*Virtualmin Setup Guide*

2 posts / 0 new
Last post
#1 Mon, 04/16/2012 - 14:14
Brook

*Virtualmin Setup Guide*

Virtualmin Setup Guide

I've been documenting this for myself, but thought it might help a lot of other Virtualmin newbies too. If anyone spots anything I've done incorrectly or that isn't a best practise, or something you feel should be added, please let me know.

Assupmtions & goals: - You are setting up a webserver, i.e. have purchased or are renting a dedicated server - This is a set-up that will allow you to create accounts to host numerous websites - You will be able to use POP and SMTP with SSL - You will be able to use SFTP

Obviously feel free to change any settings where you feel necessary. I am using CentOS.

==============
CHECK HOSTNAME
==============

You need a FQDN for Virtualmin.

CHECK WITH:
> dnsdomainname
> hostname -f
> uname -n

If there isn't one set, you can set one by editing the following files (make sure it's something like somename.yourdomain.com):

TO CHANGE HOSTNAME:
> vi /etc/sysconfig/network
> vi /etc/hosts
> reboot

=====================
TO INSTALL VIRTUALMIN
=====================

Read instructions here: http://www.virtualmin.com/download.html but you'll probably just:
> wget http://software.virtualmin.com/gpl/scripts/install.sh
> /bin/sh install.sh

Installation will take about 30 minutes or so.

============
BASIC SET UP
============

Go to 00.00.00.00:10000 (replace the zeros with your IP)

Follow first steps walkthrough, then:

> Webmin > Networking -> Network Configuration > Host addresses
- Click on the last one (should be your IP) and add your nameservers
- (Or click on 'Add a new host address' to add different IPs)

> Virtualmin > Virtualmin Configuration > Networking settings
- Network interface for virtual addresses - from eth0 to eth1
(Or whatever your public IP is on (check via webmin > networking > network interfaces))

> Virtualmin > System settings > Features and Plugins
- Tick the ones you want per account

> Virtualmin > System settings > Server Templates > Default Settings
- Tick the ones you want per account
- Admin user
> Initial Unix shell > Email, FTP, SSH
- Bind DNS domain
> Address records for new domains > Domain name ✓ www.domain ✓
> Does SPF record cover all senders? > Yes, and deny other senders
- Mail for domain
> Mail aliases for new domains > none
> Default quota for mail users > 1000
> Format for usernames that include domain > username@domain
- Apache Website
> Redirect admin.domain to Virtualmin? > no

> Virtualmin > System settings > Server Templates > Account Plans
- Plan name > YOUR PLAN NAME
- Quota for entire server > unlimited

> Virtualmin > System settings > Virtualmin Configuration
- Server settings
> Preload Virtualmin libraries at startup? (Change after no longer needed?)
- Defaults for new domains
> Domain name style in username > Full domain name

> Webmin > Servers > BIND DNS Server > Addresses and Topology
- (Check with 'netstat -an | grep :53 | grep udp' I actually left mine default, but you can...)
> Listed below.. > Addresses (add your ips separated by spaces)

=====================
INITIAL WEBMIN CONFIG
=====================

CHANGE WEBMIN PORT

This will change the default login port, so instead of your.ip:10000 it will change to whatever you choose (this makes your setup more secure)

> webmin > webmin config > ports & addresses

Change: port (top right field) to whatever you want
Check: Don't listen for UDP broadcasts
Click: save

SSL ENCRYPTION CHANGES (not really needed if Virtualmin is installed as it creates one itself)

> Webmin > Webmin Config > SSL encryption

Make sure: enable SSL if Available is yes
Check: redirect non ssl requests to ssl mode is yes
Click: save

> Webmin > Webmin Config > SSL encryption > create cert

Tick: Any hostname
Change: Organisation name
Add: Country UK
Click: create now

========================
CREATE FIRST DOMAIN/USER
========================

> Virtualmin > Create virtual server
- Create with the settings you'd like - should be self explanatory.


=============================
EMAIL - DOVCOT/POSTFIX SET-UP
=============================

ENABLE DOVECOT IMAP/POP3 SERVER

> Webmin > Servers > Dovecot IMAP/POP3 Server
> Start server
> Start at bootup > yes
> Save

IF USING FULL EMAIL FOR AUTH CHANGE

> vi /etc/sysconfig/saslauthd
- Change line to: FLAGS="-r"
> /etc/init.d/saslauthd restart

> vi /etc/postfix/master.cf
- Uncomment these lines:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Then restart:
- /etc/init.d/postfix restart

Then check port 465 is open:
- netstat -an | grep :465

Then:
- What you'll need to do then is choose one of your domains, and enable SSL for it.
You can do that in Edit Virtual Server -> Enabled Features, and check "SSL Website Enabled".
Once you do that, go into Server Configuration -> Manage SSL Certificates, and click "Copy to Postfix".

Usage:
- To use SMTP you will need to put the mail server as mail.domain-from-above-step.com and log in with the
credentials for that account as normal.

=========
TO FOLLOW
=========

Disable root log-in
Anything else you can think of?
Wed, 05/08/2013 - 08:31
Tonym2323

surprisingly it worked