MyCode/Website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Website/PdnsInstall.sh

1302 lines
49 KiB
Bash
Raw Blame History

#!/bin/bash
######################################################################################
#### Version 2.2 ####
#### For questions or comments contact@mylinux.work ####
#### Author : Phil Connor ####
#### ####
#### Notes : ####
#### This script is a simple "helper" to install and configure Maria, ####
#### PowerDNS and PowerAdmin on RedHat Based servers. ####
#### There is no silver bullet. Don't expect the perfect setup, ####
#### review comments and adapt the parameters to your application usage. ####
#### ####
#### Use this script at your OWN risk. There is no guarantee whatsoever. ####
#### ####
#### Usage chmod 755 then ./PdnsInstall.sh or bash PdnsInstall.sh ####
######################################################################################
########################
#### User Variables ####
########################
MYSQL_PASS='Password@123' # <-- Your MySql root Password here
MY_PDNS_USR=pdns # <-- The username for your PowerDNS connect to DB
MY_PDNS_DB=powerdns # <-- The name for your PowerDNS DB
MY_PDNS_PW=somepassword # <-- The password you wantt for you PowerDNS DB
MY_PDNS_HOST=localhost # <-- The default here is localhost, but can be set to a remote host if you have configured that
DEL_MY_CNF=Y # <-- Place a Capital Y for yes or N for no here to delete /root/.my.cnf when db_instal function is done
WEB_HOST_NAME=test1.linuxcomputer.cloud # <-- The FQDN of your server goes here
EMAIL=admin@$WEB_HOST_NAME # <-- This is the email you want to use for Let's Encrypt registations
HTTP=nginx # <-- Choose apache or nginx --> The apache Config is in BETA TESTING please only choose nginx unless you know what your doing
##########################
#### System Variables ####
##########################
ip4=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
host=$(hostname -f)
if [ "$(command -v lsb_release)" ]; then
OS=$(lsb_release -i | awk '{print $3}' | tr '[:upper:]' '[:lower:]')
OSVER=$(lsb_release -r | awk '{print $2}' | awk -F. '{print $1}')
else
OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]')
OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}')
fi
###########################################################
#### Detect Package Manger from OS and OSVer Variables ####
###########################################################
if [[ ${OS} = alma || ${OS} = amazon || ${OS} = centos || ${OS} = red || ${OS} = rocky || ${OS} = oracle ]]; then
if [ "${OSVER}" = 7 ]; then
PAKMGR="yum -y"
else
PAKMGR="dnf -y"
fi
elif [ "${OS}" = ubuntu ]; then
PAKMGR="apt -y"
fi
##########################
#### Detect Root User ####
##########################
function check_RootUser() {
#if [ "$(id -u)" != "0" ]; then
if [ "$(whoami)" != 'root' ]; then
echo "You dont have permission to run $0 as non-root user. Use sudo su -"
exit 1
fi
}
####################
#### Code Start ####
####################
#########################
#### Install MariaDB ####
#########################
function install_mysql() {
{
if [ ! "$(command -v mysql)" ]; then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} update
${PAKMGR} install mariadb-client mariadb-server
else
${PAKMGR} install mariadb mariadb-server
fi
fi
systemctl enable --now mariadb
}
}
######################
#### Secure MySQL ####
######################
function secure_mysql() {
{
if [ ! "$(command -v expect)" ]; then
${PAKMGR} install expect
fi
expect -f - <<-EOF
set timeout 10
spawn mysql_secure_installation
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${MYSQL_PASS}\r"
expect "Re-enter new password:"
send -- "${MYSQL_PASS}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
}
}
###################################
#### Install PowerDNS DataBase ####
###################################
function pdns_db_install() {
{
define () {
IFS=$'\n' read -r -d '' "$1"
}
if [ ! -f /root/.my.cnf ]; then
{
echo '[mysql]'
echo 'user=root'
echo "password=$MYSQL_PASS"
} >/root/.my.cnf
fi
mysql -e "CREATE DATABASE $MY_PDNS_DB /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -e "CREATE USER $MY_PDNS_USR@localhost IDENTIFIED BY '$MY_PDNS_PW';"
mysql -e "GRANT ALL PRIVILEGES ON $MY_PDNS_DB.* TO '$MY_PDNS_USR'@'localhost';"
mysql -e "ALTER USER '$MY_PDNS_DB'@'localhost' IDENTIFIED BY '$MY_PDNS_PW';"
mysql -e "FLUSH PRIVILEGES;"
touch /tmp/pdns.sql
OUTFILE="/tmp/pdns.sql"
define PDNS_SQL << 'EOF'
CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT UNSIGNED DEFAULT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id BIGINT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX ordername ON records (ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
comment TEXT CHARACTER SET 'utf8' NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
published BOOL DEFAULT 1,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB CHARACTER SET 'latin1';
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
EOF
{
printf "%s\n" "$PDNS_SQL" | cut -c 2-
} > "$OUTFILE"
if [ ${DEL_MY_CNF} != N ]; then
rm -rf /root/.my.cnf
fi
mysql -D powerdns < /tmp/pdns.sql
rm /tmp/pdns.sql
}
}
####################################
#### Install/Configure PowerDNS ####
####################################
function pdns_app_install() {
{
if [ "${OS}" = ubuntu ]; then
if systemctl is-enabled systemd-resolved; then
systemctl disable --now systemd-resolved
systemctl mask systemd-resolved
sed -i 's/nameserver /#nameserver /g' /etc/resolv.conf
echo -e 'nameserver 8.8.8.8 \nnameserver 8.8.4.4' >> /etc/resolv.conf
fi
DEBIAN_FRONTEND=noninteractive ${PAKMGR} install pdns-backend-mysql fpdns bind9utils
else
${PAKMGR} install epel-release
${PAKMGR} install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
${PAKMGR} install pdns-backend-mysql pdns bind-utils
expect -f - <<-EOF
set timeout 2
spawn dnf module enable php:remi-7.4
expect "Is this ok:"
send -- "y\r"
expect eof
EOF
fi
echo "" >/etc/pdns/pdns.conf
cat >/etc/pdns/pdns.conf <<EOF
# Autogenerated configuration file template
#################################
# ignore-unknown-settings Configuration settings to ignore if they are unknown
#
# ignore-unknown-settings=
#################################
# 8bit-dns Allow 8bit dns queries
#
# 8bit-dns=no
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
#
# allow-axfr-ips=127.0.0.0/8,::1
#################################
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
#
# allow-dnsupdate-from=127.0.0.0/8,::1
#################################
# allow-notify-from Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
#
# allow-notify-from=0.0.0.0/0,::/0
#################################
# allow-unsigned-autoprimary Allow autoprimaries to create zones without TSIG signed NOTIFY
#
# allow-unsigned-autoprimary=yes
#################################
# allow-unsigned-notify Allow unsigned notifications for TSIG secured zones
#
# allow-unsigned-notify=yes
#################################
# allow-unsigned-supermaster Allow supermasters to create zones without TSIG signed NOTIFY
#
# allow-unsigned-supermaster=yes
#################################
# also-notify When notifying a zone, also notify these nameservers
#
# also-notify=
#################################
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=yes
#################################
# api Enable/disable the REST API (including HTTP listener)
#
# api=no
#################################
# api-key Static pre-shared authentication key for access to the REST API
#
# api-key=
#################################
# autosecondary Act as an autosecondary (formerly superslave)
#
# autosecondary=no
#################################
# axfr-fetch-timeout Maximum time in seconds for inbound AXFR to start or be idle after starting
#
# axfr-fetch-timeout=10
#################################
# axfr-lower-serial Also AXFR a zone from a master with a lower serial
#
# axfr-lower-serial=no
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
# cache-ttl=20
#################################
# carbon-instance If set overwrites the instance name default
#
# carbon-instance=auth
#################################
# carbon-interval Number of seconds between carbon (graphite) updates
#
# carbon-interval=30
#################################
# carbon-namespace If set overwrites the first part of the carbon string
#
# carbon-namespace=pdns
#################################
# carbon-ourname If set, overrides our reported hostname for carbon stats
#
# carbon-ourname=
#################################
# carbon-server If set, send metrics in carbon (graphite) format to this server IP address
#
# carbon-server=
#################################
# chroot If set, chroot to this directory for more security
#
# chroot=
#################################
# config-dir Location of configuration directory (pdns.conf)
#
config-dir=/etc/pdns
#################################
# config-name Name of this virtual configuration - will rename the binary image
#
# config-name=
#################################
# consistent-backends Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups
#
# consistent-backends=yes
#################################
# control-console Debugging switch - don't use
#
# control-console=no
#################################
# daemon Operate as a daemon
#
daemon=yes
#################################
# default-api-rectify Default API-RECTIFY value for zones
#
# default-api-rectify=yes
#################################
# default-ksk-algorithm Default KSK algorithm
#
# default-ksk-algorithm=ecdsa256
#################################
# default-ksk-size Default KSK size (0 means default)
#
# default-ksk-size=0
#################################
# default-publish-cdnskey Default value for PUBLISH-CDNSKEY
#
# default-publish-cdnskey=
#################################
# default-publish-cds Default value for PUBLISH-CDS
#
# default-publish-cds=
#################################
# default-soa-content Default SOA content
#
# default-soa-content=a.misconfigured.dns.server.invalid hostmaster.@ 0 10800 3600 604800 3600
#################################
# default-soa-edit Default SOA-EDIT value
#
# default-soa-edit=
#################################
# default-soa-edit-signed Default SOA-EDIT value for signed zones
#
# default-soa-edit-signed=
#################################
# default-ttl Seconds a result is valid if not set otherwise
#
# default-ttl=3600
#################################
# default-zsk-algorithm Default ZSK algorithm
#
# default-zsk-algorithm=
#################################
# default-zsk-size Default ZSK size (0 means default)
#
# default-zsk-size=0
#################################
# direct-dnskey Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis
#
# direct-dnskey=no
#################################
# disable-axfr Disable zonetransfers but do allow TCP queries
#
disable-axfr=no
#################################
# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing.
#
# disable-axfr-rectify=no
#################################
# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout
#
# disable-syslog=no
#################################
# distributor-threads Default number of Distributor (backend) threads to start
#
# distributor-threads=3
#################################
# dname-processing If we should support DNAME records
#
# dname-processing=no
#################################
# dnssec-key-cache-ttl Seconds to cache DNSSEC keys from the database
#
# dnssec-key-cache-ttl=30
#################################
# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.
#
# dnsupdate=no
#################################
# domain-metadata-cache-ttl Seconds to cache zone metadata from the database
#
# domain-metadata-cache-ttl=
#################################
# edns-subnet-processing If we should act on EDNS Subnet options
#
# edns-subnet-processing=no
#################################
# enable-lua-records Process LUA records for all zones (metadata overrides this)
#
# enable-lua-records=no
#################################
# entropy-source If set, read entropy from this file
#
# entropy-source=/dev/urandom
#################################
# expand-alias Expand ALIAS records
#
# expand-alias=no
#################################
# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave zone, to be forwarded to the master.
#
# forward-dnsupdate=yes
#################################
# forward-notify IP addresses to forward received notifications to regardless of master or slave settings
#
# forward-notify=
#################################
# guardian Run within a guardian process
#
guardian=yes
#################################
# include-dir Include *.conf files from this directory
#
# include-dir=
#################################
# launch Which backends to launch and order to query them in
#
#launch=bindi
launch=gmysql
gmysql-dnssec
gmysql-host=$MY_PDNS_HOST
gmysql-user=$MY_PDNS_USR
gmysql-password=$MY_PDNS_PW
gmysql-dbname=$MY_PDNS_DB
#################################
# load-modules Load this module - supply absolute or relative path
#
# load-modules=
#################################
# local-address Local IP addresses to which we bind
#
# local-address=0.0.0.0, ::
#################################
# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server
#
# local-address-nonexist-fail=yes
#################################
# local-port The port on which we listen
#
# local-port=53
#################################
# log-dns-details If PDNS should log DNS non-erroneous details
#
# log-dns-details=no
#################################
# log-dns-queries If PDNS should log all incoming DNS queries
#
# log-dns-queries=no
#################################
# log-timestamp Print timestamps in log lines
#
# log-timestamp=yes
#################################
# logging-facility Log under a specific facility
#
# logging-facility=
#################################
# loglevel Amount of logging. Higher is more. Do not set below 3
#
# loglevel=4
#################################
# lua-axfr-script Script to be used to edit incoming AXFRs
#
# lua-axfr-script=
#################################
# lua-dnsupdate-policy-script Lua script with DNS update policy handler
#
# lua-dnsupdate-policy-script=
#################################
# lua-health-checks-expire-delay Stops doing health checks after the record hasn't been used for that delay (in seconds)
#
# lua-health-checks-expire-delay=3600
#################################
# lua-health-checks-interval LUA records health checks monitoring interval in seconds
#
# lua-health-checks-interval=5
#################################
# lua-prequery-script Lua script with prequery handler (DO NOT USE)
#
# lua-prequery-script=
#################################
# lua-records-exec-limit LUA records scripts execution limit (instructions count). Values <= 0 mean no limit
#
# lua-records-exec-limit=1000
#################################
# master Act as a primary
#
master=yes
#################################
# max-cache-entries Maximum number of entries in the query cache
#
# max-cache-entries=1000000
#################################
# max-ent-entries Maximum number of empty non-terminals in a zone
#
# max-ent-entries=100000
#################################
# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file
#
# max-generate-steps=0
#################################
# max-nsec3-iterations Limit the number of NSEC3 hash iterations
#
# max-nsec3-iterations=100
#################################
# max-packet-cache-entries Maximum number of entries in the packet cache
#
# max-packet-cache-entries=1000000
#################################
# max-queue-length Maximum queuelength before considering situation lost
#
# max-queue-length=5000
#################################
# max-signature-cache-entries Maximum number of signatures cache entries
#
# max-signature-cache-entries=
#################################
# max-tcp-connection-duration Maximum time in seconds that a TCP DNS connection is allowed to stay open.
#
# max-tcp-connection-duration=0
#################################
# max-tcp-connections Maximum number of TCP connections
#
# max-tcp-connections=20
#################################
# max-tcp-connections-per-client Maximum number of simultaneous TCP connections per client
#
# max-tcp-connections-per-client=0
#################################
# max-tcp-transactions-per-conn Maximum number of subsequent queries per TCP connection
#
# max-tcp-transactions-per-conn=0
#################################
# module-dir Default directory for modules
#
module-dir=/usr/lib64/pdns
#################################
# negquery-cache-ttl Seconds to store negative query results in the QueryCache
#
# negquery-cache-ttl=60
#################################
# no-shuffle Set this to prevent random shuffling of answers - for regression testing
#
# no-shuffle=off
#################################
# non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
#
# non-local-bind=no
#################################
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
#
# only-notify=0.0.0.0/0,::/0
#################################
# outgoing-axfr-expand-alias Expand ALIAS records during outgoing AXFR
#
# outgoing-axfr-expand-alias=no
#################################
# overload-queue-length Maximum queuelength moving to packetcache only
#
# overload-queue-length=0
#################################
# prevent-self-notification Don't send notifications to what we think is ourself
#
# prevent-self-notification=yes
#################################
# primary Act as a primary
#
# primary=no
#################################
# query-cache-ttl Seconds to store query results in the QueryCache
#
# query-cache-ttl=20
#################################
# query-local-address Source IP addresses for sending queries
#
# query-local-address=0.0.0.0 ::
#################################
# query-logging Hint backends that queries should be logged
#
# query-logging=no
#################################
# queue-limit Maximum number of milliseconds to queue a query
#
# queue-limit=1500
#################################
# receiver-threads Default number of receiver threads to start
#
# receiver-threads=1
#################################
# resolver Use this resolver for ALIAS and the internal stub resolver
#
# resolver=no
#################################
# retrieval-threads Number of AXFR-retrieval threads for slave operation
#
# retrieval-threads=2
#################################
# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
#
# reuseport=no
#################################
# rng Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.
#
# rng=auto
#################################
# secondary Act as a secondary
#
# secondary=no
#################################
# secondary-do-renotify If this secondary should send out notifications after receiving zone transfers from a primary
#
# secondary-do-renotify=no
#################################
# security-poll-suffix Zone name from which to query security update notifications
#
# security-poll-suffix=
#################################
# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a zone
#
# send-signed-notify=yes
#################################
# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom
#
# server-id=
#################################
# setgid If set, change group id to this gid for more security
#
setgid=pdns
#################################
# setuid If set, change user id to this uid for more security
#
setuid=pdns
#################################
# signing-threads Default number of signer threads to start
#
# signing-threads=3
#################################
# slave Act as a secondary
#
#slave=yes
#################################
# slave-cycle-interval Schedule slave freshness checks once every .. seconds
#
# slave-cycle-interval=60
#################################
# slave-renotify If we should send out notifications for secondaried updates
#
# slave-renotify=no
#################################
# socket-dir Where the controlsocket will live, /var/run/pdns when unset and not chrooted. Set to the RUNTIME_DIRECTORY environment variable when that variable has a value (e.g. under systemd).
#
# socket-dir=
#################################
# superslave Act as a autosecondary
#
# superslave=no
#################################
# svc-autohints Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone)
#
# svc-autohints=no
#################################
# tcp-control-address If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-address=
#################################
# tcp-control-port If set, PowerDNS can be controlled over TCP on this address
#
# tcp-control-port=53000
#################################
# tcp-control-range If set, remote control of PowerDNS is possible over these networks only
#
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
#################################
# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret
#
# tcp-control-secret=
#################################
# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
#
# tcp-fast-open=0
#################################
# tcp-idle-timeout Maximum time in seconds that a TCP DNS connection is allowed to stay open while being idle
#
# tcp-idle-timeout=5
#################################
# traceback-handler Enable the traceback handler (Linux only)
#
# traceback-handler=yes
#################################
# trusted-notification-proxy IP address of incoming notification proxy
#
# trusted-notification-proxy=
#################################
# udp-truncation-threshold Maximum UDP response size before we truncate
#
# udp-truncation-threshold=1232
#################################
# upgrade-unknown-types Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up
#
# upgrade-unknown-types=no
#################################
# version-string PowerDNS version in packets - full, anonymous, powerdns or custom
#
# version-string=full
version-string=ScoobyHost 0.1 Alpha
#################################
# webserver Start a webserver for monitoring (api=yes also enables the HTTP listener)
#
# webserver=no
#################################
# webserver-address IP Address of webserver/API to listen on
#
# webserver-address=127.0.0.1
#################################
# webserver-allow-from Webserver/API access is only allowed from these subnets
#
# webserver-allow-from=127.0.0.1,::1
#################################
# webserver-loglevel Amount of logging in the webserver (none, normal, detailed)
#
# webserver-loglevel=normal
#################################
# webserver-max-bodysize Webserver/API maximum request/response body size in megabytes
#
# webserver-max-bodysize=2
#################################
# webserver-password Password required for accessing the webserver
#
# webserver-password=
#################################
# webserver-port Port of webserver/API to listen on
#
# webserver-port=8081
#################################
# webserver-print-arguments If the webserver should print arguments
#
# webserver-print-arguments=no
#################################
# write-pid Write a PID file
#
# write-pid=yes
#################################
# xfr-cycle-interval Schedule primary/secondary SOA freshness checks once every .. seconds
#
# xfr-cycle-interval=60
#################################
# xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR
#
# xfr-max-received-mbytes=100
#################################
# zone-cache-refresh-interval Seconds to cache list of known zones
#
# zone-cache-refresh-interval=300
#################################
# zone-metadata-cache-ttl Seconds to cache zone metadata from the database
#
# zone-metadata-cache-ttl=60
EOF
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
setsebool -P pdns_can_network_connect_db 1
setsebool -P nis_enabled 1
fi
sed -i 's/ //g' /etc/pdns/pdns.conf
systemctl enable --nom pdns
}
}
###########################################
#### Install/Configure Apache or Nginx ####
###########################################
function webserver_install() {
{
if [ ! -d /var/www/html/$WEB_HOST_NAME ]; then
mkdir -p /var/www/html/$WEB_HOST_NAME
fi
if [ $HTTP = apache ]; then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} install build-essential apache2 php php-dev php-fpm php-gd php-intl php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring gettext libmcrypt-dev
pecl channel-update pecl.php.net
pecl update-channels
expect -f - <<-EOF
set timeout 10
spawn pecl install mcrypt
expect "libmcrypt prefix?"
send -- "\r"
expect eof
EOF
sed -i 's/;extension=shmop/extension=mcrypt.so/g' /etc/php/*/cli/php.ini
sed -i 's/;extension=shmop/extension=mcrypt.so/g' /etc/php/*/apache2/php.ini
if ! php -m | grep mcrypt; then
echo ''
echo 'mcrypt did not install correctly on this Ubuntu machine...!'
exit 1
fi
systemctl restart apache2
else
${PAKMGR} install httpd php74 php74-php-devel php74-php-fpm php74-php-gd php74-php-intl php74-php-mysqlnd php74-php-odbc php74-php-pear php74-php-xml php74-php-xmlrpc php74-php-mbstring php74-php-pecl-mcrypt gettext
fi
if [ "${OS}" = ubuntu ]; then
path=/etc/apache2/sites-available/$WEB_HOST_NAME.conf
else
path=/etc/httpd/conf.d/$WEB_HOST_NAME.conf
fi
{
echo '<VirtualHost *:80>'
echo " ServerAdmin admin@n$WEB_HOST_NAME"
echo " ServerName $WEB_HOST_NAME"
echo " DocumentRoot /var/www/html/$WEB_HOST_NAME"
echo ' #DirectoryIndex index.php'
echo " #ErrorLog /var/log/httpd/$WEB_HOST_NAME-error.log"
echo " #CustomLog /var/log/httpd/$WEB_HOST_NAME-access.log combined"
echo ''
echo ' <IfModule !mod_php7.c>'
echo ' <FilesMatch \.(php|phar)$>'
if [ "${OS}" = ubuntu ]; then
echo ' SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"'
else
echo ' SetHandler "proxy:unix:/var/opt/remi/php74/run/php-fpm/www.sock|fcgi://localhost"'
fi
echo ' </FilesMatch>'
echo ' </IfModule>'
echo '</VirtualHost>'
} > $path
if [ "${OS}" = ubuntu ]; then
if ! apachectl configtest; then
echo ''
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------'
echo -e "\e[01;31m An Error was detected with apache2, Please manually look at the configuration to comfirm it's good" >&2
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------'
exit 1
fi
else
if ! httpd -t; then
echo ''
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
echo -e "\e[01;31m An Error was detected with httpd, Please manually look at the configuration to comfirm it's good" >&2
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
exit 1
fi
fi
if [ "${OS}" = ubuntu ]; then
systemctl enable --now php-fpm
a2dissite 000-default
a2ensite $WEB_HOST_NAME
systemctl enable apache2
systemctl reload apache2
else
chcon -R -t httpd_sys_content_t /var/www/html/$WEB_HOST_NAME
systemctl enable --now php74-php-fpm
systemctl enable --now httpd
fi
elif [ $HTTP = nginx ]; then
if [ "${OS}" = ubuntu ]; then
${PAKMGR} install build-essential php php-cli php-dev php-fpm php-gd php-intl php-json php-mysql php-pear php-xml php-xmlrpc php-mbstring gettext libmcrypt-dev
pecl channel-update pecl.php.net
pecl update-channels
expect -f - <<-EOF
set timeout 10
spawn pecl install mcrypt
expect "libmcrypt prefix?"
send -- "\r"
expect eof
EOF
sed -i 's/;extension=shmop/extension=mcrypt.so/g' /etc/php/*/cli/php.ini
sed -i 's/;extension=shmop/extension=mcrypt.so/g' /etc/php/*/apache2/php.ini
systemctl disable --now apache2
systemctl mask apache2
if ! php -m | grep mcrypt; then
echo ''
echo 'mcrypt did not install correctly on this Ubuntu machine...!'
exit 1
systemctl disable --now httpd
systemctl mask httpd
fi
else
${PAKMGR} install php php-fpm php-cli php-mysqlnd php-pecl-mcrypt php-json php-intl
chown apache:apache /var/lib/php/sessions
systemctl disable --now httpd
systemctl mask httpd
fi
fi
${PAKMGR} install nginx
if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then
if ! grep "listen = /run/php-fpm/www.sock" /etc/php-fpm.d/www.conf; then
sed -i '/listen = */c\listen = \/run\/php-fpm\/www.sock' /etc/php-fpm.d/www.conf
fi
fi
if [ "${OS}" = ubuntu ]; then
path=/etc/nginx/sites-available/$WEB_HOST_NAME.conf
else
path=/etc/nginx/conf.d/$WEB_HOST_NAME.conf
fi
# shellcheck disable=SC2016
{
echo 'server {'
echo " server_name $WEB_HOST_NAME;"
echo ' listen 80;'
echo ''
echo " root /var/www/html/$WEB_HOST_NAME;"
echo " #access_log /var/log/nginx/$WEB_HOST_NAME-access_log;"
echo " #error_log /var/log/nginx/$WEB_HOST_NAME-error_log;"
echo ''
echo ' index index.php;'
echo ''
echo ' location / {'
echo ' try_files $uri $uri/ /index.php?query_string;'
echo ' }'
echo ''
echo ' location ~ \.php$ {'
echo ' fastcgi_index index.php;'
echo ' fastcgi_split_path_info ^(.+\.php)(.*)$;'
echo ' fastcgi_keep_conn on;'
echo ' include /etc/nginx/fastcgi_params;'
if [ "${OS}" = ubuntu ]; then
echo ' fastcgi_pass unix:/run/php/php-fpm.sock;'
else
echo ' fastcgi_pass unix:/run/php-fpm/www.sock;'
fi
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
echo ' }'
echo ''
echo ' location ~/\.ht {'
echo ' deny all;'
echo ' }'
echo ''
echo '}'
} > $path
if ! nginx -t; then
echo ''
echo -e '\e[01;37m --------------------------------------------------------------------------------------------------'
echo -e "\e[01;31m An Error was detected with nginx, Please manually look at the configuration to comfirm it's good" >&2
echo -e '\e[01;37m --------------------------------------------------------------------------------------------------'
exit 1
fi
if [ "${OS}" = ubuntu ]; then
rm /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/$WEB_HOST_NAME.conf /etc/nginx/sites-enabled/$WEB_HOST_NAME
systemctl enable --now php-fpm
systemctl enable nginx
systemctl start nginx
else
systemctl enable --now php-fpm
systemctl enable nginx
chcon -R -t httpd_sys_content_t /var/www/html/$WEB_HOST_NAME
systemctl start nginx
fi
}
}
############################
#### Install PowerAdmin ####
############################
function pdns_admin_install() {
{
if [ ! -d /var/www/html/$WEB_HOST_NAME ]; then
mkdir -p /var/www/html/$WEB_HOST_NAME
fi
${PAKMGR} install git
cd /var/www/html/$WEB_HOST_NAME || exit
git clone https://github.com/poweradmin/poweradmin.git
mv poweradmin/* .
rm -rf poweradmin/
find /var/www/html/$WEB_HOST_NAME/ -type d -exec chmod 755 {} \;
find /var/www/html/$WEB_HOST_NAME/ -type f -exec chmod 644 {} \;
if [ "${OS}" = ubuntu ]; then
chown www-data:www-data /var/www/html/$WEB_HOST_NAME/
else
chown apache:apache /var/www/html/$WEB_HOST_NAME/
chown apache:apache /var/lib/php/session
fi
}
}
##########################################
#### Install Certbot and request Cert ####
##########################################
install_certbot() {
{
if [ $HTTP = apache ]; then
${PAKMGR} install python3-certbot-apache
systemctl enable --now httpd
elif [ $HTTP = nginx ]; then
${PAKMGR} install python3-certbot-nginx
systemctl enable --now nginx
fi
#################################################################################################
#### Be sure that your domain has the proper dns entry or this will not work. ####
#### ####
#### If your domain is not properly configured and you know it, or you just wanna ####
#### test that you can get a cert uncomment this line ####
#### ####
#### certbot certonly --redirect --agree-tos --nginx -d $WEB_HOST_NAME -m "$EMAIL" --dry-run #### ####
#### and comment out this line ####
#### certbot --non-interactive --redirect --agree-tos -d $WEB_HOST_NAME -m "$EMAIL" ####
#################################################################################################
if [ $HTTP = apache ]; then
certbot certonly --redirect --agree-tos --apache -d $WEB_HOST_NAME -m "$EMAIL" --dry-run -v
#certbot --non-interactive --redirect --agree-tos --apache -d $WEB_HOST_NAME -m "$EMAIL"
systemctl restart httpd
elif [ $HTTP = nginx ]; then
certbot certonly --redirect --agree-tos --nginx -d $WEB_HOST_NAME -m "$EMAIL" --dry-run -v
#certbot --non-interactive --redirect --agree-tos --nginx -d $WEB_HOST_NAME -m "$EMAIL"
systemctl restart nginx
fi
if [ "${OS}" = ubuntu ]; then
if ! grep "certbot" /var/spool/cron/crontab/root; then
echo "0 */12 * * * root certbot -q renew" >>/etc/crontab
fi
else
if ! grep "certbot" /var/spool/cron/root; then
echo "0 */12 * * * root certbot -q renew" >>/var/spool/cron/root
fi
fi
}
}
#######################
#### Final Message ####
#######################
function install_complete() {
{
if [ ! -d /etc/letsencrypt/live/$WEB_HOST_NAME ]; then
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------------'
echo -e "\e[01;32m You should now be able to complete the Poweradmin setup by accessing it here http://$host/install/ or by ip http://$ip4/install/"
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------------'
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
else
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------------'
echo -e "\e[01;32m You should now be able to complete the Poweradmin setup by accessing it here https://$host/install/ or by ip https://$ip4/install/"
echo -e '\e[01;37m -----------------------------------------------------------------------------------------------------------'
echo -e '\e[01;37m ----------------------------------------------------------------------------------------------------'
fi
}
}
##################
#### Code End ####
##################
check_RootUser
install_mysql
secure_mysql
pdns_db_install
pdns_app_install
webserver_install
pdns_admin_install
install_certbot
install_complete
mysql -e "CREATE DATABASE powerdns /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -e "CREATE USER pdns@localhost IDENTIFIED BY '$MY_PDNS_PW';"
mysql -e "GRANT ALL PRIVILEGES ON powerdns.* TO 'pdns'@'localhost';"
# mysql -e "ALTER USER 'pdns'@'localhost' IDENTIFIED BY 'linda6!3!';"
mysql -e "FLUSH PRIVILEGES;"
6xt3gXm?+5D6
Reference in New Issue View Git Blame Copy Permalink