From 3597a80449ca7fd091d379c3f176c3bdf38c290a Mon Sep 17 00:00:00 2001
From: VirtuBox <thomas@virtubox.net>
Date: Wed, 7 Aug 2019 13:13:30 +0200
Subject: [PATCH] Add Cloudflare restore real-ip

---
 CHANGELOG.md                         | 11 ++++++++---
 install                              |  6 +++---
 wo/cli/plugins/stack_pref.py         |  8 ++++++++
 wo/cli/templates/cloudflare.mustache | 23 +++++++++++++++++++++++
 4 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 wo/cli/templates/cloudflare.mustache

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0d9fd55..86019a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,11 +10,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ### v3.9.7.1 - 2019-08-09
 
+- APT Packages configuration step with `wo stack upgrade` to apply new configurations
+- Cloudflare restore real_ip configuration
+
 #### Changed
 
-- Cement framework updated to v2.8.0
-- Psutil updated to v5.6.3
-- PyMySQL updated to v0.9.3
+- Moving package configuration in a new plugin stack_pref.py
+- Set WordOps backend password length from 16 to 24
+- Upgrade framework cement to 2.6.0
+- Upgrade PyMySQL to 0.9.3
+- Upgrade Psutil to 5.6.3
 
 #### Fixed
 
diff --git a/install b/install
index d7a2352..955dd8c 100755
--- a/install
+++ b/install
@@ -406,9 +406,9 @@ wo_install_acme_sh() {
 wo_install() {
     {
         rm -f /etc/bash_completion.d/wo_auto.rc
-        rm -rf /tmp/WordOps
-        git clone -b "$wo_branch" --depth=50 https://github.com/WordOps/WordOps.git /tmp/WordOps
-        cd /tmp/WordOps || exit 1
+        rm -rf /var/lib/wo/tmp/WordOps-*
+        curl -sL https://github.com/WordOps/WordOps/archive/${wo_branch}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp
+        cd /var/lib/wo/tmp/WordOps-${wo_branch} || exit 1
 
     } \
         >> "$wo_install_log" 2>&1
diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py
index 20726ba..e432df6 100644
--- a/wo/cli/plugins/stack_pref.py
+++ b/wo/cli/plugins/stack_pref.py
@@ -227,6 +227,14 @@ def post_pref(self, apt_packages, packages):
                                 out=wo_nginx)
                 wo_nginx.close()
 
+                Log.debug(self, 'Writting the nginx configuration to '
+                          'file /etc/nginx/conf.d/cloudflare.conf')
+                wo_nginx = open('/etc/nginx/conf.d/cloudflare.conf',
+                                encoding='utf-8', mode='w')
+                self.app.render((data), 'cloudflare.mustache',
+                                out=wo_nginx)
+                wo_nginx.close()
+
                 Log.debug(self, 'Writting the nginx configuration to '
                           'file /etc/nginx/conf.d/'
                           'map-wp-fastcgi-cache.conf')
diff --git a/wo/cli/templates/cloudflare.mustache b/wo/cli/templates/cloudflare.mustache
new file mode 100644
index 0000000..38355fe
--- /dev/null
+++ b/wo/cli/templates/cloudflare.mustache
@@ -0,0 +1,23 @@
+# WordOps (wo) set visitors real ip with Cloudflare
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 104.16.0.0/12;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 131.0.72.0/22;
+set_real_ip_from 2400:cb00::/32;
+set_real_ip_from 2606:4700::/32;
+set_real_ip_from 2803:f800::/32;
+set_real_ip_from 2405:b500::/32;
+set_real_ip_from 2405:8100::/32;
+set_real_ip_from 2a06:98c0::/29;
+set_real_ip_from 2c0f:f248::/32;
+real_ip_header CF-Connecting-IP;