Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use zstd compression instead of gzip

Browse Source 
* fix proftpd TLS version
This commit is contained in:
VirtuBox
2020-09-15 14:33:26 +02:00
parent dce6b111b0
commit 2fb7eb8c47
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -8,6 +8,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### v3.9.x - [Unreleased] ### v3.9.x - [Unreleased]
#### Changed
- Use zstd instead of pigz for archive compression
#### Fixed
- fail2ban install without Nginx
### v3.12.2 - 2020-05-15 ### v3.12.2 - 2020-05-15
#### Fixed #### Fixed

20
install
View File

@@ -140,9 +140,9 @@ wo_init_variables() {
readonly wo_install_log=/var/log/wo/install.log readonly wo_install_log=/var/log/wo/install.log
readonly TIME_FORMAT='%d-%b-%Y-%H%M%S' readonly TIME_FORMAT='%d-%b-%Y-%H%M%S'
readonly TIME=$(date +"$TIME_FORMAT") readonly TIME=$(date +"$TIME_FORMAT")
readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz" readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.zst"
readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.zst"
readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.zst"
if [ -x /usr/local/bin/ee ]; then if [ -x /usr/local/bin/ee ]; then
ee_migration=1 ee_migration=1
@@ -209,13 +209,13 @@ wo_install_dep() {
# install dependencies # install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3-pip python3-apt python3-dev sqlite3 git tar software-properties-common pigz \ build-essential curl gzip python3-pip python3-apt python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync apt-transport-https tree haveged ufw unattended-upgrades tzdata ntp >/dev/null 2>&1 gnupg2 cron ccze rsync apt-transport-https tree haveged ufw unattended-upgrades tzdata ntp zstd >/dev/null 2>&1
curl -sL https://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_18.04/Release.key | apt-key add - curl -sL https://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_18.04/Release.key | apt-key add -
else else
# install dependencies # install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip dirmngr sudo python3-pip python3-apt python3-dev ca-certificates sqlite3 git tar \ build-essential curl gzip dirmngr sudo python3-pip python3-apt python3-dev ca-certificates sqlite3 git tar \
software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp >/dev/null 2>&1 software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp zstd >/dev/null 2>&1
# add php repository gpg key # add php repository gpg key
[ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; } [ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; }
# add nginx repository gpg key # add nginx repository gpg key
@@ -224,7 +224,7 @@ wo_install_dep() {
locale-gen en locale-gen en
# enable unattended upgades # enable unattended upgades
if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then
cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades cp -f /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
fi fi
# upgrade pip # upgrade pip
python3 -m pip install --upgrade pip python3 -m pip install --upgrade pip
@@ -392,7 +392,7 @@ wo_install_acme_sh() {
if [ -x "$HOME/.acme.sh/acme.sh" ]; then if [ -x "$HOME/.acme.sh/acme.sh" ]; then
# backup acme.sh folder # backup acme.sh folder
/bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh" /bin/tar -I zstd -cf /var/lib/wo-backup/acme.sh.tar.zst "$HOME/.acme.sh"
# rsync previous certificates to new acme.sh location # rsync previous certificates to new acme.sh location
/usr/bin/rsync -rltgoDpz --exclude="account.conf" \ /usr/bin/rsync -rltgoDpz --exclude="account.conf" \
--exclude="acme.sh" \ --exclude="acme.sh" \
@@ -468,7 +468,7 @@ wo_upgrade_nginx() {
wo_distro_version=$(lsb_release -sc) wo_distro_version=$(lsb_release -sc)
if [ -d /var/lib/wo-backup/nginx ]; then if [ -d /var/lib/wo-backup/nginx ]; then
/bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx /bin/tar -I zstd "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx
rm -rf /var/lib/wo-backup/nginx rm -rf /var/lib/wo-backup/nginx
fi fi
# backup nginx conf # backup nginx conf
@@ -575,13 +575,13 @@ wo_backup_ee() {
local BACKUP_EE="" local BACKUP_EE=""
[ -d /etc/nginx ] && { BACKUP_EE="$BACKUP_EE /etc/nginx"; } [ -d /etc/nginx ] && { BACKUP_EE="$BACKUP_EE /etc/nginx"; }
[ -d /etc/letsencrypt ] && { BACKUP_EE="$BACKUP_EE /etc/letsencrypt"; } [ -d /etc/letsencrypt ] && { BACKUP_EE="$BACKUP_EE /etc/letsencrypt"; }
/bin/tar -I pigz -cf "$EE_BACKUP_FILE" /usr/local/bin/ee /usr/lib/ee/templates /etc/ee /var/lib/ee "$BACKUP_EE" /bin/tar -I zstd -cf "$EE_BACKUP_FILE" /usr/local/bin/ee /usr/lib/ee/templates /etc/ee /var/lib/ee "$BACKUP_EE"
return 0 return 0
} }
wo_backup_wo() { wo_backup_wo() {
if [ -d /etc/nginx ] && [ -d /etc/wo ] && [ -d /var/lib/wo ]; then if [ -d /etc/nginx ] && [ -d /etc/wo ] && [ -d /var/lib/wo ]; then
/bin/tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx /etc/wo /var/lib/wo /bin/tar -I zstd -cf "$WO_BACKUP_FILE" /etc/nginx /etc/wo /var/lib/wo
fi fi
return 0 return 0
} }

2
wo/cli/templates/proftpd-tls.mustache
View File

@@ -5,7 +5,7 @@ TLSRequired on
TLSLog /var/log/proftpd/tls.log TLSLog /var/log/proftpd/tls.log
# intermediate configuration from ssl-config.mozilla.org # intermediate configuration from ssl-config.mozilla.org
TLSProtocol TLSv1.2 TLSv1.3 TLSProtocol TLSv1.2
TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
TLSServerCipherPreference off TLSServerCipherPreference off
TLSessionTickets off TLSessionTickets off