Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revisionBoth sides next revision | ||
opennic:setup:webminbind [2020-03-18T12:38:19Z] – created fouroh-llc | opennic:setup:webminbind [2020-03-26T12:15:57Z] – [Requirements] fouroh-llc | ||
---|---|---|---|
Line 7: | Line 7: | ||
* Both IP4 and IP6 must be configured, Reverse DNS hostnames recommended. Port 53 for both TCP and UDP must be open (also TCP 22, 10000 for ssh and Webmin). | * Both IP4 and IP6 must be configured, Reverse DNS hostnames recommended. Port 53 for both TCP and UDP must be open (also TCP 22, 10000 for ssh and Webmin). | ||
- | The following describes the required state of the VPS - before installing DNS. You may use other than Linode for this but be advised that most provider like GCE, AWS, DigitalOcean | + | The following describes the required state of the VPS - before installing DNS. You may use other than Linode for this but be advised that other providers such as GCE, AWS, DigitalOcean |
Here we start from a recent Debian release by Linode. At the time of writing that is Debian 9, and we recommend you install the smallest " | Here we start from a recent Debian release by Linode. At the time of writing that is Debian 9, and we recommend you install the smallest " | ||
Line 14: | Line 14: | ||
* Review the values in the " | * Review the values in the " | ||
- | This is not a tutorial on mitigating attacks against your instance, and secure configuration is not going to alter the requirements: | + | This is not a tutorial on mitigating attacks against your instance, and secure configuration is not going to alter the requirements: |
< | < | ||
apt-get -y update | apt-get -y update | ||
Line 21: | Line 21: | ||
locale-gen " | locale-gen " | ||
dpkg-reconfigure tzdata | dpkg-reconfigure tzdata | ||
+ | </ | ||
+ | |||
+ | Setting up a firewall at this point is optional, it might be a better idea to delay this. If you decide to do so, here is a quick way to do it - but this is not yet tested and verified to be working. | ||
+ | < | ||
apt-get install firewalld | apt-get install firewalld | ||
Line 32: | Line 36: | ||
</ | </ | ||
- | At this point it is a good idea to reboot, to make sure you are still able to ssh into the instance. Then install webmin. | + | Next install webmin. |
< | < | ||
echo 'deb https:// | echo 'deb https:// | ||
Line 42: | Line 46: | ||
This is a good time to take your first snapshot. Access your instance from the browser, by the IP4 address, at the default port 10000. I would recommend to continue all other installation and configuration from Webmin, for several reasons. | This is a good time to take your first snapshot. Access your instance from the browser, by the IP4 address, at the default port 10000. I would recommend to continue all other installation and configuration from Webmin, for several reasons. | ||
- | * If something breaks | + | * If something breaks allow Webmin to break it, and fixing it is going to be documented. |
* If something is not fully functional make a note of it NOW - document your own progress | * If something is not fully functional make a note of it NOW - document your own progress | ||
* If something is not available make a note of it NOW - and ask to be implemented | * If something is not available make a note of it NOW - and ask to be implemented | ||
- | ==== Default | + | ==== Configuration ==== |
- | //NOTE: The screenshots are made on Ubuntu MATE, using the MATE terminal set to size 132x43 - and Firefox resized to match the outline. Then Firefox is zoomed to 80% to provide enough screen real estate. An ALT+PrintScreen captures the Firefox window, the screenshot is uploaded. Not very sophisticated but its very quick.// | + | //NOTE: The screenshots are made on Ubuntu MATE, using the MATE terminal set to size 132x43 - and Firefox resized to match the outline. Then Firefox is zoomed to 80% to provide enough screen real estate. An ALT+PrintScreen captures the Firefox window, the screenshot is uploaded. Not very sophisticated but it is consistent and very quick.// |
===Debian 9 with Webmin 1.9xx=== | ===Debian 9 with Webmin 1.9xx=== | ||
- | One reason to use Webmin is to stay consistent with the default GNU software for the Debian distribution. With Debian 9 I made the choice to use firewalld - which is only my personal preference, as the default Debian 9 firewall is ufw. Since Webmin fully supports firewalld, and while uwf still needs to be managed from the root shell, this makes sense. Please send a message to the list, or better yet update this wiki with a better solution. | + | One reason to use Webmin is to stay consistent with the default GNU software for the Debian distribution. With Debian 9 I made the choice to use //firewalld// - which is only my personal preference, as the default Debian 9 firewall is //ufw//. Since Webmin fully supports firewalld, and while uwf still needs to be managed from the root shell, this makes sense. Please send a message to the list, or better yet update this wiki with a better solution. |
- | In that case when you do, and in the future when Debian 10 and Webmin 2.0 becomes relevant please document those configurations below, under a new section. For the Debian 9 with Webmin 1.9xx the defaults are documented [[opennic: | + | In the case when you do, and in the future when Debian 10 and Webmin 2.0 becomes relevant please document those configurations below, under a new section. For the Debian 9 with Webmin 1.9xx the defaults are documented [[opennic: |
- | To add the configurations for a Tier-1 is documented [[opennic: | + | To add the configurations for a Tier-1 is documented [[opennic: |
- | Security on the VPS host shall not be documented anywhere | + | There is nothing else worth mentioning |