Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nginx stack install

Browse Source
This commit is contained in:
VirtuBox
2019-07-28 21:23:07 +02:00
parent 5cfee94f86
commit 4f2bfc2c06
6 changed files with 191 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.travis.yml
View File

@@ -46,11 +46,10 @@ script:
- sudo wo site update 1.com --wp && sudo wo site update 2.com --php73 && sudo wo site update 3.com --php73 && sudo wo site update 1.com --wpfc && sudo wo site update 1.com --wpsc && sudo wo site update 1.com --wpredis
- sudo wp --allow-root --info
- sudo wo info
- sudo tree -L 2 /etc/nginx
- sudo cat /etc/nginx/nginx.conf
- sudo cat /etc/mysql/my.cnf
- sudo wo stack upgrade --netdata --no-prompt
- sudo wo stack upgrade --phpmyadmin --no-prompt
- sudo wo stack upgrade --composer --no-prompt
- sudo wo update --travis
- sudo wo stack status
- sudo wo maintenance

1
CHANGELOG.md
View File

@@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
#### Fixed
- Kernel tweaks were not applied without server reboot
- Fail2ban standalone install
### v3.9.6.2 - 2019-07-24

2
wo/cli/plugins/secure.py
View File

@@ -8,8 +8,6 @@ from wo.core.git import WOGit
from wo.core.services import WOService
import string
import random
import sys
import hashlib
import getpass

2
wo/cli/plugins/site_functions.py
View File

@@ -892,7 +892,7 @@ def site_package_check(self, stype):
if stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting apt_packages variable for MySQL")
if not WOShellExec.cmd_exec(self, "mysqladmin ping"):
if not WOShellExec.cmd_exec(self, "/usr/bin/mysqladmin ping"):
apt_packages = apt_packages + WOVariables.wo_mysql
packages = packages + [["https://raw.githubusercontent.com/"
"major/MySQLTuner-perl/master/"

26
wo/cli/plugins/stack.py
View File

@@ -245,14 +245,24 @@ class WOStackController(CementBaseController):
# Nginx configuration
if set(WOVariables.wo_nginx).issubset(set(apt_packages)):
if set(["nginx"]).issubset(set(apt_packages)):
# Fix for white screen death with NGINX PLUS
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
'SCRIPT_FILENAME'):
with open('/etc/nginx/fastcgi_params',
encoding='utf-8', mode='a') as wo_nginx:
wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
'\t$request_filename;\n')
# Nginx main configuration
if os.path.isfile('/etc/nginx/nginx.conf'):
data = dict()
Log.debug(self, 'Writting the nginx configuration to '
'file /etc/nginx/nginx.conf')
wo_nginx = open('/etc/nginx/nginx.conf',
encoding='utf-8', mode='w')
self.app.render(
(data), 'nginx-core.mustache', out=wo_nginx)
wo_nginx.close()
# Fix for white screen death with NGINX PLUS
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
'SCRIPT_FILENAME'):
with open('/etc/nginx/fastcgi_params',
encoding='utf-8', mode='a') as wo_nginx:
wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
'\t$request_filename;\n')
if os.path.isfile('/etc/nginx/nginx.conf'):
data = dict(php="9000", debug="9001",

212
wo/cli/templates/nginx-core.mustache
View File

@@ -1,61 +1,189 @@
##
# WordOps Settings
##
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "WordOps {{version}}";
pcre_jit on;
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
# SSL Settings
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
{{#Ubuntu}}
ssl_prefer_server_ciphers on;
{{/Ubuntu}}
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
events {
multi_accept on;
worker_connections 50000;
accept_mutex on;
use epoll;
}
# GZip settings
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
# Compress all output labeled with one of the following MIME-types.
gzip_types
http {
##
# WordOps Settings
##
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 8;
keepalive_requests 500;
keepalive_disable msie6;
lingering_time 20s;
lingering_timeout 5s;
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
aio threads;
server_tokens off;
reset_timedout_connection on;
more_set_headers "X-Powered-By : WordOps";
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
# ngx_vts_module
vhost_traffic_status_zone;
##
# SSL Settings
##
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1;
# Previous TLS v1.2 configuration
# ssl_protocols TLSv1.2;
# ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
# oscp settings
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
resolver_timeout 10;
ssl_stapling on;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format wo_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Gzip Settings
##
# mitigation for CRIME/BREACH attacks
gzip off;
##
# Brotli Settings
##
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_min_length 64000;
brotli_comp_level 4;
brotli_types
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/eot
font/opentype
font/otf
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/xml
text/javascript;
# text/html is always compressed by HttpGzipModule
text/x-cross-domain-policy
text/xml;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}