The reasoning of modifying the Virtualmin script is self explanatory: we expect to spawn quite a few servers (and we hope our users will too) and to solve quite a few things at once so it made sense to go this route.
- The Tiki Manager plugin and feature: the Tiki Manager has been integrated as a feature in Virtualmin, meaning you can activate or deactivate it like all the others being mail, DNS, etc when creating or editing a virtual server. So it also works very well with the plans and templates. It sports actions directly from Virtualmin's web interface such as creation, import, cloning of Tiki instances. For command line operations you will find The Tiki Manager in /opt/tiki-manager/app/
- Extra software installed: we wanted a few packages installed right from the beginning like:
- Packages needed to install Tiki and Tiki Manager: https://doc.tiki.org/Manager, sysadmin tasks, etc: awstats, bzip2, git, htop, iotop, mc, ncdu, patch, rkhunter, screen, tar, tmux, traceroute, whois, zip, ImageMagick, sqlite, subversion
- Packages related to Text extraction / File Gallery / Unified Search: https://doc.tiki.org/Search-within-files: elasticsearch, catdoc, pstotext, tesseract, elinks
- Packages related to Media-Alchemyst: https://doc.tiki.org/Media-Alchemyst: libreoffice, ffmpeg, unoconv, ghostscript, gpac
- Packages related to Synchronization and Backups: syncthing, awscli, rsync, etckeeper
- Preconfigured settings: we reviewed all Webmin defaults and changed quite a few settings, to ensure smooth operation, security, a comfortable interface and such. Not like the original settings were bad, but we like our servers behaving in a certain way. You can change/restore any of them mostly in Webmin > Webmin Configuration, as usual. We also tuned the php and database related settings.
- Some well thought plans and server templates: we now have three custom plans and templates WikiSuite 1, 2 and 3 with incremental resources. You can modify them to your liking, our intention is to get you started and have a few options. One important note, due to the intended scope of these modifications: the DNS and the email features are disabled by default, so if you need those you should just enable them.
- Paranoid security settings:
- we have rkhunter and auditd installed by our custom Virtualmin install script;
- brute force settings, ATM we are working to have fail2ban integrated with Tiki; we also modified the Webmin defaults to more relaxed ones, else you might experience problems with access from IPs with big networks and such;
- firewall ports: the plain FTP ports are closed, all the FTPS high ports are closed, we encourage SFTP on 2222
- firewall fixes: there is an outstanding firewall problem in Debian 10 where when using the defaults, the firewall will not start after any intervention from the Webmin interface due to mishaps with iptables, Debian transitioning to nftables. If you are using our script you should be fine.
- Updates: The system default is to auto update weekly; this setting is about the security updates, everything else you should do manually. You can change this in the Virtualmin control panel.
- A style for the Authentic theme: one that suits us and hopefully our users. You can tune that to your liking, of course.