Re: Instaling LAMP on CentOS 7.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, August 14, 2014 11:26, John Plemons wrote:
> If you are looking for another method for mySQL management, then
> webmin.com works too. Download the RPM package, ver. 1.700, it will
> allow you to do a great number of tasks remotely via the web.
>

I would advise that if you choose to use Webmin (and I do) then you should
consider having it listen only on one IP address where more than one virtual
IP is available.  Further, the IP address and port (default is 10000) used by
Webmin should be blocked by firewall settings to prevent direct access from
the Internet.  Instead you should use some form of tunnelling to establish a
secure link to your LAN or to the host system itself. Even then you should
only permit connections from known addresses from within your LAN.

You should also enable and require TLS (https) connections for Webmin as
otherwise privileged user credentials are exposed.  There are configuration
choices available in Webmin to do this but these present a chicken and egg
problem as the default setup uses plain http.  If this is an issue then you
can get around this by manually changing the following configuration settings
in /etc/webmin/miniserv.conf using an editor over an ssh connection after
installing but before using Webmin:

ssl=1
ssl_redirect=1
certfile=/etc/webmin/miniserv.pem  # default set up with webmin install
keyfile=/etc/webmin/miniserv.pem  # default set up with webmin install

Or you can use a one-time set of credentials and change them immediately after
setting Webmin to use https.

Regardless of how you set up Webmin's https access you also require this Perl
module to get Webmin over https to work:

yum install perl-Net-SSLeay


For remote access the simplest tunnel I have discovered employs ssh and
Firefox proxied to use SOCKSV on localhost port 2001 (127.0.0.1:2001).

Something like:

ssh -p 22 \
    -o ServerAliveInterval=30 \
    -o ServerAliveCountMax=10 \
  user-id@xxxxxxxxxxxxxxxxxxxxxxxx \
    -D 2001;

As a refinement I set up a specially configured sshd service that also listens
on ports 80 and 443. This permits me to change the ssh port from 22 to 80 or
443 whenever a network provider decides that ssh is not part of their service
(Hello Westin. . .)

If you are using PuTTY as the ssh client then you can do the same thing in the
/Connection/SSH configuration by adding 2001 as a source port and selecting
Dynamic as the destination type. You specify the ssh connection port in the
Basic Options for the Session set up.

HTH

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux