Ubuntu 14.04 and Virtualmin Part 2

Ubuntu 14.04 and Virtualmin Part 2

Web Stuff 06.09.2015 8819


Ubuntu 14.04 and Virtualmin Part 2

Welcome to our second part of how to install Virtualmin on Ubuntu 14.04 and run your own web hosting environment.

Your server is up and running but not quite finished yet. In the second part we will go through the virtualmin / webmin configuration, create second user in SSH, disable root login and add virtual memories to your server.

Configure Virtualmin

Please login via web browser to your new server (you should know how that works, otherwise you will find it in part one) and go to:

Webmin - Webmin Configuration - Webmin Themes - Change Theme

On the dropdown choose Authentic Theme, press Change. After reloading the page already looks much better than before, however you might need to refresh your browser once to completely load the new theme.

Do the same for Usermin:

Webmin - Usermin Configuration - Usermin Themes

Choose also the Authentic Theme and press Change.

After that you can update the theme to the latest version, therefore click on the Webmin button in the top left corner in the center of your screen you will see an update button next to the theme you currently use.

Now it looks much nicer doesn't it?!

Ok, it is now time to run the post installation wizard in Virtualmin go to:

Virtualmin - System Settings - (Re-)Run Install Wizard

Following options you should choose with your 1GB VPS.

Preload Virtualmin libraries? Yes
Run email domain lookup server? Yes
Run ClamAV server scanner? Yes
Run SpamAssassin server filter? Yes
Run MySQL database server? Yes
Set MySQL Password (something strong)
MySQL configuration size? Depends what you want to do, small systems 256MB will usually do,busy websites will need 512MB to 1gb
Primary nameserver: ns1.yourdomain.com
Secondary nameservers (optional): ns2.yourdomain.com
Skip check for resolvability: checked
Password storage mode: Only store hashed passwords

Press next and your webmin / virtualmin setup is almost done.

The last step is changing the ports on how to connect to your webmin and usermin, it is just an extra small security. This step doesn't need to be done.

Webmin - Webmin Configuration - Ports and Addresses - Listen on Port

Default port here is 10000 change it to anything you like but it should be above 2000.

Same for Usermin, please go to:

Webmin - Usermin Configuration - Ports and Addresses - Listen on Port

Default port here is 20000 change it to anything you like but it should be above 2000 and not the same as the webmin port.

Additional User in SSH, disable Root Login

The next step and that should be always done with any server is to create a second user via SSH and disable root login. Changing the SSH port from 22 to something else is not necessary and should be avoided I think.

Ok, it is time to login to your server via Terminal and create the second user again one line at the time.

adduser demo
gpasswd -a demo sudo
su demo
mkdir .ssh
chmod 700 .ssh

What have we done?

  1. The first line will add the user (name it as you like, here we call the user demo)
  2. Will add the user to the group sudo (like an admin)
  3. We connect with this user
  4. We create a folder called ssh
  5. We changed permission for this folder

Now we need the public SSH key again from your local machine. You remember how to get it? Hint, go to part one and you will find it how to get it.

Ok, we got the public SSH key from your local machine let's move on to the server side, copy/paste or type following line in your terminal connected to your server:

nano .ssh/authorized_keys

Paste your public key from the clipboard into the empty file and press CTRL - X.

We have now saved your public key for the user demo, so the demo user can also connect to your server but only with your machine. In this file you can add more public keys from other machines if you administrate from more than one machine.

The last step is to change permission for this file, so no one else can change it.

chmod 600 .ssh/authorized_keys
exit

Before we disable the root login open a second terminal window and connect to your server now with the new user:

ssh demo@your_server_ip_address

If that works fine, we can proceed with disabling the root login. In your first terminal where you still connected with root, type or copy/paste following line:

nano /etc/ssh/sshd_config

Find PermitRootLogin Yes and change it to PermitRootLogin No

Hit CTRL - X to save the change restart the SSH service and we should have a pretty secure web server.

service ssh restart

Virtual Memory

At last we add some virtual memory to speed up your web server in case an application needs all the memory your server has. First we need to connect to the server via terminal we do it with your new user, you know the drill easy as.

ssh demo@your_server_ip_address
sudo -i

Hey, there is something new! What is sudo -i ? Because we are not root anymore but most changes need to be done under root we change to root with sudo -i, you will be asked for the root password when you enter sudo -i.

Now let's add some virtual memory for your web server. If you are on digitalocean, enter following (again line by line):

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'

Should your server be with vultr you need to do it this way:

dd if=/dev/zero of=/swapfile count=2048 bs=1M
ls / | grep swapfile
chmod 600 /swapfile
ls -lh /swapfile
mkswap /swapfile
swapon /swapfile
nano /etc/fstab
/swapfile   none    swap    sw    0   0

We reserve 2GB of hard drive space for virtual memory. 2GB is usally enough but you can add more or less of course, you should just know that the space you are reserve is not available for other web stuff.

At last we reboot the server and when you go back to virtualmin via your web browser you will have virtual memory showed in your dashboard.

virtualmin_dashboard

In the third and last part of how to install Webmin / Virtualmin on Ubuntu 14.04 we will cover how to setup nameservers, setup domain, ssl certificate and email accounts. Read you soon...