Webmin and Let's Encrypt on Google Cloud Platform
Thanks to Google Cloud Platform's free tier and $300 credit, I have been spending more time building on GCP. As I start to call GCP home, it's time to dress it up. My objectives are as follows:
- Setup a web-based configuration tool. I lived through the command-line era of MS DOS in the 80s and 90s but like most people, have long gotten used to the point-and-click interface. This will help me get productive again. Webmin is free and received a nice face-lift recently.
- Give my VM its own domain name - GoDaddy sells them cheap for the first year.
- Do SSL.
SSH into your VM. Edit your source list:
$ sudo nano /etc/apt/sources.list
In nano or your editor of choice, go right to the end of your sources.list file to include Webmin's repository. Save and exit.
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
Add Webmin's GPG key to apt so that your Linux server will trust it:
$ wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
$ sudo apt-get update
Finally, install Webmin:
$ sudo apt-get install webmin
Webmin listens on port 10000. Edit your firewall rules in Google Console to accept connections from port 10000.
To access webmin, go to https://<your server address>:10000. Your browser detects that you are trying to access webmin securely without a cert. We will fix this later. Webmin asks for your username and password. If you are like me and have been talking to your server through Google's browser's based SSH shell, then you don't have a password. SSH into your server and run passwd to change your root password:
Now login. Your ID is root and your password is what you just set.
Let's Encrypt, in their own words, is a free, automated, and open certificate Authority. You can receive a free cert here. At this point, you should still be logged in to your server through SSH.
$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt/ $ ./letsencrypt-auto --help all
Make sure that the A record of your domain name's DNS points to the IP address of your server. Let's Encrypt do not issue certs for IP addresses. Make sure that you have completed this before going on to the next step.
Requesting for a cert
It's easy to setup with Certbot. Here are my commands for my Ubuntu Xenial VM with Apache:
$ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache $ sudo certbot --apache
Follow the instructions on-screen to receive a free cert.
Login to Webmin on the browser again. Go to Webmin Configuration
Click SSL Encryption. Then go to Let's Encrypt. Add your domain name into the "Hostnames for certificate" box. Then click [Request Certificate].
Now go to https://<your domain name>:10000. Webmin is now accessible securely by typing your domain name into the browser. Now I can sleep well at night.