104Poweradmin - amagerard/PowerDNS GitHub Wiki
RedHat10/Powerdns
| 1- Network | 2- Pdns | 3- Mariadb | 4- PowerAdmin | 5- PdnsRecursor | 6- Selinux |
|---|---|---|---|---|---|
| 7- GnomeShell | 8-Synoptic | 09-ManageDns | 10-Troubleshoots |
4. Poweradmin.
4.1 Php.
PHP installation from the remi repository.
dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
Choose php version 8.4
PHP module flow reset.
dnf module reset php
Enable PHP module stream: REMI-8.4.
dnf module enable php:remi-8.4
Install php packages.
dnf install php-common php-pdo php-cli php-fpm php-mbstring php-opcache php-xml php php-mysqlnd php-gd php-intl
Start the php-fpm service.
systemctl enable --now php-fpm
systemctl status php-fpm
4.2 Nginx.
dnf install nginx
The default folder for nginx is /usr/share/nginx/html.
I prefer change to /var/www/html
Delete IPv6 et change root.
vi /etc/nginx/nginx.conf
listen 80;
# listen [::]:80;
# root /usr/share/nginx/html;
root /var/www/html;
systemctl enable --now nginx
systemctl status nginx
Change apache group by nginx.
cd /var/lib/php
chgrp -R nginx opcache
chgrp -R nginx session
chgrp -R nginx wsdlcache
Change user and group by nginx.
vi /etc/php-fpm.d/www.conf
user : nginx
group : nginx
Restart php-fpm and nginx services.
systemctl restart php-fpm
systemctl restart nginx
4.3 Poweradmin.
4.3.1 Installation.
Download the latest version of poweradmin from the site.
https://www.poweradmin.org/
The version I use is V4-0-1 (Aug 5, 2025).
cd /opt
wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v4.0.1.tar.gz
tar xvzf v4.0.1.tar.gz
cp -R /opt/poweradmin-4.0.1 /var/www/html/
mv /var/www/html/poweradmin-4.0.1 /var/www/html/poweradmin
chown -R nginx:nginx /var/www/html/poweradmin
4.3.2 Configuration.
Browser: firefox or chromium.
http://localhost/poweradmin/install/
or http://<IP>/poweradmin/install/
Step1:
"I prefer to proceed in English."
Step2:
"blah blah"
Step3: Continue to step 4
Step4:
Username : adminpdns
Password : 641fqAB4d
Database type: MySQL
Hostname: localhost
DB port : 3306
database : powerdns
poweradmin administrator password: D51mAB49!
Step5:
Username: teacher
Password: 0YhklGDvF
Hostmaster : hostmaster.ol26modk.com
Primary server: dns1.ol26modk.com
Secondary server: dns2.ol26modk.com
Step6:
You have to open MariaDB on line in command.
mariadb -u root -p
use powerdns ;
CREATE USER 'teacher'@'localhost' IDENTIFIED BY '0YhklGDvF';
GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'teacher'@'localhost';
flush privileges;
Step7:
<?php
/**
* Poweradmin Settings Configuration File
*
* Generated by the installer on 2025-09-23 18:11:53
*/
return [
/**
* Database Settings
*/
'database' => [
'host' => 'localhost',
'name' => 'powerdns',
'user' => 'teacher',
'password' => '0YhklGDvF',
'type' => 'mysql',
],
/**
* Security Settings
*/
'security' => [
'session_key' => 'UY)m2X!2qwGXw@L8J_r5ZV38dh-sQ%zmL0xy7OuJ0xItva',
],
/**
* Interface Settings
*/
'interface' => [
'language' => 'en_EN',
],
/**
* DNS Settings
*/
'dns' => [
'hostmaster' => 'hostmaster.ol26modk.com',
'ns1' => 'dns1.ol26modk.com',
'ns2' => 'dns2.ol26modk.com',
]
Be careful: change $dns_ns2 = ' '
You must copy the contents of what is displayed in step 7 and paste it in settings.php.
What is above is an example.
vi /var/www/html/poweradmin/config/settings.php
<?php
/**
* Poweradmin Settings Configuration File
*
* Generated by the installer on 2025-09-23 18:11:53
*/
return [
/**
* Database Settings
*/
'database' => [
'host' => 'localhost',
'name' => 'powerdns',
'user' => 'teacher',
'password' => '0YhklGDvF',
'type' => 'mysql',
],
/**
* Security Settings
*/
'security' => [
'session_key' => 'UY)m2X!2qwGXw@L8J_r5ZV38dh-sQ%zmL0xy7OuJ0xItva',
],
/**
* Interface Settings
*/
'interface' => [
'language' => 'en_EN',
],
/**
* DNS Settings
*/
'dns' => [
'hostmaster' => 'hostmaster.ol26modk.com',
'ns1' => 'dns1.ol26modk.com',
'ns2' => ' ',
]
];
chown nginx:nginx /var/www/html/poweradmin/config/settings.php
Step 8:
You should (must!) remove the directory "install/".
mv /var/www/html/poweradmin/install /var/www/html/poweradmin/backup
4.3.4 First session.
http://localhost/poweradmin/
or http://<IP>/poweradmin/
Nom d'utilisateur : admin
Mot de passe : D51mAB49!
Go to ManageDns if you want to add a record.
This is an old poweradmin 3 version.
4.3.5 Nginx ssl.
4.3.5.1 Create certificates.
I need:
/etc/ssl/certs/dns1-mldsa.crt (to be created).
/etc/ssl/certs/CA-mldsa.crt (already exists).
/etc/ssl/private/dns-mldsa.key (to be created).
Repeat the TemplateVM/certificate chapter 6.3.2 procedure to create dns1.key and dns1-mldsa.crt.
cp /etc/pki/tls/openssl.cnf_ecc /etc/pki/tls/openssl.cnf
openssl ecparam -genkey -name prime256v1 -out /etc/ssl/private/dns1-ecc.key
openssl req -new -days 365 -key /etc/ssl/private/dns1-ecc.key -out /etc/ssl/certs/dns1-ecc.csr
openssl ca -config /etc/ssl/openssl.cnf -out /etc/ssl/certs/dns1-ecc.crt -in /etc/ssl/certs/dns1-ecc.csr
chmod 400 /etc/ssl/private/dns1-ecc.key
chmod 400 /etc/ssl/certs/dns1-ecc.crt
4.3.5.2 htaccess module for nginx.
You will be prompted for authentication to access the web page.
dnf install httpd-tools
Create login and password for .htpasswd.
mkdir /etc/nginx/htaccess
Example :
login : teacher
password : 6412AB6F
htpasswd -c /etc/nginx/htaccess/.htpasswd teacher
4.3.5.3 Configure Nginx ssl .
nginx custom reconfiguration.
- Configuring nginx.conf.
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_ori
vi /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# -- nginx paranoia--
client_body_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
# Prevent clickjacking attacks
add_header X-Frame-Options "SAMEORIGIN" always;
# Add an HSTS header to your nginx server
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; always";
# Cross-site scripting protection
add_header X-XSS-Protection "1; mode=block";
# Prevention of MIME confusion-based attacks
add_header X-Content-Type-Options "nosniff" always;
# Hide X-Powered-By header
proxy_hide_header X-Powered-By;
# Referrer policy
add_header Referrer-Policy "origin-when-cross-origin" always;
#--End nginx paranoia --
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
#Listen 80: This instructs the system to catch all HTTP traffic on Port 80
listen 80 default_server;
# delete Ipv6
# listen [::]:80;
# Server_name _;: This will match any hostname
#server_name _;
server_name dns1.ol26modk.com;
# redirect to https
return 301 https://$host$request_uri;
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl;
# listen [::]:443 ssl http2;
# server_name _;
server_name dns1.ol26modk.com;
root /var/www/html;
#
ssl_certificate "/etc/ssl/certs/dns1-ecc.crt";
ssl_certificate_key "/etc/ssl/private/dns1-ecc.key";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# IP access restriction
location / {
try_files $uri $uri/ =404;
auth_basic "Go out";
auth_basic_user_file /etc/nginx/htaccess/.htpasswd;
index index.html index htm index.php;
autoindex off;
### Connecting NGINX to PHP FPM
location ~ \.php$ {
try_files $uri = 404;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
allow 127.0.0.1;
allow 192.168.90.41/32;
allow 192.168.80.0/24;
deny all;
}
# Block wget user agent
if ($http_user_agent ~* (wget|curl) ) {
return 403;
}
#
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
systemctl restart nginx
systemctl status nginx