Server Settings and Templates

This legacy document is here only to insure incoming links continue to work. You likely want to start with the new documentation index or search for what you want to know about. This document is unmaintained!

Server Templates

Server templates in Virtualmin provides a means to create different levels of service, which can be thought of as "plans" if you're already familiar with that concept in other virtual host administration systems. However, templates in Virtualmin go well beyond what is possible with simple plans. A template can replace nearly every configurable element of Virtualmin with a different setting, so that vastly different types and levels of service can be configured easily. Further, these settings can be overridden on a per-domain basis during creation or at any other time. Templates can dictate disk usage quotas, mail address and alias limits, available services, privileges within each service, available Webmin modules, and much more. It is possible for the administrative user to control which reseller accounts will have access to which templates, so that the host can provide custom "plans" for each reseller. Templates support variable substitution of the standard Virtualmin variables, as well as the if directives to perform certain actions based on whether a service (like mail or web) are configured for the domain being created. Templates are extremely flexible and powerful, and for simple cases, quite easy to use.

Variable subsitutions

The following substitutions can be used in the text boxes below, which will be evaluated at server creation time:

${DOM}

The domain name, such as foo.com

${PREFIX}

The first part of the domain name, like foo

${USER}

The Unix user that owns the domain, such as foo

${GROUP}

The Unix group of the domain owner

${GID}

The Unix group ID of the domain owner

${IP}

The IP address assigned to the virtual server, such as 192.168.1.1

${HOME}

The domain user's home directory, such as /home/foo

Conditionals

In addition, conditional blocks like ${IF-MAIL}...${ENDIF-MAIL} and ${IF-WEB}...${ELSE-WEB}...${ENDIF-WEB} may be used.

Examples

Virtual server template details

Template name

The name of the new template. This will appear in a dropdown list when creating new domains for administrators and resellers that have access to the template.

Skeleton directory for files

A skeleton directory contains files that will be copied into the newly created home directory of the domain user. It can contain other directories, which will also be created in the home directory. This can be used to provide a pre-configured set of scripts or web content for some or all server templates.

For use by

Templates can apply to any type of domain user account. The current types are: "Top-level virtual servers", which are standard virtual host accounts; "Sub-servers", which are virtual hosts that belong to a top-level virtual server, and appears within the "domains" directory of the top-level server home directory; "Alias servers" are servers that, generally, simply forward web and mail to an existing top-level domain; and "Server owners" will be available to server owners when they create new domains. To allow use of this template by domain owners (i.e. Server owners) you must enable at least one other server type).

Available to resellers

This option determines which reseller accounts will be able to select this template when creating new domains. It is possible to choose "All resellers", "None" which means only master admin level users will be able to create domains with this template, or "Only selected.." which will allow all highlighted resellers to create domains using this template.

User and directory chooser settings

Webmin provides a standard user and directory chooser popup, which can be configured to provide access to some or all users or directories. Defaults are generally relatively restrictive and only allow access to users within the domain owned by the domain owner account, and directories and files owned by the domain owner group. If you wish to explicitly configure these options, select "Settings below.." Be careful with these options, as it is very easy to grant privileges that should not be given to an untrusted user. Variable substitution occurs for the following related options, so it is possible to specify the ${USER} to select the user that owns the domain or $\{HOME} to select the home directory of the domain owner, for example.

Users visible in chooser

This option specifies the users that will be visible in user chooser windows. Substitution of members of the domain can be specified by selecting "Members of groups" with the variable $\{GID}.

Groups visible in chooser

This option specifies the names of groups that will be visible in the groups chooser. Substitution of the group to which the domain and all users within the domain belong to can be performed using the $\{GROUP} variable.

Root directory in file chooser

This option specifies which directory the file chooser will display when first opened. Given appropriate permissions, the user can then navigate to other directories. Variable substitution can be performed using the variable $\{HOME} to specify the home directory of the new domain.

Default Unix group for domain owners

By default, the group for the Unix user who is created to own this domain's files will be the same as the group for its mail users. However, you can select an existing group on the server instead, which can be useful if you have some kind of group-based access restrictions in force (such as for FTP).

Default quota for entire server

This option specifies the default disk usage quota for this virtual server account. It applies to all files, email and subdomains within the domain. It may be overridden during creation or editing of the virtual server.

Default quota for Unix user

This option specifies the default disk usage quota for the domain owner Unix user account. It will apply to files owned by the domain owner (probably all web content), email in the domain owners mailbox, and possibly other files within any subdomains that may exist. It may be overridden during creation or editing of the virtual server.

Default limit on number of mailboxes

This option specifies the default number of mailboxes that may be created by the domain owner. It may be overridden during creation or editing of the virtual server.

Default limit on number of databases

If the domain owner has database creation privileges, you may specify the number of databases that he can create with this option.

Default limit on number of sub-domains

If the domain owner has sub-domain creation privileges, you may limite the number of sub-domains that can be created here.

Default bandwidth limit

If bandwidth monitoring is enabled and usage limits enforced, you may specify the usage limit here.

Directives and settings for new websites

It is possible to completely customize the Apache directives that are added when a new virtual server is created. Variable substitution is performed for all of the standard Virtualmin template variables. Care should be taken with Apache directives, as some present security issues. The Apache documentation and to a lesser degree the Apache sections of the Webmin documentation can be consulted to find more details about Apache configuration.

Automatically add appropriate SuExec directive?

If selected, SuExec will be enabled for the virtual server. SuExec is a feature of Apache that allows CGI scripts to be executed with only the privileges of the owner of the directory where the script is located. It also introduces other protections to help prevent insecure script usage, such as refusing to run scripts that have lax permissions (for example, those that are group or world writeable). SuExec is highly recommended except for in environments where all domain owners are trusted users. SuExec does present some limitations, such as the inability to run scripts "in-process" using modules like mod_perl or mod_python. With modern hardware, performance is rarely a major concern in a shared hosting environment, and shouldn't take precedence over security.

Write logs via program? (Handles missing log directory)

Virtualmin provides a special log writer application that solves the problem of users deleting their own log directory, which can cause Apache to fail on startup.

Add Apache user to Unix group for new servers?

This option determines whether the user that Apache runs as will be added to the new virtual host group. When enabled, permissions can be tightened significantly on user home directories. When tighter permissions (i.e. 750) are combined with SuExec, it makes it impossible for domain owners to see other domain owners directories and files. This option is recommended on any platform that supports secondary groups.

Users' website directory to create

This option specifies the name of the website content directory within the virtual server home directory. By default it will be called "public_html".

Permissions on website directory

This option specifies the initial permissions on the files and directories within the website directory specified in the previous option. If SuExec has been enabled, and the Apache user is added to the virtual server user group, these permissions can be tightened to prevent other users from seeing the contents of the website directory. This tightened set of permissions is recommended for any deployment unless all users with shell access are trusted users. The recommended permissions are 750, which equals rwxr-x—. In other words, the owner can read, write and execute, the group can read and execute, and others have no permissions to read, write or execute files within the directory.

Subdirectory for Webalizer statistics

If Webalizer log report analysis is enabled, this option will specify where the reports are generated. By default they appear in "public_html/stats" and can be visited at the "/stats" directory within the domain using a web browser.

Password-protect statistics?

If Webalizer log reports should be protected by a password, select yes here. The domain owner username and password will be used as the user that has permission to visit the reports.

Create alias websites by

A domain alias, also know as domain parking or domain forwarding, is a new domain that simply forwards web requests and email to the primary domain that it is an alias of. There are several types of alias available. Currently, web traffic can be directed to the primary domain via a set of ProxyPass rules, a Redirect rule, or simply adding a ServerAlias to the parent domain.

Port number for virtual hosts

This option specifies the port on which the virtual host will listen. By default, it will listen on the same default port as the system-wide Apache configuration specifies (normally 80).

Port number for SSL virtual hosts

This option specifies the SSL port on which the virtual host will listen. By default, it will listen on the same default SSL port as the system-wise Apache configuration specifies (usually 443).

Configure Webmin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Webmin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.

Configure Usermin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Usermin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.

Template Webalizer configuration

If domains created from this template should have a Webalizer configuration different from the Virtualmin default, you may specify a configuration file containing your preferences here. The file can be created manually, or using the Webalizer Webmin module.

BIND DNS records for new domains

When creating a new domain, a new zone is created. You may customize the records that are created here. This field expects valid named.conf entries, though the Virtualmin variables will be translated to the appropriate values for the domain. You may either add records to the standard Virtualmin-generated records, or you may completely replace the Virtualmin records with your own. For further information on BIND, consult the BIND chapter in the Webmin books.

Record mode

This option determines whether any records added in the previous option will be appended to the standard Virtualmin-generated records, or completely replace the standard records. If you replace the standard records, be sure to account for the extra records, like MX and NS, if you need them.

Add SPF DNS record?

SPF, or link:http://spf.pobox.com/[Sender Policy Framework], is a means to help reduce spam by enforcing some restrictions on what hosts can send mail claiming to be from what domain. Because the vast majority of spam originates from faked domain names, it is believed by many that preventing forged domain names in spam will reduce the overall volume of spam. If enabled, Virtualmin will automatically create an SPF record in your DNS server. This record can either contain specific hosts that are allowed to send mail using the domain name in question (with the server itself being the first such host, but any number of hosts can be listed), or a generic catch-all, which means any host can send mail claiming to be from this domain. The second option effectively nullifies the purpose of SPF, but is provided to make it easier for users to send mail "from" their own domain through various ISP mail servers.

Additional SPF IPs and hostnames

This option allows you to include additional IPs and hostnames in the SPF record for the new domain. Read more about SPF at the link:http://spf.pobox.com/[Sender Policy Framework] homepage.

Does SPF record cover all senders?

If enabled, the SPF record will apply only to the Virtualmin server itself, and all hosts specified in the previous option. This is the preferred method of SPF usage, as it strictly limits the hosts which can send mail claiming to be from this domain. However, if users must be able to send from arbitrary mail servers (such as those of their ISP), disabling this option may be necessary. It is, however, likely to lead to unfortunate side-effects in the future, as mail servers begin blocking hosts with no SPF record or particularly lax SPF records. Read more about SPF at the link: [http://spf.pobox.com/ Sender Policy Framework] homepage.

ProFTPd directives for new servers

This option allows you to specify custom ProFTPd directives for the new domain. You may use the Virtualmin standard template variables to include the home directory, username, etc. in the directives.

Anonymous FTP subdirectory to create

If anonymous FTP downloads will be allowed, you may specify the subdirectory where files for download will live. If altering the directives in the previous option, you must include an Anonymous section and it must match the location you provide here. Note that anonymous access via a specific domain name requires an IP-based virtual FTP host to be configured.

Email message to send upon server creation

If you would like owners of domains created from this template to receive a different email from the Virtualmin default, you may enter it here. You may use the standard template variables to include home directory, hostname, password, etc.

Subject line

This is the subject line that will be used for the email sent to owners of domains created from this template.

Also Cc email to

You may choose to have all emails sent to one or more email addresses specified here.

Mail aliases for new users

If new users should automatically have aliases setup, you may enter them here. Some variables can be used in these fields.

Mail aliases for new domains

It is often useful to automatically create a number of aliases when a new domain is created. For example, the RFC recommended "postmaster", "webmaster", "abuse", and "hostmaster" are all created by default by Virtualmin. You may wish to add your own, for example, "support" or "bugs", or anything else, depending on the most likely user of the domains created from this template.

Default database name

Virtualmin allows very flexible database creation and permissions. This field allows you to specify the default name of databases created as part of domains created from this template. By default Virtualmin uses the $\{PREFIX} variable, which is the first part of the domain name, and will generally also be the domain owner login name for Webmin. It may be useful to change this, in some circumstances to include a prefix that indicates the template from which it was generated, or to include additonal information about the database. It is possible to combine variables and any characters that are allowed in a PostgreSQL and/or MySQL database (depending on which databases are available).

**DEPRECATED** Wildcard for additional allowed MySQL databases

If the domain owner is allowed to create new databases, you may specify a wildcard expression to restrict the names that may be used.

Allowed MySQL client hosts

If additional hosts should be allowed to query the MySQL database, you may specify them here. This could be useful if this system is used as a database server and other machines will use the database. Security precautions should be followed to insure illicit access is not unintentionally allowed.

Create database as well as login?

If a database should be created automatically on domain creation, select yes here.

Update MySQL password to match server?

If the database user password should be synchronized with the system password, select yes here.

Ranges for automatic IP allocation

If SSL or FTP virtual hosts will be created using this template, you may specify a range of IP addresses to allocate from. Both SSL and FTP virtual hosts require a dedicated IP address, because neither supports name-based virtual hosting.