Domain Registry =============== [![Build Status](https://travis-ci.org/internetee/registry.svg?branch=master)](https://travis-ci.org/internetee/registry) [![Code Climate](https://codeclimate.com/github/internetee/registry/badges/gpa.svg)](https://codeclimate.com/github/internetee/registry) [![Issue Count](https://codeclimate.com/github/internetee/registry/badges/issue_count.svg)](https://codeclimate.com/github/internetee/registry) [![Test Coverage](https://codeclimate.com/github/internetee/registry/badges/coverage.svg)](https://codeclimate.com/github/internetee/registry/coverage) [![Documentation Status](https://readthedocs.org/projects/eeregistry/badge/?version=latest)](http://docs.internet.ee/en/latest/?badge=latest) Full stack top-level domain (TLD) management. * [Documentation](#documentation) * [Installation](#installation) * [Deployment](#deployment) * [Autotesting](#autotesting) Documentation ------------- * [EPP documentation](/doc/epp) * [EPP request-response examples](/doc/epp-examples.md) * [REPP documentation](/doc/repp-doc.md) * [Database diagram](/doc/models_complete.svg) * [Controllers diagram](/doc/controllers_complete.svg) ### Updating documentation AUTODOC=true rspec spec/requests EPP_DOC=true rspec spec/epp --tag epp --require support/epp_doc.rb --format EppDoc > doc/epp-examples.md Installation ------------ ### Registry app Registry based on Rails 4 installation (rbenv install is under Debian build doc) Manual demo install and database setup: cd /home/registry git clone git@github.com:internetee/registry.git demo-registry cd demo-registry rbenv local 2.2.2 bundle cp config/application-example.yml config/application.yml # and edit it cp config/database-example.yml config/database.yml # and edit it bundle exec rake db:setup:all # for production, please follow deployment howto bundle exec rake:bootstrap bundle exec rake assets:precompile ### Apache with patched mod_epp (Debian 7/Ubuntu 14.04 LTS) sudo apt-get install apache2 sudo apt-get install apache2-threaded-dev # needed to compile mod_epp wget sourceforge.net/projects/aepps/files/mod_epp/1.10/mod_epp-1.10.tar.gz tar -xzvf mod_epp-1.10.tar.gz cd mod_epp-1.10 Patch mod_epp for Rack. Beacause Rack multipart parser expects specifically formatted content boundaries, the mod_epp needs to be modified before building: wget https://github.com/internetee/registry/raw/master/doc/patches/mod_epp_1.10-rack-friendly.patch wget https://raw.githubusercontent.com/domify/registry/master/doc/patches/mod_epp_1.10-frame-size.patch patch < mod_epp_1.10-rack-friendly.patch patch < mod_epp_1.10-frame-size.patch sudo apxs2 -a -c -i mod_epp.c Enable ssl: sudo a2enmod proxy_http sudo mkdir /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt sudo a2enmod ssl sudo nano /etc/apache2/sites-enabled/epp_ssl.conf For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-enabled/registry.conf short example: ``` ServerName your-domain ServerAdmin your@example.com PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini PassengerRuby /home/registry/.rbenv/shims/ruby PassengerEnabled on PassengerMinInstances 10 PassengerMaxPoolSize 10 PassengerPoolIdleTime 0 PassengerMaxRequests 1000 RailsEnv production # or staging DocumentRoot /home/registry/registry/current/public # Possible values include: debug, info, notice, warn, error, crit, LogLevel info ErrorLog /var/log/apache2/registry.error.log CustomLog /var/log/apache2/registry.access.log combined SSLEngine On SSLCertificateFile /etc/ssl/certs/your.crt SSLCertificateKeyFile /etc/ssl/private/your.key SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCACertificateFile /etc/ssl/certs/ca.pem SSLProtocol -all +TLSv1.2 SSLHonorCipherOrder On SSLCompression off SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH RewriteEnginriteEngine on RedirectMatch ^/$ /admin RedirectMatch ^/login$ /admin/login # for Apache older than version 2.4 Allow from all # for Apache verison 2.4 or newer # Require all granted Options -MultiViews Allow from none Deny from all Allow from all Allow from all ``` Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follows: ``` ServerName your-registrar-domain ServerAdmin your@example.com PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini PassengerRuby /home/registry/.rbenv/shims/ruby PassengerEnabled on PassengerMinInstances 10 PassengerMaxPoolSize 10 PassengerPoolIdleTime 0 PassengerMaxRequests 1000 RailsEnv production # or staging DocumentRoot /home/registry/registrar/current/public # Possible values include: debug, info, notice, warn, error, crit, LogLevel info ErrorLog /var/log/apache2/registrar.error.log CustomLog /var/log/apache2/registrar.access.log combined SSLEngine On SSLCertificateFile /etc/ssl/certs/your.crt SSLCertificateKeyFile /etc/ssl/private/your.key SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCACertificateFile /etc/ssl/certs/ca.pem SSLProtocol -all +TLSv1.2 SSLHonorCipherOrder On SSLCompression off SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH RewriteEngine on RedirectMatch ^/$ /registrar RedirectMatch ^/login$ /registrar/login # for Apache older than version 2.4 Allow from all # for Apache verison 2.4 or newer # Require all granted Options -MultiViews Allow from none Deny from all Allow from all Allow from all SSLVerifyClient none SSLVerifyDepth 1 SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl # Uncomment in Apache 2.4 # SSLCARevocationCheck chain RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_CERT "" SSLVerifyClient require RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" SSLVerifyClient require Options Indexes FollowSymLinks MultiViews SSLVerifyDepth 2 SSLOptions +StdEnvVars +ExportCertData ``` Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as follows: ``` ServerName your-registrant-domain ServerAdmin your@example.com PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini PassengerRuby /home/registry/.rbenv/shims/ruby PassengerEnabled on PassengerMinInstances 10 PassengerMaxPoolSize 10 PassengerPoolIdleTime 0 PassengerMaxRequests 1000 RailsEnv production # or staging DocumentRoot /home/registry/registrant/current/public # Possible values include: debug, info, notice, warn, error, crit, LogLevel info ErrorLog /var/log/apache2/registrant.error.log CustomLog /var/log/apache2/registrant.access.log combined SSLEngine On SSLCertificateFile /etc/ssl/certs/your.crt SSLCertificateKeyFile /etc/ssl/private/your.key SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCACertificateFile /etc/ssl/certs/ca.pem SSLProtocol -all +TLSv1.2 SSLHonorCipherOrder On SSLCompression off SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH RewriteEngine on RedirectMatch ^/$ /registrant RedirectMatch ^/login$ /registrant/login # for Apache older than version 2.4 Allow from all # for Apache verison 2.4 or newer # Require all granted Options -MultiViews Allow from none Deny from all Allow from all Allow from all SSLVerifyClient none SSLVerifyDepth 1 SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl # Uncomment in Apache 2.4 # SSLCARevocationCheck chain RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_CERT "" SSLVerifyClient require RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" SSLVerifyClient require Options Indexes FollowSymLinks MultiViews SSLVerifyDepth 2 SSLOptions +StdEnvVars +ExportCertData ``` For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp.conf short example: ``` ServerName your-repp-domain SSLEngine on #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost on RequestHeader set X_FORWARDED_PROTO 'https' SSLVerifyClient none SSLVerifyDepth 1 SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl # Uncomment this when upgrading to apache 2.4: # SSLCARevocationCheck chain RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_CERT "" Allow from none Deny from all Allow from all SSLVerifyClient require RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" ``` For Apache, epp goes to port 700. Be sure to update paths to match your system configuration. /etc/apache2/sites-enabled/epp.conf short example: ```apache Listen 127.0.0.1:8080 ServerName your-epp-backend-domain ServerAdmin your@example.com PassengerEnabled on PassengerMinInstances 10 PassengerMaxPoolSize 10 PassengerPoolIdleTime 0 PassengerMaxRequests 1000 PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini" PassengerRuby "/home/registry/.rbenv/shims/ruby" RailsEnv production # or staging DocumentRoot "/home/registry/registry/public" # Possible values include: debug, info, notice, warn, error, crit, LogLevel info ErrorLog "/var/log/apache2/eppback.error.log" CustomLog "/var/log/apache2/eppback.access.log" combined Options +FollowSymLinks -Indexes AllowOverride None Order allow,deny Allow from all Options -MultiViews -Indexes AllowOverride all Listen 700 SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem SSLCARevocationPath /home/registry/registry/shared/ca/crl # Uncomment this when upgrading to apache 2.4: # SSLCARevocationCheck chain RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" EPPEngine On EPPCommandRoot /proxy/command EPPSessionRoot /proxy/session EPPErrorRoot /proxy/error EPPRawFrame raw_frame ProxyPass /proxy/ http://localhost:8080/epp/ EPPAuthURI implicit EPPReturncodeHeader X-EPP-Returncode ``` Enable epp_ssl and restart apache sudo a2ensite epp_ssl sudo service apache2 restart Now you should see registry admin at https://your-domain All registry demo data can be found at: db/seeds.rb Initially you can use two type of users: admin users and EPP users. ### Wkhtmltopdf setup ``` sudo apt-get install libxext-dev libxrender1 fontconfig ``` ### Certificates setup * [Certificates setup](/doc/certificates.md) ### Deployment * [Application build and update](/doc/application_build_doc.md) * [Registry que server](/doc/que/README.md) ### Autotesting * [Testing](/doc/testing.md) ### Travis CI * Travis is configured to build against master and staging branches by default. * Notification emails are sent to committer by default. ### EPP web client Please follow EPP web client readme: https://github.com/internetee/EPP-web-client ### WHOIS server Please follow WHOIS server readme: https://github.com/internetee/whois