PowerDNS-Admin (Ubuntu): Unterschied zwischen den Versionen

Aus Tutorials
Zur Navigation springen Zur Suche springen
 
(52 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 8: Zeile 8:
Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab.
Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab.


<pre>sudo apt-get install -y libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential</pre>
<pre>sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \
build-essential
</pre>




Zeile 31: Zeile 34:


=== Datenbank ===
=== Datenbank ===
<pre>
mysql -u root -p
</pre>


<pre>
<pre>
create database if not exists powerdns_admin;
create database if not exists powerdns_admin;
grant all on powerdns_admin.* to 'powerdns'@'localhost';  
grant all on powerdns_admin.* to 'powerdns'@'%';  
</pre>
</pre>


Zeile 74: Zeile 81:
SQLA_DB_USER = 'powerdns'
SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_HOST = '10.0.0.157'
SQLA_DB_NAME = 'powerdns_admin'
SQLA_DB_NAME = 'powerdns_admin'
</pre>
</pre>
Zeile 93: Zeile 100:
./run.py
./run.py
</pre>
</pre>
== API-Key ==
Siehe dazu [[PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin]].
<pre>
http://127.0.0.1:8081
</pre>
<pre>
pdns_server --version
</pre>
== Konfiguration ==
SSL-Zertifikat siehe [[SSL_Zertifikat]]
=== Apache ===
==== /etc/apache2/mods-available/wsgi.load ====
<pre>
sudo su
apt install apache2-dev
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate  552 
pip3 install mod-wsgi
mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load
a2enmod wsgi
systemctl restart apache2
exit
</pre>
<pre>
sudo addgroup pdnsadmin
sudo adduser --ingroup pdnsadmin pdnsadmin
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin
</pre>
==== /etc/apache2/sites-available/poweradmin.conf ====
<pre>
sudo vi /etc/apache2/sites-available/powerdns.conf
</pre>
<pre>
<VirtualHost *:80>
        ServerName poweradmin1.dynamic-dns.at
        Redirect / https://poweradmin1.dynamic-dns.at
</VirtualHost>
</pre>
==== /etc/apache2/sites-available/poweradmin-ssl.conf ====
<pre>
sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
</pre>
<pre>
<VirtualHost *:443>
        ServerName poweradmin1.dynamic-dns.at
        ServerAlias [fe80::1]
        ServerAdmin admin@kirner.or.at
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem
        ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
        CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined
        DocumentRoot /opt/web/powerdns-admin/
        WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
        WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi
        # pass BasicAuth on to the WSGI process
        WSGIPassAuthorization On
        <Directory "/opt/web/powerdns-admin/">
                WSGIProcessGroup pdnsadmin
                WSGIApplicationGroup %{GLOBAL}
                AllowOverride None
                Options +ExecCGI +FollowSymLinks
                SSLRequireSSL
                AllowOverride None
                Require all granted
        </Directory>
</VirtualHost>
</pre>
==== /opt/web/powerdns-admin/powerdnsadmin.wsgi ====
<pre>
sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
</pre>
<pre>
#!/usr/bin/env python3
import sys
sys.path.insert(0, '/opt/web/powerdns-admin')
from powerdnsadmin import create_app
application = create_app()
</pre>
==== Konfigurationen neu laden ====
<pre>
cd /etc/apache2/sites-available
sudo a2ensite powerdns.conf
sudo a2ensite powerdns-ssl.conf
sudo service apache2 reload
</pre>
==== Links ====
[https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example]
== Probleme ==
=== [ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) ===
Siehe [[Apache_HTTP_(Linux)#.5Bssl:warn.5D_.5Bpid_604.5D_AH01906:_.3Cfqdn.3E:443:0_server_certificate_is_a_CA_certificate_.28BasicConstraints:_CA_.3D.3D_TRUE_.21.3F.29|Apache#Fehlermeldungen]]
=== SOA-Record / content: a.misconfigured.powerdns.server ===
TODO
[https://doc.powerdns.com/md/authoritative/settings/#default-soa-name https://doc.powerdns.com/md/authoritative/settings/#default-soa-name]
[https://en.wikipedia.org/wiki/SOA_record https://en.wikipedia.org/wiki/SOA_record]


== Links ==
== Links ==
Zeile 105: Zeile 246:




Zurück zu [[Domain selbst verwalten#Nameserver mit Datenbankanbinding|Domain selbst verwalten]]
Zurück zu [[PowerDNS (Ubuntu)|PowerDNS]], [[Ubuntu#P (Server)|Ubuntu]]

Aktuelle Version vom 20. Juni 2020, 12:59 Uhr

Voraussetzungen

Git-Client siehe hier: Git


Sonstige benötigte Pakete:

Ob das Package ibmariadbclient-dev oder libmysqlclient-dev hängt von der verwendetetn Datenbank ab.

sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \
build-essential


NodeJs:

sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
sudo apt-get install -y nodejs


Yarn:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update -y
sudo apt-get install -y yarn

Installation

Datenbank

mysql -u root -p
create database if not exists powerdns_admin;
grant all on powerdns_admin.* to 'powerdns'@'%'; 

Repository klonen

Um git nicht als root ausführen zu müssen, das Installationsverzeichnis vorab erstellen und dem eigenen Benutzer zuweisen:

sudo mkdir -p /opt/web/powerdns-admin	
sudo chown <user>:<user> /opt/web/powerdns-admin
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin

Installieren

cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate
pip install -r requirements.txt


vi /opt/web/powerdns-admin/powerdnsadmin/default_config.py
SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_HOST = '10.0.0.157'
SQLA_DB_NAME = 'powerdns_admin'
export FLASK_APP=powerdnsadmin/__init__.py
flask db upgrade
yarn install --pure-lockfile
flask assets build


./run.py

API-Key

Siehe dazu PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin.

http://127.0.0.1:8081
pdns_server --version

Konfiguration

SSL-Zertifikat siehe SSL_Zertifikat

Apache

/etc/apache2/mods-available/wsgi.load

sudo su
apt install apache2-dev
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate  552  
pip3 install mod-wsgi
mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load
a2enmod wsgi
systemctl restart apache2
exit
sudo addgroup pdnsadmin
sudo adduser --ingroup pdnsadmin pdnsadmin
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin

/etc/apache2/sites-available/poweradmin.conf

sudo vi /etc/apache2/sites-available/powerdns.conf
<VirtualHost *:80>
        ServerName poweradmin1.dynamic-dns.at
        Redirect / https://poweradmin1.dynamic-dns.at
</VirtualHost>

/etc/apache2/sites-available/poweradmin-ssl.conf

sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
<VirtualHost *:443>
        ServerName poweradmin1.dynamic-dns.at
        ServerAlias [fe80::1]
        ServerAdmin admin@kirner.or.at

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem

        ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
        CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined

        DocumentRoot /opt/web/powerdns-admin/

        WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
        WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi

        # pass BasicAuth on to the WSGI process
        WSGIPassAuthorization On

        <Directory "/opt/web/powerdns-admin/">
                WSGIProcessGroup pdnsadmin
                WSGIApplicationGroup %{GLOBAL}

                AllowOverride None
                Options +ExecCGI +FollowSymLinks
                SSLRequireSSL
                AllowOverride None
                Require all granted
        </Directory>
</VirtualHost>

/opt/web/powerdns-admin/powerdnsadmin.wsgi

sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
#!/usr/bin/env python3
import sys
sys.path.insert(0, '/opt/web/powerdns-admin')

from powerdnsadmin import create_app
application = create_app()

Konfigurationen neu laden

cd /etc/apache2/sites-available
sudo a2ensite powerdns.conf
sudo a2ensite powerdns-ssl.conf
sudo service apache2 reload

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example

Probleme

[ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Siehe Apache#Fehlermeldungen

SOA-Record / content: a.misconfigured.powerdns.server

TODO

https://doc.powerdns.com/md/authoritative/settings/#default-soa-name

https://en.wikipedia.org/wiki/SOA_record

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian

https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/

https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/

https://github.com/ngoduykhanh/PowerDNS-Admin


Zurück zu PowerDNS, Ubuntu