HAProxy reverse for Virtualmin Admin

Question

Wondering if anyone else has done this..

I have two virtualmin servers, web-1 and web-2. I have configured HAProxy on our PFSense firewall to correctly intercept web-(1|2).domain.com and redirect to the correct internal IP on port 10000.

web-1.domain.com -> 10.10.10.10:10000
web-2.domain com -> 10.10.10.20:10000

FrontEnd has an SSL redirect and SSL offloading, and the backends are enabled for SSL - this all works fine, and I reach the login page using web-1.domain.com

The problem I have is upon logging in to virtualmin - the login script redirects to

https://web-1.domain.com:10000/?virtualmin

which is blocked by the firewall (I'd rather not have these common ports exposed, hence using HAProxy instead of NAT).

If I re-enter web-1.domain.com into the address bar, it redirects to

https://web-1.domain.com/?virtualmin

and I can then access the backend correctly.

Is there a method of removing this rewrite rule from virtualmin/webmin to skip this manual step?

Thanks!

I'm not really sure where to go with this one. I tried knocking off SSL in virtualmin and using standard HTTP forwarding from HAProxy, but had the same issue, just without SSL this time. I know most rewrite rules exist within the webserver configration, but am almost sure this is going to be hard coded into a script somewhere. Wasn't sure if there was a method of doing this from within Webmin — AlienPie, Aug 03 '16 at 12:36
Well, I'd suggest using Google to at least try and fix it, and then come back here if you run into trouble. We're happy to help, but we're not going to do your work for you. — GregL, Aug 03 '16 at 13:10
Thanks. I have actually spent a good deal of time researching this but have turned up nothing, one of the reasons I asked. Usually I completely avoid posting to forums for exactly this reason. Cheers for the help. — AlienPie, Aug 03 '16 at 16:42
Webmin was the keyword I needed. Found several posts relating to nginx rewrites, finally found a solution which, did indeed, require modifying the webmin.pl and usermin.pl files. Have a feeling this change won't hold with updates, so will continue to look for a better solution. — AlienPie, Aug 03 '16 at 17:15

score 0 · Answer 1 · edited Mar 03 '20 at 14:58

0

/etc/webmin/config

relative_redir=1
webprefix=
webprefixnoredir=1

Webmin behind HAProxy

edited Mar 03 '20 at 14:58

kenlukas

3,101
2
16
26

answered Mar 03 '20 at 11:26

iwik

11
2

score 0 · Answer 2 · answered Feb 21 '22 at 07:29

0

Inside of your backend

http-response replace-value Location ^https://webmin.mydomain.com:10000/$ https://webmin.mydomain.com/

answered Feb 21 '22 at 07:29

Mark Gilbert

1
2

score 0 · Answer 3 · answered Aug 03 '16 at 17:18

0

I was able to solve this after some further looking around.

My solution involved editing the actual miniserv.pl files found at /usr/share/webmin and /usr/share/usermin.

For webmin, change line 4049 from:

&write_data("Location: $prot://$hostport$in{'page'}\r\n");

to

&write_data("Location: $prot://$host$in{'page'}\r\n");

For usermin, it's line 4043.

Pretty sure this won't withstand an update though, but does the trick for now.

answered Aug 03 '16 at 17:18

AlienPie

48
5

If Webmin is performing a redirect, you should be able to rewrite that in HAProxy using `rsprep` or `rspirep`. – GregL Aug 03 '16 at 17:34

HAProxy reverse for Virtualmin Admin

3 Answers3