Docker Test Container For Watch My Domains SED v4

CodePunch Solutions have published a set of simple docker files that will allow you to quickly spin up a test container for Watch My Domains SED v4 on Mac OS X or Windows desktop.

This requires a working installation of Docker Desktop in your system. You should then clone or downlod the docker files from github to get started.

Download Required Docker Files

Clone the project into a convenient folder (or download the ZIP from githuib and unzip into a folder) and then edit docker-compose.yml to change the MySQL root and user passwords. You may also change the port from 8000 to whatever you want to use.

Edit wmdsed4/config.php to change the MySQL user password to the same one you setup in the YML file. While there, change the setup user name and password ($db_config_setup_name, $db_config_setup_password) too.

Open a terminal (in Mac) or Windows command-line and change to the docker-wmdsed4 directory. Now run

docker-compose build

followed by

docker-compose up -d

wait for the containers to spin up and then open http://localhost:8000 in your browser. There will be a short delay before the Watch My Domains application starts up for the first time. Use the setup username and password you specified in the config.php file to login.

Notes

This is purely for a quick test of Watch My Domains SED, don’t use in a production environment unless:

  1. Physical or remote access to your system is restricted AND
  2. You really know what you are doing

The application will be run without SSL. You can modify the docker file (wmdsed4/Dockerfile) to include SSL support and access the application over SSL.

The database files are stored in a host folder (wmdsed4/mysql), so you can safely stop the containers without losing data.

This doesn’t include any of the application files. The evaluation version of Watch My Domains SED is downloaded from domainpunch.com when you build the container.

Enabling Remote Access to MySQL /MariaDB Database for Importing Data

By default remote access to MYSQL databases are disabled. This will cause a problem when you want to import data from an older version of Watch My Domains SED to the current version.

These are the basic minimum steps required required to enable remote access. Additional steps may be required to make this work on your server if there are other security measures (enabling port access, changing firewall settings, etc.).

How to Enable Remote Access

There are two basic steps required to enable remote access.

The first step is changing the bind-address to the IP address of the server running MySQL. This is done by editing my.cnf file and setting

bind-address    = x.x.x.x

Make sure that you set x.x.x.x to the MySQL server’s IP address. Restart the mysql server after doing this.

The second step is creating a user who can connect from your remote address. This is done by connecting to the mysql server using

mysql -u root -p

Provide the password when prompted. Now run

 GRANT ALL ON wmdsed.* TO wmdsedimport@'y.y.y.y' IDENTIFIED BY 'secretpassword' 

Change wmdsed to the database name and secretpassword to your password. The IP address y.y.y.y should be set to your remote address (the IP you will connect from and where the new version of Watch My Domains is installed). We are also creating a new user called wmdsedimport just to import the data into the new version of Watch My Domains SED.

Testing

From the server that has Watch My Domains SED installed, run

mysql -h x.x.x.x  -u wmdsedimport -p

Replace x.x.x.x with the IP address of the mysql server and when prompted, provide the password you created in step-2 above.

If the connection works, you are in business.

Importing Data

Now create a data provider profile in Watch My Domains SED v4 and specify the proper credentials like user name (wmdsedimport), the newly created password, the hostname (where older database is, x.x.x.x or the corresponding FQDN) etc.

Watch My Domains SED API and PHP session id

This is a quick tip for using the Watch My Domains SED API from a PHP script. Remember that this has security implications because a session id will be passed as a URL parameter. You should restrict access to the modified script and use it only within intranet.

The stateful API exposed by Watch My Domains SED v4 allows creating your own customized web interface using Javascript and HTML. However it is not suitable for easily and quickly obtaining information using, for example, a PHP script.

This problem can be fixed by making the PHP script use it’s own session id, allowing you to authenticate and then call any API query to get / set the required information.

The first step to enable this is to make a copy of the api.php file in the root installation folder and save it to another name, say myapi.php. Then open myapi.php and add something similar to this

if(isset($_REQUEST['seid'])) {
     $seid = $_REQUEST['seid'];
     // add code here to ensure that $seid has only valid chars
     session_id($seid);
}

at the top, before the…

require 'lib/php/loader.php';

You may want to change the parameter from ‘seid’ to something else. You can also add some code that checks $_SERVER[‘REMOTE_ADDR’] and allows access from only specific IP addresses.

Important: Do not change or modify the original api.php file.

In your PHP script to get or set information using the API you should now use myapi.php instead of api.php. You should also pass a session id (created using session_create_id) to myapi.php as a parameter (seid or whatever you named it).

$seid = session_create_id('nxert-');
$url = "https://labs.softnik.com/wmdsed4/myapi.php?seid=$seid";

Desktop Software, Registrar APIs and Whitelisting IP Addresses

Many registrar APIs require that you whitelist the IP addresses from which you connect. This is a problem if your ISP provides only dynamic IPs. Every time you want to import data from a registrar you will have to find your current IP address, add it at the registrar and wait for it to be whitelisted. At some registrars the whitelisting could take upto 30 minutes.

The solution

You can use your website to host an opensource registrar API script from CodePunch Solutions and then use it from Domain Punch Pro and Watch My Domains to fix this problem permanently. Your website will have a permanent IP address and you can easily whitelist it at your registrar.

Download and install the whois api client script on your web server and white-list your web server IP address at the registrar. Then specify the URL to the web client as shown in the screen-shot above. Include the required authentication parameter (&k=xxxx or ?k=xxxx) as part of the URL.

Coming Soon: REST API for Watch My Domains SED

We will be releasing a complete RESTful API for Watch My Domains SED Professional Edition and above. This will be in addition to current Stateful API available for all editions.

The REST API will support alternate authentication for API users and will be useful for creating your own configuration and setup interface independent of the normal application interface.

We expect to make this available in early February.

Watch My Domains SED Report Viewer and the Days To Expiry Column

The report viewer in Watch My Domains SED has a user configurable column called ‘Days’. This has been a subject of confusion at times.

The ‘Days’ column refers to ‘days to nearest expiry’. This data can change for the same domain based on the other columns in the report.

Contents of ReportContents of ‘Days’ Column
Contains SSL Expiry Date ColumnDays to SSL Expiry
Contains Domain Registry Expiry DateDays to Registry Expiry
Contains Domain Registrar Expiry Date Days to Registrar Expiry
Contains Domain Registrar Expiry and Registry Expiry DatesDays to nearest Expiry Date (Registry / Registrar Expiry Date whichever occurs first)
Contains SSL, Domain Registrar Expiry and Registry Expiry Dates Days to nearest Expiry Date (Registry / Registrar /SSL Expiry Date whichever occurs first)

Secondary Domains and Watch My Domains SED

Some secondary domains like yourdomain.uk.com will not get added to Watch My Domains SED v4 by default. This is because the application will assume that you want to add UK.COM and that the yourdomain part is a subdomain (which it really is).

In such cases you can force add the domains by wrapping them in square brackets ([]). For example,

[abcd.uk.com]
[domain.bd.com]

You can also make some changes to the domain suffix list in Watch My Domains SED to permanently support such domains.

The public suffix list is used by Watch My Domains to properly identify the effective / registered domain name. You can acces this from the administrive settings panels.

After you add these second level domains (uk.com, bd.com, etc) your entries will be parsed as you want them to be. You can also verify the parser by typing in your test entries under the ‘Test Domain Parser’ box.

CentOS 7, SELinux and Watch My Domains SED

Installing Watch My Domains SED on a CentOS system with SELinux (Security-Enhanced Linux) enabled often requires some extra work.

The Log Folder

Watch My Domains SED requires that the log folder is writable by apache. For this to work you will have to properly set the security context and ownership for the folder.

By default the log folder is at the root of the base installation. If you are installing the application at /var/www/html/wmdsed40, the log folder will be /var/www/html/wmdsed40/logs. You can ofcourse change the location of the log folder by editing the config.php file.

To make the log folder writable you will have to run

chown apache:apache /var/www/html/wmdsed40/logs
chcon -t httpd_sys_rw_content_t /var/www/html/wmdsed40/logs -R

The first command will set the owner of the folder to apache and the second will set the security context so that the folder is readable and writable by apache.

If you set the log folder outside of wmdsed40, you will also need to set httpd_sys_content_t for it.

Changing DocumentRoot

Installing the application to a folder different from the default /var/www/html requires more changes. For example, to install to /home/wmdsed/wmdsed40 you would do…

chcon -R --reference=/var/www/html/ /home/wmdsed/wmdsed40 
chcon -R -t httpd_sys_content_t /home/wmdsed/wmdsed40/ 
semanage fcontext -a -t httpd_sys_content_t "/home/wmdsed/wmdsed40(/.*)?" 
setsebool -P httpd_enable_homedirs true 
chmod 755 /home/wmdsed/wmdsed40

You will have to edit /etc/httpd/httpd.conf and change the DocumentRoot settings. You should also make the log folder writable by apache as mentioned in the previous section.

Net_DNS2

It is a good idea to install Net_DNS2 so that advanced DNS monitoring is possible. You can do this by installing php-pear.

yum -y install php-pear 
pear install Net_DNS2

Setup Cron

Though this is not related to SELinux or CentOS, remember to setup the cron immediately after you install the application. This is essential for the default tables to get initialized.

Verify Installation

You can run the basic diagnostic tool by opening

https://<installpath>/verify.php

in your browser. For example, if your installation is at example.com/wmdsed40, you should open

https://example.com/wmdsed40/verify.php

Verifying if a Watch My Domains SED v4 Installation is fully UP & Running

There are a number of scripts and services that check if a website is up and running. However, checking if a web application is fully functional is not exactly the same as testing if a web page is up. Web applications may still show it’s interface even if there are errors that are then displayed elsewhere.

You can easily verify if an installation of Watch My Domains SED v4 is fully functional by checking if it’s testpad.php page returns a

<p>OK</p>

response.

You can add https://<yourinstallpath>/testpad.php to any monitoring script and look for the above response to monitor the application’s status.