Enabling Remote Access to MySQL /MariaDB Database for Importing Data

By default remote access to MYSQL databases are disabled. This will cause a problem when you want to import data from an older version of Watch My Domains SED to the current version.

These are the basic minimum steps required required to enable remote access. Additional steps may be required to make this work on your server if there are other security measures (enabling port access, changing firewall settings, etc.).

How to Enable Remote Access

There are two basic steps required to enable remote access.

The first step is changing the bind-address to the IP address of the server running MySQL. This is done by editing my.cnf file and setting

bind-address    = x.x.x.x

Make sure that you set x.x.x.x to the MySQL server’s IP address. Restart the mysql server after doing this.

The second step is creating a user who can connect from your remote address. This is done by connecting to the mysql server using

mysql -u root -p

Provide the password when prompted. Now run

 GRANT ALL ON wmdsed.* TO wmdsedimport@'y.y.y.y' IDENTIFIED BY 'secretpassword' 

Change wmdsed to the database name and secretpassword to your password. The IP address y.y.y.y should be set to your remote address (the IP you will connect from and where the new version of Watch My Domains is installed). We are also creating a new user called wmdsedimport just to import the data into the new version of Watch My Domains SED.

Testing

From the server that has Watch My Domains SED installed, run

mysql -h x.x.x.x  -u wmdsedimport -p

Replace x.x.x.x with the IP address of the mysql server and when prompted, provide the password you created in step-2 above.

If the connection works, you are in business.

Importing Data

Now create a data provider profile in Watch My Domains SED v4 and specify the proper credentials like user name (wmdsedimport), the newly created password, the hostname (where older database is, x.x.x.x or the corresponding FQDN) etc.

Watch My Domains SED API and PHP session id

This is a quick tip for using the Watch My Domains SED API from a PHP script. Remember that this has security implications because a session id will be passed as a URL parameter. You should restrict access to the modified script and use it only within intranet.

The stateful API exposed by Watch My Domains SED v4 allows creating your own customized web interface using Javascript and HTML. However it is not suitable for easily and quickly obtaining information using, for example, a PHP script.

This problem can be fixed by making the PHP script use it’s own session id, allowing you to authenticate and then call any API query to get / set the required information.

The first step to enable this is to make a copy of the api.php file in the root installation folder and save it to another name, say myapi.php. Then open myapi.php and add something similar to this

if(isset($_REQUEST['seid'])) {
     $seid = $_REQUEST['seid'];
     // add code here to ensure that $seid has only valid chars
     session_id($seid);
}

at the top, before the…

require 'lib/php/loader.php';

You may want to change the parameter from ‘seid’ to something else. You can also add some code that checks $_SERVER[‘REMOTE_ADDR’] and allows access from only specific IP addresses.

Important: Do not change or modify the original api.php file.

In your PHP script to get or set information using the API you should now use myapi.php instead of api.php. You should also pass a session id (created using session_create_id) to myapi.php as a parameter (seid or whatever you named it).

$seid = session_create_id('nxert-');
$url = "https://labs.softnik.com/wmdsed4/myapi.php?seid=$seid";

Desktop Software, Registrar APIs and Whitelisting IP Addresses

Many registrar APIs require that you whitelist the IP addresses from which you connect. This is a problem if your ISP provides only dynamic IPs. Every time you want to import data from a registrar you will have to find your current IP address, add it at the registrar and wait for it to be whitelisted. At some registrars the whitelisting could take upto 30 minutes.

The solution

You can use your website to host an opensource registrar API script from CodePunch Solutions and then use it from Domain Punch Pro and Watch My Domains to fix this problem permanently. Your website will have a permanent IP address and you can easily whitelist it at your registrar.

Download and install the whois api client script on your web server and white-list your web server IP address at the registrar. Then specify the URL to the web client as shown in the screen-shot above. Include the required authentication parameter (&k=xxxx or ?k=xxxx) as part of the URL.

Coming Soon: REST API for Watch My Domains SED

We will be releasing a complete RESTful API for Watch My Domains SED Professional Edition and above. This will be in addition to current Stateful API available for all editions.

The REST API will support alternate authentication for API users and will be useful for creating your own configuration and setup interface independent of the normal application interface.

We expect to make this available in early February.

Watch My Domains SED Report Viewer and the Days To Expiry Column

The report viewer in Watch My Domains SED has a user configurable column called ‘Days’. This has been a subject of confusion at times.

The ‘Days’ column refers to ‘days to nearest expiry’. This data can change for the same domain based on the other columns in the report.

Contents of ReportContents of ‘Days’ Column
Contains SSL Expiry Date ColumnDays to SSL Expiry
Contains Domain Registry Expiry DateDays to Registry Expiry
Contains Domain Registrar Expiry Date Days to Registrar Expiry
Contains Domain Registrar Expiry and Registry Expiry DatesDays to nearest Expiry Date (Registry / Registrar Expiry Date whichever occurs first)
Contains SSL, Domain Registrar Expiry and Registry Expiry Dates Days to nearest Expiry Date (Registry / Registrar /SSL Expiry Date whichever occurs first)

Secondary Domains and Watch My Domains SED

Some secondary domains like yourdomain.uk.com will not get added to Watch My Domains SED v4 by default. This is because the application will assume that you want to add UK.COM and that the yourdomain part is a subdomain (which it really is).

In such cases you can force add the domains by wrapping them in square brackets ([]). For example,

[abcd.uk.com]
[domain.bd.com]

You can also make some changes to the domain suffix list in Watch My Domains SED to permanently support such domains.

The public suffix list is used by Watch My Domains to properly identify the effective / registered domain name. You can acces this from the administrive settings panels.

After you add these second level domains (uk.com, bd.com, etc) your entries will be parsed as you want them to be. You can also verify the parser by typing in your test entries under the ‘Test Domain Parser’ box.

CentOS 7, SELinux and Watch My Domains SED

Installing Watch My Domains SED on a CentOS system with SELinux (Security-Enhanced Linux) enabled often requires some extra work.

The Log Folder

Watch My Domains SED requires that the log folder is writable by apache. For this to work you will have to properly set the security context and ownership for the folder.

By default the log folder is at the root of the base installation. If you are installing the application at /var/www/html/wmdsed40, the log folder will be /var/www/html/wmdsed40/logs. You can ofcourse change the location of the log folder by editing the config.php file.

To make the log folder writable you will have to run

chown apache:apache /var/www/html/wmdsed40/logs
chcon -t httpd_sys_rw_content_t /var/www/html/wmdsed40/logs -R

The first command will set the owner of the folder to apache and the second will set the security context so that the folder is readable and writable by apache.

If you set the log folder outside of wmdsed40, you will also need to set httpd_sys_content_t for it.

Changing DocumentRoot

Installing the application to a folder different from the default /var/www/html requires more changes. For example, to install to /home/wmdsed/wmdsed40 you would do…

chcon -R --reference=/var/www/html/ /home/wmdsed/wmdsed40 
chcon -R -t httpd_sys_content_t /home/wmdsed/wmdsed40/ 
semanage fcontext -a -t httpd_sys_content_t "/home/wmdsed/wmdsed40(/.*)?" 
setsebool -P httpd_enable_homedirs true 
chmod 755 /home/wmdsed/wmdsed40

You will have to edit /etc/httpd/httpd.conf and change the DocumentRoot settings. You should also make the log folder writable by apache as mentioned in the previous section.

Net_DNS2

It is a good idea to install Net_DNS2 so that advanced DNS monitoring is possible. You can do this by installing php-pear.

yum -y install php-pear 
pear install Net_DNS2

Setup Cron

Though this is not related to SELinux or CentOS, remember to setup the cron immediately after you install the application. This is essential for the default tables to get initialized.

Verify Installation

You can run the basic diagnostic tool by opening

https://<installpath>/verify.php

in your browser. For example, if your installation is at example.com/wmdsed40, you should open

https://example.com/wmdsed40/verify.php

Upgrading Hosted & Managed Versions of Watch My Domains SED

If you are currently using the hosted and managed versions of Watch My Domains SED v3, you should consider contacting us to schedule an upgrade to the current v4.

Upgrading will be painless because you will have access to the old and new versions and we will take down the old installation only after you have confirmed that it is okay to do so.

The new installation will have all your domains, custom data columns (plus data) and your categories intact. You will need to recreate your users and assign access rights. You will also need to configure the reports and scheduled emails. This is not complicated because you can do this easily from the user interface.

What’s New in Watch My Domains SED v4

Before scheduling an upgrade you should fix a date and time after which you will stop making any additions to your current version 3 installation. Then contact us for setting up the new version.