From 677f8b9482d365b215925fdadc8db8edfa641baf Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 11:44:34 +0200 Subject: [PATCH 01/14] Update wp-cli version --- wo/core/variables.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/core/variables.py b/wo/core/variables.py index 808395e..215a868 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -17,7 +17,7 @@ class WOVar(): # WordOps version wo_version = "3.15.2" # WordOps packages versions - wo_wp_cli = "2.6.0" + wo_wp_cli = "2.7.1" wo_adminer = "4.8.1" wo_phpmyadmin = "5.2.0" wo_extplorer = "2.1.13" From 9cad039fa0d816596dbe77e0cfc3b736c25ceb9d Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 11:45:09 +0200 Subject: [PATCH 02/14] Improve private prefetch proxy configuration --- wo/cli/templates/locations.mustache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache index 2edaaba..5c2deba 100644 --- a/wo/cli/templates/locations.mustache +++ b/wo/cli/templates/locations.mustache @@ -41,7 +41,7 @@ location /.well-known/acme-challenge/ { # https://developer.chrome.com/blog/private-prefetch-proxy/ location /.well-known/traffic-advice { types { } default_type "application/trafficadvice+json; charset=utf-8"; - alias /var/www/html/.well-known/traffic-advice; + return 200 "[\{\n \"user_agent\": \"prefetch-proxy\",\n \"google_prefetch_proxy_eap\": \{\n \"fraction\": 1.0\n \}\n\}]"; allow all; } # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files From b7a40234f3deb76964b5126ec916165b9260e64d Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 11:52:57 +0200 Subject: [PATCH 03/14] Fix netdata upgrade for old versions --- wo/cli/plugins/stack_upgrade.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 53a1b94..b0333b2 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -383,6 +383,15 @@ class WOStackUpgradeController(CementBaseController): "bash /var/lib/wo/tmp/kickstart.sh " "--dont-wait --no-updates --stable-channel", errormsg='', log=False) + if (os.path.exists('/opt/netdata') and + not os.path.exists( + '/opt/netdata/var/run/netdata/netdata.pid')): + WOShellExec.cmd_exec( + self, + 'bash /var/lib/wo/tmp/kickstart.sh ' + '--dont-wait --no-updates ' + '--stable-channel --reinstall-even-if-unsafe', + errormsg='', log=False) Log.valide(self, "Upgrading Netdata") if WOAptGet.is_selected(self, 'WordOps Dashboard', packages): From 7591d95d14373642f991e16f789a24ed75ec219d Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 12:39:39 +0200 Subject: [PATCH 04/14] Update Github Actions checkout --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 88477c4..b8033fc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: os: [ubuntu-20.04, ubuntu-18.04] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Prepare VM run: | unset LANG From 0bce503349316de8dee29b688688fa7a3be5c72c Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 12:47:23 +0200 Subject: [PATCH 05/14] Moving to redis official repository --- wo/cli/plugins/stack_pref.py | 15 +++++---------- wo/core/variables.py | 3 ++- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 988df46..4dfcc93 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -108,17 +108,12 @@ def pre_pref(self, apt_packages): WORepo.add_key(self, WOVar.wo_php_key) # add redis repository if set(WOVar.wo_redis).issubset(set(apt_packages)): - if WOVar.wo_distro == 'ubuntu': + if not WOFileUtils.grepcheck( + self, '/etc/apt/sources.list/wo-repo.list', + 'redis.io'): Log.info(self, "Adding repository for Redis, please wait...") - Log.debug(self, 'Adding ppa for redis') - WORepo.add(self, ppa=WOVar.wo_redis_repo) - else: - if not WOFileUtils.grepcheck( - self, '/etc/apt/sources.list/wo-repo.list', - 'WordOps'): - Log.info(self, "Adding repository for Redis, please wait...") - WORepo.add(self, repo_url=WOVar.wo_nginx_repo) - WORepo.add_key(self, WOVar.wo_nginx_key) + WORepo.add(self, repo_url=WOVar.wo_redis_repo) + WORepo.download_key(self, WOVar.wo_redis_key_url) # nano if 'nano' in apt_packages: diff --git a/wo/core/variables.py b/wo/core/variables.py index 215a868..b29f040 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -208,7 +208,8 @@ class WOVar(): "deb https://packages.sury.org/php/ {codename} main" .format(codename=wo_platform_codename)) wo_php_key = 'AC0E47584A7A714D' - wo_redis_repo = ("deb https://packages.sury.org/php/ {codename} all" + wo_redis_key_url = "https://packages.redis.io/gpg" + wo_redis_repo = ("deb https://packages.redis.io/deb {codename} main" .format(codename=wo_platform_codename)) wo_redis = ['redis-server'] From e7ce064baa42f77bda60007185f2eba782ed11f2 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 20 Oct 2022 12:55:51 +0200 Subject: [PATCH 06/14] Fix missing variable --- wo/core/variables.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wo/core/variables.py b/wo/core/variables.py index b29f040..b12dd41 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -200,7 +200,6 @@ class WOVar(): codename=wo_platform_codename)) if wo_distro == 'ubuntu': wo_php_repo = "ppa:ondrej/php" - wo_redis_repo = ("ppa:redislabs/redis") wo_goaccess_repo = ("ppa:alex-p/goaccess") else: @@ -208,9 +207,9 @@ class WOVar(): "deb https://packages.sury.org/php/ {codename} main" .format(codename=wo_platform_codename)) wo_php_key = 'AC0E47584A7A714D' - wo_redis_key_url = "https://packages.redis.io/gpg" - wo_redis_repo = ("deb https://packages.redis.io/deb {codename} main" - .format(codename=wo_platform_codename)) + wo_redis_key_url = "https://packages.redis.io/gpg" + wo_redis_repo = ("deb https://packages.redis.io/deb {codename} main" + .format(codename=wo_platform_codename)) wo_redis = ['redis-server'] From 785303bd26e6edb2d321703e233e22f2e3f36e1b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 14:50:53 +0200 Subject: [PATCH 07/14] Update CI install script --- CHANGELOG.md | 13 +++++++++++++ README.md | 7 +++---- install | 8 ++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09994fb..da21284 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,19 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### v3.16.0 - [Unreleased] +#### Changed + +- Install redis from official repository +- Redis version bump to 7.0.5 +- WP-CLI version bump to 2.7.1 +- Outdated Nginx directives removed by @nsgoyat +- Updated repository GPG Key + +#### Fixed + +- Netdata upgrade failure on old servers +- MariaDB service disabled after upgrade with `wo stack migrate --mariadb` + ### v3.15.2 - 2022-09-23 #### Added diff --git a/README.md b/README.md index b73b436..688e103 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ - **Easy to install** : One step automated installer with migration from EasyEngine v3 support - **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation -- **Custom Nginx build** : Nginx 1.22.0 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support -- **Up-to-date** : PHP 7.2, 7.3, 7.4, 8.0 & 8.1 - MariaDB 10.6 & Redis 6.0 +- **Custom Nginx build** : Nginx 1.22.1 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support +- **Up-to-date** : PHP 7.2, 7.3, 7.4, 8.0 & 8.1 - MariaDB 10.6 & Redis 7.0 - **Secured** : Hardened WordPress security with strict Nginx location directives - **Powerful** : Optimized Nginx configurations with multiple cache backends support - **SSL** : Domain, Subdomain & Wildcard Let's Encrypt SSL certificates with DNS API support @@ -87,8 +87,7 @@ Detailed Getting Started guide with additional installation methods can be found ### Standard WordPress sites ```bash -wo site create example.com --wp # install wordpress with PHP 7.3 without any page caching -wo site create example.com --wp --php80 # install wordpress with PHP 8.0 without any page caching +wo site create example.com --wp # install wordpress with PHP 8.0 without any page caching wo site create example.com --wp --php81 # install wordpress with PHP 8.1 without any page caching wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache wo site create example.com --wpredis # install wordpress + nginx redis_cache diff --git a/install b/install index 5f7ba7d..8f09b4c 100755 --- a/install +++ b/install @@ -519,6 +519,8 @@ wo_travis_install() { if [ "$wo_linux_distro" = "Debian" ] || [ "$wo_linux_distro" = "Raspbian" ]; then if [ "$wo_distro_codename" = "stretch" ]; then python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@1.4.y#egg=python-apt + elif [ "$wo_distro_codename" = "bullseye" ]; then + python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@2.2.1#egg=python-apt else python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@1.8.4.y#egg=python-apt fi @@ -527,8 +529,10 @@ wo_travis_install() { python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@2.0.0#egg=python-apt elif [ "$wo_distro_codename" = "bionic" ]; then python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@1.6.y#egg=python-apt + elif [ "$wo_distro_codename" = "jammy" ]; then + python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@2.2.1#egg=python-apt else - python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@1.1.0_beta1ubuntu0.16.04.9#egg=python-apt + python3 -m pip install git+https://salsa.debian.org/apt-team/python-apt.git@1.1.y-xenial#egg=python-apt fi fi fi @@ -793,7 +797,7 @@ wo_php_fix() { wo_git_secure_path() { if ! grep -q "safe" ~/.gitconfig; then - echo -e "\n[safe]\n directory = *" >> ~/.gitconfig + echo -e "\n[safe]\n directory = *" >>~/.gitconfig fi } From 835ad7c3a1c0472c24f2e43391c618c57e94af22 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 14:51:11 +0200 Subject: [PATCH 08/14] Add Ubuntu 22.04 to testing --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b8033fc..2c995d9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-20.04, ubuntu-18.04] + os: [ubuntu-20.04, ubuntu-18.04, ubuntu-22.04] steps: - uses: actions/checkout@v3 From f867e8ee33ec49c344502c7a5482fb5c1bad2644 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 14:52:32 +0200 Subject: [PATCH 09/14] Format README --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 688e103..e39a04d 100644 --- a/README.md +++ b/README.md @@ -87,13 +87,13 @@ Detailed Getting Started guide with additional installation methods can be found ### Standard WordPress sites ```bash -wo site create example.com --wp # install wordpress with PHP 8.0 without any page caching -wo site create example.com --wp --php81 # install wordpress with PHP 8.1 without any page caching -wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache -wo site create example.com --wpredis # install wordpress + nginx redis_cache -wo site create example.com --wprocket # install wordpress with WP-Rocket plugin -wo site create example.com --wpce # install wordpress with Cache-enabler plugin -wo site create example.com --wpsc # install wordpress with wp-super-cache plugin +wo site create example.com --wp # install wordpress with PHP 8.0 without any page caching +wo site create example.com --wp --php81 # install wordpress with PHP 8.1 without any page caching +wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache +wo site create example.com --wpredis # install wordpress + nginx redis_cache +wo site create example.com --wprocket # install wordpress with WP-Rocket plugin +wo site create example.com --wpce # install wordpress with Cache-enabler plugin +wo site create example.com --wpsc # install wordpress with wp-super-cache plugin ``` ### WordPress multisite with subdirectory From ff05988a97cbf078bdb0ea714a708159daaf178b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 15:01:51 +0200 Subject: [PATCH 10/14] Fix proftpd install on Ubuntu 22.04 --- wo/cli/plugins/stack_pref.py | 20 +--- wo/cli/templates/proftpd.mustache | 191 ++++++++++++++++++++++++++++++ 2 files changed, 195 insertions(+), 16 deletions(-) create mode 100644 wo/cli/templates/proftpd.mustache diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 4dfcc93..83600dd 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -1395,18 +1395,10 @@ def post_pref(self, apt_packages, packages, upgrade=False): msg="Adding ProFTPd into Git") if os.path.isfile("/etc/proftpd/proftpd.conf"): Log.debug(self, "Setting up Proftpd configuration") - WOFileUtils.searchreplace( - self, "/etc/proftpd/proftpd.conf", - "# DefaultRoot", "DefaultRoot") - WOFileUtils.searchreplace( - self, "/etc/proftpd/proftpd.conf", - "# RequireValidShell", "RequireValidShell") - WOFileUtils.searchreplace( - self, "/etc/proftpd/proftpd.conf", - "# PassivePorts " - "49152 65534", - "PassivePorts " - " 49000 50000") + data = dict() + WOTemplate.deploy(self, + '/etc/proftpd/proftpd.conf', + 'proftpd.mustache', data) # proftpd TLS configuration if not os.path.isdir("/etc/proftpd/ssl"): WOFileUtils.mkdir(self, "/etc/proftpd/ssl") @@ -1416,10 +1408,6 @@ def post_pref(self, apt_packages, packages, upgrade=False): data = dict() WOTemplate.deploy(self, '/etc/proftpd/tls.conf', 'proftpd-tls.mustache', data) - WOFileUtils.searchreplace(self, "/etc/proftpd/" - "proftpd.conf", - "#Include /etc/proftpd/tls.conf", - "Include /etc/proftpd/tls.conf") WOService.restart_service(self, 'proftpd') if os.path.isfile('/etc/ufw/ufw.conf'): diff --git a/wo/cli/templates/proftpd.mustache b/wo/cli/templates/proftpd.mustache new file mode 100644 index 0000000..2d87c9f --- /dev/null +++ b/wo/cli/templates/proftpd.mustache @@ -0,0 +1,191 @@ +# +# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. +# To really apply changes, reload proftpd after modifications, if +# it runs in daemon mode. It is not required in inetd/xinetd mode. +# + +# Includes DSO modules +Include /etc/proftpd/modules.conf + +# Set off to disable IPv6 support which is annoying on IPv4 only boxes. +UseIPv6 off +# If set on you can experience a longer connection delay in many cases. +IdentLookups off + +ServerName "Debian" +# Set to inetd only if you would run proftpd by inetd/xinetd. +# Read README.Debian for more information on proper configuration. +ServerType standalone +DeferWelcome off + +MultilineRFC2228 on +DefaultServer on +ShowSymlinks on + +TimeoutNoTransfer 600 +TimeoutStalled 600 +TimeoutIdle 1200 + +DisplayLogin welcome.msg +DisplayChdir .message true +ListOptions "-l" + +DenyFilter \*.*/ + +# Use this to jail all users in their homes +DefaultRoot ~ + +# Users require a valid shell listed in /etc/shells to login. +# Use this directive to release that constrain. +RequireValidShell off + +# Port 21 is the standard FTP port. +Port 21 + +# In some cases you have to specify passive ports range to by-pass +# firewall limitations. Ephemeral ports can be used for that, but +# feel free to use a more narrow range. +PassivePorts 49000 50000 + +# If your host was NATted, this option is useful in order to +# allow passive tranfers to work. You have to use your public +# address and opening the passive ports used on your firewall as well. +# MasqueradeAddress 1.2.3.4 + +# This is useful for masquerading address with dynamic IPs: +# refresh any configured MasqueradeAddress directives every 8 hours + +# DynMasqRefresh 28800 + + +# To prevent DoS attacks, set the maximum number of child processes +# to 30. If you need to allow more than 30 concurrent connections +# at once, simply increase this value. Note that this ONLY works +# in standalone mode, in inetd mode you should use an inetd server +# that allows you to limit maximum number of processes per service +# (such as xinetd) +MaxInstances 30 + +# Set the user and group that the server normally runs at. +User proftpd +Group nogroup + +# Umask 022 is a good standard umask to prevent new files and dirs +# (second parm) from being group and world writable. +Umask 022 022 +# Normally, we want files to be overwriteable. +AllowOverwrite on + +# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: +# PersistentPasswd off + +# This is required to use both PAM-based authentication and local passwords +# AuthOrder mod_auth_pam.c* mod_auth_unix.c + +# Be warned: use of this directive impacts CPU average load! +# Uncomment this if you like to see progress and transfer rate with ftpwho +# in downloads. That is not needed for uploads rates. +# +UseSendFile off + +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + +# Logging onto /var/log/lastlog is enabled but set to off by default +#UseLastlog on + +# In order to keep log file dates consistent after chroot, use timezone info +# from /etc/localtime. If this is not set, and proftpd is configured to +# chroot (e.g. DefaultRoot or ), it will use the non-daylight +# savings timezone regardless of whether DST is in effect. +#SetEnv TZ :/etc/localtime + + +QuotaEngine off + + + +Ratios off + + + +# Delay engine reduces impact of the so-called Timing Attack described in +# http://www.securityfocus.com/bid/11430/discuss +# It is on by default. + +DelayEngine on + + + +ControlsEngine off +ControlsMaxClients 2 +ControlsLog /var/log/proftpd/controls.log +ControlsInterval 5 +ControlsSocket /var/run/proftpd/proftpd.sock + + + +AdminControlsEngine off + + +# +# Alternative authentication frameworks +# +#Include /etc/proftpd/ldap.conf +#Include /etc/proftpd/sql.conf + +# +# This is used for FTPS connections +# +Include /etc/proftpd/tls.conf + +# +# Useful to keep VirtualHost/VirtualRoot directives separated +# +#Include /etc/proftpd/virtuals.conf + +# A basic anonymous configuration, no upload directories. + +# +# User ftp +# Group nogroup +# # We want clients to be able to login with "anonymous" as well as "ftp" +# UserAlias anonymous ftp +# # Cosmetic changes, all files belongs to ftp user +# DirFakeUser on ftp +# DirFakeGroup on ftp +# +# RequireValidShell off +# +# # Limit the maximum number of anonymous logins +# MaxClients 10 +# +# # We want 'welcome.msg' displayed at login, and '.message' displayed +# # in each newly chdired directory. +# DisplayLogin welcome.msg +# DisplayChdir .message +# +# # Limit WRITE everywhere in the anonymous chroot +# +# +# DenyAll +# +# +# +# # Uncomment this if you're brave. +# # +# # # Umask 022 is a good standard umask to prevent new files and dirs +# # # (second parm) from being group and world writable. +# # Umask 022 022 +# # +# # DenyAll +# # +# # +# # AllowAll +# # +# # +# +# + +# Include other custom configuration files +Include /etc/proftpd/conf.d/ From 508debb930740233a260bf0238a3ad929dbb2283 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 16:00:17 +0200 Subject: [PATCH 11/14] Cleanup proftpd configuration and fix modules --- CHANGELOG.md | 1 + wo/cli/templates/proftpd-tls.mustache | 2 + wo/cli/templates/proftpd.mustache | 65 +++------------------------ 3 files changed, 9 insertions(+), 59 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da21284..de6b49c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Netdata upgrade failure on old servers - MariaDB service disabled after upgrade with `wo stack migrate --mariadb` +- Proftpd install on Ubuntu 22.04 ### v3.15.2 - 2022-09-23 diff --git a/wo/cli/templates/proftpd-tls.mustache b/wo/cli/templates/proftpd-tls.mustache index e4290e0..99fcf9a 100644 --- a/wo/cli/templates/proftpd-tls.mustache +++ b/wo/cli/templates/proftpd-tls.mustache @@ -4,6 +4,8 @@ TLSEngine on TLSRequired on TLSLog /var/log/proftpd/tls.log +TLSDHParamFile /etc/proftpd/dhparams.pem + # intermediate configuration from ssl-config.mozilla.org TLSProtocol TLSv1.2 TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 diff --git a/wo/cli/templates/proftpd.mustache b/wo/cli/templates/proftpd.mustache index 2d87c9f..d708a69 100644 --- a/wo/cli/templates/proftpd.mustache +++ b/wo/cli/templates/proftpd.mustache @@ -2,7 +2,7 @@ # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. -# +# # Includes DSO modules Include /etc/proftpd/modules.conf @@ -10,8 +10,9 @@ Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off # If set on you can experience a longer connection delay in many cases. + IdentLookups off - + ServerName "Debian" # Set to inetd only if you would run proftpd by inetd/xinetd. # Read README.Debian for more information on proper configuration. @@ -32,7 +33,7 @@ ListOptions "-l" DenyFilter \*.*/ -# Use this to jail all users in their homes +# Use this to jail all users in their homes DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. @@ -98,7 +99,7 @@ SystemLog /var/log/proftpd/proftpd.log # from /etc/localtime. If this is not set, and proftpd is configured to # chroot (e.g. DefaultRoot or ), it will use the non-daylight # savings timezone regardless of whether DST is in effect. -#SetEnv TZ :/etc/localtime +SetEnv TZ :/etc/localtime QuotaEngine off @@ -111,7 +112,7 @@ Ratios off # Delay engine reduces impact of the so-called Timing Attack described in # http://www.securityfocus.com/bid/11430/discuss -# It is on by default. +# It is on by default. DelayEngine on @@ -128,64 +129,10 @@ ControlsSocket /var/run/proftpd/proftpd.sock AdminControlsEngine off -# -# Alternative authentication frameworks -# -#Include /etc/proftpd/ldap.conf -#Include /etc/proftpd/sql.conf -# # This is used for FTPS connections # Include /etc/proftpd/tls.conf -# -# Useful to keep VirtualHost/VirtualRoot directives separated -# -#Include /etc/proftpd/virtuals.conf - -# A basic anonymous configuration, no upload directories. - -# -# User ftp -# Group nogroup -# # We want clients to be able to login with "anonymous" as well as "ftp" -# UserAlias anonymous ftp -# # Cosmetic changes, all files belongs to ftp user -# DirFakeUser on ftp -# DirFakeGroup on ftp -# -# RequireValidShell off -# -# # Limit the maximum number of anonymous logins -# MaxClients 10 -# -# # We want 'welcome.msg' displayed at login, and '.message' displayed -# # in each newly chdired directory. -# DisplayLogin welcome.msg -# DisplayChdir .message -# -# # Limit WRITE everywhere in the anonymous chroot -# -# -# DenyAll -# -# -# -# # Uncomment this if you're brave. -# # -# # # Umask 022 is a good standard umask to prevent new files and dirs -# # # (second parm) from being group and world writable. -# # Umask 022 022 -# # -# # DenyAll -# # -# # -# # AllowAll -# # -# # -# -# - # Include other custom configuration files Include /etc/proftpd/conf.d/ From ee8f426b6bab52d641fddb69f9cad849b73a7d54 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 16:25:48 +0200 Subject: [PATCH 12/14] Include ftp ports in ufw config --- install | 2 +- wo/cli/templates/ufw.mustache | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/install b/install index 8f09b4c..9612417 100755 --- a/install +++ b/install @@ -732,7 +732,7 @@ wo_woconf() { echo -e '\n[letsencrypt]\n\nkeylength = "ec-384"' >>/etc/wo/wo.conf fi if ! grep -q "php" /etc/wo/wo.conf; then - echo -e '\n[php]\n\nversion = 7.4' >>/etc/wo/wo.conf + echo -e '\n[php]\n\nversion = 8.0' >>/etc/wo/wo.conf fi fi } diff --git a/wo/cli/templates/ufw.mustache b/wo/cli/templates/ufw.mustache index f64fc39..bc4b684 100644 --- a/wo/cli/templates/ufw.mustache +++ b/wo/cli/templates/ufw.mustache @@ -46,6 +46,13 @@ wo_ufw_setup() { # wordops backend ufw limit 22222 fi + + # allow proftpd port if installed + if [ -f /etc/proftpd/proftpd.conf ]; then + ufw limit 21 + ufw allow 49000:50000/tcp + fi + # enable ufw if [ -n "$CURRENT_SSH_PORT" ]; then ufw --force enable From 917f13d708e39d04ee5fe2c6c44417868dc23876 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 17:04:31 +0200 Subject: [PATCH 13/14] Fix typo in proftpd config --- wo/cli/templates/proftpd-tls.mustache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/templates/proftpd-tls.mustache b/wo/cli/templates/proftpd-tls.mustache index 99fcf9a..dd31eaf 100644 --- a/wo/cli/templates/proftpd-tls.mustache +++ b/wo/cli/templates/proftpd-tls.mustache @@ -10,7 +10,7 @@ TLSDHParamFile /etc/proftpd/dhparams.pem TLSProtocol TLSv1.2 TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 TLSServerCipherPreference off -TLSessionTickets off +TLSSessionTickets off TLSOptions NoCertRequest AllowClientRenegotiations NoSessionReuseRequired TLSRSACertificateFile /etc/proftpd/ssl/proftpd.crt From 873b70c8d548f6ab63de01c30103849a9ce1570b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 24 Oct 2022 17:06:13 +0200 Subject: [PATCH 14/14] Prepare for release 3.15.3 --- CHANGELOG.md | 11 +++++++++-- README.md | 9 ++++----- install | 2 +- setup.py | 2 +- wo/core/variables.py | 2 +- 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index de6b49c..7acba3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,19 +8,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### v3.16.0 - [Unreleased] +### v3.15.3 - 2022-10-24 + +#### Added + +- Support for Debian 10/11 + #### Changed - Install redis from official repository - Redis version bump to 7.0.5 - WP-CLI version bump to 2.7.1 -- Outdated Nginx directives removed by @nsgoyat +- Remove outdated Nginx directives - Updated repository GPG Key +- UFW stack detect proftpd during install #### Fixed - Netdata upgrade failure on old servers - MariaDB service disabled after upgrade with `wo stack migrate --mariadb` -- Proftpd install on Ubuntu 22.04 +- Proftpd install on Ubuntu 22.04 and Debian 11 ### v3.15.2 - 2022-09-23 diff --git a/README.md b/README.md index e39a04d..a837665 100644 --- a/README.md +++ b/README.md @@ -66,11 +66,11 @@ #### Also compatible - Debian 10 (Buster) -- Raspbian 10 (Buster) +- Debian 11 (Bullseye) #### For testing purpose only -- Debian 11 (Bullseye) +- Raspbian 10 (Buster) - Raspbian 11 (Bullseye) ## Getting Started @@ -124,10 +124,9 @@ wo site create example.com --wpsubdomain --wpce # install wpmu-subdomain + C wo site create example.com --html # create example.com for static/html sites wo site create example.com --php # create example.com with php 8.0 support wo site create example.com --php80 # create example.com with php 8.0 support -wo site create example.com --php74 # create example.com with php 7.4 support +wo site create example.com --php81 # create example.com with php 8.1 support wo site create example.com --mysql # create example.com with php 8.0 & mysql support wo site create example.com --mysql --php81 # create example.com with php 8.1 & mysql support -wo site create example.com --mysql --php73 # create example.com with php 7.3 & mysql support wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy ``` @@ -195,7 +194,7 @@ Third-party debian packages shipped with WordOps : - [Nginx-wo by WordOps](https://build.opensuse.org/package/show/home:virtubox:WordOps/nginx) - [PHP by Ondřej Surý](https://launchpad.net/~ondrej/+archive/ubuntu/php) -- [Redis by Chris Lea](https://launchpad.net/~chris-lea/+archive/ubuntu/redis-server) +- [Redis](https://redis.io/docs/getting-started/installation/install-redis-on-linux/) WordPress Cache Plugins supported by WordOps : diff --git a/install b/install index 9612417..c19a950 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo -E bash wo # ------------------------------------------------------------------------- -# Version 3.15.2 - 2022-09-23 +# Version 3.15.3 - 2022-10-24 # ------------------------------------------------------------------------- # CONTENTS diff --git a/setup.py b/setup.py index 9c87f06..c6195f9 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ if os.geteuid() == 0: os.makedirs('/var/lib/wo/tmp/') setup(name='wordops', - version='3.15.2', + version='3.15.3', description='An essential toolset that eases server administration', long_description=LONG, long_description_content_type='text/markdown', diff --git a/wo/core/variables.py b/wo/core/variables.py index b12dd41..596a173 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -15,7 +15,7 @@ class WOVar(): """Intialization of core variables""" # WordOps version - wo_version = "3.15.2" + wo_version = "3.15.3" # WordOps packages versions wo_wp_cli = "2.7.1" wo_adminer = "4.8.1"