, but i don't know where I'd add the relevant lines in webmin. I know I'd put them into /etc/postfix/transport, but I don't want to edit it by hand. I want to get it all done through webmin so i get used to doing it that way.

Mon, 05/26/2008 - 08:34 (Reply to #15)
ronald
ronald's picture

ok now that you can receive mail, it would indicate that dns and network settings are correct. If you can see your site from the outside (through proxy perhaps if in LAN) that would also mean that dns is correct. At least that it points to the right machine, they might still be recursive, i dont know.

There is a module for DynDNS.
Virtualmin - Addresses and Networking - Dynamic IP Update
and you can change settings if needed.

this warning
&quot;warning: SASL authentication failure: Couldn't find mech GSSAPI
warning: unknown[192.168.1.150]: SASL GSSAPI authentication failed: no mechanism available&quot;

might be solved with it if not, I would submit a <a href='http://www.virtualmin.com/support.html' target='_blank'>http://www.virtualmin.com/support.html</a> support ticket and check with Jamie as I do not know anything about that warning or to what it means.

Mon, 05/26/2008 - 08:39 (Reply to #16)
ronald
ronald's picture

as for Postfix, I tend to stay away from it as it works on my machine.
However under Webmin - servers - Postfix Mail Server is where you can configure it/make changes.

Mon, 05/26/2008 - 21:23 (Reply to #17)
lotek

OK... I tried it again.

[code:1]
May 27 01:16:59 lotek-tux postfix/smtp[15175]: connect to alt2.gmail-smtp-in.l.google.com[72.14.221.114]:25: No route to host
May 27 01:16:59 lotek-tux postfix/smtp[15176]: connect to alt1.gmail-smtp-in.l.google.com[209.85.163.27]:25: No route to host
May 27 01:17:00 lotek-tux postfix/smtp[15175]: connect to alt2.gmail-smtp-in.l.google.com[72.14.221.27]:25: No route to host
May 27 01:17:00 lotek-tux postfix/smtp[15176]: connect to alt2.gmail-smtp-in.l.google.com[72.14.221.27]:25: No route to host
May 27 01:17:04 lotek-tux postfix/smtp[15175]: connect to alt1.gmail-smtp-in.l.google.com[209.85.163.27]:25: No route to host
May 27 01:17:04 lotek-tux postfix/smtp[15176]: connect to alt2.gmail-smtp-in.l.google.com[72.14.221.114]:25: No route to host
May 27 01:17:04 lotek-tux postfix/smtp[15176]: BC26A834437: to=&lt;**************@gmail.com&gt;, relay=none, delay=377, delays=356/0.05/21/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[72.14.221.114]:25: No route to host)
May 27 01:17:04 lotek-tux postfix/smtp[15175]: 1FD8F834445: to=&lt;*************@gmail.com&gt;, relay=none, delay=29979, delays=29958/0.05/21/0, dsn=4.4.1, status=deferred (connect to alt1.gmail-smtp-in.l.google.com[209.85.163.27]:25: No route to host)
May 27 01:17:32 lotek-tux postfix/pickup[15168]: 5593A834439: uid=1001 from=&lt;****@lotek-tux.lotek.homelinux.com&gt;
May 27 01:17:32 lotek-tux postfix/cleanup[15281]: 5593A834439: message-id=&lt;1211869052.15191@lotek-tux.lotek.homelinux.com&gt;
May 27 01:17:32 lotek-tux postfix/qmgr[15170]: 5593A834439: from=&lt;****@lotek-tux.lotek.homelinux.com&gt;, size=722, nrcpt=1 (queue active)
May 27 01:17:32 lotek-tux postfix/error[15283]: 5593A834439: to=&lt;*********@gmail.com&gt;, relay=none, delay=0.05, delays=0.04/0.01/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to alt1.gmail-smtp-in.l.google.com[209.85.163.27]:25: No route to host)
[/code:1]

I have no idea what's going on here... Am I not authenticating? What's the deal? What about DynDns? I'm lost.

Mon, 05/26/2008 - 21:42 (Reply to #18)
lotek

I tried to delete the second posting and it keeps throwing me an error message.

Oh, and I can telnet in locally and remotely to the fqdn on port 25 so it does work. (and I get the 250 starttls when I run ehlo). I wanted this setup because I thought it would allow me to get emails and the such easily, but it appears I was mistaken. Does anyone have any experience with any of this? I've been googling and tried too many things to note and none have worked. Thanks.

Tue, 05/27/2008 - 02:24 (Reply to #19)
ronald
ronald's picture

well it says &quot;no route to host&quot;
I think you have to get into your dns a bit deeper else it will never work. Per haps DynDNS needs a bit more time to refresh, i dont know.

Looks like your nameservers do not agree on the SOA serial. Ths SOA records as reported by your nameservers:
204.13.249.75 -&gt; 2045748127
63.208.196.90 -&gt; 2045748130
203.62.195.75 -&gt; 2045748125
91.198.22.75 -&gt; 2045748127
208.78.69.75 -&gt; 2045748127
This can cause some serious problems that is why you should fix this asap.

Your SOA serial number is: 2045748127. That is NOT OK

you are using this mailserver 10 mx1.mailhop.org
where is your mailserver from where you send email?
it should be in your zonefile: 5 lotek.homelinux.com or a mailserver from a domain you have created on the system.

Tue, 05/27/2008 - 02:45 (Reply to #20)
ronald
ronald's picture

isn't DynDNS needed if your external IP is not static?
Per haps you can get a static IP at your ISP

Tue, 05/27/2008 - 02:53 (Reply to #21)
ronald
ronald's picture

hehe i also can not edit my posts. I think you can disregard my post about the dns as it seems to keep changing anyway. I have no experience with DynDNS and I don't want to give wrong advice.

I really think you should open a support ticket and troubleshoot this last issue with Jamie.

Tue, 05/27/2008 - 07:52 (Reply to #22)
lotek

Ok. I'll do that and yes DynDns is for a non-static IP and my ISP charges an arm and a leg for it.

I fixed one problem, but created another. I'm able to send mail now. But now I can't receive it. Here are the lines I changed in my main.cf

[code:1]
smtpd_sasl_local_domain = $myhostname # It was empty before
smtpd_sasl_auth_enable = no # It was yes before

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_sasl_mechanism_filter = plain, login
smtpd_sasl_application_name = smtpd
transport_maps = hash:/etc/postfix/transport
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
[/code:1]
And here's my transport file:
[code:1]
* smtp:[smtp.gmail.com]:587
[/code:1]

and tls_per_site:
[code:1]
smtp.gmail.com MUST
[/code:1]

So then I attempt to put them all back to the way it was and I can't receive email.

Tue, 05/27/2008 - 08:29 (Reply to #23)
lotek

OK now when i send an email to myself from outside this is the error I get in my email back:
[code:1]
This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

******@lotek-tux.homelinux.com

Technical details of permanent failure:
PERM_FAILURE: DNS Error: Domain name not found
[/code:1]

OK. I get that. I know what it means. What I don't get is why is it sending it to lotek-tux.homelinux.com when I'm sending it to lotek.homelinux.com? What would change the delivery? I'm quite confused right now. See because even my hostname isn't lotek-tux.homelinux.com it's lotek-tux.lotek.homelinux.com. Is that wrong? should it be different?

Tue, 05/27/2008 - 09:08 (Reply to #24)
ronald
ronald's picture

your hostname is lotek.homelinux.com and is or at least should say so in the webmins module networking-network configuration-Hostname and DNS Client

where also the ip's 127.0.0.1 and either the dyndns IP's or the dns given by the router should be.
Then in Host Addresses you'll add the domain: 192.168.1.150 lotek.homelinux.com, lotek
this is what i think. But again as I have no experience at all with DynDNS, I wouldn't want to give wrong advice.

The first server you created should then have been homelinux.com in my opinion
I think Jamie will give you the correct solution

Wed, 05/28/2008 - 03:00 (Reply to #25)
sgrayban

I know this is a bit late but debian etch just rocks as a server and plays very nicely with VM.

If you need a VM Pro I am your man !!
http://www.virtualmin.com/forums/jobs/looking-for-new-clients.html

Wed, 05/28/2008 - 03:23 (Reply to #26)
sgrayban

BTW -- ALL mail servers require bind to be installed on the server regardless if you are using a outside dns server.

If you don't you will get these postfix errors.

Tue, 05/20/2008 - 18:57
lotek

Ok so I changed my document root to DocumentRoot &quot;/var/www/&quot; and added the following to my httpd.conf:
<div class='quote'>
&lt;Directory /var/www&gt;
Options -Indexes
AllowOverride All
Order allow,deny
Allow from all
&lt;/Directory&gt;
</div>

Nothing still. Thanks for the help.

Tue, 05/20/2008 - 19:12
lotek

I tried editing, but hit a &quot;forum bug&quot;, so a reply will have to do.

I removed everything from my httpd.conf file except the last entry I posted. When I added &quot;Listen 80&quot; to the httpd.conf apache wont restart saying that something is already bound to it. I found that Ubuntu has a separate file for ports. It's located at /etc/apache2/ports.conf and it has that entry there, so I'm guessing that it's failing because it's trying to bind twice.

I'm still getting a 403 forbidden message. This is really starting to piss me off. If anyone has an idea, let me know. I would love to try this especially since I was told I could get some help here, but I'm at my wits end. Thanks.

Tue, 05/20/2008 - 19:49
lotek

Ok. So I was finally able to get it so I could browse. The problem was that DocumentRoot was specified elsewhere and it was pointing to an empty directory. There is an entry in /etc/apache2/sites-available/default which was generated by virtualmin. I also had noticed that the ServerSignature was re-specified in this file and was overriding my setting of Off.

So I was able to get to the site, but I couldn't access webmin, virtualmin, usermin... Nothing. So I set the DocumentRoot as /etc/webmin and now I can't access it from the outside, but I can access it from within my network. That doesn't help me. When I've got it set as &quot;/var/www/&quot; I can still browse from within my network. What the hell is going on? I'm lost at this point.

Thu, 05/22/2008 - 09:05
lotek

OK. I'm going to restart from a scratch base install of Ubuntu. Does anyone have a version they'd recommend. I have from 6.06 to 8.04 all editions so I don't really care at this point.

I'm going to start by installing Webmin and install Virtualmin as a module (that's the way you're supposed to right?). Also, when I start over again, should I install from the .deb or from the tar.gz.

I'm really pissed, frustrated and ready to go back to doing things the way I was, so I'm going to make 2 final attempts with this. This is the first, so any help beforehand would be great. Thanks.

Thu, 05/29/2008 - 14:30 (Reply to #31)
Joe
Joe's picture

<div class='quote'>OK. I'm going to restart from a scratch base install of Ubuntu. Does anyone have a version they'd recommend. I have from 6.06 to 8.04 all editions so I don't really care at this point.</div>

8.04LTS is preferred. 6.06 has some horrendously old packages, and some ugly little bugs.

<div class='quote'>I'm going to start by installing Webmin and install Virtualmin as a module (that's the way you're supposed to right?). Also, when I start over again, should I install from the .deb or from the tar.gz.</div>

No. And <i>never</i> tar.gz if there are native packages available. It would make no sense.

There is quite a lot of documentation on installation:

http://www.virtualmin.com/documentation/id,automatic_virtualmin_installa...

And there are two other places in the documentation wiki that describe installation in detail. We strongly recommend you not try to install Virtualmin manually--it's a really complicated process, and you really need to know a lot about your OS and all of the various services to get it all right. Thus, we went to a lot of trouble to make a nice automatic installation script so you don't have to do all of that stuff, and don't have to get frustrated or pissed. ;-)

--

Check out the forum guidelines!

Topic locked