From 0905651273fd83130bedb15ab1777ae4eabce904 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 13 Sep 2022 15:22:09 +0200 Subject: [PATCH 1/7] Add Private Prefetch Proxy --- wo/cli/plugins/stack_pref.py | 5 +++++ wo/cli/plugins/stack_upgrade.py | 6 +++--- wo/cli/templates/locations.mustache | 7 +++++++ wo/cli/templates/traffic-advice.mustache | 6 ++++++ 4 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 wo/cli/templates/traffic-advice.mustache diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 1b0cd09..1eb8c1b 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -220,6 +220,11 @@ def post_pref(self, apt_packages, packages, upgrade=False): '{0}/locations-wo.conf' .format(ngxcom), 'locations.mustache', data) + # traffic advice file + WOTemplate.deploy(self, + '/var/www/html/' + '.well-known/traffic-advice', + 'traffic-advice.mustache', data) WOTemplate.deploy(self, '{0}/wpsubdir.conf' diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 43293bf..c9f2fb2 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -295,11 +295,11 @@ class WOStackUpgradeController(CementBaseController): 'ngxblocker' ]] - if ((not (apt_packages)) and (not(packages))): + if not apt_packages and not packages: self.app.args.print_help() else: pre_stack(self) - if (apt_packages): + if apt_packages: if not ("php7.2-fpm" in apt_packages or "php7.3-fpm" in apt_packages or "php7.4-fpm" in apt_packages or @@ -340,7 +340,7 @@ class WOStackUpgradeController(CementBaseController): Log.valide(self, "Configuring APT Packages") # Post Actions after package updates - if (packages): + if packages: if WOAptGet.is_selected(self, 'WP-CLI', packages): WOFileUtils.rm(self, '/usr/local/bin/wp') diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache index b637cfc..2edaaba 100644 --- a/wo/cli/templates/locations.mustache +++ b/wo/cli/templates/locations.mustache @@ -37,6 +37,13 @@ location /.well-known/acme-challenge/ { allow all; auth_basic off; } +# Private Prefetch Proxy +# https://developer.chrome.com/blog/private-prefetch-proxy/ +location /.well-known/traffic-advice { + types { } default_type "application/trafficadvice+json; charset=utf-8"; + alias /var/www/html/.well-known/traffic-advice; + allow all; +} # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { deny all; diff --git a/wo/cli/templates/traffic-advice.mustache b/wo/cli/templates/traffic-advice.mustache new file mode 100644 index 0000000..9e4f8b0 --- /dev/null +++ b/wo/cli/templates/traffic-advice.mustache @@ -0,0 +1,6 @@ +[{ + "user_agent": "prefetch-proxy", + "google_prefetch_proxy_eap": { + "fraction": 1.0 + } +}] \ No newline at end of file From 192b88452943a78d9a97508ed8c714691da72975 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 13 Sep 2022 15:52:50 +0200 Subject: [PATCH 2/7] Do not log MariaDB password --- wo/cli/plugins/stack_pref.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 1eb8c1b..327f5b0 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -1270,7 +1270,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): self, 'mysql -e "SET PASSWORD = ' 'PASSWORD(\'{0}\'); flush privileges;"' - .format(chars)) + .format(chars), log=False) WOFileUtils.mvfile( self, '/etc/mysql/conf.d/my.cnf.tmp', '/etc/mysql/conf.d/my.cnf') @@ -1294,7 +1294,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): 'IDENTIFIED VIA unix_socket OR ' 'mysql_native_password; ' 'SET PASSWORD = PASSWORD(\'{0}\'); ' - 'flush privileges;"'.format(chars)) + 'flush privileges;"'.format(chars), log=False) WOFileUtils.textappend( self, '/etc/mysql/conf.d/my.cnf', 'socket = /run/mysqld/mysqld.sock') From f89896d15d380223ac222d694cbd912aad9c503b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 13 Sep 2022 15:53:07 +0200 Subject: [PATCH 3/7] Fix Netdata upgrade --- wo/cli/plugins/stack_upgrade.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index c9f2fb2..53a1b94 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -202,12 +202,8 @@ class WOStackUpgradeController(CementBaseController): # netdata if pargs.netdata: # detect static binaries install - if os.path.isdir('/opt/netdata'): - packages = packages + [[ - 'https://my-netdata.io/kickstart.sh', - '/var/lib/wo/tmp/kickstart.sh', 'Netdata']] - # detect install from source - elif os.path.isdir('/etc/netdata'): + if (os.path.isdir('/opt/netdata') or + os.path.isdir('/etc/netdata')): packages = packages + [[ 'https://my-netdata.io/kickstart.sh', '/var/lib/wo/tmp/kickstart.sh', 'Netdata']] @@ -385,7 +381,7 @@ class WOStackUpgradeController(CementBaseController): WOShellExec.cmd_exec( self, "bash /var/lib/wo/tmp/kickstart.sh " - "--dont-wait --no-updates", + "--dont-wait --no-updates --stable-channel", errormsg='', log=False) Log.valide(self, "Upgrading Netdata") From ce244cfbc53add92a823b8a10c366552e9e2cf9f Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 16 Sep 2022 17:19:18 +0200 Subject: [PATCH 4/7] Fix wo secure --auth on Ubuntu 22.04 --- README.md | 1 + wo/cli/plugins/secure.py | 4 ++-- wo/cli/plugins/stack_pref.py | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 24fdbe0..1d6c072 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ - **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on [ssllabs](https://www.ssllabs.com/ssltest/analyze.html?d=demo.wordops.eu&latest)) - **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata - **User Friendly** : WordOps dashboard with server status/monitoring and tools ([demo](https://demo.wordops.eu)) +- **Release cycle** : WordOps stable releases are published in June and December. --- diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py index 3b3079c..135ecfc 100644 --- a/wo/cli/plugins/secure.py +++ b/wo/cli/plugins/secure.py @@ -83,11 +83,11 @@ class WOSecureController(CementBaseController): if password == "": pargs.user_pass = passwd Log.debug(self, "printf username:" - "$(openssl passwd -crypt " + "$(openssl passwd --apr1 " "password 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null") WOShellExec.cmd_exec(self, "printf \"{username}:" - "$(openssl passwd -crypt " + "$(openssl passwd -apr1 " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null" .format(username=pargs.user_input, diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 327f5b0..6cb4578 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -329,7 +329,7 @@ def post_pref(self, apt_packages, packages, upgrade=False): try: WOShellExec.cmd_exec( self, "printf \"WordOps:" - "$(openssl passwd -crypt " + "$(openssl passwd -apr1 " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo " "2>/dev/null" From a4c37d132c9d1ab4b95275811be0d8cdc0c10144 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 18 Sep 2022 14:01:17 +0200 Subject: [PATCH 5/7] Use Cloudflare API to get IPs --- wo/cli/templates/cf-update.mustache | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/wo/cli/templates/cf-update.mustache b/wo/cli/templates/cf-update.mustache index ce6269c..53ac00d 100644 --- a/wo/cli/templates/cf-update.mustache +++ b/wo/cli/templates/cf-update.mustache @@ -28,14 +28,13 @@ IFS=$'\n\t' trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR declare -r CURL_BIN=$(command -v curl) -declare -r cfIPv4="https://www.cloudflare.com/ips-v4" -declare -r cfIPv6="https://www.cloudflare.com/ips-v6" +declare -r cfIP="https://api.cloudflare.com/client/v4/ips" declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf' declare allOK='true' declare ips4 ips6 ip -ips4=$( ${CURL_BIN} -sL "${cfIPv4}" ) -ips6=$( ${CURL_BIN} -sL "${cfIPv6}" ) +ips4=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv4_cidrs[]' ) +ips6=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv6_cidrs[]' ) if [ -d /etc/nginx/conf.d ]; then @@ -75,4 +74,3 @@ else fi echo "Cloudflare IPs updated" echo "" - From 0a375f9b9961f52930ec5ac9c957b05d7b1715fe Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 18 Sep 2022 20:32:55 +0200 Subject: [PATCH 6/7] Force Cloudflare script update --- wo/cli/plugins/stack_pref.py | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 6cb4578..988df46 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -194,11 +194,6 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOTemplate.deploy( self, '{0}/avif.conf'.format(ngxcnf), 'avif.mustache', data, overwrite=False) - - WOTemplate.deploy( - self, '{0}/cloudflare.conf'.format(ngxcnf), - 'cloudflare.mustache', data) - WOTemplate.deploy( self, '{0}/map-wp-fastcgi-cache.conf'.format(ngxcnf), @@ -421,16 +416,17 @@ def post_pref(self, apt_packages, packages, upgrade=False): .format(server_ip.text, WOVar.wo_fqdn)]) - if not os.path.isfile("/opt/cf-update.sh"): - data = dict(release=WOVar.wo_version) - WOTemplate.deploy(self, '/opt/cf-update.sh', - 'cf-update.mustache', - data, overwrite=False) - WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775) - WOCron.setcron_weekly(self, '/opt/cf-update.sh ' - '> /dev/null 2>&1', - comment='Cloudflare IP refresh cronjob ' - 'added by WordOps') + data = dict(release=WOVar.wo_version) + WOTemplate.deploy(self, '/opt/cf-update.sh', + 'cf-update.mustache', + data, overwrite=True) + WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775) + Log.debug(self, 'Creating Cloudflare.conf') + WOShellExec.cmd_exec(self, '/opt/cf-update.sh') + WOCron.setcron_weekly(self, '/opt/cf-update.sh ' + '> /dev/null 2>&1', + comment='Cloudflare IP refresh cronjob ' + 'added by WordOps') # Nginx Configation into GIT if not WOService.restart_service(self, 'nginx'): From cd6f650e9eae8b3b0c95bbb7d3ac4ade9d85ab2e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 23 Sep 2022 17:44:44 +0200 Subject: [PATCH 7/7] Prepare for release v3.15.2 --- CHANGELOG.md | 16 +++++++++++++++- README.md | 1 + install | 2 +- setup.py | 2 +- wo/core/variables.py | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c7191a..09994fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## Releases -### v3.15.2 - [Unreleased] +### v3.16.0 - [Unreleased] + +### v3.15.2 - 2022-09-23 + +#### Added + +- Add support for Chrome Privacy Preserving Prefetch Proxy [Issue 440](https://github.com/WordOps/WordOps/issues/440) + +#### Changed + +- Cloudflare IP script for Nginx now fetch Cloudflare IPs using the API + +#### Fixed + +- wo secure --auth on Ubuntu 22.04 ### v3.15.1 - 2022-09-09 diff --git a/README.md b/README.md index 1d6c072..1ab274f 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,7 @@ For any other questions about WordOps or if you need support, please use the [Co If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. There is no need to be a developer or a system administrator to contribute to WordOps project. You can still contribute by helping us to improve [WordOps documentation](https://github.com/WordOps/docs.wordops.net). +Otherwise, you can still contribute to the project by making a donation on [Ko-Fi](https://ko-fi.com/wordops). ## Credits diff --git a/install b/install index edeee09..5f7ba7d 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo -E bash wo # ------------------------------------------------------------------------- -# Version 3.15.1 - 2022-09-09 +# Version 3.15.2 - 2022-09-23 # ------------------------------------------------------------------------- # CONTENTS diff --git a/setup.py b/setup.py index 2a08904..9c87f06 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ if os.geteuid() == 0: os.makedirs('/var/lib/wo/tmp/') setup(name='wordops', - version='3.15.1', + version='3.15.2', description='An essential toolset that eases server administration', long_description=LONG, long_description_content_type='text/markdown', diff --git a/wo/core/variables.py b/wo/core/variables.py index ca3e844..808395e 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -15,7 +15,7 @@ class WOVar(): """Intialization of core variables""" # WordOps version - wo_version = "3.15.1" + wo_version = "3.15.2" # WordOps packages versions wo_wp_cli = "2.6.0" wo_adminer = "4.8.1"