 |
Webmin and Apache |
 |
Webmin and Apache
Webmin comes with a very simple webserver called miniserv.pl
that is capable of doing all that is necessary for Webmin to run. However,
it is not as fast or memory efficient as a well-developed server such
as Apache. To use Apache instead of miniserv.pl, follow these steps :
- Create a new Apache virtual server with the document set to the directory
where you installed Webmin, using a directive like DocumentRoot
/usr/local/webmin-0.990.
- Configure Apache to treat all files with the .cgi extension as
CGI programs, with the AddHandler cgi-script .cgi directive.
- Add index.cgi to the DirectoryIndex directive.
- Webmin CGI programs have their config directory passed to them in
the WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG
environment variables. For Apache to do this, you need to add the
directives
SetEnv WEBMIN_CONFIG /etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/local/webmin-0.990
SetEnv MINISERV_CONFIG /etc/webmin/miniserv.conf
- Password-protect the virtual server with directives like
AuthType basic, AuthUserFile /etc/webmin/htusers and
require valid-user. The file /etc/webmin/htusers must
contains users who match up with those in /etc/webmin/webmin.acl.
- Make all the Webmin programs owned by root and setuid with the commands
chown -R root:root /usr/local/webmin-0.990
chmod -R 6755 /usr/local/webmin-0.990
- Add the -U flag to the perl line in all the Webmin scripts. This can be
easily done with the following command run from the webmin-0.990
directory
find . -name "*.cgi" -o -name "*.pl" | perl perlpath.pl "/usr/bin/perl -U" -
This assumes that Perl is installed as /usr/bin/perl on your
system.
- Configure Webmin to use the 'Default Webmin Theme', as Apache cannot
support Webmin's theming system.
- Make sure that the setuid scripts cannot be run by other users on
your system, by setting the permissions on /usr/local/webmin-0.990
to 700 and changing its ownership to the user your webserver runs as.
Otherwise any user would be able to execute any command as root by
running some of the scripts.
You should now be able to start Apache and login to Webmin at whatever URL
your Apache server is running on. Note that the Webmin Users and Webmin
Configuration modules will not work, as they configure miniserv.pl
and cannot deal with Apache.
In Webmin versions 0.965 and above, it is possible to run Webmin under
Apache in a subdirectory rather than at the top level of a virtual server.
This means that Webmin could be accessed at a URL like
http://www.yourdomain.com/webmin/ . The steps to take to set this up are :
- Create a new Alias that maps some URL path like /webmin to the
directory where Webmin is installed, such as
/usr/local/webmin-0.990.
- Add the line webprefix=/webmin to /etc/webmin/config.
- Add a <Directory> section to Apache for /usr/local/webmin-0.990.
- In the directory section, configure Apache to treat all files with the
.cgi extension as CGI programs, with the
AddHandler cgi-script .cgi directive.
- Add the directives DirectoryIndex index.cgi and
Options ExecCGI to the directory section.
- Webmin CGI programs have their config directory passed to them in
the WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG
environment variables. For Apache to do this, you need to add the
directives
SetEnv WEBMIN_CONFIG /etc/webmin
SetEnv WEBMIN_VAR /var/webmin
SetEnv SERVER_ROOT /usr/local/webmin-0.990
SetEnv MINISERV_CONFIG /etc/webmin/miniserv.conf
- Password-protect the directory with directives like
AuthType basic, AuthUserFile /etc/webmin/htusers and
require valid-user. The file /etc/webmin/htusers must
contains users who match up with those in /etc/webmin/webmin.acl.
- Make all the Webmin programs owned by root and setuid with the commands
chown -R root:root /usr/local/webmin-0.990
chmod -R 6755 /usr/local/webmin-0.990
- Add the -U flag to the perl line in all the Webmin scripts. This can be
easily done with the following command run from the webmin-0.990
directory
find . -name "*.cgi" -o -name "*.pl" | perl perlpath.pl "/usr/bin/perl -U" -
This assumes that Perl is installed as /usr/bin/perl on your
system.
- Configure Webmin to use the 'Default Webmin Theme', as Apache cannot
support Webmin's theming system.
- Make sure that the setuid scripts cannot be run by other users on
your system, by setting the permissions on /usr/local/webmin-0.990
to 700 and changing its ownership to the user your webserver runs as.
Otherwise any user would be able to execute any command as root by
running some of the scripts.
Another way of setting up Apache without using setuid scripts is as follows.
This option requires that Apache be re-compiled with the -DBIG_SECURITY_HOLE
flag to run CGIs as root though ..
- Configure Apache to run as root, using the User root and
Group root directives.
- Set the Apache document root to the directory where you installed
Webmin, using the directive DocumentRoot /usr/local/webmin-0.990.
- Configure Apache to treat all files with the .cgi extension as
CGI programs, with the AddHandler cgi-script .cgi directive.
- Add index.cgi to the DirectoryIndex directive.
- Webmin CGI programs have their config directory passed to them in
the WEBMIN_CONFIG, WEBMIN_VAR and MINISERV_CONFIG
environment variables. For Apache to do this, you need to add the
directives
SetEnv WEBMIN_CONFIG /etc/webmin and
SetEnv WEBMIN_VAR /var/webmin.
SetEnv SERVER_ROOT /usr/local/webmin-0.990
SetEnv MINISERV_C0NFIG /etc/webmin/miniserv.conf.
- Configure Apache to use the Webmin users file with the directives
AuthType basic, AuthUserFile /etc/webmin/miniserv.users,
and require valid-user.
You should now be able to start Apache and login to Webmin at whatever URL
your Apache server is running on. Note that the Webmin Users and Webmin
Configuration modules will not work, as they configure miniserv.pl
and cannot deal with Apache.
|
|
|