defect.ch - Wiki

User Tools

Site Tools

You are here: defect.ch - Wiki » Operating Systems » Linux » PowerDNS via Apache2 with PostgreSQL on Debian and PowerDNS-Admin
os:linux:powerdns_apache_postgresql_debian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
os:linux:powerdns_apache_postgresql_debian [2020-12-16 17:10] Manuel Freios:linux:powerdns_apache_postgresql_debian [2024-02-05 20:54] (current) – postgres is no longer a valid option, use postgresql instead Manuel Frei
Line 46: Line 46:
 </code> </code>
  
-Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://strongpasswordgenerator.com/]]).+Create the user u_powerdns and the database db_powerdns. Change the example password with your own generated one (eg. [[https://pwgen.ch/]]).
 <code sql> <code sql>
 CREATE USER u_powerdns WITH PASSWORD 'iC0iB9kQ5hR4oG5uW2nD2nV0gK6vN2eSoM2eI8kT0gA9rF2pS3wW7mO4sJ4aT5tN'; CREATE USER u_powerdns WITH PASSWORD 'iC0iB9kQ5hR4oG5uW2nD2nV0gK6vN2eSoM2eI8kT0gA9rF2pS3wW7mO4sJ4aT5tN';
Line 84: Line 84:
 </code> </code>
  
-Replace the database password with the one you generated before. [[https://strongpasswordgenerator.com/|Generate]] your own API key (used for PowerDNS-Admin). Change the other settings according to your needs.+Replace the database password with the one you generated before. [[https://pwgen.ch/|Generate]] your own API key (used for PowerDNS-Admin). Change the other settings according to your needs.
 <code ini pdns.conf> <code ini pdns.conf>
 # https://doc.powerdns.com/authoritative/settings.html # https://doc.powerdns.com/authoritative/settings.html
Line 116: Line 116:
 #allow-notify-from=0.0.0.0/0,::/0 #allow-notify-from=0.0.0.0/0,::/0
 enable-lua-records=1 enable-lua-records=1
 +version-string=anonymous
 +default-soa-edit=INCEPTION-INCREMENT
 </code> </code>
  
Line 155: Line 157:
  
 <code> <code>
-curl -sL https://deb.nodesource.com/setup_14.x | bash -+curl -fsSL https://deb.nodesource.com/setup_20.x | bash - &&\
 apt install -y nodejs apt install -y nodejs
 </code> </code>
Line 185: Line 187:
 This requirements are expected by this python libraries: This requirements are expected by this python libraries:
   * python-ldap: build-essential python3-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind   * python-ldap: build-essential python3-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind
-  * mysqlclientlibmariadbclient-dev:+  * SQLAlchemy: mysqlclientlibmariadbclient-dev 
  
 Create the config file  /opt/python/powerdns-admin/app/configs/config.py. Create the config file  /opt/python/powerdns-admin/app/configs/config.py.
Line 192: Line 195:
 </code> </code>
  
-[[https://strongpasswordgenerator.com/|Generate]] new values for the variables SALT and SECRET_KEY (32 chars).+Generate new values for the variables SALT and SECRET_KEY (32 chars). 
 + 
 +Generate a new salt. 
 +<code bash> 
 +/opt/python/powerdns-admin/venv/bin/python3 -c 'import bcrypt; print(bcrypt.gensalt().decode("utf-8"))' 
 +</code> 
 +Example. 
 +<code bash> 
 +# /opt/python/powerdns-admin/venv/bin/python3 -c 'import bcrypt; print(bcrypt.gensalt().decode("utf-8"))' 
 +$2b$12$E0Dn1LmXonAUiCP8sM0htu 
 +</code> 
 + 
 +Generate a new secret key: 
 +<code bash> 
 +tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c32; echo; 
 +</code> 
 +<code bash> 
 +# tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c32; echo; 
 +iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz 
 +</code> 
 This config.py is based on /opt/python/powerdns-admin/app/powerdnsadmin/default_config.py. This config.py is based on /opt/python/powerdns-admin/app/powerdnsadmin/default_config.py.
 Details about Unix domain connections of SQLAlchemy you can find in their documentation: [[https://docs.sqlalchemy.org/en/13/dialects/postgresql.html#unix-domain-connections|Documentation]] Details about Unix domain connections of SQLAlchemy you can find in their documentation: [[https://docs.sqlalchemy.org/en/13/dialects/postgresql.html#unix-domain-connections|Documentation]]
 +
 <code python config.py> <code python config.py>
 import os import os
Line 200: Line 224:
  
 ### BASIC APP CONFIG ### BASIC APP CONFIG
-SALT = "xW4dC7vV3iJ2wT8dY3eY7fF6uC6lD4nF+SALT = "$2b$12$E0Dn1LmXonAUiCP8sM0htu
-SECRET_KEY = "pC4uT1nA4pF4aQ1pM1tH9tR5pE5yS6hA"+SECRET_KEY = "iz7g4zpfvbnK_eb0lWZeFEuXn5UV93Yz"
 BIND_ADDRESS = "0.0.0.0" BIND_ADDRESS = "0.0.0.0"
 PORT = 9191 PORT = 9191
Line 208: Line 232:
  
 ### DATABASE CONFIG ### DATABASE CONFIG
-SQLA_DB_DRIVER = "postgres" # mysql, postgres+SQLA_DB_DRIVER = "postgresql" # mysql, postgresql
 SQLA_DB_USER = "u_powerdnsadmin" SQLA_DB_USER = "u_powerdnsadmin"
 SQLA_DB_PASSWORD = '' SQLA_DB_PASSWORD = ''
Line 309: Line 333:
 procname-prefix-spaced = %n procname-prefix-spaced = %n
 venv = /opt/python/%n/venv/ venv = /opt/python/%n/venv/
-buffer-size = 65535+buffer-size = 8192
 ;disable-logging = true ;disable-logging = true
 ;log-4xx = true ;log-4xx = true
Line 358: Line 382:
 SuccessExitStatus=15 17 29 30 SuccessExitStatus=15 17 29 30
 NoNewPrivileges=yes NoNewPrivileges=yes
 +LimitNOFILE=65536
  
  
Line 417: Line 442:
     ProxyPass "/favicon.ico" "!"     ProxyPass "/favicon.ico" "!"
     ProxyPass "/.well-known/" "!"     ProxyPass "/.well-known/" "!"
-    ProxyPass "/" "unix:/run/uwsgi_powerdns-admin/service.sock|uwsgi://localhost/powerdns-admin/"+    ProxyPass "/" "unix:/run/uwsgi_powerdns-admin/service.sock|uwsgi://powerdns-admin/"
  
     ErrorLog ${APACHE_LOG_DIR}/pdnsadmin.example.com-error.log     ErrorLog ${APACHE_LOG_DIR}/pdnsadmin.example.com-error.log
Line 453: Line 478:
     * PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO     * PDNS API KEY: aF3kD4eJ0hB1uI1jV8vR2yC0eK8lP9mO
     * PDNS VERSION: 4.3.1     * PDNS VERSION: 4.3.1
 +
 +==== Python Upgrade Notes  ====
 +
 +If you upgrade Python, for example while you upgrade Debian 10 to Debian 11, you have to update the virtual environment.
 +
 +If you forget this, you can't start the systemd unit an may see an error like this:
 +<code>
 +Oct 18 18:49:14 ns1.example.com uwsgi[731953]: /usr/local/bin/uwsgi: error while loading shared libraries: libpython3.7m.so.1.0: cannot open shared object file: No such file or directory
 +</code>
 +
 +Upgrade your venv.
 +<code>
 +python3 -m venv --upgrade --upgrade-deps /opt/python/powerdns-admin/venv/
 +</code>
 +
 +And start the Systemd unit again.
 +<code>
 +systemctl start uwsgi@powerdns-admin.service
 +</code>
 +
  
 ===== Appendix ===== ===== Appendix =====
  
-If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os:linux:bind_to_powerdns|Bind to PowerDNS]]+  * If you want to migrate from Bind to PowerDNS, you can find some notes here: [[os:linux:bind_to_powerdns|Bind to PowerDNS]] 
 +  * [[os:linux:powerdns-admin_update|How to Update PowerDNS-Admin]]
os/linux/powerdns_apache_postgresql_debian.1608135039.txt.gz · Last modified: 2020-12-16 17:10 by Manuel Frei