The reasoning of modifying the Virtualmin script is self explanatory: we expect to spawn quite a few servers (and we hopeour users will too) and to solve quite a few things at once so it made sense to go this route.
- The Tiki Manager plugin and feature: the Tiki Manager has been integrated as a feature in Virtualmin, meaning you can activate or deactivate it like all the others being mail, DNS, etc when creating or editing a virtual server. So it also works very well with the plans and templates. It sports actions directly from Virtualmin's web interface such as creation, import, cloning of Tiki instances. For command line operations you will find The Tiki Manager in /opt/tiki-manager/app/
- Extra software installed: we wanted a few packages installed right from the beginning like:
- Packages needed to install Tiki and Tiki Manager: https://doc.tiki.org/Manager, sysadmin tasks, etc: awstats, bzip2, git, htop, iotop, mc, ncdu, patch, rkhunter, screen, tar, tmux, traceroute, whois, zip, ImageMagick, sqlite, subversion
- Packages related to Text extraction / File Gallery / Unified Search: https://doc.tiki.org/Search-within-files: elasticsearch, catdoc, pstotext, tesseract, elinks
- Packages related to Media-Alchemyst: https://doc.tiki.org/Media-Alchemyst: libreoffice, ffmpeg, unoconv, ghostscript, gpac
- Packages related to Synchronization and Backups: syncthing, awscli, rsync, etckeeper
- Preconfigured settings: we reviewed all Webmin defaults and changed quite a few settings, to ensure smooth operation, security, a comfortable interface and such. Not like the original settings were bad, but we like our servers behaving in a certain way. You can change/restore any of them mostly in Webmin > Webmin Configuration, as usual
- Some well thought plans and server templates: we now have three custom plans and templates WikiSuite 1, 2 and 3 with incremental resources. You can modify them to your liking, our intention is to get you started and have a few options
- Paranoid security settings:
- we have rkhunter and auditd installed by our custom Virtualmin install script;
- brute force settings, ATM we are working to have fail2ban integrated with Tiki; we also modified the Webmin defaults to more relaxed ones, else you might experience problems with access from IPs with big networks and such;
- firewall ports: the plain FTP ports are closed, all the FTPS high ports are closed, we encourage SFTP on 2222
- firewall fixes: there is an outstanding firewall problem in Debian 10 where when using the defaults, the firewall will not start after any modification due to mishaps with iptables, Debian transitioning to nftables.
- Updates: The system default is to auto update weekly; this setting is about the security updates, everything else you should do manually. You can change this in the Virtualmin control panel.
- A style for the Authentic theme: one that suits us and hopefully our users. You can tune that to your liking, of course.