How to Install Webmin on CentOS 8/RHEL 8 Server

Webmin is a free and open-source control panel for administering Unix/Linux servers. This tutorial will be showing you how to install Webmin on CentOS 8/RHEL 8 server.

How to Install Webmin on CentOS 8 RHEL 8 Server

Webmin provides users with a graphical web-based user interface to configure common system tasks and settings. If you don’t like the idea of using the command line to manage your server, then Webmin is a good graphical alternative to you. The following is a list of functionalities provided by Webmin.

  • BIND DNS resolver and authoritative DNS server
  • Samba Server
  • FTP server
  • Postfix SMTP server and Dovecot IMAP/POP3 server.
  • filesystem backup
  • Configure log file rotation.
  • Edit package repositories, schedule automatic software updates and receive update reports via email.
  • Manage users and groups
  • Schedule Cron jobs.
  • Configure iptables firewall
  • And many more.

Install Webmin on CentOS 8/RHEL 8 From Webmin Repository

Webmin has been around since 1997. At the time of this writing, the latest stable version available is 1.970, which was released on January 6, 2021. Webmin isn’t in CentOS/RHEL software repository. It’s recommended to install Webmin from its official repository so that you can always get the latest version.

To add Webmin repository, create a repository file with a command-line text editor such as Nano.

sudo dnf install nano

sudo nano /etc/yum.repos.d/webmin.repo

Add the following lines in the file.

[Webmin]
name=Webmin Distribution Neutral
#baseurl=https://download.webmin.com/download/yum
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1

add webmin repository centos 8 rhel 8

Save and close the file. To save the file in Nano text editor, press CTRL+O, then press Enter to confirm. To close the file, press CTRL+X . Next, we need to run the following command to download and import Webmin PGP signing key so that the package manager can verify the integrity of packages downloaded from Webmin repository.

wget http://www.webmin.com/jcameron-key.asc

Then import it with:

sudo rpm --import jcameron-key.asc

Now we can update repository and install Webmin.

sudo dnf update -y

sudo dnf install webmin -y

Once installed, the Wemin built-in web server will automatically start as can be seen by running the systemctl command below:

systemctl status webmin

Output:

install-webmin-on-centos8-rhel8

Hint: If the above command doesn’t quit immediately, you can press the Q key to gain back control of the terminal.

If it’s not running, you can start it with:

sudo systemctl start webmin

If you see the “Unit webmin.service could not be found” error, then you need to restart your server.

sudo shutdown -r now

Webmin server listens on port 10000, so you need to open TCP port 10000 in the firewall.

sudo firewall-cmd --permanent --add-port=10000/tcp

sudo systemctl reload firewalld

Now you can access the web-based control panel via

https://your-server-ip:10000

Because it’s running in HTTPS mode and using a self-signed TLS certificate, so you will be told by the browser that the connection is not secure.

webmin ssl mode

But you know this is your own server, so simply click the Advanced tab in Firefox and add exception. If you are using Google Chrome, you can click Advanced -> Proceed.

Now you will be presented with Webmin login screen. You need to use root account to login.

webmin-centos-rhel-install

If you don’t like the default color on the navigation menu, you can change it to a different color by clicking the theme configuration icon on the bottom of the navigation menu,

webmin-theme-configuration-centos8-rhel8

then select navigation menu options and set the color palette. For example, I selected Midnight blue.

webmin navigation menu color

Save the change.

Setting Up Reverse Proxy

If you install Webmin on a production server, you might want to set up reverse proxy with Apache or Nginx so that you can use a domain name to access the Webmin interface without specifying the port number (10000). This also allows you to obtain and install a valid Let’s Encrypt TLS certificate for Webmin.

If you don’t have a real domain name, I recommend going to NameCheap to buy one. The price is low and they give whois privacy protection free for life.

Apache

If you prefer to use Apache web server, then follow the instructions below to set up reverse proxy.

Install Apache web server.

sudo dnf install httpd

Then create a virtual host file for Webmin.

sudo nano /etc/httpd/conf.d/webmin.conf

Add the following texts into the file. Replace webmin.your-domain.com with your actual domain name and don’t forget to create DNS A record for it.

<VirtualHost *:80>
    ServerName webmin.your-domain.com

    ProxyPass / http://127.0.0.1:10000/
    ProxyPassReverse / http://127.0.0.1:10000/
</VirtualHost>

Save and close the file. Reload Apache for the changes to take effect.

sudo systemctl reload httpd

By default, SELinux forbids Apache to make network requests to other servers, but later Apache needs to forward HTTP requests to 127.0.0.1:10000, so we need to tell SELinux to allow Apache with the following command.

sudo setsebool -P httpd_can_network_connect 1

Now you can remotely access Webmin by entering the domain name (webmin.your-domain.com ) in browser address bar.

Nginx

If you prefer to use Nginx web server, then follow the instructions below to set up reverse proxy.

Install Nginx on CentOS/RHEL.

sudo dnf install nginx

Start Nginx web server.

sudo systemctl start nginx

Then create a new server block file in /etc/nginx/conf.d/ directory.

sudo nano /etc/nginx/conf.d/webmin.conf

Paste the following text into the file. Replace webmin.your-domain.com with your preferred domain name and don’t forget to create DNS A record for it.

server {
       listen 80;
       listen [::]:80;
       server_name webmin.your-domain.com;

       access_log /var/log/nginx/webmin.access;
       error_log /var/log/nginx/webmin.error;

       location / {
              proxy_pass http://127.0.0.1:10000;
              #proxy_set_header Host $http_host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
        }
}

Save and close the file. Then test Nginx configuration.

sudo nginx -t

If the test is successful, reload Nginx.

sudo systemctl reload nginx

By default, SELinux forbids Nginx to make network requests to other servers, but later Nginx needs to forward HTTP requests to 127.0.0.1:10000, so we need to tell SELinux to allow Nginx with the following command.

sudo setsebool -P httpd_can_network_connect 1

Now you can access Webmin Web interface via webmin.your-domain.com.

Enable HTTPS

To encrypt the HTTP traffic when you visit Webmin web interface, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on CentOS/RHEL.

sudo dnf install certbot

If you use Apache, then you need to install the Certbot Apache plugin.

sudo dnf install python3-certbot-apache

Next, run the following command to obtain and install TLS certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com

If you use Nginx, then you need to install the Certbot Nginx plugin.

sudo dnf install python3-certbot-nginx

Next, run the following command to obtain and install TLS certificate.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d webmin.your-domain.com

Where:

  • --apache: Use the Apache plugin.
  • --nginx: Use the nginx plugin.
  • --agree-tos: Agree to terms of service.
  • --redirect: Force HTTPS by 301 redirect.
  • --hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
  • --staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

The certificate should now be obtained and automatically installed. And you will be able to access Webmin web interface over a secure HTTPS connection.

webmin-ssl-certificate-centos-rhel

Add Trusted Referrers

Because Webmin itself is running in HTTP mode and we enabled HTTPS in Apache/Nginx, Webmin will think that https://webmin.your-domain.com is outside the Webmin server. So we need to add trusted referrers.

Edit the Webmin config file.

sudo nano /etc/webmin/config

Add the following line at the end.

referers=webmin.your-domain.com

Save and close the file. Then restart Webmin.

sudo systemctl restart webmin

Disable HTTPS Mode in Webmin

Now that TLS connection is terminated at Apache/Nginx, we need to disable HTTPS mode in the Webmin’s built-in web server. Edit the Webmin configuration file.

sudo nano /etc/webmin/miniserv.conf

Find the following line.

ssl=1

Change it to the following to disable HTTPS mode in Webmin.

ssl=0

We can also add the following line in this file so that the built-in web server only allows access from localhost. Visitors using the http://public-ip:10000 scheme will be forbidden.

allow=127.0.0.1

Save and close the file. Then restart Webmin.

sudo systemctl restart webmin

Troubleshooting

If you see any errors, you can check the Webmin error log (/var/webmin/miniserv.error) to troubleshoot.

Wrapping Up

I hope this tutorial helped you install Webmin on CentOS 8/RHEL 8. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂

Rate this tutorial
[Total: 0 Average: 0]

2 Responses to “How to Install Webmin on CentOS 8/RHEL 8 Server

  • steve I.
    2 months ago

    Why would you due a guide to anything centos 8 related. Centos 8 is no longer supported.

    • This title includes CentOS 8/RHEL 8, so this works for both CentOS 8 and Red Hat Enterprise Linux 8.

      When CentOS 8 replacements such as Rocky Linux release production-ready builds, you can apply CentOS 8/RHEL 8 tutorials on Rocky Linux.

      Technically CentOS 8 is still supported now. It will reach end-of-life on December 31, 2021. Even after that, you can convert CentOS 8 to CentOS Stream, which is very similar to RHEL 8.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded.