This page covers comprehensive configuration steps for Poweradmin deployments including database setup, PowerDNS integration, authentication methods, and advanced settings.
The main Poweradmin configuration file is located at:
/var/www/poweradmin/config.inc.php
For Docker deployments, configuration is typically managed via environment variables.
Poweradmin requires its own database for storing user accounts, permissions, and application settings.
<?php
$poweradmin_db_host = 'localhost';
$poweradmin_db_port = '3306';
$poweradmin_db_name = 'poweradmin';
$poweradmin_db_user = 'poweradmin';
$poweradmin_db_pass = 'your_secure_password';
$poweradmin_db_type = 'mysql';
?>
<?php
$poweradmin_db_host = 'localhost';
$poweradmin_db_port = '5432';
$poweradmin_db_name = 'poweradmin';
$poweradmin_db_user = 'poweradmin';
$poweradmin_db_pass = 'your_secure_password';
$poweradmin_db_type = 'pgsql';
?>
<?php
$poweradmin_db_type = 'sqlite';
$poweradmin_db_file = '/var/lib/poweradmin/poweradmin.sqlite';
?>
Poweradmin can connect to PowerDNS via database or API (recommended for DNSSEC).
Direct database access to PowerDNS zone data:
<?php
// PowerDNS Database Settings
$pdns_db_host = 'localhost';
$pdns_db_port = '3306';
$pdns_db_name = 'pdns';
$pdns_db_user = 'pdns';
$pdns_db_pass = 'your_pdns_db_password';
$pdns_db_type = 'mysql';
?>
API access provides better DNSSEC support and follows modern practices:
<?php
// PowerDNS API Settings
$api_access_key = 'your_secure_api_key_here';
$api_protocol = 'http'; // or 'https'
$api_host = '127.0.0.1';
$api_port = '8081';
$api_timeout = 10;
?>
PowerDNS Configuration (/etc/powerdns/pdns.conf):
# Enable API
api=yes
api-key=your_secure_api_key_here
# Enable webserver
webserver=yes
webserver-address=127.0.0.1
webserver-port=8081
webserver-password=your_web_password
# Optional: Restrict API to localhost
allow-axfr-ips=127.0.0.1
Restart PowerDNS after configuration changes:
sudo systemctl restart pdns
Default authentication using Poweradmin’s database:
<?php
$session_timeout = 3600; // Session timeout in seconds (1 hour)
$password_hash_algo = PASSWORD_DEFAULT; // Use PHP's default hashing
$password_hash_cost = 12; // Bcrypt cost factor
?>
Configure LDAP for centralized user management:
<?php
// LDAP Server Settings
$ldap_host = 'ldap.example.com';
$ldap_port = 389; // or 636 for LDAPS
$ldap_version = 3;
$ldap_starttls = false; // Set true to use STARTTLS
// LDAP Bind Settings
$ldap_bind_dn = 'cn=admin,dc=example,dc=com';
$ldap_bind_password = 'ldap_admin_password';
// LDAP User Search
$ldap_base_dn = 'dc=example,dc=com';
$ldap_user_filter = '(uid=%s)';
$ldap_user_attribute = 'uid';
// LDAP Group Settings (Optional)
$ldap_group_enabled = true;
$ldap_group_base_dn = 'ou=groups,dc=example,dc=com';
$ldap_group_filter = '(&(objectClass=groupOfNames)(member=%dn%))';
$ldap_group_admin = 'cn=poweradmin-admins,ou=groups,dc=example,dc=com';
$ldap_group_user = 'cn=poweradmin-users,ou=groups,dc=example,dc=com';
?>
LDAP with Active Directory:
<?php
$ldap_host = 'ad.example.com';
$ldap_base_dn = 'DC=example,DC=com';
$ldap_user_filter = '(sAMAccountName=%s)';
$ldap_user_attribute = 'sAMAccountName';
?>
Configure SAML for SSO integration:
<?php
$saml_enabled = true;
$saml_sp_entity_id = 'https://dns-admin.example.com/saml/metadata';
$saml_idp_entity_id = 'https://idp.example.com/saml';
$saml_idp_sso_url = 'https://idp.example.com/saml/sso';
$saml_idp_slo_url = 'https://idp.example.com/saml/slo';
$saml_idp_x509_cert = '/etc/poweradmin/saml/idp.crt';
$saml_sp_x509_cert = '/etc/poweradmin/saml/sp.crt';
$saml_sp_private_key = '/etc/poweradmin/saml/sp.key';
// Attribute mapping
$saml_attribute_username = 'uid';
$saml_attribute_email = 'mail';
$saml_attribute_fullname = 'displayName';
?>
Configure OpenID Connect authentication:
<?php
$oidc_enabled = true;
$oidc_issuer_url = 'https://auth.example.com';
$oidc_client_id = 'poweradmin-client';
$oidc_client_secret = 'your_oidc_client_secret';
$oidc_redirect_uri = 'https://dns-admin.example.com/oidc/callback';
$oidc_scopes = 'openid profile email';
// Attribute mapping
$oidc_attribute_username = 'preferred_username';
$oidc_attribute_email = 'email';
$oidc_attribute_fullname = 'name';
?>
Enable TOTP-based two-factor authentication:
<?php
$mfa_enabled = true;
$mfa_required_for_roles = ['admin', 'superuser'];
$mfa_trusted_devices = true;
$mfa_trusted_device_lifetime = 2592000; // 30 days in seconds
?>
<?php
// Session configuration
$session_timeout = 3600; // 1 hour
$session_secure = true; // Only send cookies over HTTPS
$session_httponly = true; // Prevent JavaScript access
$session_samesite = 'Strict'; // CSRF protection
// Password policy
$password_min_length = 12;
$password_require_uppercase = true;
$password_require_lowercase = true;
$password_require_numbers = true;
$password_require_special = true;
$password_history_count = 5; // Remember last 5 passwords
$password_max_age = 7776000; // 90 days in seconds
?>
<?php
// Allowed IP ranges (optional)
$allowed_ips = [
'10.0.0.0/8',
'172.16.0.0/12',
'192.168.0.0/16',
];
// Rate limiting
$rate_limit_enabled = true;
$rate_limit_requests = 100; // requests per minute
$rate_limit_window = 60; // window in seconds
?>
When behind a reverse proxy:
<?php
$trusted_proxies = [
'10.0.0.0/8',
'172.16.0.0/12',
'192.168.0.0/16',
];
$trusted_headers = ['X-Forwarded-For', 'X-Forwarded-Proto', 'X-Forwarded-Host'];
?>
<?php
$default_soa_name = 'a.misconfigured.dns.server.example.com';
$default_soa_mail = 'hostmaster.example.com';
$default_soa_refresh = 3600;
$default_soa_retry = 600;
$default_soa_expire = 604800;
$default_soa_default_ttl = 3600;
?>
Define templates for common zone types:
<?php
$zone_templates = [
'default' => [
'SOA' => [
'name' => '@',
'content' => 'a.misconfigured.dns.server.example.com hostmaster.example.com 1',
'ttl' => 3600,
],
'NS' => [
['name' => '@', 'content' => 'ns1.example.com', 'ttl' => 3600],
['name' => '@', 'content' => 'ns2.example.com', 'ttl' => 3600],
],
],
'web-hosting' => [
'A' => [
['name' => '@', 'content' => '192.0.2.1', 'ttl' => 3600],
['name' => 'www', 'content' => '192.0.2.1', 'ttl' => 3600],
],
'MX' => [
['name' => '@', 'content' => 'mail.example.com', 'ttl' => 3600, 'prio' => 10],
],
'TXT' => [
['name' => '@', 'content' => 'v=spf1 mx -all', 'ttl' => 3600],
],
],
];
?>
Control which record types users can create:
<?php
$allowed_record_types = [
'A', 'AAAA', 'CNAME', 'MX', 'NS', 'TXT', 'SRV', 'CAA', 'PTR',
];
$restricted_record_types = [
'SOA', // Only admins can modify SOA
];
?>
Enable DNSSEC management features:
<?php
$dnssec_enabled = true;
$dnssec_algorithm = 13; // ECDSAP256SHA256
$dnssec_keys_size = 256;
$dnssec_propagation_delay = 60; // seconds
?>
<?php
$log_enabled = true;
$log_level = 'INFO'; // DEBUG, INFO, WARNING, ERROR, CRITICAL
$log_file = '/var/log/poweradmin/poweradmin.log';
$log_syslog = true;
$log_syslog_facility = LOG_USER;
// Log rotation
$log_max_files = 10;
$log_max_size = '10M';
?>
<?php
$audit_enabled = true;
$audit_log_zone_changes = true;
$audit_log_user_changes = true;
$audit_log_login_attempts = true;
$audit_retention_days = 365;
?>
Poweradmin provides a RESTful API for automation:
<?php
$api_enabled = true;
$api_authentication = 'session'; // session, api_key, or both
$api_rate_limit = 1000; // requests per hour
$api_allowed_ips = ['127.0.0.1', '10.0.0.0/8'];
?>
Example API Usage:
# Get all zones
curl -H "X-API-Key: your_api_key" \
http://dns-admin.example.com/api/v1/zones
# Create a zone
curl -X POST \
-H "X-API-Key: your_api_key" \
-H "Content-Type: application/json" \
-d '{"name": "example.com", "type": "master"}' \
http://dns-admin.example.com/api/v1/zones
<?php
// Database connection pooling
$db_persistent = true;
$db_connection_timeout = 5;
// Query caching
$query_cache_enabled = true;
$query_cache_ttl = 300; // seconds
?>
<?php
// Enable caching
$cache_enabled = true;
$cache_driver = 'redis'; // file, memcached, or redis
$cache_ttl = 300; // seconds
// Redis settings
$redis_host = '127.0.0.1';
$redis_port = 6379;
$redis_password = '';
$redis_database = 0;
// Memcached settings
$memcached_host = '127.0.0.1';
$memcached_port = 11211;
?>
<?php
$environment = 'development';
$debug_enabled = true;
$error_reporting = E_ALL;
$display_errors = true;
$log_level = 'DEBUG';
?>
<?php
$environment = 'production';
$debug_enabled = false;
$error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT;
$display_errors = false;
$log_level = 'WARNING';
$session_secure = true;
?>
Here’s a complete production configuration:
<?php
/**
* Poweradmin Configuration
* Production Environment
*/
// Database Configuration
$poweradmin_db_host = 'localhost';
$poweradmin_db_port = '3306';
$poweradmin_db_name = 'poweradmin';
$poweradmin_db_user = 'poweradmin';
$poweradmin_db_pass = getenv('POWERADMIN_DB_PASSWORD');
$poweradmin_db_type = 'mysql';
// PowerDNS API Configuration
$api_access_key = getenv('PDNS_API_KEY');
$api_protocol = 'https';
$api_host = '127.0.0.1';
$api_port = '8081';
$api_timeout = 10;
// Security Settings
$session_timeout = 3600;
$session_secure = true;
$session_httponly = true;
$session_samesite = 'Strict';
$password_min_length = 12;
$password_require_uppercase = true;
$password_require_lowercase = true;
$password_require_numbers = true;
$password_require_special = true;
$password_max_age = 7776000;
// Trusted Proxies
$trusted_proxies = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'];
// Logging
$log_enabled = true;
$log_level = 'INFO';
$log_file = '/var/log/poweradmin/poweradmin.log';
$audit_enabled = true;
$audit_retention_days = 365;
// Performance
$cache_enabled = true;
$cache_driver = 'redis';
$cache_ttl = 300;
// Environment
$environment = 'production';
$debug_enabled = false;
?>
After updating configuration:
Restart web server:
sudo systemctl restart apache2 # or nginx
Clear cache (if enabled):
sudo rm -rf /var/www/poweradmin/var/cache/*
Verify configuration:
# Check syntax
php -l /var/www/poweradmin/config.inc.php
# Test database connection
mysql -u poweradmin -p -e "SELECT 1" poweradmin
Test your configuration:
# Test PowerDNS API
curl -H "X-API-Key: $PDNS_API_KEY" \
http://127.0.0.1:8081/api/v1/servers/localhost/zones
Cannot connect to database
mysql -u poweradmin -p poweradminsudo systemctl status mysqlPowerDNS zones not showing
curl -H "X-API-Key: key" http://127.0.0.1:8081/api/v1/servers/localhostLogin fails with LDAP
ldapsearch -H ldap://ldap.example.com -b "dc=example,dc=com"Session timeout too short
$session_timeout valueFine-tuning Poweradmin for your environment? We offer configuration reviews, performance tuning, and custom feature implementations. Contact our team at office@linux-server-admin.com or visit our contact page.