To configure Webmin on a Linux server, add the official Webmin repository, install the package, open port 10000/TCP on your firewall, and access https://your-server-ip:10000. Then harden Webmin: enable SSL/Let’s Encrypt, change the default port, create non-root admin users, restrict IPs, and enable automatic updates and 2FA for secure, ongoing management.
Webmin is a lightweight, browser-based control panel that simplifies Linux server management. In this step-by-step 2026 guide, I’ll show you how to configure Webmin on a Linux server the right way—securely, reliably, and with best practices I use in production. Whether you run Ubuntu, Debian, AlmaLinux, Rocky, or RHEL, you’ll be up and running fast.
What is Webmin and Why Use it in 2026?
Webmin is a modular web interface for administering Linux servers. It manages users, firewalls, packages, web servers (Apache/Nginx), databases (MySQL/MariaDB), DNS (BIND), mail servers, cron jobs, and more. It’s ideal for teams who prefer a GUI alongside SSH. Compared to heavy panels, Webmin is resource-friendly and stays close to native Linux config files.
Prerequisites
- A Linux server (Ubuntu 22.04/24.04, Debian 12, AlmaLinux/Rocky 8/9, or RHEL 8/9)
- Root or a sudo-enabled user
- Server firewall access (UFW or firewalld)
- A domain name (recommended for SSL via Let’s Encrypt)
- Basic SSH access and package updates
Step-by-Step: Install and Configure Webmin
1) Update Your Server
# Ubuntu/Debian
sudo apt update && sudo apt -y upgrade
# RHEL/AlmaLinux/Rocky
sudo dnf -y upgrade2) Install Webmin on Ubuntu/Debian
sudo apt -y install wget apt-transport-https gnupg
wget -qO - https://download.webmin.com/jcameron-key.asc | sudo gpg --dearmor | sudo tee /usr/share/keyrings/webmin.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/webmin.gpg] https://download.webmin.com/download/repository sarge contrib" | \
sudo tee /etc/apt/sources.list.d/webmin.list
sudo apt update
sudo apt -y install webminThis adds the official Webmin repository, verifies packages with the GPG key, and installs the latest stable Webmin build.
3) Install Webmin on RHEL/AlmaLinux/Rocky
sudo dnf -y install wget
sudo tee /etc/yum.repos.d/webmin.repo >/dev/null <<'EOF'
[Webmin]
name=Webmin Distribution Neutral
baseurl=https://download.webmin.com/download/yum
enabled=1
gpgcheck=1
gpgkey=https://download.webmin.com/jcameron-key.asc
EOF
sudo dnf makecache
sudo dnf -y install webminOn RHEL-based systems, Webmin installs its own Perl dependencies and sets up the miniserv web engine automatically.
4) Open the Webmin Port on Your Firewall
Webmin listens on port 10000/TCP. Allow it through your firewall before accessing the UI.
# Ubuntu/Debian with UFW
sudo ufw allow 10000/tcp
sudo ufw reload
# RHEL/AlmaLinux/Rocky with firewalld
sudo firewall-cmd --permanent --add-port=10000/tcp
sudo firewall-cmd --reload5) Log in to Webmin
- URL: https://YOUR_SERVER_IP:10000
- User: root (or any sudo user on Ubuntu/Debian)
- Accept the self-signed certificate for the first login (we’ll add Let’s Encrypt next).
If root login is disabled on Ubuntu, add your sudo user to Webmin under Webmin > Webmin Users and grant required modules.
6) Initial Security Hardening (Highly Recommended)
- Change the default port: Webmin > Webmin Configuration > Ports and Addresses > change 10000 to a high, unused port.
- Enable SSL with Let’s Encrypt: Webmin Configuration > SSL Encryption > Let’s Encrypt > enter your domain, webroot, and request certificate.
- Restrict by IP: Webmin Configuration > IP Access Control > allow only your office/VPN IP ranges.
- Create a non-root Webmin admin: Webmin > Webmin Users > Create user > grant modules and use strong passwords or key-based auth.
- Enable 2FA: Webmin Configuration > Two-Factor Authentication (e.g., Google Authenticator).
Restart Webmin after changes:
sudo systemctl restart webmin7) Optional: Fail2ban and Login Protection
Protect against brute-force attacks by rate-limiting failed logins with Fail2ban.
# Install Fail2ban
# Ubuntu/Debian
sudo apt -y install fail2ban
# RHEL-family
sudo dnf -y install fail2ban
# Create jail for Webmin
sudo tee /etc/fail2ban/jail.d/webmin.conf >/dev/null <<'EOF'
[webmin-auth]
enabled = true
port = 10000
filter = webmin-auth
logpath = /var/webmin/miniserv.log
maxretry = 5
bantime = 1h
findtime = 15m
EOF
# Add filter
sudo tee /etc/fail2ban/filter.d/webmin-auth.conf >/dev/null <<'EOF'
[Definition]
failregex = ^.*Failed \w+ for .* from <HOST>.*$
ignoreregex =
EOF
sudo systemctl enable --now fail2banConfigure Core Services in Webmin
User and Access Management
- Create system users: System > Users and Groups > Add a new user.
- Grant SFTP-only access by setting shell to /usr/sbin/nologin and configuring directory permissions.
- Use Webmin Users to map Webmin admins to specific modules for least-privilege access.
Web Server Modules (Apache or Nginx)
- Apache: Servers > Apache Webserver > create virtual hosts, enable modules, manage logs.
- Nginx: Servers > Nginx Webserver > configure server blocks and reverse proxies.
- Use Let’s Encrypt integration per virtual host for automatic HTTPS renewals.
Database Management (MySQL/MariaDB)
- Servers > MySQL Database Server: create databases, users, and manage privileges.
- Harden root: use unix_socket auth and strong passwords; disable remote root when not needed.
- Backups: Scheduled Cron Jobs + mysqldump or Webmin’s Backup Configuration Files module.
Firewall and Updates
- Networking > Linux Firewall (iptables/nftables) or Firewalld: maintain explicit allow rules.
- System > Software Package Updates: enable automatic security updates.
- Webmin > Webmin Configuration > Upgrade Webmin: keep the panel itself updated.
Best Practices for Production Security
- Use a domain and valid SSL certificate; avoid long-term self-signed certs.
- Place Webmin behind a VPN or an allowlist proxy (e.g., Cloudflare Tunnel or WireGuard).
- Disable root login in Webmin and SSH; use sudoers with strong auth and 2FA.
- Rotate logs and monitor miniserv.log and miniserv.error for anomalies.
- Back up Webmin config: Webmin > Backup Configuration Files (store off-server).
Troubleshooting Common Webmin Issues
Cannot Reach the Login Page
- Confirm service: sudo systemctl status webmin
- Check port: sudo ss -tulpen | grep 10000 (or your custom port)
- Firewall: ensure UFW/firewalld allows the port; confirm external network ACLs.
Certificate or HTTPS Errors
- Verify domain resolves to the server’s public IP.
- Use Let’s Encrypt via Webmin Configuration > SSL Encryption; ensure port 80 is open for HTTP-01 validation.
- Review /var/webmin/miniserv.error for SSL-related logs.
Authentication Fails for sudo Users
- Check Webmin Users mapping and PAM settings: Webmin Configuration > Authentication.
- On Ubuntu, ensure your sudo user exists on the system and not locked.
Module Not Detected (Apache/Nginx/MySQL)
- Install the service via your package manager first.
- Reload modules: Webmin > Refresh Modules.
- Verify module config paths match your distro’s defaults.
Useful Commands and Paths
# Service management
sudo systemctl status webmin
sudo systemctl restart webmin
sudo systemctl enable webmin
# Logs and configuration
sudo tail -f /var/webmin/miniserv.log
sudo tail -f /var/webmin/miniserv.error
# Main config directory
ls /etc/webmin/When to Choose Webmin (vs. Heavier Panels)
- You want a native-feel admin layer without overhauling Linux configs.
- You run lean VPS instances and need minimal overhead.
- You prefer modular control and direct visibility into system services.
If you need a pre-hardened VPS with guaranteed performance, YouStable offers Webmin-friendly Linux servers with SSD NVMe storage, dedicated IPv4, and 24/7 expert support. We can preinstall and secure Webmin so you can focus on apps, not panel plumbing.
Uninstall or Update Webmin
Update Webmin
# Ubuntu/Debian
sudo apt update && sudo apt -y upgrade webmin
# RHEL-family
sudo dnf -y upgrade webminUninstall Webmin
# Ubuntu/Debian
sudo apt -y remove webmin
# RHEL-family
sudo dnf -y remove webminAfter removal, close the firewall port and optionally delete the repository files.
Summary: Configure Webmin on Linux Server
- Install from the official repository (apt/dnf).
- Open port 10000/TCP and access via HTTPS.
- Immediately harden: change port, add Let’s Encrypt, limit IPs, create non-root users, enable 2FA.
- Manage services (Apache/Nginx, MySQL), automate updates, and back up configs.
- Monitor logs and use Fail2ban to mitigate brute force attempts.
Follow these steps and you’ll run a secure, maintainable Webmin setup aligned with modern best practices and ready for production workloads.
FAQs: How to Configure Webmin on Linux Server
Is Webmin safe to use on a public server?
Yes, if hardened correctly. Use HTTPS with a valid certificate, change the default port, restrict IP access, enable 2FA, keep Webmin updated, and rate-limit logins with Fail2ban. Ideally, place Webmin behind a VPN or bastion host.
Which port does Webmin use and can I change it?
Webmin uses 10000/TCP by default. You can change it under Webmin Configuration > Ports and Addresses. Remember to update your firewall rules and any external ACLs accordingly.
How do I enable Let’s Encrypt SSL in Webmin?
Go to Webmin Configuration > SSL Encryption > Let’s Encrypt. Enter your domain, choose automatic renewal, and ensure port 80 is open for HTTP-01 validation. Webmin will obtain and install the certificate automatically.
Can I manage multiple servers from one Webmin instance?
Yes, via the Webmin Servers Index module. You can add remote hosts and jump between them from a single dashboard. Ensure all remote hosts are secured and use HTTPS with strong credentials.
What’s the difference between Webmin and Virtualmin?
Webmin is the base system administration UI. Virtualmin is a Webmin module designed for multi-tenant hosting (domains, mail, web, DNS). Choose Webmin for single-server admin tasks; choose Virtualmin if you offer hosting to multiple websites/users.
