Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #661 from WordOps/updating-configuration

Browse Source 
Enable HTTP/3 QUIC
This commit is contained in:
VirtuBox
2024-06-10 22:40:07 +02:00
committed by GitHub
parent 5997e21b4b c10244bbf0
commit 1d61cbacf1
12 changed files with 662 additions and 602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1129
CHANGELOG.md
View File

File diff suppressed because it is too large Load Diff

4
README.md
View File

@@ -71,6 +71,10 @@
- Raspbian 10 (Buster)
- Raspbian 11 (Bullseye)
#### Not fully compatible yet
- Ubuntu 24.04 LTS (Noble)
## Getting Started
```bash

34
config/bash_completion.d/wo_auto.rc
View File

@@ -53,7 +53,7 @@ _wo_complete()
"info")
COMPREPLY=( $(compgen \
-W "--mysql --php --php72 --php73 --php74 --php80 --php81 --nginx" \
-W "--mysql --php --php74 --php80 --php81 --php82 --php83 --nginx" \
-- $cur) )
;;
@@ -74,22 +74,22 @@ _wo_complete()
# HANDLE EVERYTHING AFTER THE THIRD LEVEL NAMESPACE
"install" | "purge" | "remove" )
COMPREPLY=( $(compgen \
-W "--web --admin --security --nginx --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wpcli --phpmyadmin --adminer --utils --redis --phpredisadmin --composer --netdata --fail2ban --ufw --dashboard --proftpd --clamav --sendmail --ngxblocker --mysqlclient --mysqltuner --extplorer --nanorc --cheat --all --force" \
-W "--web --admin --security --nginx --php74 --php80 --php81 --php82 --php83 --mysql --wpcli --phpmyadmin --adminer --utils --redis --phpredisadmin --composer --netdata --fail2ban --ufw --dashboard --proftpd --clamav --sendmail --ngxblocker --mysqlclient --mysqltuner --extplorer --nanorc --cheat --brotli --all --force" \
-- $cur) )
;;
"upgrade" )
COMPREPLY=( $(compgen \
-W "--web --admin --utils --nginx --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --all --netdata --composer --phpmyadmin --adminer --dashboard --mysqltuner --wpcli --force" \
-W "--web --admin --utils --nginx --php74 --php80 --php81 --php82 --php83 --mysql --all --netdata --composer --phpmyadmin --adminer --dashboard --mysqltuner --wpcli --force" \
-- $cur) )
;;
"migrate")
COMPREPLY=( $(compgen \
-W "--mariadb --force" \
-W "--mariadb --nginx --force" \
-- $cur) )
;;
"start" | "stop" | "reload" | "restart" | "status")
COMPREPLY=( $(compgen \
-W "--nginx --php --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --redis --fail2ban --ufw --netdata -proftpd" \
-W "--nginx --php --php74 --php80 --php81 --php82 --php83 --mysql --redis --fail2ban --ufw --netdata -proftpd" \
-- $cur) )
;;
"list")
@@ -159,13 +159,13 @@ _wo_complete()
"create")
COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --alias --subsiteof --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-W "--user --pass --email --html --php --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --alias --subsiteof --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-- $cur) )
;;
"update")
COMPREPLY=( $(compgen \
-W "--password --php --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --alias --subsiteof -le -le=off --letsencrypt --letsencrypt=off --letsencrypt=clean -le=wildcard -le=clean --dns --dns=dns_cf --dns=dns_dgon --ngxblocker --ngxblocker=off" \
-W "--password --php --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --alias --subsiteof -le -le=off --letsencrypt --letsencrypt=off --letsencrypt=clean -le=wildcard -le=clean --dns --dns=dns_cf --dns=dns_dgon --ngxblocker --ngxblocker=off" \
-- $cur) )
;;
"delete")
@@ -211,9 +211,9 @@ _wo_complete()
"--wp")
if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php72 --php73 --php74 --php80 --php81 --php82 --php83"
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php74 --php80 --php81 --php82 --php83"
elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wp --wpfc --wpsc --php72 --php73 --php74 --php80 --php81 --php82 --php83 --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon"
retlist="--wp --wpfc --wpsc --php74 --php80 --php81 --php82 --php83 --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
retlist=""
fi
@@ -230,9 +230,9 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain")
if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php72 --php73 --php74 --php80 --php81 --php82 --php83 --dns --dns=dns_cf --dns=dns_dgon"
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php74 --php80 --php81 --php82 --php83 --dns --dns=dns_cf --dns=dns_dgon"
elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wpfc --wpsc --php72 --php73 --php74 --php80 --php81 --php82 --php83 --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
retlist="--wpfc --wpsc --php74 --php80 --php81 --php82 --php83 --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
retlist=""
fi
@@ -248,7 +248,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php72 --php73 --php74 --php80 --php81 --php82 --php83 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php74 --php80 --php81 --php82 --php83 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
retlist=""
fi
@@ -261,7 +261,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc")
if [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--password --php72 --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain -le --letsencrypt --dns --dns=dns_cf --dns=dns_dgon"
retlist="--password --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain -le --letsencrypt --dns --dns=dns_cf --dns=dns_dgon"
else
retlist=""| "--php82" | "--php83"
fi
@@ -272,11 +272,11 @@ _wo_complete()
-- $cur) )
;;
"--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--php74" | "--php80" | "--php81" | "--php82" | "--php83" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav" | "--dashboard")
"--web" | "--admin" | "--nginx" | "--php" | "--php74" | "--php80" | "--php81" | "--php82" | "--php83" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav" | "--dashboard")
if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then
retlist="--web --admin --security --nginx --php --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --ufw --phpredisadmin --netdata --force"
retlist="--web --admin --security --nginx --php --php74 --php80 --php81 --php82 --php83 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --ufw --phpredisadmin --netdata --force"
elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then
retlist="--nginx --php --php73 --php74 --php80 --php81 --php82 --php83 --mysql --redis --netdata --fail2ban --ufw"
retlist="--nginx --php --php74 --php80 --php81 --php82 --php83 --mysql --redis --netdata --fail2ban --ufw"
elif [[ "${COMP_WORDS[1]}" == "debug" ]]; then
retlist="--start --nginx --php --php73 --fpm --fpm7 --mysql -i --interactive -stop --import-slow-log --import-slow-log-interval= -"
if [[ $prev == '--mysql' ]]; then
@@ -363,7 +363,7 @@ _wo_complete()
case "$mprev" in
"--user" | "--email" | "--pass")
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --html --php --php73 --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
retlist="--user --pass --email --html --php --php74 --php80 --php81 --php82 --php83 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
fi
ret="${retlist[@]/$prev}"
COMPREPLY=( $(compgen \

7
install
View File

@@ -9,7 +9,7 @@
# -------------------------------------------------------------------------
# wget -qO wo wops.cc && sudo -E bash wo
# -------------------------------------------------------------------------
# Version 3.21.0 - 2024-06-07
# Version 3.21.0 - 2024-06-10
# -------------------------------------------------------------------------
# CONTENTS
@@ -932,6 +932,11 @@ else
wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was successful!"
wo_lib_echo "Changelog is available on https://github.com/WordOps/WordOps/releases/tag/$wo_version_new"
echo
if [ "$wo_version_new" == "v3.21.0" ]; then
wo_lib_echo "To upgrade Nginx package and configuration for HTTP/3 QUIC, use the following command"
wo_lib_echo "wo stack migrate --nginx"
fi
echo
wo_lib_echo "To upgrade WordOps web stacks, you can use the command:"
wo_lib_echo_info "wo stack upgrade"
echo

46
wo/cli/plugins/stack_migrate.py
View File

@@ -9,7 +9,8 @@ from wo.core.logging import Log
from wo.core.mysql import WOMysql
from wo.core.shellexec import WOShellExec
from wo.core.variables import WOVar
from wo.core.apt_repo import WORepo
from wo.cli.plugins.sitedb import (getAllsites)
from wo.core.template import WOTemplate
class WOStackMigrateController(CementBaseController):
@@ -22,6 +23,9 @@ class WOStackMigrateController(CementBaseController):
(['--mariadb'],
dict(help="Migrate/Upgrade database to MariaDB",
action='store_true')),
(['--nginx'],
dict(help="Migrate Nginx TLS configuration to HTTP/3 QUIC",
action='store_true')),
(['--force'],
dict(help="Force Packages upgrade without any prompt",
action='store_true')),
@@ -34,11 +38,8 @@ class WOStackMigrateController(CementBaseController):
@expose(hide=True)
def migrate_mariadb(self, ci=False):
if WOMysql.mariadb_ping(self):
# Backup all database
WOMysql.backupAll(self, fulldump=True)
else:
Log.error(self, "Unable to connect to MariaDB")
# Backup all database
WOMysql.backupAll(self, fulldump=True)
# Check current MariaDB version
if (os.path.exists('/etc/apt/sources.list.d/wo-repo.list') and
@@ -99,10 +100,36 @@ class WOStackMigrateController(CementBaseController):
WOShellExec.cmd_exec(self, 'systemctl enable mariadb')
post_pref(self, WOVar.wo_mysql, [])
@expose(hide=True)
def migrate_nginx(self):
# Add Nginx repo
pre_pref(self, WOVar.wo_nginx)
# Install Nginx
Log.wait(self, "Updating apt-cache ")
WOAptGet.update(self)
Log.valide(self, "Updating apt-cache ")
Log.wait(self, "Upgrading Nginx ")
if WOAptGet.install(self, WOVar.wo_nginx):
Log.valide(self, "Upgrading Nginx ")
else:
Log.failed(self, "Upgrading Nginx ")
allsites = getAllsites(self)
for site in allsites:
if not site:
pass
if os.path.exists(f'/var/www/{site.sitename}/conf/nginx/ssl.conf'):
data = dict(ssl_live_path=WOVar.wo_ssl_live,
domain=site.sitename, quic=True)
WOTemplate.deploy(
self, f'/var/www/{site.sitename}/conf/nginx/ssl.conf',
'ssl.mustache', data, overwrite=True)
post_pref(self, WOVar.wo_nginx, [])
@expose(hide=True)
def default(self):
pargs = self.app.pargs
if not pargs.mariadb:
if not pargs.mariadb and not pargs.nginx:
self.app.args.print_help()
if pargs.mariadb:
if WOVar.wo_distro == 'raspbian':
@@ -128,3 +155,8 @@ class WOStackMigrateController(CementBaseController):
else:
Log.error(self, "Your current MySQL is not alive or "
"you allready installed MariaDB")
if pargs.nginx:
if os.path.exists('/usr/sbin/nginx'):
self.migrate_nginx()
else:
Log.error(self, "Unable to connect to MariaDB")

2
wo/cli/plugins/stack_pref.py
View File

@@ -126,7 +126,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
data = dict(tls13=True, release=WOVar.wo_version)
WOTemplate.deploy(self,
'/etc/nginx/nginx.conf',
'nginx-core.mustache', data)
'nginx-core.mustache', data, overwrite=True)
if not os.path.isfile('{0}/gzip.conf.disabled'.format(ngxcnf)):
data = dict(release=WOVar.wo_version)

2
wo/cli/templates/22222.mustache
View File

@@ -2,7 +2,7 @@
server {
listen {{port}} default_server ssl http2;
listen {{port}} default_server ssl;
access_log /var/log/nginx/22222.access.log rt_cache;
error_log /var/log/nginx/22222.error.log;

3
wo/cli/templates/nginx-core.mustache
View File

@@ -55,6 +55,9 @@ http {
proxy_set_header Early-Data $ssl_early_data;
ssl_early_data on;
# enable http/2
http2 on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

22
wo/cli/templates/ssl.mustache
View File

@@ -1,6 +1,22 @@
listen 443 ssl http2;
listen [::]:443 ssl http2;
{{#quic}}
# display http version used in header (optional)
more_set_headers "X-protocol : $server_protocol always";
# Advertise HTTP/3 QUIC support (required)
more_set_headers 'Alt-Svc h3=":$server_port"; ma=86400';
# enable [QUIC address validation](https://datatracker.ietf.org/doc/html/rfc9000#name-address-validation)
quic_retry on;
# Listen on port 443 with HTTP/3 QUIC
listen 443 quic;
listen [::]:443 quic;
# listen on port 443 with HTTP/2
listen 443 ssl;
listen [::]:443 ssl;
{{/quic}}
ssl_certificate {{ssl_live_path}}/{{domain}}/fullchain.pem;
ssl_certificate_key {{ssl_live_path}}/{{domain}}/key.pem;
ssl_trusted_certificate {{ssl_live_path}}/{{domain}}/ca.pem;
ssl_stapling_verify on;
ssl_stapling_verify on;

6
wo/core/acme.py
View File

@@ -141,7 +141,7 @@ class WOAcme:
.format(wo_domain_name)):
data = dict(ssl_live_path=WOVar.wo_ssl_live,
domain=wo_domain_name)
domain=wo_domain_name, quic=True)
WOTemplate.deploy(self,
'/var/www/{0}/conf/nginx/ssl.conf'
.format(wo_domain_name),
@@ -151,10 +151,10 @@ class WOAcme:
'/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with current cert")
data = dict(ssl_live_path=WOVar.wo_ssl_live,
domain=wo_domain_name)
domain=wo_domain_name, quic=False)
WOTemplate.deploy(self,
'/var/www/22222/conf/nginx/ssl.conf',
'ssl.mustache', data, overwrite=False)
'ssl.mustache', data, overwrite=True)
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")

7
wo/core/download.py
View File

@@ -21,18 +21,17 @@ class WODownload():
directory = os.path.dirname(filename)
if not os.path.exists(directory):
os.makedirs(directory)
Log.info(self, "Downloading {0:20}".format(pkg_name), end=' ')
Log.wait(self, "Downloading {0:20}".format(pkg_name))
with open(filename, "wb") as out_file:
req = requests.get(url, timeout=(5, 30))
if req.encoding is None:
req.encoding = 'utf-8'
out_file.write(req.content)
Log.info(self, "{0}".format("[" + Log.ENDC + "Done" +
Log.OKBLUE + "]"))
Log.valide(self, "Downloading {0:20}".format(pkg_name))
except requests.RequestException as e:
Log.debug(self, "[{err}]".format(err=str(e.reason)))
Log.error(self, "Unable to download file, {0}"
.format(filename))
.format(filename), exit=False)
return False
return 0

2
wo/core/variables.py
View File

@@ -178,7 +178,7 @@ class WOVar():
if wo_distro == 'raspbian':
mariadb_ver = '10.3'
else:
mariadb_ver = '10.11'
mariadb_ver = '11.4'
wo_mysql = wo_mysql + ["mariadb-backup"]
wo_mysql_client = ["mariadb-client", "python3-mysqldb"]