SkillAgentSearch skills...

Zenaida

Open source domain registry system built on top of EPP protocol

GenerateConvertImprove

Install / Use

/learn @datahaven-net/Zenaida
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Zenaida

Open source domain registry system built on top of EPP protocol. Zenaida works as a "client" for EPP registry back-end system and provides on-line service for end-users who wish to register domains. Tested together with CoCCA backend software: https://cocca.org.nz/

Get Started

Clone project files locally. If you are running on production server please use user zenaida and run all applications on behalf of that user:

    sudo adduser zenaida
    sudo usermod -aG sudo zenaida
    sudo su zenaida
    cd ~
    git clone https://github.com/datahaven-net/zenaida.git
    cd zenaida

Install required packages:

    sudo apt-get install make python3-pip python3-dev python3-venv libpq-dev postgresql postgresql-contrib memcached uwsgi-plugins-all

Create DB and user:

    sudo su - postgres

    postgres@test:~$ psql
    psql (9.3.22)
    Type "help" for help.

    postgres=# CREATE DATABASE zenaida_db_01;
    CREATE DATABASE

    postgres=# CREATE USER zenaida_db_user WITH PASSWORD '<password>';
    CREATE ROLE

    postgres=# ALTER ROLE zenaida_db_user SET client_encoding TO 'utf8';
    ALTER ROLE

    postgres=# ALTER ROLE zenaida_db_user SET default_transaction_isolation TO 'read committed';
    ALTER ROLE

    postgres=# ALTER ROLE zenaida_db_user SET timezone TO 'UTC';
    ALTER ROLE

    postgres=# GRANT ALL PRIVILEGES ON DATABASE zenaida_db_01 TO zenaida_db_user;
    GRANT

    postgres=# GRANT ALL ON SCHEMA public TO zenaida_db_user;
    GRANT

    postgres=# ALTER DATABASE zenaida_db_01 OWNER TO zenaida_db_user;
    ALTER DATABASE

    \q
    exit

To be able to run same code on production machine as well as locally on your laptop you can use isolated development settings, configure this by setting src/main/params.py file:

    cp src/main/params_example.py src/main/params.py
    nano src/main/params.py

Set those settings in your params.py file if you starting a new production machine:

    ENV = 'production'
    DATABASES_ENGINE = 'django.db.backends.postgresql'
    DATABASES_NAME = 'zenaida_db_01'
    DATABASES_USER = 'zenaida_db_user'
    DATABASES_PASSWORD = '<password>'
    DATABASES_HOST = 'localhost'
    DATABASES_PORT = ''

To run locally you can use SQLite3:

    ENV = 'development'
    DATABASES_ENGINE = 'django.db.backends.sqlite3'
    DATABASES_NAME = 'db.sqlite'

Create virtual environement if you do not have yet:

    make venv

Run Django migrate command:

    make migrate

Run Django collectstatic command:

    make collectstatic

Create Django super user:

    make createsuperuser

Launch Django server to test the configuration:

    make runserver

Now you can navigate your browser to http://127.0.0.1:8000/ and visit Zenaida web site which is running locally.

Running on production

For production configuration you can take a look at some examples in etc/ folder.

You might want to use your own tweaks for nginx and uwsgi, so those files are just a starting point for you. Configuration here was tested on Ubuntu 18.04.1 LTS server.

First lets create a separate folder to store all interesting logs in one place and configure log rotation:

    mkdir /home/zenaida/logs/
    sudo chown www-data:zenaida -R /home/zenaida/logs/
    sudo cp etc/logrotate.d/zenaida /etc/logrotate.d/

Add www-data user to zenaida group so uwsgi process will be able to access log files created by Django:

    sudo usermod -a -G zenaida www-data

Make sure you set the correct domain name on your server:

    sudo hostname -b yourdomain.com

Install nginx if you do not have it yet installed:

    sudo apt-get install nginx

Activate nginx site configuration by creating a sym-link:

    cp etc/nginx/zenaida.example etc/nginx/zenaida
    sudo ln -s /home/zenaida/zenaida/etc/nginx/zenaida /etc/nginx/sites-enabled/
    sudo unlink /etc/nginx/sites-enabled/default

To secure your site you need to configure SSL certificate. Check etc/nginx/zenaida file to configure crtificate and key files location. Here is an example SSL config you can use to build your setup:

    ssl_certificate     /home/zenaida/ssl/zenaida.crt;
    ssl_certificate_key /home/zenaida/ssl/zenaida.key;
    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_protocols       TLSv1.1 TLSv1.2;

Now it is time to configure uwsgi in emperor mode to follow best practices. We will need one vassal to be running and serving Zenaida traffic. The main uwsgi emperor process will be starting as systemd service:

    cp etc/systemd/system/uwsgi-emperor.service.example etc/systemd/system/uwsgi-emperor.service
    sudo ln -s /home/zenaida/zenaida/etc/systemd/system/uwsgi-emperor.service /etc/systemd/system/

Now start uwsgi emperor service:

    sudo systemctl start uwsgi-emperor.service

You can always check current situation with:

    systemctl status uwsgi-emperor.service

Finally restart nginx server to make everything work end-to-end:

    sudo service nginx restart

At any moment you can gracefully respawn Zenaida process manually by "touching" zenaida.ini file:

    touch /home/zenaida/zenaida/etc/uwsgi/vassals/zenaida.ini

Your live server should be up and running now, navigate your browser to http://www.yourdomain.com

But you will need a to do a bit more configurations on Production server later on, read more about that bellow after you finish preparing other parts of the system.

Django settings

In the file src/main/params.py you will have to set few important variables. Those settings are specific for your host machine and can not be stored in the source code. Also this file is a place to store keys, passwords, etc.

Other settings in params.py file also described in that document, but here is a list of most important settings:

  • ENV = 'production' : this will identify your production machine
  • DEBUG = False : must be always False on your production machine
  • SITE_BASE_URL = 'https://yourdomain.com' : domain name of your host
  • SECRET_KEY = 'xxxx' : django key to be used to encrypt user sessions, must be 50 bytes long
  • ZENAIDA_REGISTRAR_ID = 'registrar_abc' : name of your registrar to be used to connect to CoCCA back-end
  • ZENAIDA_SUPPORTED_ZONES = ['net', 'com', 'org', ] : list of supported domain zones

Install and configure RabbitMQ

RabbitMQ is used to drive a EPP messaging queue between Zenaida host and EPP registry system.

Use Apt package manager to install RabbitMQ server on your Zenaida host:

    echo "deb https://www.rabbitmq.com/debian testing main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list
    wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
    sudo apt-get update
    sudo apt-get install rabbitmq-server
    sudo rabbitmq-plugins enable rabbitmq_management

We need to have secure way to access RabbitMQ administrator panel, so lets create a separate user account for that purpose:

    sudo rabbitmqctl add_user zenaida <password 1>
    sudo rabbitmqctl set_user_tags zenaida administrator
    sudo rabbitmqctl set_permissions -p / zenaida ".*" ".*" ".*"

Another user account we will use for EPP message queue between Zenaida and EPP registry:

    sudo rabbitmqctl add_user zenaida_epp <password 2>
    sudo rabbitmqctl set_permissions -p / zenaida_epp ".*" ".*" ".*"

Now you can navigate your web browser to RabbitMQ dashboard at http://www.yourdomain.com:15672 and login with zenaida:<password 1> administrative credentials you have just created.

You can verify permissions of RabbitMQ users - must be 3 users existing:

  • guest
  • zenaida
  • zenaida_epp

We advise you to remove "guest" user because of security concerns.

More details about RabbutMQ installation you can find here: https://www.rabbitmq.com/install-debian.html

To install RabbutMQ on MacOS refer to that page: https://www.rabbitmq.com/install-standalone-mac.html

For local development you might want to run RabbutMQ manually instead of starting it as a system service. In that case you just run a local server from Makefile and then you can open RabbitMQ dashboard at http://localhost:15672:

    make rabbitmq_server_dev

Establish connection with EPP registry

To run real-time connection between Zenaida and EPP registry system a separate process was developed which is called "EPP Gate".

Read more about how to configure it and run on your server here: https://github.com/datahaven-net/epp-python-client

See file src/main/params.example.py to find out correct fields for RPC server and client separately.

Configure Zenaida Gate as a systemd service

To be able to easily manage Zenaida Gate process on your host system you can add it to your systemd scripts.

Zenaida Gate service consist of 3 units:

  • zenaida-gate.service : service which executes RPC server and keep it running non-stop
  • zenaida-gate-watcher.service : background service which is able to "restart" zenaida-gate.service when required
  • zenaida-gate-health.path : systemd trigger which is monitoring /home/zenaida/health file for any modifications and notify zenaida-gate-watcher.service

Those three units are required to have Zenaida Gate auto-healing mechanism running all the time. When CoCCA back-end drops connection on server-side Zenaida Gate needs to be "restarted". We must re-login to be able to send EPP messages again - this is done inside RPC server and login flow will be initiated automatically.

You can configure systemd Zenaida Gate service this way:

    mkdir -p /home/zenaida/.config/systemd/user/
    cp etc/systemd/system/zenaida-gate.service.example /home/zenaida/.config/systemd/user/zenaida-gate.service
    cp etc/system

datahaven-net

View profile

View on GitHub
GitHub Stars25
CategoryDevelopment
Updated22d ago
Forks9
datahaven-net/zenaida

Languages

Python

Security Score

80/100

Audited on Mar 16, 2026

No findings