From fc796bee409a45a83a836a6cc3c6502e9f49f665 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 17:38:41 +0100 Subject: [PATCH 01/20] minor fixes --- install | 1 + wo/cli/plugins/sitedb.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/install b/install index c69611e..ad7b3da 100644 --- a/install +++ b/install @@ -136,6 +136,7 @@ wo_install_dep() if [ "$wo_linux_distro" == "Ubuntu" ]; then DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1 else + wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1 fi diff --git a/wo/cli/plugins/sitedb.py b/wo/cli/plugins/sitedb.py index e006157..4048b26 100644 --- a/wo/cli/plugins/sitedb.py +++ b/wo/cli/plugins/sitedb.py @@ -12,7 +12,7 @@ import glob def addNewSite(self, site, stype, cache, path, enabled=True, ssl=False, fs='ext4', db='mysql', db_name=None, db_user=None, db_password=None, - db_host='localhost', hhvm=0, php_version='5.5'): + db_host='localhost', hhvm=0, php_version='7.2'): """ Add New Site record information into the wo database. """ From 2f28047b1ae37c6c248ab5b4e39a8452da130bf3 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 17:38:57 +0100 Subject: [PATCH 02/20] refactor letsencrypt --- wo/cli/plugins/site_functions.py | 145 ++++++++++++++++--------------- 1 file changed, 75 insertions(+), 70 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 7b8f2f6..56f6ca5 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1211,39 +1211,32 @@ def setupLetsEncrypt(self, wo_domain_name): Log.warn(self, "Please wait while we fetch the new HTTPS certificate" " for your site.\nIt may take a few minutes" " depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -d www.{0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) - if ssl: - Log.info(self, "The HTTPS setup for your website is " - "successfully completed!") - Log.info(self, "Your certificate and chain have been saved in " - "{0}/{1}/fullchain.pem" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - Log.info(self, "Configuring nginx HTTPS configuration") + sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -d www.{0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + if sslissue: + + Log.debug(self, "Cert deployment for domain: {0}" + .format(wo_domain_name)) + ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config'" + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) + if ssl: - if os.path.isfile("{0}/{1}_ecc/fullchain.cer" - .format(WOVariables.wo_ssl_archive, wo_domain_name)): - Log.debug(self, "Cert deployment for domain: {0}" - .format(wo_domain_name)) - ssl_deploy = WOShellExec.cmd_exec(self, - "mkdir -p {0}/{1} && " - "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config'" - "--install-cert -d {1} --ecc " - "--cert-file {0}/{1}/cert.pem " - "--key-file {0}/{1}/key.pem " - "--fullchain-file " - "{0}/{1}/fullchain.pem " - "--reloadcmd " - "\"service nginx restart\" " - .format(WOVariables.wo_ssl_live, - wo_domain_name)) try: Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" @@ -1264,16 +1257,16 @@ def setupLetsEncrypt(self, wo_domain_name): WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to setup, Let\'s Encrypt", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # setup letsencrypt for a subdomain @@ -1285,29 +1278,41 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): .format(WOVariables.wo_ssl_archive, wo_domain_name)): Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" .format(wo_domain_name)) + ssl = archivedCertificateHandle(self, wo_domain_name) else: - Log.warn(self, "Please wait while we fetch the new HTTPS certificate " - "for your site.\nIt may take a " - "few minutes depending on the network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " - "--config-home " - "'/etc/letsencrypt/config' " - "--issue " - "-d {0} -w /var/www/html " - "-k ec-384" - .format(wo_domain_name)) + Log.warn(self, "Please wait while we fetch the new HTTPS certificate" + " for your site.\nIt may take a few minutes" + " depending on the network.") + sslissue = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -w /var/www/html " + "-k ec-384" + .format(wo_domain_name)) + if sslissue: + + Log.debug(self, "Cert deployment for domain: {0}" + .format(wo_domain_name)) + ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " + "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config'" + "--install-cert -d {1} --ecc " + "--cert-file {0}/{1}/cert.pem " + "--key-file {0}/{1}/key.pem " + "--fullchain-file " + "{0}/{1}/fullchain.pem " + "--reloadcmd " + "\"service nginx restart\" " + .format(WOVariables.wo_ssl_live, + wo_domain_name)) if ssl: - Log.info(self, "The HTTPS setup for your website " - "is successfully completed!") - Log.info(self, "Your certificate and chain have been saved in " - "{0}/{1}/fullchain.pem" - .format(WOVariables.wo_ssl_live, wo_domain_name)) - Log.info(self, "Configuring nginx HTTPS configuration") try: Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + .format(wo_domain_name)) sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" .format(wo_domain_name), @@ -1317,23 +1322,23 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "ssl on;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) + .format(wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to setup, Let\'s Encrypt", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # letsencrypt cert renewal From 83fc345bc6588dc96b7766abdc02112b26b0643a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 18:21:59 +0100 Subject: [PATCH 03/20] fix identation --- wo/cli/plugins/site_functions.py | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 56f6ca5..166db96 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1257,16 +1257,16 @@ def setupLetsEncrypt(self, wo_domain_name): WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " - "ssl.conf") - else: - Log.error(self, "Unable to install certificate", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " + "ssl.conf") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # setup letsencrypt for a subdomain @@ -1329,16 +1329,16 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") - except IOError as e: - Log.debug(self, str(e)) - Log.debug(self, "Error occured while generating " + except IOError as e: + Log.debug(self, str(e)) + Log.debug(self, "Error occured while generating " "ssl.conf") - else: - Log.error(self, "Unable to install certificate", False) - Log.error(self, "Please make sure that your site is pointed to \n" - "same server on which " - "you are running Let\'s Encrypt Client " - "\n to allow it to verify the site automatically.") + else: + Log.error(self, "Unable to install certificate", False) + Log.error(self, "Please make sure that your site is pointed to \n" + "same server on which " + "you are running Let\'s Encrypt Client " + "\n to allow it to verify the site automatically.") # letsencrypt cert renewal From 676b8ad8981ba1bf6839207cc054fd69f94644f8 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 23:09:24 +0100 Subject: [PATCH 04/20] fix missing space --- wo/cli/plugins/site_functions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 166db96..341ab16 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1297,7 +1297,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " "--config-home " - "'/etc/letsencrypt/config'" + "'/etc/letsencrypt/config' " "--install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem " "--key-file {0}/{1}/key.pem " @@ -1332,7 +1332,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Error occured while generating " - "ssl.conf") + "ssl.conf") else: Log.error(self, "Unable to install certificate", False) Log.error(self, "Please make sure that your site is pointed to \n" From cd66abbe77d96839a8aecdda73f229f9af2562df Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 17 Mar 2019 23:36:57 +0100 Subject: [PATCH 05/20] fix missing variable --- wo/cli/plugins/site_functions.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 341ab16..08af080 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1250,7 +1250,7 @@ def setupLetsEncrypt(self, wo_domain_name): "ssl on;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(wo_ssl_live, wo_domain_name)) + .format(WOVariables.wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) @@ -1322,7 +1322,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "ssl on;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(wo_ssl_live, wo_domain_name)) + .format(WOVariables.wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) @@ -1346,7 +1346,10 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): def renewLetsEncrypt(self, wo_domain_name): ssl = WOShellExec.cmd_exec( - self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force" + self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--renew -d {0} --ecc --force" .format(wo_domain_name)) mail_list = '' From 416cb15835bf2b5ad5d863d69c8927741fff7c4e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 00:10:51 +0100 Subject: [PATCH 06/20] add ipv6 support in letsencrypt --- CHANGELOG.md | 7 ++- wo/cli/plugins/site.py | 107 +++++++++++++---------------------------- 2 files changed, 39 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a333a97..538fb89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,8 +10,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### v3.9.5 - [Unreleased] -### Changed +#### Added +- IPv6 support with HTTPS + +#### Changed + +- letsencrypt stack refactored with acme.sh - "--letsencrypt=subdomain" option #### Fixed diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index b5f9ba9..9f97325 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -311,22 +311,22 @@ class WOSiteCreateController(CementBaseController): (['--mysql'], dict(help="create mysql site", action='store_true')), (['--wp'], - dict(help="create wordpress single site", + dict(help="create WordPress single site", action='store_true')), (['--wpsubdir'], - dict(help="create wordpress multisite with subdirectory setup", + dict(help="create WordPress multisite with subdirectory setup", action='store_true')), (['--wpsubdomain'], - dict(help="create wordpress multisite with subdomain setup", + dict(help="create WordPress multisite with subdomain setup", action='store_true')), (['--wpfc'], - dict(help="create wordpress single/multi site with wpfc cache", + dict(help="create WordPress single/multi site with wpfc cache", action='store_true')), (['--wpsc'], - dict(help="create wordpress single/multi site with wpsc cache", + dict(help="create WordPress single/multi site with wpsc cache", action='store_true')), (['--wpredis'], - dict(help="create wordpress single/multi site with redis cache", + dict(help="create WordPress single/multi site with redis cache", action='store_true')), (['-le', '--letsencrypt'], dict(help="configure letsencrypt ssl for the site", @@ -334,16 +334,18 @@ class WOSiteCreateController(CementBaseController): choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--user'], - dict(help="provide user for wordpress site")), + dict(help="provide user for WordPress site")), (['--email'], - dict(help="provide email address for wordpress site")), + dict(help="provide email address for WordPress site")), (['--pass'], - dict(help="provide password for wordpress user", + dict(help="provide password for WordPress user", dest='wppass')), (['--proxy'], dict(help="create proxy for site", nargs='+')), + (['--vhostonly'], + dict(help="only create vhost and database without installing WordPress", nargs='+')), (['--experimental'], - dict(help="Enable Experimenal packages without prompt", + dict(help="Enable Experimental packages without prompt", action='store_true')), ] @@ -447,45 +449,22 @@ class WOSiteCreateController(CementBaseController): pass if data and self.app.pargs.php73: - if (self.app.pargs.experimental): - Log.info( - self, "Do you wish to install PHP 7.3 now for {0}?".format(wo_domain)) - - # Check prompt - check_prompt = input("Type \"y\" to continue [n]:") - if check_prompt != "Y" and check_prompt != "y": - Log.info(self, "Not using PHP 7.3 for site.") - data['php73'] = True - data['basic'] = True - php73 = 1 - self.app.pargs.php73 = True - else: - data['php73'] = True - php73 = 1 - else: - data['php73'] = True - php73 = 1 + data['php73'] = True + php73 = 1 elif data: data['php73'] = False php73 = 0 - if (not self.app.pargs.wpfc) and (not self.app.pargs.wpsc) and (not self.app.pargs.wpredis): + if ((not self.app.pargs.wpfc) and + (not self.app.pargs.wpsc) and + (not self.app.pargs.wpredis)): data['basic'] = True - if (cache == 'wpredis' and (self.app.pargs.experimental)): - Log.info(self, "Redis is experimental feature and it may not " - "work with all CSS/JS/Cache of your site.\nYou can " - "disable it by changing cache later.\nDo you wish" - " to enable Redis now for {0}?".format(wo_domain)) - - # Check prompt - check_prompt = input("Type \"y\" to continue [n]:") - if check_prompt != "Y" and check_prompt != "y": - Log.error(self, "Not using Redis for site") - cache = 'basic' - data['wpredis'] = False - data['basic'] = True - self.app.pargs.wpredis = False + if (cache == 'wpredis): + cache = 'wpredis' + data['wpredis'] = True + data['basic'] = False + self.app.pargs.wpredis = True # Check rerequired packages are installed or not wo_auth = site_package_check(self, stype) @@ -1107,21 +1086,8 @@ class WOSiteUpdateController(CementBaseController): if pargs.letsencrypt == "on" or pargs.php73 == "on": if pargs.php73 == "on": - if pargs.experimental: - Log.info( - self, "Do you wish to enable PHP 7.3 now for {0}?".format(wo_domain)) - - check_prompt = input("Type \"y\" to continue [n]:") - if check_prompt != "Y" and check_prompt != "y": - Log.info(self, "Not using PHP 7.3 for site") - data['php73'] = False - php73 = False - else: - data['php73'] = True - php73 = True - else: - data['php73'] = True - php73 = True + data['php73'] = True + php73 = True if pargs.letsencrypt == "on": if oldsitetype in ['wpsubdomain']: @@ -1134,21 +1100,12 @@ class WOSiteUpdateController(CementBaseController): wildcard = True if pargs.wpredis and data['currcachetype'] != 'wpredis': - if pargs.experimental: - Log.info(self, "Redis is experimental feature and it may not" - " work with all plugins of your site.\nYou can " - "disable it by changing cache type later.\nDo you wish" - " to enable Redis now for {0}?".format(wo_domain)) + data['wpredis'] = True + data['basic'] = False + cache = 'wpredis' - # Check prompt - check_prompt = input("Type \"y\" to continue [n]: ") - if check_prompt != "Y" and check_prompt != "y": - Log.error(self, "Not using Redis for site") - data['wpredis'] = False - data['basic'] = True - cache = 'basic' - - if (php73 is old_php73) and (stype == oldsitetype and cache == oldcachetype): + if (php73 is old_php73) and (stype == oldsitetype and + cache == oldcachetype): return 1 if not data: @@ -1258,7 +1215,8 @@ class WOSiteUpdateController(CementBaseController): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully" + " Configured SSL for Site " " https://{0}".format(wo_domain)) if (SSL.getExpirationDays(self, wo_domain) > 0): @@ -1266,7 +1224,8 @@ class WOSiteUpdateController(CementBaseController): str(SSL.getExpirationDays(self, wo_domain)) + " days.") else: Log.warn( - self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + self, "Your cert already EXPIRED !" + " PLEASE renew soon . ") elif data['letsencrypt'] is False: if os.path.isfile("{0}/conf/nginx/ssl.conf" From b98266bd461e207ce87421ddb4bab2c98b735374 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 00:30:54 +0100 Subject: [PATCH 07/20] fix EOL --- README.md | 7 +++++++ wo/cli/plugins/site.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d57f89a..5466b63 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,13 @@ wo site create example.com --mysql # create example.com with php & mysql supp wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy ``` +### Sites secured with Let's Encrypt + +```bash +wo site create example.com --wp --letsencrypt # install wordpress & secure site with letsencrypt +wo site create sub.example.com --wp --letsencrypt=subdomain # install wordpress and secure subdomain with letsencrypt +``` + ## Cheatsheet | | single site | multisite w/ subdir | multisite w/ subdom | diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 9f97325..5794b5d 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -460,7 +460,7 @@ class WOSiteCreateController(CementBaseController): (not self.app.pargs.wpredis)): data['basic'] = True - if (cache == 'wpredis): + if (cache == 'wpredis'): cache = 'wpredis' data['wpredis'] = True data['basic'] = False From 1282f9f7f766352083f400c31995898bb3c46e20 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 01:37:33 +0100 Subject: [PATCH 08/20] update travis & changelog --- .travis.yml | 13 ++++++------- CHANGELOG.md | 2 ++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index ef0b600..dac9957 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,14 +23,13 @@ script: - sudo apt-get install -y --force-yes git python3-setuptools python3-dev python3-apt ccze - sudo bash install $TRAVIS_BRANCH - sudo wo --help - - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo stack install --web || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log + + - sudo wo site create wp-php73.com --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log + + - sudo stack install || sudo tail -n50 /var/log/wo/wordops.log + - sudo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - - - sudo wo site create mysql-php73.com --mysql --php73 || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wp-php73.com --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log @@ -62,4 +61,4 @@ script: - sudo wp --allow-root --info - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log' - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.vtbox.net/$(basename wordops.tar.gz) && echo "" + - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.sh/$(basename wordops.tar.gz) && echo "" diff --git a/CHANGELOG.md b/CHANGELOG.md index 538fb89..710f261 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,11 +13,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), #### Added - IPv6 support with HTTPS +- Brotli support in Nginx #### Changed - letsencrypt stack refactored with acme.sh - "--letsencrypt=subdomain" option +- hardened nginx ssl_ecdh_curve #### Fixed From cc2ea3d291b5e394593d4487b3d428f7b11ec8f5 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 01:53:54 +0100 Subject: [PATCH 09/20] update travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index dac9957..b830565 100644 --- a/.travis.yml +++ b/.travis.yml @@ -59,6 +59,6 @@ script: - sudo ls /var/www/ - sudo wp --allow-root --info - - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log' + - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.sh/$(basename wordops.tar.gz) && echo "" From 6a80bc043e1d1ecf883e78087f32b44afa5d0171 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 03:11:00 +0100 Subject: [PATCH 10/20] update vhost --- wo/cli/templates/virtualconf.mustache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache index b4c52bf..12d62e1 100644 --- a/wo/cli/templates/virtualconf.mustache +++ b/wo/cli/templates/virtualconf.mustache @@ -6,7 +6,7 @@ server { # listen 80 default_server; {{/multisite}} - server_name {{^vma}}{{^rc}}{{site_name}}{{/rc}}{{/vma}} {{#vma}}vma.*{{/vma}} {{#rc}}webmail.*{{/rc}} {{^vma}}{{^rc}}{{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}}{{/rc}}{{/vma}}; + server_name {{site_name}} {{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}} {{#multisite}} # Uncomment the following line for domain mapping From 12d2d55cec0f7d2773007bfdbc843146950fdd37 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 04:29:34 +0100 Subject: [PATCH 11/20] replace keyserver for gpg --- wo/core/apt_repo.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wo/core/apt_repo.py b/wo/core/apt_repo.py index 478bbbe..4c89dae 100644 --- a/wo/core/apt_repo.py +++ b/wo/core/apt_repo.py @@ -79,12 +79,12 @@ class WORepo(): def add_key(self, keyids, keyserver=None): """ This function adds imports repository keys from keyserver. - default keyserver is hkp://keys.gnupg.net + default keyserver is hkp://keyserver.ubuntu.com user can provide other keyserver with keyserver="hkp://xyz" """ WOShellExec.cmd_exec(self, "gpg --keyserver {serv}" .format(serv=(keyserver or - "hkp://keys.gnupg.net")) + "hkp://keyserver.ubuntu.com")) + " --recv-keys {key}".format(key=keyids)) WOShellExec.cmd_exec(self, "gpg -a --export --armor {0}" .format(keyids) From 14bc3cd63532f7f5e14122182acac4bd7c5b3264 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 05:36:35 +0100 Subject: [PATCH 12/20] update travis --- .travis.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index b830565..0adbc99 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,14 +24,13 @@ script: - sudo bash install $TRAVIS_BRANCH - sudo wo --help - - sudo wo site create wp-php73.com --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log - - sudo stack install || sudo tail -n50 /var/log/wo/wordops.log - - sudo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo site create wp-php73.com --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc || sudo tail -n50 /var/log/wo/wordops.log From f1b3edfc31611126acde61e11167a892deaa2a04 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 05:55:00 +0100 Subject: [PATCH 13/20] fix missing ; --- wo/cli/templates/virtualconf-php7.mustache | 6 +++--- wo/cli/templates/virtualconf.mustache | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wo/cli/templates/virtualconf-php7.mustache b/wo/cli/templates/virtualconf-php7.mustache index 1e590de..1ca898d 100644 --- a/wo/cli/templates/virtualconf-php7.mustache +++ b/wo/cli/templates/virtualconf-php7.mustache @@ -6,7 +6,7 @@ server { # listen 80 default_server; {{/multisite}} - server_name {{^vma}}{{^rc}}{{site_name}}{{/rc}}{{/vma}} {{#vma}}vma.*{{/vma}} {{#rc}}webmail.*{{/rc}} {{^vma}}{{^rc}}{{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}}{{/rc}}{{/vma}}; + server_name {{site_name}} {{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}}; {{#multisite}} # Uncomment the following line for domain mapping @@ -28,7 +28,7 @@ server { {{/proxy}} {{^proxy}} - {{^vma}}{{^rc}}root {{webroot}}/htdocs;{{/rc}}{{/vma}} + root {{webroot}}/htdocs; {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}} @@ -42,6 +42,6 @@ server { {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php73.conf;{{/wp}} {{^proxy}}include common/locations-php73.conf;{{/proxy}} - {{^vma}}{{^rc}}include {{webroot}}/conf/nginx/*.conf;{{/rc}}{{/vma}} + include {{webroot}}/conf/nginx/*.conf; {{/proxy}} } diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache index 12d62e1..653a5aa 100644 --- a/wo/cli/templates/virtualconf.mustache +++ b/wo/cli/templates/virtualconf.mustache @@ -6,7 +6,7 @@ server { # listen 80 default_server; {{/multisite}} - server_name {{site_name}} {{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}} + server_name {{site_name}} {{#multisite}}*{{/multisite}}{{^multisite}}www{{/multisite}}.{{site_name}}; {{#multisite}} # Uncomment the following line for domain mapping @@ -28,7 +28,7 @@ server { {{/proxy}} {{^proxy}} - {{^vma}}{{^rc}}root {{webroot}}/htdocs;{{/rc}}{{/vma}} + root {{webroot}}/htdocs; {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}} @@ -42,6 +42,6 @@ server { {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php72.conf;{{/wp}} {{^proxy}}include common/locations-php72.conf;{{/proxy}} - {{^vma}}{{^rc}}include {{webroot}}/conf/nginx/*.conf;{{/rc}}{{/vma}} + include {{webroot}}/conf/nginx/*.conf; {{/proxy}} } From b02ff1f98ed1c4223aa5e4c8894522df49a0228f Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 06:53:19 +0100 Subject: [PATCH 14/20] fix missing space --- wo/cli/plugins/site_functions.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 08af080..2d7ff52 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1225,7 +1225,7 @@ def setupLetsEncrypt(self, wo_domain_name): ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && " "/etc/letsencrypt/acme.sh " "--config-home " - "'/etc/letsencrypt/config'" + "'/etc/letsencrypt/config' " "--install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem " "--key-file {0}/{1}/key.pem " @@ -1467,7 +1467,8 @@ def archivedCertificateHandle(self, domain, wo_wp_email): elif (check_prompt == "2"): Log.info(self, "Using Existing Certificate files") - if not os.path.isfile("{0}/{1}/fullchain.pem".format(WOVariables.wo_ssl_live, domain)): + if not os.path.isfile("{0}/{1}/fullchain.pem" + .format(WOVariables.wo_ssl_live, domain)): Log.error(self, "Certificate files not found. Skipping.\n" "Please check if following file exist" "\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t" @@ -1478,7 +1479,11 @@ def archivedCertificateHandle(self, domain, wo_wp_email): Log.info(self, "Please wait while we renew the Let's Encrypt" "certificate for your site.\nIt may take a few " "minutes depending on your network.") - ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force" + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--renew -d {0} --ecc " + "--force" .format(domain)) else: From 0d3760f84273c4c85579ec111b7592a1dae8910e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 14:19:30 +0100 Subject: [PATCH 15/20] updating letsencrypt=renew --- README.md | 10 ++++++---- wo/cli/plugins/site_functions.py | 25 ++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5466b63..c7a9a36 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,10 @@ - Easy Migration from EasyEngine v3 (migration script development in progress) - Automated WordPress, Nginx, PHP, MySQL & Redis installation -- Up-to-date server stack with Nginx 1.14.2, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 +- Nginx 1.14.2 with Brotli support, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 - Hardened WordPress security with strict Nginx location directives - Optimized Nginx configurations with multiple cache backends support -- Let's Encrypt SSL certificates +- Let's Encrypt SSL certificates handled by Acme.sh - Secured SSL/TLS encryption with strong ciphers_suite and modern TLS protocols ## Requirements @@ -41,7 +41,7 @@ - Ubuntu 16.04 LTS (Xenial) - Ubuntu 18.04 LTS (Bionic) - Debian 8 (Jessie) -- Debian 9 (Stretch) -> **Not fully supported yet** +- Debian 9 (Stretch) ### Ports requirements @@ -137,7 +137,9 @@ wo update ## Credits -- [EasyEngine](https://github.com/easyengine/easyengine) +- Main source : [EasyEngine](https://github.com/easyengine/easyengine) +- Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) + ## License diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 2d7ff52..379075c 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1430,11 +1430,11 @@ def httpsRedirect(self, wo_domain_name, redirect=True): " http://{0}".format(wo_domain_name)) -def archivedCertificateHandle(self, domain, wo_wp_email): +def archivedCertificateHandle(self, domain): Log.warn(self, "You already have an existing certificate " "for the domain requested.\n" "(ref: {0}/" - "{0}_ecc/{0}.conf)".format(WOVariables.wo_ssl_archive, domain) + + "{1}_ecc/{1}.conf)".format(WOVariables.wo_ssl_archive, domain) + "\nPlease select an option from below?" "\n\t1: Reinstall existing certificate" "\n\t2: Keep the existing certificate for now" @@ -1445,7 +1445,7 @@ def archivedCertificateHandle(self, domain, wo_wp_email): if not os.path.isfile("{0}/{1}/fullchain.pem" .format(WOVariables.wo_ssl_live, domain)): Log.error( - self, "{0}/{1}/cert.pem file is missing." + self, "{0}/{1}/fullchain.pem file is missing." .format(WOVariables.wo_ssl_live, domain)) if check_prompt == "1": @@ -1464,6 +1464,25 @@ def archivedCertificateHandle(self, domain, wo_wp_email): "--reloadcmd " "\"service nginx restart\" " .format(WOVariables.wo_ssl_live, domain)) + if ssl: + + if not os.path.isfile("/var/www/{0}/conf/nginx/ssl.conf" + .format(domain)): + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) + Log.info(self, "Install . Backing it up ..") + + sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("listen 443 ssl http2;\n" + "listen [::]:443 ssl http2;\n" + "ssl on;\n" + "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() elif (check_prompt == "2"): Log.info(self, "Using Existing Certificate files") From 5b6ba2ab0f010b05e6444f4aaa22b531f05b1762 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 14:42:53 +0100 Subject: [PATCH 16/20] fix domain variable --- wo/cli/plugins/site_functions.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 379075c..dc126c5 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1470,18 +1470,18 @@ def archivedCertificateHandle(self, domain): .format(domain)): Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + .format(domain)) Log.info(self, "Install . Backing it up ..") sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name), + .format(domain), encoding='utf-8', mode='w') sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl on;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" - .format(WOVariables.wo_ssl_live, wo_domain_name)) + .format(WOVariables.wo_ssl_live, domain)) sslconf.close() elif (check_prompt == "2"): From 31b06226647d6cf756b536416fa3c561f388209a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 14:48:07 +0100 Subject: [PATCH 17/20] update le --- wo/cli/plugins/site_functions.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index dc126c5..e5c530e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1471,7 +1471,6 @@ def archivedCertificateHandle(self, domain): Log.info( self, "Adding /var/www/{0}/conf/nginx/ssl.conf" .format(domain)) - Log.info(self, "Install . Backing it up ..") sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" .format(domain), @@ -1484,6 +1483,8 @@ def archivedCertificateHandle(self, domain): .format(WOVariables.wo_ssl_live, domain)) sslconf.close() + ssl = True + elif (check_prompt == "2"): Log.info(self, "Using Existing Certificate files") if not os.path.isfile("{0}/{1}/fullchain.pem" From a64d1d90e601f15f3b7b7a828125dd6fe2b1f9e8 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 18:13:55 +0100 Subject: [PATCH 18/20] update install script to handle migration from EE --- install | 52 +++++++++++----------------------------------------- 1 file changed, 11 insertions(+), 41 deletions(-) diff --git a/install b/install index ad7b3da..4abdd21 100644 --- a/install +++ b/install @@ -393,10 +393,10 @@ wo_upgrade_nginx() wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" else if [ "$wo_distro_version" == "jessie" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" > /etc/apt/sources.list.d/wo-repo.list + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key else - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" > /etc/apt/sources.list.d/wo-repo.list + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key fi fi @@ -414,7 +414,13 @@ wo_upgrade_nginx() apt-mark unhold nginx-ee nginx-common nginx-custom apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom # install new nginx package - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confnew" -y install nginx-custom nginx-wo + if [ -x /usr/local/bin/wo ]; then + rm -f /etc/nginx/conf.d/{upstream.conf,redis.conf,fastcgi.conf} + rm -f /etc/nginx/*.default + /usr/local/bin/wo stack install + else + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confnew" -y install nginx-custom nginx-wo + fi # set back apt preference [ -f "$HOME/nginx-block" ] && { mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block @@ -488,55 +494,19 @@ wo_update_latest() # Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null if [ $? -eq 0 ]; then - cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations.conf &>> /dev/null + cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf &>> /dev/null fi # Fix Redis-server security issue # http://redis.io/topics/security if [ -f /etc/redis/redis.conf ]; then - grep -0 -v "#" /etc/redis/redis.confse | grep 'bind' &>> /dev/null + grep -0 -v "#" /etc/redis/redis.conf | grep 'bind' &>> /dev/null if [ $? -ne 0 ]; then sed -i '$ a bind 127.0.0.1' /etc/redis/redis.conf &>> /dev/null service redis-server restart &>> /dev/null fi fi - # Let's Encrypt .well-known folder setup - if [ ! -d /var/www/html/.well-known/acme-challenge ]; then - mkdir -p /var/www/html/.well-known/acme-challenge - chown -R www-data:www-data /var/www/html /var/www/html/.well-known - fi - - - # Fix for 3.3.2 renamed nginx.conf - nginx -V &>>/dev/null 2>&1 - if [[ $? -eq 0 ]]; then - nginx -t 2>&1 | grep 'open() "/etc/nginx/nginx.conf" failed' &>>/dev/null - if [[ $? -eq 0 ]]; then - if [ -f /etc/nginx/nginx.conf.old ]; then - if [ ! -f /etc/nginx/nginx.conf ]; then - cp /etc/nginx/nginx.conf.old /etc/nginx/nginx.conf - fi - fi - fi - # Fix for 3.3.2 renamed fastcgi_param - nginx -t 2>&1 | grep 'open() "/etc/nginx/fastcgi_params" failed' &>>/dev/null - if [[ $? -eq 0 ]]; then - if [ -f /etc/nginx/fastcgi_params.old ]; then - if [ ! -f /etc/nginx/fastcgi_params ]; then - cp /etc/nginx/fastcgi_params.old /etc/nginx/fastcgi_params - fi - fi - fi - fi - - # Fix for SSL cert --all - crontab -l | grep -q '\-\-min_expiry_limit' - if [[ $? -eq 0 ]]; then - crontab -l > /var/spool/cron/cron-backup.txt #backup cron before editing - crontab -l | sed '/--min_expiry_limit/d' | crontab - - /bin/bash -c "crontab -l 2> /dev/null | { cat; echo -e \"\n0 0 * * 0 wo site update --le=renew --all 2> /dev/null # Renew all letsencrypt SSL cert. Set by WordOps\"; } | crontab -" - fi } # Do git intialisation From 051d6cbf8dd0766f777b30bc174e594d0685d8fa Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 18:14:37 +0100 Subject: [PATCH 19/20] [skip travis] update readme and issue template --- .github/ISSUE_TEMPLATE.md | 13 +++++++++++++ .github/ISSUE_TEMPLATE/bug_report.md | 16 ---------------- README.md | 10 +++++++++- 3 files changed, 22 insertions(+), 17 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..6bc7ddf --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,13 @@ + +This issue tracker is only for issues related to WordOps. +Please use for support questions. + +If you feel the issue is a WordOps specific issue, please attach the output of the following commands. + +System Information + +- [ ] lsb_release -a +- [ ] wo info +- [ ] nginx -V +- [ ] wo -v +- [ ] wp --allow-root info diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 3f0d1d2..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve WordOps -title: "[BUG]" -labels: bug -assignees: '' - ---- - -Please attach the output of the following commands with your report - -System Information -- [ ] lsb_release -a -- [ ] wo info -- [ ] wo -v -- [ ] wp --allow-root info diff --git a/README.md b/README.md index c7a9a36..39cbdf9 100644 --- a/README.md +++ b/README.md @@ -135,12 +135,20 @@ wo site create sub.example.com --wp --letsencrypt=subdomain # install wordpress wo update ``` +## Support + +If you feel there is a bug directly related to WordOps, feel free to open an issue. +For any other questions/suggestions about WordOps or if you need support, please use the [WordOps Community Forum](https://community.wordops.io/). + +# Contributing + +If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. + ## Credits - Main source : [EasyEngine](https://github.com/easyengine/easyengine) - Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) - ## License - [MIT](http://opensource.org/licenses/MIT) © [WordOps](https://wordops.org) From a85a616d1bff87df81b77d1aeb2b241b01979697 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 18 Mar 2019 18:24:51 +0100 Subject: [PATCH 20/20] set letsencrypt to true --- wo/cli/plugins/site_functions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index e5c530e..3f6def4 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1324,7 +1324,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name): "ssl_certificate_key {0}/{1}/key.pem;\n" .format(WOVariables.wo_ssl_live, wo_domain_name)) sslconf.close() - # updateSiteInfo(self, wo_domain_name, ssl=True) + updateSiteInfo(self, wo_domain_name, ssl=True) WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder")