Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #462 from WordOps/updating-configuration

Browse Source 
Maintenance Release v3.15.2
This commit is contained in:
VirtuBox
2022-09-23 18:25:54 +02:00
committed by GitHub
parent 1d71d30b63 cd6f650e9e
commit 4590b3f4ff
11 changed files with 63 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
CHANGELOG.md
View File

@@ -6,7 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Releases ## Releases
### v3.15.2 - [Unreleased] ### v3.16.0 - [Unreleased]
### v3.15.2 - 2022-09-23
#### Added
- Add support for Chrome Privacy Preserving Prefetch Proxy [Issue 440](https://github.com/WordOps/WordOps/issues/440)
#### Changed
- Cloudflare IP script for Nginx now fetch Cloudflare IPs using the API
#### Fixed
- wo secure --auth on Ubuntu 22.04
### v3.15.1 - 2022-09-09 ### v3.15.1 - 2022-09-09

2
README.md
View File

@@ -49,6 +49,7 @@
- **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on [ssllabs](https://www.ssllabs.com/ssltest/analyze.html?d=demo.wordops.eu&latest)) - **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on [ssllabs](https://www.ssllabs.com/ssltest/analyze.html?d=demo.wordops.eu&latest))
- **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata - **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata
- **User Friendly** : WordOps dashboard with server status/monitoring and tools ([demo](https://demo.wordops.eu)) - **User Friendly** : WordOps dashboard with server status/monitoring and tools ([demo](https://demo.wordops.eu))
- **Release cycle** : WordOps stable releases are published in June and December.
--- ---
@@ -165,6 +166,7 @@ For any other questions about WordOps or if you need support, please use the [Co
If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome.
There is no need to be a developer or a system administrator to contribute to WordOps project. You can still contribute by helping us to improve [WordOps documentation](https://github.com/WordOps/docs.wordops.net). There is no need to be a developer or a system administrator to contribute to WordOps project. You can still contribute by helping us to improve [WordOps documentation](https://github.com/WordOps/docs.wordops.net).
Otherwise, you can still contribute to the project by making a donation on [Ko-Fi](https://ko-fi.com/wordops).
## Credits ## Credits

2
install
View File

@@ -9,7 +9,7 @@
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# wget -qO wo wops.cc && sudo -E bash wo # wget -qO wo wops.cc && sudo -E bash wo
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.15.1 - 2022-09-09 # Version 3.15.2 - 2022-09-23
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# CONTENTS # CONTENTS

2
setup.py
View File

@@ -27,7 +27,7 @@ if os.geteuid() == 0:
os.makedirs('/var/lib/wo/tmp/') os.makedirs('/var/lib/wo/tmp/')
setup(name='wordops', setup(name='wordops',
version='3.15.1', version='3.15.2',
description='An essential toolset that eases server administration', description='An essential toolset that eases server administration',
long_description=LONG, long_description=LONG,
long_description_content_type='text/markdown', long_description_content_type='text/markdown',

4
wo/cli/plugins/secure.py
View File

@@ -83,11 +83,11 @@ class WOSecureController(CementBaseController):
if password == "": if password == "":
pargs.user_pass = passwd pargs.user_pass = passwd
Log.debug(self, "printf username:" Log.debug(self, "printf username:"
"$(openssl passwd -crypt " "$(openssl passwd --apr1 "
"password 2> /dev/null)\n\"" "password 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null") "> /etc/nginx/htpasswd-wo 2>/dev/null")
WOShellExec.cmd_exec(self, "printf \"{username}:" WOShellExec.cmd_exec(self, "printf \"{username}:"
"$(openssl passwd -crypt " "$(openssl passwd -apr1 "
"{password} 2> /dev/null)\n\"" "{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null" "> /etc/nginx/htpasswd-wo 2>/dev/null"
.format(username=pargs.user_input, .format(username=pargs.user_input,

37
wo/cli/plugins/stack_pref.py
View File

@@ -194,11 +194,6 @@ def post_pref(self, apt_packages, packages, upgrade=False):
WOTemplate.deploy( WOTemplate.deploy(
self, '{0}/avif.conf'.format(ngxcnf), self, '{0}/avif.conf'.format(ngxcnf),
'avif.mustache', data, overwrite=False) 'avif.mustache', data, overwrite=False)
WOTemplate.deploy(
self, '{0}/cloudflare.conf'.format(ngxcnf),
'cloudflare.mustache', data)
WOTemplate.deploy( WOTemplate.deploy(
self, self,
'{0}/map-wp-fastcgi-cache.conf'.format(ngxcnf), '{0}/map-wp-fastcgi-cache.conf'.format(ngxcnf),
@@ -220,6 +215,11 @@ def post_pref(self, apt_packages, packages, upgrade=False):
'{0}/locations-wo.conf' '{0}/locations-wo.conf'
.format(ngxcom), .format(ngxcom),
'locations.mustache', data) 'locations.mustache', data)
# traffic advice file
WOTemplate.deploy(self,
'/var/www/html/'
'.well-known/traffic-advice',
'traffic-advice.mustache', data)
WOTemplate.deploy(self, WOTemplate.deploy(self,
'{0}/wpsubdir.conf' '{0}/wpsubdir.conf'
@@ -324,7 +324,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
try: try:
WOShellExec.cmd_exec( WOShellExec.cmd_exec(
self, "printf \"WordOps:" self, "printf \"WordOps:"
"$(openssl passwd -crypt " "$(openssl passwd -apr1 "
"{password} 2> /dev/null)\n\"" "{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo " "> /etc/nginx/htpasswd-wo "
"2>/dev/null" "2>/dev/null"
@@ -417,16 +417,17 @@ def post_pref(self, apt_packages, packages, upgrade=False):
.format(server_ip.text, .format(server_ip.text,
WOVar.wo_fqdn)]) WOVar.wo_fqdn)])
if not os.path.isfile("/opt/cf-update.sh"): data = dict(release=WOVar.wo_version)
data = dict(release=WOVar.wo_version) WOTemplate.deploy(self, '/opt/cf-update.sh',
WOTemplate.deploy(self, '/opt/cf-update.sh', 'cf-update.mustache',
'cf-update.mustache', data, overwrite=True)
data, overwrite=False) WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775)
WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775) Log.debug(self, 'Creating Cloudflare.conf')
WOCron.setcron_weekly(self, '/opt/cf-update.sh ' WOShellExec.cmd_exec(self, '/opt/cf-update.sh')
'> /dev/null 2>&1', WOCron.setcron_weekly(self, '/opt/cf-update.sh '
comment='Cloudflare IP refresh cronjob ' '> /dev/null 2>&1',
'added by WordOps') comment='Cloudflare IP refresh cronjob '
'added by WordOps')
# Nginx Configation into GIT # Nginx Configation into GIT
if not WOService.restart_service(self, 'nginx'): if not WOService.restart_service(self, 'nginx'):
@@ -1266,7 +1267,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
self, self,
'mysql -e "SET PASSWORD = ' 'mysql -e "SET PASSWORD = '
'PASSWORD(\'{0}\'); flush privileges;"' 'PASSWORD(\'{0}\'); flush privileges;"'
.format(chars)) .format(chars), log=False)
WOFileUtils.mvfile( WOFileUtils.mvfile(
self, '/etc/mysql/conf.d/my.cnf.tmp', self, '/etc/mysql/conf.d/my.cnf.tmp',
'/etc/mysql/conf.d/my.cnf') '/etc/mysql/conf.d/my.cnf')
@@ -1290,7 +1291,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
'IDENTIFIED VIA unix_socket OR ' 'IDENTIFIED VIA unix_socket OR '
'mysql_native_password; ' 'mysql_native_password; '
'SET PASSWORD = PASSWORD(\'{0}\'); ' 'SET PASSWORD = PASSWORD(\'{0}\'); '
'flush privileges;"'.format(chars)) 'flush privileges;"'.format(chars), log=False)
WOFileUtils.textappend( WOFileUtils.textappend(
self, '/etc/mysql/conf.d/my.cnf', self, '/etc/mysql/conf.d/my.cnf',
'socket = /run/mysqld/mysqld.sock') 'socket = /run/mysqld/mysqld.sock')

16
wo/cli/plugins/stack_upgrade.py
View File

@@ -202,12 +202,8 @@ class WOStackUpgradeController(CementBaseController):
# netdata # netdata
if pargs.netdata: if pargs.netdata:
# detect static binaries install # detect static binaries install
if os.path.isdir('/opt/netdata'): if (os.path.isdir('/opt/netdata') or
packages = packages + [[ os.path.isdir('/etc/netdata')):
'https://my-netdata.io/kickstart.sh',
'/var/lib/wo/tmp/kickstart.sh', 'Netdata']]
# detect install from source
elif os.path.isdir('/etc/netdata'):
packages = packages + [[ packages = packages + [[
'https://my-netdata.io/kickstart.sh', 'https://my-netdata.io/kickstart.sh',
'/var/lib/wo/tmp/kickstart.sh', 'Netdata']] '/var/lib/wo/tmp/kickstart.sh', 'Netdata']]
@@ -295,11 +291,11 @@ class WOStackUpgradeController(CementBaseController):
'ngxblocker' 'ngxblocker'
]] ]]
if ((not (apt_packages)) and (not(packages))): if not apt_packages and not packages:
self.app.args.print_help() self.app.args.print_help()
else: else:
pre_stack(self) pre_stack(self)
if (apt_packages): if apt_packages:
if not ("php7.2-fpm" in apt_packages or if not ("php7.2-fpm" in apt_packages or
"php7.3-fpm" in apt_packages or "php7.3-fpm" in apt_packages or
"php7.4-fpm" in apt_packages or "php7.4-fpm" in apt_packages or
@@ -340,7 +336,7 @@ class WOStackUpgradeController(CementBaseController):
Log.valide(self, "Configuring APT Packages") Log.valide(self, "Configuring APT Packages")
# Post Actions after package updates # Post Actions after package updates
if (packages): if packages:
if WOAptGet.is_selected(self, 'WP-CLI', packages): if WOAptGet.is_selected(self, 'WP-CLI', packages):
WOFileUtils.rm(self, '/usr/local/bin/wp') WOFileUtils.rm(self, '/usr/local/bin/wp')
@@ -385,7 +381,7 @@ class WOStackUpgradeController(CementBaseController):
WOShellExec.cmd_exec( WOShellExec.cmd_exec(
self, self,
"bash /var/lib/wo/tmp/kickstart.sh " "bash /var/lib/wo/tmp/kickstart.sh "
"--dont-wait --no-updates", "--dont-wait --no-updates --stable-channel",
errormsg='', log=False) errormsg='', log=False)
Log.valide(self, "Upgrading Netdata") Log.valide(self, "Upgrading Netdata")

8
wo/cli/templates/cf-update.mustache
View File

@@ -28,14 +28,13 @@ IFS=$'\n\t'
trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR
declare -r CURL_BIN=$(command -v curl) declare -r CURL_BIN=$(command -v curl)
declare -r cfIPv4="https://www.cloudflare.com/ips-v4" declare -r cfIP="https://api.cloudflare.com/client/v4/ips"
declare -r cfIPv6="https://www.cloudflare.com/ips-v6"
declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf' declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf'
declare allOK='true' declare allOK='true'
declare ips4 ips6 ip declare ips4 ips6 ip
ips4=$( ${CURL_BIN} -sL "${cfIPv4}" ) ips4=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv4_cidrs[]' )
ips6=$( ${CURL_BIN} -sL "${cfIPv6}" ) ips6=$( ${CURL_BIN} -sL "${cfIP}" | jq -r '.result.ipv6_cidrs[]' )
if [ -d /etc/nginx/conf.d ]; then if [ -d /etc/nginx/conf.d ]; then
@@ -75,4 +74,3 @@ else
fi fi
echo "Cloudflare IPs updated" echo "Cloudflare IPs updated"
echo "" echo ""

7
wo/cli/templates/locations.mustache
View File

@@ -37,6 +37,13 @@ location /.well-known/acme-challenge/ {
allow all; allow all;
auth_basic off; auth_basic off;
} }
# Private Prefetch Proxy
# https://developer.chrome.com/blog/private-prefetch-proxy/
location /.well-known/traffic-advice {
types { } default_type "application/trafficadvice+json; charset=utf-8";
alias /var/www/html/.well-known/traffic-advice;
allow all;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all; deny all;

6
wo/cli/templates/traffic-advice.mustache Normal file
View File

@@ -0,0 +1,6 @@
[{
"user_agent": "prefetch-proxy",
"google_prefetch_proxy_eap": {
"fraction": 1.0
}
}]

2
wo/core/variables.py
View File

@@ -15,7 +15,7 @@ class WOVar():
"""Intialization of core variables""" """Intialization of core variables"""
# WordOps version # WordOps version
wo_version = "3.15.1" wo_version = "3.15.2"
# WordOps packages versions # WordOps packages versions
wo_wp_cli = "2.6.0" wo_wp_cli = "2.6.0"
wo_adminer = "4.8.1" wo_adminer = "4.8.1"