zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-10 08:48:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
getnamingo-registry/docs/install.md
Pinga 3e25d7afad Rewritten the install guide
2023-12-03 00:54:35 +02:00

14 KiB
Raw Blame History

Installation & Usage

1. Install the required packages:

add-apt-repository ppa:ondrej/php
apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key
gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update && apt upgrade
apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois

Configure PHP:

Edit the PHP Configuration Files:

nano /etc/php/8.2/cli/php.ini
nano /etc/php/8.2/fpm/php.ini

Locate or add these lines in php.ini, also replace example.com with your registry domain name:

opcache.enable=1
opcache.enable_cli=1
opcache.jit_buffer_size=100M
opcache.jit=1255

session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = "Strict"
session.cookie_domain = example.com

After configuring PHP, restart the service to apply changes:

systemctl restart php8.2-fpm

2. Database installation (please choose one):

2a. Install and configure MariaDB:

curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'

Place the following in /etc/apt/sources.list.d/mariadb.sources:

# MariaDB 10.11 repository list - created 2023-12-02 22:16 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/10.11/ubuntu
URIs: https://mirrors.chroot.ro/mariadb/repo/10.11/ubuntu
Suites: jammy
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

apt-get update
apt install -y mariadb-client mariadb-server php8.2-mysql
mysql_secure_installation

2b. Install and configure PostgreSQL:

sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
apt update
apt install -y postgresql postgresql-client php8.2-pgsql
psql --version

Now you need to update PostgreSQL Admin User Password:

sudo -u postgres psql
postgres=#
postgres=# ALTER USER postgres PASSWORD 'demoPassword';
postgres=# CREATE DATABASE registry;
postgres=# \q

3. Install Adminer:

mkdir /usr/share/adminer
wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php
ln -s /usr/share/adminer/latest.php /usr/share/adminer/adminer.php

4. Download Namingo:

First, clone the Namingo registry repository into the /opt/registry directory:

git clone https://github.com/getnamingo/registry /opt/registry

Next, create the directory for Namingo logs. This directory will be used to store log files generated by the Namingo registry:

mkdir -p /var/log/namingo

Import the provided database file for your database type.

5. Configuring UFW Firewall:

To securely set up the UFW (Uncomplicated Firewall) for your registry, follow these commands:

ufw allow 80/tcp
ufw allow 80/udp
ufw allow 443/tcp
ufw allow 443/udp
ufw allow 700/tcp
ufw allow 700/udp
ufw allow 43/tcp
ufw allow 43/udp
ufw allow 53/tcp
ufw allow 53/udp

6. Configure Caddy webserver:

Edit /etc/caddy/Caddyfile and place the following content:

rdap.example.com {
    bind YOUR_IPV4_ADDRESS YOUR_IPV6_ADDRESS
    reverse_proxy localhost:7500
    encode gzip
    file_server
    tls your-email@example.com
    header * {
        Referrer-Policy "no-referrer"
        Strict-Transport-Security max-age=31536000;
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
        X-XSS-Protection "1; mode=block"
        Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
        Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
        Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
    }
}

whois.example.com {
    bind YOUR_IPV4_ADDRESS YOUR_IPV6_ADDRESS
    root * /var/www/whois
    encode gzip
    php_fastcgi unix//run/php/php8.2-fpm.sock
    file_server
    tls your-email@example.com
    header * {
        Referrer-Policy "no-referrer"
        Strict-Transport-Security max-age=31536000;
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
        X-XSS-Protection "1; mode=block"
        Content-Security-Policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';
        Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
        Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
    }
}

cp.example.com {
    bind NEW_IPV4_ADDRESS NEW_IPV6_ADDRESS
    root * /var/www/cp/public
    php_fastcgi unix//run/php/php8.2-fpm.sock
    encode gzip
    file_server
    tls your-email@example.com
    log {
        output file /var/log/caddy/access.log
        format console
    }
    log {
        output file /var/log/caddy/error.log
        level ERROR
    }
    # Adminer Configuration
    route /adminer.php* {
        root * /usr/share/adminer
        php_fastcgi unix//run/php/php8.2-fpm.sock
    }
    header * {
        Referrer-Policy "same-origin"
        Strict-Transport-Security max-age=31536000;
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
        X-XSS-Protection "1; mode=block"
        Content-Security-Policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://rsms.me; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/; form-action 'self'; worker-src 'none'; frame-src 'none';
        Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
        Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
    }
}

Activate and reload Caddy:

systemctl enable caddy
systemctl restart caddy

7. Control Panel Setup:

Use a file management tool or command line to copy the entire registry/cp/ directory and place it into the web server's root directory, typically /var/www/. The target path should be /var/www/cp/.

cp -r /path/to/registry/cp /var/www/

Configure Environment File:

Open your command line interface and navigate to the cp (control panel) directory.

Locate the file named env-sample (/var/www/cp/env-sample) in the control panel (cp) directory.

Rename this file to .env and update the settings within this file to suit your specific environment and application needs.

Install Dependencies:

Run the following command to install the required dependencies:

composer install

This command will install the dependencies defined in your composer.json file, ensuring that your control panel has all the necessary components to operate effectively.

8. Setup Web WHOIS:

mkdir -p /var/www/whois
cd /path/to/registry/whois/web
cp -r * /var/www/whois

Change your working directory to /var/www/whois/ using a command line interface. This can be done with the command cd /var/www/whois/.

Once in the correct directory, run the following command to install necessary dependencies:

composer require gregwar/captcha

This command will install the gregwar/captcha package, which is required for the WHOIS web interface functionality.

9. Setup WHOIS:

cd /opt/registry/whois/port43
composer install
mv config.php.dist config.php

Configure all options in config.php and run php start_whois.php &

10. Setup RDAP:

cd /opt/registry/rdap
composer install
mv config.php.dist config.php

Configure all options in config.php and run php start_rdap.php &

11. Setup EPP:

cd /opt/registry/epp
composer install
mv config.php.dist config.php

Configure all options in config.php and run php start_epp.php &

12. Setup Automation Scripts:

cd /opt/registry/automation
composer install
mv config.php.dist config.php

Configure all options in config.php.

Install Optional Dependencies:

Execute one of the following commands to install the optional dependencies:

composer require utopia-php/messaging

or

composer require phpmailer/phpmailer

This command will install one of the packages which are essential for the notification script to function correctly.

Configuring the Crontab for Automation Scripts

To set up automated tasks for Namingo, open the example crontab file located at /opt/registry/automation/crontab.example. Review the contents and copy the relevant lines into your system's crontab file. Remember to adjust the paths and timings as necessary to suit your environment.

Running the notifications.php Script in the Background

To run the notifications.php script as a background process, execute the following command: /usr/bin/php /opt/registry/automation/notifications.php &. This will start the script and place it in the background, allowing it to run independently of your current terminal session.

Setting Up an Audit Trail Database for Namingo

To create an audit trail database for Namingo, start by editing the configuration file located at /opt/registry/automation/audit.json with the correct database details. This includes specifying the database connection parameters such as host, username, and password. Once your configuration is set up, create a new database named registryAudit. After the database is created, run the command:

/opt/registry/automation/vendor/bin/audit -v audit /opt/registry/automation/audit.json

This will initialize and configure the audit trail functionality. This process ensures that all necessary tables and structures are set up in the registryAudit database, enabling comprehensive auditing of Namingo's operations.

Currently, the audit trail setup for Namingo is supported only with MySQL or MariaDB databases. If you're using PostgreSQL, you'll need to utilize an external tool for audit logging, such as pgAudit, which provides detailed audit logging capabilities tailored for PostgreSQL environments.

Setup Backup

TODO

RDE (Registry data escrow) configuration:

Generate the Key Pair:

Create a configuration file, say key-config, with the following content:

%echo Generating a default key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Your Name
Name-Comment: Your Comment
Name-Email: your.email@example.com
Expire-Date: 0
%no-protection
%commit
%echo done

Replace "Your Name", "Your Comment", and "your.email@example.com" with your details.

Use the following command to generate the key:

gpg2 --batch --generate-key key-config

Your GPG key pair will now be generated.

Exporting Your Keys:

Public key:

gpg2 --armor --export your.email@example.com > publickey.asc

Replace your-email@example.com with the email address you used when generating the key.

Private key:

gpg2 --armor --export-secret-keys your.email@example.com > privatekey.asc

Secure Your Private Key:

Always keep your private key secure. Do not share it. If someone gains access to your private key, they can impersonate you in cryptographic operations.

Use in RDE deposit generation:

Please send the exported publickey.asc to your RDE provider, and also place the path to privatekey.asc in the escrow.php system as required.

13. Setup DAS:

cd /opt/registry/das
composer install
mv config.php.dist config.php

Configure all options in config.php and run php start_das.php &