Alex Waibel's picture

I am currently trying to set up the Turnkey Fileserver as an LXC on my Proxmox host on my local network. Turnkey and some of my other services prefer SSL but I don't want to expose them to the internet so I configured Caddy to assign certs using a DNS challenge with the Cloudflare plugin (my DNS provider). I serve multiple services from this one Proxmox host so this configuration allows me to assign arbitrary subdomains with SSL support like:



My Caddyfile looks like so:

	acme_dns cloudflare {$CF_API_TOKEN}

fileserver.home.example.tld {

fileserver.home.example.tld:12321 {

fileserver.home.example.tld:10000 {


This works fine and the Turnkey Fileserver home page loads fine at the fileserver.home.example.tld domain with and without https, but when I try to open the Webmin portal I get a 502.


I also tried disabling the stunnel4@webmin service entirely and modifying the miniserv config as described here to disable SSL on webmin (not preferable but tried it for the sake of narrowing down the issue) but even without SSL I cannot connect to and get a connection reset response (no status code). From journalctl it looks like webmin is just restarting repeatedly.


To disable webmin SSL I used the following

Disable stunnel for webmin:

systemctl disable stunnel4@webmin
systemctl stop stunnel4@webmin



with the following:


Edit the webmin service to remove stunnel

systemctl edit webmin

Then finally restart the webmin service

systemctl restart webmin


The linked post mentions that v16 changed the config significantly. Is there any steps I missed here when disabling SSL for testing? Is there another approach which allows me to keep SSL without any port forwarding? I am using the debian-10-turnkey-fileserver_16.0.1_amd64.tar.gz template from the repos included with Proxmox.


Edit: The above does appear to work, provided I use the domain name to connect to webmin rather than the ip address. Or I should say it did work, because I went back to try to change a config setting and even after reverting it, the webmin process is still stuck in the previous state of constantly restarting

This just loops

root@fileserver ~# journalctl -f
Apr 03 03:25:06 fileserver webmin[773]: Webmin starting
Apr 03 03:25:06 fileserver systemd[1]: webmin.service: Succeeded.
Apr 03 03:25:07 fileserver systemd[1]: webmin.service: Service RestartSec=1s expired, scheduling restart.
Apr 03 03:25:07 fileserver systemd[1]: webmin.service: Scheduled restart job, restart counter is at 60.
Apr 03 03:25:07 fileserver systemd[1]: Stopped Webmin Web based Admin UI.
Apr 03 03:25:07 fileserver systemd[1]: Starting Webmin Web based Admin UI...
Apr 03 03:25:07 fileserver systemd[1]: Started Webmin Web based Admin UI.
Apr 03 03:25:07 fileserver perl[775]: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root


Edit 2: OK so I got webmin to come up consistently with the following

root@fileserver ~# /etc/webmin/start

Why does this work but not using the systemd service directly? How can I make the systemd service work so that this survives reboots?

Jeremy Davis's picture

The default systemd service file which the initial Webmin package included wasn't ideal - please see the relevant bug for background and details). The TL;DR version is that under LXC the service was a bit buggy and was constantly dying and restarting. But we've fixed it in the more recent packages.

You could manually implement the changes required as per discussion on the bug. Although I recommend that you upgrade the packages as per discussed in a blog post (it's quite old, but the important parts have been updated).

Add new comment