Це стара версія документу!
PowerDNS Server
Install PowerDNS + Recursor + Admin + MariaDB + DNSdist
Розгортаємо високопродуктивний безкоштовний авторитарний DNS-сервер для тримання власних зон доменів
All we do from sudo user!!!
Install MariaDB
https://blog.programs74.ru/how-to-install-mariadb-10-5-on-debian-10/
apt-get install -y mariadb-server libmariadbclient-dev libmariadbclient-dev-compat systemctl status mariadb
sudo mysql_secure_installation
-- It does not ask me for any password sudo mysql
-- Then in MariaDB/MySQL console: UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE USER='root'; FLUSH PRIVILEGES; exit;
https://galeracluster.com/library/documentation/galera-manager-monitoring-clusters.html https://galeracluster.com/library/documentation/galera-manager.html https://bogachev.biz/2017/03/28/neskolko-sposobov-vosstanovleniya-mariadb-galera-cluster/ https://galeracluster.com/library/documentation/arbitrator.html
fix [Warning] [MY-013360] [Server] Plugin sha256_password reported
Install apache2 php phpMyAdmin
Встановлення Apache
apt-get install -yq apache2
Включаємо потрібні нам модулі для апача:
sudo a2enmod ssl sudo a2enmod rewrite sudo a2enmod suexec sudo a2enmod include
Застосовуємо зміни
systemctl restart apache2 systemctl status apache2
(1) Для включення https https://www.8host.com/blog/sozdanie-sertifikata-lets-encrypt-dlya-apache-v-debian-10/
Install phpMyAdmin php
sudo apt -y install wget php php-cgi php-pear php-mbstring php8.2-gettext libapache2-mod-php php-common php-phpseclib php-mysql
cd /tmp DATA="$(wget https://www.phpmyadmin.net/home_page/latest.txt -q -O-)" URL="$(echo $DATA | cut -d ' ' -f 3)" VERSION="$(echo $DATA | cut -d ' ' -f 1)" wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-all-languages.tar.gz tar xvf phpMyAdmin-${VERSION}-all-languages.tar.gz
Delete compressed file and move the resulting folder to /usr/share/phpmyadmin folder.
rm *.tar.gz sudo mv phpMyAdmin-*/ /var/www/phpmyadmin
Create directory for phpMyAdmin temp files.
sudo mkdir -p /var/lib/phpmyadmin/tmp sudo chown -R www-data:www-data /var/lib/phpmyadmin sudo mkdir /etc/phpmyadmin/ sudo cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.php nano /var/www/phpmyadmin/config.inc.php
#Edit the file and set secret passphrase: $cfg['blowfish_secret'] = 'H2OxcGXxflSd8JwrwVlh6KW6s2rER63i'; //Configure Temp directory by add $cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';
nano /etc/apache2/conf-available/phpmyadmin.conf
# phpMyAdmin default Apache configuration Alias /pma /var/www/phpmyadmin <Directory /var/www/phpmyadmin> Options SymLinksIfOwnerMatch DirectoryIndex index.php <IfModule mod_php5.c> <IfModule mod_mime.c> AddType application/x-httpd-php .php </IfModule> <FilesMatch ".+\.php$"> SetHandler application/x-httpd-php </FilesMatch> php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /var/www/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/var/www/php/php-gettext/:/var/www/php/php-php-gettext/:/var/www/javascript/:/var/www/php/tcpdf/:/var/www/doc/phpmyadmin/:/var/www/php/phpseclib/ php_admin_value mbstring.func_overload 0 </IfModule> <IfModule mod_php.c> <IfModule mod_mime.c> AddType application/x-httpd-php .php </IfModule> <FilesMatch ".+\.php$"> SetHandler application/x-httpd-php </FilesMatch> php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /var/www/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/var/www/doc/phpmyadmin/:/usr/share/php/phpseclib/ php_admin_value mbstring.func_overload 0 </IfModule> </Directory> # Authorize for setup <Directory /var/www/phpmyadmin/setup> <IfModule mod_authz_core.c> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </IfModule> </Directory> # Disallow web access to directories that don't need it <Directory /var/www/phpmyadmin/templates> Require all denied </Directory> <Directory /var/www/phpmyadmin/libraries> Require all denied </Directory> <Directory /var/www/phpmyadmin/setup/lib> Require all denied </Directory>
You can restrict access from specific IP by adding line like below
Require ip 127.0.0.1 192.168.18.0/24
a2enconf phpmyadmin.conf systemctl reload apache2 systemctl restart apache2
Visit phpMyAdmin Web interface Open the URL http://[ServerIP/Hostname]/pma to login into phpMyAdmin dashboard with your Database credentials – username & password.
Install PowerDNS server
apt-get update apt-get install -y pdns-server pdns-backend-mysql nano /etc/powerdns/pdns.d/pdns.local.gmysql.conf
# MySQL Configuration # Launch gmysql backend launch+=gmysql # gmysql parameters gmysql-host=localhost gmysql-port=3306 gmysql-dbname=powerdns gmysql-user=powerdns gmysql-password=strongpassword gmysql-dnssec=yes # gmysql-socket=
nano /etc/powerdns/pdns.conf
setgid=pdns setuid=pdns local-address=127.0.0.1 local-port=53 include-dir=/etc/powerdns/pdns.d launch=
prepeare mysql db
mysql -u root -p
CREATE DATABASE powerdns; GRANT ALL ON powerdns.* TO 'powerdns'@'localhost' IDENTIFIED BY 'strongpassword'; FLUSH PRIVILEGES; quit;
Якщо це нове встановлення, то створимо структуру бази даних
mysql powerdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
Інакше, відновимо структуру з вашої резервної копії
mysql powerdns < /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
Після відновлення з резервної копії, перевіряємо наявність змін структури
ls /usr/share/pdns-backend-mysql/schema/ | grep -E -i '^[0-9]' "3.4.0_to_4.1.0_schema.mysql.sql 4.1.0_to_4.2.0_schema.mysql.sql 4.2.0_to_4.3.0_schema.mysql.sql"
Якщо вони є, застосовуємо всі почерзі, починаючи з версії з резервної копії, наприклад з 4.1.0
mysql powerdns < /usr/share/pdns-backend-mysql/schema/4.1.0_to_4.2.0_schema.mysql.sql mysql powerdns < /usr/share/pdns-backend-mysql/schema/4.2.0_to_4.3.0_schema.mysql.sql
systemctl start pdns netstat -tap | grep pdns
dig mydomain.local @127.0.0.1 -p 5300 dig @127.0.0.1
Панель адміністрування PowerDNS-Admin
https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-debian/
https://github.com/PowerDNS-Admin/PowerDNS-Admin/wiki/Running-PowerDNS-Admin-on-Ubuntu-or-Debian
apt-get install -y python3-dev libmysqlclient-dev libsasl2-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev \ libxmlsec1-dev libffi-dev pkg-config apt-transport-https virtualenv build-essential apt-get install nodejs
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list apt-get update -y apt-get install -y yarn
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin cd /opt/web/powerdns-admin cp config_template.py config.py mysql -u root -p
CREATE DATABASE pda; GRANT ALL PRIVILEGES ON pda.* TO 'pda'@'127.0.0.1' IDENTIFIED BY 'changeme'; FLUSH PRIVILEGES; quit
nano /opt/web/powerdns-admin/config.py
BIND_ADDRESS = '0.0.0.0'
virtualenv -p python3 flask source ./flask/bin/activate pip install -r requirements.txt pip install python-dotenv export FLASK_APP=app/__init__.py flask db migrate -m "Init DB" flask db upgrade
yarn install --pure-lockfile flask assets build
/etc/init.d/pdns restart /etc/init.d/pdns status
nano /etc/systemd/system/powerdns-admin.service
[Unit] Description=PowerDNS-Admin After=network.target [Service] User=root Group=root WorkingDirectory=/opt/web/powerdns-admin #ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind unix:/opt/web/powerdns-admin/powerdns-admin.sock app:app ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind 0.0.0.0:9191 app:app [Install] WantedBy=multi-user.target
systemctl daemon-reload
systemctl start powerdns-admin
systemctl enable powerdns-admin
nano /etc/powerdns/pdns.d/api.conf
api=yes api-key=changeme
/etc/init.d/pdns restart
Нотатки
History
___________WSGI________ apt install apache2-dev sudo apt-get install uwsgi uwsgi-plugin-python pip3 install mod-wsgi mod_wsgi-express install-module > /etc/apache2/mods-available/wsgi.load a2enmod wsgi sudo a2enmod wsgi systemctl restart apache2 nano /etc/apache2/sites-available/powerdns-admin.conf nano /opt/web/powerdns-admin/powerdnsadmin.wsgi uwsgi /opt/web/powerdns-admin/powerdnsadmin.wsgi wsgi /opt/web/powerdns-admin/powerdnsadmin.wsgi uwsgi powerdnsadmin.wsgi sudo a2dissite 000-default.conf sudo a2ensite powerdns-admin.conf sudo apache2ctl configtest systemctl restart apache2 systemctl status apache2 nano /etc/systemd/system/powerdns-admin.service systemctl daemon-reload systemctl start powerdns-admin systemctl enable powerdns-admin sudo ufw allow 9191/tcp sudo ufw reload systemctl status powerdns-admin nano /etc/systemd/system/powerdns-admin.service /usr/bin/gunicorn-3.6 --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket "powerdnsadmin:create_app(config='config.py')" /opt/web/powerdns-admin/flask/bin/gunicorn --workers 2 --bind 0.0.0.0:9191 "powerdnsadmin:create_app(config='config.py')" [Unit] Description=PowerDNS-Admin Requires=powerdns-admin.socket Wants=network.target After=network.target mysqld.service slapd.service mariadb.service [Service] PIDFile=/run/powerdns-admin/pid User=www-data Group=www-data WorkingDirectory=/opt/web/powerdns-admin #ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket "powerdnsadmin:create_app(config='config.py')" ExecStart=/opt/web/powerdns-admin/flask/bin/gunicorn --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind 0.0.0.0:9191 "powerdnsadmin:create_app(config='config.py')" ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s TERM $MAINPID PrivateTmp=true Restart=on-failure RestartSec=10 StartLimitInterval=0 [Install] systemctl daemon-reload systemctl enable powerdns-admin systemctl restart powerdns-admin nano /etc/systemd/system/powerdns-admin.socket systemctl restart powerdns-admin chmod /run/powerdns-admin 0755 www-data www-data - chown www-data:www-data /run/powerdns-admin nano /etc/tmpfiles.d/powerdns-admin.conf sudo systemctl daemon-reload; sudo systemctl start powerdns-admin.socket; sudo systemctl enable powerdns-admin.socket nano /etc/systemd/system/powerdns-admin.socket nano /etc/systemd/system/powerdns-admin.service systemctl disable powerdns-admin systemctl enaable powerdns-admin systemctl restart powerdns-admin systemctl status powerdns-admin systemctl status powerdns-admin nano /etc/systemd/system/powerdns-admin.service systemctl disable powerdns-admin systemctl enaable powerdns-admin systemctl restart powerdns-admin systemctl status powerdns-admin nano /etc/systemd/system/powerdns-admin.service systemctl restart powerdns-admin systemctl status powerdns-admin /opt/web/powerdns-admin/flask/bin/gunicorn --workers 4 --log-level info --pid /run/powerdns-admin/pid --bind 0.0.0.0:9191 "powerdnsadmin:create_app(config='config.py')" nano /etc/systemd/system/powerdns-admin.service systemctl disable powerdns-admin sudo systemctl daemon-reload; systemctl restart powerdns-admin systemctl enable powerdns-admin systemctl restart powerdns-admin systemctl stop powerdns-admin nano /etc/systemd/system/powerdns-admin.service systemctl disable powerdns-admin sudo systemctl daemon-reload; systemctl enable powerdns-admin systemctl restart powerdns-admin systemctl disable powerdns-admin nano /etc/systemd/system/powerdns-admin.service nano /etc/systemd/system/powerdns-admin.service systemctl daemon-reload systemctl start powerdns-admin systemctl enable powerdns-admin systemctl start powerdns-admin systemctl status powerdns-admin systemctl stop powerdns-admin systemctl stop powerdns-admin.socket systemctl stop powerdns-admin.socket systemctl stop powerdns-admin /opt/web/powerdns-admin/flask/bin/gunicorn --pid /run/powerdns-admin/pid --bind 0.0.0.0:9191 powerdnsadmin:create_app() /opt/web/powerdns-admin/flask/bin/gunicorn --bind 0.0.0.0:9191 powerdnsadmin:create_app() /opt/web/powerdns-admin/flask/bin/gunicorn --bind 0.0.0.0:9191 powerdnsadmin:create_app() /opt/web/powerdns-admin/flask/bin/gunicorn --bind 0.0.0.0:9191 "powerdnsadmin:create_app()" /opt/web/powerdns-admin/flask/bin/gunicorn --pid /run/powerdns-admin/pid --bind 0.0.0.0:9191 "powerdnsadmin:create_app()" nano /etc/systemd/system/powerdns-admin.service systemctl daemon-reload systemctl stop powerdns-admin.socket systemctl stop powerdns-admin systemctl enable powerdns-admin systemctl start powerdns-admin systemctl status powerdns-admin nano /etc/systemd/system/powerdns-admin.service systemctl daemon-reload systemctl enable powerdns-admin systemctl restart powerdns-admin systemctl status powerdns-admin nano /etc/apache2/sites-available/powerdns-admin.conf sudo apache2ctl configtest mod_proxy sudo a2enmod proxy systemctl restart apache2 sudo apache2ctl configtest nano /etc/apache2/sites-available/powerdns-admin.conf sudo apache2ctl configtest systemctl restart apache2 nano /etc/apache2/sites-available/powerdns-admin.conf sudo apache2ctl configtest systemctl restart apache2 history
https://dnslookup.online/ptr.html
new version https://kifarunix.com/easily-install-and-setup-powerdns-admin-on-ubuntu-20-04/
https://github.com/ngoduykhanh/PowerDNS-Admin/wiki
https://fossies.org/linux/pdns-dnsdist/pdns/dnsdistdist/docs/advanced/snmp.rst
sh -c 'echo "deb [arch=amd64] http://repo.powerdns.com/debian buster-rec-master main" > /etc/apt/sources.list.d/pdns.list'
nano /etc/apt/preferences.d/pdns
Package: pdns-* Pin: origin repo.powerdns.com Pin-Priority: 600
curl https://repo.powerdns.com/CBC8B383-pub.asc | sudo apt-key add - && sudo apt-get update && sudo apt-get install pdns-recursor
pdnsutil create-zone example.com ns1.example.com
/etc/init.d/pdns-recursor restart rec_control wipe-cache /etc/init.d/pdns-recursor status