PowerDNS-Admin (Ubuntu): Unterschied zwischen den Versionen
Zeile 156: | Zeile 156: | ||
<pre> | <pre> | ||
sudo vi /etc/apache2/sites-available/ | sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf | ||
</pre> | </pre> | ||
<pre> | <pre> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
ServerName | ServerName poweradmin1.dynamic-dns.at | ||
ServerAlias [fe80::1] | ServerAlias [fe80::1] | ||
ServerAdmin admin@kirner.or.at | ServerAdmin admin@kirner.or.at | ||
SSLEngine On | SSLEngine On | ||
SSLCertificateFile /etc/ | SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem | ||
SSLCertificateKeyFile /etc/ | SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem | ||
ErrorLog /var/log/apache2/error- | ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log | ||
CustomLog /var/log/apache2/access- | CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined | ||
DocumentRoot /opt/web/powerdns-admin/ | DocumentRoot /opt/web/powerdns-admin/ |
Version vom 20. Juni 2020, 12:18 Uhr
Voraussetzungen
Git-Client siehe hier: Git
Sonstige benötigte Pakete:
Ob das Package ibmariadbclient-dev oder libmysqlclient-dev hängt von der verwendetetn Datenbank ab.
sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \ libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \ build-essential
NodeJs:
sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash - sudo apt-get install -y nodejs
Yarn:
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update -y sudo apt-get install -y yarn
Installation
Datenbank
mysql -u root -p
create database if not exists powerdns_admin; grant all on powerdns_admin.* to 'powerdns'@'%';
Repository klonen
Um git nicht als root ausführen zu müssen, das Installationsverzeichnis vorab erstellen und dem eigenen Benutzer zuweisen:
sudo mkdir -p /opt/web/powerdns-admin sudo chown <user>:<user> /opt/web/powerdns-admin
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
Installieren
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate pip install -r requirements.txt
vi /opt/web/powerdns-admin/powerdnsadmin/default_config.py
SQLA_DB_USER = 'powerdns' SQLA_DB_PASSWORD = '<password>' SQLA_DB_HOST = '10.0.0.157' SQLA_DB_NAME = 'powerdns_admin'
export FLASK_APP=powerdnsadmin/__init__.py flask db upgrade
yarn install --pure-lockfile flask assets build
./run.py
API-Key
Siehe dazu PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin.
http://127.0.0.1:8081
pdns_server --version
Konfiguration
SSL-Zertifikat siehe SSL_Zertifikat
Apache
/etc/apache2/mods-available/wsgi.load
sudo su apt install apache2-dev cd /opt/web/powerdns-admin/ virtualenv -p python3 flask source ./flask/bin/activate 552 pip3 install mod-wsgi mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load a2enmod wsgi systemctl restart apache2 exit
sudo addgroup pdnsadmin sudo adduser --ingroup pdnsadmin pdnsadmin sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin
/etc/apache2/sites-available/poweradmin.conf
sudo vi /etc/apache2/sites-available/powerdns.conf
<VirtualHost *:80> ServerName poweradmin1.dynamic-dns.at Redirect / https://poweradmin1.dynamic-dns.at </VirtualHost>
/etc/apache2/sites-available/powerdns-ssl.conf
sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
<VirtualHost *:443> ServerName poweradmin1.dynamic-dns.at ServerAlias [fe80::1] ServerAdmin admin@kirner.or.at SSLEngine On SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined DocumentRoot /opt/web/powerdns-admin/ WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5 WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi # pass BasicAuth on to the WSGI process WSGIPassAuthorization On <Directory "/opt/web/powerdns-admin/"> WSGIProcessGroup pdnsadmin WSGIApplicationGroup %{GLOBAL} AllowOverride None Options +ExecCGI +FollowSymLinks SSLRequireSSL AllowOverride None Require all granted </Directory> </VirtualHost>
/opt/web/powerdns-admin/powerdnsadmin.wsgi
sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
#!/usr/bin/env python3 import sys sys.path.insert(0, '/opt/web/powerdns-admin') from powerdnsadmin import create_app application = create_app()
Konfigurationen neu laden
cd /etc/apache2/sites-available sudo a2ensite powerdns.conf sudo a2ensite powerdns-ssl.conf sudo service apache2 reload
Links
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example
Probleme
[ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Siehe Apache#Fehlermeldungen
SOA-Record / content: a.misconfigured.powerdns.server
TODO
https://doc.powerdns.com/md/authoritative/settings/#default-soa-name
https://en.wikipedia.org/wiki/SOA_record
Links
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian
https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/