PHP IP Address Management PHPIpam

Install PHP IP Address Management Software (phpIPAM) on Debian

by

In this guide, we’ll show you how to install and configure the latest version of phpIPAM on Debian to manage your companies’ IP addresses.

phpIPAM, short for PHP IP Address Management, is a powerful and flexible open-source IP address and subnet management software written in the PHP programming language and used on Linux with Apache/Nginx web servers, PHP and the MySQL/MariaDB database management system, also known as the LAMP or LEMP stack.

phpIPAM can make the job of network and system administrators easier by providing a simple and intuitive web interface that lets you keep track of which IP addresses are statically or dynamically assigned to hosts, servers, routers, switches and other network devices. Unlike other IP management tools that require you to manually add or update the IP addresses or status of devices, phpIPAM has some interesting built-in features that automate the process of discovering new IP addresses and hostnames assigned to network devices and can automatically update the IP/device status and add the IP addresses to the MySQL database.

Requirements

  • Debian 11 minimal installation on a bare metal server machine or on a virtual private server.
  • sudo root privileges for a local or remote account, or direct access to the root account
  • A static IP address configured for one of your system’s network cards
  • A private or public domain name, depending on your deployment, with the correct DNS records for web services. If you don’t have a valid or registered domain name, you can install and access the site through your server’s IP address
  • If you want to use phpIPAM’s email notifications, you should have a running mail server on your premises that is properly configured and provides remote access to its IMAP and SMTP services

Prerequisites

Before you start installing and configuring phpIPAM from your own server’s sources, you need to make sure that the system meets all the software requirements for compiling and installing the application.

The first step is to update your system’s repositories and software packages by running the following command

apt update
apt upgrade

Next step, run the following command to install some necessary utilities needed to further manage your system from the command line.

apt install wget bash-completion fping

After the system has been fully upgraded and the necessary utilities to manage your server have been installed, set up the name for your system by running the following command. Replace your hostname variable accordingly.

hostnamectl set-hostname www.mynet.com

Check the hostname of the machine and the hosts file by running the following commands.

hostnamectl
cat /etc/hostname
hostname –s
hostname –f

Finally, you will need to restart the Debian server so that the kernel updates and hostname changes are properly applied.

systemctl reboot

phpIPAM is a web-based IP and network management platform written in the PHP server-side programming language. In order to run the application’s PHP file scripts, a web server such as the Apache HTTP server and a PHP interpreter must be installed and operational in the system.

To install the Apache web server and PHP interpreter, along with all the necessary PHP modules that the application needs to run properly, enter the following command in your server console

apt install apache2 libapache2-mod-php7.4 php7.4 php7.4-gd php7.4-opcache php7.4-json php7.4-mbstring php7.4-xml php7.4-gmp php7.4-ldap php7.4-cli php-pear php7.4-snmp

Use the following command to check if all installed PHP modules are enabled in your system.

php –m

After Apache and PHP have been installed, check that the web server is running and listening for network connections on port 80 by entering the following command with root privileges.

netstat –tlpn

If the netstat network utility is not installed by default in your Debian system, run the following command to install it.

apt install net-tools

From the netstat command output, you can see that the Apache web server is listening for incoming network connections on port 80. For the same task, you can also use the ss command, which is automatically installed in Debian 11.

ss- tulpn

If you have a firewall enabled in your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by typing the following command.

ufw allow WWW

or

ufw allow 80/tcp

If you are using iptables raw rules to manage your Debian server’s firewall rules, add the following rule to allow incoming traffic over port 80 on the firewall so that other network administrators can browse the online application.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

Next, enable the following Apache modules that the application needs to run properly and apply them by typing the following command.

a2enmod rewrite
systemctl restart apache2

Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or your domain or server FQDN using the HTTP protocol (see figure below). If you don’t know the IP address of your machine, you can run the ifconfig or ip a commands to find out the IP address of your server.

http://your_domain.tld

To install and access the phpIPAM web admin panel on the backend and the frontend website using the HTTPS protocol that secures traffic for your clients, enter the following command to enable the Apache web server’s SSL module and SSL site configuration file.

a2enmod ssl
a2ensite default-ssl.conf

Next, open the Apache default SSL site configuration file with a text editor and enable the URL rewrite rules by inserting the following lines of code after the DocumentRoot directive, as shown in the following example:

nano /etc/apache2/sites-enabled/default-ssl.conf

Excerpt from the SSL site configuration file:

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Also, change the VirtualHost line to look like the following excerpt:

      <VirtualHost *:443>

Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing, and add the same URL rewrite rules as for the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.

<Directory /var/www/html>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Finally, you restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, which are not trusted by the browser, an error warning should be displayed in the browser.

systemctl restart apache2

https://yourdomain.tld

Accept the warning to accept the untrusted certificate and continue to be redirected to the default Apache website, as shown in the following image.

If the UFW firewall application blocks incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command.

ufw allow ‘WWW Full’

or

ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall to allow visitors to browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent

In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables are enabled and the PHP timezone setting is configured correctly and matches the geographic location of your system. Open the /etc/php/7.4/apache2/php.ini file for editing and make sure the following lines are set as shown. Also, create a backup of the PHP configuration file first.

cp /etc/php/7.4/apache2/php.ini{,.backup}
nano /etc/php/7.4/apache2/php.ini

Find, edit, and change the following variables in the php.ini configuration file:

file_uploads = On
default_charset = UTF-8
date.timezone = Europe/London

Increase the upload_max_file_size variable to support large file attachments if this is the case, and replace the date.timezone variable according to your geographic time by consulting the list of timezones in the PHP documents at the following link http://php.net/manual/en/timezones.php

If you want to increase the loading speed of your web pages via the OPCache plugin available for PHP7, add the following OPCache settings to the end of the PHP interpreter configuration file below the [opcache] statement:

[opcache]
opcache.enable=1 
opcache.enable_cli=1 
opcache.interned_strings_buffer=8 
opcache.max_accelerated_files=10000 
opcache.memory_consumption=128 
opcache.save_comments=1
opcache.revalidate_freq=1

Close the php.ini configuration file and check at the end of the PHP configuration file if the OPCache variables have been added correctly by entering the following command.

grep opcache /etc/php/7.4/apache2/php.ini

After you have made all the changes described above, restart the Apache daemon to apply the new changes by entering the following command.

systemctl restart apache2

Finally, create a PHP info file by running the following command, and verify that the PHP time zone is configured correctly by accessing the PHP info file from a browser at the following URL, as shown in the following figure. Scroll down to the date setting to verify the PHP time zone configuration.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

https://domain.tld/info.php

The phpIPAM web application stores various configurations such as users, sessions, contacts, networks, IP addresses and other data in an RDBMS database. In this tutorial, we will configure the phpIPAM application to use the MariaDB database as a backend. Enter the following command to install the MariaDB database and the PHP module needed to access the mysql database.

apt install mariadb-server php7.4-mysql mariadb-client

After installing MariaDB, verify that the daemon is running and listening for connections on localhost, port 3306, by running the netstat command.

netstat –tlpn | grep mysql

Then log in to the MySQL console and secure the MariaDB root account by running the following commands.

mysql -h localhost
Welcome to MariaDB Monitor.  Commands end with ; or \g.
Your MariaDB connection identifier is 2

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to delete the current input statement.

MariaDB [(none)]> Use mysql;
Read table information to complete table and column names
You can use this function for a faster start with -A

Database modified
MariaDB [mysql]>

update user set plugin='' where user='root';
Query OK, 1 line affected (0.00 sec)
Rows matched: 1  Modified: 1  Warnings: 0

MariaDB [mysql]> flush permissions;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit
Bye

In the next step, you secure MariaDB by running the script mysql_secure_installation included in the installation packages from the Debian Stretch repositories. As the script runs, it asks a series of questions about securing the MariaDB database, such as changing the MySQL root password, removing anonymous users, disabling removed root logins, and deleting the test database. Run the script using the command below and make sure you answer yes to all questions to fully secure the MySQL daemon. Use the script output below as a guide only.

mysql_secure_installation

Then run this command to check if we successfully closed MySQL root access without password:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (with password: NO)

If the password is provided, the login process should be granted to the MySQL console, as shown in the command example:

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection identifier is 15

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to delete the current input statement.

MariaDB [(none)]> exit

Bye

Next, log in to the MariaDB database console, create a database for the application and a user with a password to manage the application database by entering the following commands. Replace the database name, user, and password accordingly.

mysql –u root -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection identifier is 2

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

 

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to delete the current input statement.

MariaDB [(none)]> create database myipdatabase;

Query OK, 1 line affected (0.00 sec)

MariaDB [(none)]> Grant all permissions on myipdatabase.* to 'ip_user'@'localhost' identified by 'password1234';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

To apply all the changes made so far, restart the MySQL and Apache daemons and verify that the daemons are running by entering the following commands

systemctl restart mysql apache2
systemctl status mysql apache2

Installing PHP IP address management

After meeting all system requirements for installing the IP management application, visit the official download page of phpIPAM at https://phpipam.net/download/ and get the latest compressed zip archive into your system by running the following command.

wget https://sourceforge.net/projects/phpipam/files/phpipam-1.3.1.tar

After completing the zip archive download, unzip the phpIPAM zip archive file into your current working directory and list the unzipped files using the following commands. Also, remove the index.html file installed by default by the Apache web server from the webroot path and also delete the info.php file created earlier.

tar xfv phpipam-1.3.1.tar
ls
rm /var/www/html/index.html
rm /var/www/html/info.php

The installation files for phpIPAM are located in your current working directory in the phpipam/ directory. Issue the ls command to list the files in that directory. Copy the entire contents of the unpacked directory to the root of your web server by running the following command. Also, make sure you copy the hidden .htaccess file to the webroot path.

ls -al phpipam
cp -rf phpipam/* /var/www/html/
cp -rf phpipam/.htaccess /var/www/html/

Next, run the following commands to grant the Apache runtime user full write permissions to the web root path. Use the ls command to list the permissions for the application’s installed files, which are located in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/

Next, import the phpIPAM MySQL database schema by directing the contents of the SCHEMA.sql script located in the db directory of your server webroot to the database created for the phpIPAM application installation. Make sure you replace the database user and database name accordingly.

mysql -u ip_user -p myipdatabase < db/SCHEMA.sql

In the next step, create a new configuration file based on the phpIPAM configuration template by entering the following commands.

cd /var/www/html/
cp config.dist.php config.php

Next, edit the phpIPAM configuration file and replace the following variables accordingly.

nano /var/www/html/config.php

Search the config.php file for the MySQL database name and credentials and update it according to your own settings, as shown in the following file excerpt:

$db['host'] = 'localhost';
$db['user'] = 'ip_user';
$db['pass'] = 'password1234';
$db['name'] = 'myipdatabase';
$db['port'] = 3306;

After adding the database connection details, scroll through the file, find the following line and match it to your domain base URL address, as shown in the following excerpt.  In this tutorial, we install phpIPAM directly under the webroot directory, so we’ll use / as the BASE definition. If you want to install phpIPAM in another directory in the webroot, use the name of the directory as BASE definition (e.g. /mynet/)

define('BASE',"/");

Save and close the config.php file and visit your domain name by opening a browser and navigating to your server’s IP address, domain name, or FQDN using the HTTPS protocol. The login screen for the phpIPAM application will be displayed in your browser.

https://yourdomain.tld

Log in to the PHP IP Address Management application using the following default credentials:

User name: Admin

Password: ipamadmin

After logging into the application using the default credentials, you will need to change phpIPAM’s default admin password. Choose a new, secure password for the admin account and click the Save Password button. After the password is updated, click the Dashboard button to start using the phpIPAM application.

In the dashboard, click on the left menu Administration, go to phpIPAM settings and update your website title, domain and URL. Also, you should set Correct links to Yes so that your URL address will be rewritten by the Apache HTTP server.

Also, scroll down and update the FPing path to /usr/bin/fping and click the Save Changes button to apply all changes made so far.

To force visitors to access the phpIPAM interface securely using the HTTPS protocol, which encrypts traffic between the server and clients’ browsers, return to your server’s terminal and edit the .htaccess file located at the root of your website document with the following command.

nano /var/www/html/.htaccess

Below in the file, you can change the native PHP server settings with the following configurations. Modify the PHP settings to fit your own server resources and configurations.

.htaccess Excerpt from the file:

# Change PHP settings
php_value session.use_trans_sid 0
php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M

Finally, add the following rules to the .htaccess file before the </IfModule>closing tag to automatically redirect domain traffic to HTTPS.

# Redirect to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

 

Options -Indexes

To make phpIPAM automatically detect new hosts and update their status once the network ranges are added to the database, you need to add the following cron tasks that will run under Apache runtime user privileges:

crontab –u www-data –e
# Discover new hosts every 12 hours and add them to the IP database
00 00,12 *  *  /usr/bin/php  /var/www/html/functions/scripts/discoveryCheck.php
# Update the status of database hosts every five hours
* */5 *  *  *   /usr/bin/php  /var/www/html/functions/scripts/pingCheck.php

That’s it! You have successfully installed and configured the phpIPAM application in Debian 11. However, since the Apache HTTP server uses self-signed certificates to encrypt traffic between the server and visitors’ browsers, a warning message is always generated and displayed in visitors’ browsers. This warning may be considered annoying by network administrators visiting the web application. In this case, you should buy a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.

You can find more custom configurations for the phpIPAM application on the documentation page at the following address:  https://phpipam.net/documents/all-documents/