Press "Enter" to skip to content

Category: Linux

How to Install PowerDNS and PowerDNS-Admin on Debian Buster

Important note: this post is outdated, use the new one instead.

Hi! This is a script-guide to install Powerdns (authoritative) and Powerdns-Admin on Debian 10 (buster), for Debian 9 (stretch) see this old post. This is a quick way, see instructions below, here is the commented code for the impatient.

#!/bin/bash

# get script absolute path
MY_PATH="`dirname \"$0\"`"
MY_PATH="`( cd \"$MY_PATH\" && pwd )`"
if [ -z "$MY_PATH" ] ; then
          exit 1
fi

# upgrade system and install dependencies
apt-get update && apt-get -y upgrade
apt-get -y install software-properties-common dirmngr
apt-get -y install git python-pip

# install and prepare last stable mariadb version
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
add-apt-repository 'deb [arch=amd64] http://mariadb.mirror.liquidtelecom.com/repo/10.4/debian buster main'
apt-get update && apt-get -y install mariadb-server

# run the secure script to set root password, remove test database and disable remote root user login, you can safely accept the defaults and provide an strong root password when prompted
mysql_secure_installation
mysql -u root -p < ${MY_PATH}/sql01.sql # provide previously set password

# install powerdns and configure db parameters
apt-get -y install pdns-server pdns-backend-mysql
cp ${MY_PATH}/pdns.local.gmysql.conf /etc/powerdns/pdns.d/
vi /etc/powerdns/pdns.d/pdns.local.gmysql.conf # db configuration

# install dnsutils for testing, curl and finally PowerDNS-Admin
apt-get -y install python3-dev dnsutils curl
apt-get -y install -y default-libmysqlclient-dev python-mysqldb libsasl2-dev libffi-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev pkg-config
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list
apt-get -y install apt-transport-https # needed for https repo
apt-get update
apt-get -y install yarn
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
cd /opt/web/powerdns-admin
pip install virtualenv
virtualenv -p python3 flask
. ./flask/bin/activate
pip install -r requirements.txt
mysql -u root -p < ${MY_PATH}/sql02.sql
cp config_template.py config.py
vi config.py # db configuration
export FLASK_APP=app/__init__.py
flask db upgrade
flask db migrate -m "Init DB"

# install/update nodejs, needed to use yarn
curl -sL https://deb.nodesource.com/setup_12.x | bash -
apt-get install -y nodejs
yarn install --pure-lockfile
flask assets build

# create systemd service file and activate it
cp ${MY_PATH}/powerdns-admin.service /etc/systemd/system/
systemctl daemon-reload
systemctl start powerdns-admin
systemctl enable powerdns-admin

# install nginx and configure site
apt-get -y install nginx
cp ${MY_PATH}/powerdns-admin.conf /etc/nginx/sites-enabled/
nginx -t && service nginx restart

# activate powerdns api, change api-key if needed
echo 'api=yes' >> /etc/powerdns/pdns.conf
echo 'api-key=789456123741852963' >> /etc/powerdns/pdns.conf
echo 'webserver=yes' >> /etc/powerdns/pdns.conf
echo 'webserver-address=0.0.0.0' >> /etc/powerdns/pdns.conf
echo 'webserver-allow-from=0.0.0.0/0,::/0' >> /etc/powerdns/pdns.conf
echo 'webserver-port=8081' >> /etc/powerdns/pdns.conf
service pdns restart

# now go to server_name url and create a first user account that will be admin
# log in
# configure api access on powerdns-admin
# enjoy

Installation notes

You can execute the executable file install.sh inside the zip file as root, or execute lines one by one from code above. Whatever method you use you should read this notes carefully in order to fully understand what is going on, also read comments in script, there could be useful tips there. I assume that yo have a minimum linux knowledge and that you are comfortable with the shell and command line utilities.

  1. Download and uncompress pdns-buster.zip anywhere in the server, then cd into pdns folder.
  2. Edit sql01.sql and modify the second line to set a secure password instead of the default one ‘mypassword’.
  3. Edit sql02.sql and modify the second line to set a secure password instead of the default one ‘mypassword’.
  4. Edit powerdns-admin.conf and modify the value of server_name to match the fqdn we want our pdnsadmin be served from.
  5. Execute install.sh script:
    • Set mariadb root password when prompted.
    • Provide mariadb root password to execute sql01.sql when prompted.
    • Edit /etc/powerdns/pdns.d/pdns.local.gmysql.conf db settings to match this ones:
      • user: pdnsuser
      • password: <the one provided in step 2>
      • host: localhost
      • db name: pdns
    • Provide mariadb root password to execute sql02.sql when prompted.
    • Edit /opt/web/powerdns-admin/config.py db settings to match this ones:
      • user: pdnsuser
      • password: <the one provided in step 2>
      • host: localhost
      • db name: pdns
  6. Enter web interface (domain provided in step 4) and click on create account to create the first account, thal will be an admin account.
  7. Log in into pdnsAdmin with the newly created account.
  8. Configure pdns api and pdns key, http://127.0.0.1:8081/ and the one provided at the end of the script.
  9. Enjoy!

13 Comments

qmailadmin on nginx

Hi there! After many tests I managed to run qmailadmin on nginx. I leave here the virtualhost configuration file as a reminder in case it is useful to someone in order to avoid installing apache if you do not need it.

The virtualhost works with nginx 1.14.2 and qmailadmin 1.2.16 compiled with the following options/paths:

./configure \
  --enable-htmldir=/usr/local/www/htdocs/qmail \
  --enable-cgibindir=/usr/local/www/htdocs/qmail/cgi-bin \
  --enable-cgipath=/cgi-bin/qmailadmin \
  --enable-imagedir=/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img \
  --enable-imageurl=/qmailadmin_img \
  --enable-htmllibdir=/usr/local/www/htdocs/qmail/qmailadmin \
  --enable-qmaildir=/var/qmail \
  --enable-domain-autofill \
  --enable-vpopuser=vpopmail \
  --enable-vpopgroup=vchkpw \
  --enable-autoresponder-path=/usr/local/bin \
  --enable-ezmlmdir=/usr/local/bin/ezmlm \
  --enable-modify-quota \
  --disable-ezmlm-mysql \
  --disable-trivial-password

extracted from here, part of the fantastic qmail notes from Roberto Puzzanghera.

server {
  listen 80 default_server;
  server_name example.tld;

  root  /usr/local/www/htdocs/qmail;

  location /cgi-bin { 
  gzip off;

  # Fastcgi socket
  fastcgi_pass  unix:/var/run/fcgiwrap.socket;

  # Fastcgi parameters, include the standard ones
  include /etc/nginx/fastcgi_params;

  # Adjust non standard parameters (SCRIPT_FILENAME)
  
  fastcgi_split_path_info (^/cgi-bin/qmailadmin[^/]*)(.*)$;
  fastcgi_param SCRIPT_FILENAME  /usr/local/www/htdocs/qmail/cgi-bin/qmailadmin;
  fastcgi_param PATH_INFO $fastcgi_path_info;

  }

  location @rewrite {
    rewrite ^ /cgi-bin/qmailadmin permanent;
  }

  location / {
    try_files $uri @rewrite;
  }

  location /qmailadmin_img/ {
    root  /usr/local/www/htdocs/qmail/qmailadmin;
  }
}

It uses fcgiwrap to execute the qmailadmin cgi script under nginx. Probably this can be better tuned, but works for me and hope that for you too, adapt it to your needs. Comments are welcomed.

Leave a Comment

Compile and install latest kernel (5.1.16) on Debian Buster

Hi! Here are my notes on how to compile the latest version of the Linux kernel, at this moment version 5.1.16, on Debian 10 ‘Buster’, from source code. Remember to change versions and/or paths to match your preferences if necessary.

## Download the source code and pgp signature from https://www.kernel.org/
## to a directory of your choice
mkdir -p /usr/src/
cd /usr/src/
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.xz
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.16.tar.sign
## Uncompress the source code and check the signature
xz -d -v linux-5.1.16.tar.xz
gpg --verify linux-5.1.16.tar.sign
## Untar the source code and cd into the directory
tar xf linux-5.1.16.tar
cd linux-5.1.16/
## Copy over actual kernel config file and run 'make menuconfig'
cp -v /boot/config-$(uname -r) .config
## Install necessary packages
apt-get install build-essential libncurses-dev bison flex libssl-dev libelf-dev bc
make menuconfig
## Go to Cryptographic API  ---> Certificates for signature checking --->
## and leave 'File name or PKCS#11 URI of module signing key' and 
## 'Additional X.509 keys for default system keyring' blank if not
## already blank
## Compile using make or make -j n where n is the number of processors to use
#make
make -j 4
## Install kernel modules
make modules_install
## Optimize and compile new kernel
cd /lib/modules/5.1.16/
find . -name *.ko -exec strip --strip-unneeded {} +
cd /usr/src/linux-5.1.16/
make install
## Done

14 Comments

Remote Tcpdump over ssh and wireshark

Here you have a very useful command for when you want to analyze traffic remotely with tcpdump over ssh using wireshark.

ssh root@192.168.1.1 tcpdump -i any -U -s0 -w - 'not port 22' | wireshark -k -i -

The idea is to run tcpdump on the remote server over ssh, send that capture in real time through this encrypted connection and view it on our local computer with wireshark, a graphical package inspector with many interesting features.

Leave a Comment

How to Install PowerDNS and PowerDNS-Admin on Debian 9

Hi! This is a script-guide to install Powerdns (authoritative) and Powerdns-Admin on Debian 9 (stretch), for Debian 10 (buster) see this newer post. This is a quick way, see instructions below, here is the commented code for the impatient.

Note: this post is outdated, use the new one instead.

#!/bin/bash

# get script absolute path
MY_PATH="`dirname \"$0\"`"
MY_PATH="`( cd \"$MY_PATH\" && pwd )`"
if [ -z "$MY_PATH" ] ; then
  exit 1
fi

# upgrade system and install dependencies
apt-get update && apt-get -y upgrade
apt-get -y install software-properties-common dirmngr
apt-get -y install git python-pip

# install and prepare last stable mariadb version
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.zol.co.zw/mariadb/repo/10.3/debian stretch main'
apt-get update && apt-get -y install mariadb-server # provide an strong password when prompted
mysql -u root -p < ${MY_PATH}/sql01.sql # provide previously set password

# install powerdns and configure db parameters
apt-get -y install pdns-server pdns-backend-mysql # answer dbconfig-common No when prompted
vi /etc/powerdns/pdns.d/pdns.local.gmysql.conf # db configuration

# install dnsutils for testing and finally PowerDNS-Admin
apt-get -y install python3-dev dnsutils
apt-get -y install -y default-libmysqlclient-dev python-mysqldb libsasl2-dev libffi-dev libldap2-dev libssl-dev libxml2-dev libxslt1-dev libxmlsec1-dev pkg-config
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list
apt-get -y install apt-transport-https # needed for https repo
apt-get update 
apt-get -y install yarn
git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/web/powerdns-admin
cd /opt/web/powerdns-admin
pip install virtualenv
virtualenv -p python3 flask
. ./flask/bin/activate
apt-get -y install libmysqlclient-dev
pip install -r requirements.txt
mysql -u root -p < ${MY_PATH}/sql02.sql
cp config_template.py config.py
vi config.py # db configuration
export FLASK_APP=app/__init__.py
flask db upgrade
flask db migrate -m "Init DB"

# install/update nodejs, needed to use yarn
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
apt-get install -y nodejs
yarn install --pure-lockfile
flask assets build

# create systemd service file and activate it
cp ${MY_PATH}/powerdns-admin.service /etc/systemd/system/
systemctl daemon-reload
systemctl start powerdns-admin
systemctl enable powerdns-admin

# install nginx and configure site
apt-get -y install nginx
cp ${MY_PATH}/powerdns-admin.conf /etc/nginx/sites-enabled/
nginx -t && service nginx restart

# activate powerdns api, change api-key if needed
echo 'api=yes' >> /etc/powerdns/pdns.conf
echo 'api-key=789456123741852963' >> /etc/powerdns/pdns.conf
echo 'webserver=yes' >> /etc/powerdns/pdns.conf
echo 'webserver-address=0.0.0.0' >> /etc/powerdns/pdns.conf
echo 'webserver-allow-from=0.0.0.0/0,::/0' >> /etc/powerdns/pdns.conf
echo 'webserver-port=8081' >> /etc/powerdns/pdns.conf
service pdns restart

# now go to server_name url and create a firt user account that will be admin
# log in
# configure api access on powerdns-admin
# enjoy

Installation notes

You can execute the executable file install.sh inside the zip file, or execute lines one by one from code above. Whatever method you use you should read this notes carefully in order to fully understand what is going on. I assume that yo have a minimum linux knowledge and that you are comfortable with the shell and command line utilities.

  1. Download and uncompress pdns.zip anywhere in the server, then cd into pdns folder.
  2. Edit sql01.sql and modify the second line to set a secure password instead of the default one ‘mypassword’.
  3. Edit sql02.sql and modify the second line to set a secure password instead of the default one ‘mypassword’.
  4. Edit powerdns-admin.conf and modify the value of server_name to match the fqdn we want our pdnsadmin be served from.
  5. Execute install.sh script:
    • Provide mariadb root password to execute sql01.sql when prompted.
    • Edit /etc/powerdns/pdns.d/pdns.local.gmysql.conf db settings to match this ones:
      • user: pdnsuser
      • password: <the one provided in step 2>
      • host: localhost
      • db name: pdns
    • Provide mariadb root password to execute sql02.sql when prompted.
    • Edit /opt/web/powerdns-admin/config.py db settings to match this ones:
      • user: pdnsuser
      • password: <the one provided in step 2>
      • host: localhost
      • db name: pdns
  6. Enter web interface (domain provided in step 4) and click on create account to create the first account, thal will be an admin account.
  7. Log in into pdnsAdmin with the newly created account.
  8. Configure pdns api and pdns key, http://127.0.0.1:8081/ and the one provided at the end of the script.
  9. Enjoy!

19 Comments