PowerDNS-Admin (Ubuntu): Unterschied zwischen den Versionen
(→Apache) |
|||
(43 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 8: | Zeile 8: | ||
Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab. | Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab. | ||
<pre>sudo apt-get install -y libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential</pre> | <pre>sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \ | ||
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \ | |||
build-essential | |||
</pre> | |||
Zeile 31: | Zeile 34: | ||
=== Datenbank === | === Datenbank === | ||
<pre> | |||
mysql -u root -p | |||
</pre> | |||
<pre> | <pre> | ||
create database if not exists powerdns_admin; | create database if not exists powerdns_admin; | ||
grant all on powerdns_admin.* to 'powerdns'@' | grant all on powerdns_admin.* to 'powerdns'@'%'; | ||
</pre> | </pre> | ||
Zeile 74: | Zeile 81: | ||
SQLA_DB_USER = 'powerdns' | SQLA_DB_USER = 'powerdns' | ||
SQLA_DB_PASSWORD = '<password>' | SQLA_DB_PASSWORD = '<password>' | ||
SQLA_DB_HOST = ' | SQLA_DB_HOST = '10.0.0.157' | ||
SQLA_DB_NAME = 'powerdns_admin' | SQLA_DB_NAME = 'powerdns_admin' | ||
</pre> | </pre> | ||
Zeile 97: | Zeile 104: | ||
Siehe dazu [[PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin]]. | Siehe dazu [[PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin]]. | ||
<pre> | <pre> | ||
http://127.0.0.1:8081 | |||
</pre> | </pre> | ||
<pre> | <pre> | ||
pdns_server --version | |||
</pre> | </pre> | ||
== Konfiguration == | |||
SSL-Zertifikat siehe [[SSL_Zertifikat]] | |||
=== Apache === | |||
==== /etc/apache2/mods-available/wsgi.load ==== | |||
<pre> | <pre> | ||
sudo | sudo su | ||
apt install apache2-dev | |||
cd /opt/web/powerdns-admin/ | |||
virtualenv -p python3 flask | |||
source ./flask/bin/activate 552 | |||
pip3 install mod-wsgi | |||
mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load | |||
a2enmod wsgi | |||
systemctl restart apache2 | |||
exit | |||
</pre> | </pre> | ||
<pre> | <pre> | ||
sudo addgroup pdnsadmin | |||
sudo adduser --ingroup pdnsadmin pdnsadmin | |||
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin | |||
</pre> | </pre> | ||
==== /etc/apache2/sites-available/poweradmin.conf ==== | |||
<pre> | <pre> | ||
sudo | sudo vi /etc/apache2/sites-available/powerdns.conf | ||
</pre> | </pre> | ||
<pre> | <pre> | ||
<VirtualHost *:80> | |||
ServerName poweradmin1.dynamic-dns.at | |||
Redirect / https://poweradmin1.dynamic-dns.at | |||
</VirtualHost> | |||
</pre> | </pre> | ||
==== /etc/apache2/sites-available/poweradmin-ssl.conf ==== | |||
<pre> | <pre> | ||
sudo vi /etc/apache2/sites-available/ | sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf | ||
</pre> | </pre> | ||
<pre> | <pre> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
ServerName | ServerName poweradmin1.dynamic-dns.at | ||
ServerAlias [fe80::1] | ServerAlias [fe80::1] | ||
ServerAdmin admin@kirner.or.at | ServerAdmin admin@kirner.or.at | ||
SSLEngine On | SSLEngine On | ||
SSLCertificateFile /etc/ | SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem | ||
SSLCertificateKeyFile /etc/ | SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem | ||
ErrorLog /var/log/apache2/error- | ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log | ||
CustomLog /var/log/apache2/access- | CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined | ||
DocumentRoot / | DocumentRoot /opt/web/powerdns-admin/ | ||
WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5 | WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5 | ||
WSGIScriptAlias / / | WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi | ||
# pass BasicAuth on to the WSGI process | # pass BasicAuth on to the WSGI process | ||
WSGIPassAuthorization On | WSGIPassAuthorization On | ||
<Directory "/ | <Directory "/opt/web/powerdns-admin/"> | ||
WSGIProcessGroup pdnsadmin | WSGIProcessGroup pdnsadmin | ||
WSGIApplicationGroup %{GLOBAL} | WSGIApplicationGroup %{GLOBAL} | ||
Zeile 212: | Zeile 191: | ||
</Directory> | </Directory> | ||
</VirtualHost> | </VirtualHost> | ||
</pre> | |||
==== /opt/web/powerdns-admin/powerdnsadmin.wsgi ==== | |||
<pre> | |||
sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi | |||
</pre> | |||
<pre> | |||
#!/usr/bin/env python3 | |||
import sys | |||
sys.path.insert(0, '/opt/web/powerdns-admin') | |||
from powerdnsadmin import create_app | |||
application = create_app() | |||
</pre> | |||
==== Konfigurationen neu laden ==== | |||
<pre> | |||
cd /etc/apache2/sites-available | |||
sudo a2ensite powerdns.conf | |||
sudo a2ensite powerdns-ssl.conf | |||
sudo service apache2 reload | |||
</pre> | </pre> | ||
Zeile 217: | Zeile 220: | ||
[https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example] | [https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example] | ||
== Probleme == | |||
=== [ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) === | |||
Siehe [[Apache_HTTP_(Linux)#.5Bssl:warn.5D_.5Bpid_604.5D_AH01906:_.3Cfqdn.3E:443:0_server_certificate_is_a_CA_certificate_.28BasicConstraints:_CA_.3D.3D_TRUE_.21.3F.29|Apache#Fehlermeldungen]] | |||
=== SOA-Record / content: a.misconfigured.powerdns.server === | |||
TODO | |||
[https://doc.powerdns.com/md/authoritative/settings/#default-soa-name https://doc.powerdns.com/md/authoritative/settings/#default-soa-name] | |||
[https://en.wikipedia.org/wiki/SOA_record https://en.wikipedia.org/wiki/SOA_record] | |||
== Links == | == Links == | ||
Zeile 229: | Zeile 246: | ||
Zurück zu [[ | Zurück zu [[PowerDNS (Ubuntu)|PowerDNS]], [[Ubuntu#P (Server)|Ubuntu]] |
Aktuelle Version vom 20. Juni 2020, 12:59 Uhr
Voraussetzungen
Git-Client siehe hier: Git
Sonstige benötigte Pakete:
Ob das Package ibmariadbclient-dev oder libmysqlclient-dev hängt von der verwendetetn Datenbank ab.
sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \ libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \ build-essential
NodeJs:
sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash - sudo apt-get install -y nodejs
Yarn:
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update -y sudo apt-get install -y yarn
Installation
Datenbank
mysql -u root -p
create database if not exists powerdns_admin; grant all on powerdns_admin.* to 'powerdns'@'%';
Repository klonen
Um git nicht als root ausführen zu müssen, das Installationsverzeichnis vorab erstellen und dem eigenen Benutzer zuweisen:
sudo mkdir -p /opt/web/powerdns-admin sudo chown <user>:<user> /opt/web/powerdns-admin
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
Installieren
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate pip install -r requirements.txt
vi /opt/web/powerdns-admin/powerdnsadmin/default_config.py
SQLA_DB_USER = 'powerdns' SQLA_DB_PASSWORD = '<password>' SQLA_DB_HOST = '10.0.0.157' SQLA_DB_NAME = 'powerdns_admin'
export FLASK_APP=powerdnsadmin/__init__.py flask db upgrade
yarn install --pure-lockfile flask assets build
./run.py
API-Key
Siehe dazu PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin.
http://127.0.0.1:8081
pdns_server --version
Konfiguration
SSL-Zertifikat siehe SSL_Zertifikat
Apache
/etc/apache2/mods-available/wsgi.load
sudo su apt install apache2-dev cd /opt/web/powerdns-admin/ virtualenv -p python3 flask source ./flask/bin/activate 552 pip3 install mod-wsgi mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load a2enmod wsgi systemctl restart apache2 exit
sudo addgroup pdnsadmin sudo adduser --ingroup pdnsadmin pdnsadmin sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin
/etc/apache2/sites-available/poweradmin.conf
sudo vi /etc/apache2/sites-available/powerdns.conf
<VirtualHost *:80> ServerName poweradmin1.dynamic-dns.at Redirect / https://poweradmin1.dynamic-dns.at </VirtualHost>
/etc/apache2/sites-available/poweradmin-ssl.conf
sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
<VirtualHost *:443> ServerName poweradmin1.dynamic-dns.at ServerAlias [fe80::1] ServerAdmin admin@kirner.or.at SSLEngine On SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined DocumentRoot /opt/web/powerdns-admin/ WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5 WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi # pass BasicAuth on to the WSGI process WSGIPassAuthorization On <Directory "/opt/web/powerdns-admin/"> WSGIProcessGroup pdnsadmin WSGIApplicationGroup %{GLOBAL} AllowOverride None Options +ExecCGI +FollowSymLinks SSLRequireSSL AllowOverride None Require all granted </Directory> </VirtualHost>
/opt/web/powerdns-admin/powerdnsadmin.wsgi
sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
#!/usr/bin/env python3 import sys sys.path.insert(0, '/opt/web/powerdns-admin') from powerdnsadmin import create_app application = create_app()
Konfigurationen neu laden
cd /etc/apache2/sites-available sudo a2ensite powerdns.conf sudo a2ensite powerdns-ssl.conf sudo service apache2 reload
Links
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example
Probleme
[ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Siehe Apache#Fehlermeldungen
SOA-Record / content: a.misconfigured.powerdns.server
TODO
https://doc.powerdns.com/md/authoritative/settings/#default-soa-name
https://en.wikipedia.org/wiki/SOA_record
Links
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian
https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/