raf/phpipam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
phpIPAM IP address management deployment for ps1raf (mariadb + apache/php, quadlets, nginx TLS)
1 commit 1 branch 0 tags 25 KiB
Find a file
Exact
raf 99bc298940 init: phpipam test deployment (loop task 260) 
mariadb 10.11 + phpipam-www quadlets, schema bootstrapped from
/phpipam/db/SCHEMA.sql (49 tables). Web bind 127.0.0.1:8186, public
:8086 via host nginx + shared step-ca cert. Default admin Admin/ipamadmin
(forced change on first login). Behind reverse proxy: trust X-Forwarded-*
via IPAM_TRUST_X_FORWARDED=true.
2026-05-17 08:39:56 +02:00
.gitignore init: phpipam test deployment (loop task 260) 2026-05-17 08:39:56 +02:00
README.md init: phpipam test deployment (loop task 260) 2026-05-17 08:39:56 +02:00

README.md

phpipam — IP Address Management

Test deployment of phpIPAM on ps1raf.

  • Backend (private): mariadb 10.11 via phpipam-db.container, on the phpipam podman network
  • Frontend (loopback only): phpipam-www apache on 127.0.0.1:8186 via phpipam-www.container
  • Public: nginx terminates TLS and proxies the loopback bind on port 8086
  • URL: https://ps1raf.tn.ps1.at:8086 (or https://ps1raf:8086 on LAN)
  • Default login: admin / ipamadmin (forced change on first login)

Files

phpipam/
├── README.md        — this file
├── db.env           — MYSQL_* secrets (mode 600, NOT committed)
├── app.env          — IPAM_DATABASE_* secrets (mode 600, NOT committed)
└── data/
    ├── db/          — mariadb persistence
    ├── logos/       — custom logo uploads
    └── ca-certs/    — extra CAs (e.g. for LDAP auth over TLS)

Quadlets live in ~/.config/containers/systemd/:

  • phpipam.network
  • phpipam-db.container
  • phpipam-www.container

nginx vhost: /etc/nginx/conf.d/ps1raf-newsletters.conf (new server {} block on :8086).

Operations

# Start / restart
systemctl --user start phpipam-db.service phpipam-www.service
systemctl --user restart phpipam-www.service

# Reload after editing a quadlet
systemctl --user daemon-reload && systemctl --user restart phpipam-www.service

# Tail logs
journalctl --user -u phpipam-www.service -f
podman logs -f phpipam-www

Schema bootstrap

The official phpipam/phpipam-mariadb image bundles the SQL schema and imports it on first run, so no manual init step is needed. We use plain mariadb:10.11 instead and let phpipam-www auto-install the schema on first hit; that flow is the same minus the option of seeding a snapshot.

Reset

systemctl --user stop phpipam-www.service phpipam-db.service
mv data/db data/db.trash.$(date +%s)
mkdir data/db
systemctl --user start phpipam-db.service phpipam-www.service

Upgrades

Bump Image= tag in phpipam-www.container to the desired version. The schema is auto-migrated on next page load when phpipam is logged in as admin.

Related

  • llmwiki: services/phpipam.md
  • shared SSL convention: conventions/nginx-ssl-proxy.md