apt install -y curl software-properties-common ufw
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/nginx-mainline
apt update
apt install -y bzip2 certbot composer git net-tools nginx php8.2 php8.2-bz2 php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-imagick php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-soap php8.2-xml python3-certbot-nginx unzip wget whoisEdit the PHP Configuration Files:
nano /etc/php/8.2/cli/php.ini
nano /etc/php/8.2/fpm/php.iniLocate or add these lines in php.ini, also replace example.com with your registrar domain name:
opcache.enable=1
opcache.enable_cli=1
opcache.jit_buffer_size=100M
opcache.jit=1255
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = "Strict"
session.cookie_domain = example.comIn /etc/php/8.2/mods-available/opcache.ini make one additional change:
opcache.jit=1255
opcache.jit_buffer_size=100MAfter configuring PHP, restart the service to apply changes:
systemctl restart php8.2-fpmReplace %%DOMAIN%% with your actual domain.
- Edit and save the provided configuration as
/etc/nginx/sites-available/fossbilling.conf:
server {
listen 80;
server_name %%DOMAIN%%;
return 301 https://%%DOMAIN%%/request_uri/;
}
server {
listen 443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/%%DOMAIN%%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%%DOMAIN%%/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
set $root_path '%%SOURCE_PATH%%';
server_name %%DOMAIN%%;
index index.php;
root $root_path;
try_files $uri $uri/ @rewrite;
sendfile off;
include /etc/nginx/mime.types;
# Block access to sensitive files and return 404 to make it indistinguishable from a missing file
location ~* .(ini|sh|inc|bak|twig|sql)$ {
return 404;
}
# Block access to hidden files except .well-known
location ~ /\.(?!well-known\/) {
return 404;
}
# Disable PHP execution in /uploads
location ~* /uploads/.*\.php$ {
return 404;
}
# Deny access to /data
location ~* /data/ {
return 404;
}
location @rewrite {
rewrite ^/page/(.*)$ /index.php?_url=/custompages/$1;
rewrite ^/(.*)$ /index.php?_url=/$1;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass need to be changed according your server setup:
# phpx.x is your server setup
# examples: /var/run/phpx.x-fpm.sock, /var/run/php/phpx.x-fpm.sock or /run/php/phpx.x-fpm.sock are all valid options
# Or even localhost:port (Default 9000 will work fine)
# Please check your server setup
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
include fastcgi_params;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires off;
}
}- Edit and save the provided configuration as
/etc/nginx/sites-available/rdap.conf:
server {
listen 80;
listen [::]:80;
server_name rdap.%%DOMAIN%%;
location / {
proxy_pass http://127.0.0.1:7500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Add CORS headers
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type";
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name rdap.%%DOMAIN%%;
ssl_certificate /etc/letsencrypt/live/%%DOMAIN%%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%%DOMAIN%%/privkey.pem;
location / {
proxy_pass http://127.0.0.1:7500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Add CORS headers
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type";
}
}- Create symbolic links:
ln -s /etc/nginx/sites-available/fossbilling.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/rdap.conf /etc/nginx/sites-enabled/- Remove the default configuration if exists:
rm /etc/nginx/sites-enabled/default- Obtain SSL certificate with Certbot:
Replace %%DOMAIN%% with your actual domain:
systemctl stop nginx
certbot certonly -d %%DOMAIN%% -d rdap.%%DOMAIN%%
certbot --nginx -d %%DOMAIN%% -d rdap.%%DOMAIN%%Choose reinstall on the last option.
- Enable and restart Nginx:
systemctl enable nginx
systemctl restart nginxcurl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'Place the following in /etc/apt/sources.list.d/mariadb.sources:
# MariaDB 10.11 repository list - created 2023-12-02 22:16 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/10.11/ubuntu
URIs: https://mirrors.chroot.ro/mariadb/repo/10.11/ubuntu
Suites: jammy
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgpThen execute the following commands:
apt update
apt install -y mariadb-client mariadb-server php8.2-mysql
mysql_secure_installation- Access MariaDB:
mysql -u root -p- Execute the following queries:
CREATE DATABASE registrar;
CREATE USER 'registraruser'@'localhost' IDENTIFIED BY 'RANDOM_STRONG_PASSWORD';
GRANT ALL PRIVILEGES ON registrar.* TO 'registraruser'@'localhost';
FLUSH PRIVILEGES;Replace registraruser with your desired username and RANDOM_STRONG_PASSWORD with a secure password of your choice.
wget "http://www.adminer.org/latest.php" -O /var/www/adm.phpcd /tmp
wget https://fossbilling.org/downloads/stable -O fossbilling.zip
unzip fossbilling.zip -d /var/wwwchmod -R 755 /var/www/config-sample.php
chmod -R 755 /var/www/data/cache
chown www-data:www-data /var/www/data/cache
chmod -R 755 /var/www/data/log
chown www-data:www-data /var/www/data/log
chmod -R 755 /var/www/data/uploads
chown www-data:www-data /var/www/data/uploads
chown -R www-data:www-data /var/wwwProceed with the installation as prompted on https://%%DOMAIN%%. If the installer stops without any feedback, navigate to https://%%DOMAIN%%/admin in your web browser and try to log in.
Clone the tide theme repository:
git clone https://github.com/getpinga/tide /var/www/themes/tide
chmod 755 /var/www/themes/tide/assets
chmod 755 /var/www/themes/tide/config/settings_data.json
chown www-data:www-data /var/www/themes/tide/assets
chown www-data:www-data /var/www/themes/tide/config/settings_data.jsonActivate the Tide theme from the admin panel, System -> Settings -> Theme, by clicking on "Set as default".
Ensure you make all contact details/profile mandatory for your users within the FOSSBilling settings or configuration.
Clone the repository to your system:
git clone https://github.com/getnamingo/registrar /opt/registrarcd /opt/registrar/whois
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate database details and preferences as required.
Copy whois.service to /etc/systemd/system/. Change only User and Group lines to your user and group.
systemctl daemon-reload
systemctl start whois.service
systemctl enable whois.serviceAfter that you can manage WHOIS via systemctl as any other service.
cd /opt/registrar/rdap
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate database details and preferences as required.
Copy rdap.service to /etc/systemd/system/. Change only User and Group lines to your user and group.
systemctl daemon-reload
systemctl start rdap.service
systemctl enable rdap.serviceAfter that you can manage RDAP via systemctl as any other service.
cd /opt/registrar/automation
composer install
mv config.php.dist config.phpEdit the config.php with the appropriate preferences as required.
Download and initiate the escrow RDE client setup:
wget https://team-escrow.gitlab.io/escrow-rde-client/releases/escrow-rde-client-v2.2.0-linux_x86_64.tar.gz
tar -xzf escrow-rde-client-v2.2.0-linux_x86_64.tar.gz
./escrow-rde-client -iEdit the generated configuration file with the required details. Once ready, enable running the escrow client in /opt/registrar/automation/escrow.php.
Once you have successfully configured all automation scripts, you are ready to initiate the automation system. Proceed by adding the following cron job to the system crontab using crontab -e:
* * * * * /usr/bin/php8.2 /opt/registrar/automation/cron.php 1>> /dev/null 2>&1git clone https://github.com/getnamingo/fossbilling-validation
mv fossbilling-validation/Validation /var/www/modules/- Go to Extensions > Overview in the admin panel and activate "Domain Contact Verification".
git clone https://github.com/getnamingo/fossbilling-tmch
mv fossbilling-tmch/Tmch /var/www/modules/-
Go to Extensions > Overview in the admin panel and activate "TMCH Claims Notice Support".
-
Still this needs to be integrated with your workflow.
git clone https://github.com/getnamingo/fossbilling-whois
mv fossbilling-whois/Whois /var/www/modules/
mv fossbilling-whois/check.php /var/www/-
Go to Extensions > Overview in the admin panel and activate "WHOIS & RDAP Client".
-
Edit the
/var/www/check.phpfile and set your WHOIS and RDAP server URLs by replacing the placeholder values with your actual server addresses.
git clone https://github.com/getnamingo/fossbilling-contact
mv fossbilling-contact/Contact /var/www/modules/- Go to Extensions > Overview in the admin panel and activate "Domain Registrant Contact".
For each registry you support, you will need to install a FOSSBilling EPP extension.
Navigate to https://github.com/getpinga/fossbilling-epp-rfc and follow the installation instructions specific to each registry.
Navigate to https://github.com/getnamingo/fossbilling-epp-verisign and follow the installation instructions.
To execute the required OT&E tests by various registries, you can use our Tembo client at https://github.com/getpinga/tembo
To offer DNS hosting to your customers, you will need to install the FOSSBilling DNS Hosting extension.
Navigate to https://github.com/getnamingo/fossbilling-dns and follow the installation instructions.
-
You will need to link to various ICANN documents in your footer, and also provide your terms and conditions and privacy policy.
-
In your contact page, you will need to list all company details, including registration number and name of CEO.
-
Some manual tune-in is still required in various parts.
To ensure the safety and availability of your data in Namingo, it's crucial to set up and verify automated backups. Begin by editing the backup.json file in the automation directory, where you'll input your database details. Ensure that the details for the database are accurately entered in two specified locations within the backup.json file.
Additionally, check that the cronjob for PHPBU is correctly scheduled on your server cron.php, as this automates the backup process. You can verify this by reviewing your server's cronjob list. These steps are vital to maintain regular, secure backups of your system, safeguarding against data loss and ensuring business continuity.