Compare commits
2 Commits
3bcfc8de46
...
ff5160d9bd
Author | SHA1 | Date |
---|---|---|
tracer | ff5160d9bd | |
tracer | c4fca8bf60 |
215
README.md
215
README.md
|
@ -88,7 +88,8 @@ As root (or via sudo):
|
||||||
|
|
||||||
We need this to check out the bindAPi from git later.
|
We need this to check out the bindAPi from git later.
|
||||||
|
|
||||||
So as we are still root, we need to install composer, two reasonable locations are under /bindAPI/bin or /usr/local/bin.
|
So as we are still root, we need to install composer, two reasonable locations are under ~/bindAPI/bin or /usr/local/bin.
|
||||||
|
(~ stands for the home folder)
|
||||||
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
|
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
|
||||||
|
|
||||||
`wget https://getcomposer.org/installer`
|
`wget https://getcomposer.org/installer`
|
||||||
|
@ -99,12 +100,12 @@ Now we can change into our new user, remind to give him shell access in the pane
|
||||||
|
|
||||||
![Php Interpreter](https://bindapi.24unix.net/assets/bindAPI_shell.png)
|
![Php Interpreter](https://bindapi.24unix.net/assets/bindAPI_shell.png)
|
||||||
|
|
||||||
` su - tfunix`
|
`su - tfunix`
|
||||||
|
|
||||||
|
|
||||||
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
|
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
|
||||||
|
|
||||||
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi (~ => home folder).
|
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi.
|
||||||
|
|
||||||
So, we head over to our directory:
|
So, we head over to our directory:
|
||||||
|
|
||||||
|
@ -176,7 +177,11 @@ apt update
|
||||||
```
|
```
|
||||||
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
|
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
|
||||||
|
|
||||||
`apt install ph8.1-fpm, php8.1-cli, and besides that php8.1-curl, php8.1-xml and php8.1-mbstring`
|
`apt install ph8.1-fpm, php8.1-cli php8.1-curl php8.1-xml php8.1-mbstring`
|
||||||
|
|
||||||
|
So, to be compatible with KeyHelp, we create a symlink:
|
||||||
|
|
||||||
|
`ln -s /usr/bin/php /usr/bin/keyhelp-php81`
|
||||||
|
|
||||||
We also need MariaDB, the successor of MySQL.
|
We also need MariaDB, the successor of MySQL.
|
||||||
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
|
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
|
||||||
|
@ -261,7 +266,8 @@ cat config.json
|
||||||
"dbPort": 3306,
|
"dbPort": 3306,
|
||||||
"dbDatabase": "sampledb",
|
"dbDatabase": "sampledb",
|
||||||
"dbUser": "sampleuser",
|
"dbUser": "sampleuser",
|
||||||
"dbPassword": "secret"
|
"dbPassword": "secret",
|
||||||
|
"debug": false
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
We'll start the installer another time:
|
We'll start the installer another time:
|
||||||
|
@ -279,13 +285,208 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORA
|
||||||
There is no need to run FLUSH PRIVILEGES when using GRANT!
|
There is no need to run FLUSH PRIVILEGES when using GRANT!
|
||||||
```
|
```
|
||||||
|
|
||||||
So, now it offers us the create statements for the needed database.
|
So, now it offers us the SQL statements to create a new user and database and set permissions.
|
||||||
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
|
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
|
||||||
|
|
||||||
If we're using hte panel, lets create a database and write down the credentials and update config.json.
|
If we're using hte panel, lets create a database and write down the credentials and update config.json.
|
||||||
|
|
||||||
|
And another call to the console:
|
||||||
|
|
||||||
Now we can finally begin to populate our configuration:
|
```
|
||||||
|
$ ./bin/console
|
||||||
|
Error: Cannot find tables.
|
||||||
|
Should I try to create them? (y/N): y
|
||||||
|
Tables have been created.
|
||||||
|
```
|
||||||
|
|
||||||
|
When we now call the console it displays it's options:
|
||||||
|
|
||||||
|
![CLI Interface](https://bindapi.24unix.net/assets/bindAPI_cli.png)
|
||||||
|
|
||||||
|
|
||||||
|
Now we can finally begin to populate our configuration.
|
||||||
|
|
||||||
|
We assume ns1 and ns2 are already configured, so we add them to the local config:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console nameservers:create ns1.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=61f27a57c9d1f.[truncated]
|
||||||
|
Nameserver ns1.24unix.net has been created with id 1
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
And the same procedure for ns2, and now we have:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console nameservers:list
|
||||||
|
All available nameservers:
|
||||||
|
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||||
|
| ID | Name | A | AAAA | API Key |
|
||||||
|
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||||
|
| 1 | ns1.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | 61f27a57c9d1f |
|
||||||
|
| 2 | ns2.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | 61eef211dea9a |
|
||||||
|
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||||
|
```
|
||||||
|
Now we can ping the API to check if our servers are alive.
|
||||||
|
We have to add --verbose to the command, because it can also be used to monitor the server in cron jobs where no output is desired, only the result code.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console --verbose nameservers:apiping
|
||||||
|
ns1.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
||||||
|
ns2.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we can add all out panels:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console panels:create executor.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=Lo7jsXYQ.[truncated]
|
||||||
|
Panel executor.24unix.net has been created with id 28
|
||||||
|
```
|
||||||
|
|
||||||
|
Oups. The autoincrement ID should be 1, I'll fix that.
|
||||||
|
|
||||||
|
OK, now we've got all our panels:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console panels:list
|
||||||
|
All available panels:
|
||||||
|
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||||
|
| ID | Name | A | AAAA | API Key |
|
||||||
|
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||||
|
| 28 | executor.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | Lo7jsXYQ |
|
||||||
|
| 33 | imperial.24unix.net | 176.9.165.130 | 2a01:4f8:161:12cd::130 | AFB0Gm7C |
|
||||||
|
| 32 | interdictor.24unix.net | 176.9.165.131 | 2a01:4f8:161:12cd::131 | qsrlTNIu |
|
||||||
|
| 31 | paz.24unix.net | 176.9.165.134 | 2a01:4f8:161:12cd::134 | DquWO8vf |
|
||||||
|
| 29 | shadow.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | o2CtvTQh |
|
||||||
|
| 30 | tector.24unix.net | 176.9.165.137 | 2a01:4f8:161:12cd::137 | HJwrfMd7 |
|
||||||
|
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||||
|
```
|
||||||
|
|
||||||
|
Look if they're alive:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console --verbose panels:apiping
|
||||||
|
executor.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
||||||
|
imperial.24unix.net 176.9.165.130 pong 2a01:4f8:161:12cd::130 pong
|
||||||
|
interdictor.24unix.net 176.9.165.131 pong 2a01:4f8:161:12cd::131 pong
|
||||||
|
paz.24unix.net 176.9.165.134 pong 2a01:4f8:161:12cd::134 pong
|
||||||
|
shadow.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
||||||
|
tector.24unix.net 176.9.165.137 pong 2a01:4f8:161:12cd::137 pong
|
||||||
|
```
|
||||||
|
|
||||||
|
OK, Nameservers ✅
|
||||||
|
Panels ✅
|
||||||
|
|
||||||
|
What's next? Check the domains on each panel:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console --verbose check:panels fix=yes
|
||||||
|
check all …
|
||||||
|
Keyhelp-Panel: executor.24unix.net
|
||||||
|
Domain: 24unix.net ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Keyhelp-Panel: imperial.24unix.net
|
||||||
|
Domain: rchelifan.org ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Keyhelp-Panel: interdictor.24unix.net
|
||||||
|
No second level domains found.
|
||||||
|
Keyhelp-Panel: paz.24unix.net
|
||||||
|
Domain: crowddataworker.de ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Domain: cdw.one ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Domain: aussempott.de ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Domain: fairdns.de ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Domain: tzazicke.de ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Domain: casabuitoni.de ns1.24unix.net OK ns2.24unix.net OK
|
||||||
|
Keyhelp-Panel: shadow.24unix.net
|
||||||
|
No second level domains found.
|
||||||
|
Keyhelp-Panel: tector.24unix.net
|
||||||
|
No second level domains found.
|
||||||
|
```
|
||||||
|
The output is a little bit ugly, maybe I'll come up with something nicer.
|
||||||
|
|
||||||
|
So, now we have our nameservers, our panels.
|
||||||
|
|
||||||
|
But only two of them, ns3 is missing, so we're going to add it.
|
||||||
|
|
||||||
|
We create a new key:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console apikeys:create
|
||||||
|
API key 1 has been generated. Store it in a save place, it cannot be recovered.
|
||||||
|
6213acb116613.[truncated]]
|
||||||
|
```
|
||||||
|
|
||||||
|
And add it to our list of nameservers:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console nameservers:create ns3.24unix.net a=212.227.160.159 aaaa=2001:8d8:1801:701::1 apikey=6213acb116613.[truncated]
|
||||||
|
Nameserver ns3.24unix.net has been created with id 3
|
||||||
|
```
|
||||||
|
|
||||||
|
We can soon start filling our own list of slaves domains.
|
||||||
|
|
||||||
|
But before, we need to check some prerequisites:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console check:permissions
|
||||||
|
Checking permission:
|
||||||
|
|
||||||
|
UID: 5001
|
||||||
|
Name: tfunix
|
||||||
|
Checking file: /etc/bind/local.zones
|
||||||
|
PHP Warning: fileperms(): stat failed for /etc/bind/local.zones in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 121
|
||||||
|
❌Group needs write permission!
|
||||||
|
Checking /etc/bind/named.conf.local
|
||||||
|
❌ /etc/bind/local.zones needs to be included in /etc/bind/named.conf.local .
|
||||||
|
Checking directory: /etc/bind/zones/
|
||||||
|
PHP Warning: fileperms(): stat failed for /etc/bind/zones/ in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 140
|
||||||
|
❌Group needs write permission!
|
||||||
|
```
|
||||||
|
|
||||||
|
So, there are a few manual steps needed.
|
||||||
|
|
||||||
|
tfunix has to be a group member of the „bind“ group.
|
||||||
|
As root perform:
|
||||||
|
|
||||||
|
`usermod -G bind tfunix`
|
||||||
|
(Mind that it is a capital G, else you'll change the primary group and the checks will fail.
|
||||||
|
Don't ask how I noticed …)
|
||||||
|
|
||||||
|
We now have to logout and login with tfunix for the changes to apply.
|
||||||
|
|
||||||
|
After new login it should look like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ id
|
||||||
|
uid=5001(tfunix) gid=113(bind) groups=113(bind),1001(keyhelp_file_manager)
|
||||||
|
```
|
||||||
|
|
||||||
|
We again need root:
|
||||||
|
|
||||||
|
```
|
||||||
|
touch /etc/bind/local.zones
|
||||||
|
chown bind:bind /etc/bind/local.zones
|
||||||
|
echo 'include "/etc/bind/local.zones";' >> /etc/bind/named.conf.local
|
||||||
|
|
||||||
|
mkdir /etc/bind/zones
|
||||||
|
chown bind:bind /etc/bind/zones
|
||||||
|
chmod g+w /etc/bind/zones
|
||||||
|
```
|
||||||
|
|
||||||
|
Now it looks better:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./bin/console check:permissions
|
||||||
|
Checking permission:
|
||||||
|
|
||||||
|
UID: 5001
|
||||||
|
Name: tfunix
|
||||||
|
Checking file: /etc/bind/local.zones
|
||||||
|
✅ Group has write access .
|
||||||
|
Checking /etc/bind/named.conf.local
|
||||||
|
✅ /etc/bind/local.zones is included in /etc/bind/named.conf.local
|
||||||
|
Checking directory: /etc/bind/zones/
|
||||||
|
✅ Group has write access .
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue