webmin: Wrong redirects behind nginx reverse proxy

Hi, I have Webmin setup behind an nginx reverseproxy. I’m having redirection problems in many modules.

System: Debian 9 Webmin: 1.870 Authentic Theme: 19.04

This is my nginx config:

    location /webmin/ {
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
        proxy_redirect http://$host:10000/ https://$host/webmin/;
        proxy_pass http://127.0.0.1:10000/;
    }

In /etc/webmin/config I have set:

webprefix=/webmin
webprefixnoredir=1
referer=www.example.com

An example where I’m having this issues is the Linux IPTables Firewall module. When I edit a rule and hit the “Save” button https://www.example.com/webmin/firewall/save_rule.cgi is called. This gives me a HTTP 302 redirect with this location header: /webmin:10000/firewall/index.cgi?version=inet4&table=0 which leads to HTTP 404 at this very location.

I’m also seeing this wrong redirects in, for example, “Scheduled Cron Jobs” or “BIND DNS Server” modules as well.

Hope you can help. Phil

About this issue

Original URL
State: closed
Created 7 years ago
Comments: 41

Commits related to this issue

Fix leaking port into proxy redirects https://github.com/webmin/webmin/issues/744 — committed to webmin/authentic-theme by deleted user 6 years ago
Fix to mention SELinux when setting up reverse proxy https://github.com/webmin/webmin/issues/744#issuecomment-1898381859 — committed to webmin/webmin.com by iliajie 5 months ago

Most upvoted comments

Unfortunately there is not much information on how to proxy webmin properly with nginx.

This is my config on centos 7, it works with any theme without errors.

In /etc/webmin/config make sure relative_redir=0 or it will give you the problems @PhilPhonic and @mobamoba mentioned before.

referer=www.examle.com
webprefix=/webmin
webprefixnoredir=1
relative_redir=0

In /etc/miniserv.conf

trust_real_ip=1
ssl=0
cookiepath=/webmin

(trust_real_ip=1 is to show the correct ip in recent logins) If nginx is on the same host as webmin you can make it listen only on loopback with this in miniserv.conf:

bind=127.0.0.1

Your location block should look like this, nothing more. With proxy_set_header Host $host; you’ll get the login redirect problem!

location /webmin/ { 
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://localhost:10000/;
}

Make sure you don’t have something like this in your server block or the pages will be missing style.

location ~* \.(js|css|ico|png|jpg|jpeg|gif)$ {
	expires max;
	add_header Cache-Control public;
	log_not_found off;
}

Clear you browser cache, restart nginx and webmin. Hope it helps.

+31

darioj on May 3, 2018

Unfortunately there is not much information on how to proxy webmin properly with nginx.

This is my config on centos 7, it works with any theme without errors.

In /etc/webmin/config make sure relative_redir=0 or it will give you the problems @PhilPhonic and @mobamoba mentioned before.
referer=www.examle.com
webprefix=/webmin
webprefixnoredir=1
relative_redir=0
In /etc/miniserv.conf
trust_real_ip=1
ssl=0
cookiepath=/webmin
(trust_real_ip=1 is to show the correct ip in recent logins) If nginx is on the same host as webmin you can make it listen only on loopback with this in miniserv.conf:
bind=127.0.0.1
Your location block should look like this, nothing more. With proxy_set_header Host $host; you’ll get the login redirect problem!
location /webmin/ { 
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://localhost:10000/;
} 
Make sure you don’t have something like this in your server block or the pages will be missing style.
location ~* \.(js|css|ico|png|jpg|jpeg|gif)$ {
	expires max;
	add_header Cache-Control public;
	log_not_found off;
}
Clear you browser cache, restart nginx and webmin. Hope it helps.

thank you so much for this. I tried all of the various guides out there, but this is the only one that worked. This needs to be followed exactly as it is written or it won’t work.

Hisma on Apr 29, 2020

I use Centos with Selinux and it was a main problem.

Thanks for sharing this! It will be useful for some users. We will mention it in the FAQ.

iliajie on Jan 18, 2024