Jeremy Davis's picture

Apologies if that was all just gobbledygook to you...

FWIW, the majority of TurnKey users use TurnKey online, so not being able to easily disable SSL without understanding the implications is a good thing IMO!

Regarding "if it doesn't work, why is it there?", a totally legitimate question. But there is a context and rationale. We don't write or maintain Webmin. We just package it and include it in our appliances for user convenience. Any TurnKey specific changes that we were to make to Webmin means a higher maintenance overhead for us (with arguably limited value).

When we put Webmin behind stunnel, that was done to harden security. Whilst it's not ideal, we decided that having a few irrelevant options within Webmin was a fair price to pay. At least the connection will always be secure, even if some SSL exploit appears (FWIW stunnel gets automated security updates directly from Debian - whereas Webmin security updates rely on us manually updating it).

Unfortunately we always need to make compromises and tough decisions on which way to go and where to target our limited resources. The incredibly broad range of users we have adds complexity to that decision making process. We have users who have never used Linux before (and like the added "usability" features such as Webmin), to high level Linux experts who never even use Webmin, just commandline (and love TurnKey because it "just works" OOTB and reduces their workload and time to production).

Thanks again for your feedback though. We'll consider whether we should write up a doc page (with a big warning at the top) on how to do that.