Newer
Older
## What is it NOT
Working!
To be clear, this image does not work at the present time. The fundamental issue is that Webmin does not support any of the init systems for which I have found Docker implementations (S6, Runit, OpenRC, Tini, and more). Currently Webmin supports Launchd and hostconfig (both MacOS), RC (FreeBSD), SysV init, rc.my, upstart and systemd (all Linux), and Windows. Until I can find a viable cross-over between these lists this project is dead in the water.
## What is it
Virtualmin (https://www.virtualmin.com/) in a Docker (https://www.docker.com/) container. No, it probably shouldn't be done, but I did it anyway. Virtualmin is way too complex with far too many moving parts to really fit into the "containerisation" concept, however it makes managing multiple domains with web and e-mail way too simple to give up (old dogs, new tricks, perhaps?). So here it is in containerised form to fit into "the new way" without having to dedicate a whole virtual (or even physical) server to it.
This image has a highly opinionated default config with very little in the way of explanation or notes. Where I can I have split out the config files into "default" sections (usually at the top) where the settings match the defaults the package came with, and "customised" sections where I have deviated from the defaults, some also contain "disabled" sections where I have deliberately commented out the setting to have the package fill it out on first boot, these are things that cannot be known during image build (like IPs or domain names), or things that will change over time with the underlying software (package version numbers and such). I believe the default settings to be reasonably secure, but make no guarantees that I'm not a total idiot.
## Build
(sudo) docker build -f Dockerfile .
## Usage
Root's default password is 'changeme', it should force you to change it at first login.
After signing in you should run 'Re-check and refresh configuration' (should be a button on the first page you see) to ensure Virtualmin is fully set up.
## Known Bugs
- Virtualmin does not work with S6 init, need to switch init systems.
- This image (particularly the initialisation script) is not well tested on existing data/config. If you do try to import something, make sure you have a backup of it first.
- This also applies to updating to newer versions of this image. **Assume everything is un-tested and un-supported. Back up everything.**
- ClamAV-Freshclam runs on a cron job defined in the image, this means *every* instance of this image will try to update Clam at the same time unless you change the defaults.
- This image contains a copy of the ClamAV virus database in root/var/lib/clamav occupying >200MB. The daily part in particular probably shouldn't be there and could be downloaded on container init.
- The build process should not be sending the entire directory as context, just root would do.
- The initialisation script will set all notification e-mail addresses to admin@container-domain, this may not be what you want. Refer to root/etc/cont-init.d/50-virtualmin-config for a list of the files where this is set.
- The initialisation script will also change ownership of a bunch of files and directories in /config to root:root, this might make a mess of existing data and I'm not really sure this is valid any more (feels like an old hack for permissions issues that may or may not still exist or could be handled better).
- Something (I suspect docker) messes with the permissions in /etc, and that upsets quite a few things. DKIM refuses to work, because Virtualmin assumes the config lives in the default location and cannot be overridden.
- Running 'passwd' in the container will fail because /etc/shadow is actually a symlink, Webmin can manipulate the file just fine (I'm probably breaking some fundamental *nix concept here).
- A number of features are installed directly in the container when really they should be separate containers that Virtualmin can link to (e.g. MySQL, ClamAV, SpamAssassin, and so on), and which probably have perfectly good images I could direct you to.
- The Webmin certificate is generated during image build, this means all containers share the same default certificate which is bad for security.