04Poweradmin - amagerard/PowerDNS GitHub Wiki
RedHat/Powerdns
| 1- Network | 2- Pdns | 3- Mariadb | 4- PowerAdmin | 5- PdnsRecursor | 6- Selinux |
|---|---|---|---|---|---|
| 7- GnomeShell | 8-Synoptic | 09-ManageDns | 10-Update |
4. Poweradmin.
4.1 Php.
PHP installation from the remi repository.
dnf install http://fr2.rpmfind.net/linux/remi/enterprise/remi-release-9.5.rpm
Choose php version 8.4
PHP module flow reset.
dnf module reset php
Enable PHP module stream: REMI-8.4.
dnf module enable php:remi-8.4
Install php packages.
dnf install php-common php-pdo php-cli php-fpm php-mbstring php-opcache php-xml php php-mysqlnd php-gd php-intl
Start the php-fpm service.
systemctl enable --now php-fpm
systemctl status php-fpm
4.2 Nginx.
dnf install nginx
The default folder for nginx is /usr/share/nginx/html.
I prefer change to /var/www/html
mkdir /var/www
mkdir /var/www/html
Delete IPv6 et change root.
vi /etc/nginx/nginx.conf
listen 80;
# listen [::]:80;
# root /usr/share/nginx/html;
root /var/www/html;
systemctl enable --now nginx
systemctl status nginx
Change apache group by nginx.
cd /var/lib/php
chgrp -R nginx opcache
chgrp -R nginx session
chgrp -R nginx wsdlcache
Change user and group by nginx.
vi /etc/php-fpm.d/www.conf
user : nginx
group : nginx
Restart php-fpm and nginx services.
systemctl restart php-fpm
systemctl restart nginx
4.3 Poweradmin.
4.3.1 Installation.
Download the latest version of poweradmin from the site.
https://www.poweradmin.org/
The version I use is V3-9-0 (Jan 15, 2025).
cd /opt
wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v3.9.0.tar.gz
tar xvzf v3.9.0.tar.gz
cp -R /opt/poweradmin-3.9.0 /var/www/html/
mv /var/www/html/poweradmin-3.9.0 /var/www/html/poweradmin
chown -R nginx:nginx /var/www/html/poweradmin
4.3.2 Configuration.
Browser: firefox or chromium.
http://localhost/poweradmin/install/
or http://<IP>/poweradmin/install/
Step1:
"I prefer to proceed in English."
Step2:
"blah blah"
Step3:
Username : adminpdns
Password : 641fqAB4d
Database type: MySQL
Hostname: localhost
DB port : 3306
database : powerdns
poweradmin administrator password: D51mAB49!
Step4:
Username: teacher
Password: 0YhklGDvF
Hostmaster : hostmaster.ol26modk.com
Primary server: dns1.ol26modk.com
Secondary server: dns2.ol26modk.com
Step5:
You have to open MariaDB on line in command.
mariadb -u root -p
use powerdns ;
CREATE USER 'teacher'@'localhost' IDENTIFIED BY '0YhklGDvF';
GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'teacher'@'localhost';
flush privileges;
Step6:
<?php
$db_host = 'localhost';
$db_name = 'powerdns';
$db_user = 'teacher';
$db_pass = '0YhklGDvF';
$db_type = 'mysql';
$session_key = '#sDjrhCv(D60yAH8^D)w-qc^SqQy)N_GBQ#yhYYj!(JzA-';
$iface_lang = 'en_EN';
$dns_hostmaster = 'hostmaster.ol26modk.com';
$dns_ns1 = 'dns1.ol26modk.com';
$dns_ns2 = 'dns2.ol26modk.com';
$ignore_install_dir = true;
Be careful: change $dns_ns2 = ' '
You must copy the contents of what is displayed in step 6 and paste it in config.inc.php.
What is above is an example.
vi /var/www/html/poweradmin/inc/config.inc.php
<?php
$db_host = 'localhost';
$db_name = 'powerdns';
$db_user = 'teacher';
$db_pass = '0YhklGDvF';
$db_type = 'mysql';
$session_key = '#sDjrhCv(D60yAH8^D)w-qc^SqQy)N_GBQ#yhYYj!(JzA-';
$iface_lang = 'en_EN';
$dns_hostmaster = 'hostmaster.ol26modk.com';
$dns_ns1 = 'dns1.ol26modk.com';
$dns_ns2 = ' ';
$ignore_install_dir = true;
chown nginx:nginx /var/www/html/poweradmin/inc/config.inc.php
Step 7:
You should (must!) remove the directory "install/".
mv /var/www/html/poweradmin/install /var/www/html/poweradmin/backup
4.3.4 First session.
http://localhost/poweradmin/
or http://<IP>/poweradmin/
Nom d'utilisateur : admin
Mot de passe : D51mAB49!
Go to ManageDns if you want to add a record.
4.3.5 Nginx ssl.
4.3.5.1 Create certificates.
I need:
/etc/ssl/certs/dns1.crt (to be created).
/etc/ssl/certs/CA.crt (already exists).
/etc/ssl/private/dns1.key (to be created).
Repeat the TemplateVM/certificate chapter 6.3.1 procedure to create dns1.key and dns1.crt.
openssl genrsa -out /etc/ssl/private/dns1.key 4096
openssl req -new -days 365 -key /etc/ssl/private/dns1.key -out /etc/ssl/certs/dns1.csr
openssl ca -config /etc/ssl/openssl.cnf -out /etc/ssl/certs/dns1.crt -in /etc/ssl/certs/dns1.csr
chmod 400 /etc/ssl/private/dns1.key
chmod 400 /etc/ssl/certs/dns1.crt
4.3.5.2 htaccess module for nginx.
You will be prompted for authentication to access the web page.
Example :
Username : teacher
Password: 6412AB6F
dnf install httpd-tools
Create login and password for .htpasswd.
mkdir /etc/nginx/htaccess
Example :
login : teacher
password : 6412AB6F
htpasswd -c /etc/nginx/htaccess/.htpasswd teacher
4.3.5.3 Configure Nginx ssl .
nginx custom reconfiguration.
- Configuring nginx.conf.
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_ori
vi /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# -- nginx paranoia--
client_body_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
# Prevent clickjacking attacks
add_header X-Frame-Options "SAMEORIGIN" always;
# Add an HSTS header to your nginx server
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; always";
# Cross-site scripting protection
add_header X-XSS-Protection "1; mode=block";
# Prevention of MIME confusion-based attacks
add_header X-Content-Type-Options "nosniff" always;
# Hide X-Powered-By header
proxy_hide_header X-Powered-By;
# Referrer policy
add_header Referrer-Policy "origin-when-cross-origin" always;
#--End nginx paranoia --
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
#Listen 80: This instructs the system to catch all HTTP traffic on Port 80
listen 80 default_server;
# delete Ipv6
# listen [::]:80;
# Server_name _;: This will match any hostname
#server_name _;
server_name dns1.ol26modk.com;
# redirect to https
return 301 https://$host$request_uri;
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl;
# listen [::]:443 ssl http2;
# server_name _;
server_name dns1.ol26modk.com;
root /var/www/html;
#
ssl_certificate "/etc/ssl/certs/dns1.crt";
ssl_certificate_key "/etc/ssl/private/dns1.key";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# IP access restriction
location / {
try_files $uri $uri/ =404;
auth_basic "Go out";
auth_basic_user_file /etc/nginx/htaccess/.htpasswd;
index index.html index htm index.php;
autoindex off;
### Connecting NGINX to PHP FPM
location ~ \.php$ {
try_files $uri = 404;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
allow 127.0.0.1;
allow 192.168.90.41/32;
allow 192.168.80.0/24;
deny all;
}
# Block wget user agent
if ($http_user_agent ~* (wget|curl) ) {
return 403;
}
#
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
systemctl restart nginx
systemctl status nginx