Главная

Просмотров: 6249

установка PowerDNS + PowerAdmin на CentOS 7.x

yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
yum install --disablerepo=* --enablerepo=pgdg96 postgresql-server postgresql postgresql-libs
PGSETUP_INITDB_OPTIONS="--locale=ru_RU.UTF-8 --lc-messages=en_US.UTF-8" /usr/pgsql-9.6/bin/postgresql96-setup initdb

vi /var/lib/pgsql/9.6/data/pg_hba.conf
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust

systemctl enable postgresql-9.6.service
systemctl start postgresql-9.6.service

curl -o /etc/yum.repos.d/powerdns-auth-40.repo https://repo.powerdns.com/repo-files/centos-auth-40.repo
yum install pdns pdns-recursor pdns-tools pdns-backend-postgresql.x86_64
# pdns-backend-sqlite pdns-backend-mysql

### For sqlite3
## sqlite3 /etc/pdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite-4.0.1/schema.sqlite3.sql
## chmod 0777 /etc/pdns/
## chmod 0666 /etc/pdns/pdns.sqlite3

### For MySQL
## mysql -u'root' -p -e 'CREATE DATABASE pdns;'
## mysql -u'root' -p -e "GRANT ALL ON pdns.* TO 'pdns'@'localhost' IDENTIFIED BY 'pdns_password';"
## mysql -u'root' -p -D pdns < /usr/share/doc/pdns-backend-mysql-4.0.1/schema.mysql.sql

### For PostgreSQL
psql -U postgres -c "CREATE DATABASE pdns;"
psql -U postgres pdns < /usr/share/doc/pdns-backend-postgresql-4.0.1/schema.pgsql.sql

psql -U postgres -c "CREATE USER pdns WITH PASSWORD 'pdns_password';"
psql -U postgres -c "GRANT ALL ON DATABASE pdns TO pdns;"
psql -U postgres -c "GRANT CONNECT ON DATABASE pdns TO pdns;"
psql -U postgres -d pdns -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO pdns;"
psql -U postgres -d pdns -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO pdns;"

psql -U postgres -c "ALTER USER postgres with encrypted password 'postgres';"

mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf.orig
#---------------------------------------------------------------------
cat > /etc/pdns/pdns.conf << 'EOF'
launch=gpgsql
#launch=gmysql,gpgsql,gsqlite3,bind

### PostgreSQL
gpgsql-host=localhost
gpgsql-dbname=pdns
gpgsql-user=pdns
gpgsql-password=pdns_password


### MySQL
#gmysql-host=localhost
#gmysql-dbname=pdns
#gmysql-user=pdns
#gmysql-password=pdns_password
#gmysql-dnssec=no

### SQLITE
#gsqlite3-database=/etc/pdns/pdns.sqlite3


### Bind
#bind-check-interval=300
#bind-config=/etc/namedb/named.conf
#version-string=anonymous


#############

# Разрешить трансфер зон для: (тут указываем, кому мы можем отдавать зоны, которые есть на нашем сервере)
allow-axfr-ips=0.0.0.0/0
disable-axfr=no

# Разрешить запросы с: (добавляем сюда адреса нашей локалки, если не хотим запросов из мира)
allow-recursion=0.0.0.0/0

# Если включено - рекурсивные запросы будут передаваться на обработку рекурсору.
# В качестве рекурсора можно указать сервера провайдера, тогда рекурсивные запросы пойдут через них
recursor=127.0.0.1:5353

local-address=0.0.0.0
local-port=53
distributor-threads=3

webserver=yes
webserver-address=0.0.0.0
webserver-port=8081

master=no

slave=yes
allow-notify-from=0.0.0.0

daemon=yes
guardian=yes
log-dns-details=on
loglevel=3
#module-dir=/usr/lib/powerdns
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
#include-dir=/etc/pdns/pdns.d
EOF
#---------------------------------------------------------------------

systemctl enable pdns.service
systemctl start pdns.service

# доустановим полезности типа dig, host и т.п.
yum install bind-utils


###### PHP-FPM
yum install epel-release

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum --enablerepo=remi,remi-php56 install php-fpm php-opcache php-mcrypt php-pdo php-pgsql
# php-pecl-sqlite php-mysqlnd

# увеличим время жизни сессии
sed -i 's/session\.gc_maxlifetime = .*/session.gc_maxlifetime = 3600/g' /etc/php.ini

systemctl enable php-fpm.service
systemctl start php-fpm.service


###### nginx
yum install http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx

# Т.к. php-fpm при установке создает пользователя apache
# чтобы его не перенастраивать - корректируем конфиг nginx
sed -i -e 's/^user .*/user apache;/g' -e 's/^worker_processes .*/worker_processes auto;/g' /etc/nginx/nginx.conf

# обнулим дефолтный конфиг (чтобы не мешал)
echo > /etc/nginx/conf.d/default.conf


для создания конфига nginx для PowerDNS - копипастим и выполняем:
#---------------------------------------------------------------------
cat > /etc/nginx/conf.d/powerdns.conf << 'EOF'
server {
listen 80;
server_name pdns;
root /var/www/poweradmin;
index index.php;

#allow 1.1.1.1;
#deny all;

location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

location /install/ {
rewrite ^update$ /dynamic_update.php;
rewrite ^nic/update$ /dynamic_update.php;
}

location ~* ^.+\.(jpg|jpeg|gif|png|ico|pdf)$ {
access_log off;
expires max;
add_header Cache-Control private;
}

location ~ \.php$ {
include fastcgi_params;
# try_files $uri =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "
max_execution_time = 300
memory_limit = 128M
post_max_size = 16M
upload_max_filesize = 2M
max_input_time = 300
date.timezone = Europe/Moscow
always_populate_raw_post_data = -1
";
fastcgi_index index.php;
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_pass 127.0.0.1:9000;
# fastcgi_pass unix:/var/lib/php/php-fpm.sock;
}

location ~ /\. {
deny all;
}
}
EOF
#---------------------------------------------------------------------

systemctl enable nginx.service
systemctl start nginx.service


mkdir -p /var/www
cd /var/www

yum install git

git clone https://github.com/poweradmin/poweradmin.git


# createuser -U postgres --encrypted --no-superuser --no-createdb -P pdns_admin
psql -U postgres -c "CREATE ROLE pdns_admin PASSWORD 'pdns_admin_password' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;"

psql -U postgres pdns
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON supermasters TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON domains TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON records TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON perm_items TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON perm_templ TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON perm_templ_items TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON users TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON zones TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON zone_templ TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON zone_templ_records TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON records_zone_templ TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT SELECT, INSERT, DELETE, UPDATE ON migrations TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE domains_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE records_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE perm_items_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE perm_templ_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE perm_templ_items_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE zones_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE zone_templ_id_seq TO pdns_admin;"
psql -U postgres -d pdns -c "GRANT USAGE, SELECT ON SEQUENCE zone_templ_records_id_seq TO pdns_admin;"


#---------------------------------------------------------------------
cat > /var/www/poweradmin/inc/config.inc.php << 'EOF'
<?php
$db_host = 'localhost';
$db_name = 'pdns';
$db_user = 'pdns_admin';
$db_pass = 'pdns_admin_password';
$db_type = 'pgsql';

$session_key = 'RAkHR*k%NxU$EcULx$G-h)xbS4qT7XO!lIKpyKmH!5)urP';

$iface_lang = 'en_EN';

$dns_hostmaster = 'hostmaster.testdns.tech';
$dns_ns1 = 'ns1.testdns.tech';
$dns_ns2 = 'ns2.testdns.tech';
EOF
#---------------------------------------------------------------------

### iptables
add to /etc/sysconfig/iptables:
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT





Категории