Network configuration depends on the service provider. At first configure your server network settings if needed, it's optional. STATIC IP setting is recommended. Click here to follow my guide to achieve this.
Here I took an Debian 11 server to configure the free hosting control panel. Example server IP here is 10.145.32.126 and the example hostname here is host.businessdomain.com
Step 1) Reverse DNS by Server Provider
Setup rDNS/PTR record first, find the reverse-dns setting in your server provider's control panel, or contact your server provider to setup your reverse dns. Correct rDNS setting term is like ip-address = hostname
You can test/check your DNS entry at https://dnschecker.org
Step 2) Configure DNS records on your domain control panel
Glue records (Child name server):
ns1.businessdomain.com = 10.145.32.126
ns2.businessdomain.com = 10.145.32.126 (if your server has a secondary IP you should use that ip for ns2, but set rDNS for that secondary ip first)
Wait about 10 minutes to propagate your own nameservers glue record.
DNS records: Name Server
Point your domain's two namservers to:
ns1.businessdomain.com
ns2.businessdomain.com
Step 3) Configure firewall ports to your external firewall router (if any)
21=ftp
22=ssh (should be disabled later)
25=smtp
53(udp)=dns (must for own nameserver)
80=http
123(udp)=ntp
443=http(s)
465=smtp(s)
587=starttls
993=imap(s)
995=pop3(s)
10000=default-Webmin (Control panel)
20000=default-Usermin (Webmail panel)
51000=custom-webmin (optional, for security)
52000=custom-usermin (optional, for security)
After installation of Virtualmin, we should use custom port and disable the ports 22, 10000 and 20000
Login to SSH as root by using PuTTy, and start installing the panel.
Learn more about PuTTy by clicking here
In PuTTy, start entering the commands:
Step 4) Configure Hostname
nano /etc/hosts
Make hosts entry look like this:
127.0.0.1 localhost
10.145.32.126 host.businessdomain.com host
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Save the hosts file
Additionally, if you want to prevent outgoing delivery to spam, you may fix the hostname and disable ipv6 hostname
Step 5) Change the hostname of the machine
echo host > /etc/hostname
hostname host
Set hostname at the current session if needed
hostnamectl set-hostname host
Step 6) Edit the file /etc/systemd/resolved.conf and add public DNS name-servers
This step you must follow my guide to fixed the resolver dns.
Click here to set public dns by following my guide
Step 7) Download and install the Virtualmin script
apt install wget
wget https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh
sudo sh virtualmin-install.sh
if prompt, enter y and continue...
Wait a few minutes and the installation will be completed.
Step 8) Change the ports from default to custom
Login to panel as root user: https://10.145.32.126:10000
Ignore security exception and proceed...
Change Webmin panel port: Webmin > Webmin > Webmin Configuration > Ports and Addresses
to Port 51000
Change Usermin/Webmail panel port: Webmin > Webmin > Usermin Configuration > Ports and Addresses
to Port 52000
After that, disable default port 10000 and 20000 on your external firewall router. Also disable the 22 port because the Webmin panel has its own Terminal.
Terminal URL: https://10.145.32.126:51000/xterm/index.cgi?user=root
Step 9) Configure DKIM
Login as root at https://10.145.32.126:51000
i. Virtualmin > Email Settings > DomainKeys Identified Mail
ii. Click Install Now
iii. Virtualmin > Email Settings > DomainKeys Identified Mail
iv. Check Yes to Signing of outgoing mail enabled? = Yes
v. Check No to Reject incoming email with invalid DKIM signature? = No
vi. Click Save
Step 10) Configure default DNS template
Login as root at https://10.145.32.126:51000
i. Virtualmin > System Settings > Server Templates > Default Settings > DNS Domain
ii. Keep BIND DNS records for new domains the default selection No additional records
iii. Keep the option Address records for new domains as default (all selected)
iv. Beneath Hostname for MX record, choose Hostname and enter your server's primary hostname host.businessdomain.com
v. Make sure the Default TTL for DNS records option is selected with Use BIND module setting
vi. Beneath Add sub-domain DNS records to parent domain, choose No
vii. Enter your own nameservers in the Additional manually configured nameservers field
ns1.businessdomain.com
ns2.businessdomain.com
and, uncheck/deselect the option Add nameserver record for this system
viii. Make sure Take over existing zone when creating = Yes
ix. Make sure Enable proxing on new records = No
x. Beneath Master DNS server hostname, make sure the Hostname is selected, and the server's primary hostname is added host.businessdomain.com
xi. Make sure Create NS records in server's domain = No
xii. Beneath Add SPF DNS record, make sure the Yes, with server's IP address is selected
xiii. Enter your server's primary IP address (which is your primary hostname's A record) in the Additional SPF IPs and hostnames field
10.145.32.126 (replace your own ip here)
and, uncheck/deselect the option Add system and virtual server's IP addresses?
xiv. (Optional): If you want to use G Suite / Google Workspace email relay then enter _spf.google.com beneath Additional SPF included domains field
xv. Make sure the Does SPF record cover all senders = Yes (not "Yes, and deny other senders")
xvi. Make sure the Add DMARC DNS record = Yes, with policy below
xvii. Set/choose the DMARC policy for emails that fail SPF or DKIM = Reject email
xviii. Keep the Reporting URI for forensic reports and Reporting URI for aggregate reports = Default mailto:postmaster@domain
xix. Keep the Percentage of messages to apply policy to default 100%
xx. Enter sp=reject; under the Extra DMARC options field
xxi. Keep the Additional named.conf directives for new zones to None
xxii. Keep the Create DNSSEC key and sign new domains = No
Note that, if you want to manage your all domain(s) DNS record from your own Virtualmin host (this host) then Enable this option to Yes, and later point your all domain's nameservers to your own nameserver ns1.businessdomain.com, ns2.businessdomain.com
xxiii. Finally, click Save
Step 11) Configure Account Plans
Login as root at https://10.145.32.126:51000
i. Virtualmin > System Settings > Account Plans
ii. Click on Default Plan
iii. Configure Default Plan so that the PostgreSQL will be disabled and MariaDB is enabled.
iv. Basic Plan Details: Choose as you like
v. Allowed virtual server features:
Select all, exclude: PostgreSQL Database, Webalizer reporting, ProFTPD virtual FTP, Virtual IP Address
vi. Allowed capabilities: Selected below ...
Can manage aliases
Can install scripts
Can select PHP versions
Can edit email settings
Can select shared IPs
Can manage users
Can manage databases
Can manage SSL certificates
Can edit website redirects
Can configure spam and virus delivery
Can edit PHP and website options
Can create catchall aliases
Can change domain's password
Can edit DNS records
vii. Then, Save and Apply
Now you are able to install any scripts within Virtualmin panel. Not needed now, proceed to next steps.
Step 12) Add a virtual host for main domain businessdomain.com
Login as root at https://10.145.32.126:51000
i. Virtualmin > Create Virtual Server
Create Virtual Server means Add a Domain to your server (like an individual cPanel account under WHM)
ii. Enter Domain Name: businessdomain.com
iii. Description: Main business site
iv. Enter Administration password: generate a hardened password and enter that
v. Keep the all other settings as default
vi. Scroll below, and click Create Server
Step 13) (Optional): If not exist already (DNS A Records for ns1, ns2, host)
Login as root at https://10.145.32.126:51000
Virtualmin > Virtual Server Summery
From upper (just beneath the Virtualmin logo) select the main domain (maybe already selected)
i. Go to DNS setting at Virtualmin > Server Configuration > DNS Records
Scroll below, and click Manually Edit Records
ii. Create the nameserver entries A records (if not exist, check first)
ns1.businessdomain.com. IN A 10.145.32.126
ns2.businessdomain.com. IN A 10.145.32.126 (if available enter your secondary ip)
ii. Create the hostname subdomain A record (if not exist, check first)
host.businessdomain.com. IN A 10.145.32.126
iii. Scroll below, and click Save and Close
Step 14) Add a virtual host for hostname
Login as root at https://10.145.32.126:51000
Virtualmin > Create Virtual Server
i. Enter Domain Name: host.businessdomain.com
ii. Description: Hostname default site
iii. Enter Administration password: generate a hardened password and enter that
iv. Keep the all other settings as default
v. Scroll below, and click Create Server
Step 15) Configure Service SSL Certificates
Login as root at https://10.145.32.126:51000
i. Select the hostname (host.businessdomain.com) under Virtualmin logo
ii. Virtualmin > Server Configuration > SSL Certificate
iii. In the Current Certificate tab, look beneath Issuer organization
If it's Let's Encrypt then scroll below, and click Set as Default Services Certificate
If it's not Let's Encrypt then go to the upper Let's Encrypt tab, and request certificate with auto-renew, then back again to Current Certificate tab, and click Set as Default Services Certificate
Finally, you can login by hostname URL now, not needed IP URL anymore !
Logout, and login to https://host.businessdomain.com:51000
Step 16) Webmail additional security
Login as root at https://host.businessdomain.com:51000
i. Webmin > Servers > Postfix Mail Server
ii. Within the Postfix Mail Server modules page, click on the SMTP Authentication And Encryption module
iii. Scroll below to the Enable TLS encryption? option, and select Always
iv. Save and Apply
v. Back to Webmin > Servers > Postfix Mail Server
vi. Within the Postfix Mail Server modules page, click on the SMTP Client Options module
vii. Scroll below to the Use TLS for SMTP connections? option, and select Yes
viii. Save and Apply
ix. Back to Webmin > Servers > Postfix Mail Server
x. Within the Postfix Mail Server modules page, scroll below and click Reload Configuration button
Step 17) Install Scripts
Login as root at https://host.businessdomain.com:51000
i. Select the hostname (host.businessdomain.com) under Virtualmin logo
ii. Virtualmin > Install Scripts
Select the upper tab Available Scripts
Choose phpMyAdmin
Scroll below, and click Show Install Options
Make sure the Automatically login to phpMyAdmin = No
Make sure the Database to manage option is set to All databases
Make sure the Install sub-directory under public_html option is selected custom as phpmyadmin
Make sure the Allow logins with empty passwords option is set to No
Include all languages? = No
Click Install Now
When installation finished, keep saved the initial login information.
Your phpMyAdmin access URL is: https://host.businessdomain.com/phpmyadmin/
iii. Virtualmin > Install Scripts > Available Scripts
Choose RoundCube
Scroll below, and click Show Install Options
Make sure, beneath the Database for RoundCube preferences option host_roundcube (MariaDB, new database) is selected
Make sure the Install sub-directory under public_html option is selected custom as roundcube
Click Install Now
Your Webmail access URL is: https://host.businessdomain.com/roundcube/
Step 18) Website and Email access
Create Virtual Server menu means Add a Domain to your server (like an individual cPanel account under WHM)
Edit Users menu means Create Emails under your selected domain (like Email Accounts within cPanel) (after going to this menu and clicking Add a user to this server will create a mail account) (additionally, database user can be created here also)
Edit Mail Aliases menu means Create Email Forwarders under your selected domain (like Forwarders within cPanel) (after going to this menu and clicking Add an alias to this domain will create a mail forward only account)
Edit Databases menu means Manage Databases to your server (like Databases section under cPanel)
(Note that you should obtain the database username and password from this menu at Usernames and Passwords tab, and this default username and password will work for all databases you create under this domain)
Login as root at https://host.businessdomain.com:51000
i. From upper (just beneath Virtualmin logo) select a website domain name
Upload or edit Website files at Virtualmin > File Manager
ii. Create database at Virtualmin > Edit Databases
If you need to import an existing database, create a new database first and then import by using phpMyAdmin.
You should obtain the database username and password from the Usernames and Passwords tab, and this default username and password will work for all databases you create under this domain.
Your phpMyAdmin access URL is: https://host.businessdomain.com/phpmyadmin/
iii. Create Email address at Virtualmin > Edit Users
For catch-all email account, choose an existing email account and click on that email user to go to that email settings, click Email Settings, in the Additional email addresses field enter @businessdomain.com and then Save
Your Webmail access URL is: https://host.businessdomain.com/roundcube/
Step 19) Install NTP for time update
Terminal URL: https://host.businessdomain.com:51000/xterm/index.cgi?user=root
sudo apt-get install ntp
sudo apt-get install ntpdate
sudo apt-get install sntp
reboot
Then, you can set time at Webmin > Hardware > System Time
Step 20) Additional Security Settings
Login as root at https://host.businessdomain.com:51000
Be prepared to install ModSecurity and CSF firewall for server protection.
Step 21) Install and configure ModSecurity
Guide follow: https://eubilal.blogspot.com/2023/03/webmin-modsecurity-setup-virtualmin.html
Step 22) Install and configure CSF
Guide follow: https://eubilal.blogspot.com/2023/03/webmin-firewall-virtualmin-firewall.html
Step 23) Configure other Virtualmin Settings
Browse each and every left-sidebar menu, and learn to configure additional things !
Post a Comment
Post a Comment