Server Settings and Templates


Variable subsitutions

The following substitutions can be used in the text boxes below, which will be evaluated at server creation time:

${DOM}

The domain name, such as foo.com

${PREFIX}

The first part of the domain name, like foo

${USER}

The Unix user that owns the domain, such as foo

${GROUP}

The Unix group of the domain owner

${GID}

The Unix group ID of the domain owner

${IP}

The IP address assigned to the virtual server, such as 192.168.1.1

${HOME}

The domain user's home directory, such as /home/foo

Conditionals

In addition, conditional blocks like ${IF-MAIL}...${ENDIF-MAIL} and ${IF-WEB}...${ELSE-WEB}...${ENDIF-WEB} may be used.

Examples

New Domain Sample Template

The following is a template for an example email that might be sent out after creating a new main domain.

The following virtual server has been set up successfully :

DOMAIN INFORMATION

Domain name:           ${DOM}
Hosting server:        ${HOSTNAME}
${IF-VIRT}
  Virtual IP address:  ${IP
${ENDIF-VIRT}

Administration login:     ${USER}
Administration password:  ${PASS}

ADMINISTRATIVE ACCESS

${IF-WEBMIN}
   Administration URL:      https://www.${DOM}:10000/
${ENDIF-WEBMIN}

FTP ACCESS

${IF-FTP}
   FTP login:               Enabled
   Home directory:          ${HOME}   (your name/password to log in)
${ELSE-FTP}
   FTP login:               Not available for this account
${ENDIF-FTP}

WWW ACCESS

${IF-WEB}
   Website:                 http://www.${DOM}/
${ELSE-WEB}
   Website:                 Not available for this account

WEBALIZER REPORTING

${IF-WEBALIZER}
   Webalizer log reporting: Enabled
${ELSE-WEBALIZER}
   Webalizer log reporting: Disabled
${ENDIF-WEBALIZER}
${ENDIF-WEB}

MAIL

${IF-MAIL}
   Email domain:            ${DOM}
   SMTP server:             mail.${DOM}
   POP3 server:             mail.${DOM}
${ENDIF-MAIL}

DNS

${IF-DNS}
   These are the values that should be used at your registrar for this domain.
   ===========================================================================
   DNS domain:              ${DOM}
   Nameserver1 (primary):   
   Nameserver2:             ns2.yourotherserver.com
${ENDIF-DNS}

MySql Information

${IF-MYSQL}
   MySQL database:          ${DB}
   MySQL login:             ${MYSQL_USER}
   MySQL password:          ${PASS}
${ENDIF-MYSQL}

Postgres Information

${IF-POSTGRES}
   PostgreSQL database:     ${DB}
   PostgreSQL login:        ${USER}
   PostgreSQL password:     ${PASS}
${ENDIF-POSTGRES}

DAV Information

${IF-VIRTUALMIN-DAV}
   You are also able to connect to the server with a DAV connection.
   DAV connections will allow you to generate a "My Network Place" 
   on your "My Computer", the same as drive mappings.

   From XP (for example), create a new network connection to 
   http:\\www.${DOM}\dav

   This will connect you to the root of the web site (which is
   technically located under the home\public_html directory, 
   but you can't tell that).

   For a user name, you should use ${USER}@${DOM}

   If that doesn't work, then try just ${USER}

   The password will be the same as the email password: ${PASS}

   (Notice that for XP, the slashes go the other way)

${ENDIF-VIRTUALMIN-DAV}

AWstats Information

${IF-VIRTUALMIN-AWSTATS}
AWstats log reporting:   Enabled
Website stats:           http://${DOM}/stats/
Stats user:              ${USER}
Stats password:          ${PASS}
${ELSE-VIRTUALMIN-AWSTATS}
AWstats log reporting:   Disabled
${ENDIF-VIRTUALMIN-AWSTATS}
${ENDIF-WEB}

Usermin Information

In addition to Virtualmin (at the :10000 address above), you and any other users that you add can also use Usermin to access your account, change password, etc.

To get to Usermin, browse to:

   https://www.${DOM}:20000
   log in with user ${USER} 
   and password ${PASS}

Whenever you add a new user, they will automatically get an email with their details, and information on using Usermin also.

Administration Email

The administration (default) mailbox for this server is ${USER}@${DOM}

Virtual server template details

Template name

The name of the new template. This will appear in a dropdown list when creating new domains for administrators and resellers that have access to the template.

Skeleton directory for files

A skeleton directory contains files that will be copied into the newly created home directory of the domain user. It can contain other directories, which will also be created in the home directory. This can be used to provide a pre-configured set of scripts or web content for some or all server templates.

For use by

Templates can apply to any type of domain user account. The current types are: "Top-level virtual servers", which are standard virtual host accounts; "Sub-servers", which are virtual hosts that belong to a top-level virtual server, and appears within the "domains" directory of the top-level server home directory; "Alias servers" are servers that, generally, simply forward web and mail to an existing top-level domain; and "Server owners" will be available to server owners when they create new domains. To allow use of this template by domain owners (i.e. Server owners) you must enable at least one other server type).

Available to resellers

This option determines which reseller accounts will be able to select this template when creating new domains. It is possible to choose "All resellers", "None" which means only master admin level users will be able to create domains with this template, or "Only selected.." which will allow all highlighted resellers to create domains using this template.

User and directory chooser settings

Webmin provides a standard user and directory chooser popup, which can be configured to provide access to some or all users or directories. Defaults are generally relatively restrictive and only allow access to users within the domain owned by the domain owner account, and directories and files owned by the domain owner group. If you wish to explicitly configure these options, select "Settings below.." Be careful with these options, as it is very easy to grant privileges that should not be given to an untrusted user. Variable substitution occurs for the following related options, so it is possible to specify the ${USER} to select the user that owns the domain or $\{HOME} to select the home directory of the domain owner, for example.

Users visible in chooser

This option specifies the users that will be visible in user chooser windows. Substitution of members of the domain can be specified by selecting "Members of groups" with the variable $\{GID}.

Groups visible in chooser

This option specifies the names of groups that will be visible in the groups chooser. Substitution of the group to which the domain and all users within the domain belong to can be performed using the $\{GROUP} variable.

Root directory in file chooser

This option specifies which directory the file chooser will display when first opened. Given appropriate permissions, the user can then navigate to other directories. Variable substitution can be performed using the variable $\{HOME} to specify the home directory of the new domain.

Default Unix group for domain owners

By default, the group for the Unix user who is created to own this domain's files will be the same as the group for its mail users. However, you can select an existing group on the server instead, which can be useful if you have some kind of group-based access restrictions in force (such as for FTP).

Default quota for entire server

This option specifies the default disk usage quota for this virtual server account. It applies to all files, email and subdomains within the domain. It may be overridden during creation or editing of the virtual server.

Default quota for Unix user

This option specifies the default disk usage quota for the domain owner Unix user account. It will apply to files owned by the domain owner (probably all web content), email in the domain owners mailbox, and possibly other files within any subdomains that may exist. It may be overridden during creation or editing of the virtual server.

Default limit on number of mailboxes

This option specifies the default number of mailboxes that may be created by the domain owner. It may be overridden during creation or editing of the virtual server.

Default limit on number of databases

If the domain owner has database creation privileges, you may specify the number of databases that he can create with this option.

Default limit on number of sub-domains

If the domain owner has sub-domain creation privileges, you may limite the number of sub-domains that can be created here.

Default bandwidth limit

If bandwidth monitoring is enabled and usage limits enforced, you may specify the usage limit here.

Directives and settings for new websites

It is possible to completely customize the Apache directives that are added when a new virtual server is created. Variable substitution is performed for all of the standard Virtualmin template variables. Care should be taken with Apache directives, as some present security issues. The Apache documentation and to a lesser degree the Apache sections of the Webmin documentation can be consulted to find more details about Apache configuration.

Automatically add appropriate SuExec directive?

If selected, SuExec will be enabled for the virtual server. SuExec is a feature of Apache that allows CGI scripts to be executed with only the privileges of the owner of the directory where the script is located. It also introduces other protections to help prevent insecure script usage, such as refusing to run scripts that have lax permissions (for example, those that are group or world writeable). SuExec is highly recommended except for in environments where all domain owners are trusted users. SuExec does present some limitations, such as the inability to run scripts "in-process" using modules like mod_perl or mod_python. With modern hardware, performance is rarely a major concern in a shared hosting environment, and shouldn't take precedence over security.

Write logs via program? (Handles missing log directory)

Virtualmin provides a special log writer application that solves the problem of users deleting their own log directory, which can cause Apache to fail on startup.

Add Apache user to Unix group for new servers?

This option determines whether the user that Apache runs as will be added to the new virtual host group. When enabled, permissions can be tightened significantly on user home directories. When tighter permissions (i.e. 750) are combined with SuExec, it makes it impossible for domain owners to see other domain owners directories and files. This option is recommended on any platform that supports secondary groups.

Users' website directory to create

This option specifies the name of the website content directory within the virtual server home directory. By default it will be called "public_html".

Permissions on website directory

This option specifies the initial permissions on the files and directories within the website directory specified in the previous option. If SuExec has been enabled, and the Apache user is added to the virtual server user group, these permissions can be tightened to prevent other users from seeing the contents of the website directory. This tightened set of permissions is recommended for any deployment unless all users with shell access are trusted users. The recommended permissions are 750, which equals rwxr-x—. In other words, the owner can read, write and execute, the group can read and execute, and others have no permissions to read, write or execute files within the directory.

Subdirectory for Webalizer statistics

If Webalizer log report analysis is enabled, this option will specify where the reports are generated. By default they appear in "public_html/stats" and can be visited at the "/stats" directory within the domain using a web browser.

Password-protect statistics?

If Webalizer log reports should be protected by a password, select yes here. The domain owner username and password will be used as the user that has permission to visit the reports.

Create alias websites by

A domain alias, also know as domain parking or domain forwarding, is a new domain that simply forwards web requests and email to the primary domain that it is an alias of. There are several types of alias available. Currently, web traffic can be directed to the primary domain via a set of ProxyPass rules, a Redirect rule, or simply adding a ServerAlias to the parent domain.

Port number for virtual hosts

This option specifies the port on which the virtual host will listen. By default, it will listen on the same default port as the system-wide Apache configuration specifies (normally 80).

Port number for SSL virtual hosts

This option specifies the SSL port on which the virtual host will listen. By default, it will listen on the same default SSL port as the system-wise Apache configuration specifies (usually 443).

Configure Webmin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Webmin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.

Configure Usermin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Usermin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.

Template Webalizer configuration

If domains created from this template should have a Webalizer configuration different from the Virtualmin default, you may specify a configuration file containing your preferences here. The file can be created manually, or using the Webalizer Webmin module.

BIND DNS records for new domains

When creating a new domain, a new zone is created. You may customize the records that are created here. This field expects valid named.conf entries, though the Virtualmin variables will be translated to the appropriate values for the domain. You may either add records to the standard Virtualmin-generated records, or you may completely replace the Virtualmin records with your own. For further information on BIND, consult the BIND chapter in the Webmin books.

Record mode

This option determines whether any records added in the previous option will be appended to the standard Virtualmin-generated records, or completely replace the standard records. If you replace the standard records, be sure to account for the extra records, like MX and NS, if you need them.

Add SPF DNS record?

SPF, or link:http://spf.pobox.com/[Sender Policy Framework], is a means to help reduce spam by enforcing some restrictions on what hosts can send mail claiming to be from what domain. Because the vast majority of spam originates from faked domain names, it is believed by many that preventing forged domain names in spam will reduce the overall volume of spam. If enabled, Virtualmin will automatically create an SPF record in your DNS server. This record can either contain specific hosts that are allowed to send mail using the domain name in question (with the server itself being the first such host, but any number of hosts can be listed), or a generic catch-all, which means any host can send mail claiming to be from this domain. The second option effectively nullifies the purpose of SPF, but is provided to make it easier for users to send mail "from" their own domain through various ISP mail servers.

Additional SPF IPs and hostnames

This option allows you to include additional IPs and hostnames in the SPF record for the new domain. Read more about SPF at the link:http://spf.pobox.com/[Sender Policy Framework] homepage.

Does SPF record cover all senders?

If enabled, the SPF record will apply only to the Virtualmin server itself, and all hosts specified in the previous option. This is the preferred method of SPF usage, as it strictly limits the hosts which can send mail claiming to be from this domain. However, if users must be able to send from arbitrary mail servers (such as those of their ISP), disabling this option may be necessary. It is, however, likely to lead to unfortunate side-effects in the future, as mail servers begin blocking hosts with no SPF record or particularly lax SPF records. Read more about SPF at the link: [http://spf.pobox.com/ Sender Policy Framework] homepage.

ProFTPd directives for new servers

This option allows you to specify custom ProFTPd directives for the new domain. You may use the Virtualmin standard template variables to include the home directory, username, etc. in the directives.

Anonymous FTP subdirectory to create

If anonymous FTP downloads will be allowed, you may specify the subdirectory where files for download will live. If altering the directives in the previous option, you must include an Anonymous section and it must match the location you provide here. Note that anonymous access via a specific domain name requires an IP-based virtual FTP host to be configured.

Email message to send upon server creation

If you would like owners of domains created from this template to receive a different email from the Virtualmin default, you may enter it here. You may use the standard template variables to include home directory, hostname, password, etc.

Subject line

This is the subject line that will be used for the email sent to owners of domains created from this template.

Also Cc email to

You may choose to have all emails sent to one or more email addresses specified here.

Mail aliases for new users

If new users should automatically have aliases setup, you may enter them here. Some variables can be used in these fields.

Mail aliases for new domains

It is often useful to automatically create a number of aliases when a new domain is created. For example, the RFC recommended "postmaster", "webmaster", "abuse", and "hostmaster" are all created by default by Virtualmin. You may wish to add your own, for example, "support" or "bugs", or anything else, depending on the most likely user of the domains created from this template.

Default database name

Virtualmin allows very flexible database creation and permissions. This field allows you to specify the default name of databases created as part of domains created from this template. By default Virtualmin uses the $\{PREFIX} variable, which is the first part of the domain name, and will generally also be the domain owner login name for Webmin. It may be useful to change this, in some circumstances to include a prefix that indicates the template from which it was generated, or to include additonal information about the database. It is possible to combine variables and any characters that are allowed in a PostgreSQL and/or MySQL database (depending on which databases are available).

**DEPRECATED** Wildcard for additional allowed MySQL databases

If the domain owner is allowed to create new databases, you may specify a wildcard expression to restrict the names that may be used.

Allowed MySQL client hosts

If additional hosts should be allowed to query the MySQL database, you may specify them here. This could be useful if this system is used as a database server and other machines will use the database. Security precautions should be followed to insure illicit access is not unintentionally allowed.

Create database as well as login?

If a database should be created automatically on domain creation, select yes here.

Update MySQL password to match server?

If the database user password should be synchronized with the system password, select yes here.

Ranges for automatic IP allocation

If SSL or FTP virtual hosts will be created using this template, you may specify a range of IP addresses to allocate from. Both SSL and FTP virtual hosts require a dedicated IP address, because neither supports name-based virtual hosting.