Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add proper nginx backup

Browse Source
This commit is contained in:
VirtuBox
2019-03-22 23:55:04 +01:00
parent 320f7ddb95
commit 16eb76ded3
1 changed files with 115 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
install
View File

@@ -7,10 +7,10 @@
# Copyright (c) 2019 - WordOps # Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T # This script is licensed under M.I.T
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.9.4 - 2019-03-15 # Version 3.9.4 - 2019-03-22
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
readonly wo_version_old="2.2.3" readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.4.2" readonly wo_version_new="3.9.4.3"
# CONTENTS # CONTENTS
# --- # ---
# 1. VARIABLES AND DECLARATIONS # 1. VARIABLES AND DECLARATIONS
@@ -27,20 +27,17 @@ TPUT_FAIL=$(tput setaf 1)
TPUT_INFO=$(tput setaf 7) TPUT_INFO=$(tput setaf 7)
TPUT_ECHO=$(tput setaf 4) TPUT_ECHO=$(tput setaf 4)
wo_lib_echo() { wo_lib_echo() {
echo "${TPUT_ECHO}${*}${TPUT_RESET}" echo "${TPUT_ECHO}${*}${TPUT_RESET}"
} }
wo_lib_echo_info() wo_lib_echo_info() {
{
echo "${TPUT_INFO}${*}${TPUT_RESET}" echo "${TPUT_INFO}${*}${TPUT_RESET}"
} }
wo_lib_echo_fail() wo_lib_echo_fail() {
{
echo "${TPUT_FAIL}${*}${TPUT_RESET}" echo "${TPUT_FAIL}${*}${TPUT_RESET}"
} }
@@ -49,8 +46,7 @@ wo_lib_echo_fail()
# 1 - Capture errors # 1 - Capture errors
### ###
wo_lib_error() wo_lib_error() {
{
echo "[ $(date) ] ${TPUT_FAIL}${*}${TPUT_RESET}" echo "[ $(date) ] ${TPUT_FAIL}${*}${TPUT_RESET}"
exit "$2" exit "$2"
} }
@@ -72,14 +68,14 @@ echo ""
# 1- Update the apt sewers with fresh info # 1- Update the apt sewers with fresh info
### ###
wo_lib_echo "Updating apt-get repository info" wo_lib_echo "Updating apt-get repository info"
apt-get update -qq &>> /dev/null apt-get update -qq
### ###
# 1- Check whether lsb_release is installed, and if not, install it # 1- Check whether lsb_release is installed, and if not, install it
### ###
if [ -z "$(command -v lsb_release)" ]; then if [ -z "$(command -v lsb_release)" ]; then
wo_lib_echo "Installing lsb-release, please wait..." wo_lib_echo "Installing lsb-release, please wait..."
apt-get -y install lsb-release &>> /dev/null apt-get -y install lsb-release -qq
fi fi
### ###
@@ -130,8 +126,7 @@ fi
### ###
# 2 - Setup the dependencies for installation # 2 - Setup the dependencies for installation
#### ####
wo_install_dep() wo_install_dep() {
{
{ {
if [ "$wo_linux_distro" == "Ubuntu" ]; then if [ "$wo_linux_distro" == "Ubuntu" ]; then
@@ -162,8 +157,7 @@ wo_install_dep()
### ###
# 3 - Create/migrate the essentials # 3 - Create/migrate the essentials
### ###
wo_sync_db() wo_sync_db() {
{
### ###
# Switching from EE -> WO # Switching from EE -> WO
### ###
@@ -208,8 +202,7 @@ wo_sync_db()
# Check site is enable/live or disable # Check site is enable/live or disable
AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)" AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)"
for site in $AV_SITES; for site in $AV_SITES; do
do
if [ -h "/etc/nginx/sites-enabled/$site" ]; then if [ -h "/etc/nginx/sites-enabled/$site" ]; then
wo_site_status='1' wo_site_status='1'
else else
@@ -270,7 +263,6 @@ wo_sync_db()
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
wo_lib_echo "Updating WordOps Database" wo_lib_echo "Updating WordOps Database"
echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db
@@ -280,15 +272,13 @@ wo_sync_db()
echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db
fi fi
# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
# echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db # echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db
fi fi
} }
# Once again, set the proper ACL on the WordOps configuration directory # Once again, set the proper ACL on the WordOps configuration directory
secure_wo_db() secure_wo_db() {
{
# The owner is root # The owner is root
chown -R root:root /var/lib/wo/ chown -R root:root /var/lib/wo/
@@ -298,8 +288,7 @@ secure_wo_db()
} }
# Update the WP-CLI version # Update the WP-CLI version
wo_update_wp_cli() wo_update_wp_cli() {
{
{ {
WP_CLI_PATH=$(command -v wp) WP_CLI_PATH=$(command -v wp)
if [ -n "$WP_CLI_PATH" ]; then if [ -n "$WP_CLI_PATH" ]; then
@@ -356,8 +345,7 @@ wo_install_acme_sh() {
} }
# Now, finally, let's install WordOps # Now, finally, let's install WordOps
wo_install() wo_install() {
{
{ {
rm -rf /tmp/easyengine rm -rf /tmp/easyengine
rm -rf /tmp/wordops rm -rf /tmp/wordops
@@ -369,17 +357,27 @@ wo_install()
git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet
cd /tmp/wordops || exit 1 cd /tmp/wordops || exit 1
} >> /var/log/wo/install.log 2>&1; } >> /var/log/wo/install.log 2>&1
python3 setup.py install python3 setup.py install
} }
wo_upgrade_nginx() wo_upgrade_nginx() {
{
{ {
if [ -d /var/lib/wo/backup/nginx ]; then
TIME_FORMAT='%d-%b-%Y-%H%M%S'
TIME=$(date +"$TIME_FORMAT")
BACKUP_FILE="/var/lib/wo/backup/nginx-backup.$TIME.tar.gz"
tar -I pigz "$BACKUP_FILE" /var/lib/wo/backup/nginx
rm -rf /var/lib/wo/backup/nginx
else
# backup nginx conf
mkdir -p /var/lib/wo/backup
rsync -az /etc/nginx/ /var/lib/wo/backup/nginx/
fi
# chec if the package nginx-ee is installed # chec if the package nginx-ee is installed
CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee)
@@ -402,10 +400,6 @@ wo_upgrade_nginx()
rm -f /tmp/nginx-wo.key rm -f /tmp/nginx-wo.key
sudo apt-get update sudo apt-get update
if [ -x /usr/sbin/nginx ] ; then
CHECK_BROTLI="$(nginx -V 2>&1 | grep brotli)"
if [ -z "$CHECK_BROTLI" ]; then
# stop nginx # stop nginx
service nginx stop service nginx stop
@@ -423,9 +417,6 @@ wo_upgrade_nginx()
apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge
fi fi
# install new nginx package # install new nginx package
if [ -x /usr/local/bin/wo ]; then if [ -x /usr/local/bin/wo ]; then
# remove previous php-fpm pool configuration # remove previous php-fpm pool configuration
@@ -446,8 +437,9 @@ wo_upgrade_nginx()
# update redis.conf headers # update redis.conf headers
if [ -f /etc/nginx/common/redis.conf ]; then if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf
fi fi
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
@@ -468,29 +460,24 @@ wo_upgrade_nginx()
[ -f "$HOME/nginx-block" ] && { [ -f "$HOME/nginx-block" ] && {
mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block
} }
fi
fi
} >> /var/log/wo/install.log 2>&1 } >> /var/log/wo/install.log 2>&1
} }
wo_update_latest() wo_update_latest() {
{
if [ -f /etc/nginx/fastcgi_params ] if [ -f /etc/nginx/fastcgi_params ]; then
then
grep -q 'HTTP_PROXY' /etc/nginx/fastcgi_params grep -q 'HTTP_PROXY' /etc/nginx/fastcgi_params
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi_params echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi_params
echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi.conf echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi.conf
service nginx restart &>> /dev/null service nginx restart
fi fi
fi fi
if [ -f /etc/ImageMagick/policy.xml ] if [ -f /etc/ImageMagick/policy.xml ]; then
then if [ ! -f /etc/ImageMagick/patch.txt ]; then
if [ ! -f /etc/ImageMagick/patch.txt ]
then
echo -e "\t<policy domain="coder" rights="none" pattern="EPHEMERAL" />\n\t<policy domain="coder" rights="none" pattern="URL" />\n\t<policy domain="coder" rights="none" pattern="HTTPS" />\n\t<policy domain="coder" rights="none" pattern="MVG" />\n\t<policy domain="coder" rights="none" pattern="MSL" />" >> /etc/ImageMagick/patch.txt echo -e "\t<policy domain="coder" rights="none" pattern="EPHEMERAL" />\n\t<policy domain="coder" rights="none" pattern="URL" />\n\t<policy domain="coder" rights="none" pattern="HTTPS" />\n\t<policy domain="coder" rights="none" pattern="MVG" />\n\t<policy domain="coder" rights="none" pattern="MSL" />" >> /etc/ImageMagick/patch.txt
sed -i '/<policymap>/r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml sed -i '/<policymap>/r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
fi fi
@@ -517,29 +504,31 @@ wo_update_latest()
chmod 600 /root/.my.cnf chmod 600 /root/.my.cnf
fi fi
fi fi
# Fix WordPress example.html issue # Fix WordPress example.html issue
# Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users # Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users
dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null dpkg --get-selections | grep -v deinstall | grep nginx
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf &>> /dev/null cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf
fi fi
# Fix Redis-server security issue # Fix Redis-server security issue
# http://redis.io/topics/security # http://redis.io/topics/security
if [ -f /etc/redis/redis.conf ]; then if [ -f /etc/redis/redis.conf ]; then
grep -0 -v "#" /etc/redis/redis.conf | grep 'bind' &>> /dev/null grep -0 -v "#" /etc/redis/redis.conf | grep 'bind'
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
sed -i '$ a bind 127.0.0.1' /etc/redis/redis.conf &>> /dev/null sed -i '$ a bind 127.0.0.1' /etc/redis/redis.conf &
service redis-server restart &>> /dev/null
service redis-server restart
fi fi
fi fi
} }
# Do git intialisation # Do git intialisation
wo_git_init() wo_git_init() {
{
# Nginx under git version control # Nginx under git version control
[ -d /etc/nginx ] && { [ -d /etc/nginx ] && {
cd /etc/nginx || exit 1 cd /etc/nginx || exit 1
@@ -575,7 +564,7 @@ wo_git_init()
# 1 - WO already installed # 1 - WO already installed
if [ -x /usr/local/bin/wo ]; then if [ -x /usr/local/bin/wo ]; then
wo -v 2>&1 | grep $wo_version_new &>> /dev/null wo -v 2>&1 | grep $wo_version_new
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
read -p "Update WordOps to $wo_version_new (y/n): " wo_ans read -p "Update WordOps to $wo_version_new (y/n): " wo_ans
if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then