PowerDNS-Admin (Ubuntu): Unterschied zwischen den Versionen

Aus Tutorials
Zur Navigation springen Zur Suche springen
 
(35 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 8: Zeile 8:
Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab.
Ob das Package ''ibmariadbclient-dev'' oder ''libmysqlclient-dev'' hängt von der verwendetetn Datenbank ab.


<pre>sudo apt-get install -y libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential</pre>
<pre>sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \
build-essential
</pre>




Zeile 31: Zeile 34:


=== Datenbank ===
=== Datenbank ===
<pre>
mysql -u root -p
</pre>


<pre>
<pre>
create database if not exists powerdns_admin;
create database if not exists powerdns_admin;
grant all on powerdns_admin.* to 'powerdns'@'localhost';  
grant all on powerdns_admin.* to 'powerdns'@'%';  
</pre>
</pre>


Zeile 74: Zeile 81:
SQLA_DB_USER = 'powerdns'
SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_HOST = '127.0.0.1'
SQLA_DB_HOST = '10.0.0.157'
SQLA_DB_NAME = 'powerdns_admin'
SQLA_DB_NAME = 'powerdns_admin'
</pre>
</pre>
Zeile 97: Zeile 104:


Siehe dazu [[PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin]].
Siehe dazu [[PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin]].
== Konfiguration ==
=== systemd ===


<pre>
<pre>
sudo vi /etc/systemd/system/powerdns-admin.service
http://127.0.0.1:8081
</pre>
</pre>


<pre>
<pre>
[Unit]
pdns_server --version
Description=PowerDNS-Admin
Requires=powerdns-admin.socket
After=network.target
 
[Service]
PIDFile=/run/powerdns-admin/pid
User=pdns
Group=pdns
WorkingDirectory=/opt/web/powerdns-admin
ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket 'powerdnsadmin:create_app()'
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
 
[Install]
WantedBy=multi-user.target
</pre>
 
 
<pre>
sudo vim /etc/systemd/system/powerdns-admin.socket
</pre>
 
 
<pre>
[Unit]
Description=PowerDNS-Admin socket
 
[Socket]
ListenStream=/run/powerdns-admin/socket
 
[Install]
WantedBy=sockets.target
</pre>
 
 
<pre>
sudo vim /etc/tmpfiles.d/powerdns-admin.conf
</pre>
 
<pre>
d /run/powerdns-admin 0755 pdns pdns -
</pre>
</pre>


== Konfiguration ==


<pre>
SSL-Zertifikat siehe [[SSL_Zertifikat]]
sudo systemctl daemon-reload; sudo systemctl restart powerdns-admin.socket; sudo systemctl restart powerdns-admin.service; \
sudo systemctl enable powerdns-admin.socket; sudo systemctl enable powerdns-admin.service;
</pre>
 
==== Links ====
 
[https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-with-Systemd,-Gunicorn--and--Nginx]


=== Apache ===
=== Apache ===


<pre>
==== /etc/apache2/mods-available/wsgi.load ====
sudo touch /etc/apache2/mods-available/wsgi.load
sudo chown pdnsadmin:pdnsadmin /etc/apache2/mods-available/wsgi.load
sudo chown pdnsadmin:pdnsadmin /usr/lib/apache2/modules/mod_wsgi-py37.cpython-37m-arm-linux-gnueabihf.so
</pre>


<pre>
<pre>
sudo -i
sudo su
apt install apache2-dev
apt install apache2-dev
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
virtualenv -p python3 flask
source ./flask/bin/activate  552   
source ./flask/bin/activate  552   
Zeile 182: Zeile 134:
</pre>
</pre>


/etc/apache2/mods-available/wsgi.load
<pre>
<pre>
sudo addgroup pdnsadmin
sudo addgroup pdnsadmin
sudo adduser pdnsadmin --ingroup pdnsadmin
sudo adduser --ingroup pdnsadmin pdnsadmin
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin
</pre>
 
==== /etc/apache2/sites-available/poweradmin.conf ====
 
<pre>
sudo vi /etc/apache2/sites-available/powerdns.conf
</pre>
 
<pre>
<VirtualHost *:80>
        ServerName poweradmin1.dynamic-dns.at
        Redirect / https://poweradmin1.dynamic-dns.at
</VirtualHost>
</pre>
</pre>


==== /etc/apache2/sites-available/poweradmin-ssl.conf ====


<pre>
<pre>
sudo vi /etc/apache2/sites-available/powerdns-ssl.conf
sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf
</pre>
</pre>


<pre>
<pre>
<VirtualHost *:443>
<VirtualHost *:443>
         ServerName powerdns1.kirner.or.at
         ServerName poweradmin1.dynamic-dns.at
         ServerAlias [fe80::1]
         ServerAlias [fe80::1]
         ServerAdmin admin@kirner.or.at
         ServerAdmin admin@kirner.or.at


         SSLEngine On
         SSLEngine On
         SSLCertificateFile /etc/ssl/certs/powerdns.crt
         SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
         SSLCertificateKeyFile /etc/ssl/private/apache.key
         SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem


         ErrorLog /var/log/apache2/error-powerdns1.kirner.or.at.log
         ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
         CustomLog /var/log/apache2/access-powerdns1.kirner.or.at.log combined
         CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined


         DocumentRoot /srv/vhosts/powerdns1.kirner.or.at/
         DocumentRoot /opt/web/powerdns-admin/


         WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
         WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
         WSGIScriptAlias / /srv/vhosts/powerdns1.kirner.or.at/powerdnsadmin.wsgi
         WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi


         # pass BasicAuth on to the WSGI process
         # pass BasicAuth on to the WSGI process
         WSGIPassAuthorization On
         WSGIPassAuthorization On


         <Directory "/srv/vhosts/powerdns1.kirner.or.at/">
         <Directory "/opt/web/powerdns-admin/">
                 WSGIProcessGroup pdnsadmin
                 WSGIProcessGroup pdnsadmin
                 WSGIApplicationGroup %{GLOBAL}
                 WSGIApplicationGroup %{GLOBAL}
Zeile 227: Zeile 193:
</pre>
</pre>


 
==== /opt/web/powerdns-admin/powerdnsadmin.wsgi ====


<pre>
<pre>
sudo mkdir -p /srv/vhosts/powerdns1.kirner.or.at
sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi
sudo vi /srv/vhosts/powerdns1.kirner.or.at/powerdnsadmin.wsgi
</pre>
</pre>


Zeile 237: Zeile 202:
#!/usr/bin/env python3
#!/usr/bin/env python3
import sys
import sys
sys.path.insert(0, '/srv/vhosts/powerdns1.kirner.or.at')
sys.path.insert(0, '/opt/web/powerdns-admin')


from powerdnsadmin import create_app
from powerdnsadmin import create_app
application = create_app()
application = create_app()
</pre>
</pre>
==== Konfigurationen neu laden ====


<pre>
<pre>
sudo chown -R pdnsadmin:pdnsadmin /srv/vhosts/powerdns1.kirner.or.at/
cd /etc/apache2/sites-available
sudo a2ensite powerdns.conf
sudo a2ensite powerdns-ssl.conf
sudo service apache2 reload
</pre>
</pre>


Zeile 251: Zeile 221:
[https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example]
[https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example]


==== Error ====
== Probleme ==


<pre>
=== [ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) ===
[Tue Jan 28 00:24:55.138644 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402] mod_wsgi (pid=1474): Failed to exec Python script file '/srv/vhosts/powerdns1.kirner.or.at/powerdnsadmin.wsgi'.
 
[Tue Jan 28 00:24:55.138968 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402] mod_wsgi (pid=1474): Exception occurred processing WSGI script '/srv/vhosts/powerdns1.kirner.or.at/powerdnsadmin.wsgi'.
Siehe [[Apache_HTTP_(Linux)#.5Bssl:warn.5D_.5Bpid_604.5D_AH01906:_.3Cfqdn.3E:443:0_server_certificate_is_a_CA_certificate_.28BasicConstraints:_CA_.3D.3D_TRUE_.21.3F.29|Apache#Fehlermeldungen]]
[Tue Jan 28 00:24:55.168346 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402] Traceback (most recent call last):
 
[Tue Jan 28 00:24:55.168527 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402]  File "/srv/vhosts/powerdns1.kirner.or.at/powerdnsadmin.wsgi", line 5, in <module>
=== SOA-Record / content: a.misconfigured.powerdns.server ===
[Tue Jan 28 00:24:55.168572 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402]     from powerdnsadmin import create_app
 
[Tue Jan 28 00:24:55.168679 2020] [wsgi:error] [pid 1474] [remote 10.0.0.60:42402] ModuleNotFoundError: No module named 'powerdnsadmin'
TODO
</pre>
 
[https://doc.powerdns.com/md/authoritative/settings/#default-soa-name https://doc.powerdns.com/md/authoritative/settings/#default-soa-name]
 
[https://en.wikipedia.org/wiki/SOA_record https://en.wikipedia.org/wiki/SOA_record]


== Links ==
== Links ==
Zeile 273: Zeile 246:




Zurück zu [[Domain selbst verwalten#Nameserver mit Datenbankanbinding|Domain selbst verwalten]]
Zurück zu [[PowerDNS (Ubuntu)|PowerDNS]], [[Ubuntu#P (Server)|Ubuntu]]

Aktuelle Version vom 20. Juni 2020, 13:59 Uhr

Voraussetzungen

Git-Client siehe hier: Git


Sonstige benötigte Pakete:

Ob das Package ibmariadbclient-dev oder libmysqlclient-dev hängt von der verwendetetn Datenbank ab. 

sudo apt-get install -y python3-dev libmariadbclient-dev libsasl2-dev libldap2-dev libssl-dev \
libxml2-dev libxslt1-dev libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv \
build-essential


NodeJs: 

sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
sudo apt-get install -y nodejs


Yarn: 

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update -y
sudo apt-get install -y yarn

Installation

Datenbank

mysql -u root -p

create database if not exists powerdns_admin;
grant all on powerdns_admin.* to 'powerdns'@'%';

Repository klonen

Um git nicht als root ausführen zu müssen, das Installationsverzeichnis vorab erstellen und dem eigenen Benutzer zuweisen: 

sudo mkdir -p /opt/web/powerdns-admin	
sudo chown <user>:<user> /opt/web/powerdns-admin

git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin

Installieren

cd /opt/web/powerdns-admin/

virtualenv -p python3 flask

source ./flask/bin/activate
pip install -r requirements.txt



vi /opt/web/powerdns-admin/powerdnsadmin/default_config.py

SQLA_DB_USER = 'powerdns'
SQLA_DB_PASSWORD = '<password>'
SQLA_DB_HOST = '10.0.0.157'
SQLA_DB_NAME = 'powerdns_admin'

export FLASK_APP=powerdnsadmin/__init__.py
flask db upgrade

yarn install --pure-lockfile
flask assets build



./run.py

API-Key

Siehe dazu PowerDNS Authoritative Server (Ubuntu)#API für PowerDNS-Admin. 

http://127.0.0.1:8081

pdns_server --version

Konfiguration

SSL-Zertifikat siehe SSL_Zertifikat

Apache

/etc/apache2/mods-available/wsgi.load

sudo su
apt install apache2-dev
cd /opt/web/powerdns-admin/
virtualenv -p python3 flask
source ./flask/bin/activate  552  
pip3 install mod-wsgi
mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load
a2enmod wsgi
systemctl restart apache2
exit

sudo addgroup pdnsadmin
sudo adduser --ingroup pdnsadmin pdnsadmin
sudo chown -R pdnsadmin:pdnsadmin /opt/web/powerdns-admin

/etc/apache2/sites-available/poweradmin.conf

sudo vi /etc/apache2/sites-available/powerdns.conf

<VirtualHost *:80>
        ServerName poweradmin1.dynamic-dns.at
        Redirect / https://poweradmin1.dynamic-dns.at
</VirtualHost>

/etc/apache2/sites-available/poweradmin-ssl.conf

sudo vi /etc/apache2/sites-available/poweradmin-ssl.conf

<VirtualHost *:443>
        ServerName poweradmin1.dynamic-dns.at
        ServerAlias [fe80::1]
        ServerAdmin admin@kirner.or.at

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/dynamic-dns.at/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/dynamic-dns.at/privkey.pem

        ErrorLog /var/log/apache2/error-poweradmin1.dynamic-dns.at.log
        CustomLog /var/log/apache2/access-poweradmin1.dynamic-dns.at.log combined

        DocumentRoot /opt/web/powerdns-admin/

        WSGIDaemonProcess pdnsadmin user=pdnsadmin group=pdnsadmin threads=5
        WSGIScriptAlias / /opt/web/powerdns-admin/powerdnsadmin.wsgi

        # pass BasicAuth on to the WSGI process
        WSGIPassAuthorization On

        <Directory "/opt/web/powerdns-admin/">
                WSGIProcessGroup pdnsadmin
                WSGIApplicationGroup %{GLOBAL}

                AllowOverride None
                Options +ExecCGI +FollowSymLinks
                SSLRequireSSL
                AllowOverride None
                Require all granted
        </Directory>
</VirtualHost>

/opt/web/powerdns-admin/powerdnsadmin.wsgi

sudo -u pdnsadmin vi /opt/web/powerdns-admin/powerdnsadmin.wsgi

#!/usr/bin/env python3
import sys
sys.path.insert(0, '/opt/web/powerdns-admin')

from powerdnsadmin import create_app
application = create_app()

Konfigurationen neu laden

cd /etc/apache2/sites-available
sudo a2ensite powerdns.conf
sudo a2ensite powerdns-ssl.conf
sudo service apache2 reload

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/WSGI-Apache-example

Probleme

[ssl:warn] [pid 604] AH01906: powerdns2.kirner.or.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Siehe Apache#Fehlermeldungen

SOA-Record / content: a.misconfigured.powerdns.server

TODO

https://doc.powerdns.com/md/authoritative/settings/#default-soa-name

https://en.wikipedia.org/wiki/SOA_record

Links

https://github.com/ngoduykhanh/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian

https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/

https://blog.jonaharagon.com/installing-powerdns-admin-on-ubuntu-18-04/

https://github.com/ngoduykhanh/PowerDNS-Admin


Zurück zu PowerDNS, Ubuntu

Abgerufen von „https://tutorials.kirner.or.at/tutorials/index.php?title=PowerDNS-Admin_(Ubuntu)&oldid=8105