opennic:setup:webminbind

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
opennic:setup:webminbind [2020-03-18T12:48:40Z] – [Requirements] fouroh-llcopennic:setup:webminbind [2020-03-26T12:24:28Z] (current) – [Installing using Webmin] fouroh-llc
Line 1: Line 1:
 ===== Installing using Webmin ===== ===== Installing using Webmin =====
-Webmin provides more than just some webforms, it is part of a fully rounded virtualization and cloud platform. Virtualmin and Cloudmin are used to create complex networks, and they install on top of a brand new BIND instance. Webmin is the glue holding the networks together by installing its own perl-based web services and the standard GNU/Linux technology stack. Webmin is libre as most frameworks are, while Virtualmin and Cloudmin are the support-subscriptions keeping www.virtualmin.com in business.+Webmin provides more than just some webforms, it is part of a fully rounded virtualization and cloud platform. Virtualmin and Cloudmin are used to create complex networks, and they install on top of a brand new BIND instance. Webmin is the glue holding the networks together by installing its own perl-based web servicesthe standard GNU/Linux technology stack, using ssh and making remote procedure calls (RPC). By adding its own schema to OpenLDAP it supports fine-grained privileges, it has build in support for file-based virtualization and more. Webmin is libre while Virtualmin and Cloudmin are the support-subscriptions keeping www.virtualmin.com in business.
  
 ==== Requirements ==== ==== Requirements ====
Line 7: Line 7:
   * Both IP4 and IP6 must be configured, Reverse DNS hostnames recommended. Port 53 for both TCP and UDP must be open (also TCP 22, 10000 for ssh and Webmin).   * Both IP4 and IP6 must be configured, Reverse DNS hostnames recommended. Port 53 for both TCP and UDP must be open (also TCP 22, 10000 for ssh and Webmin).
  
-The following describes the required state of the VPS - before installing DNS. You may use other than Linode for this but be advised that other providers such as GCE, AWS, DigitalOcean might not NOT going to allow for one or the other (GCE does not provide IP6 with rDNS, for example).+The following describes the required state of the VPS - before installing DNS. You may use other than Linode for this but be advised that other providers such as GCE, AWS, DigitalOcean might NOT going to allow for all necessary criteria (GCE does not provide IP6 with rDNS, for example).
  
 Here we start from a recent Debian release by Linode. At the time of writing that is Debian 9, and we recommend you  install the smallest "Nanode 1GB RAM" instance. Here we start from a recent Debian release by Linode. At the time of writing that is Debian 9, and we recommend you  install the smallest "Nanode 1GB RAM" instance.
Line 14: Line 14:
   * Review the values in the "Notification Thresholds" to be alerted during attacks.   * Review the values in the "Notification Thresholds" to be alerted during attacks.
  
-This is not a tutorial on mitigating attacks against your instance, and secure configuration is not going to alter the requirements: you may later replace the root login with another, configure ssh keys, install a different firewall, change default ports, filter for login source IP, limit the number of attempts, etc... Here we create a functional node and leave the rest for a different wiki.+This is not a tutorial on mitigating attacks against your instance, and secure configuration is not going to alter the requirements: you may later replace the root login with another, configure ssh keys, install a different firewall, change default ports, filter for login source IP, limit the number of attempts, etc... Here we create a functional node and leave the rest to a different section on this wiki.
 <code> <code>
 apt-get -y update apt-get -y update
Line 21: Line 21:
 locale-gen "en_US.UTF-8" locale-gen "en_US.UTF-8"
 dpkg-reconfigure tzdata dpkg-reconfigure tzdata
 +</code>
 +
 +Setting up a firewall at this point is optional, it might be a better idea to delay this. If you decide to do so, here is a quick way to do it - but this is not yet tested and verified to be working.
 +<code>
 apt-get install firewalld apt-get install firewalld
  
Line 32: Line 36:
 </code> </code>
  
-At this point it is a good idea to reboot, to make sure you are still able to ssh into the instance. Then install webmin.+Next install webmin.
 <code> <code>
 echo 'deb https://download.webmin.com/download/repository sarge contrib' | sudo tee -a /etc/apt/sources.list.d/sources.list echo 'deb https://download.webmin.com/download/repository sarge contrib' | sudo tee -a /etc/apt/sources.list.d/sources.list
Line 42: Line 46:
  
 This is a good time to take your first snapshot. Access your instance from the browser, by the IP4 address, at the default port 10000. I would recommend to continue all other installation and configuration from Webmin, for several reasons.  This is a good time to take your first snapshot. Access your instance from the browser, by the IP4 address, at the default port 10000. I would recommend to continue all other installation and configuration from Webmin, for several reasons. 
-  * If something breaks lets allow Webmin to break it, that was the fix is going to benefit everyone+  * If something breaks allow Webmin to break it, and fixing it is going to be documented.
   * If something is not fully functional make a note of it NOW - document your own progress   * If something is not fully functional make a note of it NOW - document your own progress
   * If something is not available make a note of it NOW - and ask to be implemented   * If something is not available make a note of it NOW - and ask to be implemented
Line 54: Line 58:
 In the case when you do, and in the future when Debian 10 and Webmin 2.0 becomes relevant please document those configurations below, under a new section. For the Debian 9 with Webmin 1.9xx the defaults are documented [[opennic:setup:webminbind:debian9u0webmin1u9base|here]]. In the case when you do, and in the future when Debian 10 and Webmin 2.0 becomes relevant please document those configurations below, under a new section. For the Debian 9 with Webmin 1.9xx the defaults are documented [[opennic:setup:webminbind:debian9u0webmin1u9base|here]].
  
-To add the configurations for a Tier-1 is documented [[opennic:setup:webminbind:debian9u0webmin1u9tier1|here]], and for a Tier-2 is documented [[opennic:setup:webminbind:debian9u0webmin1u9tier2|here]]. Security based on the Host (which is Linode) is detailed [[opennic:setup:webminbind:debian9u0webmin1u9linode|here]]..+To add the configurations for a Tier-1 is documented [[opennic:setup:webminbind:debian9u0webmin1u9tier1|here]], and for a Tier-2 is documented [[opennic:setup:webminbind:debian9u0webmin1u9tier2|here]]. Your security options available by the VPS Provider (which is Linode) is detailed [[opennic:setup:webminbind:debian9u0webmin1u9linode|here]]. Of course, security measures implemented on the VPS slice itself shall never be documented online - the less the attackers know the better.
  
-Security on the VPS host shall not be documented anywhere for production systems - the less the attackers know the better.+There is nothing else worth mentioning for this Debian / Webmin combination.
  
  • /wiki/data/pages/opennic/setup/webminbind.txt
  • Last modified: 4 years ago
  • by fouroh-llc