Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webmin behind reverse proxy (apache) documentation/configuration issues (Sign in, Terminal) #2062

Open
lv-gh opened this issue Dec 14, 2023 · 1 comment
Open

Webmin behind reverse proxy (apache) documentation/configuration issues (Sign in, Terminal) #2062

lv-gh opened this issue Dec 14, 2023 · 1 comment

Comments

@lv-gh
Copy link

lv-gh commented Dec 14, 2023
edited

Ubuntu 23.10, linux 6.5.0-14-generic,
webmin 2.105 (installed from repo according to documentation),
apache2 2.4.57-2ubuntu2.1

Client browsers: Microsoft Edge 119.0.2151.72, Mozilla Firefox 120.0

Strictly following documentation instructions (Want to run under Apache sub-directory?):
https://webmin.com/faq/#can-i-run-webmin-or-usermin-behind-reverse-proxy

The problems:

  1. webmin (login screen) doesn't work correctly; after "Sign in" button click it waits for a timeout (no response), and then browser "redirects" to Request URL (https://localhost:10000/webmin/). From what i can tell looking at the client: session_login.cgi POST gets 302 and then request "webmin/" fails (no response). Although the sign in was/is successful actually; reconnecting to https://webminhost/webmin/, webmin shows dashboard (user already signed in).

2. Terminal doesn't not work (can/should it work at all in this configuration? Can't find in the documentation): waits indefinitely "Connecting ..". WebSocket connection fails (timeouts; no response);

/var/webmin/miniserv.log (during Sign in):

a.b.c.d - - [...] "GET / HTTP/1.1" 401 4979
a.b.c.d - - [...] "GET /unauthenticated/css/bundle.min.css?219500009999999999 HTTP/1.1" 200 185354
a.b.c.d - - [...] "GET /unauthenticated/css/fonts-roboto.min.css?219500009999999999 HTTP/1.1" 200 971
a.b.c.d - - [...] "GET /unauthenticated/fonts/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1" 200 15688
a.b.c.d - - [...] "GET /unauthenticated/fonts/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1" 200 15920
a.b.c.d - - [...] "GET /unauthenticated/fonts/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1" 200 15732
a.b.c.d - - [...] "GET /unauthenticated/fonts/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1" 200 17304
a.b.c.d - - [...] "GET /images/favicons/webmin/favicon-32x32.png HTTP/1.1" 200 1787
a.b.c.d - user [...] "POST /session_login.cgi HTTP/1.1" 302 0

Developer tools Console (WebSockets/Terminal problem):

WebSocket connection to 'wss://webminhost/webmin/xterm/ws-555' failed:
(anonymous) @ bundle.min.js?219500009999999999:178

/tmp/.webmin/ws-5XX.out (WebSockets/Terminal problem):

Running shell '/bin/bash -bash' with pid XYZ
listening on port 5XX
timeout waiting for connection at /usr/share/webmin/xterm/shellserver.pl line 103.

/var/webmin/error.log (WebSockets/Terminal problem):

[...] Reloading configuration
[...] [127.0.0.1] /webmin/xterm/ws-555 : Unknown websocket path
[...] Reloading configuration
[...] [127.0.0.1] /webmin/xterm/ws-556 : Unknown websocket path
[...] Reloading configuration
[...] [127.0.0.1] /webmin/xterm/ws-557 : Unknown websocket path
<...>

/var/webmin/miniserv.log (WebSockets/Terminal problem):

a.b.c.d - user [...] "GET /xterm/ HTTP/1.1" 200 4129
a.b.c.d - user [...] "GET /xterm/xterm.css?219500009999999999 HTTP/1.1" 200 2806
a.b.c.d - user [...] "GET /xterm/xterm.js?219500009999999999 HTTP/1.1" 200 283762
a.b.c.d - user [...] "GET /xterm/xterm-addon-attach.js?219500009999999999 HTTP/1.1" 200 1655
a.b.c.d - user [...] "GET /xterm/xterm-addon-fit.js?219500009999999999 HTTP/1.1" 200 1460
a.b.c.d - user [...] "GET /xterm/xterm-addon-webgl.js?219500009999999999 HTTP/1.1" 200 99067
a.b.c.d - user [...] "GET /webmin/xterm/ws-555 HTTP/1.1" 400 1476

/etc/webmin/config:

find_pid_command=ps auwwwx | grep NAME | grep -v grep | awk '{ print $2 }'
passwd_uindex=0
passwd_mindex=4
by_view=0
tempdelete_days=7
passwd_cindex=2
passwd_file=/etc/shadow
path=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
passwd_pindex=1
ld_env=LD_LIBRARY_PATH
os_type=debian-linux
os_version=3.1
real_os_type=Ubuntu Linux
real_os_version=23.10
lang=en
log=1
referers_none=1
md5pass=0
theme=authentic-theme
product=webmin
referers=webminhost
webprefix=/webmin
webprefixnoredir=1
relative_redir=0
nohostname=0
deftab=webmin
nowebminup=
nomoduleup=
gotomodule=
gotoone=0
notabs=0

/etc/webmin/config/miniserv.conf:

port=10000
root=/usr/share/webmin
mimetypes=/usr/share/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=1
no_ssl2=1
no_ssl3=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
server=MiniServ/2.105
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=authentic-theme
passdelay=1
logout_script=/etc/webmin/logout.pl
login_script=/etc/webmin/login.pl
cipher_list_def=1
failed_script=/etc/webmin/failed.pl
sudo=1
cookiepath=/webmin
redirect_prefix=/webmin
error_handler_404=404.cgi
error_handler_403=403.cgi
error_handler_401=401.cgi
nolog=\/stats\.cgi\?xhr\-stats\=general

apache.conf:

<VirtualHost *:443>
         ServerName webminhost
         SSLCertificateFile /etc/letsencrypt/live/webminhost/fullchain.pem
         SSLCertificateKeyFile /etc/letsencrypt/live/webminhost/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf

         SSLEngine on
         SSLProxyEngine on

         # Use only secure version of the TLS protocol (TLSv1.3)
         SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
         SSLHonorCipherOrder off
         SSLSessionTickets   off

         # Disables the remote server certificate checks
         # (only needed for self-signed certificates)
         SSLProxyCheckPeerCN     off
         SSLProxyCheckPeerName   off
         SSLProxyCheckPeerExpire off

         # Disable proxying for all /.well-known requests. It will
         # only be useful, if a domain has "DocumentRoot" defined
         ProxyPass /.well-known !

         # Proxying both HTTP and websockets at the same time,
         # where the websockets URL's are not websocket-only
         # or not known in advance
         ProxyPass /webmin/ https://localhost:10000/
         RewriteEngine on
         RewriteCond %{HTTP:Upgrade} websocket [NC]
         RewriteCond %{HTTP:Connection} upgrade [NC]
         RewriteRule ^/webmin/?(.*) "wss://localhost:10000/$1" [P,L]
 </VirtualHost>
@lv-gh
Copy link
Author

lv-gh commented Dec 14, 2023
edited

BTW, if it matters webminhost is subdomain.domain.country.

I can solve the first problem (login screen) by adding

ProxyPassReverse /webmin/ https://localhost:10000/

to apache.conf (why is it missing there? is it really unnecessary?),

and removing redirect_prefix from miniserv.conf. Terminal still won't work, though.

@lv-gh lv-gh changed the title Webmin behind reverse proxy (apache) documentation/configuration issues Webmin behind reverse proxy (apache) documentation/configuration issues (Sign in, Terminal) Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lv-gh