zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-27 04:58:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
TLD Management Software
11335 commits 300 branches 269 tags 144 MiB
Find a file
oleghasjanov a11c0fca2d fix: handle HTTPClient::KeepAliveDisconnected in OrgRegistrantPhoneCheckerJob 
This commit implements a reliable connection error handling solution for the
Company Register API integration. The job previously failed when connection
errors occurred without proper recovery mechanisms.
The implementation:
Adds a lightweight Retryable module with configurable retry logic
Implements smart caching of API responses (1 day expiration)
Handles common network errors like KeepAliveDisconnected and timeouts
Provides a fallback mechanism when all retry attempts fail
Ensures test reliability with cache-skipping in test environment
Testing:
Added specific tests for both recovery and fallback scenarios
Verified cache behavior in production and test environments
Resolves connection errors observed in production logs without adding
unnecessary complexity to the codebase.
2025-03-06 11:38:09 +02:00
.github/workflows chore(deps): update actions/upload-artifact action to v4.6.0 2025-01-11 01:42:48 +00:00
app fix: handle HTTPClient::KeepAliveDisconnected in OrgRegistrantPhoneCheckerJob 2025-03-06 11:38:09 +02:00
bin Revert unnessecary updates to binaries 2020-04-15 13:02:57 +03:00
certs fix: handle missing force_delete_start date 2025-02-21 10:40:39 +02:00
config Refactor force delete notifications and improve status handling 2025-02-17 12:31:51 +02:00
db feat: Add admin contacts validation settings migration 2025-02-04 11:47:41 +02:00
doc Update certificates.md 2023-11-20 14:28:52 +02:00
lib Merge pull request #2717 from internetee/fix-poll-message-to-invalid-company-ident 2024-12-31 10:54:43 +02:00
public Story#115147999 - set mina script 2016-03-09 13:16:13 +02:00
test fix: handle HTTPClient::KeepAliveDisconnected in OrgRegistrantPhoneCheckerJob 2025-03-06 11:38:09 +02:00
vendor/assets Use wkhtmltopdf-binary gem instead of bundled binary 2019-10-16 14:20:03 +03:00
.codeclimate.yml Updated .codeclimate.yml 2023-12-19 13:09:11 +02:00
.editorconfig Update .editorconfig 2019-10-22 12:02:02 +03:00
.gitignore added files to gitignore 2025-03-06 10:50:00 +02:00
.ruby-gemset Follow Rails file naming convention 2019-09-10 15:14:31 +03:00
.ruby-version Update .ruby-version 2025-01-07 12:25:51 +02:00
CHANGELOG.md Update CHANGELOG.md 2025-02-21 11:04:04 +02:00
config.ru Remove legacy que 2022-04-06 11:20:27 +03:00
Dockerfile fixed tests: updated gems; improve company register status job and test stability 2024-11-13 15:04:39 +02:00
Dockerfile.gems Preinstalled gems base image (#2208) 2021-11-11 09:48:24 +02:00
Dockerfile.generic Fix mkdir commands 2022-02-16 09:16:47 +03:00
Dockerfile.preinstalled_gems Fix mkdir commands 2022-02-16 09:16:47 +03:00
Gemfile fix: improve company registry data processing 2025-02-03 14:08:48 +02:00
Gemfile.lock commit 2025-02-05 11:26:45 +02:00
LICENSE Update LICENSE 2015-10-27 14:52:29 +02:00
Rakefile Use require_relative where possible 2020-05-29 16:28:57 +03:00
README.md Update README.md 2024-04-12 15:16:05 +03:00
renovate.json turn off automerge for renovate bot 2025-01-08 11:03:15 +02:00

README.md

Domain Registry

Maintainability Test Coverage Documentation Status

Full stack top-level domain (TLD) management.

Documentation

Installation

Registry app

Registry based on Rails 4 installation (rbenv install is under Debian build doc)

Manual demo install and database setup:

cd /home/registry
git clone git@github.com:internetee/registry.git demo-registry
cd demo-registry
rbenv local 2.2.2
bundle
cp config/application.yml.sample config/application.yml # and edit it
cp config/database.yml.sample config/database.yml # and edit it
bundle exec rake db:setup:all # for production, please follow deployment howto
bundle exec rake bootstrap
bundle exec rake assets:precompile

Apache (Debian 7/Ubuntu 14.04 LTS)

sudo apt-get install apache2

Enable ssl:

sudo a2enmod proxy_http
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
sudo a2enmod ssl
sudo nano /etc/apache2/sites-enabled/epp_ssl.conf

For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-enabled/registry.conf short example:

<VirtualHost *:443>
  ServerName your-domain
  ServerAdmin your@example.com

  PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  PassengerRuby /home/registry/.rbenv/shims/ruby
  PassengerEnabled on
  PassengerMinInstances 10
  PassengerMaxPoolSize 10
  PassengerPoolIdleTime 0
  PassengerMaxRequests 1000

  RailsEnv production # or staging
  DocumentRoot /home/registry/registry/current/public

  # Possible values include: debug, info, notice, warn, error, crit,
  LogLevel info
  ErrorLog /var/log/apache2/registry.error.log
  CustomLog /var/log/apache2/registry.access.log combined

  SSLEngine On
  SSLCertificateFile    /etc/ssl/certs/your.crt
  SSLCertificateKeyFile /etc/ssl/private/your.key
  SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
  SSLCACertificateFile /etc/ssl/certs/ca.pem

  SSLProtocol -all +TLSv1.2
  SSLHonorCipherOrder On
  SSLCompression off
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  RewriteEnginriteEngine on
  RedirectMatch ^/$ /admin
  RedirectMatch ^/login$ /admin/login

  <Directory /app/registry/registry/current/public>
      # for Apache older than version 2.4
      Allow from all

      # for Apache verison 2.4 or newer
      # Require all granted
      Options -MultiViews
  </Directory>

  <Location />
      Allow from none
      Deny from all
  </Location>

  <Location /admin>
      Allow from all
  </Location>

  <Location /assets>
      Allow from all
  </Location>
</VirtualHost>

Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follows:

<VirtualHost *:443>
  ServerName your-registrar-domain
  ServerAdmin your@example.com

  PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
  PassengerRuby /home/registry/.rbenv/shims/ruby
  PassengerEnabled on
  PassengerMinInstances 10
  PassengerMaxPoolSize 10
  PassengerPoolIdleTime 0
  PassengerMaxRequests 1000

  RailsEnv production # or staging
  DocumentRoot /home/registry/registrar/current/public

  # Possible values include: debug, info, notice, warn, error, crit,
  LogLevel info
  ErrorLog /var/log/apache2/registrar.error.log
  CustomLog /var/log/apache2/registrar.access.log combined

  SSLEngine On
  SSLCertificateFile    /etc/ssl/certs/your.crt
  SSLCertificateKeyFile /etc/ssl/private/your.key
  SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
  SSLCACertificateFile /etc/ssl/certs/ca.pem

  SSLProtocol -all +TLSv1.2
  SSLHonorCipherOrder On
  SSLCompression off
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

  RewriteEngine on
  RedirectMatch ^/$ /registrar
  RedirectMatch ^/login$ /registrar/login

  <Directory /app/registry/registrar/current/public>
      # for Apache older than version 2.4
      Allow from all

      # for Apache verison 2.4 or newer
      # Require all granted

      Options -MultiViews
  </Directory>

  <Location />
      Allow from none
      Deny from all
  </Location>

  <Location /registrar>
      Allow from all
  </Location>

  <Location /assets>
      Allow from all
  </Location>

  SSLVerifyClient none
  SSLVerifyDepth 1
  SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
  SSLCARevocationPath /home/registry/registry/shared/ca/crl
  # Uncomment in Apache 2.4
  # SSLCARevocationCheck chain

  RequestHeader set SSL_CLIENT_S_DN_CN ""
  RequestHeader set SSL_CLIENT_CERT ""
  <Location /registrar/sessions>
      SSLVerifyClient require
      RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
  </Location>

  <Location /registrar/id>
      SSLVerifyClient require
      Options Indexes FollowSymLinks MultiViews
      SSLVerifyDepth 2
      SSLOptions +StdEnvVars +ExportCertData
  </Location>
</VirtualHost>

Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as follows:

<VirtualHost *:443>
    ServerName your-registrant-domain
    ServerAdmin your@example.com

    PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
    PassengerRuby /home/registry/.rbenv/shims/ruby
    PassengerEnabled on
    PassengerMinInstances 10
    PassengerMaxPoolSize 10
    PassengerPoolIdleTime 0
    PassengerMaxRequests 1000

    RailsEnv production # or staging
    DocumentRoot /home/registry/registrant/current/public

    # Possible values include: debug, info, notice, warn, error, crit,
    LogLevel info
    ErrorLog /var/log/apache2/registrant.error.log
    CustomLog /var/log/apache2/registrant.access.log combined

    SSLEngine On
    SSLCertificateFile    /etc/ssl/certs/your.crt
    SSLCertificateKeyFile /etc/ssl/private/your.key
    SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
    SSLCACertificateFile /etc/ssl/certs/ca.pem

    SSLProtocol -all +TLSv1.2
    SSLHonorCipherOrder On
    SSLCompression off
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    RewriteEngine on
    RedirectMatch ^/$ /registrant
    RedirectMatch ^/login$ /registrant/login

    <Directory /app/registry/registrant/current/public>
        # for Apache older than version 2.4
        Allow from all

        # for Apache verison 2.4 or newer
        # Require all granted

        Options -MultiViews
    </Directory>

    <Location />
        Allow from none
        Deny from all
    </Location>

    <Location /registrant>
        Allow from all
    </Location>

    <Location /assets>
        Allow from all
    </Location>

    SSLVerifyClient none
    SSLVerifyDepth 1
    SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
    SSLCARevocationPath /home/registry/registry/shared/ca/crl
    # Uncomment in Apache 2.4
    # SSLCARevocationCheck chain

    RequestHeader set SSL_CLIENT_S_DN_CN ""
    RequestHeader set SSL_CLIENT_CERT ""
    <Location /registrant/sessions>
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>

    <Location /registrant/id>
        SSLVerifyClient require
        Options Indexes FollowSymLinks MultiViews
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData
    </Location>
</VirtualHost>

For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp.conf short example:

<VirtualHost *:443>
    ServerName your-repp-domain
    SSLEngine on
    #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPreserveHost on
    RequestHeader set X_FORWARDED_PROTO 'https'

    SSLVerifyClient none
    SSLVerifyDepth 1
    SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.crt.pem
    SSLCARevocationPath /home/registry/registry/shared/ca/crl
    # Uncomment this when upgrading to apache 2.4:
    # SSLCARevocationCheck chain

    RequestHeader set SSL_CLIENT_S_DN_CN ""
    RequestHeader set SSL_CLIENT_CERT ""

    <Location />
        Allow from none
        Deny from all
    </Location>

    <Location /repp>
        Allow from all
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>
</VirtualHost>

For Apache, epp goes to port 700. Be sure to update paths to match your system configuration. /etc/apache2/sites-enabled/epp.conf short example:

<IfModule mod_ssl.c>
    Listen 127.0.0.1:8080
    <VirtualHost 127.0.0.1:8080>
        ServerName your-epp-backend-domain
        ServerAdmin your@example.com

        PassengerEnabled on
        PassengerMinInstances 10
        PassengerMaxPoolSize 10
        PassengerPoolIdleTime 0
        PassengerMaxRequests 1000
        PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"
        PassengerRuby "/home/registry/.rbenv/shims/ruby"

        RailsEnv production # or staging
        DocumentRoot "/home/registry/registry/public"

        # Possible values include: debug, info, notice, warn, error, crit,
        LogLevel info
        ErrorLog "/var/log/apache2/eppback.error.log"
        CustomLog "/var/log/apache2/eppback.access.log" combined

        <Directory />
            Options +FollowSymLinks -Indexes
            AllowOverride None
        </Directory>

        <Directory /home/registry/registry/public>
            Order allow,deny
            Allow from all
            Options -MultiViews -Indexes
            AllowOverride all
        </Directory>
    </VirtualHost>
</IfModule>

Enable epp_ssl and restart apache

sudo a2ensite epp_ssl
sudo service apache2 restart

Now you should see registry admin at https://your-domain

All registry demo data can be found at:

db/seeds.rb

Initially you can use two type of users: admin users and EPP users.

For using EPP we are strongly recommend to install epp_proxy instead of mod_epp. You can get epp_proxy from https://github.com/internetee/epp_proxy

Wkhtmltopdf setup

sudo apt-get install libxext-dev libxrender1 fontconfig

Certificates setup

Deployment

Autotesting

Github Actions CI

  • Github Actions CI is configured to build all the PRs.

EPP web client

Please follow EPP web client readme:

https://github.com/internetee/EPP-web-client

WHOIS server

Please follow WHOIS server readme:

https://github.com/internetee/whois