Are users able to create subdomains, and can users own multiple domains and manage them from the same interface?
Yes. When creating a new domain, you may choose for the domain to be owned by any existing domain user. If an existing user is selected, they will then see the new domain alongside their original domain when logged in as that domain owner. There is no limit (outside of the domain limits imposed by your licensing terms) to the number of domains that may be owned by a user.
Virtualmin also supports reseller accounts, which have a “root-like” Virtualmin interface and they can manage all of the domains that they create using the Virtualmin module. This type of user is special in that they can see all of the domains they create, and they can create domains that are owned by the domain owner accounts they have already created. It is very flexible and powerful. It integrates cleanly with the Webmin ACL system, so if you have particularly complicated requirements you may find that Virtualmin is the only tool of its kind that allows you the flexibility you need.
Yes. Virtualmin provides both a local command-line based API and a remote HTTP request based API. Both Virtualmin Professional and Virtualmin GPL offer create, list, update, delete functionality for virtual servers and users, while Virtualmin Professional includes access to every function within the UI via both APIs.
It is also worth noting that Virtualmin inherits the extensive RPC capabilities of Webmin, so someone with experience programming Webmin modules and using the RPC interface could create a master-slave system to drive any number of Virtualmin servers from a single machine (for example, your billing and accounting server).
As more third parties begin writing applications for Virtualmin, we expect all of the APIs to mature further.
Certainly. When creating a virtual server, simply check the box labeled “Setup SSL website too?” in the “Enabled Features” section of the form, and in the “IP address and forwarding” section provide a new IP address for this virtual server to reside on.
A virtual server with SSL requires a dedicated IP address, as the HTTPS protocol does not support name-based hosts and serves the certificate and negotiates the encryption before the hostname is known, based entirely on the IP address being connected on.
While BIND must run on the Virtualmin server, it does not have to be publically accessible and you can use the Webmin:Servers:BIND DNS Server:Cluster Slave Servers feature to sync up any number of slave servers to your master Virtualmin server automatically. You can then firewall your Virtualmin servers name server port from all clients except the slaves, and your Virtualmin name server will be lightweight (because it doesn’t work very hard) and extremely secure (because no one can talk to it except your slave name servers).
Yes for some services, no for others.
It is possible to use LDAP for mail user configuration, though this is not a comprehensive solution. Many of the features of Virtualmin can be re-implemented manually on the mail server, using Webmin and Usermin, but per-domain spam/AV configuration is not possible in this setup. The other option is to use Virtualmins ability to run commands before or after creation/update/delete of user accounts. One could write a custom command that makes use of ssh to perform actions on a remote mail server. Finally, a combination of Webmin user synchronization and a shared Postfix configuration directory would allow for configuration to occur on both servers. In this last case, a wrapper script would have to be written to allow Postfix to be stopped/started/restarted on the remote machine. Distributed mail support is high on our todo list, and should be available in the near future. So, if you don’t need this capability urgently, waiting until it is fully supported by Virtualmin is strongly recommended.
Virtualmin does provide excellent support for automatic secondary mail server configuration, which sets up and manages a secondary mail relay that can step in and hold mail in the event the primary is unavailable. This is often the best method of provided redundancy for mail services, though it does not provide mail retrieval or MTA services for your users while the primary MTA is unavailable.
Database servers can be run on other hosts, and Virtualmin supports this fully. To make use of this feature, use the relevant Webmin module (MySQL and/or PostgreSQL) Module Config to configure it to connect to a remote database instead of a local one. All functions, except starting and stopping, are supported on remote database servers.
Web service must currently be on the Virtualmin server, and this is unlikely to change in the very near future. Replication of web content for use on a “hot spare” is relatively trivial using the remote virtual server backup feature, though restoring the backup periodically would need to be implemented using the command line API on the receiving server.
Spam and AV scanning, as we currently configure it, must run on the local host. It would be possible to set them up on a remote server and configure Postfix to use outside filters or configure procmail to process using a scanner that is capable of remote filters. This is also not ideal at this time, and running spam/AV on the same host as mail is strongly recommended.
In short, DNS and both databases are very easy to setup on other hosts and well-supported by Virtualmin and Webmin, while everything else is either unsupported, incomplete, or not easy to setup. As the popularity of Virtualmin in larger hosting providers has increased, the demand for these kinds of features has increased remarkably, and we’ve begun focusing on this aspect of the system. Almost all major new features for the foreseeable future will be related to addressing scalability issues.
Central management of many Virtualmin servers is available in our VM2 (Virtualmin Machine Manager) product, which also provides management of virtualized systems.
- Choose the domain name of your server from the pull-down menu
- Click “Edit Mail Aliases”
- Click “Add an alias to this domain”
- Set “Name” to “All mailboxes”
- Fill in the delivery settings as usual (a local mailbox, usually).
- Click “Bounce mail?” if you want to use this catch-all email account to bounce inbound emails with invalid email addresses.
To “turn off” the automatic email bouncing, simply delete this catch-all email alias.