Admin accounts, IP and Master\Slave config question

6 posts / 0 new
Last post
#1 Wed, 03/14/2012 - 02:26
duman

Admin accounts, IP and Master\Slave config question

Hi,
First of all i just want to say thanks to the devs for Webmin\Virtualmin. I come from Cpanel and there has been an adjustment period, but as i get my head around all the features, it shows how much work has gone into it all.

Saying that, I am down to the last few issues i just cant figure out.

1) Is there anyway i can create a virtual server (user=admin virtual server= example.com), use that virtualmin account (admin account) to create additional users (bob and mary) that can then ONLY create sub servers on that virtual server (bob.example.com, mary.example.com etc).

Essentially I want to allow friends to be able to use my VPS and domain to create sub servers and let them create sites, but only as sub servers to the main domian. From my understanding that is the advantage of sub servers and webmin as they can essentially be treated as their own virtual servers?

2) When I create a Virtual server and log in as that account in webmin, when I create a sub server there is the option for "IP address and forwarding". Within that there is an option for "Proxy website to URL". I have no idea what it does, but more so, is there a way to hide that option as all virtual servers and sub servers are run through the same IP

3) I have read through a bunch of tutorials (http://www.virtualmin.com/documentation/dns/slave-configuration) and got the master and slave setup through webmin\bind. though I have had a lot of trouble in getting them to work well and google has shown there are a lot of people with the same problem, but a lack of solutions out there:(

a) The virtual servers get passed onto the slave, but the records do not. When i test the transfer it fails, when i look in logs it says refused, when i look at last transfer, it says never. Have i missed a step somewhere or is this a known issue?

b)If the master VPS has ns1 and ns2 nameservers running, do i just create ns3 and ns4 on the slave after i have the above problem working and then add the ns3 and ns4 into the server template creation so the ns records are created?

Sorry about multiple questions but i wasnt sure whether you prefer multiple threads or not, if so happy to edit and post multiple threads,.

Thanks!

Wed, 03/14/2012 - 08:48
andreychek

1) Is there anyway i can create a virtual server (user=admin virtual server= example.com), use that virtualmin account (admin account) to create additional users (bob and mary) that can then ONLY create sub servers on that virtual server (bob.example.com, mary.example.com etc).

Well, I'm unfortunately not aware of a way to only allow a user to create a sub-domain (note though that a sub-domain is different from a sub-server... a sub-domain is foo.example.com, a Sub-Server refers to a domain that's part of a someone's account, underneath a top-level Virtual Server... a Sub-Server can be foo.com, or foo.example.com).

In Virtualmin, domains and sub-domains are treated the same, and I don't believe there's a way to say "this user can create sub-domains, but not new domains".

2) When I create a Virtual server and log in as that account in webmin, when I create a sub server there is the option for "IP address and forwarding". Within that there is an option for "Proxy website to URL". I have no idea what it does, but more so, is there a way to hide that option as all virtual servers and sub servers are run through the same IP

Hmm, I'm having a bear of a time finding the proxying option you're seeing there.

You wouldn't be able to disable the IP Address and Forwarding option, but within that, the Proxy to URL, that isn't enabled by default for me... which may imply that's an option we can enable or disable somewhere.

Which Virtualmin version is it that you're using there though? And is that Pro or GPL?

The virtual servers get passed onto the slave, but the records do not. When i test the transfer it fails, when i look in logs it says refused, when i look at last transfer, it says never. Have i missed a step somewhere or is this a known issue?

On your Slave DNS server, is BIND listening for connections from your Master? You could try running "netstat -an | grep :53" to see what interfaces it's listening on, you'd want to make sure it's listening on the interface that your Master would use to talk to it.

b)If the master VPS has ns1 and ns2 nameservers running, do i just create ns3 and ns4 on the slave after i have the above problem working and then add the ns3 and ns4 into the server template creation so the ns records are created?

Well, most folks would just create an ns1 and ns2, and place one on the master, and the other on the slave, if they only have two DNS servers.

What you described should indeed work, but may not be necessary.

-Eric

Wed, 03/14/2012 - 12:25
Locutus

My 2.5 cents: :)

ad 1) If I understand you correctly, then the setting "Allow sub-servers not under this domain: NO" in the Account Plan that is assigned to the vserver in question. This setting will apply to all users of the vserver though, also the server owner.

Then again, only the server owner is allowed to create subservers anyway, since only he gets a Webmin login. Further domain users do not, those are just for email, FTP, .htaccess login, MySQL databases and SVN repositories.

Then again again :), there's the feature "Extra Admins" which might do what you need.

ad 3a) Where do you see "refused"? If on the master: Is the IP of the slave nameserver added to the list of IPs that are allowed to do zone transfers and/or is the IP of the slave listed in an NS entry in the zone? Each one of those will allow the slave to pull zone transfers.

ad 3b) In addition to what Eric said, note that nameservers that are registered in BIND's Cluster Slave feature are automatically added to zones that Virtualmin creates. You don't need to add them manually to any template.

Thu, 04/05/2012 - 07:18
duman

Sorry about the delayed response. My VPS provider ran into some issues with the mail server and so I gave up on building the site till it was resolved. I am back on now and thought I would update as to what worked so it might help others.

1) Locutus was ont he right track ehre :) I realised I could do what I wanted here by creating a virtual server, then creating a sub server. From there I added an extra admin which had rights over that sub server only and set the permissions accordingly. This essentially gave friends the ability to use the sub server to use

2) I have a feeling it is a setting i have enables somewhere too but I have no idea where or how to disable it now :( I have uploaded a screenshot of where it is when you go to create a new sub server, any tips? http://i.imgur.com/wlQQS.jpg

3) I have not got back to this yet as I have only just started working on the other issues. As soon as I have an update to this I will update the thread again.

Thanks!

Thu, 04/05/2012 - 08:59
andreychek

2) I have a feeling it is a setting i have enables somewhere too but I have no idea where or how to disable it now :( I have uploaded a screenshot of where it is when you go to create a new sub server, any tips?

Ah, I think you may be using a custom theme there -- as the default theme doesn't offer the ability to set that proxy when creating a new Virtual Server. Or at least, if it does, I haven't figured out how to enable it :-)

The Account Plans have a capability called "Can edit forwarding and proxies" -- you could try disabling that to see if that proxy option goes away.

-Eric

Fri, 04/06/2012 - 09:12
duman

Hi andreycheck,

Finally figured out issue number 2 too, so thought i would post it just in case it can help someone else out.

Under Virtualmin > System Settings > Virtualmin Configuration > Defaults for new domains there is an option "Allow creation of forwarding-only websites? " I must have set that to yes while testing things out, as soon as I set that to no, problem solved :)

Ill update #3 once I get some other things out the way and start trying to set bind up again.