• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Running Webmin under Apache

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#1
I have installed the latest version of Webmin on FreeBSD 7.2 successfully. I now want to set it up so that it runs as a sub directory under Apache. I have *tried* so very hard to follow the instructions at:

http://www.webmin.com/apache.html (scroll down a bit for the sub directory instructions)

but to date I cant get it to work. When ever I browse the URL:

http://www.mydomain.com/webmin I get:

Code:
HTTP 403 Forbidden
I am quite new to FreeBSD and Apache (and Webmin!) so I am battling to troubleshoot this, can someone kindly help? I found the instructions on the web site GREAT for installing Webmin and configuring it with SSL but the Apache instructions just confused me (maybe its because I dont fully understand all the Apache terms!).

Currently my webmin.conf looks as follows:

Code:
Options Indexes FollowSymLinks
AllowOverride All
order allow,deny
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
Options ExecCGI
SetEnv WEBMIN_CONFIG /etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/local/webmin
SetEnv MINISERV_CONFIG /etc/webmin/miniserv.conf
AuthName Webmin
AuthType basic
AuthUserFile /etc/webmin/htusers
require MyUser
If theres any info I left out let me know I will post it.

Many MANY thanks! :e
 

Voltar

Active Member

Thanks: 24
Messages: 191

#2
http://www.webmin.com/apache.html said:
Add the line webprefix=/webmin to /etc/webmin/config.
Looks like you may have missed that one? Also, what does your httpd.conf section look like? It looks like you may have added everything to your webmin configuration file and not Apache?
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#3
According to the site you add the line webprefix=/webmin to /etc/webmin/config which I did (I tried with and without this line).

I didn't touch my httpd.conf for webmin. I have it in a separate file called webmin.conf (the one posted above).

This really has me stumped...
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,125
Messages: 27,000

#4
The webmin config probably lives in /usr/local/etc not /etc/. Ports always install with the prefix /usr/local.

Also have a look at the apache error log, any clues there?
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#5
I didnt install Webmin from a port, I downloaded the tar.gz file from Webmins site (yeah I know I should have used the port, at the time I wasn't aware of ports).

If I look in the logfile at /var/log/httpd-error.log it says:

Code:
[Fri Jul 17 16:28:37 2009] [error] [client 192.168.1.100] client denied by server configuration: /usr/local/webmin
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#6
The author suggested I try setting Webmin using mod_proxy in Apache.

How do I enable this module in Apache? I tried this:

make config ; make install clean

but it moaned that it was already installed. Fair enough but how do I add on modules post install of the Apache port?
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#7
@xy16644: I suspect a lot of these issues would be corrected if you simply removed your webmin installation and installed the port instead. It doesn't seem like there is a huge investment in your current installation (since it's borked).

-------

Anyway, the message you are seeing in your error log simply means Apache web server is explicitly or implicitly denying access, based on what he has been told to do (by you or by a default configuration).

Edit your /usr/local/etc/apache22/httpd.conf (your path may differ) file, and add a little section that looks like:

Code:
Alias /webmin "/usr/local/webmin"

<Directory "/usr/local/webmin">

    Options None
    AllowOverride None

    SSLRequireSSL

    Order Deny,Allow
    Deny from all
    Allow from 10.0.50.

</Directory>
Except you'll need to 1) check that /usr/local/webmin is world readable/executable; 2) add your own network to the "Allow from..." line; 3) configure SSL settings appropriately if you haven't already.

Afterwards, to access webmin on your host, use https://host.here/webmin.
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#8
Thanks anomie.

I followed your advice and completely uninstalled Webmin. I then reinstalled from a port. I also added the section to the httpd.conf file. Only difference is the port installed webmin into /usr/local/lib/webmin.

What are the correct permissions for this folder?

I took out the SSL bit as I'd like to get it working without encryption first. I also added my IP address to the allow list.

After all that I am STILL getting an HTTP 403 Forbidden.

I am about to give up...;-( This is the only thing I cant get to work on FreeBSD so far!

How can I troubleshoot this and set it up from the beginning so that I can get webmin running successfully under Apache (with SSL ultimately)?

I really appreciate your help!!
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#9
The correct permissions for /usr/local/lib/webmin should be 755, and it should be owned by www:www. (I think... that may be more generous than necessary, actually. I don't use webmin, so I am not 100%.)

Don't give up. Anything worth doing is difficult - at first.

I'd actually be curious to see the tail end of your /var/log/httpd-access.log immediately after a failed attempt. That will shed some more light on the situation.
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#10
I set the permissions as follows:

Code:
chown -R www:www /usr/local/lib/webmin
chmod -R 755 /usr/local/lib/webmin
If I run tail -F /var/log/httpd-access.log after attempting to access the http://www.mydomain.com/webmin I get:

Code:
192.168.0.10 - - [19/Jul/2009:08:22:41 +0100] "GET /webmin/ HTTP/1.1" 403 209 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729)"
In the httpd.conf file I have added the following section at the end:

Code:
Alias /webmin "/usr/local/lib/webmin"

<Directory "/usr/local/lib/webmin">

    Options None
    AllowOverride None


    Order Deny,Allow
    Deny from all
    Allow from 192.168.0.

</Directory>
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#11
Did the port install anything in /usr/local/etc/apache22/Includes? (Your path may differ a bit.)

I'm wondering if there may be a conflicting /usr/local/lib/webmin stanza in there.

-------

edit: One more thing. You will likely need to allow CGI... change to:
Code:
Alias /webmin "/usr/local/lib/webmin"

<Directory "/usr/local/lib/webmin">

    Options +ExecCGI
    AllowOverride None


    Order Deny,Allow
    Deny from all
    Allow from 192.168.0.

</Directory>
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#12
I just added the Options +ExecCGI in and now I see a very long list of links under the heading:

Index of /webmin

We must be getting closer?!

The port didn't install anything in /usr/local/etc/apache22/Includes
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#13
OK, so the http 403 issue is solved.

If you're seeing an index, I think you will need to update your DirectoryIndex directive; and you'll need an AddHandler directive. See the howto you posted for tips on that. ;)

You may need to set up the authentication directives from your howto as well...

-------

On a bit of a tangent, but I'm just curious: why are you frontending Webmin with Apache? (i.e. Why are you not using Webmin's built in web server?)
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#14
I have added the following directives:

Code:
Options +ExecCGI
AllowOverride None


Order Deny,Allow
Deny from all
Allow from 192.168.0.

AddHandler cgi-script .cgi
DirectoryIndex index.cgi

SetEnv WEBMIN_CONFIG /etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/local/lib/webmin
SetEnv MINISERV_CONFIG /etc/webmin/lib/miniserv.conf
Now I get this:

Code:
Access denied : User is not allowed to use the Webmin Configuration module
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#16
OK so now I have:

Code:
Options +ExecCGI
AllowOverride None


order deny,allow
deny from all
allow from 192.168.0.

AddHandler cgi-script .cgi
DirectoryIndex index.cgi

SetEnv WEBMIN_CONFIG /usr/local/etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/local/lib/webmin
SetEnv MINISERV_CONFIG /etc/webmin/lib/miniserv.conf

AuthName "Webmin"
AuthType Basic
AuthUserFile /usr/local/lib/webmin/htusers
require valid-user
and the error is now:

Access denied : User myuser is not allowed to use the Webmin Configuration module

I must be close now!!!!
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,620
Messages: 11,217

#18
xy16644, use
Code:
 tags for system output etc. Doing it myself five times now is enough ..
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#20
I would triple check this from your howto:
... Inside the <Directory> section. The file /etc/webmin/htusers must contains users who match up with those in /etc/webmin/webmin.acl.
Note that for the FBSD port, this is likely /usr/local/etc/webmin/webmin.acl.

-------

Also, what about this (from your howto):
Note that the Webmin Users and Webmin Configuration modules will not work, as they configure miniserv.pl and cannot deal with Apache.
??

-------

Finally, I highly recommend doing this over SSL as soon as you get it working -- and then changing the Webmin user's password. (I'm presuming you care about the security of your server!) There are some other things to explore, like digest authentication, but that can be later.
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#21
I completely agree about SSL. I will be doing this once I get webmin to work under Apache.

I changed the directory locations accordingly for the htusers and webmin.acl file.

Not sure about this:

Note that the Webmin Users and Webmin Configuration modules will not work, as they configure miniserv.pl and cannot deal with Apache. ???

All I am trying to do is get to the home page once authenticating (when the login prompt appears).

I'm not sure where to go from here...

Maybe the authors right, rather run mod_proxy and do it that way rather as its simpler. Problem is I can't find anything on enabling this on the net.
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#22
Does anyone know how to enable mod_proxy in Apache 2.2? I have Googled this until I turned blue in the face without success! I have loaded a module in the httpd.conf file before but I just cant find out HOW to do the mod_proxy module.

If anyone knows please PLEASE let me know, I would be most grateful.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,125
Messages: 27,000

#23
You will need to rebuild apache22:

Code:
===> The following configuration options are available for apache-2.2.11_7:
     APR_FROM_PORTS=Off (default) "Use devel/apr as APR (preferred)"
     THREADS=Off (default) "Enable threads support in APR"
     MYSQL=Off (default) "Enable MySQL support for apr-dbd"
     PGSQL=Off (default) "Enable PostgreSQL support for apr-dbd"
     SQLITE=Off (default) "Enable SQLite support for apr-dbd"
     IPV6=On (default) "Enable IPv6 support"
     BDB=Off (default) "Enable BerkeleyDB dbm"
     AUTH_BASIC=ON (default) "Enable mod_auth_basic"
     AUTH_DIGEST=ON (default) "Enable mod_auth_digest"
     AUTHN_FILE=ON (default) "Enable mod_authn_file"
     AUTHN_DBD=OFF (default) "Enable mod_authn_dbd"
     AUTHN_DBM=ON (default) "Enable mod_authn_dbm"
     AUTHN_ANON=ON (default) "Enable mod_authn_anon"
     AUTHN_DEFAULT=ON (default) "Enable mod_authn_default"
     AUTHN_ALIAS=ON (default) "Enable mod_authn_alias"
     AUTHZ_HOST=ON (default) "Enable mod_authz_host"
     AUTHZ_GROUPFILE=ON (default) "Enable mod_authz_groupfile"
     AUTHZ_USER=ON (default) "Enable mod_authz_user"
     AUTHZ_DBM=ON (default) "Enable mod_authz_dbm"
     AUTHZ_OWNER=ON (default) "Enable mod_authz_owner"
     AUTHZ_DEFAULT=ON (default) "Enable mod_authz_default"
     CACHE=ON (default) "Enable mod_cache"
     DISK_CACHE=ON (default) "Enable mod_disk_cache"
     FILE_CACHE=ON (default) "Enable mod_file_cache"
     MEM_CACHE=OFF (default) "Enable mod_mem_cache"
     DAV=ON (default) "Enable mod_dav"
     DAV_FS=ON (default) "Enable mod_dav_fs"
     BUCKETEER=OFF (default) "Enable mod_bucketeer"
     CASE_FILTER=OFF (default) "Enable mod_case_filter"
     CASE_FILTER_IN=OFF (default) "Enable mod_case_filter_in"
     EXT_FILTER=OFF (default) "Enable mod_ext_filter"
     LOG_FORENSIC=OFF (default) "Enable mod_log_forensic"
     OPTIONAL_HOOK_EXPORT=OFF (default) "Enable mod_optional_hook_export"
     OPTIONAL_HOOK_IMPORT=OFF (default) "Enable mod_optional_hook_import"
     OPTIONAL_FN_IMPORT=OFF (default) "Enable mod_optional_fn_import"
     OPTIONAL_FN_EXPORT=OFF (default) "Enable mod_optional_fn_export"
     LDAP=OFF (default) "Enable mod_ldap"
     AUTHNZ_LDAP=OFF (default) "Enable mod_authnz_ldap"
     ACTIONS=ON (default) "Enable mod_actions"
     ALIAS=ON (default) "Enable mod_alias"
     ASIS=ON (default) "Enable mod_asis"
     AUTOINDEX=ON (default) "Enable mod_autoindex"
     CERN_META=ON (default) "Enable mod_cern_meta"
     CGI=ON (default) "Enable mod_cgi"
     CHARSET_LITE=ON (default) "Enable mod_charset_lite"
     DBD=OFF (default) "Enable mod_dbd"
     DEFLATE=ON (default) "Enable mod_deflate"
     DIR=ON (default) "Enable mod_dir"
     DUMPIO=ON (default) "Enable mod_dumpio"
     ENV=ON (default) "Enable mod_env"
     EXPIRES=ON (default) "Enable mod_expires"
     HEADERS=ON (default) "Enable mod_headers"
     IMAGEMAP=ON (default) "Enable mod_imagemap"
     INCLUDE=ON (default) "Enable mod_include"
     INFO=ON (default) "Enable mod_info"
     LOG_CONFIG=ON (default) "Enable mod_log_config"
     LOGIO=ON (default) "Enable mod_logio"
     MIME=ON (default) "Enable mod_mime"
     MIME_MAGIC=ON (default) "Enable mod_mime_magic"
     NEGOTIATION=ON (default) "Enable mod_negotiation"
     REWRITE=ON (default) "Enable mod_rewrite"
     SETENVIF=ON (default) "Enable mod_setenvif"
     SPELING=ON (default) "Enable mod_speling"
     STATUS=ON (default) "Enable mod_status"
     UNIQUE_ID=ON (default) "Enable mod_unique_id"
     USERDIR=ON (default) "Enable mod_userdir"
     USERTRACK=ON (default) "Enable mod_usertrack"
     VHOST_ALIAS=ON (default) "Enable mod_vhost_alias"
     FILTER=ON (default) "Enable mod_filter"
     VERSION=ON (default) "Enable mod_version"
     [b]PROXY=OFF (default) "Enable mod_proxy"
     PROXY_CONNECT=OFF (default) "Enable mod_proxy_connect"
     PATCH_PROXY_CONNECT=ON (default) "Patch proxy_connect SSL support"
     PROXY_FTP=OFF (default) "Enable mod_proxy_ftp"
     PROXY_HTTP=OFF (default) "Enable mod_proxy_http"
     PROXY_AJP=OFF (default) "Enable mod_proxy_ajp"
     PROXY_BALANCER=OFF (default) "Enable mod_proxy_balancer"[/b]
     SSL=ON (default) "Enable mod_ssl"
     SUEXEC=OFF (default) "Enable mod_suexec"
     CGID=OFF (default) "Enable mod_cgid"
===> Use 'make config' to modify these settings
 

xy16644

Aspiring Daemon

Thanks: 12
Messages: 907

#24
I ran:

Code:
make config
and in the menu I selected mod_proxy

but when I run:

Code:
make install clean
it complains that Apache22 is already isntalled and stops.

What is the correct way to do this?
 
Top