Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #118 from WordOps/updating-configuration

Browse Source 
Updating configuration
This commit is contained in:
VirtuBox
2019-08-17 02:30:18 +02:00
committed by GitHub
parent a296a91ec1 03a63cd40f
commit 042ac2a9eb
18 changed files with 1024 additions and 920 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
.travis.yml
View File

@@ -1,64 +1,65 @@
sudo: required sudo: required
dist: xenial dist: xenial
language: bash language: bash
notifications: notifications:
slack: wordops:MyZBNbI7JfhbAi3YyFckMdaa slack: wordops:MyZBNbI7JfhbAi3YyFckMdaa
addons: addons:
apt: apt:
update: true update: true
git: git:
quiet: true quiet: true
before_install: before_install:
- rm -rf ~/.gnupg - rm -rf ~/.gnupg
before_script: before_script:
- sudo rm -rf /etc/mysql - sudo rm -rf /etc/mysql
- sudo bash -c 'echo example.com > /etc/hostname' - sudo bash -c 'echo example.com > /etc/hostname'
- sudo apt-get -qq purge mysql* graphviz* redis* - sudo apt-get -qq purge mysql* graphviz* redis*
- sudo apt-get -qq autoremove --purge - sudo apt-get -qq autoremove --purge
- unset LANG - unset LANG
- sudo apt-get install --assume-yes --quiet git python3-setuptools python3-dev python3-apt ccze tree - sudo apt-get install --assume-yes --quiet git python3-setuptools python3-dev python3-apt ccze tree
script: script:
- lsb_release -a - lsb_release -a
- sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig' - sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig'
- sudo echo "Travis Banch = $TRAVIS_BRANCH" - sudo echo "Travis Banch = $TRAVIS_BRANCH"
- sed -i 's/# "nose"/"nose"/g' setup.py - sed -i 's/# "nose"/"nose"/g' setup.py
- sed -i 's/# "coverage"/"coverage"/g' setup.py - sed -i 's/# "coverage"/"coverage"/g' setup.py
- sed -i 's/# "Sphinx >= 1.0"/"Sphinx >= 1.0"/g' setup.py - sed -i 's/# "Sphinx >= 1.0"/"Sphinx >= 1.0"/g' setup.py
- sudo bash install --travis - sudo bash install --travis
- sudo wo --help && sudo wo stack install && sudo wo stack install --proftpd - sudo wo --help && sudo wo stack install && sudo wo stack install --proftpd
- sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql && sudo wo site create proxy.com --proxy=127.0.0.1:3000 - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql && sudo wo site create proxy.com --proxy=127.0.0.1:3000
- sudo wo site create wp1.com --wp && sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc - sudo wo site create wp1.com --wp && sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc
- sudo wo site create wpsc-php73.net --wpsc --php73 && sudo wo site create wpfc-php73.net --wpfc --php73 - sudo wo site create wpsc-php73.net --wpsc --php73 && sudo wo site create wpfc-php73.net --wpfc --php73
- sudo wo site create wprocket.net --wprocket && sudo wo site create wprocket-php73.net --wprocket --php73 - sudo wo site create wprocket.net --wprocket && sudo wo site create wprocket-php73.net --wprocket --php73
- sudo wo site create wpce.net --wpce && sudo wo site create wpce-php73.net --wpce --php73 - sudo wo site create wpce.net --wpce && sudo wo site create wpce-php73.net --wpce --php73
- sudo wo site create wpredis.net --wpredis && sudo wo site create wpredis-php73.net --wpredis --php73 - sudo wo site create wpredis.net --wpredis && sudo wo site create wpredis-php73.net --wpredis --php73
- sudo wo site create wpsubdir1.com --wpsubdir && sudo wo site create wpsubdir-php73.com --wpsubdir --php73 - sudo wo site create wpsubdir1.com --wpsubdir && sudo wo site create wpsubdir-php73.com --wpsubdir --php73
- sudo wo site create wpsubdirwpsc1.com --wpsubdir --wpsc && sudo wo site create wpsubdirwpsc2.com --wpsubdir --wpfc && sudo wo site create wpsubdirwpsc1-php73.com --wpsubdir --wpsc --php73 && sudo wo site create wpsubdirwpsc2-php73.com --wpsubdir --wpfc --php73 - sudo wo site create wpsubdirwpsc1.com --wpsubdir --wpsc && sudo wo site create wpsubdirwpsc2.com --wpsubdir --wpfc && sudo wo site create wpsubdirwpsc1-php73.com --wpsubdir --wpsc --php73 && sudo wo site create wpsubdirwpsc2-php73.com --wpsubdir --wpfc --php73
- sudo wo site create wpsubdomain1.com --wpsubdomain && sudo wo site create wpsubdomain1-php73.com --wpsubdomain --php73 && sudo wo site create wpsubdomainwpsc.org --wpsubdomain --wpsc && sudo wo site create wpsubdomainwpfc.org --wpsubdomain --wpfc && sudo wo site create wpsubdomainwpfc2.in --wpfc --wpsubdomain - sudo wo site create wpsubdomain1.com --wpsubdomain && sudo wo site create wpsubdomain1-php73.com --wpsubdomain --php73 && sudo wo site create wpsubdomainwpsc.org --wpsubdomain --wpsc && sudo wo site create wpsubdomainwpfc.org --wpsubdomain --wpfc && sudo wo site create wpsubdomainwpfc2.in --wpfc --wpsubdomain
- sudo wo site create 1.com --html && sudo wo site create 2.com --php && sudo wo site create 3.com --mysql - sudo wo site create 1.com --html && sudo wo site create 2.com --php && sudo wo site create 3.com --mysql
- sudo wo site update 1.com --wp && sudo wo site update 2.com --php73 && sudo wo site update 3.com --php73 && sudo wo site update 1.com --wpfc && sudo wo site update 1.com --wpsc && sudo wo site update 1.com --wpredis - sudo wo site update 1.com --wp && sudo wo site update 2.com --php73 && sudo wo site update 3.com --php73 && sudo wo site update 1.com --wpfc && sudo wo site update 1.com --wpsc && sudo wo site update 1.com --wpredis
- sudo wp --allow-root --info - sudo wp --allow-root --info
- sudo wo info - sudo wo info
- sudo cat /etc/nginx/nginx.conf - sudo cat /etc/nginx/nginx.conf
- sudo tree -L 2 /etc/nginx - sudo tree -L 2 /etc/nginx
- sudo cat /etc/mysql/my.cnf - sudo cat /etc/mysql/my.cnf
- sudo wo stack upgrade --nginx --no-prompt - sudo wo stack upgrade --nginx --force
- sudo wo stack upgrade --php --no-prompt - sudo wo stack upgrade --php --force
- sudo wo stack upgrade --netdata --no-prompt - sudo wo stack upgrade --netdata --force
- sudo wo stack upgrade --phpmyadmin --no-prompt - sudo wo stack upgrade --phpmyadmin --force
- sudo wo stack upgrade --composer --no-prompt - sudo wo stack upgrade --composer --force
- sudo wo update --travis - sudo wo stack upgrade --dashboard --force
- sudo wo stack status - sudo wo update --travis
- sudo tar -I pigz -cf wordops.tar.gz /var/log/wo - sudo wo stack status
- curl --progress-bar --upload-file wordops.tar.gz https://transfer.vtbox.net/$(basename "wordops.tar.gz") && echo "" | sudo tee -a $HOME/.transfer.log && echo "" - sudo tar -I pigz -cf wordops.tar.gz /var/log/wo
- echo "yes" | sudo wo stack purge --all - curl --progress-bar --upload-file wordops.tar.gz https://transfer.vtbox.net/$(basename "wordops.tar.gz") && echo "" | sudo tee -a $HOME/.transfer.log && echo ""
- sudo bash install --purge - echo "yes" | sudo wo stack purge --all --force
- sudo bash install --purge

676
CHANGELOG.md
View File

@@ -1,334 +1,344 @@
# Changelog # Changelog
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Releases ## Releases
### v3.9.x - [Unreleased] ### v3.9.x - [Unreleased]
### v3.9.8 - 2019-08-16 #### Changed
#### Added - Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf
- Allow web browser caching for json and webmanifest files #### Fixed
- nginx-core.mustache template used to render nginx.conf during stack setup
- APT Packages configuration step with `wo stack upgrade` to apply new configurations - MySQLTuner installation
- Cloudflare restore real_ip configuration - `wo stack remove/purge --all`
- WP-Rocket plugin support with the flag `--wprocket` - variable substitution in install script
- Cache-Enabler plugin support with the flag `--wpce`
- Install unattended-upgrade and enable automated security updates ### v3.9.8 - 2019-08-16
- Enable time synchronization with ntp
- Additional cache exception for woocommerce #### Added
#### Changed - Allow web browser caching for json and webmanifest files
- nginx-core.mustache template used to render nginx.conf during stack setup
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected - APT Packages configuration step with `wo stack upgrade` to apply new configurations
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf - Cloudflare restore real_ip configuration
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default) - WP-Rocket plugin support with the flag `--wprocket`
- Moving package configuration in a new plugin stack_pref.py - Cache-Enabler plugin support with the flag `--wpce`
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables - Install unattended-upgrade and enable automated security updates
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered - Enable time synchronization with ntp
- Disable temporary adding swap feature (not working) - Additional cache exception for woocommerce
- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration
#### Changed
#### Fixed
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
- Error in HSTS header syntax - Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default)
### v3.9.7.2 - 2019-08-12 - Moving package configuration in a new plugin stack_pref.py
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
#### Fixed - Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered
- Disable temporary adding swap feature (not working)
- redis.conf permissions additional fix - `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration
### v3.9.7.1 - 2019-08-09 #### Fixed
#### Changed - Error in HSTS header syntax
- Set WordOps backend password length from 16 to 24 ### v3.9.7.2 - 2019-08-12
- Upgrade framework cement to 2.6.0
- Upgrade PyMySQL to 0.9.3 #### Fixed
- Upgrade Psutil to 5.6.3
- redis.conf permissions additional fix
#### Fixed
### v3.9.7.1 - 2019-08-09
- Missing import in `wo sync`
- redis.conf incorrect permissions #### Changed
### v3.9.7 - 2019-08-02 - Set WordOps backend password length from 16 to 24
- Upgrade framework cement to 2.6.0
#### Added - Upgrade PyMySQL to 0.9.3
- Upgrade Psutil to 5.6.3
- MySQL configuration tuning
- Cronjob to optimize MySQL databases weekly #### Fixed
- WO-kernel systemd service to automatically apply kernel tweaks on server startup
- Proftpd stack now secured with TLS - Missing import in `wo sync`
- New Nginx package built with Brotli from operating system libraries - redis.conf incorrect permissions
- Brotli configuration with only well compressible MIME types
- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag ### v3.9.7 - 2019-08-02
- More informations during certificate issuance about validation mode selected
- `--php72` as alternative for `--php` #### Added
- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf
- Project Contributing guidelines - MySQL configuration tuning
- Project Code of conduct - Cronjob to optimize MySQL databases weekly
- WO-kernel systemd service to automatically apply kernel tweaks on server startup
#### Changed - Proftpd stack now secured with TLS
- New Nginx package built with Brotli from operating system libraries
- `wo maintenance` refactored - Brotli configuration with only well compressible MIME types
- Improved debug log - WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag
- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..) - More informations during certificate issuance about validation mode selected
- Adminer updated to v4.7.2 - `--php72` as alternative for `--php`
- eXtplorer updated to v2.1.13 - Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf
- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues - Project Contributing guidelines
- Several code quality improvements to speed up WordOps execution - Project Code of conduct
- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks)
- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration #### Changed
#### Fixed - `wo maintenance` refactored
- Improved debug log
- Kernel tweaks were not applied without server reboot - Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..)
- Fail2ban standalone install - Adminer updated to v4.7.2
- `wo stack purge --all` error due to PHP7.3 check - eXtplorer updated to v2.1.13
- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache - Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues
- phpRedisAdmin stack installation - Several code quality improvements to speed up WordOps execution
- Fixed Travis CI build on pull requests - Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks)
- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade - Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration
### v3.9.6.2 - 2019-07-24 #### Fixed
#### Changed - Kernel tweaks were not applied without server reboot
- Fail2ban standalone install
- Improve `wo update` process duration - `wo stack purge --all` error due to PHP7.3 check
- Improve package install/upgrade/remove process - Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache
- phpRedisAdmin stack installation
#### Fixed - Fixed Travis CI build on pull requests
- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade
- phpMyAdmin archive download link archive
- Arguments `--letsencrypt=clean/purge` ### v3.9.6.2 - 2019-07-24
- Incorrect directory removal during stack upgrade
#### Changed
### v3.9.6.1 - 2019-07-23
- Improve `wo update` process duration
#### Fixed - Improve package install/upgrade/remove process
- Typo in `--letsencrypt=subdomain` #### Fixed
- phpMyAdmin upgrade archive extraction
- Error in the command `wo update`. Please `wo update --beta` as workaround - phpMyAdmin archive download link archive
- Arguments `--letsencrypt=clean/purge`
### v3.9.6 - 2019-07-20 - Incorrect directory removal during stack upgrade
#### Added ### v3.9.6.1 - 2019-07-23
- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records #### Fixed
- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin`
- Wildcard SSL Certificates support with DNS validation - Typo in `--letsencrypt=subdomain`
- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard - phpMyAdmin upgrade archive extraction
- Flag `--letsencrypt=clean` to purge a previous SSL configuration - Error in the command `wo update`. Please `wo update --beta` as workaround
- Support for Debian 10 buster (testing - not ready for production)
- Fail2ban with custom jails to secure WordPress & SSH ### v3.9.6 - 2019-07-20
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
- ProFTPd stack with UFW & Fail2ban configurationz #### Added
- Beta branch and command `wo update --beta` for beta releases
- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases) - New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records
- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin`
#### Fixed - Wildcard SSL Certificates support with DNS validation
- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard
- Nginx was not reloaded after enabling HSTS - Flag `--letsencrypt=clean` to purge a previous SSL configuration
- Netdata, Composer & Fail2Ban stack remove and purge - Support for Debian 10 buster (testing - not ready for production)
- WordPress not installed by `wo site update` with basic php73 sites - Fail2ban with custom jails to secure WordPress & SSH
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
### v3.9.5.4 - 2019-07-13 - ProFTPd stack with UFW & Fail2ban configurationz
- Beta branch and command `wo update --beta` for beta releases
#### Added - Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases)
- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c) #### Fixed
- Netdata upgrade with `wo stack upgrade --netdata`
- Netdata stack remove/purge - Nginx was not reloaded after enabling HSTS
- Netdata, Composer & Fail2Ban stack remove and purge
#### Changed - WordPress not installed by `wo site update` with basic php73 sites
- phpRedisAdmin is now installed with the stack `--admin` ### v3.9.5.4 - 2019-07-13
- Remove memcached - not required anymore
#### Added
#### Fixed
- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c)
- phpRedisAdmin installation - Netdata upgrade with `wo stack upgrade --netdata`
- Duplicated locations /robots.txt after upgrade to v3.9.5.3 - Netdata stack remove/purge
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
- pt-query-advisor dead link #### Changed
- Netdata persistant configuration
- phpRedisAdmin is now installed with the stack `--admin`
### v3.9.5.3 - 2019-06-18 - Remove memcached - not required anymore
#### Added #### Fixed
- Argument `--preserve` with the command `wo update` to keep current Nginx configuration - phpRedisAdmin installation
- Duplicated locations /robots.txt after upgrade to v3.9.5.3
#### Fixed - Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
- pt-query-advisor dead link
- Nginx upgrade failure when running wo update - Netdata persistant configuration
### v3.9.5.2 - 2019-06-17 ### v3.9.5.3 - 2019-06-18
#### Added #### Added
- Non-interactive install/upgrade - Argument `--preserve` with the command `wo update` to keep current Nginx configuration
- Argument `--force` with the command `wo update`
- Argument `-s|--silent` to perform non interactive installation #### Fixed
#### Changed - Nginx upgrade failure when running wo update
- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php ### v3.9.5.2 - 2019-06-17
#### Fixed #### Added
- WP_CACHE_KEY_SALT set twice with wpredis - Non-interactive install/upgrade
- WordOps version check when using `wo update` - Argument `--force` with the command `wo update`
- robots.txt file download if not created - Argument `-s|--silent` to perform non interactive installation
- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82)
#### Changed
### v3.9.5.1 - 2019-05-10
- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php
#### Fixed
#### Fixed
- Adminer download link
- WP_CACHE_KEY_SALT set twice with wpredis
### v3.9.5 - 2019-05-02 - WordOps version check when using `wo update`
- robots.txt file download if not created
#### Added - PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82)
- IPv6 support with HTTPS ### v3.9.5.1 - 2019-05-10
- Brotli support in Nginx
- Let's Encrypt support with --proxy #### Fixed
- Install script handle migration from EEv3
- load-balancing on unix socket for php-fpm - Adminer download link
- stub_status vhost for metrics
- `--letsencrypt=subdomain` option ### v3.9.5 - 2019-05-02
- opcache optimization for php-fpm
- EasyEngine configuration backup before migration #### Added
- EasyEngine configuration cleanup after migration
- WordOps configuration backup before upgrade - IPv6 support with HTTPS
- Previous acme.sh certs migration - Brotli support in Nginx
- "wo maintenance" command to perform server package update & cleanup - Let's Encrypt support with --proxy
- Support for Netdata on backend : https://server.hostname:22222/netdata/ - Install script handle migration from EEv3
- New Stacks : composer and netdata - load-balancing on unix socket for php-fpm
- additional argument for letsencrypt : --hsts - stub_status vhost for metrics
- Clean Theme for adminer - `--letsencrypt=subdomain` option
- Credits for tools shipped with WordOps - opcache optimization for php-fpm
- Cache exception for Easy Digital Download - EasyEngine configuration backup before migration
- Additional cache exceptions for Woocommerce - EasyEngine configuration cleanup after migration
- MySQL monitoring with Netdata - WordOps configuration backup before upgrade
- WordOps-dashboard on 22222, can be installed with `wo stack install` - Previous acme.sh certs migration
- Extplorer filemanager in WordOps backend - "wo maintenance" command to perform server package update & cleanup
- Enable OSCP Stapling with Let's Encrypt - Support for Netdata on backend : https://server.hostname:22222/netdata/
- Compress database backup with pigz (faster than gzip) before updating sites - New Stacks : composer and netdata
- Support for Ubuntu 19.04 (disco) - few php extensions missing - additional argument for letsencrypt : --hsts
- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+ - Clean Theme for adminer
- backup letsencrypt certificate before upgrade - Credits for tools shipped with WordOps
- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure - Cache exception for Easy Digital Download
- EasyEngine cronjob removal during install - Additional cache exceptions for Woocommerce
- Kernel tweaks via systctl.conf - MySQL monitoring with Netdata
- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache - WordOps-dashboard on 22222, can be installed with `wo stack install`
- Extplorer filemanager in WordOps backend
#### Changed - Enable OSCP Stapling with Let's Encrypt
- Compress database backup with pigz (faster than gzip) before updating sites
- letsencrypt stack refactored with acme.sh - Support for Ubuntu 19.04 (disco) - few php extensions missing
- letsencrypt validation with webroot folder - Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+
- hardened nginx ssl_ecdh_curve - backup letsencrypt certificate before upgrade
- Update phpredisadmin - directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure
- Increase MySQL root password size to 24 characters - EasyEngine cronjob removal during install
- Increase MySQL users password size to 24 characters - Kernel tweaks via systctl.conf
- Nginx locations template is the same for php7.2 & 7.3 - open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache
- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf
- Install Netdata with static pre-built binaries instead of having to compile it from source #### Changed
- Nginx updated to new stable release (1.16.0)
- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore - letsencrypt stack refactored with acme.sh
- letsencrypt validation with webroot folder
#### Fixed - hardened nginx ssl_ecdh_curve
- Update phpredisadmin
- PHP 7.3 extras when php 7.2 isn't installed - Increase MySQL root password size to 24 characters
- acme.sh installation - Increase MySQL users password size to 24 characters
- acme.sh alias with config home variable - Nginx locations template is the same for php7.2 & 7.3
- deb.sury.org repository gpg key - backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf
- Nginx upgrade from previous WordOps release - Install Netdata with static pre-built binaries instead of having to compile it from source
- Force new Nginx templates during update - Nginx updated to new stable release (1.16.0)
- Error message about missing my.cnf file during upgrade - New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore
- PHP 7.2 & PHP 7.3 pool configuration during upgrade
- WordOps backup directory creation before upgrade #### Fixed
- EasyEngine database sync during migration
- fix command "wo info" - PHP 7.3 extras when php 7.2 isn't installed
- phpmyadmin install with composer - acme.sh installation
- command "wo clean --memcached" - acme.sh alias with config home variable
- phpredisadmin setup - deb.sury.org repository gpg key
- --hsts flag with basic html site - Nginx upgrade from previous WordOps release
- hsts flag on site not secure with letsencrypt - Force new Nginx templates during update
- fix import of previous acme.sh certificate - Error message about missing my.cnf file during upgrade
- fix proxy webroot folder creation - PHP 7.2 & PHP 7.3 pool configuration during upgrade
- WordOps backup directory creation before upgrade
### v3.9.4 - 2019-03-15 - EasyEngine database sync during migration
- fix command "wo info"
#### Added - phpmyadmin install with composer
- command "wo clean --memcached"
- Nginx module nginx_vts - phpredisadmin setup
- Migration script from nginx-ee to nginx-wo - --hsts flag with basic html site
- Support for Debian 9 (testing) - hsts flag on site not secure with letsencrypt
- New Nginx build v1.14.2 - fix import of previous acme.sh certificate
- fix proxy webroot folder creation
#### Changed
### v3.9.4 - 2019-03-15
- Update WP-CLI version to 2.1.0
- Update Adminer to 4.6.2 #### Added
- Update predis to v1.1.1
- Refactored nginx.conf - Nginx module nginx_vts
- Removed HHVM Stack - Migration script from nginx-ee to nginx-wo
- Removed old linux distro checks - Support for Debian 9 (testing)
- Replace wo-acme-sh by acme.sh - New Nginx build v1.14.2
#### Fixed #### Changed
- Outdated Nginx ssl_ciphers suite - Update WP-CLI version to 2.1.0
- Debian 9 nginx build - Update Adminer to 4.6.2
- Update predis to v1.1.1
### v3.9.3 - 2019-03-07 - Refactored nginx.conf
- Removed HHVM Stack
#### Changed - Removed old linux distro checks
- Replace wo-acme-sh by acme.sh
- Updated Nginx fastcgi_cache templates
- Updated Nginx redis_cache templates #### Fixed
- Updated Nginx wp-super-cache templates
- Updated Nginx configuration for WordPress 5.0 - Outdated Nginx ssl_ciphers suite
- remove --experimental args - Debian 9 nginx build
- MariaDB version bumped to 10.3
- Refactored Changelog ### v3.9.3 - 2019-03-07
- Updated WO manual
- Updated WO bash_completion #### Changed
- Refactored README.md
- Updated Nginx fastcgi_cache templates
#### Added - Updated Nginx redis_cache templates
- Updated Nginx wp-super-cache templates
- Add WebP image support with Nginx mapping - Updated Nginx configuration for WordPress 5.0
- Add PHP 7.3 support - remove --experimental args
- WordPress $skip_cache variable mapping - MariaDB version bumped to 10.3
- Refactored Changelog
#### Fixed - Updated WO manual
- Updated WO bash_completion
- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21)) - Refactored README.md
- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7))
- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12)) #### Added
- Fix WP-CLI install
- Add WebP image support with Nginx mapping
### v3.9.2 - 2018-11-30 - Add PHP 7.3 support
- WordPress $skip_cache variable mapping
#### Changed
#### Fixed
- Re-branded the fork to WordOps
- Codebase cleanup - Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21))
- Set PHP 7.2 as the default - wo update command ([#7](https://github.com/WordOps/WordOps/issues/7))
- Included support for newer OS releases - Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12))
- Reworked the HTTPS configuration - Fix WP-CLI install
- Added more automated testing with Redis
- Replaced Postfix with smtp-cli ### v3.9.2 - 2018-11-30
- Dropped mail services
#### Changed
- Re-branded the fork to WordOps
- Codebase cleanup
- Set PHP 7.2 as the default
- Included support for newer OS releases
- Reworked the HTTPS configuration
- Added more automated testing with Redis
- Replaced Postfix with smtp-cli
- Dropped mail services
- Dropped w3tc support - Dropped w3tc support

3
install
View File

@@ -7,7 +7,7 @@
# Copyright (c) 2019 - WordOps # Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T # This script is licensed under M.I.T
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.9.8 - 2019-08-16 # Version 3.9.8 - 2019-08-17
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
readonly wo_version_old="2.2.3" readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.8" readonly wo_version_new="3.9.8"
@@ -186,6 +186,7 @@ wo_install_dep() {
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
add-apt-repository ppa:wordops/nginx-wo -yu
else else
# install dependencies # install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \

6
tests/cli/13_test_stack.py
View File

@@ -9,6 +9,12 @@ class CliTestCaseStack(test.WOTestCase):
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install(self):
self.app = get_test_app(argv=['stack', 'install'])
self.app.setup()
self.app.run()
self.app.close()
def test_wo_cli_stack_install_web(self): def test_wo_cli_stack_install_web(self):
self.app = get_test_app(argv=['stack', 'install', '--web']) self.app = get_test_app(argv=['stack', 'install', '--web'])
self.app.setup() self.app.setup()

6
tests/cli/test_secure.py
View File

@@ -10,19 +10,19 @@ class CliTestCaseSecure(test.WOTestCase):
self.app.close() self.app.close()
def test_wo_cli_secure_auth(self): def test_wo_cli_secure_auth(self):
self.app = get_test_app(argv=['secure', '--auth']) self.app = get_test_app(argv=['secure', '--auth', 'abc', 'superpass'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_secure_port(self): def test_wo_cli_secure_port(self):
self.app = get_test_app(argv=['secure', '--port']) self.app = get_test_app(argv=['secure', '--port', '22222'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_secure_ip(self): def test_wo_cli_secure_ip(self):
self.app = get_test_app(argv=['secure', '--ip']) self.app = get_test_app(argv=['secure', '--ip', '172.16.0.1'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()

27
tests/cli/test_stack_purge.py
View File

@@ -10,55 +10,64 @@ class CliTestCaseStack(test.WOTestCase):
self.app.close() self.app.close()
def test_wo_cli_stack_purge_web(self): def test_wo_cli_stack_purge_web(self):
self.app = get_test_app(argv=['stack', 'purge', '--web']) self.app = get_test_app(argv=['stack', 'purge',
'--web', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_admin(self): def test_wo_cli_stack_purge_admin(self):
self.app = get_test_app(argv=['stack', 'purge', '--admin']) self.app = get_test_app(argv=['stack', 'purge',
'--admin', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_nginx(self): def test_wo_cli_stack_purge_nginx(self):
self.app = get_test_app(argv=['stack', 'purge', '--nginx']) self.app = get_test_app(argv=['stack', 'purge',
'--nginx', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_php(self): def test_wo_cli_stack_purge_php(self):
self.app = get_test_app(argv=['stack', 'purge', '--php']) self.app = get_test_app(argv=['stack', 'purge',
'--php', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_mysql(self): def test_wo_cli_stack_purge_mysql(self):
self.app = get_test_app(argv=['stack', 'purge', '--mysql']) self.app = get_test_app(argv=['stack', 'purge',
'--mysql', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_wpcli(self): def test_wo_cli_stack_purge_wpcli(self):
self.app = get_test_app(argv=['stack', 'purge', '--wpcli']) self.app = get_test_app(argv=['stack', 'purge',
'--wpcli', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_phpmyadmin(self): def test_wo_cli_stack_purge_phpmyadmin(self):
self.app = get_test_app(argv=['stack', 'purge', '--phpmyadmin']) self.app = get_test_app(
argv=['stack', 'purge', '--phpmyadmin', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_adminer(self): def test_wo_cli_stack_purge_adminer(self):
self.app = get_test_app(argv=['stack', 'purge', '--adminer']) self.app = get_test_app(
argv=['stack', 'purge', '--adminer', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_purge_utils(self): def test_wo_cli_stack_purge_utils(self):
self.app = get_test_app(argv=['stack', 'purge', '--utils']) self.app = get_test_app(argv=['stack', 'purge',
'--utils', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()

20
tests/cli/test_stack_remove.py
View File

@@ -10,55 +10,57 @@ class CliTestCaseStack(test.WOTestCase):
self.app.close() self.app.close()
def test_wo_cli_stack_remove_web(self): def test_wo_cli_stack_remove_web(self):
self.app = get_test_app(argv=['stack', 'remove', '--web']) self.app = get_test_app(argv=['stack', 'remove', '--web', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_admin(self): def test_wo_cli_stack_install_admin(self):
self.app = get_test_app(argv=['stack', 'remove', '--admin']) self.app = get_test_app(argv=['stack', 'remove', '--admin', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_nginx(self): def test_wo_cli_stack_install_nginx(self):
self.app = get_test_app(argv=['stack', 'remove', '--nginx']) self.app = get_test_app(argv=['stack', 'remove', '--nginx', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_php(self): def test_wo_cli_stack_install_php(self):
self.app = get_test_app(argv=['stack', 'remove', '--php']) self.app = get_test_app(argv=['stack', 'remove', '--php', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_mysql(self): def test_wo_cli_stack_install_mysql(self):
self.app = get_test_app(argv=['stack', 'remove', '--mysql']) self.app = get_test_app(argv=['stack', 'remove', '--mysql', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_wpcli(self): def test_wo_cli_stack_install_wpcli(self):
self.app = get_test_app(argv=['stack', 'remove', '--wpcli']) self.app = get_test_app(argv=['stack', 'remove', '--wpcli', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_phpmyadmin(self): def test_wo_cli_stack_install_phpmyadmin(self):
self.app = get_test_app(argv=['stack', 'remove', '--phpmyadmin']) self.app = get_test_app(argv=['stack', 'remove',
'--phpmyadmin', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_adminer(self): def test_wo_cli_stack_install_adminer(self):
self.app = get_test_app(argv=['stack', 'remove', '--adminer']) self.app = get_test_app(
argv=['stack', 'remove', '--adminer', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()
def test_wo_cli_stack_install_utils(self): def test_wo_cli_stack_install_utils(self):
self.app = get_test_app(argv=['stack', 'remove', '--utils']) self.app = get_test_app(argv=['stack', 'remove', '--utils', '--force'])
self.app.setup() self.app.setup()
self.app.run() self.app.run()
self.app.close() self.app.close()

4
wo/cli/plugins/site_functions.py
View File

@@ -840,10 +840,6 @@ def site_package_check(self, stype):
Log.debug(self, "Setting apt_packages variable for MySQL") Log.debug(self, "Setting apt_packages variable for MySQL")
if not WOShellExec.cmd_exec(self, "/usr/bin/mysqladmin ping"): if not WOShellExec.cmd_exec(self, "/usr/bin/mysqladmin ping"):
apt_packages = apt_packages + WOVariables.wo_mysql apt_packages = apt_packages + WOVariables.wo_mysql
packages = packages + [["https://raw.githubusercontent.com/"
"major/MySQLTuner-perl/master/"
"mysqltuner.pl", "/usr/bin/mysqltuner",
"MySQLTuner"]]
if stype in ['wp', 'wpsubdir', 'wpsubdomain']: if stype in ['wp', 'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting packages variable for WP-CLI") Log.debug(self, "Setting packages variable for WP-CLI")

176
wo/cli/plugins/stack.py
View File

@@ -21,7 +21,6 @@ from wo.cli.plugins.stack_migrate import WOStackMigrateController
from wo.cli.plugins.stack_services import WOStackStatusController from wo.cli.plugins.stack_services import WOStackStatusController
from wo.cli.plugins.stack_upgrade import WOStackUpgradeController from wo.cli.plugins.stack_upgrade import WOStackUpgradeController
from wo.cli.plugins.stack_pref import pre_pref, post_pref from wo.cli.plugins.stack_pref import pre_pref, post_pref
from wo.core.addswap import WOSwap
from wo.core.apt_repo import WORepo from wo.core.apt_repo import WORepo
from wo.core.aptget import WOAptGet from wo.core.aptget import WOAptGet
from wo.core.cron import WOCron from wo.core.cron import WOCron
@@ -66,6 +65,8 @@ class WOStackController(CementBaseController):
(['--mysqlclient'], (['--mysqlclient'],
dict(help='Install MySQL client for remote MySQL server', dict(help='Install MySQL client for remote MySQL server',
action='store_true')), action='store_true')),
(['--mysqltuner'],
dict(help='Install MySQLTuner stack', action='store_true')),
(['--wpcli'], (['--wpcli'],
dict(help='Install WPCLI stack', action='store_true')), dict(help='Install WPCLI stack', action='store_true')),
(['--phpmyadmin'], (['--phpmyadmin'],
@@ -114,7 +115,7 @@ class WOStackController(CementBaseController):
(not pargs.phpmyadmin) and (not pargs.composer) and (not pargs.phpmyadmin) and (not pargs.composer) and
(not pargs.netdata) and (not pargs.dashboard) and (not pargs.netdata) and (not pargs.dashboard) and
(not pargs.fail2ban) and (not pargs.security) (not pargs.fail2ban) and (not pargs.security)
and (not pargs.mysqlclient) and and (not pargs.mysqlclient) and (not pargs.mysqltuner) and
(not pargs.adminer) and (not pargs.utils) and (not pargs.adminer) and (not pargs.utils) and
(not pargs.redis) and (not pargs.proftpd) and (not pargs.redis) and (not pargs.proftpd) and
(not pargs.phpredisadmin) and (not pargs.phpredisadmin) and
@@ -147,6 +148,7 @@ class WOStackController(CementBaseController):
pargs.netdata = True pargs.netdata = True
pargs.dashboard = True pargs.dashboard = True
pargs.phpredisadmin = True pargs.phpredisadmin = True
pargs.mysqltuner = True
if pargs.security: if pargs.security:
pargs.fail2ban = True pargs.fail2ban = True
@@ -213,12 +215,6 @@ class WOStackController(CementBaseController):
Log.debug(self, "Setting apt_packages variable for MySQL") Log.debug(self, "Setting apt_packages variable for MySQL")
if not WOShellExec.cmd_exec(self, "mysqladmin ping"): if not WOShellExec.cmd_exec(self, "mysqladmin ping"):
apt_packages = apt_packages + WOVariables.wo_mysql apt_packages = apt_packages + WOVariables.wo_mysql
packages = packages + [["https://raw."
"githubusercontent.com/"
"major/MySQLTuner-perl"
"/master/mysqltuner.pl",
"/usr/bin/mysqltuner",
"MySQLTuner"]]
if pargs.mysqlclient: if pargs.mysqlclient:
Log.debug(self, "Setting apt_packages variable " Log.debug(self, "Setting apt_packages variable "
@@ -319,6 +315,15 @@ class WOStackController(CementBaseController):
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
"Adminer theme"]] "Adminer theme"]]
if pargs.mysqltuner:
Log.debug(self, "Setting packages variable for MySQLTuner ")
packages = packages + [["https://raw."
"githubusercontent.com/"
"major/MySQLTuner-perl"
"/master/mysqltuner.pl",
"/usr/bin/mysqltuner",
"MySQLTuner"]]
# Netdata # Netdata
if pargs.netdata: if pargs.netdata:
Log.debug(self, "Setting packages variable for Netdata") Log.debug(self, "Setting packages variable for Netdata")
@@ -437,7 +442,8 @@ class WOStackController(CementBaseController):
(not pargs.adminer) and (not pargs.utils) and (not pargs.adminer) and (not pargs.utils) and
(not pargs.composer) and (not pargs.netdata) and (not pargs.composer) and (not pargs.netdata) and
(not pargs.fail2ban) and (not pargs.proftpd) and (not pargs.fail2ban) and (not pargs.proftpd) and
(not pargs.security) and (not pargs.security) and (not pargs.mysqltuner) and
(not pargs.mysqlclient) and
(not pargs.all) and (not pargs.redis) and (not pargs.all) and (not pargs.redis) and
(not pargs.phpredisadmin)): (not pargs.phpredisadmin)):
pargs.web = True pargs.web = True
@@ -448,6 +454,10 @@ class WOStackController(CementBaseController):
pargs.web = True pargs.web = True
pargs.admin = True pargs.admin = True
pargs.php73 = True pargs.php73 = True
pargs.fail2ban = True
pargs.proftpd = True
pargs.utils = True
pargs.redis = True
if pargs.web: if pargs.web:
pargs.nginx = True pargs.nginx = True
@@ -459,10 +469,7 @@ class WOStackController(CementBaseController):
pargs.composer = True pargs.composer = True
pargs.utils = True pargs.utils = True
pargs.netdata = True pargs.netdata = True
if os.path.isdir('{0}22222/htdocs' pargs.mysqltuner = True
.format(WOVariables.wo_webroot)):
packages = packages + ['{0}22222/htdocs/*'
.format(WOVariables.wo_webroot)]
if pargs.security: if pargs.security:
pargs.fail2ban = True pargs.fail2ban = True
@@ -472,9 +479,7 @@ class WOStackController(CementBaseController):
if WOAptGet.is_installed(self, 'nginx-custom'): if WOAptGet.is_installed(self, 'nginx-custom'):
Log.debug(self, "Removing apt_packages variable of Nginx") Log.debug(self, "Removing apt_packages variable of Nginx")
apt_packages = apt_packages + WOVariables.wo_nginx apt_packages = apt_packages + WOVariables.wo_nginx
else:
Log.error(self, "Cannot Remove! Nginx Stable "
"version not found.")
# PHP 7.2 # PHP 7.2
if pargs.php: if pargs.php:
Log.debug(self, "Removing apt_packages variable of PHP") Log.debug(self, "Removing apt_packages variable of PHP")
@@ -484,8 +489,6 @@ class WOStackController(CementBaseController):
WOVariables.wo_php_extra WOVariables.wo_php_extra
else: else:
apt_packages = apt_packages + WOVariables.wo_php apt_packages = apt_packages + WOVariables.wo_php
else:
Log.error(self, "PHP 7.2 not found")
# PHP7.3 # PHP7.3
if pargs.php73: if pargs.php73:
@@ -496,8 +499,6 @@ class WOStackController(CementBaseController):
WOVariables.wo_php_extra WOVariables.wo_php_extra
else: else:
apt_packages = apt_packages + WOVariables.wo_php73 apt_packages = apt_packages + WOVariables.wo_php73
else:
Log.error(self, "PHP 7.3 not found")
# REDIS # REDIS
if pargs.redis: if pargs.redis:
@@ -508,43 +509,39 @@ class WOStackController(CementBaseController):
if pargs.mysql: if pargs.mysql:
Log.debug(self, "Removing apt_packages variable of MySQL") Log.debug(self, "Removing apt_packages variable of MySQL")
apt_packages = apt_packages + WOVariables.wo_mysql apt_packages = apt_packages + WOVariables.wo_mysql
packages = packages + ['/usr/bin/mysqltuner']
# fail2ban # fail2ban
if pargs.fail2ban: if pargs.fail2ban:
if WOAptGet.is_installed(self, 'fail2ban'): if WOAptGet.is_installed(self, 'fail2ban'):
Log.debug(self, "Remove apt_packages variable of Fail2ban") Log.debug(self, "Remove apt_packages variable of Fail2ban")
apt_packages = apt_packages + WOVariables.wo_fail2ban apt_packages = apt_packages + WOVariables.wo_fail2ban
else:
Log.error(self, "Fail2ban not found")
# proftpd # proftpd
if pargs.proftpd: if pargs.proftpd:
if WOAptGet.is_installed(self, 'proftpd-basic'): if WOAptGet.is_installed(self, 'proftpd-basic'):
Log.debug(self, "Remove apt_packages variable for ProFTPd") Log.debug(self, "Remove apt_packages variable for ProFTPd")
apt_packages = apt_packages + ["proftpd-basic"] apt_packages = apt_packages + ["proftpd-basic"]
else:
Log.error(self, "ProFTPd not found")
# WPCLI # WPCLI
if pargs.wpcli: if pargs.wpcli:
Log.debug(self, "Removing package variable of WPCLI ") Log.debug(self, "Removing package variable of WPCLI ")
if os.path.isfile('/usr/local/bin/wp'): if os.path.isfile('/usr/local/bin/wp'):
packages = packages + ['/usr/local/bin/wp'] packages = packages + ['/usr/local/bin/wp']
else:
Log.warn(self, "WP-CLI is not installed with WordOps")
# PHPMYADMIN # PHPMYADMIN
if pargs.phpmyadmin: if pargs.phpmyadmin:
Log.debug(self, "Removing package variable of phpMyAdmin ") Log.debug(self, "Removing package of phpMyAdmin ")
packages = packages + ['{0}22222/htdocs/db/pma' packages = packages + ['{0}22222/htdocs/db/pma'
.format(WOVariables.wo_webroot)] .format(WOVariables.wo_webroot)]
# Composer # Composer
if pargs.composer: if pargs.composer:
Log.debug(self, "Removing package variable of Composer ") Log.debug(self, "Removing package of Composer ")
if os.path.isfile('/usr/local/bin/composer'): if os.path.isfile('/usr/local/bin/composer'):
packages = packages + ['/usr/local/bin/composer'] packages = packages + ['/usr/local/bin/composer']
else:
Log.warn(self, "Composer is not installed with WordOps") if pargs.mysqltuner:
Log.debug(self, "Removing packages for MySQLTuner ")
packages = packages + ['/usr/bin/mysqltuner']
# PHPREDISADMIN # PHPREDISADMIN
if pargs.phpredisadmin: if pargs.phpredisadmin:
@@ -593,31 +590,30 @@ class WOStackController(CementBaseController):
'Any answer other than ' 'Any answer other than '
'"yes" will be stop this' '"yes" will be stop this'
' operation : ') ' operation : ')
if (wo_prompt != 'YES' or wo_prompt != 'yes'):
Log.error(self, "Not removing packages")
if (wo_prompt == 'YES' or wo_prompt == 'yes' if (set(["nginx-custom"]).issubset(set(apt_packages))):
or pargs.force): WOService.stop_service(self, 'nginx')
if (set(["nginx-custom"]).issubset(set(apt_packages))): # Netdata uninstaller
WOService.stop_service(self, 'nginx') if (set(['/var/lib/wo/tmp/'
'kickstart.sh']).issubset(set(packages))):
WOShellExec.cmd_exec(self, "bash /opt/netdata/usr/"
"libexec/netdata-"
"uninstaller.sh -y -f")
# Netdata uninstaller if (packages):
if (set(['/var/lib/wo/tmp/' WOFileUtils.remove(self, packages)
'kickstart.sh']).issubset(set(packages))): WOAptGet.auto_remove(self)
WOShellExec.cmd_exec(self, "bash /opt/netdata/usr/"
"libexec/netdata-"
"uninstaller.sh -y -f")
if (packages): if (apt_packages):
WOFileUtils.remove(self, packages) Log.debug(self, "Removing apt_packages")
WOAptGet.auto_remove(self) Log.info(self, "Removing packages, please wait...")
WOAptGet.remove(self, apt_packages)
WOAptGet.auto_remove(self)
if (apt_packages): Log.info(self, "Successfully removed packages")
Log.debug(self, "Removing apt_packages")
Log.info(self, "Removing packages, please wait...")
WOAptGet.remove(self, apt_packages)
WOAptGet.auto_remove(self)
Log.info(self, "Successfully removed packages")
@expose(help="Purge packages") @expose(help="Purge packages")
def purge(self): def purge(self):
@@ -633,7 +629,8 @@ class WOStackController(CementBaseController):
(not pargs.adminer) and (not pargs.utils) and (not pargs.adminer) and (not pargs.utils) and
(not pargs.composer) and (not pargs.netdata) and (not pargs.composer) and (not pargs.netdata) and
(not pargs.fail2ban) and (not pargs.proftpd) and (not pargs.fail2ban) and (not pargs.proftpd) and
(not pargs.security) and (not pargs.security) and (not pargs.mysqltuner) and
(not pargs.mysqlclient) and
(not pargs.all) and (not pargs.redis) and (not pargs.all) and (not pargs.redis) and
(not pargs.phpredisadmin)): (not pargs.phpredisadmin)):
pargs.web = True pargs.web = True
@@ -644,6 +641,10 @@ class WOStackController(CementBaseController):
pargs.web = True pargs.web = True
pargs.admin = True pargs.admin = True
pargs.php73 = True pargs.php73 = True
pargs.fail2ban = True
pargs.proftpd = True
pargs.utils = True
pargs.redis = True
if pargs.web: if pargs.web:
pargs.nginx = True pargs.nginx = True
@@ -655,10 +656,7 @@ class WOStackController(CementBaseController):
pargs.utils = True pargs.utils = True
pargs.composer = True pargs.composer = True
pargs.netdata = True pargs.netdata = True
if os.path.isdir('{0}22222/htdocs' pargs.mysqltuner = True
.format(WOVariables.wo_webroot)):
packages = packages + ['{0}22222/htdocs/*'
.format(WOVariables.wo_webroot)]
if pargs.security: if pargs.security:
pargs.fail2ban = True pargs.fail2ban = True
@@ -667,9 +665,6 @@ class WOStackController(CementBaseController):
if WOAptGet.is_installed(self, 'nginx-custom'): if WOAptGet.is_installed(self, 'nginx-custom'):
Log.debug(self, "Purge apt_packages variable of Nginx") Log.debug(self, "Purge apt_packages variable of Nginx")
apt_packages = apt_packages + WOVariables.wo_nginx apt_packages = apt_packages + WOVariables.wo_nginx
else:
Log.error(self, "Cannot Purge! "
"Nginx Stable version not found.")
# PHP # PHP
if pargs.php: if pargs.php:
@@ -680,8 +675,6 @@ class WOStackController(CementBaseController):
WOVariables.wo_php_extra WOVariables.wo_php_extra
else: else:
apt_packages = apt_packages + WOVariables.wo_php apt_packages = apt_packages + WOVariables.wo_php
else:
Log.error(self, "Cannot Purge PHP 7.2. not found.")
# PHP 7.3 # PHP 7.3
if pargs.php73: if pargs.php73:
@@ -710,8 +703,6 @@ class WOStackController(CementBaseController):
Log.debug(self, "Purge package variable WPCLI") Log.debug(self, "Purge package variable WPCLI")
if os.path.isfile('/usr/local/bin/wp'): if os.path.isfile('/usr/local/bin/wp'):
packages = packages + ['/usr/local/bin/wp'] packages = packages + ['/usr/local/bin/wp']
else:
Log.warn(self, "WP-CLI is not installed with WordOps")
# PHPMYADMIN # PHPMYADMIN
if pargs.phpmyadmin: if pargs.phpmyadmin:
@@ -724,8 +715,10 @@ class WOStackController(CementBaseController):
Log.debug(self, "Removing package variable of Composer ") Log.debug(self, "Removing package variable of Composer ")
if os.path.isfile('/usr/local/bin/composer'): if os.path.isfile('/usr/local/bin/composer'):
packages = packages + ['/usr/local/bin/composer'] packages = packages + ['/usr/local/bin/composer']
else:
Log.warn(self, "Composer is not installed with WordOps") if pargs.mysqltuner:
Log.debug(self, "Removing packages for MySQLTuner ")
packages = packages + ['/usr/bin/mysqltuner']
# PHPREDISADMIN # PHPREDISADMIN
if pargs.phpredisadmin: if pargs.phpredisadmin:
@@ -768,38 +761,39 @@ class WOStackController(CementBaseController):
.format(WOVariables.wo_webroot)] .format(WOVariables.wo_webroot)]
if (packages) or (apt_packages): if (packages) or (apt_packages):
wo_prompt = input('Are you sure you to want to purge ' if not pargs.force:
'from server ' wo_prompt = input('Are you sure you to want to purge '
'along with their configuration' 'from server '
' packages,\nAny answer other than ' 'along with their configuration'
'"yes" will be stop this ' ' packages,\nAny answer other than '
'operation :') '"yes" will be stop this '
'operation :')
if (wo_prompt != 'YES' or wo_prompt != 'yes'):
Log.error(self, "Not purging packages")
if wo_prompt == 'YES' or wo_prompt == 'yes' or pargs.force: if (set(["nginx-custom"]).issubset(set(apt_packages))):
WOService.stop_service(self, 'nginx')
if (set(["nginx-custom"]).issubset(set(apt_packages))): # Netdata uninstaller
WOService.stop_service(self, 'nginx') if (set(['/var/lib/wo/tmp/'
'kickstart.sh']).issubset(set(packages))):
WOShellExec.cmd_exec(self, "bash /opt/netdata/usr/"
"libexec/netdata-"
"uninstaller.sh -y -f")
# Netdata uninstaller if (set(["fail2ban"]).issubset(set(apt_packages))):
if (set(['/var/lib/wo/tmp/' WOService.stop_service(self, 'fail2ban')
'kickstart.sh']).issubset(set(packages))):
WOShellExec.cmd_exec(self, "bash /opt/netdata/usr/"
"libexec/netdata-"
"uninstaller.sh -y -f")
if (set(["fail2ban"]).issubset(set(apt_packages))): if (apt_packages):
WOService.stop_service(self, 'fail2ban') Log.info(self, "Purging packages, please wait...")
WOAptGet.remove(self, apt_packages, purge=True)
WOAptGet.auto_remove(self)
if (apt_packages): if (packages):
Log.info(self, "Purging packages, please wait...") WOFileUtils.remove(self, packages)
WOAptGet.remove(self, apt_packages, purge=True) WOAptGet.auto_remove(self)
WOAptGet.auto_remove(self)
if (packages): Log.info(self, "Successfully purged packages")
WOFileUtils.remove(self, packages)
WOAptGet.auto_remove(self)
Log.info(self, "Successfully purged packages")
def load(app): def load(app):

2
wo/cli/plugins/stack_migrate.py
View File

@@ -91,7 +91,7 @@ class WOStackMigrateController(CementBaseController):
if ((not self.app.pargs.mariadb)): if ((not self.app.pargs.mariadb)):
self.app.args.print_help() self.app.args.print_help()
if self.app.pargs.mariadb: if self.app.pargs.mariadb:
if WOVariables.wo_mysql_host is not "localhost": if WOVariables.wo_mysql_host != "localhost":
Log.error( Log.error(
self, "Remote MySQL server in use, skipping local install") self, "Remote MySQL server in use, skipping local install")

18
wo/cli/plugins/stack_pref.py
View File

@@ -160,7 +160,7 @@ def post_pref(self, apt_packages, packages):
(data), 'nginx-core.mustache', out=wo_nginx) (data), 'nginx-core.mustache', out=wo_nginx)
wo_nginx.close() wo_nginx.close()
if not os.path.isfile('/etc/nginx/conf.d/gzip.conf'): if not os.path.isfile('/etc/nginx/conf.d/gzip.conf.disabled'):
data = dict() data = dict()
Log.debug(self, 'Writting the nginx configuration to ' Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/conf.d/gzip.conf') 'file /etc/nginx/conf.d/gzip.conf')
@@ -170,7 +170,7 @@ def post_pref(self, apt_packages, packages):
(data), 'gzip.mustache', out=wo_nginx) (data), 'gzip.mustache', out=wo_nginx)
wo_nginx.close() wo_nginx.close()
if not os.path.isfile('/etc/nginx/conf.d/brotli.conf.disabled'): if not os.path.isfile('/etc/nginx/conf.d/brotli.conf'):
Log.debug(self, 'Writting the nginx configuration to ' Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/conf.d/brotli.conf.disabled') 'file /etc/nginx/conf.d/brotli.conf.disabled')
wo_nginx = open('/etc/nginx/conf.d/brotli.conf.disabled', wo_nginx = open('/etc/nginx/conf.d/brotli.conf.disabled',
@@ -179,6 +179,14 @@ def post_pref(self, apt_packages, packages):
(data), 'brotli.mustache', out=wo_nginx) (data), 'brotli.mustache', out=wo_nginx)
wo_nginx.close() wo_nginx.close()
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/conf.d/tweaks.conf')
wo_nginx = open('/etc/nginx/conf.d/tweaks.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'tweaks.mustache', out=wo_nginx)
wo_nginx.close()
# Fix for white screen death with NGINX PLUS # Fix for white screen death with NGINX PLUS
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params', if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
'SCRIPT_FILENAME'): 'SCRIPT_FILENAME'):
@@ -1070,7 +1078,6 @@ def post_pref(self, apt_packages, packages):
'/var/lib/mysql/ib_logfile1.bak') '/var/lib/mysql/ib_logfile1.bak')
WOService.start_service(self, 'mysql') WOService.start_service(self, 'mysql')
WOFileUtils.chmod(self, "/usr/bin/mysqltuner", 0o775)
WOCron.setcron_weekly(self, 'mysqlcheck -Aos --auto-repair ' WOCron.setcron_weekly(self, 'mysqlcheck -Aos --auto-repair '
'> /dev/null 2>&1', '> /dev/null 2>&1',
comment='MySQL optimization cronjob ' comment='MySQL optimization cronjob '
@@ -1324,6 +1331,11 @@ def post_pref(self, apt_packages, packages):
WOVariables.wo_php_user, WOVariables.wo_php_user,
recursive=True) recursive=True)
if any('/usr/bin/mysqltuner' == x[1]
for x in packages):
Log.debug(self, "CHMOD MySQLTuner in /usr/bin/mysqltuner")
WOFileUtils.chmod(self, "/usr/bin/mysqltuner", 0o775)
# netdata install # netdata install
if any('/var/lib/wo/tmp/kickstart.sh' == x[1] if any('/var/lib/wo/tmp/kickstart.sh' == x[1]
for x in packages): for x in packages):

6
wo/cli/plugins/stack_services.py
View File

@@ -29,6 +29,8 @@ class WOStackStatusController(CementBaseController):
pargs.nginx = True pargs.nginx = True
pargs.php = True pargs.php = True
pargs.mysql = True pargs.mysql = True
pargs.fail2ban = True
pargs.netdata = True
if pargs.nginx: if pargs.nginx:
if (WOAptGet.is_installed(self, 'nginx-custom')): if (WOAptGet.is_installed(self, 'nginx-custom')):
@@ -198,6 +200,7 @@ class WOStackStatusController(CementBaseController):
pargs.nginx = True pargs.nginx = True
pargs.php = True pargs.php = True
pargs.mysql = True pargs.mysql = True
pargs.netdata = True
if pargs.nginx: if pargs.nginx:
if (WOAptGet.is_installed(self, 'nginx-custom')): if (WOAptGet.is_installed(self, 'nginx-custom')):
@@ -281,6 +284,8 @@ class WOStackStatusController(CementBaseController):
pargs.nginx = True pargs.nginx = True
pargs.php = True pargs.php = True
pargs.mysql = True pargs.mysql = True
pargs.fail2ban = True
pargs.netdata = True
if pargs.nginx: if pargs.nginx:
if (WOAptGet.is_installed(self, 'nginx-custom')): if (WOAptGet.is_installed(self, 'nginx-custom')):
@@ -363,6 +368,7 @@ class WOStackStatusController(CementBaseController):
pargs.nginx = True pargs.nginx = True
pargs.php = True pargs.php = True
pargs.mysql = True pargs.mysql = True
pargs.fail2ban = True
if pargs.nginx: if pargs.nginx:
if (WOAptGet.is_installed(self, 'nginx-custom') or if (WOAptGet.is_installed(self, 'nginx-custom') or

35
wo/cli/plugins/stack_upgrade.py
View File

@@ -42,6 +42,8 @@ class WOStackUpgradeController(CementBaseController):
dict(help='Upgrade Redis', action='store_true')), dict(help='Upgrade Redis', action='store_true')),
(['--netdata'], (['--netdata'],
dict(help='Upgrade Netdata', action='store_true')), dict(help='Upgrade Netdata', action='store_true')),
(['--dashboard'],
dict(help='Upgrade WordOps Dashboard', action='store_true')),
(['--composer'], (['--composer'],
dict(help='Upgrade Composer', action='store_true')), dict(help='Upgrade Composer', action='store_true')),
(['--phpmyadmin'], (['--phpmyadmin'],
@@ -67,7 +69,7 @@ class WOStackUpgradeController(CementBaseController):
(not pargs.mysql) and (not pargs.mysql) and
(not pargs.all) and (not pargs.wpcli) and (not pargs.all) and (not pargs.wpcli) and
(not pargs.netdata) and (not pargs.composer) and (not pargs.netdata) and (not pargs.composer) and
(not pargs.phpmyadmin) and (not pargs.phpmyadmin) and (not pargs.dashboard) and
(not pargs.redis)): (not pargs.redis)):
pargs.web = True pargs.web = True
@@ -138,6 +140,21 @@ class WOStackUpgradeController(CementBaseController):
'kickstart-static64.sh', 'kickstart-static64.sh',
'/var/lib/wo/tmp/kickstart.sh', '/var/lib/wo/tmp/kickstart.sh',
'Netdata']] 'Netdata']]
if pargs.dashboard:
if os.path.isfile('/var/www/22222/htdocs/index.php'):
packages = packages + \
[["https://github.com/WordOps/wordops-dashboard/"
"releases/download/v{0}/wordops-dashboard.tar.gz"
.format(WOVariables.wo_dashboard),
"/var/lib/wo/tmp/wo-dashboard.tar.gz",
"WordOps Dashboard"],
["https://github.com/soerennb/"
"extplorer/archive/v{0}.tar.gz"
.format(WOVariables.wo_extplorer),
"/var/lib/wo/tmp/extplorer.tar.gz",
"eXtplorer"]]
if pargs.phpmyadmin: if pargs.phpmyadmin:
if os.path.isdir('/var/www/22222/htdocs/db/pma'): if os.path.isdir('/var/www/22222/htdocs/db/pma'):
packages = packages + \ packages = packages + \
@@ -184,10 +201,13 @@ class WOStackUpgradeController(CementBaseController):
if len(packages): if len(packages):
if pargs.wpcli: if pargs.wpcli:
WOFileUtils.remove(self, ['/usr/local/bin/wp']) WOFileUtils.rm(self, '/usr/local/bin/wp')
if pargs.netdata: if pargs.netdata:
WOFileUtils.remove(self, ['/var/lib/wo/tmp/kickstart.sh']) WOFileUtils.rm(self, '/var/lib/wo/tmp/kickstart.sh')
if pargs.dashboard:
WOFileUtils.rm(self, '/var/www/22222/htdocs/index.php')
Log.debug(self, "Downloading following: {0}".format(packages)) Log.debug(self, "Downloading following: {0}".format(packages))
WODownload.download(self, packages) WODownload.download(self, packages)
@@ -201,6 +221,15 @@ class WOStackUpgradeController(CementBaseController):
"kickstart.sh " "kickstart.sh "
"--dont-wait") "--dont-wait")
if pargs.dashboard:
Log.debug(self, "Extracting wo-dashboard.tar.gz "
"to location {0}22222/htdocs/"
.format(WOVariables.wo_webroot))
WOExtract.extract(self, '/var/lib/wo/tmp/'
'wo-dashboard.tar.gz',
'{0}22222/htdocs'
.format(WOVariables.wo_webroot))
if pargs.composer: if pargs.composer:
Log.info(self, "Upgrading Composer, please wait...") Log.info(self, "Upgrading Composer, please wait...")
WOShellExec.cmd_exec(self, "php -q /var/lib/wo" WOShellExec.cmd_exec(self, "php -q /var/lib/wo"

267
wo/cli/templates/nginx-core.mustache
View File

@@ -1,143 +1,124 @@
user www-data; user www-data;
worker_processes auto; worker_processes auto;
worker_cpu_affinity auto; worker_cpu_affinity auto;
worker_rlimit_nofile 100000; worker_rlimit_nofile 100000;
pid /run/nginx.pid; pid /run/nginx.pid;
pcre_jit on; pcre_jit on;
events { events {
multi_accept on; multi_accept on;
worker_connections 50000; worker_connections 50000;
accept_mutex on; accept_mutex on;
use epoll; use epoll;
} }
http { http {
##
# WordOps Settings ##
## # WordOps Settings
##
sendfile on;
sendfile_max_chunk 512k; # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
tcp_nopush on; aio threads;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 8; reset_timedout_connection on;
keepalive_requests 500; more_set_headers "X-Powered-By : WordOps";
keepalive_disable msie6;
# Limit Request
lingering_time 20s; limit_req_status 403;
lingering_timeout 5s; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ # Proxy Settings
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio # set_real_ip_from proxy-server-ip;
aio threads; # real_ip_header X-Forwarded-For;
server_tokens off; fastcgi_read_timeout 300;
reset_timedout_connection on; client_max_body_size 100m;
more_set_headers "X-Powered-By : WordOps";
# ngx_vts_module
open_file_cache max=50000 inactive=60s; vhost_traffic_status_zone;
open_file_cache_errors off;
open_file_cache_min_uses 2; # tls dynamic records patch directive
open_file_cache_valid 120s; ssl_dyn_rec_enable on;
open_log_file_cache max=10000 inactive=30s min_uses=2;
##
# Limit Request # SSL Settings
limit_req_status 403; ##
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
ssl_session_timeout 1d;
# Proxy Settings ssl_session_cache shared:SSL:50m;
# set_real_ip_from proxy-server-ip; ssl_session_tickets off;
# real_ip_header X-Forwarded-For; ssl_prefer_server_ciphers on;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
fastcgi_read_timeout 300; ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
client_max_body_size 100m; ssl_ecdh_curve X25519:P-521:P-384:P-256;
# Previous TLS v1.2 configuration
# ngx_vts_module {{^tls13}}ssl_protocols TLSv1.2;
vhost_traffic_status_zone; ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
# tls dynamic records patch directive # Common security headers
ssl_dyn_rec_enable on; more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
## more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
# SSL Settings more_set_headers "X-Download-Options : noopen";
##
# oscp settings
ssl_session_timeout 1d; resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
ssl_session_cache shared:SSL:50m; resolver_timeout 10;
ssl_session_tickets off; ssl_stapling on;
ssl_prefer_server_ciphers on;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; ##
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} # Basic Settings
ssl_ecdh_curve X25519:P-521:P-384:P-256; ##
# Previous TLS v1.2 configuration # server_names_hash_bucket_size 64;
{{^tls13}}ssl_protocols TLSv1.2; # server_name_in_redirect off;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
include /etc/nginx/mime.types;
# Common security headers default_type application/octet-stream;
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block"; ##
more_set_headers "X-Content-Type-Options : nosniff"; # Logging Settings
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; ##
more_set_headers "X-Download-Options : noopen";
access_log off;
# oscp settings error_log /var/log/nginx/error.log;
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
resolver_timeout 10; # Log format Settings
ssl_stapling on; log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
## '"$http_referer" "$http_user_agent" "$server_protocol"';
# Basic Settings
## ##
# server_names_hash_bucket_size 64; # Virtual Host Configs
# server_name_in_redirect off; ##
include /etc/nginx/mime.types; include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream; include /etc/nginx/sites-enabled/*;
}
##
# Logging Settings
## #mail {
# # See sample authentication script at:
access_log off; # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
error_log /var/log/nginx/error.log; #
# # auth_http localhost/auth.php;
# Log format Settings # # pop3_capabilities "TOP" "USER";
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' # # imap_capabilities "IMAP4rev1" "UIDPLUS";
'$http_host "$request" $status $body_bytes_sent ' #
'"$http_referer" "$http_user_agent" "$server_protocol"'; # server {
# listen localhost:110;
## # protocol pop3;
# Virtual Host Configs # proxy on;
## # }
#
include /etc/nginx/conf.d/*.conf; # server {
include /etc/nginx/sites-enabled/*; # listen localhost:143;
} # protocol imap;
# proxy on;
# }
#mail { #}
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

30
wo/cli/templates/tweaks.mustache Normal file
View File

@@ -0,0 +1,30 @@
# NGINX Tweaks - WO v3.9.8
directio 4m;
directio_alignment 512;
http2_max_field_size 16k;
http2_max_header_size 32k;
large_client_header_buffers 8 64k;
postpone_output 1460;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 8;
keepalive_requests 500;
keepalive_disable msie6;
lingering_time 20s;
lingering_timeout 5s;
open_file_cache max=50000 inactive=60s;
open_file_cache_errors off;
open_file_cache_min_uses 2;
open_file_cache_valid 120s;
open_log_file_cache max=10000 inactive=30s min_uses=2;

172
wo/cli/templates/upstream.mustache
View File

@@ -1,86 +1,86 @@
# NGINX UPSTREAM CONFIGURATION - WO v3.9.7 # NGINX UPSTREAM CONFIGURATION - WO v3.9.8
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
#------------------------------- #-------------------------------
# PHP 5.6 # PHP 5.6
#------------------------------- #-------------------------------
upstream php { upstream php {
server 127.0.0.1:{{php}}; server 127.0.0.1:{{php}};
} }
upstream debug { upstream debug {
server 127.0.0.1:{{debug}}; server 127.0.0.1:{{debug}};
} }
#------------------------------- #-------------------------------
# PHP 7.0 # PHP 7.0
#------------------------------- #-------------------------------
upstream php7 { upstream php7 {
server 127.0.0.1:{{php7}}; server 127.0.0.1:{{php7}};
} }
upstream debug7 { upstream debug7 {
# Debug Pool # Debug Pool
server 127.0.0.1:{{debug7}}; server 127.0.0.1:{{debug7}};
} }
#------------------------------- #-------------------------------
# PHP 7.2 # PHP 7.2
#------------------------------- #-------------------------------
# PHP 7.2 upstream with load-balancing on two unix sockets # PHP 7.2 upstream with load-balancing on two unix sockets
upstream php72 { upstream php72 {
least_conn; least_conn;
server unix:/var/run/php/php72-fpm.sock; server unix:/var/run/php/php72-fpm.sock;
server unix:/var/run/php/php72-two-fpm.sock; server unix:/var/run/php/php72-two-fpm.sock;
keepalive 5; keepalive 5;
} }
# PHP 7.2 debug # PHP 7.2 debug
upstream debug72 { upstream debug72 {
# Debug Pool # Debug Pool
server 127.0.0.1:9172; server 127.0.0.1:9172;
} }
#------------------------------- #-------------------------------
# PHP 7.3 # PHP 7.3
#------------------------------- #-------------------------------
# PHP 7.3 upstream with load-balancing on two unix sockets # PHP 7.3 upstream with load-balancing on two unix sockets
upstream php73 { upstream php73 {
least_conn; least_conn;
server unix:/var/run/php/php73-fpm.sock; server unix:/var/run/php/php73-fpm.sock;
server unix:/var/run/php/php73-two-fpm.sock; server unix:/var/run/php/php73-two-fpm.sock;
keepalive 5; keepalive 5;
} }
# PHP 7.3 debug # PHP 7.3 debug
upstream debug73 { upstream debug73 {
# Debug Pool # Debug Pool
server 127.0.0.1:9173; server 127.0.0.1:9173;
} }
#------------------------------- #-------------------------------
# Netdata # Netdata
#------------------------------- #-------------------------------
# Netdata Monitoring Upstream # Netdata Monitoring Upstream
upstream netdata { upstream netdata {
server 127.0.0.1:19999; server 127.0.0.1:19999;
keepalive 64; keepalive 64;
} }
#------------------------------- #-------------------------------
# Redis # Redis
#------------------------------- #-------------------------------
# Redis cache upstream # Redis cache upstream
upstream redis { upstream redis {
server 127.0.0.1:6379; server 127.0.0.1:6379;
keepalive 10; keepalive 10;
} }

27
wo/core/template.py Normal file
View File

@@ -0,0 +1,27 @@
from wo.core.logging import Log
import os
"""
Render Templates
"""
class WOTemplate():
def tmpl_render(self, fileconf, template, data, overwrite=False):
if overwrite:
Log.debug(self, 'Writting the configuration to '
'file {0}'.format(fileconf))
wo_template = open('{0}'.format(fileconf),
encoding='utf-8', mode='w')
self.app.render((data), '{0}'.format(template),
out=wo_template)
wo_template.close()
else:
if not os.path.isfile('{0}'.format(fileconf)):
Log.debug(self, 'Writting the configuration to '
'file {0}'.format(fileconf))
wo_template = open('{0}'.format(fileconf),
encoding='utf-8', mode='w')
self.app.render((data), '{0}'.format(template),
out=wo_template)
wo_template.close()

340
wo/core/variables.py
View File

@@ -1,170 +1,170 @@
"""WordOps core variable module""" """WordOps core variable module"""
import platform import platform
import socket import socket
import configparser import configparser
import os import os
import datetime import datetime
class WOVariables(): class WOVariables():
"""Intialization of core variables""" """Intialization of core variables"""
# WordOps version # WordOps version
wo_version = "3.9.8" wo_version = "3.9.8"
# WordOps packages versions # WordOps packages versions
wo_wp_cli = "2.2.0" wo_wp_cli = "2.2.0"
wo_adminer = "4.7.2" wo_adminer = "4.7.2"
wo_phpmyadmin = "4.9.0.1" wo_phpmyadmin = "4.9.0.1"
wo_extplorer = "2.1.13" wo_extplorer = "2.1.13"
wo_dashboard = "1.1" wo_dashboard = "1.1"
# Get WPCLI path # Get WPCLI path
wo_wpcli_path = '/usr/local/bin/wp' wo_wpcli_path = '/usr/local/bin/wp'
# Current date and time of System # Current date and time of System
wo_date = datetime.datetime.now().strftime('%d%b%Y%H%M%S') wo_date = datetime.datetime.now().strftime('%d%b%Y%H%M%S')
# WordOps core variables # WordOps core variables
wo_distro = os.popen("/usr/bin/lsb_release -si " wo_distro = os.popen("/usr/bin/lsb_release -si "
"| tr -d \'\\n\'").read().lower() "| tr -d \'\\n\'").read().lower()
wo_platform_version = platform.linux_distribution()[1] wo_platform_version = platform.linux_distribution()[1]
wo_platform_codename = os.popen( wo_platform_codename = os.popen(
"/usr/bin/lsb_release -sc | tr -d \'\\n\'").read() "/usr/bin/lsb_release -sc | tr -d \'\\n\'").read()
# Get timezone of system # Get timezone of system
if os.path.isfile('/etc/timezone'): if os.path.isfile('/etc/timezone'):
with open("/etc/timezone", "r") as tzfile: with open("/etc/timezone", "r") as tzfile:
wo_timezone = tzfile.read().replace('\n', '') wo_timezone = tzfile.read().replace('\n', '')
if wo_timezone == "Etc/UTC": if wo_timezone == "Etc/UTC":
wo_timezone = "UTC" wo_timezone = "UTC"
else: else:
wo_timezone = "Europe/Amsterdam" wo_timezone = "Europe/Amsterdam"
# Get FQDN of system # Get FQDN of system
wo_fqdn = socket.getfqdn() wo_fqdn = socket.getfqdn()
# WordOps default webroot path # WordOps default webroot path
wo_webroot = '/var/www/' wo_webroot = '/var/www/'
# WordOps default renewal SSL certificates path # WordOps default renewal SSL certificates path
wo_ssl_archive = '/etc/letsencrypt/renewal' wo_ssl_archive = '/etc/letsencrypt/renewal'
# WordOps default live SSL certificates path # WordOps default live SSL certificates path
wo_ssl_live = '/etc/letsencrypt/live' wo_ssl_live = '/etc/letsencrypt/live'
# PHP user # PHP user
wo_php_user = 'www-data' wo_php_user = 'www-data'
# Get git user name and EMail # Get git user name and EMail
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.read(os.path.expanduser("~")+'/.gitconfig') config.read(os.path.expanduser("~")+'/.gitconfig')
try: try:
wo_user = config['user']['name'] wo_user = config['user']['name']
wo_email = config['user']['email'] wo_email = config['user']['email']
except Exception: except Exception:
wo_user = input("Enter your name: ") wo_user = input("Enter your name: ")
wo_email = input("Enter your email: ") wo_email = input("Enter your email: ")
os.system("/usr/bin/git config --global user.name {0}".format(wo_user)) os.system("/usr/bin/git config --global user.name {0}".format(wo_user))
os.system( os.system(
"/usr/bin/git config --global user.email {0}".format(wo_email)) "/usr/bin/git config --global user.email {0}".format(wo_email))
# MySQL hostname # MySQL hostname
wo_mysql_host = "" wo_mysql_host = ""
config = configparser.RawConfigParser() config = configparser.RawConfigParser()
if os.path.exists('/etc/mysql/conf.d/my.cnf'): if os.path.exists('/etc/mysql/conf.d/my.cnf'):
cnfpath = "/etc/mysql/conf.d/my.cnf" cnfpath = "/etc/mysql/conf.d/my.cnf"
else: else:
cnfpath = os.path.expanduser("~")+"/.my.cnf" cnfpath = os.path.expanduser("~")+"/.my.cnf"
if [cnfpath] == config.read(cnfpath): if [cnfpath] == config.read(cnfpath):
try: try:
wo_mysql_host = config.get('client', 'host') wo_mysql_host = config.get('client', 'host')
except configparser.NoOptionError: except configparser.NoOptionError:
wo_mysql_host = "localhost" wo_mysql_host = "localhost"
else: else:
wo_mysql_host = "localhost" wo_mysql_host = "localhost"
# WordOps stack installation variables # WordOps stack installation variables
# Nginx repo and packages # Nginx repo and packages
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_nginx_repo = "ppa:wordops/nginx-wo" wo_nginx_repo = "ppa:wordops/nginx-wo"
elif wo_distro == 'debian': elif wo_distro == 'debian':
if wo_platform_codename == 'jessie': if wo_platform_codename == 'jessie':
wo_nginx_repo = ("deb http://download.opensuse.org" wo_nginx_repo = ("deb http://download.opensuse.org"
"/repositories/home:" "/repositories/home:"
"/virtubox:/WordOps/Debian_8.0/ /") "/virtubox:/WordOps/Debian_8.0/ /")
elif wo_platform_codename == 'stretch': elif wo_platform_codename == 'stretch':
wo_nginx_repo = ("deb http://download.opensuse.org" wo_nginx_repo = ("deb http://download.opensuse.org"
"/repositories/home:" "/repositories/home:"
"/virtubox:/WordOps/Debian_9.0/ /") "/virtubox:/WordOps/Debian_9.0/ /")
elif wo_platform_codename == 'buster': elif wo_platform_codename == 'buster':
wo_nginx_repo = ("deb http://download.opensuse.org" wo_nginx_repo = ("deb http://download.opensuse.org"
"/repositories/home:" "/repositories/home:"
"/virtubox:/WordOps/Debian_10/ /") "/virtubox:/WordOps/Debian_10/ /")
else: else:
wo_nginx_repo = ("deb http://download.opensuse.org/repositories/home:" wo_nginx_repo = ("deb http://download.opensuse.org/repositories/home:"
"/virtubox:/WordOps/Raspbian_9.0/ /") "/virtubox:/WordOps/Raspbian_9.0/ /")
wo_nginx = ["nginx-custom", "nginx-wo"] wo_nginx = ["nginx-custom", "nginx-wo"]
wo_nginx_key = '188C9FB063F0247A' wo_nginx_key = '188C9FB063F0247A'
# PHP repo and packages # PHP repo and packages
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_php_repo = "ppa:ondrej/php" wo_php_repo = "ppa:ondrej/php"
wo_php_key = '' wo_php_key = ''
else: else:
wo_php_repo = ( wo_php_repo = (
"deb https://packages.sury.org/php/ {codename} main" "deb https://packages.sury.org/php/ {codename} main"
.format(codename=wo_platform_codename)) .format(codename=wo_platform_codename))
wo_php_key = 'AC0E47584A7A714D' wo_php_key = 'AC0E47584A7A714D'
wo_php = ["php7.2-fpm", "php7.2-curl", "php7.2-gd", "php7.2-imap", wo_php = ["php7.2-fpm", "php7.2-curl", "php7.2-gd", "php7.2-imap",
"php7.2-readline", "php7.2-common", "php7.2-recode", "php7.2-readline", "php7.2-common", "php7.2-recode",
"php7.2-cli", "php7.2-mbstring", "php7.2-cli", "php7.2-mbstring",
"php7.2-bcmath", "php7.2-mysql", "php7.2-opcache", "php7.2-bcmath", "php7.2-mysql", "php7.2-opcache",
"php7.2-zip", "php7.2-xml", "php7.2-soap"] "php7.2-zip", "php7.2-xml", "php7.2-soap"]
wo_php73 = ["php7.3-fpm", "php7.3-curl", "php7.3-gd", "php7.3-imap", wo_php73 = ["php7.3-fpm", "php7.3-curl", "php7.3-gd", "php7.3-imap",
"php7.3-readline", "php7.3-common", "php7.3-recode", "php7.3-readline", "php7.3-common", "php7.3-recode",
"php7.3-cli", "php7.3-mbstring", "php7.3-cli", "php7.3-mbstring",
"php7.3-bcmath", "php7.3-mysql", "php7.3-opcache", "php7.3-bcmath", "php7.3-mysql", "php7.3-opcache",
"php7.3-zip", "php7.3-xml", "php7.3-soap"] "php7.3-zip", "php7.3-xml", "php7.3-soap"]
wo_php_extra = ["php-memcached", "php-imagick", wo_php_extra = ["php-memcached", "php-imagick",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"] "graphviz", "php-xdebug", "php-msgpack", "php-redis"]
# MySQL repo and packages # MySQL repo and packages
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_mysql_repo = ("deb [arch=amd64,ppc64el] " wo_mysql_repo = ("deb [arch=amd64,ppc64el] "
"http://sfo1.mirrors.digitalocean.com/mariadb/repo/" "http://sfo1.mirrors.digitalocean.com/mariadb/repo/"
"10.3/ubuntu {codename} main" "10.3/ubuntu {codename} main"
.format(codename=wo_platform_codename)) .format(codename=wo_platform_codename))
else: else:
wo_mysql_repo = ("deb [arch=amd64,ppc64el] " wo_mysql_repo = ("deb [arch=amd64,ppc64el] "
"http://sfo1.mirrors.digitalocean.com/mariadb/repo/" "http://sfo1.mirrors.digitalocean.com/mariadb/repo/"
"10.3/debian {codename} main" "10.3/debian {codename} main"
.format(codename=wo_platform_codename)) .format(codename=wo_platform_codename))
wo_mysql = ["mariadb-server", "percona-toolkit", "python3-mysqldb"] wo_mysql = ["mariadb-server", "percona-toolkit", "python3-mysqldb"]
wo_mysql_client = ["mariadb-client", "python3-mysqldb"] wo_mysql_client = ["mariadb-client", "python3-mysqldb"]
wo_fail2ban = ["fail2ban"] wo_fail2ban = ["fail2ban"]
# Redis repo details # Redis repo details
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_redis_repo = ("ppa:chris-lea/redis-server") wo_redis_repo = ("ppa:chris-lea/redis-server")
else: else:
wo_redis_repo = ("deb https://packages.sury.org/php/ {codename} all" wo_redis_repo = ("deb https://packages.sury.org/php/ {codename} all"
.format(codename=wo_platform_codename)) .format(codename=wo_platform_codename))
wo_redis = ['redis-server', 'php-redis'] wo_redis = ['redis-server', 'php-redis']
# Repo path # Repo path
wo_repo_file = "wo-repo.list" wo_repo_file = "wo-repo.list"
wo_repo_file_path = ("/etc/apt/sources.list.d/" + wo_repo_file) wo_repo_file_path = ("/etc/apt/sources.list.d/" + wo_repo_file)
# Application dabase file path # Application dabase file path
basedir = os.path.abspath(os.path.dirname('/var/lib/wo/')) basedir = os.path.abspath(os.path.dirname('/var/lib/wo/'))
wo_db_uri = 'sqlite:///' + os.path.join(basedir, 'dbase.db') wo_db_uri = 'sqlite:///' + os.path.join(basedir, 'dbase.db')
def __init__(self): def __init__(self):
pass pass