os:linux:powerdns_apache_postgresql_debian
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
os:linux:powerdns_apache_postgresql_debian [2020-12-15 13:04] – Manuel Frei | os:linux:powerdns_apache_postgresql_debian [2024-02-05 20:54] (current) – postgres is no longer a valid option, use postgresql instead Manuel Frei | ||
---|---|---|---|
Line 46: | Line 46: | ||
</ | </ | ||
- | Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://strongpasswordgenerator.com/]]). | + | Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://pwgen.ch/]]). |
<code sql> | <code sql> | ||
CREATE USER u_powerdns WITH PASSWORD ' | CREATE USER u_powerdns WITH PASSWORD ' | ||
Line 84: | Line 84: | ||
</ | </ | ||
- | Replace the database password with the one you generated before. [[https://strongpasswordgenerator.com/ | + | Replace the database password with the one you generated before. [[https://pwgen.ch/ |
<code ini pdns.conf> | <code ini pdns.conf> | ||
# https:// | # https:// | ||
Line 116: | Line 116: | ||
# | # | ||
enable-lua-records=1 | enable-lua-records=1 | ||
+ | version-string=anonymous | ||
+ | default-soa-edit=INCEPTION-INCREMENT | ||
</ | </ | ||
Line 155: | Line 157: | ||
< | < | ||
- | curl -sL https:// | + | curl -fsSL https:// |
apt install -y nodejs | apt install -y nodejs | ||
</ | </ | ||
Line 185: | Line 187: | ||
This requirements are expected by this python libraries: | This requirements are expected by this python libraries: | ||
* python-ldap: | * python-ldap: | ||
- | * mysqlclient: libmariadbclient-dev: | + | * SQLAlchemy: |
Create the config file / | Create the config file / | ||
Line 192: | Line 195: | ||
</ | </ | ||
- | [[https:// | + | Generate new values for the variables SALT and SECRET_KEY (32 chars). |
+ | |||
+ | Generate a new salt. | ||
+ | <code bash> | ||
+ | / | ||
+ | </ | ||
+ | Example. | ||
+ | <code bash> | ||
+ | # / | ||
+ | $2b$12$E0Dn1LmXonAUiCP8sM0htu | ||
+ | </ | ||
+ | |||
+ | Generate a new secret key: | ||
+ | <code bash> | ||
+ | tr -dc _A-Z-a-z-0-9 </ | ||
+ | </ | ||
+ | <code bash> | ||
+ | # tr -dc _A-Z-a-z-0-9 </ | ||
+ | iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz | ||
+ | </ | ||
This config.py is based on / | This config.py is based on / | ||
Details about Unix domain connections of SQLAlchemy you can find in their documentation: | Details about Unix domain connections of SQLAlchemy you can find in their documentation: | ||
+ | |||
<code python config.py> | <code python config.py> | ||
import os | import os | ||
Line 200: | Line 224: | ||
### BASIC APP CONFIG | ### BASIC APP CONFIG | ||
- | SALT = "xW4dC7vV3iJ2wT8dY3eY7fF6uC6lD4nF" | + | SALT = "$2b$12$E0Dn1LmXonAUiCP8sM0htu" |
- | SECRET_KEY = "pC4uT1nA4pF4aQ1pM1tH9tR5pE5yS6hA" | + | SECRET_KEY = "iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz" |
BIND_ADDRESS = " | BIND_ADDRESS = " | ||
PORT = 9191 | PORT = 9191 | ||
Line 208: | Line 232: | ||
### DATABASE CONFIG | ### DATABASE CONFIG | ||
- | SQLA_DB_DRIVER = "postgres" # mysql, | + | SQLA_DB_DRIVER = "postgresql" # mysql, |
SQLA_DB_USER = " | SQLA_DB_USER = " | ||
SQLA_DB_PASSWORD = '' | SQLA_DB_PASSWORD = '' | ||
Line 279: | Line 303: | ||
Create and set the permissions for the directory which uWSGI will use for the pid file and the unix sockets. | Create and set the permissions for the directory which uWSGI will use for the pid file and the unix sockets. | ||
- | < | ||
- | mkdir / | ||
- | chown www-data: | ||
- | </ | ||
Create the uWSGI configuration directory. | Create the uWSGI configuration directory. | ||
Line 304: | Line 324: | ||
uid = www-data | uid = www-data | ||
gid = www-data | gid = www-data | ||
- | uwsgi-socket = /run/uwsgi/%n.sock | + | uwsgi-socket = /run/uwsgi_%n/service.sock |
wsgi-file = / | wsgi-file = / | ||
processes = 1 | processes = 1 | ||
Line 313: | Line 333: | ||
procname-prefix-spaced = %n | procname-prefix-spaced = %n | ||
venv = / | venv = / | ||
- | buffer-size = 65535 | + | buffer-size = 8192 |
; | ; | ||
;log-4xx = true | ;log-4xx = true | ||
Line 348: | Line 368: | ||
[Service] | [Service] | ||
- | PIDFile=/ | + | User=www-data |
+ | Group=www-data | ||
+ | RuntimeDirectory=uwsgi_%i | ||
+ | PIDFile=/ | ||
RemainAfterExit=yes | RemainAfterExit=yes | ||
ExecStart=/ | ExecStart=/ | ||
Line 359: | Line 382: | ||
SuccessExitStatus=15 17 29 30 | SuccessExitStatus=15 17 29 30 | ||
NoNewPrivileges=yes | NoNewPrivileges=yes | ||
+ | LimitNOFILE=65536 | ||
Line 418: | Line 442: | ||
ProxyPass "/ | ProxyPass "/ | ||
ProxyPass "/ | ProxyPass "/ | ||
- | ProxyPass "/" | + | ProxyPass "/" |
ErrorLog ${APACHE_LOG_DIR}/ | ErrorLog ${APACHE_LOG_DIR}/ | ||
Line 454: | Line 478: | ||
* PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO | * PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO | ||
* PDNS VERSION: 4.3.1 | * PDNS VERSION: 4.3.1 | ||
+ | |||
+ | ==== Python Upgrade Notes ==== | ||
+ | |||
+ | If you upgrade Python, for example while you upgrade Debian 10 to Debian 11, you have to update the virtual environment. | ||
+ | |||
+ | If you forget this, you can't start the systemd unit an may see an error like this: | ||
+ | < | ||
+ | Oct 18 18:49:14 ns1.example.com uwsgi[731953]: | ||
+ | </ | ||
+ | |||
+ | Upgrade your venv. | ||
+ | < | ||
+ | python3 -m venv --upgrade --upgrade-deps / | ||
+ | </ | ||
+ | |||
+ | And start the Systemd unit again. | ||
+ | < | ||
+ | systemctl start uwsgi@powerdns-admin.service | ||
+ | </ | ||
+ | |||
===== Appendix ===== | ===== Appendix ===== | ||
- | If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os: | + | * If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os: |
+ | * [[os: |
os/linux/powerdns_apache_postgresql_debian.1608033892.txt.gz · Last modified: 2020-12-15 13:04 by Manuel Frei