PowerDNS-Admin (Ubuntu): Unterschied zwischen den Versionen

Aus Tutorials
Zur Navigation springen Zur Suche springen
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 140: Zeile 140:
</pre>
</pre>


==== /etc/apache2/sites-available/powerdns.conf ====
==== /etc/apache2/sites-available/poweradmin.conf ====


<pre>
<pre>
Zeile 148: Zeile 148:
<pre>
<pre>
<VirtualHost *:80>
<VirtualHost *:80>
         ServerName powerdns1.kirner.or.at
         ServerName poweradmin1.dynamic-dns.at
        ServerAlias powerdns1.kirner.or.at
         Redirect / https://poweradmin1.dynamic-dns.at
         Redirect / https://powerdns1.kirner.or.at
</VirtualHost>
</VirtualHost>
</pre>
</pre>


==== /etc/apache2/sites-available/powerdns-ssl.conf ====
==== /etc/apache2/sites-available/poweradmin-ssl.conf ====


<pre>
<pre>
sudo vi /etc/apache2/sites-available/powerdns-ssl.conf
sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
</pre>
</pre>


<pre>
<pre>
<VirtualHost *:443>
<VirtualHost *:443>
         ServerName powerdns1.kirner.or.at
         ServerName poweradmin1.dynamic-dns.at
         ServerAlias [fe80::1]
         ServerAlias [fe80::1]
         ServerAdmin admin@kirner.or.at
         ServerAdmin admin@kirner.or.at


         SSLEngine On
         SSLEngine On
         SSLCertificateFile /etc/ssl/certs/powerdns.crt
         SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
         SSLCertificateKeyFile /etc/ssl/private/apache.key
         SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem


         ErrorLog /var/log/apache2/error-powerdns1.kirner.or.at.log
         ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
         CustomLog /var/log/apache2/access-powerdns1.kirner.or.at.log combined
         CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined


         DocumentRoot /opt/web/powerdns-admin/
         DocumentRoot /opt/web/powerdns-admin/
Zeile 226: Zeile 225:
=== [ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) ===
=== [ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) ===


TODO
Siehe [[Apache_HTTP_(Linux)#.5Bssl:warn.5D_.5Bpid_604.5D_AH01906:_.3Cfqdn.3E:443:0_server_certificate_is_a_CA_certificate_.28BasicConstraints:_CA_.3D.3D_TRUE_.21.3F.29|Apache#Fehlermeldungen]]


=== SOA-Record / content: a.misconfigured.powerdns.server ===
=== SOA-Record / content: a.misconfigured.powerdns.server ===


TODO
TODO
[https://mailman.powerdns.com/pipermail/pdns-users/2007-January/004139.html https://mailman.powerdns.com/pipermail/pdns-users/2007-January/004139.html]


[https://doc.powerdns.com/md/authoritative/settings/#default-soa-name https://doc.powerdns.com/md/authoritative/settings/#default-soa-name]
[https://doc.powerdns.com/md/authoritative/settings/#default-soa-name https://doc.powerdns.com/md/authoritative/settings/#default-soa-name]
Zeile 249: Zeile 246:




Zurück zu [[PowerDNS (Ubuntu)|PowerDNS]]
Zurück zu [[PowerDNS (Ubuntu)|PowerDNS]], [[Ubuntu#P (Server)|Ubuntu]]

Aktuelle Version vom 20. Juni 2020, 12:59 Uhr

Voraussetzungen

Git-Client siehe hier: Git


Sonstige benötigte Pakete:

Ob das Package ibmariadbclient-dev oder libmysqlclient-dev hängt von der verwendetetn Datenbank ab.

sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \
build-essential


NodeJs:

sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
sudo apt-get install -y nodejs


Yarn:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update -y
sudo apt-get install -y yarn

Installation

Datenbank

mysql -u root -p
create database if not exists powerdns_admin;
grant all on powerdns_admin.* to 'powerdns'@'%'; 

Repository klonen

Um git nicht als root ausführen zu müssen, das Installationsverzeichnis vorab erstellen und dem eigenen Benutzer zuweisen:

sudo mkdir -p /opt/web/powerdns-admin	
sudo chown <user>:<user> /opt/web/powerdns-admin
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin

Installieren

cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate
pip install -r requirements.txt


vi /opt/web/powerdns-admin/powerdnsadmin/default_config.py
SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_HOST = '10.0.0.157'
SQLA_DB_NAME = 'powerdns_admin'
export FLASK_APP=powerdnsadmin/__init__.py
flask db upgrade
yarn install --pure-lockfile
flask assets build


./run.py

API-Key

Siehe dazu PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin.

http://127.0.0.1:8081
pdns_server --version

Konfiguration

SSL-Zertifikat siehe SSL_Zertifikat

Apache

/etc/apache2/mods-available/wsgi.load

sudo su
apt install apache2-dev
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate  552  
pip3 install mod-wsgi
mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load
a2enmod wsgi
systemctl restart apache2
exit
sudo addgroup pdnsadmin
sudo adduser --ingroup pdnsadmin pdnsadmin
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin

/etc/apache2/sites-available/poweradmin.conf

sudo vi /etc/apache2/sites-available/powerdns.conf
<VirtualHost *:80>
        ServerName poweradmin1.dynamic-dns.at
        Redirect / https://poweradmin1.dynamic-dns.at
</VirtualHost>

/etc/apache2/sites-available/poweradmin-ssl.conf

sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
<VirtualHost *:443>
        ServerName poweradmin1.dynamic-dns.at
        ServerAlias [fe80::1]
        ServerAdmin admin@kirner.or.at

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem

        ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
        CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined

        DocumentRoot /opt/web/powerdns-admin/

        WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
        WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi

        # pass BasicAuth on to the WSGI process
        WSGIPassAuthorization On

        <Directory "/opt/web/powerdns-admin/">
                WSGIProcessGroup pdnsadmin
                WSGIApplicationGroup %{GLOBAL}

                AllowOverride None
                Options +ExecCGI +FollowSymLinks
                SSLRequireSSL
                AllowOverride None
                Require all granted
        </Directory>
</VirtualHost>

/opt/web/powerdns-admin/powerdnsadmin.wsgi

sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
#!/usr/bin/env python3
import sys
sys.path.insert(0, '/opt/web/powerdns-admin')

from powerdnsadmin import create_app
application = create_app()

Konfigurationen neu laden

cd /etc/apache2/sites-available
sudo a2ensite powerdns.conf
sudo a2ensite powerdns-ssl.conf
sudo service apache2 reload

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example

Probleme

[ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Siehe Apache#Fehlermeldungen

SOA-Record / content: a.misconfigured.powerdns.server

TODO

https://doc.powerdns.com/md/authoritative/settings/#default-soa-name

https://en.wikipedia.org/wiki/SOA_record

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian

https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/

https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/

https://github.com/ngoduykhanh/PowerDNS-Admin


Zurück zu PowerDNS, Ubuntu