mirror of https://github.com/internetee/registry.git synced 2025-05-17 17:59:47 +02:00

TLD Management Software

Find a file

Matt Farnsworth 51a5798914 Story #109367018 - add new model to handle domain values are changing, and need to be captured now, not later New model will provide data to DomainMailer customized as needed for the invocation reason as passed via symbol to send_mail(). The mail templetes then required modification to use the new data model. This should handle all the data errors in the update process, including pendingUpdate, confirmed, rejected or expired.		2015-12-16 20:37:21 +02:00
app	Story #109367018 - add new model to handle domain values are changing, and need to be captured now, not later	2015-12-16 20:37:21 +02:00
bin	Updated robot tests to honor struture sql #2751	2015-07-03 13:45:52 +03:00
config	Story #109367018 - poll_pending_update_rejected_by_registrant typo	2015-12-16 20:37:21 +02:00
db	Story#109070142 - Nameservers ip's are arrays	2015-11-30 20:10:08 +02:00
doc	Update contact.md	2015-12-03 18:07:04 +02:00
lib	Story#109362984 - converter to update punycodes in domain history	2015-12-08 11:10:25 +02:00
public	recompile assets	2015-10-28 08:43:24 +02:00
spec	Story#107821878 - pending_deleted gets new registrant_id too	2015-11-30 15:37:17 +02:00
vendor	Update wkhtml	2015-04-21 16:34:48 +03:00
.agignore	Add .agignore	2015-10-27 16:12:41 +02:00
.dockerignore	Added Dockerfile with some small updates	2014-09-22 09:15:16 +03:00
.gitignore	Merge: new branch 104525314 from more recent master, merge changes	2015-10-26 19:09:33 +02:00
.rubocop-guard.yml	added rubocop exceptions during guard runs	2014-10-09 13:52:28 +03:00
.rubocop.yml	Ignore deploy-example file from rubocop	2015-07-21 17:38:48 +03:00
.ruby-gemset	Ruby version and gemset	2014-06-10 11:32:00 +03:00
.ruby-version	updated ruby version	2015-05-12 10:27:31 +03:00
.spring.rb	Move spring conf under conf dir #2711	2015-06-26 16:57:06 +03:00
.travis.yml	Travis update, test only selected branches	2015-09-04 17:59:24 +03:00
CHANGELOG.md	Allow invalid ident update #2859	2015-09-23 12:34:18 +03:00
config.ru	Turn automatic que temp off #2724	2015-06-19 19:42:10 +03:00
Dockerfile	Added mina deploy	2014-09-22 13:07:26 +03:00
Gemfile	Merge branch 'staging' of github.com:internetee/registry into staging	2015-11-17 16:51:46 +02:00
Gemfile.lock	merge has removed Gemfile.lock	2015-11-18 10:30:55 +02:00
Guardfile	Cleaned up rspec create settings and refactored whois_record	2015-04-30 18:34:49 +03:00
LICENSE	Update LICENSE	2015-10-27 14:52:29 +02:00
Rakefile	rails new	2014-06-10 11:43:04 +03:00
README.md	Added que init script #2724	2015-07-01 14:13:17 +03:00

README.md

Domain Registry

Full stack top-level domain (TLD) management.

Documentation
Installation
Deployment
Autotesting

Documentation

Updating documentation

AUTODOC=true rspec spec/requests
EPP_DOC=true rspec spec/epp --tag epp --require support/epp_doc.rb --format EppDoc > doc/epp-examples.md

Installation

Registry app

Registry based on Rails 4 installation (rbenv install is under Debian build doc)

Manual demo install and database setup:

cd /home/registry
git clone git@github.com:internetee/registry.git demo-registry
cd demo-registry
rbenv local 2.2.2
bundle
cp config/application-example.yml config/application.yml # and edit it
cp config/database-example.yml config/database.yml # and edit it
bundle exec rake db:all:setup # for production, please follow deployment howto
bundle exec rake assets:precompile

Apache with patched mod_epp (Debian 7/Ubuntu 14.04 LTS)

sudo apt-get install apache2

sudo apt-get install apache2-threaded-dev     # needed to compile mod_epp
wget sourceforge.net/projects/aepps/files/mod_epp/1.10/mod_epp-1.10.tar.gz
tar -xzvf mod_epp-1.10.tar.gz
cd mod_epp-1.10

Patch mod_epp for Rack. Beacause Rack multipart parser expects specifically formatted content boundaries, the mod_epp needs to be modified before building:

wget https://github.com/internetee/registry/raw/master/doc/patches/mod_epp_1.10-rack-friendly.patch
wget https://raw.githubusercontent.com/domify/registry/master/doc/patches/mod_epp_1.10-frame-size.patch
patch < mod_epp_1.10-rack-friendly.patch
patch < mod_epp_1.10-frame-size.patch
sudo apxs2 -a -c -i mod_epp.c

Enable ssl:

sudo a2enmod proxy_http
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
sudo a2enmod ssl
sudo nano /etc/apache2/sites-enabled/epp_ssl.conf

For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-enabled/registry.conf short example:

<VirtualHost *:443>
  ServerName your-domain
  ServerAdmin your@example.com

  PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  PassengerRuby /home/registry/.rbenv/shims/ruby
  PassengerEnabled on
  PassengerMinInstances 10
  PassengerMaxPoolSize 10
  PassengerPoolIdleTime 0
  PassengerMaxRequests 1000

  RailsEnv production # or staging
  DocumentRoot /home/registry/registry/current/public

  # Possible values include: debug, info, notice, warn, error, crit,
  LogLevel info
  ErrorLog /var/log/apache2/registry.error.log
  CustomLog /var/log/apache2/registry.access.log combined

  SSLEngine On
  SSLCertificateFile    /etc/ssl/certs/your.crt
  SSLCertificateKeyFile /etc/ssl/private/your.key
  SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
  SSLCACertificateFile /etc/ssl/certs/ca.pem

  SSLProtocol -all +TLSv1.2
  SSLHonorCipherOrder On
  SSLCompression off
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  RewriteEnginriteEngine on
  RedirectMatch ^/$ /admin
  RedirectMatch ^/login$ /admin/login

  <Directory /app/registry/registry/current/public>
      # for Apache older than version 2.4
      Allow from all

      # for Apache verison 2.4 or newer
      # Require all granted
      Options -MultiViews
  </Directory>

  <Location />
      Allow from none
      Deny from all
  </Location>

  <Location /admin>
      Allow from all
  </Location>

  <Location /assets>
      Allow from all
  </Location>
</VirtualHost>

Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follows:

<VirtualHost *:443>
  ServerName your-registrar-domain
  ServerAdmin your@example.com

  PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  PassengerRuby /home/registry/.rbenv/shims/ruby
  PassengerEnabled on
  PassengerMinInstances 10
  PassengerMaxPoolSize 10
  PassengerPoolIdleTime 0
  PassengerMaxRequests 1000

  RailsEnv production # or staging
  DocumentRoot /home/registry/registrar/current/public

  # Possible values include: debug, info, notice, warn, error, crit,
  LogLevel info
  ErrorLog /var/log/apache2/registrar.error.log
  CustomLog /var/log/apache2/registrar.access.log combined

  SSLEngine On
  SSLCertificateFile    /etc/ssl/certs/your.crt
  SSLCertificateKeyFile /etc/ssl/private/your.key
  SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
  SSLCACertificateFile /etc/ssl/certs/ca.pem

  SSLProtocol -all +TLSv1.2
  SSLHonorCipherOrder On
  SSLCompression off
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  RewriteEngine on
  RedirectMatch ^/$ /registrar
  RedirectMatch ^/login$ /registrar/login

  <Directory /app/registry/registrar/current/public>
      # for Apache older than version 2.4
      Allow from all

      # for Apache verison 2.4 or newer
      # Require all granted
  
      Options -MultiViews
  </Directory>

  <Location />
      Allow from none
      Deny from all
  </Location>

  <Location /registrar>
      Allow from all
  </Location>

  <Location /assets>
      Allow from all
  </Location>

  SSLVerifyClient none
  SSLVerifyDepth 1
  SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
  SSLCARevocationPath /home/registry/registry/shared/ca/crl
  # Uncomment in Apache 2.4
  # SSLCARevocationCheck chain

  RequestHeader set SSL_CLIENT_S_DN_CN ""
  RequestHeader set SSL_CLIENT_CERT ""
  <Location /registrar/sessions>
      SSLVerifyClient require
      RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
  </Location>

  <Location /registrar/id>
      SSLVerifyClient require
      Options Indexes FollowSymLinks MultiViews
      SSLVerifyDepth 2
      SSLOptions +StdEnvVars +ExportCertData
  </Location>
</VirtualHost>

Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as follows:

<VirtualHost *:443>
    ServerName your-registrant-domain
    ServerAdmin your@example.com

    PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
    PassengerRuby /home/registry/.rbenv/shims/ruby
    PassengerEnabled on
    PassengerMinInstances 10
    PassengerMaxPoolSize 10
    PassengerPoolIdleTime 0
    PassengerMaxRequests 1000

    RailsEnv production # or staging
    DocumentRoot /home/registry/registrant/current/public

    # Possible values include: debug, info, notice, warn, error, crit,
    LogLevel info
    ErrorLog /var/log/apache2/registrant.error.log
    CustomLog /var/log/apache2/registrant.access.log combined

    SSLEngine On
    SSLCertificateFile    /etc/ssl/certs/your.crt
    SSLCertificateKeyFile /etc/ssl/private/your.key
    SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
    SSLCACertificateFile /etc/ssl/certs/ca.pem

    SSLProtocol -all +TLSv1.2
    SSLHonorCipherOrder On
    SSLCompression off
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    RewriteEngine on
    RedirectMatch ^/$ /registrant
    RedirectMatch ^/login$ /registrant/login

    <Directory /app/registry/registrant/current/public>
        # for Apache older than version 2.4
        Allow from all

        # for Apache verison 2.4 or newer
        # Require all granted
  
        Options -MultiViews
    </Directory>

    <Location />
        Allow from none
        Deny from all
    </Location>
  
    <Location /registrant>
        Allow from all
    </Location>
  
    <Location /assets>
        Allow from all
    </Location>

    SSLVerifyClient none
    SSLVerifyDepth 1
    SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
    SSLCARevocationPath /home/registry/registry/shared/ca/crl
    # Uncomment in Apache 2.4
    # SSLCARevocationCheck chain

    RequestHeader set SSL_CLIENT_S_DN_CN ""
    RequestHeader set SSL_CLIENT_CERT ""
    <Location /registrant/sessions>
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>

    <Location /registrant/id>
        SSLVerifyClient require
        Options Indexes FollowSymLinks MultiViews
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData
    </Location>
</VirtualHost>

For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp.conf short example:

<VirtualHost *:443>
    ServerName your-repp-domain
    SSLEngine on
    #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPreserveHost on
    RequestHeader set X_FORWARDED_PROTO 'https'

    SSLVerifyClient none
    SSLVerifyDepth 1
    SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
    SSLCARevocationPath /home/registry/registry/shared/ca/crl
    SSLCARevocationCheck chain

    RequestHeader set SSL_CLIENT_S_DN_CN ""
    RequestHeader set SSL_CLIENT_CERT ""

    <Location />
        Allow from none
        Deny from all
    </Location>

    <Location /repp>
        Allow from all
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>
</VirtualHost>

For Apache, epp goes to port 700.
Be sure to update paths to match your system configuration.
/etc/apache2/sites-enabled/epp.conf short example:

<IfModule mod_epp.c>
    Listen 700
    <VirtualHost *:700>
      SSLEngine on
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /etc/apache2/ssl/apache.crt
      SSLCertificateKeyFile /etc/apache2/ssl/apache.key

      SSLVerifyClient require
      SSLVerifyDepth 1
      SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
      SSLCARevocationPath /home/registry/registry/shared/ca/crl
      # Uncomment this when upgrading to apache 2.4:
      # SSLCARevocationCheck chain

      RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"

      EPPEngine On
      EPPCommandRoot          /proxy/command
      EPPSessionRoot          /proxy/session
      EPPErrorRoot            /proxy/error
      EPPRawFrame             raw_frame
    
      ProxyPass /proxy/ http://localhost:8080/epp/

      EPPAuthURI              implicit
      EPPReturncodeHeader     X-EPP-Returncode
    </VirtualHost>
</IfModule>

Enable epp_ssl and restart apache

sudo a2ensite epp_ssl
sudo service apache2 restart

Now you should see registry admin at https://your-domain

All registry demo data can be found at:

db/seeds.rb

Initially you can use two type of users: admin users and EPP users.

Wkhtmltopdf setup

sudo apt-get install libxext-dev libxrender1 fontconfig

Certificates setup

Certificates setup

Deployment

Autotesting

Testing

EPP web client

Please follow EPP web client readme:

https://github.com/internetee/EPP-web-client

WHOIS server

Please follow WHOIS server readme:

https://github.com/internetee/whois

Code Status

Alpha release status, only model tests: