Webmin behind haproxy

After recent security updates, my webmin (now 1.903) served trough haproxy stopped working. Login page was not loading correctly…

Using opera developer tools I have debugged that index page is returned correctly, but then css and java scripts request are requested but not returned correctly. No content was returned – request was endless. It seems there is some problem with gzip encoding between miniserv and haproxy?
Solution is disable gzip in webmin/miniserv.conf.

/etc/webmin/miniserv.conf:

gzip=0

Other issue with webmin is login redirect problem. This can be fixed with this haproxy backend config:

haproxy.cfg

backend webmin
mode http
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
#fix stupid login redirect port problem
http-response replace-value Location (.*):.* \1
server webmin 127.0.0.1:10000 ssl verify none

frontend https
        bind *:443 ssl crt /etc/haproxy/ssl/cloud.zazezi.net.pem crt /etc/haproxy/ssl/ alpn h2,http/1.1
        use_backend apache if { hdr_dom(Host) -i mail.zazezi.net mail.zazezi.sk mail.iwik.org }
        use_backend zabbix if { hdr_dom(Host) -i zabbix.iwik.org }
        use_backend cloud if { hdr_dom(Host) -i owncloud.iwik.org nextcloud.iwik.org cloud.iwik.org }
        use_backend webmin if { hdr_dom(Host) -i webadmin.zazezi.net webadmin.zazezi.sk }
        use_backend avenger if { hdr_dom(Host) -i iwik.org avenger.iwik.org www.iwik.org iwik.sk www.iwik.sk }
        http-response set-header X-SSL-Proxy haproxy
        default_backend apache

Webmin config shoud contain
/etc/webmin/config

relative_redir=1
webprefix=
webprefixnoredir=1

Leave a Reply

Your email address will not be published. Required fields are marked *