How do you block or secure (SSL) the IP address used when accessing Webmin/Virtualmin?

3 posts / 0 new
Last post
#1 Tue, 11/26/2019 - 14:08
SafeNSound

How do you block or secure (SSL) the IP address used when accessing Webmin/Virtualmin?

How do you block or secure (SSL) the IP address used when accessing Webmin/Virtualmin? For example when I first installed Webmin it went to https://123.356.7.89:10000 but the browser shows this as an insecure site.

I've gotten the SSL cert to work on my other domains using Let's Encrypt. I know that Let's Encrypt doesnt protect IP addresses but is there a legitimate way to secure webmin when accessing it (a different setting or another free alternative to Lets Encrypt for example)? I have googled this extensively to no clear solution.

If the IP address cant be covered by an SSL cert is there a way to redirect or block login to virtualmin using my IP addresses (more than one)?

Tue, 11/26/2019 - 14:26
adamjedgar

If you have a vps called server1.hostdomain.com, (where hostdomain.com is you and not a client.

In Virtualmin, create a virtual server called hostdomain.com.

Once it's created, add a new SSL certificate to new virtual server from inside virtualmin tab>server configuration>SSL certificate...choose which option you want... say from Letsencrypt.

Ensure that certificate is for

hostdomain.com

wwwhostdomain.com

server1.hostdomain.com

Once the new SSL cert is generated, you will see a list of buttons below...One will be copy to webmin, postfix, dovecot, proftp etc (choose these and your done)

Be careful when creating additional virtual servers when logged in as root...don't just automatically copy new SSL certs to everything...i dont understand why jamie and erik and joe keep telling us to click on this for new virtual servers for postfix...every time i do it, it stuffs my host ssl certificate and then client start complaining something is wrong. I dont think this option works with Postfix (which on a server with just 1 shared ipaddress for all client virtual servers cannot handle multiple ssl certs as far as I am aware). Probably safest to log into virtual servers as their own administrator when getting SSL certs for clients (if client virtual servers have webmin logiin ability)

So if you have additional clients with mail, they need to set their dns mx record to either your vps server1.hostdomain.com or to your vps external/public ip address

Dns examples for shared hosting server..

clientdomain.com MX server1.hostdomain.com. 

Or

clientdomain.com MX <Your server IP address>

((no one bothered to explain this to me about postfix and it's caused no end of headaches)

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 11/26/2019 - 16:43
SafeNSound

Thanks for the quick response. I tried to create a new virtual server as you suggested with my "flagship" domain but it did not complete successfully as the others time with the other virtual servers.

I know there is an option to create a new SSL cert for every new Virtual Server but of course now I cant find that option anywhere since I checked it off. When creating a new virtual server Status said "Requesting a certificate for..." and tries to create one for the new server with a Let's Encrypt certificate, it worked for others but not this time for some reason.

I am confused with the LEt's Encrypt cert creation as well. To me it almost looks like one certificate is being generated and shared by all the virtual servers. I though it would be one created for each individual virtual server/domain?