This express tutorial is for intermediate IT Admin or fullstack developper that want to setup and publish a website.
We will learn how to setup and use:

To follow this Tiki Tutorial, you need to know how use the shell, have root access and a minimum of knowledge about servers, mysql and hosting... or just try and learn ! As long as you don't work with real data you can aways terminate and re-install an instance till you get your Tiki to work. Amazon or Google Cloud offers tier free options so you fail, learn and retry as long as you want. (during the trial period of course).

If you don't want to experiment, if your time is precious. are in a hurry or don't want to play on live data without knowing what to do, you can always ask me to do it for you or search in the Tiki Consultants list and you'll have professional job done by... a Tiki Specialist. 😉

Server preparation

Install an Amazon Lightsail Instance

Log into your AWS Console (or create you account) and look for Lightsail in the search bar.
Select your instance location (the region you want the server to be set for... the closer to your targeted users the better) and pick your instance image: Linux/Unix.
Following our case, pick your instance image, for the platform select Linux/Unix, for the blueprint choose "OS Only" and select Debian10.x.
Note: They are other possible options if you select "Apps + OS" like LAMP, Ngnix or CPanel, etc. While I prefer to control exactly what is installed, you can choose one of them of course and "kind-of" follow this tutorial. Same for OS choice, this tutorial is about setting up a Debian Linux but you can select something else and adapt this tutorial instructions to get the same result in the end.

Install Tiki On Lightsail Tutorial Select Region Install Tiki On Lightsail Tutorial Select OS

Below this, if you have already an SSH key linked to this account, select to use the default key created with your instance (you will need to download it into your computer, user/.ssh folder), upload an existing key. If you don't have an SSH key linked to your account you can create a new SSH key pair and there are guides available for this.

Choose your instance plan (I suggest you start with the cheapest as you can always upgrade your plan).
Identify your instance by giving it a name. While you can add tags, I suggest you be descriptive to avoid being lost later if you create other instances (for development or test).
Your instance should be running in a minute and you should be already able to use the integrated SSH console by clicking on the terminal icon ( )

 Plugin Image
File not found.

Once the instance is running you can start managing it, click on the 3 vertical dots and select "Manage".
This part is done and, while we can connect and use the HTML was terminal, we want to use our own shell or terminal from our local computer.

 Plugin Image
File not found.

The first thing to do is to check you can connect to your server (the public instance IP) using your own terminal (putty, terminal or any of your preferred) to have shell access.
The user set for the Debian Linux is "admin". So I need to ssh to my public instance IP using the key pair (set above) with the admin user.

SSH Key pair may be complicate story if you are not oriented IT Admin.
In very short, if you select to use the default key this is what I would do (replace "LightsailDefaultKeyPair-us-east-1.pem" with your key filename).
Download the key into my computer, move the file to my ~/.ssh directory and set the correct file permissions:

Set per file permissions
Copy to clipboard
sudo chmod 600 ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem

Then I should be able to use the following to connect :

SSH using the stored default key
Copy to clipboard
ssh -i ~/.ssh/LightsailDefaultKeyPair-us-east-1.pem admin@xx.xx.xx.xx

You can find here more documentation about this :

You may have some warning about "locale" it is up to you to fix it now or later. (by default I use : en_US.UTF-8 UTF-8)

Fix locale warning
select your locales, recommended: en_US.UTF-8
Copy to clipboard
sudo dpkg-reconfigure locales
re-generate the locale on your server
Copy to clipboard
sudo locale-gen

To tight it up, enter those two shell command: LC_CTYPE=en_US.UTF-8 and LC_ALL=en_US.UTF-8
(export LC_CTYPE=en_US.UTF-8, export LC_ALL=en_US.UTF-8 in some case)

Once you passed this step we can continue with the install.

Lightsail Networking and security group

To allow access to your "secured" site and the Virtualmin control panel we need to go to the Lightsail instance control panel and select Networking.
Set security group and open port 80, 443, 22 and 10000.
I usually open 80 and 443 to all traffic (no IP restriction) and restrict access to 22 and 10000 to my IP only. (we are never too safe ! )

While we are here, another important thing you want to do, especially if you are going to work with a domain name is to create a static IP.
Just follow the onscreen instruction it is very easy.

 Plugin Image
File not found.

Be aware that you may have to reboot the instance so your security settings are properly applied.

Set and use root login

As Lightsail allow you to login using a default admin from which you can login with root, setting external access for the root user may be discutable and it will be up to you to set this or not.
However, for me to diagnose or manage my virtual domains correctly so I usually setup an SSH root access using elaborated password and fail2ban mechanism (if someone, a bot, try too many time to connect using SSH it is blacklisted from accessing my server).

Logged as the default "admin" user. (I use nano but it is the same with VI, VIM or any editor)

Switch for the Super user (root)
Copy to clipboard
sudo su
Edit ssh configuration file
Copy to clipboard
nano /etc/ssh/sshd_config

Change #PermitRootLogin prohibit-Password to PermitRootLogin yes
and PasswordAuthentication no to PasswordAuthentication yes and of course save your changes.

Restart SSHD to validate changes
Copy to clipboard
systemctl restart sshd
Set the root password
Copy to clipboard
passwd root
Reboot your instance
Copy to clipboard
sudo reboot

You will be disconnected, reconnect and check everything is working fine when you login as root.

Check your hostname

For VirtualMin/Webmin to work properly, you need to configure the hostname and FQDN on the server itself by editing the /etc/hostname file.

Copy to clipboard

By default it will display the instance internal IP (later on Virtualmin won’t like it) and it should display your hostname mostly your domain name like "mydomain" (without http or https)

You can change this and set it for your host name (

Copy to clipboard
sudo nano /etc/hostname

You need to check and add your host to the hosts file.
But if you do it directly (editing /etc/hosts) the changes will be reverted on the next reboot.
To make it permanent, you need to modify the template used to recreate on each reboot the hosts file.

Edit hosts.debian.tmpl
Copy to clipboard
sudo nano /etc/cloud/templates/hosts.debian.tmpl

After the "fqdn" and "hostname" variables add your yourdomain. It should look like this; { {fqdn}} { {hostname}} yourdomain

Reboot the server and check changes are permanent.

Copy to clipboard
cat /etc/hosts

After the last Lightsail IP address you should see your hostname without extension (TLD). It should look like this: ip-172-x-xx-xxx yourdomain

Update your Debian server

The first thing you want to do is to log onto your server and first update/upgrade it with the following commands:

Copy to clipboard
sudo apt update sudo apt upgrade

You may have to answer some questions or do some action to "continue".

Install your MySQL database (mariaDB)

It is important to install and setup MariaDB before Virtualmin.

Install mariaDB
Copy to clipboard
sudo apt install mariadb-server

Then we will secure the installation to tight our defences against the "bad guys".

Secure mariaDB
Copy to clipboard
sudo mysql_secure_installation

You should be able to answer most of the questions without too much thinking those are my answers (explanations can be found on the web)

  • Enter current password for root (enter for none) => enter
  • Set root password? [Y/n] y - As it is a first install
  • Remove anonymous users? [Y/n] y
  • Disallow root login remotely? [Y/n] y
  • Remove test database and access to it? [Y/n] y
  • Reload privilege tables now? [Y/n] y

Done, let's check MariaDB is running:

Test mariaDB status
Copy to clipboard
sudo systemctl status mariadb

Install Webmin and Virtualmin

We will download Virtualmin automated install script and run it. It is basically a shell script that will handle rest of the installation once executed.

Download Virtualmin install script
Copy to clipboard

You can do a full install but also you can do a minimal install which will spare the instance resources. For exemple where I don't need a mail server I do minimal install.

Full install of Virtualmin
Copy to clipboard
sudo sh
Minimal install of Virtualmin
Copy to clipboard
sudo sh --minimal

If you choose full install with the lowest memory option for your Lightsails instance you may see an error message about "Memory"
"[ERROR] Memory is below 1024 MB. A full installation may not be possible."

You will continue and create a swap file.
You should see now the different components being installed one by one.
This is taking some times... Just wait for the process to complete.

 Postinstall configuration returned an error.
I encountered the following error "Postinstall configuration returned an error" once, but it doesn't seems it halt the installation and the Virtualmin control panel was working just fine.

You will now have access to your control panel if the port 10000 is open else, you may need to open the port it on the server. Because by default the Virtualmin will listen to the port Virtualmin. You only have to open this port if all the incoming requests on your server are blocked by default. (check above Lightsail Networking and security group )

Lately I had to reboot one more time the server to have Virtuamin running

Use https://your_server_publicIP:10000 (you can use your a domain name if set already)
View and trust the certificate and login.
Once you are in , follow Virtualmin Post installation wizard.
It is pretty straightforward and everything is done to guide you.

For the DNS configuration parameters, it may show a mix with your hostname (the domain your registrar is pointing to) and some AWS internal address. IE : hostname.ec2.internal
Change the value for your domain and complete the process. If your domain is not already redirecting, you can check the " Skip check for resolvability" option.

The next question is... a trap ! 🤗
If you don't create a default Virtual Server, Virtualmin will load but with errors (like: missing postfix maps) so you can solve them later by creating at least one Virtual Server or create one during the installation process and restart Virtualmin (a reboot never hurt once all is set you check things are starting as they should).

Troubleshooting Virtualmin installation

Fixing Postfix virtual maps error

You may see this error: "A problem was found with your Postfix virtual maps : No map sources were found in the Postfix configuration"
Applied the postfix config script for Virtuamin

Configure postfix for Virtualmin
Copy to clipboard
virtualmin-config-system -i Postfix

DNS server error

You may see this error: "Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server"
This is some false check that Virtualmin team is aware of. They planned to remove and fix the issue for Virtualmin 6.17+.
In the meantime, go to System Settings ⇾ Virtualmin Configuration / Advanced options page to set Check resolv.conf for this system to No.

Additional stuff

Install Let's encrypt certificate

You need first to use your domain name set it at the registrar properly. As long as you use your server IP you can't create the certificate and should skip.
Under Virtualmin => Server Configuration => SSL Certificate click on the "Let's Encrypt" tab and request certificate.
Install automatically for all domain or use set manually the domain for whom you want to create a certificate (Virtualmin may add domains you did set yet at this stage)

Install several versions of PHP

Allow "PHP script execution mode" under Virtualmin => Server Configuration => PHP Options
Debian 10 come by default with a PHP that may not fit your needs.

I enabled the repository and update the package list:

Copy to clipboard
sudo apt install apt-transport-https lsb-release ca-certificates sudo wget -O /etc/apt/trusted.gpg.d/php.gpg sudo echo "deb $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list apt update apt upgrade

This will also install the last version of PHP (php8.0).
From here you can install any PHP package (change version number for what you need) and it will be accessible for your PHP version configuration in Virtualmin

Copy to clipboard
sudo apt-get install php7.4 php7.4-cgi php7.4-cli php7.4-fpm php7.4-mysql php7.4-xml php7.4-gd php7.4-intl php7.4-xsl php7.4-curl php7.4-zip php7.4-mbstring php7.4-bcmath

Once I completed the installation of the second PHP I recheck the Virtualmin configuration it by logging into Virtualmin, and clicking System Settings -> Re-Check Config

You can configure which one is the default PHP version used on new Virtual Servers. The default is to use the newest available. You can change that default in System Settings -> Server Templates -> Default -> PHP Options. To set your host or domain PHP version go to Virtualmin -> Server configuration -> PHP version and on that screen you can set the PHP version to useversion.

Quota settings

By default your Virtual Server will be limited to the default plan.
While this is enough if you install a Tiki package, you may need more memory to run composer.
Adjust the quota at Edit Virtual Server => Quotas and limits.

Installing git

Install and check git is running

Copy to clipboard
sudo apt install git git --version

Installing Tiki

Navigate into your html directory. If you don’t know where it is located on your new server on Virtualmin check the Virtual Server Summary.
There is at a complete installation guide
But in short, I use the git clone command to download Tiki. In my case I needed Tiki branch (version) 23.x without previous history (depth=1)

Download Tiki from the git repo
Copy to clipboard
git clone --depth=1 --branch=23.x .

Then I have to run tiki setup to install Composer files and fix the files and directories permissions.
I want to run PHP7.4 (I have several PHP version installed) so I add the path.

Tiki setup to run php7.4
Copy to clipboard
sh -p /usr/bin/php7.4

From here follow the regular Tiki install process ( (see additional notes below), database creation) and you have a Tiki ready to be installed !

Tiki Installed