Skip to content

Virtualmin Setup DigitalOcean

Solved Customisation
  • @phenomlab no need to bring those sites back. i am just documenting here 😄

    I’m already seeing the virtualmin login page. now need to update and add domains

  • @Hari good. What’s this going to be for out of curiosity ?

  • @phenomlab we have bunch of subdirectories (domain.com/ask, news…) moving them to subdomains (news.domain.com)

    once everything works perfectly we may stop using CW

  • @Hari sounds like a good plan.

  • @phenomlab this gonna be a production build. which mySQL option do you suggest? flarum, and 3 to 4 wordpress sites should i go with 1GB MySQL option? we can change this later right?

    4GB ram 2vCPU AMD

    a182bd99-fbcf-4c9c-a9fc-b5af2ef22d16-image.png

    Edit: i went forward with 1GB MySQL allocation option

  • @Hari yes, this should be fine.

  • @phenomlab one quick question

    host.domain.com virtualmin main domain used during setup (host)
    site.domain.com virtual server created in virtualmin

    i have lets encrypt certificates for both subdomains

    CF A name record is proxed, both sites are opening

    but when i try to access Virtualmin panel by using host.domain.com:10000 it is not opening

    but IP:10000 is working

    what am i missing?

    is CF preventing port access?

  • @Hari said in Virtualmin Setup DigitalOcean:

    is CF preventing port access?

    Yes, but not at the port level. The reason for this is that CF is handling the DNS side of things so when you try to access using your browser, it’s going to resolve to the address in DNS that resolves to CF.

    There’s a number of choices depending on your scenario.

    The most common approach is to create a page page rule that bypass the CF proxy and allows direct access. The issue here of course is that the free plan on CF only allows a small amount of ports, so you’d need to change the VirtualMin listener port to something else dish as 8443 which is routable in the free plan. You can change the VirtualMin port as explained here

    Another approach is to use a management station that has access, and then create a HOSTS file entry that contains a mapping from hostname to IP that overrides the DNS but only for your machine. The preferred order of resolution means host files are read before DNS, and if a match is found then that is used and DNS is ignored.

    The drawback with this is that you’d need to make this change on every single machine where you wanted to gain access. Not insurmountable, but quite clunky if you frequently used multiple machine or your phone to get access.

    The last method, which is by far optimum is to use a vacant or unused domain to access VirtualMin. I do this myself, and it just means that this domain has no other purpose other than to manage the VPS. In other words, it’s not used for web hosting etc. You can still host the DNS in CF, but you’d then need to ensure the proxy is disabled.

  • @phenomlab as suggested i have made a few changes

    changed my port
    changed my host domain from host.domain.com to hos.domain2.com for extra CF page rules

    how can i disable others accessing my IP?
    instead of using hos.domain2.com to manage virutalmin can i directly use my IP to access virtualmin?
    if i proxy or deny direct access to my IP how to give FTP access to one of my admin? as currently we use IP
    they need to access using FTP:hos.domain2.com?

    should i proxy hos.domain2.com at CF? currently i can not access Virtualmin using port how to add page rule to allow my port

  • @Hari said in Virtualmin Setup DigitalOcean:

    how can i disable others accessing my IP?

    Can you clarify this part ? Are you looking to hide the real IP behind CF ?

    @Hari said in Virtualmin Setup DigitalOcean:

    instead of using hos.domain2.com to manage virutalmin can i directly use my IP to access virtualmin?

    Yes, if you aren’t worried about certificate errors

    @Hari said in Virtualmin Setup DigitalOcean:

    should i proxy hos.domain2.com at CF? currently i can not access Virtualmin using port how to add page rule to allow my port

    No, do not proxy it. As soon as you do that, DNS will resolve at CF and not the actual server itself.

  • @phenomlab i thought once i set up the host domain i no longer need to access Virtualmin using IP. later realized that is not how it works.

    how do i install PHPmyadmin to all servers (domains)? … right now i had to do it manually for each and every domain

    though i install phpmyadmin for one domain it is not working, i have tired restarting server and all.

    cdda0c3b-2833-4d10-abbc-49b1f52087f5-image.png

  • @Hari What is in the error log ? Typically, you’d only need to install phpMyAdmin once and as long as it can see your MySQL server and databases, this should be fine.

    That’s a HTTP 500 error which indicates an issue on your side.

  • @phenomlab i messed the server, now i can not delete and reinstall.

    i have created subdomain1, 2, 3 as main servers instead of creating domain and adding them as sub servers. during this process, i requested for more than 5 let’s encrypt certificates and reached the daily limit. Now i have manually bought one certificate from CF Origin Certificate for 15years and installed it for the main domain

    moved all servers as sub servers now i see 403 error

    i hope i do not have any SSL issues all i get is 403 for 3 subdomains how can i fix it?

    Forbidden
    You don'\t have permission to access this resource.
    

    i did not move my main domain yet - planned to move after 1week

  • @Hari what’s in the NGINX error logs for each of these domains ? Looks like a permissions issue to me

  • @phenomlab where do i find it? i think i am not using it

    109116a1-15e3-4193-8ce9-276652831fb9-image.png

  • @Hari you have the apache build. In that case, can you post one of the virtualhost configs (for one of the domains)

  • @phenomlab where can i find it? sent PM

  • Can you post the configs here remembering to redact sensitive information, and also use the code markers (three backticks) as this makes it much easier to read rather than standard text in a PM.

  • @phenomlab apache error log

    [Sat Jun 11 04:18:57.835413 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: WordPress database error Table 'site.wp_terms' doesn't exist for query 
    [Sat Jun 11 04:18:57.835457 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t\tSELECT  t.term_id
    [Sat Jun 11 04:18:57.835460 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t\tFROM wp_terms AS t  INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id
    [Sat Jun 11 04:18:57.835462 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t\tWHERE tt.taxonomy IN ('wp_theme') AND t.name IN ('twentytwentyone-child')
    [Sat Jun 11 04:18:57.835464 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t\t
    [Sat Jun 11 04:18:57.835466 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t\tLIMIT 1
    [Sat Jun 11 04:18:57.835468 2022] [fcgid:warn] [pid 15150:tid 140169000707840] [client 10.10.10.10:21926] mod_fcgid: stderr: \t\t made by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('wp_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, {closure}, {closure}, WP_Theme_JSON_Resolver::get_merged_data, WP_Theme_JSON_Resolver::get_user_data, WP_Theme_JSON_Resolver::get_user_data_from_wp_global_styles, wp_get_recent_posts, get_posts, WP_Query->query, WP_Query->get_posts, WP_Tax_Query->get_sql, WP_Tax_Query->get_sql_clauses, WP_Tax_Query->get_sql_for_query, WP_Tax_Query->get_sql_for_clause, WP_Tax_Query->clean_query, WP_Tax_Query->transform_query, WP_Term_Query->query, WP_Term_Query->get_terms
    [Sat Jun 11 04:48:48.539594 2022] [fcgid:warn] [pid 15151:tid 140169220634368] [client 162.158.163.22:21308] mod_fcgid: stderr: PHP Warning:  Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: https://site.domain.com/wp-admin/nav-menus.php?action=edit&menu=15
    [Sat Jun 11 04:48:48.573874 2022] [fcgid:warn] [pid 15150:tid 140169067849472] [client 162.158.163.22:21318] mod_fcgid: stderr: PHP Warning:  Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: https://site.domain.com/wp-admin/nav-menus.php?action=edit&menu=15
    [Sat Jun 11 22:35:55.645849 2022] [authz_core:error] [pid 6627:tid 140051065321216] [client 10.10.10.10:11538] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:35:59.499018 2022] [authz_core:error] [pid 6627:tid 140051056928512] [client 162.158.163.216:30198] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:36:27.717929 2022] [authz_core:error] [pid 6628:tid 140050956216064] [client 162.158.162.39:58156] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:36:30.104410 2022] [authz_core:error] [pid 6628:tid 140050947823360] [client 162.158.162.123:12182] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:36:30.405002 2022] [authz_core:error] [pid 6627:tid 140050964608768] [client 162.158.163.230:22958] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 22:36:30.664470 2022] [authz_core:error] [pid 6628:tid 140050939430656] [client 162.158.163.22:20408] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:36:30.887080 2022] [authz_core:error] [pid 6627:tid 140050939430656] [client 162.158.163.230:22958] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 22:42:53.066998 2022] [authz_core:error] [pid 6628:tid 140051048535808] [client 162.158.163.68:19514] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:42:53.436812 2022] [authz_core:error] [pid 6628:tid 140051183978240] [client 162.158.163.230:23526] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 22:42:57.633871 2022] [authz_core:error] [pid 6628:tid 140051056928512] [client 162.158.163.198:58164] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:42:57.875926 2022] [authz_core:error] [pid 6628:tid 140051065321216] [client 162.158.163.230:23526] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/?SFd
    [Sat Jun 11 22:43:21.190817 2022] [authz_core:error] [pid 6628:tid 140050989786880] [client 162.158.163.198:58200] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:43:21.512913 2022] [authz_core:error] [pid 6628:tid 140050981394176] [client 162.158.163.230:23590] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/phpmyadmin/
    [Sat Jun 11 22:44:26.950134 2022] [authz_core:error] [pid 6628:tid 140050939430656] [client 162.158.163.68:19764] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:44:27.344249 2022] [authz_core:error] [pid 6628:tid 140050931037952] [client 162.158.163.230:23678] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/phpmyadmin/
    [Sat Jun 11 22:50:04.601796 2022] [authz_core:error] [pid 6628:tid 140051065321216] [client 162.158.163.198:58926] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:50:05.006553 2022] [authz_core:error] [pid 6628:tid 140051073713920] [client 162.158.163.230:24250] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/phpmyadmin/
    [Sat Jun 11 22:50:07.320488 2022] [authz_core:error] [pid 6628:tid 140051082106624] [client 162.158.162.39:59036] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:50:07.591099 2022] [authz_core:error] [pid 6628:tid 140051023357696] [client 162.158.163.230:24250] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 22:52:09.209043 2022] [authz_core:error] [pid 6628:tid 140050964608768] [client 162.158.162.161:28196] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:52:09.632416 2022] [authz_core:error] [pid 6627:tid 140051031750400] [client 162.158.163.230:24496] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 22:55:09.905607 2022] [authz_core:error] [pid 6627:tid 140051098892032] [client 162.158.162.161:29106] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 22:55:10.309477 2022] [authz_core:error] [pid 6628:tid 140050939430656] [client 162.158.163.230:24846] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 23:14:18.992679 2022] [authz_core:error] [pid 6628:tid 140051183978240] [client 162.158.163.198:61920] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 23:14:19.923242 2022] [authz_core:error] [pid 6628:tid 140051192370944] [client 162.158.163.230:26952] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 23:19:19.476070 2022] [authz_core:error] [pid 6627:tid 140051192370944] [client 162.158.163.198:62592] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 23:19:19.985993 2022] [authz_core:error] [pid 6628:tid 140050931037952] [client 162.158.163.230:27558] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/
    [Sat Jun 11 23:26:37.228967 2022] [authz_core:error] [pid 6628:tid 140050931037952] [client 162.158.163.68:25548] AH01630: client denied by server configuration: /home/site
    [Sat Jun 11 23:29:04.915049 2022] [authz_core:error] [pid 6627:tid 140050939430656] [client 162.158.163.198:63886] AH01630: client denied by server configuration: /home/site, referer: https://10.10.10.10:19185/
    [Sat Jun 11 23:29:05.698759 2022] [authz_core:error] [pid 6627:tid 140051031750400] [client 162.158.163.230:28652] AH01630: client denied by server configuration: /home/site, referer: https://site.domain.com/phpmyadmin/
    

    Config files

    <VirtualHost 10.10.10.10:80>
        SuexecUserGroup #1006 #1006
        ServerName site.domain.com
        ServerAlias www.site.domain.com
        ServerAlias mail.site.domain.com
        ServerAlias webmail.site.domain.com
        ServerAlias admin.site.domain.com
        DocumentRoot /home/domain/domains/site.domain.com/public_html
        ErrorLog /var/log/virtualmin/site.domain.com_error_log
        CustomLog /var/log/virtualmin/site.domain.com_access_log combined
        ScriptAlias /cgi-bin/ /home/domain/domains/site.domain.com/cgi-bin/
        ScriptAlias /awstats/ /home/domain/domains/site.domain.com/cgi-bin/
        DirectoryIndex index.php index.php4 index.php5 index.htm index.html
        <Directory /home/domain/domains/site.domain.com/public_html>
            Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
            allow from all
            AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
            Require all granted
            AddType application/x-httpd-php .php
            AddHandler fcgid-script .php
            AddHandler fcgid-script .php7.4
            FCGIWrapper /home/domain/domains/site.domain.com/fcgi-bin/php7.4.fcgi .php
            FCGIWrapper /home/domain/domains/site.domain.com/fcgi-bin/php7.4.fcgi .php7.4
        </Directory>
        <Directory /home/domain/domains/site.domain.com/cgi-bin>
            allow from all
            AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
            Require all granted
        </Directory>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} =webmail.site.domain.com
        RewriteRule ^(?!/.well-known)(.*) https://site.domain.com:20000/ [R]
        RewriteCond %{HTTP_HOST} =admin.site.domain.com
        RewriteRule ^(?!/.well-known)(.*) https://site.domain.com:10000/ [R]
        RemoveHandler .php
        RemoveHandler .php7.4
        FcgidMaxRequestLen 1073741824
        <Files awstats.pl>
            AuthName "site.domain.com statistics"
            AuthType Basic
            AuthUserFile /home/domain/domains/site.domain.com/.awstats-htpasswd
            require valid-user
        </Files>
        Alias /dav /home/domain/domains/site.domain.com/public_html
        <Location /dav>
            DAV on
            AuthType Basic
            AuthName "site.domain.com"
            AuthUserFile /home/domain/domains/site.domain.com/etc/dav.digest.passwd
            Require valid-user
            ForceType text/plain
            Satisfy All
            RemoveHandler .php
            RemoveHandler .php7.4
            RewriteEngine off
        </Location>
        IPCCommTimeout 301
    </VirtualHost>
    <VirtualHost 10.10.10.10:443>
        SuexecUserGroup #1006 #1006
        ServerName site.domain.com
        ServerAlias www.site.domain.com
        ServerAlias mail.site.domain.com
        ServerAlias webmail.site.domain.com
        ServerAlias admin.site.domain.com
        DocumentRoot /home/domain/domains/site.domain.com/public_html
        ErrorLog /var/log/virtualmin/site.domain.com_error_log
        CustomLog /var/log/virtualmin/site.domain.com_access_log combined
        ScriptAlias /cgi-bin/ /home/domain/domains/site.domain.com/cgi-bin/
        ScriptAlias /awstats/ /home/domain/domains/site.domain.com/cgi-bin/
        DirectoryIndex index.php index.php4 index.php5 index.htm index.html
        <Directory /home/domain/domains/site.domain.com/public_html>
            Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
            allow from all
            AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
            Require all granted
            AddType application/x-httpd-php .php
            AddHandler fcgid-script .php
            AddHandler fcgid-script .php7.4
            FCGIWrapper /home/domain/domains/site.domain.com/fcgi-bin/php7.4.fcgi .php
            FCGIWrapper /home/domain/domains/site.domain.com/fcgi-bin/php7.4.fcgi .php7.4
        </Directory>
        <Directory /home/domain/domains/site.domain.com/cgi-bin>
            allow from all
            AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
            Require all granted
        </Directory>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} =webmail.site.domain.com
        RewriteRule ^(?!/.well-known)(.*) https://site.domain.com:20000/ [R]
        RewriteCond %{HTTP_HOST} =admin.site.domain.com
        RewriteRule ^(?!/.well-known)(.*) https://site.domain.com:10000/ [R]
        RemoveHandler .php
        RemoveHandler .php7.4
        FcgidMaxRequestLen 1073741824
        <Files awstats.pl>
            AuthName "site.domain.com statistics"
            AuthType Basic
            AuthUserFile /home/domain/domains/site.domain.com/.awstats-htpasswd
            require valid-user
        </Files>
        Alias /dav /home/domain/domains/site.domain.com/public_html
        <Location /dav>
            DAV on
            AuthType Basic
            AuthName "site.domain.com"
            AuthUserFile /home/domain/domains/site.domain.com/etc/dav.digest.passwd
            Require valid-user
            ForceType text/plain
            Satisfy All
            RemoveHandler .php
            RemoveHandler .php7.4
            RewriteEngine off
        </Location>
        IPCCommTimeout 301
        SSLEngine on
        SSLCertificateFile /etc/ssl/virtualmin/16549049453514/ssl.combined
        SSLCertificateKeyFile /etc/ssl/virtualmin/16549049453514/ssl.key
        SSLCACertificateFile /etc/ssl/virtualmin/16549049453514/ssl.ca
        SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    </VirtualHost>
    

Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation 💗

Related Topics
  • Error certification on virtualmin/Nginx

    Solved Linux
    17
    0 Votes
    17 Posts
    739 Views

    @DownPW anytime

  • 4 Votes
    8 Posts
    1k Views

    @phenomlab
    Sorry to delay in responding, yes as i mentioned above, i had to remove my redis from docker and reinstall a new image with this command

    docker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpine

    and now when i test my ip and port on
    https://www.yougetsignal.com/tools/open-ports/

    the status of my redis port is closed. I think which to configure firewall in droplet digital ocean is a good idea too, and i will configure soon.
    Thanks for the help!

  • Deploy React + NodeJs App

    Solved Configure
    25
    4 Votes
    25 Posts
    1k Views

    @justoverclock Any update ?

    Thanks

    EDIT - marking as solved based on the below thread
    https://sudonix.com/topic/339/digitalocean-step-by-step-guide-to-nginx-configuration

  • Blog Setup

    Solved Customisation
    17
    8 Votes
    17 Posts
    1k Views

    Here is an update. So one of the problems is that I was coding on windows - duh right? Windows was changing one of the forward slashes into a backslash when it got to the files folder where the image was being held. So I then booted up my virtualbox instance of ubuntu server and set it up on there. And will wonders never cease - it worked. The other thing was is that there are more than one spot to grab the templates. I was grabbing the template from the widget when I should have been grabbing it from the other templates folder and grabbing the code from the actual theme for the plugin. If any of that makes sense.

    I was able to set it up so it will go to mydomain/blog and I don’t have to forward it to the user/username/blog. Now I am in the process of styling it to the way I want it to look. I wish that there was a way to use a new version of bootstrap. There are so many more new options. I suppose I could install the newer version or add the cdn in the header, but I don’t want it to cause conflicts. Bootstrap 3 is a little lacking. I believe that v2 of nodebb uses a new version of bootstrap or they have made it so you can use any framework that you want for styling. I would have to double check though.

    Thanks for your help @phenomlab! I really appreciate it. I am sure I will have more questions so never fear I won’t be going away . . . ever, hahaha.

    Thanks again!

  • how to increase upload DB file size in virtualmin

    Solved Configure
    2
    1 Votes
    2 Posts
    407 Views

    @Hari this helped

  • how to configure DNS records virtualmin?

    Solved Linux
    26
    11 Votes
    26 Posts
    2k Views

    i think we can mark this discussion as solved

    learned how to install virtualmin with NGINX We can easily point the DNS by mentioning server IP at CF a name record learned how to install SSL
  • VirtualMin create virtual server

    Solved Configure
    4
    2 Votes
    4 Posts
    369 Views

    @justoverclock correct. You only need to keep an eye on the resources of the droplet itself

  • Virtualmin Letsencrypt Renewal

    Solved Hosting
    13
    1 Votes
    13 Posts
    1k Views

    @gotwf said in Virtualmin Letsencrypt Renewal:

    I favor KISS engineering

    Then I think you’ll be able to appreciate this
    https://content.sudonix.com/keep-it-simple-stupid/