Can I change the port inside the Webmin web interface instead of editing the file directly?

Yes. Go to Webmin → Webmin Configuration → Ports and Addresses, change the port, and click Save. Webmin will rewrite miniserv.conf and restart itself, but you still need to update your firewall manually beforehand.

Does the new port need to use HTTPS?

Webmin uses HTTPS by default regardless of which port it listens on, controlled by the ssl= directive in miniserv.conf. Changing the port number does not affect whether TLS is used.

Will the port change survive a Webmin upgrade?

Yes. Package upgrades do not overwrite miniserv.conf because it is a user-managed configuration file. Your port setting will persist across upgrades.

Which port numbers should I avoid?

Avoid ports below 1024 (require root privileges to bind), port 443 (HTTPS — likely used by your web server), port 22 (SSH), and any other port already in use on the system. Run ss -tlnp to see what is already occupied.

I have multiple network interfaces. Can I make Webmin listen on only one of them?

Yes. In miniserv.conf, set bind= to the specific IP address of the interface you want, for example bind=192.168.1.10. Combined with your port change, this limits exposure to a single interface.

How to Change the Webmin Port

Webmin listens on port 10000 by default. That default is well-known, so moving it to a non-standard port reduces automated scan noise. You may also need a specific port to fit your organisation's firewall policy. The change itself takes under five minutes: edit one config file, update your firewall, restart the service.

Prerequisites

Webmin already installed and running
Root or sudo access to the server
SSH access — your browser session will drop when Webmin restarts
A chosen replacement port (this guide uses 8443 as the example)

Step 1: Confirm Webmin Is Running

Before touching anything, confirm the service is active and note the current listening port.

sudo systemctl status webmin

sudo ss -tlnp | grep webmin

You should see it bound to 0.0.0.0:10000 or :::10000. If the service is stopped, start it first so you have a known-good baseline.

Step 2: Edit miniserv.conf

All of Webmin's server settings live in /etc/webmin/miniserv.conf. Open it in your editor of choice.

sudo nano /etc/webmin/miniserv.conf

Find the line that starts with port= and change the value. There is also a listen= line — change that too, because Webmin uses both to bind its socket.

# Before
port=10000
listen=10000

# After
port=8443
listen=8443

Save and close the file (Ctrl+O, Enter, Ctrl+X in nano). Do not restart Webmin yet — fix the firewall first or you will lock yourself out of the web UI.

Step 3: Update the Firewall

Open the new port and, once you have verified everything works, close the old one. The commands differ by distro and firewall tool.

UFW (Debian / Ubuntu)

sudo ufw allow 8443/tcp comment 'Webmin'
sudo ufw delete allow 10000/tcp

firewalld (Fedora / RHEL / Rocky / AlmaLinux)

sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --permanent --remove-port=10000/tcp
sudo firewall-cmd --reload

nftables (Arch / manual setup)

If you manage nftables directly, add a rule to your ruleset. The exact table and chain names depend on your configuration; the pattern below assumes a common filter table with an input chain.

sudo nft add rule inet filter input tcp dport 8443 accept

Then remove the old rule. List rules with counters to find its handle number first:

sudo nft -a list chain inet filter input

# Replace 7 with the actual handle of the port-10000 rule
sudo nft delete rule inet filter input handle 7

Persist the changes by saving your ruleset to whatever file your distro loads at boot (commonly /etc/nftables.conf):

sudo nft list ruleset | sudo tee /etc/nftables.conf

Cloud / hosting provider firewalls

If your server sits behind a cloud security group (AWS, GCP, DigitalOcean, etc.), add port 8443 inbound there as well. The OS-level firewall and the cloud firewall are independent layers.

Step 4: Restart Webmin

Now restart the service. Your browser session will disconnect — that is expected.

sudo systemctl restart webmin

Check that systemd considers it healthy:

sudo systemctl status webmin

Step 5: Verify the New Port

Confirm the process is now bound to the new port:

sudo ss -tlnp | grep webmin

Output will look similar to:

LISTEN  0  128  0.0.0.0:8443  0.0.0.0:*  users:(("miniserv.pl",pid=12345,fd=3))

Then open a browser and navigate to https://your-server-ip:8443. Accept the self-signed certificate warning if prompted. Log in normally.

Troubleshooting

Cannot connect after restart

Run sudo systemctl status webmin and sudo journalctl -u webmin -n 50 to look for startup errors.
Confirm port= and listen= in miniserv.conf both show the new value — a mismatch will prevent binding.
Double-check your firewall rules with sudo ufw status, sudo firewall-cmd --list-ports, or sudo nft list ruleset.
If you are behind a cloud security group, verify that group also permits the new port.

Port is already in use

Find what is occupying the port, then choose a different port or stop the conflicting service.

sudo ss -tlnp | grep 8443

Webmin fails to start — permission denied on port

Ports below 1024 are privileged on Linux. Stick to ports 1025–65535 to avoid this entirely. If you must use a low-numbered port, you would need to grant the capability or use an authbind setup — both are outside the scope of a simple port change.

Forgot to update the firewall and now locked out of the UI

You still have SSH. Re-run the firewall commands in Step 3 from the command line, then try the browser again. You do not need to restart Webmin a second time.