Compare commits

...

2 Commits

Author SHA1 Message Date
tracer ff5160d9bd added link to keyhelp-php81
Signed-off-by: tracer <tracer@24unix.net>
2022-02-21 20:47:15 +01:00
tracer c4fca8bf60 added mos tof the configuration stuff
Signed-off-by: tracer <tracer@24unix.net>
2022-02-21 20:31:57 +01:00
1 changed files with 208 additions and 7 deletions

215
README.md
View File

@ -88,7 +88,8 @@ As root (or via sudo):
We need this to check out the bindAPi from git later.
So as we are still root, we need to install composer, two reasonable locations are under /bindAPI/bin or /usr/local/bin.
So as we are still root, we need to install composer, two reasonable locations are under ~/bindAPI/bin or /usr/local/bin.
(~ stands for the home folder)
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
`wget https://getcomposer.org/installer`
@ -99,12 +100,12 @@ Now we can change into our new user, remind to give him shell access in the pane
![Php Interpreter](https://bindapi.24unix.net/assets/bindAPI_shell.png)
` su - tfunix`
`su - tfunix`
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi (~ => home folder).
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi.
So, we head over to our directory:
@ -176,7 +177,11 @@ apt update
```
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
`apt install ph8.1-fpm, php8.1-cli, and besides that php8.1-curl, php8.1-xml and php8.1-mbstring`
`apt install ph8.1-fpm, php8.1-cli php8.1-curl php8.1-xml php8.1-mbstring`
So, to be compatible with KeyHelp, we create a symlink:
`ln -s /usr/bin/php /usr/bin/keyhelp-php81`
We also need MariaDB, the successor of MySQL.
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
@ -261,7 +266,8 @@ cat config.json
"dbPort": 3306,
"dbDatabase": "sampledb",
"dbUser": "sampleuser",
"dbPassword": "secret"
"dbPassword": "secret",
"debug": false
}
```
We'll start the installer another time:
@ -279,13 +285,208 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORA
There is no need to run FLUSH PRIVILEGES when using GRANT!
```
So, now it offers us the create statements for the needed database.
So, now it offers us the SQL statements to create a new user and database and set permissions.
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
If we're using hte panel, lets create a database and write down the credentials and update config.json.
And another call to the console:
Now we can finally begin to populate our configuration:
```
$ ./bin/console
Error: Cannot find tables.
Should I try to create them? (y/N): y
Tables have been created.
```
When we now call the console it displays it's options:
![CLI Interface](https://bindapi.24unix.net/assets/bindAPI_cli.png)
Now we can finally begin to populate our configuration.
We assume ns1 and ns2 are already configured, so we add them to the local config:
```
$ ./bin/console nameservers:create ns1.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=61f27a57c9d1f.[truncated]
Nameserver ns1.24unix.net has been created with id 1
```
And the same procedure for ns2, and now we have:
```
$ ./bin/console nameservers:list
All available nameservers:
+------+------------------+------------------+---------------------------------------+-----------------+
| ID | Name | A | AAAA | API Key |
+------+------------------+------------------+---------------------------------------+-----------------+
| 1 | ns1.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | 61f27a57c9d1f |
| 2 | ns2.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | 61eef211dea9a |
+------+------------------+------------------+---------------------------------------+-----------------+
```
Now we can ping the API to check if our servers are alive.
We have to add --verbose to the command, because it can also be used to monitor the server in cron jobs where no output is desired, only the result code.
```
$ ./bin/console --verbose nameservers:apiping
ns1.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
ns2.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
```
Now we can add all out panels:
```
$ ./bin/console panels:create executor.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=Lo7jsXYQ.[truncated]
Panel executor.24unix.net has been created with id 28
```
Oups. The autoincrement ID should be 1, I'll fix that.
OK, now we've got all our panels:
```
$ ./bin/console panels:list
All available panels:
+------+--------------------------+------------------+---------------------------------------+------------+
| ID | Name | A | AAAA | API Key |
+------+--------------------------+------------------+---------------------------------------+------------+
| 28 | executor.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | Lo7jsXYQ |
| 33 | imperial.24unix.net | 176.9.165.130 | 2a01:4f8:161:12cd::130 | AFB0Gm7C |
| 32 | interdictor.24unix.net | 176.9.165.131 | 2a01:4f8:161:12cd::131 | qsrlTNIu |
| 31 | paz.24unix.net | 176.9.165.134 | 2a01:4f8:161:12cd::134 | DquWO8vf |
| 29 | shadow.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | o2CtvTQh |
| 30 | tector.24unix.net | 176.9.165.137 | 2a01:4f8:161:12cd::137 | HJwrfMd7 |
+------+--------------------------+------------------+---------------------------------------+------------+
```
Look if they're alive:
```
$ ./bin/console --verbose panels:apiping
executor.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
imperial.24unix.net 176.9.165.130 pong 2a01:4f8:161:12cd::130 pong
interdictor.24unix.net 176.9.165.131 pong 2a01:4f8:161:12cd::131 pong
paz.24unix.net 176.9.165.134 pong 2a01:4f8:161:12cd::134 pong
shadow.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
tector.24unix.net 176.9.165.137 pong 2a01:4f8:161:12cd::137 pong
```
OK, Nameservers ✅
Panels ✅
What's next? Check the domains on each panel:
```
$ ./bin/console --verbose check:panels fix=yes
check all …
Keyhelp-Panel: executor.24unix.net
Domain: 24unix.net ns1.24unix.net OK ns2.24unix.net OK
Keyhelp-Panel: imperial.24unix.net
Domain: rchelifan.org ns1.24unix.net OK ns2.24unix.net OK
Keyhelp-Panel: interdictor.24unix.net
No second level domains found.
Keyhelp-Panel: paz.24unix.net
Domain: crowddataworker.de ns1.24unix.net OK ns2.24unix.net OK
Domain: cdw.one ns1.24unix.net OK ns2.24unix.net OK
Domain: aussempott.de ns1.24unix.net OK ns2.24unix.net OK
Domain: fairdns.de ns1.24unix.net OK ns2.24unix.net OK
Domain: tzazicke.de ns1.24unix.net OK ns2.24unix.net OK
Domain: casabuitoni.de ns1.24unix.net OK ns2.24unix.net OK
Keyhelp-Panel: shadow.24unix.net
No second level domains found.
Keyhelp-Panel: tector.24unix.net
No second level domains found.
```
The output is a little bit ugly, maybe I'll come up with something nicer.
So, now we have our nameservers, our panels.
But only two of them, ns3 is missing, so we're going to add it.
We create a new key:
```
$ ./bin/console apikeys:create
API key 1 has been generated. Store it in a save place, it cannot be recovered.
6213acb116613.[truncated]]
```
And add it to our list of nameservers:
```
$ ./bin/console nameservers:create ns3.24unix.net a=212.227.160.159 aaaa=2001:8d8:1801:701::1 apikey=6213acb116613.[truncated]
Nameserver ns3.24unix.net has been created with id 3
```
We can soon start filling our own list of slaves domains.
But before, we need to check some prerequisites:
```
$ ./bin/console check:permissions
Checking permission:
UID: 5001
Name: tfunix
Checking file: /etc/bind/local.zones
PHP Warning: fileperms(): stat failed for /etc/bind/local.zones in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 121
❌Group needs write permission!
Checking /etc/bind/named.conf.local
❌ /etc/bind/local.zones needs to be included in /etc/bind/named.conf.local .
Checking directory: /etc/bind/zones/
PHP Warning: fileperms(): stat failed for /etc/bind/zones/ in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 140
❌Group needs write permission!
```
So, there are a few manual steps needed.
tfunix has to be a group member of the „bind“ group.
As root perform:
`usermod -G bind tfunix`
(Mind that it is a capital G, else you'll change the primary group and the checks will fail.
Don't ask how I noticed …)
We now have to logout and login with tfunix for the changes to apply.
After new login it should look like this:
```
$ id
uid=5001(tfunix) gid=113(bind) groups=113(bind),1001(keyhelp_file_manager)
```
We again need root:
```
touch /etc/bind/local.zones
chown bind:bind /etc/bind/local.zones
echo 'include "/etc/bind/local.zones";' >> /etc/bind/named.conf.local
mkdir /etc/bind/zones
chown bind:bind /etc/bind/zones
chmod g+w /etc/bind/zones
```
Now it looks better:
```
$ ./bin/console check:permissions
Checking permission:
UID: 5001
Name: tfunix
Checking file: /etc/bind/local.zones
✅ Group has write access .
Checking /etc/bind/named.conf.local
✅ /etc/bind/local.zones is included in /etc/bind/named.conf.local
Checking directory: /etc/bind/zones/
✅ Group has write access .
```
TODO