Configure WAI settings

This topic describes how to configure what address and port the Web Administration Interface listens on. It also describes how to configure SSL encryption for the WAI.

The Administration Interface Settings page contains some general configuration options for the Web Administration Interface (WAI). These include IP addresses, ports, and SSL encryption.

Administration interface configuration

You can configure the WAI to stop, start, restart, or start automatically using the Bootup and Shutdown page. For more details, see Start and stop services, reboot, and shut down.

Configure ports and addresses

By default, the WAI listens on port 10000 on all the appliance's IP addresses. To change the port and IP addresses, click the Ports and Addresses icon on the Administration Interface Settings page, and perform the following steps:

  1. To have the WAI only listen on a specified IP address, in the Listen on IPs and ports, select the Only Address option in the Bind to IP address column, and enter an IP address in the adjacent text box. The address entered must be the address of one of the appliance's interfaces.
  2. Enter a port number in the Listen on port column.
  3. Select whether to Accept IPv6 connections. Defaults to No.
  4. To specify a Web server hostname, select the second option, and enter the host name in the text box. Otherwise, use the default Work out from browser option.
  5. In the Listen for broadcasts on UDP port field, enter a port number in the text box, or select Don't Listen to disable.
  6. In the Reverse-resolve connected IP address field, specify whether to reverse-resolve the connected-to IP address when issuing redirects (for example, from non-SSL to SSL mode).
  7. Click the Save button to store the new settings. Your browser is automatically redirected to the new port and address, and you might need to log in again.

Enable SSL encryption

You can configure the WAI to only allow users to connect over a secure SSL channel. Click the SSL Encryption icon on the Administration Interface Settings page, and perform the following steps on the SSL Settings tab:

  1. Change the Enable SSL if available option to Yes.
  2. Enter or browse to the location of the server's private key file in the Private key file field (for example, /etc/webmin/miniserv.pem).
  3. If the private key file also contains the server's certificate file, select the Same file as private key option in the Certificate file field. Otherwise, select the Separate file option, and enter or browse to the location of the certificate file.
  4. Select whether to Redirect non-SSL requests to SSL mode. Defaults to No.
  5. Specify the SSL protocol Version in the text box provided, or select Detect automatically to enable the server to automatically detect and set the SSL version to use based on the client level of support.
  6. You can also configure options for Allowed SSL ciphers. The default is Detect Automatically, but you can select Only strong PCI-compliant ciphers, or Listed ciphers, to enter specific SSL ciphers (for example, ALL:!ADH:@STRENGTH includes all ciphers except NULL and anonymous DH, sorted by strength).
  7. If you require any other certificates to be considered trusted by the server, copy and paste the certificate into the Additional certificate files field. The certificate must be Base64-encoded to be submitted safely to the appliance.
  8. Click the Save button to save your changes.

View current SSL certificates

To view the current SSL certificate used by the server, click the SSL Encryption icon on the Administration Interface Settings page, and select the Current Certificate tab. This certificate is presented to users attempting to log in over a secure channel to the WAI.

You can download the server's certificate in PEM format by clicking the PEM format link. Similarly, you can download a PKCS#12 version of the certificate by clicking the PKCS12 format link.

The Per-IP Certificates tab lists additional SSL certificates that are used for connections to particular IP addresses. To specify additional SSL certificates, click Add a new IP-specific SSL key.

Create an SSL certificate

To create a new SSL key for the WAI server, click the SSL Encryption icon on the Administration Interface Settings page, and select the Create Certificate tab. By default, the appliance server host name is used, and the key is written to /etc/webmin/miniserv.pem. When you have entered your settings, Click the Create Now button.

Upload a new SSL certificate to the appliance

If you have created a key pair for SSL use outside of the WAI, you can upload the public and private keys to the appliance by clicking the SSL Encryption icon on the Administration Interface Settings page, and selecting the Upload Certificate tab.

Upload SSL certificate

Follow these steps:

  1. Copy and paste the Base64-encoded text of the unencrypted private key into the Private key text field, or click Choose File to browse to the location of a key file.
  2. If the corresponding certificate is contained in the same file as the private key file, select the Combined with private key option in the Certificate text field. In this case, you do not need to enter the certificate text in the field provided. Alternatively, if the certificate is contained in a separate file to the private key file, select the Entered below option, and enter the Base64-encoded text of the certificate into the field, or click Choose File to browse to the location of the certificate file.
  3. Click the Save button.

Related Links