Compare commits
2 Commits
3bcfc8de46
...
ff5160d9bd
Author | SHA1 | Date |
---|---|---|
tracer | ff5160d9bd | |
tracer | c4fca8bf60 |
213
README.md
213
README.md
|
@ -88,7 +88,8 @@ As root (or via sudo):
|
|||
|
||||
We need this to check out the bindAPi from git later.
|
||||
|
||||
So as we are still root, we need to install composer, two reasonable locations are under /bindAPI/bin or /usr/local/bin.
|
||||
So as we are still root, we need to install composer, two reasonable locations are under ~/bindAPI/bin or /usr/local/bin.
|
||||
(~ stands for the home folder)
|
||||
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
|
||||
|
||||
`wget https://getcomposer.org/installer`
|
||||
|
@ -104,7 +105,7 @@ Now we can change into our new user, remind to give him shell access in the pane
|
|||
|
||||
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
|
||||
|
||||
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi (~ => home folder).
|
||||
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi.
|
||||
|
||||
So, we head over to our directory:
|
||||
|
||||
|
@ -176,7 +177,11 @@ apt update
|
|||
```
|
||||
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
|
||||
|
||||
`apt install ph8.1-fpm, php8.1-cli, and besides that php8.1-curl, php8.1-xml and php8.1-mbstring`
|
||||
`apt install ph8.1-fpm, php8.1-cli php8.1-curl php8.1-xml php8.1-mbstring`
|
||||
|
||||
So, to be compatible with KeyHelp, we create a symlink:
|
||||
|
||||
`ln -s /usr/bin/php /usr/bin/keyhelp-php81`
|
||||
|
||||
We also need MariaDB, the successor of MySQL.
|
||||
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
|
||||
|
@ -261,7 +266,8 @@ cat config.json
|
|||
"dbPort": 3306,
|
||||
"dbDatabase": "sampledb",
|
||||
"dbUser": "sampleuser",
|
||||
"dbPassword": "secret"
|
||||
"dbPassword": "secret",
|
||||
"debug": false
|
||||
}
|
||||
```
|
||||
We'll start the installer another time:
|
||||
|
@ -279,13 +285,208 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORA
|
|||
There is no need to run FLUSH PRIVILEGES when using GRANT!
|
||||
```
|
||||
|
||||
So, now it offers us the create statements for the needed database.
|
||||
So, now it offers us the SQL statements to create a new user and database and set permissions.
|
||||
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
|
||||
|
||||
If we're using hte panel, lets create a database and write down the credentials and update config.json.
|
||||
|
||||
And another call to the console:
|
||||
|
||||
Now we can finally begin to populate our configuration:
|
||||
```
|
||||
$ ./bin/console
|
||||
Error: Cannot find tables.
|
||||
Should I try to create them? (y/N): y
|
||||
Tables have been created.
|
||||
```
|
||||
|
||||
When we now call the console it displays it's options:
|
||||
|
||||
![CLI Interface](https://bindapi.24unix.net/assets/bindAPI_cli.png)
|
||||
|
||||
|
||||
Now we can finally begin to populate our configuration.
|
||||
|
||||
We assume ns1 and ns2 are already configured, so we add them to the local config:
|
||||
|
||||
```
|
||||
$ ./bin/console nameservers:create ns1.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=61f27a57c9d1f.[truncated]
|
||||
Nameserver ns1.24unix.net has been created with id 1
|
||||
|
||||
```
|
||||
|
||||
And the same procedure for ns2, and now we have:
|
||||
|
||||
```
|
||||
$ ./bin/console nameservers:list
|
||||
All available nameservers:
|
||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||
| ID | Name | A | AAAA | API Key |
|
||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||
| 1 | ns1.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | 61f27a57c9d1f |
|
||||
| 2 | ns2.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | 61eef211dea9a |
|
||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
||||
```
|
||||
Now we can ping the API to check if our servers are alive.
|
||||
We have to add --verbose to the command, because it can also be used to monitor the server in cron jobs where no output is desired, only the result code.
|
||||
|
||||
```
|
||||
$ ./bin/console --verbose nameservers:apiping
|
||||
ns1.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
||||
ns2.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
||||
```
|
||||
|
||||
Now we can add all out panels:
|
||||
|
||||
```
|
||||
$ ./bin/console panels:create executor.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=Lo7jsXYQ.[truncated]
|
||||
Panel executor.24unix.net has been created with id 28
|
||||
```
|
||||
|
||||
Oups. The autoincrement ID should be 1, I'll fix that.
|
||||
|
||||
OK, now we've got all our panels:
|
||||
|
||||
```
|
||||
$ ./bin/console panels:list
|
||||
All available panels:
|
||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||
| ID | Name | A | AAAA | API Key |
|
||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||
| 28 | executor.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | Lo7jsXYQ |
|
||||
| 33 | imperial.24unix.net | 176.9.165.130 | 2a01:4f8:161:12cd::130 | AFB0Gm7C |
|
||||
| 32 | interdictor.24unix.net | 176.9.165.131 | 2a01:4f8:161:12cd::131 | qsrlTNIu |
|
||||
| 31 | paz.24unix.net | 176.9.165.134 | 2a01:4f8:161:12cd::134 | DquWO8vf |
|
||||
| 29 | shadow.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | o2CtvTQh |
|
||||
| 30 | tector.24unix.net | 176.9.165.137 | 2a01:4f8:161:12cd::137 | HJwrfMd7 |
|
||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
||||
```
|
||||
|
||||
Look if they're alive:
|
||||
|
||||
```
|
||||
$ ./bin/console --verbose panels:apiping
|
||||
executor.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
||||
imperial.24unix.net 176.9.165.130 pong 2a01:4f8:161:12cd::130 pong
|
||||
interdictor.24unix.net 176.9.165.131 pong 2a01:4f8:161:12cd::131 pong
|
||||
paz.24unix.net 176.9.165.134 pong 2a01:4f8:161:12cd::134 pong
|
||||
shadow.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
||||
tector.24unix.net 176.9.165.137 pong 2a01:4f8:161:12cd::137 pong
|
||||
```
|
||||
|
||||
OK, Nameservers ✅
|
||||
Panels ✅
|
||||
|
||||
What's next? Check the domains on each panel:
|
||||
|
||||
```
|
||||
$ ./bin/console --verbose check:panels fix=yes
|
||||
check all …
|
||||
Keyhelp-Panel: executor.24unix.net
|
||||
Domain: 24unix.net ns1.24unix.net OK ns2.24unix.net OK
|
||||
Keyhelp-Panel: imperial.24unix.net
|
||||
Domain: rchelifan.org ns1.24unix.net OK ns2.24unix.net OK
|
||||
Keyhelp-Panel: interdictor.24unix.net
|
||||
No second level domains found.
|
||||
Keyhelp-Panel: paz.24unix.net
|
||||
Domain: crowddataworker.de ns1.24unix.net OK ns2.24unix.net OK
|
||||
Domain: cdw.one ns1.24unix.net OK ns2.24unix.net OK
|
||||
Domain: aussempott.de ns1.24unix.net OK ns2.24unix.net OK
|
||||
Domain: fairdns.de ns1.24unix.net OK ns2.24unix.net OK
|
||||
Domain: tzazicke.de ns1.24unix.net OK ns2.24unix.net OK
|
||||
Domain: casabuitoni.de ns1.24unix.net OK ns2.24unix.net OK
|
||||
Keyhelp-Panel: shadow.24unix.net
|
||||
No second level domains found.
|
||||
Keyhelp-Panel: tector.24unix.net
|
||||
No second level domains found.
|
||||
```
|
||||
The output is a little bit ugly, maybe I'll come up with something nicer.
|
||||
|
||||
So, now we have our nameservers, our panels.
|
||||
|
||||
But only two of them, ns3 is missing, so we're going to add it.
|
||||
|
||||
We create a new key:
|
||||
|
||||
```
|
||||
$ ./bin/console apikeys:create
|
||||
API key 1 has been generated. Store it in a save place, it cannot be recovered.
|
||||
6213acb116613.[truncated]]
|
||||
```
|
||||
|
||||
And add it to our list of nameservers:
|
||||
|
||||
```
|
||||
$ ./bin/console nameservers:create ns3.24unix.net a=212.227.160.159 aaaa=2001:8d8:1801:701::1 apikey=6213acb116613.[truncated]
|
||||
Nameserver ns3.24unix.net has been created with id 3
|
||||
```
|
||||
|
||||
We can soon start filling our own list of slaves domains.
|
||||
|
||||
But before, we need to check some prerequisites:
|
||||
|
||||
```
|
||||
$ ./bin/console check:permissions
|
||||
Checking permission:
|
||||
|
||||
UID: 5001
|
||||
Name: tfunix
|
||||
Checking file: /etc/bind/local.zones
|
||||
PHP Warning: fileperms(): stat failed for /etc/bind/local.zones in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 121
|
||||
❌Group needs write permission!
|
||||
Checking /etc/bind/named.conf.local
|
||||
❌ /etc/bind/local.zones needs to be included in /etc/bind/named.conf.local .
|
||||
Checking directory: /etc/bind/zones/
|
||||
PHP Warning: fileperms(): stat failed for /etc/bind/zones/ in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 140
|
||||
❌Group needs write permission!
|
||||
```
|
||||
|
||||
So, there are a few manual steps needed.
|
||||
|
||||
tfunix has to be a group member of the „bind“ group.
|
||||
As root perform:
|
||||
|
||||
`usermod -G bind tfunix`
|
||||
(Mind that it is a capital G, else you'll change the primary group and the checks will fail.
|
||||
Don't ask how I noticed …)
|
||||
|
||||
We now have to logout and login with tfunix for the changes to apply.
|
||||
|
||||
After new login it should look like this:
|
||||
|
||||
```
|
||||
$ id
|
||||
uid=5001(tfunix) gid=113(bind) groups=113(bind),1001(keyhelp_file_manager)
|
||||
```
|
||||
|
||||
We again need root:
|
||||
|
||||
```
|
||||
touch /etc/bind/local.zones
|
||||
chown bind:bind /etc/bind/local.zones
|
||||
echo 'include "/etc/bind/local.zones";' >> /etc/bind/named.conf.local
|
||||
|
||||
mkdir /etc/bind/zones
|
||||
chown bind:bind /etc/bind/zones
|
||||
chmod g+w /etc/bind/zones
|
||||
```
|
||||
|
||||
Now it looks better:
|
||||
|
||||
```
|
||||
$ ./bin/console check:permissions
|
||||
Checking permission:
|
||||
|
||||
UID: 5001
|
||||
Name: tfunix
|
||||
Checking file: /etc/bind/local.zones
|
||||
✅ Group has write access .
|
||||
Checking /etc/bind/named.conf.local
|
||||
✅ /etc/bind/local.zones is included in /etc/bind/named.conf.local
|
||||
Checking directory: /etc/bind/zones/
|
||||
✅ Group has write access .
|
||||
|
||||
|
||||
```
|
||||
|
||||
TODO
|
||||
|
||||
|
|
Loading…
Reference in New Issue