Webmin and Let’s Encrypt on Google Cloud

Thanks to Google Cloud Platform’s free tier and $300 credit, I have been spending more time building on GCP. As I start to call GCP home, it’s time to dress it up. My objectives are as follows:

  1. Setup a web-based configuration tool. I lived through the command-line era of MS DOS in the 80s and 90s but like most people, have long gotten used to the point-and-click interface. This will help me get productive again. Webmin is free and received a nice face-lift recently.
  2. Give my VM its own domain name – GoDaddy sells them cheap for the first year.
  3. Do SSL.

Webmin

SSH into your VM. Edit your source list:

$ sudo nano /etc/apt/sources.list

In nano or your editor of choice, go right to the end of your sources.list file to include Webmin’s repository. Save and exit.

deb http://download.webmin.com/download/repository sarge contrib 
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

Add Webmin’s GPG key to apt so that your Linux server will trust it:

$ wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -

Refresh:

$ sudo apt-get update

Finally, install Webmin:

$ sudo apt-get install webmin

Webmin listens on port 10000. Edit your firewall rules in Google Console to accept connections from port 10000.

To access webmin, go to https://<your server address>:10000. Your browser detects that you are trying to access webmin securely without a cert. We will fix this later. Webmin asks for your username and password. If you are like me and have been talking to your server through Google’s browser’s based SSH shell, then you don’t have a password. SSH into your server and run passwd to change your root password:

$ passwd

Now login. Your ID is root and your password is what you just set.

Let’s Encrypt

Let’s Encrypt, in their own words, is a free, automated, and open certificate Authority. You can receive a free cert here. At this point, you should still be logged in to your server through SSH.

$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt/ $ ./letsencrypt-auto --help all

Domain’s DNS

Make sure that the A record of your domain name’s DNS points to the IP address of your server. Let’s Encrypt do not issue certs for IP addresses. Make sure that you have completed this before going on to the next step.

Requesting for a cert

It’s easy to setup with Certbot. Here are my commands for my Ubuntu Xenial VM with Apache:

$ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache $ sudo certbot --apache

Follow the instructions on-screen to receive a free cert.

Webmin Configuration

Login to Webmin on the browser again. Go to Webmin Configuration

Click SSL Encryption. Then go to Let’s Encrypt. Add your domain name into the “Hostnames for certificate” box. Then click [Request Certificate].

Now go to https://<your domain name>:10000. Webmin is now accessible securely by typing your domain name into the browser. Now I can sleep well at night.

Photo by Mike Szczepanski on Unsplash