A word of advice, once you modify this part, you may not be able to access the webmin installation directly (e.g. Webprefix is for proper redirection of the response from webmin pages. This is par of the Webmin security avoid malicious redirects from untrusted locations. Referers needs to list the URL from where the request comes from. On my webmin01 server, I needed to modify the following files part of webmin installation (btw, this is on Ubuntu 20.04).Īdd or modify the following parameters: cookiepath=/webmin01Īdd or modify the following parameters: referers= Restart your Nginx service after modifying the configuration files. However Webmin needs a bit more fine tuning. This should satisfy the majority of scenarios where a resource is accessed via reverse proxy. Very important, don’t forget the trailing / after webmin01 in the location /webmin01/ line My Nginx SSL config is very basic at this point: server in the first Nginx configuration part. In case you don’t have secure http, just make sure to replace https with http in the example below.
Http protocol is secured with SSL certificates issues by a LAN CA. My scenario involves one server with Nginx as reverse proxy () and one Webmin server () for this example. After quite some research, I said let me put together a quick and dirty how-to in case somebody else needed it.
Nginx reverse proxy is not something new and it works great in a lot of situations, but it gave me some headache with Webmin. ,, etc…), hence the use of a reverse proxy. I plan to use one port redirection from Internet to a LAN hosted webserver (protected with WAF) and, you guessed, hosting page lisingt my home lab resources (in form of Webpage Links)įor this to properly work I need one just one domain / subdomain with various URI resources (e.g. Sophos recommend using WAF, which is a good advice from security perspective, but I don’t plan to have 50 redirections (as in DNAT) from my public facing IP address / router to LAN just to access the various URLs I have in my home lab. But that’s just my opinion…Īnyway, this action leaves a gap in my happiness accessing my home IT resources. If this would be the way, then let’s shutdown electrical grid, stop cars or terminate Internet and we’re all be more secure. In my opinion you work on features to improve security and fix issues, you just don’t retire them. Recently Sophos decided to retire the http(s) bookmark feature “in order to improve security and reduce the potential for cross-site scripting (XSS) exploits” This product has a very nice User Portal feature where you can add various “bookmarks” to resources accessible via various protocols (rdp, vnc, ssh, http(s)…) I’m using Sophos XG (home version) to access my home lab and other in-house smart devices when on the road.
#Nginx webmin professional
Second is a bit more realistic (at least professional realistic). You may argue that I can use browser bookmarks, true, but I use the one html landing page to access various resources.
Instead of typing numerous URLs I just type one and click the needed link.
I have in my home lab a one page html listing all http(s) resources I have in my IT lab. Before going into “How” you may wonder “Why” I need a reverse proxy in front of Webmin.įirst, and most important, is laziness.
0 kommentar(er)
