Install phpIPAM on Debian 12 (Bookworm) With Let’s Encrypt SSL

The aim of this guide is to help you install phpIPAM on Debian 12 (Bookworm) With Let’s Encrypt SSL. phpIPAM is an open-source tool that provides a web interface used to manage and administer IP addresses. It is focused on providing a light and modern interface for IP address management.

This PHP-based application uses MySQL database as the backend with jQuery libraries, Ajax and HTML5/CSS3 features. The features offered by phpIPAM include:

• VLAN management
• IPv4 / IPv6 calculator
• IPv4/IPv6 IP address management
• PowerDNS integration
• Domain authentication (AD, LDAP, Radius)
• Automatic free space display for subnets
• Section / Subnet management
• IP database search
• It has NAT support
• XLS / CVS subnets import
• E-mail notifications
• RACK management
• IP request module
• RIPE subnets import
• Translations
• ICMP status updates, automatic display of available subnets by scanning and IP checks

Follow the below steps to install phpIPAM on Debian 12 (Bookworm) With Let’s Encrypt SSL.

1. Install PHP and PHP Modules

phpIPAM currently supports PHP versions up to PHP 8.1. The default Debian 12 repository offers PHP 8.2 which is unsupported at the moment.

We will start by updating the system:

sudo apt update

To install other PHP versions, we will add the Sury PPA using:

sudo apt install -y lsb-release ca-certificates vim apt-transport-https software-properties-common gnupg2
curl -fsSL https://packages.sury.org/php/apt.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/sury-php.list.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list

Now install PHP 8.1 and the required modules:

sudo apt update

Now proceed and install PHP and Required PHP modules from the SURY repository:

sudo apt install php8.1 php8.1-{fpm,curl,cli,mysql,gd,intl,imap,apcu,pspell,tidy,xmlrpc,mbstring,gmp,xml,ldap,common,snmp} php-pear

If you have multiple PHP versions, list them:

$ sudo update-alternatives --list php
/usr/bin/php8.1
/usr/bin/php8.2

Set the default one as shown:

sudo update-alternatives --set php /usr/bin/php8.1

Check the version:

$ php -v
PHP 8.1.23 (cli) (built: Sep  2 2023 07:11:19) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.23, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.23, Copyright (c), by Zend Technologies

Once installed, ensure that PHP-FPM is running. Check with the command:

$ systemctl status php*-fpm.service
● php8.1-fpm.service - The PHP 8.1 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.1-fpm.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-09-03 11:32:27 UTC; 42s ago
       Docs: man:php-fpm8.1(8)
    Process: 33443 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.>
   Main PID: 33440 (php-fpm8.1)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 2251)
     Memory: 13.9M
        CPU: 137ms
     CGroup: /system.slice/php8.1-fpm.service
             ├─33440 "php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)"
             ├─33441 "php-fpm: pool www"
             └─33442 "php-fpm: pool www"

We need to make some configurations to PHP-FPM. Open the below config file:

sudo vim /etc/php/*/fpm/php.ini

In the file, set your Timezone as shown:

[Date]
date.timezone = Africa/Nairobi

Restart the service for the changes to apply:

sudo systemctl restart php*-fpm.service

2. Install and Configure MySQL Database

phpIPAM uses the MySQL database as the storage. Here, we will use the MySQL alternative, MariaDB which can be installed on Debian 12 using the command:

sudo apt install mariadb-server 

After installing it, ensure the service is started and enabled:

sudo systemctl enable --now mariadb

Proceed and secure the instance by setting a password for the root user:

sudo mysql_secure_installation

Proceed as shown:

Enter current password for root (enter for none): Press Enter
....
Switch to unix_socket authentication [Y/n] y
.......
Change the root password? [Y/n] y
New password: Enter Password
Re-enter new password: Re-Enter Password
......
Remove anonymous users? [Y/n] y
...
Disallow root login remotely? [Y/n] y
...
...
Remove test database and access to it? [Y/n] y
....
Reload privilege tables now? [Y/n] y
.....
Thanks for using MariaDB!

Now access the shell using the set password:

mysql -u root -p

Create a database and user for phpIPAM using the SQL commands below:

CREATE DATABASE phpipam;
GRANT ALL ON phpipam.* TO phpipam@localhost IDENTIFIED BY 'Passw0rd';
FLUSH PRIVILEGES;
QUIT;

Set the desired password for the user by replacing the one provided above.

3. Download and Configure phpIPAM

After installing all the required packages, you can proceed and download the latest phpIPAM release from GitHub Release page

Ensure git has been installed:

sudo apt install git

Now clone the repository with the command:

sudo git clone --recursive https://github.com/phpipam/phpipam.git /var/www/html/phpipam

Switch to the directory with the command:

cd /var/www/html/phpipam

Now we need to create a configuration file from the default available config:

sudo cp config.dist.php config.php

Now modify the file:

sudo vim config.php

In the file, you need to make some adjustments to accommodate your database:

* database connection details
******************************/
$db['host'] = '127.0.0.1';
$db['user'] = 'phpipam';
$db['pass'] = 'Passw0rd';
$db['name'] = 'phpipam';
$db['port'] = 3306;

4. Configure Web server for phpIPAM

For this guide, we will learn how to configure both Nginx and Apache web servers for PHP IPAM. Just select one that works best for you.

Option 1: Install and Configure Apache

It is possible to use the Apache web server for phpIPAM. First, ensure that it is installed by running the below command:

sudo apt -y install libapache2-mod-php8.1 apache2

Now we will create a virtual host file:

sudo vim /etc/apache2/sites-available/phpipam.conf

In the file, add the below lines:

<VirtualHost *:80>
    ServerName phpipam.computingforgeeks.com
    ServerAlias www.phpipam.computingforgeeks.com
    DocumentRoot "/var/www/html/phpipam"
    <Directory "/var/www/html/phpipam">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog "/var/log/apache2/phpipam-error_log"
    CustomLog "/var/log/apache2/phpipam-access_log" combined
</VirtualHost>

In the file, replace your server name correctly. Set the correct permissions of the document root:

sudo chown -R www-data:www-data /var/www/html/

Enable the phpIPAM site:

sudo a2ensite phpipam

Enable the Apache rewrite and SSL modules:

sudo a2enmod rewrite
sudo a2enmod ssl

Restart the Apache service:

sudo systemctl restart apache2

Test if you can access the site using the URL http://domain_name

Option 2: Install and Configure Nginx

You can skip this step if you already have Apache configured as above, If not, ensure that Nginx has been installed:

sudo systemctl stop apache2 && sudo systemctl disable apache2
sudo apt -y install nginx

Now create the virtual host file:

sudo vim /etc/nginx/conf.d/phpipam.conf

In the opened file, add these lines:

server {
    listen       80;
    # root directory
    server_name phpipam.computingforgeeks.com  www.phpipam.computingforgeeks.com;
    index        index.php;
    root   /var/www/html/phpipam;


    location / {
            try_files $uri $uri/ /index.php$is_args$args;
        }

    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
             fastcgi_pass   unix:/run/php/php-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_index index.php;
            include fastcgi_params;
        }

 }

Set the required ownership of the file and restart the Nginx service:

sudo chown -R www-data:www-data /var/www/html
sudo systemctl restart nginx

5. Finish phpIPAM Installation

After following the above steps, you can now access the phpIPAM web UI using the URL http://domain_name and complete the installation

Ensure that the HTTP port is allowed through the firewall:

sudo ufw allow 80

If all is okay, you will see this:

On the above page, select New phpipam installation and proceed to database configuration.

You need to get the instructions to make the database settings by selecting the MySQL import instructions option. You will then get commands to create the database.

For this case, we already have it created, so import the schemas with the command:

$ sudo mysql -u root -p phpipam < /var/www/html/phpipam/db/SCHEMA.sql
Enter password: Enter your set MariaDB root password

Now proceed and log in to phpIPAM.

Use the default creds to authenticate: Username: admin and Password: ipamadmin

If all goes well, you will see this page that requires you to change the admin password.

Once complete, you will be granted the phpIPAM dashboard

You are now free to use the dashboard for IP management.

6. Secure phpIPAM with Let’sEncrypt

If you want to secure the traffic on your phpIPAM site, you can configure your web servers to serve HTTPS by using certificates. In this guide, we will use Let’sEncrypt to generate free signed certs for our domain name.

Before you proceed, you need to ensure that you have a Fully Qualified Domain Name(FQDN). You also need to install the required packages:

##For Apache
sudo apt install certbot python3-certbot-apache

##For Nginx
sudo apt install certbot python3-certbot-nginx

Once installed, you can generate the certs using the command:

##For Apache
sudo certbot --apache

##For Nginx
sudo certbot --nginx

Now proceed as shown:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): Enter a valid Email address here <email-address>         

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: phpipam.computingforgeeks.com
2: www.phpipam.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
......

Once the certificate has been generated, it will be automatically added to your web server configuration. Now will be set to access the site via HTTPS. Ensure you allow HTTPS through the firewall:

sudo ufw allow 443

Now access the site with the URL https://domain_name

You have secured your site using SSL certificates. I hope this was informative.

See more on this page:

• How To Install phpIPAM on CentOS / RHEL
• How To Install phpIPAM on Ubuntu
• Install NetBox IPAM & DCIM Tool on Ubuntu