apt install -y curl software-properties-common ufw
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/nginx-mainline
apt update
apt install -y bzip2 certbot composer git net-tools nginx php8.2 php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-imagick php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-soap php8.2-xml python3-certbot-nginx unzip wget whoisEdit the PHP Configuration Files:
nano /etc/php/8.2/cli/php.ini
nano /etc/php/8.2/fpm/php.iniLocate or add these lines in php.ini, also replace example.com with your registrar domain name:
opcache.enable=1
opcache.enable_cli=1
opcache.jit_buffer_size=100M
opcache.jit=1255
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = "Strict"
session.cookie_domain = example.comIn /etc/php/8.2/mods-available/opcache.ini make one additional change:
opcache.jit=1255
opcache.jit_buffer_size=100MAfter configuring PHP, restart the service to apply changes:
systemctl restart php8.2-fpmReplace %%DOMAIN%% with your actual domain.
- Edit and save the provided configuration as
/etc/nginx/sites-available/fossbilling.conf:
server {
listen 80;
server_name %%DOMAIN%%;
return 301 https://%%DOMAIN%%/request_uri/;
}
server {
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/%%DOMAIN%%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%%DOMAIN%%/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
set $root_path '%%SOURCE_PATH%%';
server_name %%DOMAIN%%;
index index.php;
root $root_path;
try_files $uri $uri/ @rewrite;
sendfile off;
include /etc/nginx/mime.types;
# Block access to sensitive files and return 404 to make it indistinguishable from a missing file
location ~* .(ini|sh|inc|bak|twig|sql)$ {
return 404;
}
# Block access to hidden files except .well-known
location ~ /\.(?!well-known\/) {
return 404;
}
# Disable PHP execution in /uploads
location ~* /uploads/.*\.php$ {
return 404;
}
# Deny access to /data
location ~* /data/ {
return 404;
}
location @rewrite {
rewrite ^/page/(.*)$ /index.php?_url=/custompages/$1;
rewrite ^/(.*)$ /index.php?_url=/$1;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass need to be changed according your server setup:
# phpx.x is your server setup
# examples: /var/run/phpx.x-fpm.sock, /var/run/php/phpx.x-fpm.sock or /run/php/phpx.x-fpm.sock are all valid options
# Or even localhost:port (Default 9000 will work fine)
# Please check your server setup
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
include fastcgi_params;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires off;
}
}- Edit and save the provided configuration as
/etc/nginx/sites-available/rdap.conf:
server {
listen 80;
listen [::]:80;
server_name rdap.%%DOMAIN%%;
location / {
proxy_pass http://127.0.0.1:7500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name rdap.%%DOMAIN%%;
ssl_certificate /etc/letsencrypt/live/%%DOMAIN%%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%%DOMAIN%%/privkey.pem;
location / {
proxy_pass http://127.0.0.1:7500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}- Create symbolic links:
ln -s /etc/nginx/sites-available/fossbilling.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/rdap.conf /etc/nginx/sites-enabled/- Remove the default configuration if exists:
rm /etc/nginx/sites-enabled/default- Obtain SSL certificate with Certbot:
Replace %%DOMAIN%% with your actual domain:
systemctl stop nginx
certbot certonly -d %%DOMAIN%% -d rdap.%%DOMAIN%%
certbot --nginx -d %%DOMAIN%% -d rdap.%%DOMAIN%%Choose reinstall on the last option.
- Enable and restart Nginx:
systemctl enable nginx
systemctl restart nginxcurl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'Place the following in /etc/apt/sources.list.d/mariadb.sources:
# MariaDB 10.11 repository list - created 2023-12-02 22:16 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/10.11/ubuntu
URIs: https://mirrors.chroot.ro/mariadb/repo/10.11/ubuntu
Suites: jammy
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgpThen execute the following commands:
apt update
apt install -y mariadb-client mariadb-server php8.2-mysql
mysql_secure_installation- Access MariaDB:
mysql -u root -p- Execute the following queries:
CREATE DATABASE registrar;
CREATE USER 'registraruser'@'localhost' IDENTIFIED BY 'RANDOM_STRONG_PASSWORD';
GRANT ALL PRIVILEGES ON registrar.* TO 'registraruser'@'localhost';
FLUSH PRIVILEGES;Replace registraruser with your desired username and RANDOM_STRONG_PASSWORD with a secure password of your choice.
wget "http://www.adminer.org/latest.php" -O /var/www/adm.phpcd /tmp
wget https://fossbilling.org/downloads/stable -O fossbilling.zip
unzip fossbilling.zip -d /var/wwwchmod -R 755 /var/www/config-sample.php
chmod -R 755 /var/www/data/cache
chown www-data:www-data /var/www/data/cache
chmod -R 755 /var/www/data/log
chown www-data:www-data /var/www/data/log
chmod -R 755 /var/www/data/uploads
chown www-data:www-data /var/www/data/uploads
chown www-data:www-data /var/wwwProceed with the installation as prompted on https://%%DOMAIN%%. If the installer stops without any feedback, navigate to https://%%DOMAIN%%/admin in your web browser and try to log in.
Clone the tide theme repository:
git clone https://github.com/getpinga/tide /var/www/themes/tide
chmod 755 /var/www/themes/tide/assets
chmod 755 /var/www/themes/tide/config/settings_data.json
chown www-data:www-data /var/www/themes/tide/assets
chown www-data:www-data /var/www/themes/tide/config/settings_data.jsonActivate the Tide theme from the admin panel, System -> Settings -> Theme, by clicking on "Set as default".
For each registry you support, you will need to install a FOSSBilling EPP-RFC extension.
Navigate to https://github.com/getpinga/fossbilling-epp-rfc and follow the installation instructions specific to each registry.
To execute the required OT&E tests by various registries, you can use our Tembo client at https://github.com/getpinga/tembo
To offer DNS hosting to your customers, you will need to install the FOSSBilling DNS Hosting extension.
Navigate to https://github.com/getnamingo/fossbilling-dns and follow the installation instructions.
Ensure you make all contact details/profile mandatory for your users within the FOSSBilling settings or configuration.
Clone the repository to your system:
git clone https://github.com/getnamingo/registrar /opt/registrarcd /opt/registrar/whois/port43
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate database details and preferences as required.
Copy whois.service to /etc/systemd/system/. Change only User and Group lines to your user and group.
systemctl daemon-reload
systemctl start whois.service
systemctl enable whois.serviceAfter that you can manage WHOIS via systemctl as any other service.
cd /opt/registrar/rdap
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate database details and preferences as required.
Copy rdap.service to /etc/systemd/system/. Change only User and Group lines to your user and group.
systemctl daemon-reload
systemctl start rdap.service
systemctl enable rdap.serviceAfter that you can manage RDAP via systemctl as any other service.
cd /opt/registrar/automation
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate preferences as required.
Download and initiate the escrow RDE client setup:
wget https://team-escrow.gitlab.io/escrow-rde-client/releases/escrow-rde-client-v2.1.1-linux_x86_64.tar.gz
tar -xzf escrow-rde-client-v2.1.1-linux_x86_64.tar.gz
./escrow-rde-client -iEdit the generated configuration file with the required details. Once ready, enable running the escrow client in /opt/registrar/automation/escrow.php.
Once you have successfully configured all automation scripts, you are ready to initiate the automation system. Proceed by adding the following cron job to the system crontab using crontab -e:
* * * * * /usr/bin/php8.2 /opt/registrar/automation/cron.php 1>> /dev/null 2>&1mv /opt/registrar/patches/validate.php /var/www/validate.php-
You will need to link to various ICANN documents in your footer, and also provide your terms and conditions and privacy policy.
-
In your contact page, you will need to list all company details, including registration number and name of CEO.
-
Use the example WHOIS/RDAP web client in
/opt/registrar/whois/webfor your registrar website. -
The files
/opt/registrar/patches/validation_email.phpand/opt/registrar/patches/tmch.phpare to be integrated with your workflow. -
Some manual tune-in is still required in various parts.