From 1950764dc80b1a3d8ee976eccf5a9d9f70dceeba Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 22 Sep 2019 14:11:12 +0200 Subject: [PATCH] Updating WordOps dashboard --- CHANGELOG.md | 4 + config/bash_completion.d/wo_auto.rc | 4 +- wo/cli/plugins/stack_config.py | 51 ---------- wo/cli/plugins/stack_pref.py | 7 +- wo/cli/plugins/stack_upgrade.py | 34 ++++--- wo/cli/templates/nextcloud.mustache | 147 +++++++++++++--------------- wo/core/variables.py | 2 +- 7 files changed, 98 insertions(+), 151 deletions(-) delete mode 100644 wo/cli/plugins/stack_config.py diff --git a/CHANGELOG.md b/CHANGELOG.md index cd9cd5b..f91bfad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### v3.9.x - [Unreleased] +#### Changed + +- [APP] WordOps dashboard updated to v1.2. Shipped as a html file, it can be used without PHP stack + #### Fixed - `wo stack purge --all` failure if mysql isn't installed diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index db3df87..f9bd70b 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -269,9 +269,9 @@ _wo_complete() "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--redis | --phpredisadmin | --netdata") if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then - retlist="--web --admin --security --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --phpredisadmin --netdata -f --force" + retlist="--web --admin --security --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --phpredisadmin --netdata --force" elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then - retlist="--nginx --php --php73 --mysql --redis --netdata" + retlist="--nginx --php --php73 --mysql --redis --netdata --fail2ban" elif [[ "${COMP_WORDS[1]}" == "debug" ]]; then retlist="--start --nginx --php --php73 --fpm --fpm7 --mysql -i --interactive -stop --import-slow-log --import-slow-log-interval= -" if [[ $prev == '--mysql' ]]; then diff --git a/wo/cli/plugins/stack_config.py b/wo/cli/plugins/stack_config.py deleted file mode 100644 index e2e85a1..0000000 --- a/wo/cli/plugins/stack_config.py +++ /dev/null @@ -1,51 +0,0 @@ -import os -import shutil - -from cement.core import handler, hook -from cement.core.controller import CementBaseController, expose - -from wo.cli.plugins.stack_pref import post_pref, pre_pref -from wo.core.aptget import WOAptGet -from wo.core.download import WODownload -from wo.core.extract import WOExtract -from wo.core.fileutils import WOFileUtils -from wo.core.logging import Log -from wo.core.services import WOService -from wo.core.shellexec import WOShellExec -from wo.core.variables import WOVariables - - -class WOStackUpgradeController(CementBaseController): - class Meta: - label = 'config' - stacked_on = 'stack' - stacked_type = 'nested' - description = ('Upgrade stack safely') - arguments = [ - (['--nginx'], - dict(help='Upgrade all stack', action='store_true')), - (['--php'], - dict(help='Upgrade PHP 7.2 stack', action='store_true')), - (['--php73'], - dict(help='Upgrade PHP 7.3 stack', action='store_true')), - (['--mysql'], - dict(help='Upgrade MySQL stack', action='store_true')), - (['--wpcli'], - dict(help='Upgrade WPCLI', action='store_true')), - (['--redis'], - dict(help='Upgrade Redis', action='store_true')), - (['--netdata'], - dict(help='Upgrade Netdata', action='store_true')), - (['--dashboard'], - dict(help='Upgrade WordOps Dashboard', action='store_true')), - (['--composer'], - dict(help='Upgrade Composer', action='store_true')), - (['--phpmyadmin'], - dict(help='Upgrade phpMyAdmin', action='store_true')), - (['--no-prompt'], - dict(help="Upgrade Packages without any prompt", - action='store_true')), - (['--force'], - dict(help="Force Packages upgrade without any prompt", - action='store_true')), - ] diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 58c5770..aca2225 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -950,10 +950,11 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOService.restart_service(self, 'proftpd') # add rule for proftpd with UFW - if os.path.isdir('/etc/ufw'): + if WOFileUtils.grepcheck( + self, '/etc/ufw/ufw.conf', 'ENABLED=yes'): try: WOShellExec.cmd_exec( - self, "ufw allow 21") + self, "ufw limit 21") WOShellExec.cmd_exec( self, "ufw allow 49000:50000/tcp") WOShellExec.cmd_exec( @@ -1270,7 +1271,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): "| cut -d ' ' -f 2").read() if (wo_wan != 'eth0' and wo_wan != ''): WOFileUtils.searchreplace(self, - "{0}22222/htdocs/index.php" + "{0}22222/htdocs/index.html" .format(WOVariables.wo_webroot), "eth0", "{0}".format(wo_wan)) diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 6ea8107..77cbd28 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -148,7 +148,8 @@ class WOStackUpgradeController(CementBaseController): 'Netdata']] if pargs.dashboard: - if os.path.isfile('/var/www/22222/htdocs/index.php'): + if (os.path.isfile('/var/www/22222/htdocs/index.php') or + os.path.isfile('/var/www/22222/htdocs/index.html')): packages = packages + \ [["https://github.com/WordOps/wordops-dashboard/" "releases/download/v{0}/wordops-dashboard.tar.gz" @@ -233,7 +234,11 @@ class WOStackUpgradeController(CementBaseController): WOFileUtils.rm(self, '/var/lib/wo/tmp/kickstart.sh') if pargs.dashboard: - WOFileUtils.rm(self, '/var/www/22222/htdocs/index.php') + if os.path.isfile('/var/www/22222/htdocs/index.php'): + WOFileUtils.rm(self, '/var/www/22222/htdocs/index.php') + if os.path.isfile('/var/www/22222/htdocs/index.html'): + WOFileUtils.rm( + self, '/var/www/22222/htdocs/index.html') Log.debug(self, "Downloading following: {0}".format(packages)) WODownload.download(self, packages) @@ -256,20 +261,17 @@ class WOStackUpgradeController(CementBaseController): Log.valide(self, "Upgrading Netdata") if pargs.dashboard: - Log.debug(self, "Extracting wo-dashboard.tar.gz " - "to location {0}22222/htdocs/" - .format(WOVariables.wo_webroot)) - WOExtract.extract(self, '/var/lib/wo/tmp/' - 'wo-dashboard.tar.gz', - '{0}22222/htdocs' - .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, "{0}22222/htdocs" - .format(WOVariables.wo_webroot), - 'www-data', - 'www-data', recursive=True) + post_pref( + self, [], [["https://github.com/WordOps" + "/wordops-dashboard/" + "releases/download/v{0}/" + "wordops-dashboard.tar.gz" + .format(WOVariables.wo_dashboard), + "/var/lib/wo/tmp/wo-dashboard.tar.gz", + "WordOps Dashboard"]]) if pargs.composer: - Log.wait(self, "Upgrading Composer ") + Log.wait(self, "Upgrading Composer") WOShellExec.cmd_exec( self, "php -q /var/lib/wo" "/tmp/composer-install " @@ -280,7 +282,7 @@ class WOStackUpgradeController(CementBaseController): Log.valide(self, "Upgrading Composer ") if pargs.phpmyadmin: - Log.wait(self, "Upgrading phpMyAdmin ") + Log.wait(self, "Upgrading phpMyAdmin") WOExtract.extract(self, '/var/lib/wo/tmp/pma.tar.gz', '/var/lib/wo/tmp/') shutil.copyfile(('{0}22222/htdocs/db/pma' @@ -301,6 +303,6 @@ class WOStackUpgradeController(CementBaseController): .format(WOVariables.wo_webroot), 'www-data', 'www-data', recursive=True) - Log.valide(self, "Upgrading phpMyAdmin ") + Log.valide(self, "Upgrading phpMyAdmin") Log.info(self, "Successfully updated packages") diff --git a/wo/cli/templates/nextcloud.mustache b/wo/cli/templates/nextcloud.mustache index f907de7..48a7df1 100644 --- a/wo/cli/templates/nextcloud.mustache +++ b/wo/cli/templates/nextcloud.mustache @@ -1,82 +1,73 @@ # WordOps nextcloud configuration +add_header X-Robots-Tag none; +add_header X-Permitted-Cross-Domain-Policies none; +add_header Referrer-Policy no-referrer; +location = /robots.txt { + allow all; + log_not_found off; + access_log off; +} +location / { + rewrite ^ /index.php$request_uri; +} +location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; +} +location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; +} +location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; +# Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; +# Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass {{upstream}}; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; +} +location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; +} +# Adding the cache control header for js, css and map files +# Make sure it is BELOW the PHP block +location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; +# Add headers to serve security related headers (It is intended to +# have those duplicated to the ones above) +# Before enabling Strict-Transport-Security headers please read into +# this topic first. +#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; +# +# WARNING: Only add the preload option once you read about +# the consequences in https://hstspreload.org/. This option +# will add the domain to a hardcoded list that is shipped +# in all major browsers and getting removed from this list +# could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - location / { - rewrite ^ /index.php$request_uri; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass {{upstream}}; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } +# Optional: Don't log access to assets + access_log off; +} +location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { + try_files $uri /index.php$request_uri; +# Optional: Don't log access to other assets + access_log off; +} +# Enable gzip but do not remove ETag headers +gzip on; +gzip_vary on; +gzip_comp_level 4; +gzip_min_length 256; +gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; +gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; diff --git a/wo/core/variables.py b/wo/core/variables.py index aa39058..2db38dd 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -17,7 +17,7 @@ class WOVariables(): wo_adminer = "4.7.2" wo_phpmyadmin = "4.9.0.1" wo_extplorer = "2.1.13" - wo_dashboard = "1.1" + wo_dashboard = "1.2" # Get WPCLI path wo_wpcli_path = '/usr/local/bin/wp'