diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c7191a..09994fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## Releases -### v3.15.2 - [Unreleased] +### v3.16.0 - [Unreleased] + +### v3.15.2 - 2022-09-23 + +#### Added + +- Add support for Chrome Privacy Preserving Prefetch Proxy [Issue 440](https://github.com/WordOps/WordOps/issues/440) + +#### Changed + +- Cloudflare IP script for Nginx now fetch Cloudflare IPs using the API + +#### Fixed + +- wo secure --auth on Ubuntu 22.04 ### v3.15.1 - 2022-09-09 diff --git a/README.md b/README.md index 24fdbe0..1ab274f 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ - **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on [ssllabs](https://www.ssllabs.com/ssltest/analyze.html?d=demo.wordops.eu&latest)) - **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata - **User Friendly** : WordOps dashboard with server status/monitoring and tools ([demo](https://demo.wordops.eu)) +- **Release cycle** : WordOps stable releases are published in June and December. --- @@ -165,6 +166,7 @@ For any other questions about WordOps or if you need support, please use the [Co If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. There is no need to be a developer or a system administrator to contribute to WordOps project. You can still contribute by helping us to improve [WordOps documentation](https://github.com/WordOps/docs.wordops.net). +Otherwise, you can still contribute to the project by making a donation on [Ko-Fi](https://ko-fi.com/wordops). ## Credits diff --git a/install b/install index edeee09..5f7ba7d 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo -E bash wo # ------------------------------------------------------------------------- -# Version 3.15.1 - 2022-09-09 +# Version 3.15.2 - 2022-09-23 # ------------------------------------------------------------------------- # CONTENTS diff --git a/setup.py b/setup.py index 2a08904..9c87f06 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ if os.geteuid() == 0: os.makedirs('/var/lib/wo/tmp/') setup(name='wordops', - version='3.15.1', + version='3.15.2', description='An essential toolset that eases server administration', long_description=LONG, long_description_content_type='text/markdown', diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py index 3b3079c..135ecfc 100644 --- a/wo/cli/plugins/secure.py +++ b/wo/cli/plugins/secure.py @@ -83,11 +83,11 @@ class WOSecureController(CementBaseController): if password == "": pargs.user_pass = passwd Log.debug(self, "printf username:" - "$(openssl passwd -crypt " + "$(openssl passwd --apr1 " "password 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null") WOShellExec.cmd_exec(self, "printf \"{username}:" - "$(openssl passwd -crypt " + "$(openssl passwd -apr1 " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null" .format(username=pargs.user_input, diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 88a0459..10b6f66 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -194,11 +194,6 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOTemplate.deploy( self, '{0}/avif.conf'.format(ngxcnf), 'avif.mustache', data, overwrite=False) - - WOTemplate.deploy( - self, '{0}/cloudflare.conf'.format(ngxcnf), - 'cloudflare.mustache', data) - WOTemplate.deploy( self, '{0}/map-wp-fastcgi-cache.conf'.format(ngxcnf), @@ -220,6 +215,11 @@ def post_pref(self, apt_packages, packages, upgrade=False): '{0}/locations-wo.conf' .format(ngxcom), 'locations.mustache', data) + # traffic advice file + WOTemplate.deploy(self, + '/var/www/html/' + '.well-known/traffic-advice', + 'traffic-advice.mustache', data) WOTemplate.deploy(self, '{0}/wpsubdir.conf' @@ -324,7 +324,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): try: WOShellExec.cmd_exec( self, "printf \"WordOps:" - "$(openssl passwd -crypt " + "$(openssl passwd -apr1 " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo " "2>/dev/null" @@ -417,16 +417,17 @@ def post_pref(self, apt_packages, packages, upgrade=False): .format(server_ip.text, WOVar.wo_fqdn)]) - if not os.path.isfile("/opt/cf-update.sh"): - data = dict(release=WOVar.wo_version) - WOTemplate.deploy(self, '/opt/cf-update.sh', - 'cf-update.mustache', - data, overwrite=False) - WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775) - WOCron.setcron_weekly(self, '/opt/cf-update.sh ' - '> /dev/null 2>&1', - comment='Cloudflare IP refresh cronjob ' - 'added by WordOps') + data = dict(release=WOVar.wo_version) + WOTemplate.deploy(self, '/opt/cf-update.sh', + 'cf-update.mustache', + data, overwrite=True) + WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775) + Log.debug(self, 'Creating Cloudflare.conf') + WOShellExec.cmd_exec(self, '/opt/cf-update.sh') + WOCron.setcron_weekly(self, '/opt/cf-update.sh ' + '> /dev/null 2>&1', + comment='Cloudflare IP refresh cronjob ' + 'added by WordOps') # Nginx Configation into GIT if not WOService.restart_service(self, 'nginx'): @@ -1266,7 +1267,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): self, 'mysql -e "SET PASSWORD = ' 'PASSWORD(\'{0}\'); flush privileges;"' - .format(chars)) + .format(chars), log=False) WOFileUtils.mvfile( self, '/etc/mysql/conf.d/my.cnf.tmp', '/etc/mysql/conf.d/my.cnf') @@ -1290,7 +1291,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): 'IDENTIFIED VIA unix_socket OR ' 'mysql_native_password; ' 'SET PASSWORD = PASSWORD(\'{0}\'); ' - 'flush privileges;"'.format(chars)) + 'flush privileges;"'.format(chars), log=False) WOFileUtils.textappend( self, '/etc/mysql/conf.d/my.cnf', 'socket = /run/mysqld/mysqld.sock') diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 43293bf..53a1b94 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -202,12 +202,8 @@ class WOStackUpgradeController(CementBaseController): # netdata if pargs.netdata: # detect static binaries install - if os.path.isdir('/opt/netdata'): - packages = packages + [[ - 'https://my-netdata.io/kickstart.sh', - '/var/lib/wo/tmp/kickstart.sh', 'Netdata']] - # detect install from source - elif os.path.isdir('/etc/netdata'): + if (os.path.isdir('/opt/netdata') or + os.path.isdir('/etc/netdata')): packages = packages + [[ 'https://my-netdata.io/kickstart.sh', '/var/lib/wo/tmp/kickstart.sh', 'Netdata']] @@ -295,11 +291,11 @@ class WOStackUpgradeController(CementBaseController): 'ngxblocker' ]] - if ((not (apt_packages)) and (not(packages))): + if not apt_packages and not packages: self.app.args.print_help() else: pre_stack(self) - if (apt_packages): + if apt_packages: if not ("php7.2-fpm" in apt_packages or "php7.3-fpm" in apt_packages or "php7.4-fpm" in apt_packages or @@ -340,7 +336,7 @@ class WOStackUpgradeController(CementBaseController): Log.valide(self, "Configuring APT Packages") # Post Actions after package updates - if (packages): + if packages: if WOAptGet.is_selected(self, 'WP-CLI', packages): WOFileUtils.rm(self, '/usr/local/bin/wp') @@ -385,7 +381,7 @@ class WOStackUpgradeController(CementBaseController): WOShellExec.cmd_exec( self, "bash /var/lib/wo/tmp/kickstart.sh " - "--dont-wait --no-updates", + "--dont-wait --no-updates --stable-channel", errormsg='', log=False) Log.valide(self, "Upgrading Netdata") diff --git a/wo/cli/templates/cf-update.mustache b/wo/cli/templates/cf-update.mustache index ce6269c..53ac00d 100644 --- a/wo/cli/templates/cf-update.mustache +++ b/wo/cli/templates/cf-update.mustache @@ -28,14 +28,13 @@ IFS=$'\n\t' trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR declare -r CURL_BIN=$(command -v curl) -declare -r cfIPv4="https://www.cloudflare.com/ips-v4" -declare -r cfIPv6="https://www.cloudflare.com/ips-v6" +declare -r cfIP="https://api.cloudflare.com/client/v4/ips" declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf' declare allOK='true' declare ips4 ips6 ip -ips4=$( ${CURL_BIN} -sL "${cfIPv4}" ) -ips6=$( ${CURL_BIN} -sL "${cfIPv6}" ) +ips4=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv4_cidrs[]' ) +ips6=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv6_cidrs[]' ) if [ -d /etc/nginx/conf.d ]; then @@ -75,4 +74,3 @@ else fi echo "Cloudflare IPs updated" echo "" - diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache index b637cfc..2edaaba 100644 --- a/wo/cli/templates/locations.mustache +++ b/wo/cli/templates/locations.mustache @@ -37,6 +37,13 @@ location /.well-known/acme-challenge/ { allow all; auth_basic off; } +# Private Prefetch Proxy +# https://developer.chrome.com/blog/private-prefetch-proxy/ +location /.well-known/traffic-advice { + types { } default_type "application/trafficadvice+json; charset=utf-8"; + alias /var/www/html/.well-known/traffic-advice; + allow all; +} # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { deny all; diff --git a/wo/cli/templates/traffic-advice.mustache b/wo/cli/templates/traffic-advice.mustache new file mode 100644 index 0000000..9e4f8b0 --- /dev/null +++ b/wo/cli/templates/traffic-advice.mustache @@ -0,0 +1,6 @@ +[{ + "user_agent": "prefetch-proxy", + "google_prefetch_proxy_eap": { + "fraction": 1.0 + } +}] \ No newline at end of file diff --git a/wo/core/variables.py b/wo/core/variables.py index ca3e844..808395e 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -15,7 +15,7 @@ class WOVar(): """Intialization of core variables""" # WordOps version - wo_version = "3.15.1" + wo_version = "3.15.2" # WordOps packages versions wo_wp_cli = "2.6.0" wo_adminer = "4.8.1"