opennic:setup:webminbind:debian9u0webmin1u9base

LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
opennic:setup:webminbind:debian9u0webmin1u9base [2020-03-26T13:05:45Z]
fouroh-llc
opennic:setup:webminbind:debian9u0webmin1u9base [2020-03-27T11:44:12Z] (current)
fouroh-llc
Line 1: Line 1:
-===== Debian 9 with Webmin 1.9xx Fresh Install ===== +===== Fresh Install ===== 
-Again, please make sure you install from within Webmin (Un-used Modules) then Refresh Modules to move the BIND link under ServersThis is the default screen.+This page includes a very brief overview of Webmin module screens, before turning the instance into a Tier-2 service stackThe page is going to grow and expand as feedback comes in for better, more detailed explanationsIf you are already familiar with Webmin, or you do not wish to use it you may skip this page entirely. 
 {{:opennic:setup:webminbind:base-001.png|The newly installed Webmin BIND module}} {{:opennic:setup:webminbind:base-001.png|The newly installed Webmin BIND module}}
 In the upper left corner the icon that looks like a gear is the Module Config. In the upper right corner the icon looks like a "Play" button starts the service. When you configure RDC a "Refresh" button is added. Do not yet start it, but lets look at its home directory. In the upper left corner the icon that looks like a gear is the Module Config. In the upper right corner the icon looks like a "Play" button starts the service. When you configure RDC a "Refresh" button is added. Do not yet start it, but lets look at its home directory.
Line 15: Line 16:
  
 Use the listed above to plan and test your capacity to recover from errors, attacks or even from ransomware. These are very basic, simple measures to keep your service stacks functional. Use the listed above to plan and test your capacity to recover from errors, attacks or even from ransomware. These are very basic, simple measures to keep your service stacks functional.
 +
 +{{:opennic:setup:webminbind:base-010.png|Webmin Filesystem Backup with scheduling}}
 +Linode backups and restores never fail, but they replace your ENTIRE instance.
  
 {{:opennic:setup:webminbind:base-003.png|Webmin Filesystem Backup with scheduling}} {{:opennic:setup:webminbind:base-003.png|Webmin Filesystem Backup with scheduling}}
-The Webmin screen to schedule and create compressed archives of the filesystem.+Webmin allows scheduling and creating compressed archives of targeted part of your instance.
  
 +{{:opennic:setup:webminbind:base-004.png|Save and restore copies of your on-line backup}}
 +Recover from off-line backup in case of sustained attack going back for weeks or months.
  
-=== Zone Defaults === +==== User Management ==== 
-This configures the default options for master zones, and some of the defaults should be set as shown: +User management from the shell is expanded by Webmin several ways. The most advanced is Usermin via LDAPwhich is not really necessary on single instances. However, using the Webmin Users and Groups modules is necessary to allow login via Webmin - otherwise the user is limited to ssh login only. Also on production servers Webmin shall not be installed to reduce the number of software exploits
-{{:opennic:setup:webminbind:base-004.png|Default for Master Zones}}+
  
-What is not shown depends on your installationThe screenshot shows the current host name which you should ignore. Instead enter the FQDN of your name server, NSx.YOURDOMAIN.TLD or NSx.SUBDOMAIN.YOURDOMAIN.TLD. Consequently the //Default email address// should correspond the same way (admin@yourdomain.tld), although this is not a standards requirement by RFCs.+{{:opennic:setup:webminbind:base-005.png|Extended functionally for UNIX Users and Groups by Webmin}} 
 +Webmin Users and Groups control access to Modules but the UNIX user must also exist.
  
-The DNSSEC settings are set to the largest-size keys as all other are very much discounted these daysYou may set it higher, but only if OpenNIC recommends it.+==== Module Management ==== 
 +These should be the IP4 addresses of the OpenNIC Tier-2sNormally you use Google's 8.8.8.8 here, but if you enter only that this name-server is NOT going to function. Also note - this is different from the settings of your VPS network, which SHOULD use Google's.
  
-I leave the transfer and query settings to be managed by each zone and leave them here blank default.+{{:opennic:setup:webminbind:base-006.png|The DNS Administrator login}} 
 +The DNS administrator has full access to the DNS module and a few others like backup/restore and download/upload.
  
-=== Forwarding and Transfers === +==== Network Security ==== 
-These should be the IP4 addresses of the OpenNIC Tier-2sNormally you use Google's 8.8.8.8 herebut if you enter only that this name-server is NOT going to functionAlso note this is different from the settings of your VPS network, which SHOULD use Google's. +Debian does not assume anything about the purpose of the system, it does not install or configure additional software, and it does not start services by default//iptables// is an exception to this, it is installed by defaultHoweverit is not configured and it is not started. If you have installed a firewall software such as FirewallD iptables is going to be started and managed by that software. 
-=== DNSSEC Initialization === + 
-Access both screens, and set as you wish. Webmin fully automates the re-signing process, and the default 21 days is acceptable.+{{:opennic:setup:webminbind:base-007.png|Firewall is not configured by default}} 
 +If you start iptables with a wrong configuration you might lose access to your instance! 
 + 
 +==== Webmin Modules ==== 
 +Some modules in Webmin are matured and well-rounded - the BIND module, for example. Some are obsolete, no longer maintained, and these days they are only included for backwards compatibility - such as the Jabber IM ServerSome are mature and install from within Webmin, some needs to be installed from the shell and tell Webmin to look for them "Refresh Modules".  
 + 
 +{{:opennic:setup:webminbind:base-008.png|Module installation}} 
 +Webmin has good support for FirewallD - but it must be installed from the shell.
  
-=== Module Config === +==== Logging ==== 
-Finally, click on the gear in the upper left corner, and change from the defaults:+Webmin provides access to several logging facilitieswith management for logging added for BIND and for Webmin.
  
-{{:opennic:setup:webminbind:base-005.png|Module Configuration - Part 1}} +{{:opennic:setup:webminbind:base-009.png|The standard UNIX logs }} 
-If you want to run under chroot set it here.\\  +Security starts with these logs, as nearly all attacks leave some clues in these logs.
-If reverse zone is REQUIRED leave it, otherwise set to NO.\\  +
-More to come later+
  
-{{:opennic:setup:webminbind:base-006.png|Module Configuration - Part 2}} +==== Conclusion ==== 
-More to come later+You may write your own scripts and use a tool such as Ansible to do more, better than what Webmin does. However, Webmin makes your instances much friendlier inside an environment without Information Technology professionals expert with GNU/Linux. On a factory floor, for example, Webmin is able to serve engineers, managers, production workers with much less training than full-featured but more complex tools.
  
-{{:opennic:setup:webminbind:base-007.png|Module Configuration - Part 3}} 
-More to come later 
  
-//NOTE: Editing of this page is suspended until information for a production server becomes available.// 
  
  
  • /wiki/data/attic/opennic/setup/webminbind/debian9u0webmin1u9base.1585227945.txt.gz
  • Last modified: 19 months ago
  • by fouroh-llc