How to Install and Secure Virtualmin on Ubuntu 22.04
Virtualmin is an open-source control panel designed for Linux and UNIX servers. It enables administrators to manage domains, email accounts, databases, DNS, and applications from a single interface. Supporting different web servers, databases, and mail systems, Virtualmin also offers monitoring and alerting tools to track server resources and website performance.
This guide demonstrates how to install Virtualmin on Ubuntu 22.04, configure a virtual host web application, and secure it using Let’s Encrypt SSL certificates.
Prerequisites
- An Ubuntu 22.04 server.
- A configured A record for your domain that points to your server’s IP, e.g., virtualmin.example.com.
- SSH access as a non-root user with
sudoprivileges. - A fully updated server.
- A 2FA application such as Google Authenticator installed on your device.
Install Virtualmin
Since Virtualmin is not available in the default repositories of Ubuntu 22.04, you need to download and run the official installation script. Follow these steps:
Set the Server Hostname
Replace the example domain with your own:
$ sudo hostnamectl set-hostname virtualmin.example.com
Run the Virtualmin Installation Script
The following command installs the open-source (GPL) edition of Virtualmin with a LAMP stack:
$ sudo sh -c "$(curl -fsSL https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh)" -- --bundle LAMP
Confirm the installation by entering Y. The setup may take 5–10 minutes to complete. When finished, you will see:
[SUCCESS] Installation Complete!
[SUCCESS] If there were no errors above, Virtualmin should be ready.
[SUCCESS] Access it at https://virtualmin.example.com:10000 (or https://192.0.2.1:10000).
Secure Virtualmin with Let’s Encrypt
Follow these steps to configure Let’s Encrypt SSL certificates and secure the Virtualmin interface.
Stop Apache Service
$ sudo systemctl stop apache2
Install Certbot
Install the Let’s Encrypt client to manage SSL certificates:
$ sudo apt install certbot
Request a New SSL Certificate
Replace the domain and email with your actual values:
$ sudo certbot certonly --standalone -d virtualmin.example.com -m virtualmin@example.com --agree-tos
If a certificate already exists, Certbot may prompt:
- Keep the existing certificate
- Renew and replace the certificate
Choose 1 to retain the current certificate. If no prompt appears, Certbot will issue a new certificate. Follow the on-screen instructions until you see a confirmation message.
Create a Certificate Bundle
Combine the certificate and private key, then configure Webmin to use it:
$ sudo cat /etc/letsencrypt/live/virtualmin.example.com/fullchain.pem /etc/letsencrypt/live/virtualmin.example.com/privkey.pem | sudo tee /etc/webmin/ssl.pem
Edit miniserv.conf
sudo nano /etc/webmin/miniserv.conf
Update the following line:
keyfile=/etc/webmin/ssl.pem
Restart Webmin
$ sudo systemctl restart webmin
Check Webmin Service
$ sudo systemctl status webmin
You should see an output similar to:
● webmin.service - Webmin server daemon
Loaded: loaded (/lib/systemd/system/webmin.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-04-29 08:53:57 UTC; 5s ago
Main PID: 58333 (miniserv.pl)
Tasks: 1 (limit: 9385)
Memory: 88.0M
CGroup: /system.slice/webmin.service
└─58333 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
Restart Apache
$ sudo systemctl start apache2
Check Apache Service
$ sudo systemctl status apache2
The output should look like this:
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-04-29 08:56:30 UTC; 4s ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 58415 (apache2)
Tasks: 106 (limit: 9385)
Memory: 11.2M
CGroup: /system.slice/apache2.service
├─58415 /usr/sbin/apache2 -k start
├─58416 /usr/sbin/apache2 -k start
├─58417 /usr/sbin/apache2 -k start
└─58418 /usr/sbin/apache2 -k start
Set Up Firewall Rules
Virtualmin relies on the firewalld utility to manage firewall settings. Follow the steps below to allow the required ports and services for Virtualmin.
Check firewalld Service
Verify that the firewall service is running:
$ sudo systemctl status firewalld
Expected output:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2025-04-06 05:53:56 UTC; 1h 20min ago
Docs: man:firewalld(1)
Main PID: 46542 (firewalld)
Tasks: 2 (limit: 9415)
Memory: 25.8M
CGroup: /system.slice/firewalld.service
└─46542 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
List Allowed Ports
$ sudo firewall-cmd --zone=public --list-ports
Sample output:
20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 49152-65535/tcp
List Allowed Services
$ sudo firewall-cmd --zone=public --list-services
Sample output:
dhcpv6-client dns dns-over-tls ftp http https imap imaps mdns pop3 pop3s smtp smtp-submission smtps ssh
Access Virtualmin
Virtualmin operates on TCP port 10000 by default. Follow these steps to access the interface and create a new virtual server:
- Open your browser and go to: https://virtualmin.example.com:10000
- Log in using your
sudouser credentials. - Click Next in the Post-Installation Wizard to complete initial configuration.
- Click Dashboard in the left menu to access the system performance overview.
Enable 2-Factor Authentication
To strengthen security, enable 2FA in Virtualmin with Google Authenticator:
- In the left navigation bar, scroll down and click your username.
- Expand the Security and limits options section.
- Click Enable Two-Factor For User.
- Click Enroll For Two-Factor Authentication.
- Scan the QR code with your authenticator app.
- Log out from Virtualmin via the left menu.
- Log back in using your non-root user credentials.
- Enter the token generated by your app to verify login.
Configuring Virtualmin with the Web Interface
When logging back in, Virtualmin will request a 2FA token. Enter the code from your authenticator app and click Verify to access the web administration interface.
Conclusion
In this tutorial, you installed Virtualmin, set up a website with HTTPS using Let’s Encrypt, and enabled two-factor authentication. You also configured firewall rules and restricted unnecessary ports. For more information, refer to the official Virtualmin documentation.
