In the first part of our tutorial, we installed Virtualmin on CentOS 7 and performed a basic configuration. During this second half, we will dive into the Linux configuration files to optimize our new server to reduce the memory footprint. We will also make sure that we have a modern version of PHP installed and that all interfaces are secured with a Let'Encrypt SSL certificate.
If you look at the SSL icon of your browser, you will notice that there is no SSL certificate for Virtualmin. We can solve this problem in just a few steps! First, we need to install a virtual host (website) for the FQDN of your server. In our case, it was server.virtualmin-tutorial.tld. We are going to host virtualmin-tutorial.tld on this server, so let's go to the top left of Virtualmin and click on "Create Virtual Server".
Fill in the domain name (without the "server" prefix) and possibly the description field. Set the password for the account in the "Admin Password" field and save it for future reference. You can leave the admin user name to set automatically, or you can manually enter your preferred user name for this account. Click the arrow next to "Features enabled" to expand this section and make sure you check the box next to "Configure the SSL Web site?" As shown below:
Uncheck the "Login DAV" box. Since we performed a minimal installation, also uncheck the "Accept mail for domain?" Box. Now click on the green "Create a server" button.
When the new virtual server is created, you will see two options at the bottom of the page. Click "Back to Virtual Server Details," and then in the upper-left corner, click "Virtual Server Summary."
To continue configuring a Let'Encrypt SSL certificate, we need to point the DNS to the server. The IP address shown in the details of the virtual server is what we need. Go to your DNS provider (CloudFlare for example) and add an A record for your domain that points to the following names on your IP:
virtualmin-tutorial.tld www.virtualmin-tutorial.tld server.virtualmin-tutorial.tld
Of course, substitute virtualmin-tutorial.tld with your current domain name, and server for your chosen server name. These hostnames should point to the main IP address of your servers. Once this is done and the spread of DNS has occurred, you should be able to view the site in a web browser. If you do not add any content, it will simply display a 403 Forbidden error. That's good, and we can continue.
As shown below, click the Server Configuration (1) drop-down list, click SSL Certificate (2), and then click Encryption (3). Click on the "Domain names listed here" option and paste the three domain names above. You can omit mail.virtualmin-tutorial.tld (4). Check the screen shot below.
Click the Request Certificate button (5) at the bottom. If your DNS is set up correctly, it will work with Let's Encrypt, the free certificate signing power, and your site and server will receive a Let's Encrypt SSL – free certificate! It's as secure as a paid certificate. Since we added "server.virtualmin-tutorial.tld" to the list, our Virtualmin installation itself will now be covered by this certificate! All we have to do is go back to the SSL Certificate menu and click on "Copy to Webmin". While you're there, click on the rest of the "Copy to …" buttons as shown below, with the exception of Postfix and Dovecot, because we do not use e-mail on this server:
When finished, close your browser tab and reopen Virtualmin in a new tab. You will see that the SSL lock in Chrome is now green. In addition, when you access the domain name for which you just added the SSL certificate, you can view it using https: //.
Finally, we want to test and make sure that the server is ready to operate at 100%. We will use SSH to create an index.php page on our newly created virtual server. Our test domain was virtualmin-tutorial.tld, and the user automatically assigned was virtualmin-tutorial. You will want to replace your username below. Notice how we use "su" to change user to user we just created, then type "exit" to become root again:
[root@server ~]# su virtualmin-tutorial [virtualmin-tutorial@server root]$ cd ~ / public_html [virtualmin-tutorial@server public_html]$ echo ""> index.php [virtualmin-tutorial@server public_html]$ exit [root@server ~]#
Now, visit your website in a browser and you will see a PHP test page:
Here we have PHP 7.0 installed. PHP 5.4 is also installed, although it is only there for inherited reasons – it should never be used. It is also desirable to use the latest version of PHP at your disposal, and the RedHat repository has up to PHP 7.2. We will install PHP 7.2 and make it the default version of PHP for the command line. We will also install all available PHP modules to ensure we do not miss anything important.
Run the following command:
yummy install rh-php72 *
We can now change the version of PHP in Virtualmin for the virtual server we created. This can be done via the Virtualmin web interface, but also easily from the command line. Make sure to substitute your domain name and user name in the following command:
virtualmin set-php-directory --version 7.2 --domain virtualmin-tutorial.tld - dir / home / virtualmin-tutorial / public_html
Let's see our website. You may need to simply refresh your browser page. You should see that PHP 7.2 is now the active version:
The only problem now is that the command line still has PHP version 5.4:
[virtualmin-tutorial@server ~]$ php -v PHP 5.4.16 (cli) (built 30 Oct 2018 19:30:51) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
To solve this problem, we will execute a simple command that tells bash (the command line) to use a different version of PHP from a software collection. The command calls "scl" and if we execute "scl -l", we will get a list of the available software collections:
[root@server ~]# scl -l httpd24 rh php70 rh php72
The collection we want to use is rh-php72. Run the following command to use the rh-php72 in bash:
scl active rh-php72 bash
Here is what our exit looked like. Note that the second time we ran "php -v", it displays PHP 7.2.0. Now, great utilities like wp-cli will work if you install them.
We will now adjust the settings in Apache so that it does not consume too much memory. If Apache runs out of memory, it may not work anymore and all the hosted websites will crash. We will also make some changes to the PHP configuration. We will use the editor called Nano, which we installed at the beginning of the tutorial. If you do not know how to use Nano, do not worry, we will show you the basics.
We will first edit the php.ini file so that it has healthier limits. If you want to host a WordPress site, for example, you will need more than 8 MB of post_max_size and upload_max_filesize. We are going to use sed again to edit the default values. Run the following command:
sed -i's s / ^ upload_max_filesize. * / upload_max_filesize = 256M / & # 39; /etc/php.ini sed -i 's / ^ post_max_size. * / post_max_size = 256M / & /etc/php.ini
If you want to modify the test site that we installed previously, run the same command on its php.ini file by adjusting the paths to php.ini in the following commands:
sed -i's s / ^ upload_max_filesize. * / upload_max_filesize = 256M / & # 39; /home/virtualmin-tutorial/etc/php7.2/php.ini sed -i 's / ^ post_max_size. * / post_max_size = 256M / & # 39; /home/virtualmin-tutorial/etc/php7.2/php.ini
We will now edit our Apache configuration file with Nano. Nano works much like Notepad on the PC and we will use it to add limits to Apache so that it can not overload the server easily. Run the following command to edit the Apache configuration file, httpd.conf:
Use the arrows to move the cursor down to the following line:
#Server name www.example.com:80
Place the cursor at the end of the line and press Enter 2 or 3 times to create additional space underneath. Copy / paste the following lines into:
MinSpareServers 1 MaxSpareServers 2 MinSpareServers 1 MaxSpareServers 2 ServerLimit 64 MaxClients 64 MaxRequestsPerChild 1000 KeepAlive On KeepAliveTimeout 5 MaxKeepAliveRequests 128
Note that these values are very conservative for a small VPS. If you have a larger server, you can increase the values for ServerLimit and MaxClients. If you encounter problems and see the error
[error] the server has reached the MaxClients parameter,
In a site error_log file, you will need to consider raising the MaxClients parameter. These values will work in most cases, however. Here's what it looked like in our httpd.conf:
To exit and save, hold down the Control key and press X. The following confirmation appears at the bottom:
Save the modified buffer (THE ANSWER "No" WILL DESTROY CHANGE)?
Press Y, then Enter to confirm that you want to save the file. To confirm that we have not made any mistakes, we will ask Apache to test the configuration:
[root@server ~]# httpd -t Syntax OK [root@server ~]#
Awesome! Now let's restart Apache for the new changes to take effect:
[root@server ~]# systemctl restart httpd [root@server ~]#
From there, you can add multiple other virtual servers (Virtualmin name for a web hosting account) by following the steps above, each of which can have multiple MySQL databases. You can even install multiple sites per virtual server, but for security reasons, it's best to have one.
We hope you enjoy your new Virtualmin-based Web server and have found this informative tutorial. Make sure you consult the official Virtualmin documentation so that you can really unleash the potential of your new server!