defect.ch - Wiki

User Tools

Site Tools

You are here: defect.ch - Wiki » Operating Systems » Linux » PowerDNS via Apache2 with PostgreSQL on Debian and PowerDNS-Admin
os:linux:powerdns_apache_postgresql_debian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
os:linux:powerdns_apache_postgresql_debian [2020-12-15 13:04] Manuel Freios:linux:powerdns_apache_postgresql_debian [2024-02-05 20:54] (current) – postgres is no longer a valid option, use postgresql instead Manuel Frei
Line 46: Line 46:
 </code> </code>
  
-Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://strongpasswordgenerator.com/]]).+Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://pwgen.ch/]]).
 <code sql> <code sql>
 CREATE USER u_powerdns WITH PASSWORD 'iC0iB9kQ5hR4oG5uW2nD2nV0gK6vN2eSoM2eI8kT0gA9rF2pS3wW7mO4sJ4aT5tN'; CREATE USER u_powerdns WITH PASSWORD 'iC0iB9kQ5hR4oG5uW2nD2nV0gK6vN2eSoM2eI8kT0gA9rF2pS3wW7mO4sJ4aT5tN';
Line 84: Line 84:
 </code> </code>
  
-Replace the database password with the one you generated before. [[https://strongpasswordgenerator.com/|Generate]] your own API key (used for PowerDNS-Admin). Change the other settings according to your needs.+Replace the database password with the one you generated before. [[https://pwgen.ch/|Generate]] your own API key (used for PowerDNS-Admin). Change the other settings according to your needs.
 <code ini pdns.conf> <code ini pdns.conf>
 # https://doc.powerdns.com/authoritative/settings.html # https://doc.powerdns.com/authoritative/settings.html
Line 116: Line 116:
 #allow-notify-from=0.0.0.0/0,::/0 #allow-notify-from=0.0.0.0/0,::/0
 enable-lua-records=1 enable-lua-records=1
 +version-string=anonymous
 +default-soa-edit=INCEPTION-INCREMENT
 </code> </code>
  
Line 155: Line 157:
  
 <code> <code>
-curl -sL https://deb.nodesource.com/setup_14.x | bash -+curl -fsSL https://deb.nodesource.com/setup_20.x | bash - &&\
 apt install -y nodejs apt install -y nodejs
 </code> </code>
Line 185: Line 187:
 This requirements are expected by this python libraries: This requirements are expected by this python libraries:
   * python-ldap: build-essential python3-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind   * python-ldap: build-essential python3-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind
-  * mysqlclientlibmariadbclient-dev:+  * SQLAlchemy: mysqlclientlibmariadbclient-dev 
  
 Create the config file  /opt/python/powerdns-admin/app/configs/config.py. Create the config file  /opt/python/powerdns-admin/app/configs/config.py.
Line 192: Line 195:
 </code> </code>
  
-[[https://strongpasswordgenerator.com/|Generate]] new values for the variables SALT and SECRET_KEY (32 chars).+Generate new values for the variables SALT and SECRET_KEY (32 chars). 
 + 
 +Generate a new salt. 
 +<code bash> 
 +/opt/python/powerdns-admin/venv/bin/python3 -c 'import bcrypt; print(bcrypt.gensalt().decode("utf-8"))' 
 +</code> 
 +Example. 
 +<code bash> 
 +# /opt/python/powerdns-admin/venv/bin/python3 -c 'import bcrypt; print(bcrypt.gensalt().decode("utf-8"))' 
 +$2b$12$E0Dn1LmXonAUiCP8sM0htu 
 +</code> 
 + 
 +Generate a new secret key: 
 +<code bash> 
 +tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c32; echo; 
 +</code> 
 +<code bash> 
 +# tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c32; echo; 
 +iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz 
 +</code> 
 This config.py is based on /opt/python/powerdns-admin/app/powerdnsadmin/default_config.py. This config.py is based on /opt/python/powerdns-admin/app/powerdnsadmin/default_config.py.
 Details about Unix domain connections of SQLAlchemy you can find in their documentation: [[https://docs.sqlalchemy.org/en/13/dialects/postgresql.html#unix-domain-connections|Documentation]] Details about Unix domain connections of SQLAlchemy you can find in their documentation: [[https://docs.sqlalchemy.org/en/13/dialects/postgresql.html#unix-domain-connections|Documentation]]
 +
 <code python config.py> <code python config.py>
 import os import os
Line 200: Line 224:
  
 ### BASIC APP CONFIG ### BASIC APP CONFIG
-SALT = "xW4dC7vV3iJ2wT8dY3eY7fF6uC6lD4nF+SALT = "$2b$12$E0Dn1LmXonAUiCP8sM0htu
-SECRET_KEY = "pC4uT1nA4pF4aQ1pM1tH9tR5pE5yS6hA"+SECRET_KEY = "iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz"
 BIND_ADDRESS = "0.0.0.0" BIND_ADDRESS = "0.0.0.0"
 PORT = 9191 PORT = 9191
Line 208: Line 232:
  
 ### DATABASE CONFIG ### DATABASE CONFIG
-SQLA_DB_DRIVER = "postgres" # mysql, postgres+SQLA_DB_DRIVER = "postgresql" # mysql, postgresql
 SQLA_DB_USER = "u_powerdnsadmin" SQLA_DB_USER = "u_powerdnsadmin"
 SQLA_DB_PASSWORD = '' SQLA_DB_PASSWORD = ''
Line 279: Line 303:
  
 Create and set the permissions for the directory which uWSGI will use for the pid file and the unix sockets. Create and set the permissions for the directory which uWSGI will use for the pid file and the unix sockets.
-<code> 
-mkdir /var/run/uwsgi 
-chown www-data:www-data /var/run/uwsgi 
-</code> 
  
 Create the uWSGI configuration directory. Create the uWSGI configuration directory.
Line 304: Line 324:
 uid = www-data uid = www-data
 gid = www-data gid = www-data
-uwsgi-socket = /run/uwsgi/%n.sock+uwsgi-socket = /run/uwsgi_%n/service.sock
 wsgi-file = /opt/python/%n/app/wsgi.py wsgi-file = /opt/python/%n/app/wsgi.py
 processes = 1 processes = 1
Line 313: Line 333:
 procname-prefix-spaced = %n procname-prefix-spaced = %n
 venv = /opt/python/%n/venv/ venv = /opt/python/%n/venv/
-buffer-size = 65535+buffer-size = 8192
 ;disable-logging = true ;disable-logging = true
 ;log-4xx = true ;log-4xx = true
Line 348: Line 368:
  
 [Service] [Service]
-PIDFile=/run/uwsgi/%i.pid+User=www-data 
 +Group=www-data 
 +RuntimeDirectory=uwsgi_%i 
 +PIDFile=/run/uwsgi_%i/service.pid
 RemainAfterExit=yes RemainAfterExit=yes
 ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/%i.ini ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/%i.ini
Line 359: Line 382:
 SuccessExitStatus=15 17 29 30 SuccessExitStatus=15 17 29 30
 NoNewPrivileges=yes NoNewPrivileges=yes
 +LimitNOFILE=65536
  
  
Line 418: Line 442:
     ProxyPass "/favicon.ico" "!"     ProxyPass "/favicon.ico" "!"
     ProxyPass "/.well-known/" "!"     ProxyPass "/.well-known/" "!"
-    ProxyPass "/" "unix:/run/uwsgi/powerdns-admin.sock|uwsgi://localhost/powerdns-admin/"+    ProxyPass "/" "unix:/run/uwsgi_powerdns-admin/service.sock|uwsgi://powerdns-admin/"
  
     ErrorLog ${APACHE_LOG_DIR}/pdnsadmin.example.com-error.log     ErrorLog ${APACHE_LOG_DIR}/pdnsadmin.example.com-error.log
Line 454: Line 478:
     * PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO     * PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO
     * PDNS VERSION: 4.3.1     * PDNS VERSION: 4.3.1
 +
 +==== Python Upgrade Notes  ====
 +
 +If you upgrade Python, for example while you upgrade Debian 10 to Debian 11, you have to update the virtual environment.
 +
 +If you forget this, you can't start the systemd unit an may see an error like this:
 +<code>
 +Oct 18 18:49:14 ns1.example.com uwsgi[731953]: /usr/local/bin/uwsgi: error while loading shared libraries: libpython3.7m.so.1.0: cannot open shared object file: No such file or directory
 +</code>
 +
 +Upgrade your venv.
 +<code>
 +python3 -m venv --upgrade --upgrade-deps /opt/python/powerdns-admin/venv/
 +</code>
 +
 +And start the Systemd unit again.
 +<code>
 +systemctl start uwsgi@powerdns-admin.service
 +</code>
 +
  
 ===== Appendix ===== ===== Appendix =====
  
-If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os:linux:bind_to_powerdns|Bind to PowerDNS]]+  * If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os:linux:bind_to_powerdns|Bind to PowerDNS]] 
 +  * [[os:linux:powerdns-admin_update|How to Update PowerDNS-Admin]]
os/linux/powerdns_apache_postgresql_debian.1608033892.txt.gz · Last modified: 2020-12-15 13:04 by Manuel Frei