Sunday, 30 October 2016

How to install and configure Certbot in a FreeNAS Jail

بسم الله الرحمن الرحيم



Abstract



  • A tutorial to install and configure certbot within a FreeNAS Jail.
  • Certbot is 'Electronic Frontier Foundation's ' implementation to issue free automated SSL certificates for webservers that are recognised by popular web browsers.  


Assumptions and Prerequisites


  • Domain: example.com
  • Hostname: www.example.com
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: www
  • Private IP: 10.0.0.56
  • Subnet Mask: 255.255.255.0/24
  • Certbot Version: 0.9.3
  • Apache has already been installed.
  • Apache Version: 2.4.23
  • Apache Webroot directory: /usr/local/www/apache24/data
  • SSL Certificate File: /usr/local/etc/letsencrypt/live/www.example.com/fullchain.pem
  • SSL Key File: /usr/local/etc/letsencrypt/live/www.example.com/privkey.pem 
  • Apache is bound to port 80 and 443.
  • Port 80 and 443 forwarding is enabled on the router to allow access to Apache webserver from the Internet.
  • Email: info@example.com (required to recover lost account details from certbot).



Instructions


- Install certbot
# pkg install py27-certbot

- Configure domain
# certbot certonly
Follow installer instructions
    domain: www.example.com
    webroot: /usr/local/www/apache24/data
    email: info@example.com

- Test certs renewal
# certbot renew --dry-run 

- Renew certs (Renews certs on port 80 for 90 days. Will not renew cert if expiry date of cert is less than 30 days).
# certbot renew --quiet

-  Force cert renewal with current issue date
# certbot renew --quiet --force-renewal

- Renew cert with a higher rsa-key size 4096
# certbot renew --quiet --rsa-key-size 4096 

-  Force cert renewal on https port 443 with a higher rsa-key size 4096
# certbot renew --quiet --rsa-key-size 4096 --force-renewal --tls-sni-01-port 443

- Change SSL Cert file paths in Apache to point to the new location of certbot's certificates
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf
   (144)  SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.example.com/fullchain.pem"
   (154)  SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.example.com/privkey.pem"
   (175)  #SSLCACertificateFile "/usr/local/etc/ssl/certs/ca.pem"

- Reload Apache config after certs renewal
# apachectl -k graceful

- Setup a cron job in FreeNAS to auto renew certs and reload the new apache settings with the following command.
# jexec www certbot renew --quiet --rsa-key-size 4096 && jexec www apachectl -k graceful

- Test the new SSL certs at the SSLABS website. This should give you an A+ on the SSL report.

- Links


Friday, 28 October 2016

How to install a secure Wordpress CMS in a FreeNAS Jail

بسم الله الرحمن الرحيم




Abstract 


A tutorial to install a secure Wordpress CMS on a FreeNAS 9.10.1 Jail.


Assumptions and Prerequisites



  • Domain: example.com
  • Hostname: www.example.com
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: www
  • Private IP: 10.0.0.56
  • Subnet Mask: 255.255.255.0/24
  • Database Server Name: db.example.com
  • Database Type and Version: MariaDB v10.1.18
  • Database Server IP: 10.0.0.57
  • Database Username: n7if835 (random generated)
  • Database Password: TunTeR3MPzqHy1KD (should be randomly generated)
  • Database Name: n7if835 (random generated)
  • Database Table Prefix: 24686nj9po7_ (should be randomly generated)
  • Database Server has SSL configured and enabled.
  • Apache has already been installed.
  • php56 and the necessary extensions are already installed.
  • Apache Webroot directory: /usr/local/www/apache24/data/
  • Apache 'AllowOverride' set to 'All'
  • Wordpress Version: 4.6.1


Instructions


Environment Setup

- Create a database 'n7if835' with username 'n7if835' with all privileges (Data, Structure, and Administration) and password 'TunTeR3MPzqHy1KD'

- Enable mod_rewrite module in apache by editing the file /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (177)   LoadModule rewrite_module libexec/apache24/mod_rewrite.so

- Install package wget to download wordpress archive
# pkg install wget

Install and Configure Wordpress

- Download wordpress from http://wordpress.org/latest.tar.gz
# cd /tmp
# wget http://wordpress.org/latest.tar.gz
- Unzip archive /tmp/latest.tar.gz
# tar xvf latest.tar.gz

- Copy /tmp/wordpress/ contents to webroot directory /usr/local/www/apache24/data/
# cp -Rfv /tmp/wordpress/* /usr/local/www/apache24/data/

- Goto https://www.example.com/ via web browser and follow the installation instructions.

- Enter the following Database details:
        Database Name: n7if835
        Username: n7if835
        Password: TunTeR3MPzqHy1KD
        Database Host: db.example.com
        Table Prefix: 24686nj9po7_

- Copy the generated code by wordpress installer into the file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php

- Click on the 'Run the Install' button and that will create the necessary database tables.

- Enter the following Site details:
        Site Title: www.exampl.com
        Username: webmin2001 (for security reasons don't use anything like 'admin')
        Password: (Enter strong password)
        Your Email: (your email address for this wordpress admin account)

- Enable Direct File System access by wordpress
# chmod -Rv 775 /usr/local/www/apache24/data/wp-content
- Edit file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (40)    /** If you don't want to use FTP to add/delete/update plugins/themes then define this option. **/
   (41)    define('FS_METHOD','direct');

- Test by deleting and adding a plugin or theme.

Securing Wordpress

- Enable DB SSL Connection by Wordpress
Edit File /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (43)    /** Force Wordpress to use SSL connection to Database **/
   (44)    define('MYSQL_CLIENT_FLAGS', MYSQL_CLIENT_SSL);

- Goto https://www.example.com/phpmyadmin via web browser and change the following details:
           Username: n7if835 SSL setting from 'REQUIRE NONE' to 'REQUIRE SSL'.
           Remove Administration Privileges for user n7if835

- Disable file editing for editing plugins and themes.
Edit file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (46)    /** Disable File Editing **/
   (47)    define('DISALLOW_FILE_EDIT', true);

- Force SSL Logins and SSL Admin Access
# vi /usr/local/www/apache24/data/wp-config.php
   (49)    /** Force SSL Logins **/
   (50)    define('FORCE_SSL_LOGIN', true);
   (51)
   (52)    /** Force SSL Admin Access **/
   (53)    define('FORCE_SSL_ADMIN', true);

- Delete files 'license.txt' and 'readme.html' in the wordpress root directory and also 'install.php' in wp-admin directory because they are possible site security holes.
# rm -v /usr/local/www/apache24/data/license.txt 
# rm -v /usr/local/www/apache24/data/readme.html
# rm -v /usr/local/www/apache24/data/wp-admin/install.php

- Make the file /usr/local/www/apache24/data/wp-config.php only readable by user and group
# chmod 440 /usr/local/www/apache24/data/wp-config.php

- Move the file /usr/local/www/apache24/data/wp-config.php up one directory to prevent web users access.
# mv /usr/local/www/apache24/data/wp-config.php /usr/local/www/apache24/wp-config.php

- Disable php functions that are not needed (good practice if website is on a shared host).
# vi /usr/local/etc/php.ini
    (303)  disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

- Turn off expose_php in php.ini
# vi /usr/local/etc/php.ini
    (363)  expose_php = Off

- Disable opening urls as files
# vi /usr/local/etc/php.ini
    (831)  allow_url_fopen = Off

- Create .htaccess file in the wordpress root directory and write the following to prevent web directory browsing, user enumeration, includes directory access, hotlinking of images, and users from reading the wp-config file.
# vi /usr/local/www/apache24/data/.htaccess
    (1)    Options -Indexes +FollowSymLinks
    (2)  
    (3)    <IfModule mod_rewrite.c>
    (4)    RewriteEngine On
    (5)    RewriteBase /
    (6)
    (7)    # Enable Permalinks to work
    (8)    RewriteRule ^index\.php$ - [L]
    (9)    RewriteCond %{REQUEST_FILENAME} !-f
    (10)   RewriteCond %{REQUEST_FILENAME} !-d
    (11)   RewriteRule . /index.php [L]
    (12)
    (14)   # Prevent user enumeration
    (15)   RewriteCond %{QUERY_STRING} ^author=([0-9]*)
    (16)   RewriteRule .* https://www.example.com/? [L,R=302]
    (17)   RewriteRule ^wp-admin/includes/ - [F,L]
    (18)
    (19)   # Prevent includes directory access
    (20)   RewriteRule !^wp-includes/ - [S=3]
    (21)   RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    (22)   RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    (23)   RewriteRule ^wp-includes/theme-compat/ - [F,L]
    (24)
    (25)   # Disable hotlinking of images with forbidden or custom image option
    (26)   RewriteCond %{HTTP_REFERER} !^$
    (27)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
    (28)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
    (29)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds2.feedburner.com/example [NC]
    (30)   RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
    (31)
    (32)   # Disable XMLRPC
    (33)   RewriteRule ^xmlrpc.php$ "http://0.0.0.0/" [R=301,L]
    (34)
    (35)   # Restrict access to plugins and themes php files from unauthorised users
    (36)   RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
    (37)   RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
    (38)   RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
    (39)   RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
    (40)   RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
    (41)   RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]
    (42)
    (43)   # Prevent Script injections
    (44)   RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    (45)   RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    (46)   RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    (47)   RewriteRule ^(.*)$ index.php [F,L]
    (48)   </IfModule>
    (49)
    (50)   # Protect wp-config.php from user access
    (51)   <files wp-config.php>
    (52)   Require all denied
    (53)   </files>

- Prevent execution of php scripts in the uploads directory
# vi /usr/local/www/apache24/data/wp-content/uploads/.htaccess
    (1)    # Disable php file execution
    (2)    <files *.php>
    (3)    Require all denied
    (4)    </files>

Thursday, 27 October 2016

How to install phpMyAdmin on a FreeNAS Jail

بسم الله الرحمن الرحيم


Abstract


A tutorial to install phpMyAdmin on a FreeNAS Jail. 

Assumptions and Prerequisites


  • Domain: example.com
  • Hostname: www.example.com
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: www
  • Private IP: 10.0.0.56
  • Subnet Mask: 255.255.255.0/24
  • Apache has already been installed.
  • php56 is already installed.
  • Restrict Access only to local LAN (10.0.0.0/24).

Instructions


- First install php extensions required for phpMyAdmin.    
# pkg install php56-session php56-json php56-mbstring php56-zip php56-gd php56-openssl php56-curl php56-ctype php56-bz2 php56-mcrypt php56-zlib

- Install and Configure phpMyAdmin for Database Web Administration
# pkg install phpmyadmin
- Create phpMyAdmin configuration file /usr/local/etc/apache24/Includes/phpmyadmin.conf
# vi /usr/local/etc/apache24/Includes/phpmyadmin.conf
   (1)      Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"
   (2)       
   (3)      <Directory "/usr/local/www/phpMyAdmin/">                  
   (4)          Options None
   (5)          AllowOverride Limit
   (6)
   (7)          Require local
   (8)          Require ip 10.0.0.0/24
   (9)      </Directory>

- Reload Apache Configurations
# service apache24 graceful

- Configure phpMyAdmin to connect with Database
Goto http://10.0.0.56/phpmyadmin/setup via web browser.
Click the button 'New server' and add a new server settings.
After configuring settings for the database server connection, click the 'Display' button.

- Copy the php code generated into the file /usr/local/www/phpMyAdmin/config.inc.php
# vi /usr/local/www/phpMyAdmin/config.inc.php

- Goto http://10.0.0.56/phpmyadmin via web browser and Login to phpmyadmin with your database username and password.

How to Install Apache webserver in a FreeNAS Jail

بسم الله الرحمن الرحيم


Abstract


  • A tutorial to install the Apache webserver in FreeNAS 9.10 Jail.
  • Configure and enable SSL on Apache.
  • Enable Virtual Hosts.
  • Enable and configure Apache Server Pool Management.
  • Configure Apache to run CGI and Perl scripts. 
  • Install and configure php56. 


Assumptions and Prerequisites



  • Domain: example.com
  • Hostname: www.example.com
  • System Notification Email: info@example.com 
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: www
  • Private IP: 10.0.0.56
  • Subnet Mask: 255.255.255.0/24
  • Server Location: Melbourne, Australia
  • Webserver and Version: Apache v2.4.23_1
  • Apache Document Root Directory: /usr/local/www/apache24/data
  • Apache MPM: Prefork Module
  • Disable Directory Browsing.
  • Allow Over Ride All to .htaccess files.
  • CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
  • SSL Certificate File: /usr/local/etc/ssl/certs/www.example.com.crt
  • SSL Key File: /usr/local/etc/ssl/private/www.example.com.key


Instructions


- Install Apache2.4
# pkg install apache24

- Configure Apache settings
Edit file /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (214) ServerAdmin info@example.com
   (222) ServerName www.example.com
   (260) Options -Indexes +FollowSymLinks
   (267) AllowOverride All

- Set Server Defaults for Production Server
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (505) Include etc/apache24/extra/httpd-default.conf
Edit /usr/local/etc/apache24/extra/httpd-default.conf
# vi /usr/local/etc/apache24/extra/httpd-default.conf
   (55)  ServerTokens Prod

Enable apache to run and start on boot.
# sysrc apache24_enable="yes"
Start Apache Server
# service apache24 start

- Generate Self-Signed Certificate Authority, Server Certificate and Key.

Enable SSL 

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (89)   LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
   (144)  LoadModule ssl_module libexec/apache24/mod_ssl.so
   (513)  Include etc/apache24/extra/httpd-ssl.conf
Edit /usr/local/etc/apache24/extra/httpd-ssl.conf
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf
   (52)   #SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (53)   #SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (65)   SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (66)   SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (124)  DocumentRoot "/usr/local/www/apache24/data"
   (125)  ServerName www.example.com:443
   (126)  ServerAdmin info@example.com
   (127)  ErrorLog "/var/log/httpd-error.log"
   (128)  TransferLog "/var/log/httpd-access.log"
   (144)  SSLCertificateFile "/ust/local/etc/ssl/certs/www.example.com.crt"
   (154)  SSLCertificateKeyFile "/usr/local/etc/ssl/certs/www.example.com.key"
   (175)  SSLCACertificateFile "/usr/local/etc/ssl/certs/ca.pem"
Reload new settings for Apache
# service apache24 graceful

Enable Virtual Hosts

- Enable Virtualhosts to redirect traffic from unecrypted port (80) to encrypted port (443).
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (496)  Include etc/apache24/extra/httpd-vhosts.conf
Edit /usr/local/etc/apache24/extra/httpd-vhosts.conf
# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf
   (23)  
   (24)       ServerAdmin info@example.com
   (25)       DocumentRoot "/usr/local/www/apache24/data"
   (26)       ServerName www.example.com
   (27)       ServerAlias www.example.com
   (28)       ErrorLog "/var/log/www.example.com-error_log"
   (29)       CustomLog "/var/log/www.example.com-access_log" common
   (30)       Redirect "/" "https://www.example.com"
   (31)  
Reload new settings for Apache
# service apache24 graceful


Enable Server Pool Management

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (478)  Include etc/apache24/extra/httpd-mpm.conf
Change the number of concurrent connections for the server from 250 to 50 by editing the /usr/local/etc/apache24/extra/httpd-mpm.conf file
# vi /usr/local/etc/apache24/extra/httpd-mpm.conf
   (32)    MaxRequestWorkers      50
Reload new settings for Apache
# service apache24 graceful

Enable CGI and Perl Scripts


Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (162)   LoadModule cgid_module libexec/apache24/mod_cgid.so
   (165)   LoadModule cgi_module libexec/apache24/mod_cgi.so
   (260)   Options -Indexes +FollowSymLinks +ExecCGI
   (418)   AddHandler cgi-script .cgi .pl
Reload new settings for Apache
# service apache24 graceful

- Create CGI Script to test on Server
Create file /usr/local/www/apache24/data/index.cgi
#vi /usr/local/www/apache24/data/index.cgi
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "CGI Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.cgi
- Test Script in Browser

- Create Perl Script to test on Server
Create file /usr/local/www/apache24/data/index.pl
#vi /usr/local/www/apache24/data/index.pl
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "Perl Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
- Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.pl
- Test Script in Browser

Install and Enable  php56

# pkg install -y php56 mod_php56 php56-mysql php56-mysqli php56-extensions
Create file php56 configuration file /usr/local/etc/apache24/includes/php56.conf
# vi /usr/local/etc/apache24/includes/php56.conf
   (1)     <FilesMatch "\.php$">
   (2)         SetHandler application/x-httpd-php
   (3)     </FilesMatch>
   (4)     <FilesMatch "\.phps$">
   (5)         SetHandler application/x-httpd-php-source
   (6)     </FilesMatch>
Reload new settings for Apache
# service apache24 graceful

- Change script preference to execute index.php over index.html
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (281)  DirectoryIndex index.php index.html
- Copy php.ini-production to php.ini
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
- Edit file /usr/local/etc/php.ini
# vi /usr/local/etc/php.ini
   (936)   date.timezone = "Australia\Melbourne"
Reload new settings for Apache
# service apache24 graceful

- Create php Script to test on Server
Create file /usr/local/www/apache24/data/index.php
# vi /usr/local/www/apache24/data/index.php
   (1)       <html>
   (2)       <body>
   (3)       <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
   (4)       <?php
   (5)            print Date("Y/m/d");
   (6)       ?>
   (7)       </div>
   (8)       </body>
   (9)       </html>
- Test Script in Browser

- Links

How to install MariaDB Server in a FreeNAS Jail

بسم الله الرحمن الرحيم



Description



A tutorial to install MariaDB Server v10.1.18 on a FreeNAS 9.10.1 Jail.


Assumptions and Prerequisites 




  • Domain: example.com
  • Hostname: db.example.com
  • OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
  • Container: Warden Jail
  • Jail Name: db
  • Private IP: 10.0.0.57
  • Subnet Mask: 255.255.255.0/24
  • Database Version: MariaDB v10.1.18
  • Database Server Type: Medium
  • SSL Certificates have been generated 
  • CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
  • SSL Certificate File: /usr/local/etc/ssl/certs/db.example.com.crt
  • SSL Key File: /usr/local/etc/ssl/private/db.example.com.key


Instructions


Install MariaDB
# pkg install mariadb101-server

Configure Settings
Choose Configuration file for Database server: my-small.cnf, my-medium.cnf, my-large.cnf, or my-huge.cnf
# cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf 

Enable MariaDB Server to run and start on boot
# sysrc mysql_enable=yes

Start MariaDB Server
# service mysql-server start

Configure secure setup for production
# mysql_secure_installation
   Set root password? [Y/n]: y
   Remove anonymous users? [Y/n]: y
   Disallow root login remotely? [Y/n]: y
   Remove test database and access to it? [Y/n]: y
   Reload privilege tables now? [Y/n]: y

Test root Login
# mysql -u root -p

Test sql queries
# select user,host,password from mysql.user;
# show databases; 
# exit;

Enable SSL on MariaDB Server
# vi /usr/local/etc/my.cnf
   (27)  # The MariaDB server
   (28)  [mysqld]
   (29)  ssl-ca=/usr/local/etc/ssl/certs/ca.pem
   (30)  ssl-cert=/usr/local/etc/ssl/certs/db.example.com.crt
   (31)  ssl-key=/usr/local/etc/ssl/private/db.example.com.key 
   (32)  bind-address    = 10.0.0.57 
   (33)  port = 3306

Monday, 3 October 2016

How to install Webmin in a FreeNAS Jail

بسم الله الرحمن الرحيم


Description


This is a tutorial on how to install Webmin 1.810 inside a FreeNAS 9.10.-U1 warden jail.

Assumptions and Prerequisites 


  • OS: FreeNAS 9.10.1-U1
  • Webmin Version: 1.810
  • Jail Name: zen
  • DNS Name: zen.houseofjaleel.com
  • Domain: houseofjaleel.com
  • Private IP Address: 10.0.0.10
  • Jail has been updated to the latest packages with the command # pkg -y update && pkg -y upgrade

Instructions


1. Install Webmin 
# pkg install -y webmin

2. Run the Webmin setup script
# /usr/local/lib/webmin/setup.sh
Log file directory [/var/log/webmin]: press Enter to accept default
Full path to perl (default /usr/local/bin/perl): press Enter to accept default
Web server port (default 10000): press Enter to accept default
Login name (default admin): press Enter to accept default
Login password: (set your password here)
Password again: (set you password here)
Use SSL (y/n): y
3. Enable Webmin to run and also run on boot
# sysrc webmin_enable="YES"

4. Start Webmin service
# service webmin start

Conclusion


Login to webmin via the browser with the username: admin and password you set with the setup script earlier.

If DNS is configured for the jail then you can access webmin through either of the three URLs, or just the IP.
  1. https://10.0.0.10:10000
  2. https://zen:10000
  3. https://zen.houseofjaleel.com:10000