smbind-ng/INSTALL.md

# SMBind-ng Installation Guide
v0.91c

## Requirements
 * Any kind of webserver with php usage abilities (tested on apache2, lighttpd,
   nginx)
 * php interpreter (5.3 or greater - tested on 5.3)
 * php modules
  * one of mysql, pgsql
  * mdb2
  * mdb2 sql drivers (tested on mysql)
  * cgi
 * smarty (version 2 or newer - tested on v2 and v3)
 * bind (9.3 or newer for dnssec abilities)
 * dnssec-tools (optional for securing dns zones)
 * acl (optional for securing dns zones)
 * SQL server (tested on MySQL)

## Installation

### Bind
Set up your bind, and configure it to access other masters and enable zone
transfer for its slaves.

### SMBind-ng PHP code
Unpack contents to somewhere on your server (eg. /var/www/html/smbind-ng) and
setup your virtual server to access by default the *index.php*.

Create the following directories beside the *index.php* and make it writable by
current webserver user:  
   *tmp*  
   *templates_c*
   
All other directories and files can be write protected.

### Configuration directories and files
1. Create a subdirectory with full permission to user of your webserver for
keeping your zones. You need to make it readable for bind. eg.  
   */etc/smbind-ng*  
   Recommended solution: owner of directory let the root user and bind group,
webserver user let the member of the bind group, and the directory let writable
by owned group.
2. Create a file with same permissions in this directory for saving zone
definitions - eg.  
   *touch smbind-ng.conf.*
3. Create a subdirectory for keeping zone files with write permissions by 
www-data and bind group.

### Modify bind configuration
On your bind options set this folder to use with *directory* option and
*managed-keys* option (folder created at the step 3 above).  
Include the master configuration files into your bind config - what created at 
the step 2.

Restart your bind daemon.

#### *Under bind9.9 or later only*
You need to add your options the  
  *masterfile-format text;*  
line, because these versions keep the zone files as binary format, and you
couldn't preview the slave zones as human readable.

Restart your bind daemon

### Database
Create a database user with full permission to access a non existing database
with any name.  
Log in your database server with that user, and create an empty database.
Take the initial database dump, and load it to this schema with this newly
created user.  
*mysql.sql* is for MySQL, *pgsql.sql* is for PostrgeSQL eg. for MySQL:  
   *mysql -h yourserver -u youruser -pYourP@ssW0rd yourdb <mysql.sql*

### Setup the PHP app
See configuration parameters below

### DNSSEC related options

#### Bind options
In your bind configuration set the following options:

*dnssec-enable yes;*  
*dnssec-validation auto;*  
*dnssec-lookaside auto;*

And then restart your bind daemon.

#### Roller daemon
Create a directory for keeping file of roller daemon, and add write permissions
for the webserver user group. eg.

*setfacl -b /etc/rollrecdir*  
*setfacl -m 'www-data:rwx' /etc/rollrecdir*  

Set up this directory for roller daemon to use this directory for rolling zones.
eg. in your /etc/default/rollerd file use similar option with this:

*DAEMON_OPTS="-rrfile /etc/smbind-ng/rollrec/zones.rollrec"*

And then reload your roller daemon.

## Configuration parameters
The application has a *config.php* file in the *config* directory of the root
of your SMBind-ng webapp directory.

Format: $_CONF['variablename'] = value;

Variables (mark **bold** for the required parameters):

**db_type** - Type of the database (eg. 'mysql')  
**db_user** - Name of the owner of database schema (eg. 'smbind')  
**db_pass** - Password of the user above  
db_host - Resolvable name or IP address of the database host (default:
'localhost')  
db_port - Port number of the database server (default: 3306 or 5432 depends on
db_type)  
**db_db** - Name of the database schema  
**smarty_path** - Place of the smarty installation  
**peardb_path** - place of your PEAR db  
tmp_path - Path of your tmp directory (default: install path/tmp)  
roller_conf - Path of your roller daemon config (configured in DAEMON_OPTS).
Required for DNSSEC abilities.  
isdnssec - enable or disable DNSSEC abilities (true/false)  
recaptcha - enable or disable recaptcha at login screen (true/false)  
rc_pubkey - Your public recaptha key (required for recaptcha)  
rc_privkey - Your private recaptcha key (required for recaptcha)  
nocaptcha - Array of your recaptcha whitelist. If you do not want to recaptcha
when you access the webapp from specified hosts, you need to set up their IP
addresses as followings:  
*array(  
'1.2.3.4',  
'2.3.4.5',  
);*  
title - Title string at the top of your SMBind-ng screen (eg. 'My DNS zones')  
footer - Footer string at the bottom of your SMBind-ng screen (eg. 'Company
Name')  
staticdomain - If you want to access your static files (.css and .js) through
other virtual host, then you need to configure it in your webserver, and just
set it (eg. 'static.mydnsservice.local'). There are only two static files in
your SMBind-ng installation, so I think you don't really need this - but who
knows?  
template - .css and .js name in static directory. The default values is
*default*  
path - Where you store your zonefiles. Default: */etc/smbind-ng/zones/*  
conf - Your included config file. Default: */etc/smbind-ng/smbind-ng.conf*  
namedcheckconf - Place of your binary. Default if found: */usr/sbin/named-
checkconf*  
namedcheckzone - Place of your binary. Default if found: */usr/sbin/named-
checkzone*  
rndc - Place of your binary. Default if found: */usr/sbin/rndc*  
zonesigner - Place of your binary. Default if found: */usr/sbin/zonesigner*  
rollinit - Place of your binary. Default if found: */usr/sbin/rollinit*  
dig - Place of your binary. Default if found: */usr/bin/dig*  

## Access your admin application

http(s)://your.virtualhost.here/path

Global admin username: **admin**  
Initial password: **SMBind-ng2016**