Install PowerDNS Admin on Debian 10/11

16/08/2025

2 Views 0

SaveSavedRemoved 0

Master Your DNS: A Complete Guide to Installing PowerDNS-Admin on Debian 11/10

Managing DNS records can be a complex and error-prone task when done directly from the command line. For those running the powerful PowerDNS server, a robust web interface is essential for simplifying domain and record management. PowerDNS-Admin is a feature-rich, open-source web panel that provides a user-friendly environment for managing your DNS infrastructure.

This comprehensive guide will walk you through the entire process of installing and configuring PowerDNS-Admin on a Debian 11 or Debian 10 server. We will cover everything from installing dependencies to securing the final installation with Nginx and a firewall.

Prerequisites

Before we begin, ensure you have the following in place:

A server running Debian 11 (Bullseye) or Debian 10 (Buster).
Root or sudo access to the server.
PowerDNS and its backend (e.g., MySQL/MariaDB, PostgreSQL) already installed and running.
The PowerDNS API enabled, as this is how PowerDNS-Admin communicates with the server.
A domain name pointed to your server’s IP address for accessing the web interface.

Step 1: Install System Dependencies

First, we need to prepare our system by installing all the necessary packages. This includes Python, development tools, Nginx for our web server, and other libraries required by PowerDNS-Admin.

Open your terminal and update your package list:

sudo apt update && sudo apt upgrade -y

Next, install all the required dependencies in a single command:

sudo apt install -y python3 python3-dev python3-pip python3-venv git nginx curl libssl-dev libffi-dev libmariadb-dev-compat build-essential

This command installs Python 3, its package installer (pip), virtual environment tools, Git for cloning the application, Nginx as our reverse proxy, and essential development libraries needed for compiling certain Python packages.

Step 2: Create a Dedicated Database

PowerDNS-Admin requires its own database to store user accounts, settings, and activity logs. We will use MariaDB (a popular fork of MySQL) for this task.

Create a new database, a dedicated user, and grant that user the necessary permissions. Be sure to replace your_strong_password with a secure password of your own.

CREATE DATABASE pdnsadmin_db;
CREATE USER 'pdnsadmin_user'@'localhost' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON pdnsadmin_db.* TO 'pdnsadmin_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Keep these database credentials handy, as you will need them in the next step.

Step 3: Install and Configure PowerDNS-Admin

Now we will download the PowerDNS-Admin application from its official Git repository and configure it to connect to our database and PowerDNS server.

Clone the repository into the /opt directory, a standard location for optional software:

sudo git clone https://github.com/ngoduykhanh/PowerDNS-Admin.git /opt/powerdns-admin

Navigate into the new directory:
```
cd /opt/powerdns-admin
```
Create a Python virtual environment. This is a critical best practice that isolates the application’s dependencies from the system’s global Python packages.
```
sudo python3 -m venv venv
```
Activate the virtual environment:
```
source venv/bin/activate
```
Your shell prompt should now be prefixed with (venv), indicating the environment is active.
Install the required Python packages using pip:
```
pip install -r requirements.txt
```
Copy the sample configuration file to create your own production configuration:
```
cp config_template.py production.py
```
Now, edit the new production.py file with a text editor like nano:
```
nano production.py
```
You need to update the following key settings:
- SECRET_KEY: This is used for session security. Generate a strong, random key using the following command in a separate terminal, then paste it in:
```
openssl rand -hex 16
```
- SQLALCHEMYDATABASEURI: This tells the application how to connect to the database you created earlier. Use the credentials from Step 2.
```
SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://pdnsadmin_user:your_strong_password@localhost/pdnsadmin_db'
```
- POWERDNSAPIURL: The URL of your PowerDNS server’s API.
```
POWERDNS_API_URL = 'http://127.0.0.1:8081'
```
- POWERDNSAPIKEY: The API key you configured in your PowerDNS pdns.conf file.
  python POWERDNS_API_KEY = 'your_pdns_api_key'
Save and close the file after making your changes.
With the configuration complete, apply the database schema migrations. This command sets up all the necessary tables in your database.
```
flask db upgrade
```
Deactivate the virtual environment for now:
```
deactivate
```

Step 4: Set Up Gunicorn and a Systemd Service

While you can run the application directly, the professional way to deploy it is using a production-grade web server gateway like Gunicorn. We will then create a systemd service to manage Gunicorn, ensuring PowerDNS-Admin starts automatically on boot and runs reliably in the background.

Create a systemd service file:

sudo nano /etc/systemd/system/powerdns-admin.service

Paste the following configuration into the file. This defines how the service should run, pointing to the virtual environment and Gunicorn executable.

[Unit]
Description=PowerDNS-Admin
After=network.target

[Service]
User=www-data
Group=www-data
WorkingDirectory=/opt/powerdns-admin
ExecStart=/opt/powerdns-admin/venv/bin/gunicorn --workers 3 --bind unix:powerdns-admin.sock -m 007 wsgi:app
Restart=always

[Install]
WantedBy=multi-user.target

Reload the systemd daemon, then enable and start your new service:

sudo systemctl daemon-reload
sudo systemctl enable powerdns-admin
sudo systemctl start powerdns-admin

Check the service status to ensure it’s running without errors:
```
sudo systemctl status powerdns-admin
```
You should see an “active (running)” status.

Step 5: Configure Nginx as a Reverse Proxy

Our application is now running and listening on a local socket. The final step is to configure Nginx to act as a reverse proxy. This means Nginx will handle incoming web traffic on ports 80 and 443 and forward it securely to the Gunicorn application.

Create a new Nginx server block configuration file:

sudo nano /etc/nginx/sites-available/powerdns-admin

Paste the following configuration, replacing your_domain.com with your actual domain name.

server {
    listen 80;
    server_name your_domain.com;location / {
    include proxy_params;
    proxy_pass http://unix:/opt/powerdns-admin/powerdns-admin.sock;
}
}

Enable the new site by creating a symbolic link to the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/powerdns-admin /etc/nginx/sites-enabled/

Test the Nginx configuration for syntax errors:
```
sudo nginx -t
```
If the test is successful, restart Nginx to apply the changes:
```
sudo systemctl restart nginx
```

At this point, you should be able to navigate to http://your_domain.com in your web browser and see the PowerDNS-Admin login page.

Security Best Practices

Your installation is functional, but you should take these final steps to secure it:

Configure the Firewall: Use UFW (Uncomplicated Firewall) to restrict access to only the necessary ports.
```
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
```
Enable HTTPS with Let’s Encrypt: Never run a web application without SSL/TLS encryption. The easiest way to get a free SSL certificate is with Certbot.
bash sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d your_domain.com
Follow the on-screen prompts, and Certbot will automatically obtain a certificate and configure Nginx to use it, redirecting all HTTP traffic to HTTPS.

You now have a fully functional, secure, and production-ready PowerDNS-Admin installation. You can log in, create user accounts, and begin managing your DNS zones through its intuitive web interface.

Source: https://kifarunix.com/easily-install-powerdns-admin-on-debian-11-debian-10/