Step-by-Step Guide: Installing the Latest Virtualmin on Debian 13 with LAMP/LEMP, Customizing MOTD with ASCII Banner, and Server Hardening

Leave a comment

Welcome to this comprehensive tutorial! If you’re setting up a web hosting environment on a fresh Debian 13 (Trixie) server, Virtualmin is an excellent open-source control panel that simplifies domain management, email, databases, and more. In this post, we’ll walk through installing the latest Virtualmin version, configuring it with either LAMP (Apache, MySQL/MariaDB, PHP) or LEMP (Nginx, MySQL/MariaDB, PHP) stacks, adding a fun big ASCII banner to your MOTD (Message of the Day) for login greetings, and finally, hardening your server for better security.

This guide assumes you have a clean Debian 13 installation with root access via SSH. Always back up your system before making changes. Let’s dive in!

Prerequisites

  • A VPS or dedicated server running Debian 13 (minimal install recommended).
  • Root or sudo access.
  • A domain name pointed to your server’s IP (for testing Virtualmin).
  • At least 2GB RAM and 20GB disk space for smooth operation.
  • Update your system first: Run sudo apt update && sudo apt upgrade -y to ensure everything is current.

Step 1: Installing Virtualmin

Virtualmin provides an automated install script that handles most of the heavy lifting. It supports both Apache (LAMP) and Nginx (LEMP) webservers. By default, it installs with Apache, but you can switch to Nginx during or after installation.

Downloading and Running the Install Script

  1. Log in as root or use sudo.
  2. Download the latest install script from the official Virtualmin repository:
    wget https://software.virtualmin.com/gpl/scripts/install.sh
    This script is always updated to the latest version.
  3. Make the script executable:
    chmod +x install.sh
  4. Run the installer:
    sudo ./install.sh
    • The script will detect Debian 13 and install dependencies.
    • It installs LAMP by default: Apache2, MariaDB (MySQL-compatible), PHP 8.x, and other tools like Postfix for email.
    • For LEMP (Nginx instead of Apache), add the –bundle LEMP flag:
      sudo ./install.sh --bundle LEMP
    • The installation may take 10-30 minutes. It will configure firewalls, set up Webmin (the underlying admin tool), and create a default virtual server.
  5. Post-installation: Access Virtualmin via your browser at
    https://your-server-ip:10000.
    Log in with your root credentials. Accept the self-signed SSL certificate (you can replace it later).

Verifying the Installation

  • Check services:
    systemctl status apache2 (or nginx for LEMP), mariadb, postfix.
  • Create a test virtual server in Virtualmin dashboard: Go to “Create Virtual Server” and set up a domain.

If you encounter issues (e.g., dependency conflicts on Debian 13), refer to Virtualmin’s forums or add repositories manually via apt.

Step 2: Customizing MOTD with a Big ASCII Banner

The MOTD appears when users SSH into your server. Let’s make it eye-catching by adding a large ASCII art banner using figlet.

  1. Install figlet:
    sudo apt install figlet -y
  2. Generate your ASCII banner.
    For example, to create a “Welcome to My Server” banner:
    figlet "Welcome to"
    This outputs something like:
  3. Edit the MOTD file to include the banner. Debian uses dynamic MOTD via /etc/update-motd.d/, but for simplicity, we’ll append to /etc/motd:
    sudo figlet "Welcome to My Server" > /etc/motd sudo echo "Debian 13 Server - Powered by Virtualmin" >> /etc/motd
    • For more dynamic control, create a script in /etc/update-motd.d/10-banner:textsudo nano /etc/update-motd.d/10-bannerAdd:
      #!/bin/sh figlet "Welcome!" echo "System Info: $(uname -a)"
      Then make it executable:
      sudo chmod +x /etc/update-motd.d/10-banner.
  4. Test it: Log out and SSH back in. You should see the big ASCII banner!

Customize the text or font (e.g., figlet -f slant “Hello”) to fit your style.

Step 3: Hardening Your Server

Security is crucial for any server, especially one running Virtualmin. Here are essential hardening steps to protect against common threats.

1. Configure Firewall

Use UFW (Uncomplicated Firewall) for simplicity.

  • Install if needed:
    sudo apt install ufw -y.
  • Allow essential ports:
    sudo ufw allow OpenSSH # For SSH
    sudo ufw allow 80/tcp # HTTP
    sudo ufw allow 443/tcp # HTTPS
    sudo ufw allow 10000/tcp # Virtualmin/Webmin
  • Enable:
    sudo ufw enable.
  • Status:
    sudo ufw status.

Virtualmin’s installer often sets up basic firewall rules, but verify them.

2. Secure SSH

  • Edit /etc/ssh/sshd_config:
    sudo nano /etc/ssh/sshd_config
    • Set PermitRootLogin no (use sudo instead).
    • Set PasswordAuthentication no (use key-based auth).
    • Add AllowUsers yourusername to restrict users.
  • Generate SSH keys if not done: ssh-keygen on your local machine, then ssh-copy-id user@server-ip.
  • Restart SSH:
    sudo systemctl restart sshd.

3. Install Fail2Ban

This bans IPs after failed login attempts.

  • Install:
    sudo apt install fail2ban -y.
  • Configure jails: Edit /etc/fail2ban/jail.local to enable SSH, Apache/Nginx, etc.
  • Restart:
    sudo systemctl restart fail2ban.

4. Update and Automate Security

  • Enable automatic updates:
    Install unattended-upgrades and configure /etc/apt/apt.conf.d/50unattended-upgrades.
  • Scan for malware:
    Install ClamAV (sudo apt install clamav -y) and run freshclam; clamscan -r /.
  • Disable unnecessary services:
    sudo systemctl disable --now service-name (e.g., if not using FTP).

5. Virtualmin-Specific Hardening

  • In Virtualmin dashboard: Enable two-factor auth under Webmin > Webmin Users.
  • Set strong passwords for all accounts.
  • Use Let’s Encrypt for SSL: Virtualmin has built-in support—go to Virtual Server > Enabled Features > SSL Website.
  • Regularly check logs: /var/log/auth.log, /var/log/apache2/error.log (or Nginx equivalent).

6. Additional Best Practices

  • Use AppArmor or SELinux for process isolation (AppArmor is default on Debian).
  • Monitor with tools like htop or netdata (sudo apt install netdata -y).
  • Backup regularly: Virtualmin has a backup module—schedule it.

By following these steps, your server should be robust against basic attacks. For advanced threats, consider professional audits.

Conclusion

You’ve now set up a powerful Virtualmin-hosted server on Debian 13 with your choice of LAMP or LEMP, a customized ASCII MOTD banner, and solid security hardening. This setup is ideal for hosting multiple websites efficiently. If you run into issues, check Virtualmin’s documentation or community forums.

Feel free to comment below with questions or share your tweaks! Happy hosting! 🚀

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.