Compare commits
No commits in common. "ff5160d9bd8ff8bc61d888efce20223185bb9410" and "3bcfc8de460018ef4ba931b94ef0fa87b3937015" have entirely different histories.
ff5160d9bd
...
3bcfc8de46
213
README.md
213
README.md
|
@ -88,8 +88,7 @@ As root (or via sudo):
|
||||||
|
|
||||||
We need this to check out the bindAPi from git later.
|
We need this to check out the bindAPi from git later.
|
||||||
|
|
||||||
So as we are still root, we need to install composer, two reasonable locations are under ~/bindAPI/bin or /usr/local/bin.
|
So as we are still root, we need to install composer, two reasonable locations are under /bindAPI/bin or /usr/local/bin.
|
||||||
(~ stands for the home folder)
|
|
||||||
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
|
Here I will install it under /usr/local/bin, in the example with the standalone server I'll install it under /bindAPI/bin.
|
||||||
|
|
||||||
`wget https://getcomposer.org/installer`
|
`wget https://getcomposer.org/installer`
|
||||||
|
@ -105,7 +104,7 @@ Now we can change into our new user, remind to give him shell access in the pane
|
||||||
|
|
||||||
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
|
In my example I assume the user is called tfunix, his home points to /home/users/tfunix.
|
||||||
|
|
||||||
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi.
|
Base directory for the bindAPI is ~/www/ns1.24unix.net/bindApi (~ => home folder).
|
||||||
|
|
||||||
So, we head over to our directory:
|
So, we head over to our directory:
|
||||||
|
|
||||||
|
@ -177,11 +176,7 @@ apt update
|
||||||
```
|
```
|
||||||
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
|
We need at least php-fpm, php-cli, and besides that php-curl, php-xml and php-mbstring:
|
||||||
|
|
||||||
`apt install ph8.1-fpm, php8.1-cli php8.1-curl php8.1-xml php8.1-mbstring`
|
`apt install ph8.1-fpm, php8.1-cli, and besides that php8.1-curl, php8.1-xml and php8.1-mbstring`
|
||||||
|
|
||||||
So, to be compatible with KeyHelp, we create a symlink:
|
|
||||||
|
|
||||||
`ln -s /usr/bin/php /usr/bin/keyhelp-php81`
|
|
||||||
|
|
||||||
We also need MariaDB, the successor of MySQL.
|
We also need MariaDB, the successor of MySQL.
|
||||||
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
|
(Maria is the second daughter of Michael Widenius, guess what, his first is named My.
|
||||||
|
@ -266,8 +261,7 @@ cat config.json
|
||||||
"dbPort": 3306,
|
"dbPort": 3306,
|
||||||
"dbDatabase": "sampledb",
|
"dbDatabase": "sampledb",
|
||||||
"dbUser": "sampleuser",
|
"dbUser": "sampleuser",
|
||||||
"dbPassword": "secret",
|
"dbPassword": "secret"
|
||||||
"debug": false
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
We'll start the installer another time:
|
We'll start the installer another time:
|
||||||
|
@ -285,208 +279,13 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORA
|
||||||
There is no need to run FLUSH PRIVILEGES when using GRANT!
|
There is no need to run FLUSH PRIVILEGES when using GRANT!
|
||||||
```
|
```
|
||||||
|
|
||||||
So, now it offers us the SQL statements to create a new user and database and set permissions.
|
So, now it offers us the create statements for the needed database.
|
||||||
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
|
If were on plain debian, we just can copy and paste (the password is random) this as root into mysql.
|
||||||
|
|
||||||
If we're using hte panel, lets create a database and write down the credentials and update config.json.
|
If we're using hte panel, lets create a database and write down the credentials and update config.json.
|
||||||
|
|
||||||
And another call to the console:
|
|
||||||
|
|
||||||
```
|
Now we can finally begin to populate our configuration:
|
||||||
$ ./bin/console
|
|
||||||
Error: Cannot find tables.
|
|
||||||
Should I try to create them? (y/N): y
|
|
||||||
Tables have been created.
|
|
||||||
```
|
|
||||||
|
|
||||||
When we now call the console it displays it's options:
|
|
||||||
|
|
||||||
![CLI Interface](https://bindapi.24unix.net/assets/bindAPI_cli.png)
|
|
||||||
|
|
||||||
|
|
||||||
Now we can finally begin to populate our configuration.
|
|
||||||
|
|
||||||
We assume ns1 and ns2 are already configured, so we add them to the local config:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console nameservers:create ns1.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=61f27a57c9d1f.[truncated]
|
|
||||||
Nameserver ns1.24unix.net has been created with id 1
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
And the same procedure for ns2, and now we have:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console nameservers:list
|
|
||||||
All available nameservers:
|
|
||||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
|
||||||
| ID | Name | A | AAAA | API Key |
|
|
||||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
|
||||||
| 1 | ns1.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | 61f27a57c9d1f |
|
|
||||||
| 2 | ns2.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | 61eef211dea9a |
|
|
||||||
+------+------------------+------------------+---------------------------------------+-----------------+
|
|
||||||
```
|
|
||||||
Now we can ping the API to check if our servers are alive.
|
|
||||||
We have to add --verbose to the command, because it can also be used to monitor the server in cron jobs where no output is desired, only the result code.
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console --verbose nameservers:apiping
|
|
||||||
ns1.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
|
||||||
ns2.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
|
||||||
```
|
|
||||||
|
|
||||||
Now we can add all out panels:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console panels:create executor.24unix.net a=176.9.165.128 aaaa=2a01:4f8:161:12cd::128 apikey=Lo7jsXYQ.[truncated]
|
|
||||||
Panel executor.24unix.net has been created with id 28
|
|
||||||
```
|
|
||||||
|
|
||||||
Oups. The autoincrement ID should be 1, I'll fix that.
|
|
||||||
|
|
||||||
OK, now we've got all our panels:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console panels:list
|
|
||||||
All available panels:
|
|
||||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
|
||||||
| ID | Name | A | AAAA | API Key |
|
|
||||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
|
||||||
| 28 | executor.24unix.net | 176.9.165.128 | 2a01:4f8:161:12cd::128 | Lo7jsXYQ |
|
|
||||||
| 33 | imperial.24unix.net | 176.9.165.130 | 2a01:4f8:161:12cd::130 | AFB0Gm7C |
|
|
||||||
| 32 | interdictor.24unix.net | 176.9.165.131 | 2a01:4f8:161:12cd::131 | qsrlTNIu |
|
|
||||||
| 31 | paz.24unix.net | 176.9.165.134 | 2a01:4f8:161:12cd::134 | DquWO8vf |
|
|
||||||
| 29 | shadow.24unix.net | 37.120.185.117 | 2a03:4000:f:5e2:a80c:2dff:fed1:e109 | o2CtvTQh |
|
|
||||||
| 30 | tector.24unix.net | 176.9.165.137 | 2a01:4f8:161:12cd::137 | HJwrfMd7 |
|
|
||||||
+------+--------------------------+------------------+---------------------------------------+------------+
|
|
||||||
```
|
|
||||||
|
|
||||||
Look if they're alive:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console --verbose panels:apiping
|
|
||||||
executor.24unix.net 176.9.165.128 pong 2a01:4f8:161:12cd::128 pong
|
|
||||||
imperial.24unix.net 176.9.165.130 pong 2a01:4f8:161:12cd::130 pong
|
|
||||||
interdictor.24unix.net 176.9.165.131 pong 2a01:4f8:161:12cd::131 pong
|
|
||||||
paz.24unix.net 176.9.165.134 pong 2a01:4f8:161:12cd::134 pong
|
|
||||||
shadow.24unix.net 37.120.185.117 pong 2a03:4000:f:5e2:a80c:2dff:fed1:e109 pong
|
|
||||||
tector.24unix.net 176.9.165.137 pong 2a01:4f8:161:12cd::137 pong
|
|
||||||
```
|
|
||||||
|
|
||||||
OK, Nameservers ✅
|
|
||||||
Panels ✅
|
|
||||||
|
|
||||||
What's next? Check the domains on each panel:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console --verbose check:panels fix=yes
|
|
||||||
check all …
|
|
||||||
Keyhelp-Panel: executor.24unix.net
|
|
||||||
Domain: 24unix.net ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Keyhelp-Panel: imperial.24unix.net
|
|
||||||
Domain: rchelifan.org ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Keyhelp-Panel: interdictor.24unix.net
|
|
||||||
No second level domains found.
|
|
||||||
Keyhelp-Panel: paz.24unix.net
|
|
||||||
Domain: crowddataworker.de ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Domain: cdw.one ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Domain: aussempott.de ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Domain: fairdns.de ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Domain: tzazicke.de ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Domain: casabuitoni.de ns1.24unix.net OK ns2.24unix.net OK
|
|
||||||
Keyhelp-Panel: shadow.24unix.net
|
|
||||||
No second level domains found.
|
|
||||||
Keyhelp-Panel: tector.24unix.net
|
|
||||||
No second level domains found.
|
|
||||||
```
|
|
||||||
The output is a little bit ugly, maybe I'll come up with something nicer.
|
|
||||||
|
|
||||||
So, now we have our nameservers, our panels.
|
|
||||||
|
|
||||||
But only two of them, ns3 is missing, so we're going to add it.
|
|
||||||
|
|
||||||
We create a new key:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console apikeys:create
|
|
||||||
API key 1 has been generated. Store it in a save place, it cannot be recovered.
|
|
||||||
6213acb116613.[truncated]]
|
|
||||||
```
|
|
||||||
|
|
||||||
And add it to our list of nameservers:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console nameservers:create ns3.24unix.net a=212.227.160.159 aaaa=2001:8d8:1801:701::1 apikey=6213acb116613.[truncated]
|
|
||||||
Nameserver ns3.24unix.net has been created with id 3
|
|
||||||
```
|
|
||||||
|
|
||||||
We can soon start filling our own list of slaves domains.
|
|
||||||
|
|
||||||
But before, we need to check some prerequisites:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console check:permissions
|
|
||||||
Checking permission:
|
|
||||||
|
|
||||||
UID: 5001
|
|
||||||
Name: tfunix
|
|
||||||
Checking file: /etc/bind/local.zones
|
|
||||||
PHP Warning: fileperms(): stat failed for /etc/bind/local.zones in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 121
|
|
||||||
❌Group needs write permission!
|
|
||||||
Checking /etc/bind/named.conf.local
|
|
||||||
❌ /etc/bind/local.zones needs to be included in /etc/bind/named.conf.local .
|
|
||||||
Checking directory: /etc/bind/zones/
|
|
||||||
PHP Warning: fileperms(): stat failed for /etc/bind/zones/ in /home/users/tfunix/www/ns3.24unix.net/bindAPI/src/Controller/DomainController.php on line 140
|
|
||||||
❌Group needs write permission!
|
|
||||||
```
|
|
||||||
|
|
||||||
So, there are a few manual steps needed.
|
|
||||||
|
|
||||||
tfunix has to be a group member of the „bind“ group.
|
|
||||||
As root perform:
|
|
||||||
|
|
||||||
`usermod -G bind tfunix`
|
|
||||||
(Mind that it is a capital G, else you'll change the primary group and the checks will fail.
|
|
||||||
Don't ask how I noticed …)
|
|
||||||
|
|
||||||
We now have to logout and login with tfunix for the changes to apply.
|
|
||||||
|
|
||||||
After new login it should look like this:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ id
|
|
||||||
uid=5001(tfunix) gid=113(bind) groups=113(bind),1001(keyhelp_file_manager)
|
|
||||||
```
|
|
||||||
|
|
||||||
We again need root:
|
|
||||||
|
|
||||||
```
|
|
||||||
touch /etc/bind/local.zones
|
|
||||||
chown bind:bind /etc/bind/local.zones
|
|
||||||
echo 'include "/etc/bind/local.zones";' >> /etc/bind/named.conf.local
|
|
||||||
|
|
||||||
mkdir /etc/bind/zones
|
|
||||||
chown bind:bind /etc/bind/zones
|
|
||||||
chmod g+w /etc/bind/zones
|
|
||||||
```
|
|
||||||
|
|
||||||
Now it looks better:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ ./bin/console check:permissions
|
|
||||||
Checking permission:
|
|
||||||
|
|
||||||
UID: 5001
|
|
||||||
Name: tfunix
|
|
||||||
Checking file: /etc/bind/local.zones
|
|
||||||
✅ Group has write access .
|
|
||||||
Checking /etc/bind/named.conf.local
|
|
||||||
✅ /etc/bind/local.zones is included in /etc/bind/named.conf.local
|
|
||||||
Checking directory: /etc/bind/zones/
|
|
||||||
✅ Group has write access .
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue