zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-17 10:06:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Various housekeeping changes

Browse source
This commit is contained in:
Pinga 2025-02-17 14:41:56 +02:00
parent ad9b38acf1
commit 3171adc1b2
10 changed files with 230 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

8
automation/config.php.dist
View file

@ -105,4 +105,12 @@ return [
// IANA Email for Submission Logs // IANA Email for Submission Logs
'iana_email' => 'admin@example.com', // Email address to be used for IANA submission 'iana_email' => 'admin@example.com', // Email address to be used for IANA submission
// Registry Admin Email
'admin_email' => 'admin@example.com', // Receives system notifications
// Exchange Rate Configuration
'exchange_rate_api_key' => "", // Your exchangerate.host API key
'exchange_rate_base_currency' => "USD",
'exchange_rate_currencies' => ["EUR", "GBP", "JPY", "CAD", "AUD"], // Configurable list
]; ];

7
automation/cron.php
View file

@ -17,6 +17,7 @@
// 'gtld_mode' => false, // Enable or disable gTLD mode // 'gtld_mode' => false, // Enable or disable gTLD mode
// 'spec11' => false, // Enable or disable Spec 11 checks // 'spec11' => false, // Enable or disable Spec 11 checks
// 'dnssec' => false, // Enable or disable DNSSEC // 'dnssec' => false, // Enable or disable DNSSEC
// 'exchange_rates' => false, // Enable or disable exchange rate download
// ]; // ];
// //
// Any keys omitted in cron_config.php will fall back to the defaults // Any keys omitted in cron_config.php will fall back to the defaults
@ -31,6 +32,7 @@ $defaultConfig = [
'gtld_mode' => false, // Set to true to enable 'gtld_mode' => false, // Set to true to enable
'spec11' => false, // Set to true to enable 'spec11' => false, // Set to true to enable
'dnssec' => false, // Set to true to enable 'dnssec' => false, // Set to true to enable
'exchange_rates' => false, // Set to true to enable
]; ];
// Load External Config if Exists // Load External Config if Exists
@ -58,7 +60,6 @@ $scheduler->php('/opt/registry/automation/auto-approve-transfer.php')->at('*/30
$scheduler->php('/opt/registry/automation/auto-clean-unused-contact-and-host.php')->at('5 0 * * *'); $scheduler->php('/opt/registry/automation/auto-clean-unused-contact-and-host.php')->at('5 0 * * *');
$scheduler->php('/opt/registry/automation/archive-logs.php')->at('0 1 1 * *'); $scheduler->php('/opt/registry/automation/archive-logs.php')->at('0 1 1 * *');
$scheduler->php('/opt/registry/automation/exchange-rates.php')->at('0 1 * * *');
// Conditional Cron Jobs // Conditional Cron Jobs
if ($cronJobConfig['accounting']) { if ($cronJobConfig['accounting']) {
@ -90,5 +91,9 @@ if ($cronJobConfig['gtld_mode']) {
$scheduler->php('/opt/registry/automation/reporting.php')->at('1 0 1 * *'); $scheduler->php('/opt/registry/automation/reporting.php')->at('1 0 1 * *');
} }
if ($cronJobConfig['exchange_rates']) {
$scheduler->php('/opt/registry/automation/exchange-rates.php')->at('0 1 * * *');
}
// Run Scheduled Tasks // Run Scheduled Tasks
$scheduler->run(); $scheduler->run();

12
automation/exchange-rates.php
View file

@ -1,15 +1,13 @@
<?php <?php
// Configuration
$apiKey = ""; // Your API key
$baseCurrency = "USD";
$currencies = ["EUR", "GBP", "JPY", "CAD", "AUD"]; // Configurable list
$outputFile = "/var/www/cp/resources/exchange_rates.json";
$lockFile = "/tmp/update_exchange_rates.lock";
$c = require_once 'config.php'; $c = require_once 'config.php';
require_once 'helpers.php'; require_once 'helpers.php';
$apiKey = $c['exchange_rate_api_key'];
$baseCurrency = $c['exchange_rate_base_currency'];
$currencies = $c['exchange_rate_currencies'];
$outputFile = "/var/www/cp/resources/exchange_rates.json";
$lockFile = "/tmp/update_exchange_rates.lock";
$logFilePath = '/var/log/namingo/exchange-rates.log'; $logFilePath = '/var/log/namingo/exchange-rates.log';
$log = setupLogger($logFilePath, 'EXCHANGE_RATES'); $log = setupLogger($logFilePath, 'EXCHANGE_RATES');
$log->info('job started.'); $log->info('job started.');

2
automation/helpers.php
View file

@ -67,7 +67,7 @@ function setupLogger($logFilePath, $channelName = 'app') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $config['mailer_smtp_port']; $mail->Port = $config['mailer_smtp_port'];
$mail->setFrom($config['mailer_from'], 'Registry System'); $mail->setFrom($config['mailer_from'], 'Registry System');
$mail->addAddress($config['iana_email']); $mail->addAddress($config['admin_email']);
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);

2
das/helpers.php
View file

@ -59,7 +59,7 @@ function setupLogger($logFilePath, $channelName = 'app') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $config['mailer_smtp_port']; $mail->Port = $config['mailer_smtp_port'];
$mail->setFrom($config['mailer_from'], 'Registry System'); $mail->setFrom($config['mailer_from'], 'Registry System');
$mail->addAddress($config['iana_email']); $mail->addAddress($config['admin_email']);
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);

205
docs/configuration.md
View file

@ -176,7 +176,7 @@ To set up backups in Namingo:
1. Rename `/opt/registry/automation/backup.json.dist` and `/opt/registry/automation/backup-upload.json.dist` to `backup.json` and `backup-upload.json`, respectively. Edit both files to include the correct database and other required details. 1. Rename `/opt/registry/automation/backup.json.dist` and `/opt/registry/automation/backup-upload.json.dist` to `backup.json` and `backup-upload.json`, respectively. Edit both files to include the correct database and other required details.
2. Enable the backup functionality in `cron.php` or `cron_config.php` and make sure you follow the instructions in section **1.4.6. Running the Automation System** to activate the automation system on your server. 2. Enable the backup functionality in `cron.php` or `cron_config.php` and make sure you follow the instructions in section **1.4.9. Running the Automation System** to activate the automation system on your server.
#### 1.4.5. RDE (Registry data escrow) configuration #### 1.4.5. RDE (Registry data escrow) configuration
@ -227,29 +227,27 @@ gpg2 --armor --export-secret-keys your.email@example.com > privatekey.asc
**1.4.5.4. Use in RDE deposit generation**: Please send the exported `publickey.asc` to your RDE provider, and also place the path to `privatekey.asc` in the escrow.php system as required. **1.4.5.4. Use in RDE deposit generation**: Please send the exported `publickey.asc` to your RDE provider, and also place the path to `privatekey.asc` in the escrow.php system as required.
#### 1.4.6. Running the Automation System #### 1.4.6. Setting Up Exchange Rate Download
1. After successfully configuring all the components of the automation system as outlined in the previous sections, you can proceed to initiate the system. To enable exchange rate updates, follow these steps:
2. Create the configuration file at `/opt/registry/automation/cron_config.php` with the specified structure, and adjust the values to suit your requirements. Note: If you are managing a gTLD, all services must be enabled for proper operation. 1. Edit `config.php`, modify the following settings and save the file.
```php ```php
<?php
return [ return [
'accounting' => false, // Enable or disable accounting // Exchange Rate Configuration
'backup' => false, // Enable or disable backup 'exchange_rate_api_key' => "", // Your exchangerate.host API key
'backup_upload' => false, // Enable or disable backup upload 'exchange_rate_base_currency' => "USD", // Base currency
'gtld_mode' => false, // Enable or disable gTLD mode 'exchange_rate_currencies' => ["EUR", "GBP", "JPY", "CAD", "AUD"], // Target currencies
'spec11' => false, // Enable or disable Spec 11 checks
'dnssec' => false, // Enable or disable DNSSEC
]; ];
``` ```
3. Add the following cron job to the system crontab using ```crontab -e```: 2. Enable Exchange Rate Generation
```bash Ensure your `cron.php` or `cron_config.php` executes the exchange rate update script by setting `exchange_rates` to `true`.
* * * * * /usr/bin/php /opt/registry/automation/cron.php 1>> /dev/null 2>&1
``` If this is not enabled, you will need to manually edit `/var/www/cp/resources/exchange_rates.json` to provide exchange rates.
#### 1.4.7. Zone generator custom records #### 1.4.7. Zone generator custom records
@ -297,6 +295,134 @@ In `/opt/registry/tests/`, you will find three notification scripts:
Some registries may wish to use these scripts and run them automatically. Each script includes comments at the beginning that explain the recommended cron job schedule. Some registries may wish to use these scripts and run them automatically. Each script includes comments at the beginning that explain the recommended cron job schedule.
#### 1.4.9. Running the Automation System
1. After successfully configuring all the components of the automation system as outlined in the previous sections, you can proceed to initiate the system.
2. Create the configuration file at `/opt/registry/automation/cron_config.php` with the specified structure, and adjust the values to suit your requirements. Note: If you are managing a gTLD, all services must be enabled for proper operation.
```php
<?php
return [
'accounting' => false, // Enable or disable accounting
'backup' => false, // Enable or disable backup
'backup_upload' => false, // Enable or disable backup upload
'gtld_mode' => false, // Enable or disable gTLD mode
'spec11' => false, // Enable or disable Spec 11 checks
'dnssec' => false, // Enable or disable DNSSEC
'exchange_rates' => false, // Enable or disable exchange rate download
];
```
3. Add the following cron job to the system crontab using ```crontab -e```:
```bash
* * * * * /usr/bin/php /opt/registry/automation/cron.php 1>> /dev/null 2>&1
```
### 1.5. SFTP Server Setup for ICANN
1. Install OpenSSH Server
```bash
apt update && apt install openssh-server
```
2. Configure SSH for SFTP
Edit SSH config:
```bash
nano /etc/ssh/sshd_config
```
Add at the end:
```bash
Subsystem sftp internal-sftp
Match Address 192.0.47.240,192.0.32.241,2620:0:2830:241::c613,2620:0:2d0:241::c6a5
PasswordAuthentication no
PermitRootLogin no
Match User sftpuser
ChrootDirectory /home/sftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
```
Restart SSH:
```bash
systemctl restart ssh
```
3. Create SFTP User
```bash
groupadd sftp_users
useradd -m -G sftp_users -s /usr/sbin/nologin sftpuser
```
4. Set Directory Permissions
```bash
chown root:root /home/sftpuser
chmod 755 /home/sftpuser
mkdir -p /home/sftpuser/files
chown sftpuser:sftp_users /home/sftpuser/files
chmod 700 /home/sftpuser/files
```
5. Whitelist ICANN IPs in UFW
```bash
ufw allow OpenSSH
ufw allow from 192.0.47.240 to any port 22
ufw allow from 192.0.32.241 to any port 22
ufw allow from 2620:0:2830:241::c613 to any port 22
ufw allow from 2620:0:2d0:241::c6a5 to any port 22
ufw enable
```
6. Generate and Add SSH Key for ICANN
```bash
ssh-keygen -t rsa -b 2048 -f icann_sftp_key -C "icann_sftp"
```
```bash
mkdir /home/sftpuser/.ssh
chmod 700 /home/sftpuser/.ssh
nano /home/sftpuser/.ssh/authorized_keys
```
Paste `icann_sftp_key.pub`, then set permissions:
```bash
sudo chmod 600 /home/sftpuser/.ssh/authorized_keys
sudo chown -R sftpuser:sftp_users /home/sftpuser/.ssh
```
7. Update DNS for `sftp.namingo.org`
Create an A record pointing `sftp.namingo.org``<your-server-ip>`.
8. Send ICANN the Following
- SFTP Host: `sftp://sftp.namingo.org`
- Port: `22`
- Username: `sftpuser`
- Public Key: `icann_sftp_key.pub`
- File Path: `/files`
9. Test SFTP Access
```bash
sftp -i icann_sftp_key sftpuser@sftp.namingo.org
```
## 2. Recommended Components and Integrations ## 2. Recommended Components and Integrations
This section outlines recommended components to enhance the functionality and reliability of your Namingo setup. These include essential services like DNS servers, monitoring tools, and other integrations that can help maintain a robust registry environment. This section outlines recommended components to enhance the functionality and reliability of your Namingo setup. These include essential services like DNS servers, monitoring tools, and other integrations that can help maintain a robust registry environment.
@ -520,6 +646,44 @@ Check the BIND9 logs to ensure that the .test zone is loaded without errors:
grep named /var/log/syslog grep named /var/log/syslog
``` ```
#### Setup DNSSEC KSK Rollover:
Create `/etc/systemd/system/dnssec-rollover.timer`:
```bash
[Unit]
Description=Run DNSSEC rollover script every 12 hours
[Timer]
OnCalendar=*-*-* 00,12:00:00
Persistent=true
[Install]
WantedBy=timers.target
```
Then create `/etc/systemd/system/dnssec-rollover.service`:
```bash
[Unit]
Description=DNSSEC Rollover Script
[Service]
ExecStart=/opt/registry/automation/dnssec-rollover.sh
User=root
StandardOutput=append:/var/log/namingo/dnssec-rollover.log
StandardError=append:/var/log/namingo/dnssec-rollover.log
```
Enable and start the timer:
```bash
systemctl daemon-reload
systemctl enable --now dnssec-rollover.timer
```
This ensures **automatic execution every 12 hours** and logs output.
### 2.2. Setup Hidden Master DNS with Knot DNS and DNSSEC ### 2.2. Setup Hidden Master DNS with Knot DNS and DNSSEC
#### Install Knot DNS and its utilities: #### Install Knot DNS and its utilities:
@ -1332,6 +1496,17 @@ return [
// Drop settings // Drop settings
'dropStrategy' => 'random', // Options: 'fixed', 'random' 'dropStrategy' => 'random', // Options: 'fixed', 'random'
'dropTime' => '02:00:00', // Time of day to perform drops if 'fixed' strategy is used 'dropTime' => '02:00:00', // Time of day to perform drops if 'fixed' strategy is used
// IANA Email for Submission Logs
'iana_email' => 'admin@example.com', // Email address to be used for IANA submission
// Registry Admin Email
'admin_email' => 'admin@example.com', // Receives system notifications
// Exchange Rate Configuration
'exchange_rate_api_key' => "", // Your exchangerate.host API key
'exchange_rate_base_currency' => "USD",
'exchange_rate_currencies' => ["EUR", "GBP", "JPY", "CAD", "AUD"], // Configurable list
]; ];
``` ```

14
docs/update1016.sh
View file

@ -156,6 +156,19 @@ else
echo "New error_log table created successfully." echo "New error_log table created successfully."
fi fi
CONFIG_FILE="/opt/registry/automation/config.php"
# Define the content to insert
INSERT_CONTENT="\n // Registry Admin Email\n 'admin_email' => 'admin@example.com', // Receives system notifications\n\n // Exchange Rate Configuration\n 'exchange_rate_api_key' => "", // Your exchangerate.host API key\n 'exchange_rate_base_currency' => "USD",\n 'exchange_rate_currencies' => [\"EUR\", \"GBP\", \"JPY\", \"CAD\", \"AUD\"], // Configurable list\n"
# Check if 'admin_email' exists and insert only if it does not exist
if ! grep -q "'admin_email' => 'admin@example.com'" "$CONFIG_FILE"; then
sed -i "/'iana_email' =>.*,/a\\$INSERT_CONTENT" "$CONFIG_FILE"
echo "Configuration updated successfully."
else
echo "'admin_email' already exists. No changes made."
fi
# Start services # Start services
echo "Starting services..." echo "Starting services..."
systemctl start epp systemctl start epp
@ -175,3 +188,4 @@ else
fi fi
echo "Upgrade to v1.0.16 completed successfully." echo "Upgrade to v1.0.16 completed successfully."
echo "Make sure you review and edit /opt/registry/automation/config.php"

2
epp/src/helpers.php
View file

@ -70,7 +70,7 @@ function setupLogger($logFilePath, $channelName = 'app') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $config['mailer_smtp_port']; $mail->Port = $config['mailer_smtp_port'];
$mail->setFrom($config['mailer_from'], 'Registry System'); $mail->setFrom($config['mailer_from'], 'Registry System');
$mail->addAddress($config['iana_email']); $mail->addAddress($config['admin_email']);
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);

2
rdap/helpers.php
View file

@ -59,7 +59,7 @@ function setupLogger($logFilePath, $channelName = 'app') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $config['mailer_smtp_port']; $mail->Port = $config['mailer_smtp_port'];
$mail->setFrom($config['mailer_from'], 'Registry System'); $mail->setFrom($config['mailer_from'], 'Registry System');
$mail->addAddress($config['iana_email']); $mail->addAddress($config['admin_email']);
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);

2
whois/port43/helpers.php
View file

@ -59,7 +59,7 @@ function setupLogger($logFilePath, $channelName = 'app') {
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = $config['mailer_smtp_port']; $mail->Port = $config['mailer_smtp_port'];
$mail->setFrom($config['mailer_from'], 'Registry System'); $mail->setFrom($config['mailer_from'], 'Registry System');
$mail->addAddress($config['iana_email']); $mail->addAddress($config['admin_email']);
// Attach PHPMailer to Monolog // Attach PHPMailer to Monolog
$mailerHandler = new PHPMailerHandler($mail); $mailerHandler = new PHPMailerHandler($mail);