diff --git a/install b/install
index dd41517..61f2699 100644
--- a/install
+++ b/install
@@ -7,7 +7,7 @@
### 1. VARIABLES AND DECLARATIONS
### 2. PREPARE FOR INSTALLATION
### 3. INSTALLATION
-### 4.
+### 4.
###
# 1 - Set the CLI output colors
@@ -112,7 +112,7 @@ function wo_install_dep()
{
if [ "$wo_linux_distro" == "Ubuntu" ]; then
apt-get -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz || wo_lib_error "There was an error during dependency installation, exit status " 1
- elif [ "$wo_linux_distro" == "Debian" ]; then
+ elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get -y install build-essential curl gzip dirmngr python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz || wo_lib_error "There was an error during dependency installation, exit status " 1
fi
@@ -143,7 +143,7 @@ function wo_install_dep()
touch /var/log/php/7.2/slow.log /var/log/php/7.2/fpm.log
systemctl php7.2-fpm restart &>> /dev/null
- elif [ "$wo_linux_distro" == "Debian" ]; then
+ elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get install apt-transport-https lsb-release ca-certificates locales locales-all -y
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
@@ -151,7 +151,7 @@ function wo_install_dep()
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed." 1
- systemctl php7.2-fpm restart &>> /dev/null
+ systemctl php7.2-fpm restart &>> /dev/null
fi
}
@@ -169,17 +169,17 @@ function wo_sync_db()
# Backup the nginx directory
tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz
-
+
# Copy the EasyEngine database
cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db
# Set the migration variable for the closing text
migration=1
- ###
- # Clean WO installation
- ###
- elif [ ! -d /var/lib/wo ]; then
+ ###
+ # Clean WO installation
+ ###
+ elif [ ! -d /var/lib/wo ]; then
# Create the directory holding the WordOps database
mkdir -p /var/lib/wo
@@ -211,65 +211,65 @@ function wo_sync_db()
# Check site is enable/live or disable
for site in $(ls /etc/nginx/sites-available/ | grep -v default);
do
- if [ -f /etc/nginx/sites-enabled/$site ]; then
- wo_site_status='1'
- else
- wo_site_status='0'
- fi
+ if [ -f /etc/nginx/sites-enabled/$site ]; then
+ wo_site_status='1'
+ else
+ wo_site_status='0'
+ fi
- # Acquire information about the current nginx configuration
- wo_site_current_type=$(head -n1 /etc/nginx/sites-available/$site | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5)
+ # Acquire information about the current nginx configuration
+ wo_site_current_type=$(head -n1 /etc/nginx/sites-available/$site | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5)
- # Sniff out the vhost type and cache configuration
- if [ "$wo_site_current_type" = "HTML" ]; then
- wo_site_current="html"
- wo_site_current_cache="basic"
- elif [ "$wo_site_current_type" = "PHP" ]; then
- wo_site_current="php"
- wo_site_current_cache="basic"
- elif [ "$wo_site_current_type" = "MYSQL" ]; then
- wo_site_current="mysql"
- wo_site_current_cache="basic"
-
- # Caching types on a single WordPress installation
- elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then
- wo_site_current="wp"
- wo_site_current_cache="basic"
- elif [ "$wo_site_current_type" = "WPSINGLE WP SUPER CACHE" ]; then
- wo_site_current="wp"
- wo_site_current_cache="wpsc"
- elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then
- wo_site_current="wp"
- wo_site_current_cache="wpfc"
+ # Sniff out the vhost type and cache configuration
+ if [ "$wo_site_current_type" = "HTML" ]; then
+ wo_site_current="html"
+ wo_site_current_cache="basic"
+ elif [ "$wo_site_current_type" = "PHP" ]; then
+ wo_site_current="php"
+ wo_site_current_cache="basic"
+ elif [ "$wo_site_current_type" = "MYSQL" ]; then
+ wo_site_current="mysql"
+ wo_site_current_cache="basic"
- # Caching types on a single, subdirectory WordPress installation
- elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then
- wo_site_current="wpsubdir"
- wo_site_current_cache="basic"
- elif [ "$wo_site_current_type" = "WPSUBDIR WP SUPER CACHE" ]; then
- wo_site_current="wpsubdir"
- wo_site_current_cache="wpsc"
- elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then
- wo_site_current="wpsubdir"
- wo_site_current_cache="wpfc"
+ # Caching types on a single WordPress installation
+ elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then
+ wo_site_current="wp"
+ wo_site_current_cache="basic"
+ elif [ "$wo_site_current_type" = "WPSINGLE WP SUPER CACHE" ]; then
+ wo_site_current="wp"
+ wo_site_current_cache="wpsc"
+ elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then
+ wo_site_current="wp"
+ wo_site_current_cache="wpfc"
- # Caching types on a single, subdomain WordPress installation
- elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then
- wo_site_current="wpsubdomain"
- wo_site_current_cache="basic"
- elif [ "$wo_site_current_type" = "WPSUBDOMAIN WP SUPER CACHE" ]; then
- wo_site_current="wpsubdomain"
- wo_site_current_cache="wpsc"
- elif [ "$wo_site_current_type" = "WPSUBDOMAIN FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDOMAIN FASTCGI" ]; then
- wo_site_current="wpsubdomain"
- wo_site_current_cache="wpfc"
- fi
+ # Caching types on a single, subdirectory WordPress installation
+ elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then
+ wo_site_current="wpsubdir"
+ wo_site_current_cache="basic"
+ elif [ "$wo_site_current_type" = "WPSUBDIR WP SUPER CACHE" ]; then
+ wo_site_current="wpsubdir"
+ wo_site_current_cache="wpsc"
+ elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then
+ wo_site_current="wpsubdir"
+ wo_site_current_cache="wpfc"
- wo_webroot="/var/www/$site"
+ # Caching types on a single, subdomain WordPress installation
+ elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then
+ wo_site_current="wpsubdomain"
+ wo_site_current_cache="basic"
+ elif [ "$wo_site_current_type" = "WPSUBDOMAIN WP SUPER CACHE" ]; then
+ wo_site_current="wpsubdomain"
+ wo_site_current_cache="wpsc"
+ elif [ "$wo_site_current_type" = "WPSUBDOMAIN FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDOMAIN FASTCGI" ]; then
+ wo_site_current="wpsubdomain"
+ wo_site_current_cache="wpfc"
+ fi
- # Import the configuration into the WordOps SQLite database
- echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
- VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
+ wo_webroot="/var/www/$site"
+
+ # Import the configuration into the WordOps SQLite database
+ echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
+ VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
done
else
wo_php_version="7.2"
@@ -297,6 +297,13 @@ function wo_sync_db()
sed -i 's/9170/9172/g' /etc/nginx/conf.d/upstream.conf &>> /dev/null
fi
+ ###
+ # Webp mapping
+ ###
+ if [ ! -f /etc/nginx/conf.d/webp.conf ]; then
+ echo -e 'map $http_accept $webp_suffix {\n default "";\n "~*webp" ".webp";\n}\n' > /etc/nginx/conf.d/webp.conf
+ fi
+
echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.2');" | sqlite3 /var/lib/wo/dbase.db
@@ -313,11 +320,11 @@ function wo_sync_db()
echo 'alias ee-acme="/root/.ee-acme/ee-acme.sh"' >> $HOME/.ee-acme/ee-acme
wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x $HOME/.ee-acme/ee-acme.sh
- elif [ -x $HOME/.ee-acme/ee-acme.sh ]; then
+ elif [ -x $HOME/.ee-acme/ee-acme.sh ]; then
rm $HOME/.ee-acme/ee-acme.sh
wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x $HOME/.ee-acme/ee-acme.sh
- elif [ ! -d $HOME/.ee-acme ]; then
+ elif [ ! -d $HOME/.ee-acme ]; then
mkdir -p $HOME/.ee-acme
wget -qO /usr/local/bin/wo-acme https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x /usr/local/bin/wo-acme
@@ -346,8 +353,8 @@ function wo_update_wp_cli()
dpkg --compare-versions ${WP_CLI_VERSION} lt 1.4.1
# Update WP-CLI to the most recent version
if [ "$?" == "0" ]; then
- wget -qO ${WP_CLI_PATH} https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar
- chmod +x ${WP_CLI_PATH}
+ wget -qO ${WP_CLI_PATH} https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar
+ chmod +x ${WP_CLI_PATH}
fi
fi
}
@@ -374,24 +381,24 @@ function wo_install()
function wo_update_latest()
{
-if [ -f /etc/nginx/fastcgi_params ]
-then
- cat /etc/nginx/fastcgi_params| grep -q 'HTTP_PROXY'
- if [[ $? -ne 0 ]]; then
- echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi_params
- echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi.conf
- service nginx restart &>> /dev/null
+ if [ -f /etc/nginx/fastcgi_params ]
+ then
+ cat /etc/nginx/fastcgi_params| grep -q 'HTTP_PROXY'
+ if [[ $? -ne 0 ]]; then
+ echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi_params
+ echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi.conf
+ service nginx restart &>> /dev/null
+ fi
fi
-fi
-if [ -f /etc/ImageMagick/policy.xml ]
- then
- if [ ! -f /etc/ImageMagick/patch.txt ]
- then
- echo -e "\t\n\t\n\t\n\t\n\t" >> /etc/ImageMagick/patch.txt
- sed -i '//r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
+ if [ -f /etc/ImageMagick/policy.xml ]
+ then
+ if [ ! -f /etc/ImageMagick/patch.txt ]
+ then
+ echo -e "\t\n\t\n\t\n\t\n\t" >> /etc/ImageMagick/patch.txt
+ sed -i '//r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
+ fi
fi
- fi
#Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]
@@ -424,63 +431,63 @@ if [ -f /etc/ImageMagick/policy.xml ]
wo_lib_echo "Updating Nginx configuration, please wait..."
elif [ "$wo_distro_version" == "trusty" ]; then
- grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /' /etc/apt/sources.list.d/ &>> /dev/null
- if [[ $? -ne 0 ]]; then
- if [ -f /etc/apt/sources.list.d/rtcamp-nginx-trusty.list ]; then
- rm -rf /etc/apt/sources.list.d/rtcamp-nginx-trusty.list
- fi
- echo -e "\ndeb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /" >> /etc/apt/sources.list.d/wo-repo.list
- gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
- gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
- if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
- mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/wo-nginx.conf.old &>> /dev/null
- fi
- mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
- apt-get update
- service nginx stop &>> /dev/null
- DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom nginx-ee
- service nginx restart &>> /dev/null
- fi
- dpkg --get-selections | grep -v deinstall | grep nginx-common
- if [ $? -eq 0 ]; then
- apt-get update
- dpkg --get-selections | grep -v deinstall | grep nginx-mainline
- if [ $? -eq 0 ]; then
- apt-get remove -y nginx-mainline
- fi
- service nginx stop &>> /dev/null
- DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
- service nginx restart &>> /dev/null
- fi
+ grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /' /etc/apt/sources.list.d/ &>> /dev/null
+ if [[ $? -ne 0 ]]; then
+ if [ -f /etc/apt/sources.list.d/rtcamp-nginx-trusty.list ]; then
+ rm -rf /etc/apt/sources.list.d/rtcamp-nginx-trusty.list
+ fi
+ echo -e "\ndeb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /" >> /etc/apt/sources.list.d/wo-repo.list
+ gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
+ gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
+ if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
+ mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/wo-nginx.conf.old &>> /dev/null
+ fi
+ mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
+ apt-get update
+ service nginx stop &>> /dev/null
+ DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom nginx-ee
+ service nginx restart &>> /dev/null
+ fi
+ dpkg --get-selections | grep -v deinstall | grep nginx-common
+ if [ $? -eq 0 ]; then
+ apt-get update
+ dpkg --get-selections | grep -v deinstall | grep nginx-mainline
+ if [ $? -eq 0 ]; then
+ apt-get remove -y nginx-mainline
+ fi
+ service nginx stop &>> /dev/null
+ DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
+ service nginx restart &>> /dev/null
+ fi
elif [ "$wo_linux_distro" == "Debian" ]; then
- grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /' /etc/apt/sources.list.d/ &>> /dev/null
- if [[ $? -ne 0 ]]; then
- echo -e "deb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
- gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
- gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
- if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
- mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/ee-nginx.conf.old &>> /dev/null
- fi
- mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
- mv /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.old &>> /dev/null
- apt-get update
- systemctl stop nginx &>> /dev/null
- apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom
- systemctl restart nginx &>> /dev/null
- fi
- dpkg --get-selections | grep -v deinstall | grep nginx-common
- if [ $? -eq 0 ]; then
- apt-get update
- dpkg --get-selections | grep -v deinstall | grep nginx-mainline
- if [ $? -eq 0 ]; then
- apt-get remove -y nginx-mainline
- fi
- systemctl stop nginx &>> /dev/null
- DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
- systemctl restart nginx &>> /dev/null
+ grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /' /etc/apt/sources.list.d/ &>> /dev/null
+ if [[ $? -ne 0 ]]; then
+ echo -e "deb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
+ gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
+ gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
+ if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
+ mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/ee-nginx.conf.old &>> /dev/null
fi
+ mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
+ mv /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.old &>> /dev/null
+ apt-get update
+ systemctl stop nginx &>> /dev/null
+ apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom
+ systemctl restart nginx &>> /dev/null
fi
+ dpkg --get-selections | grep -v deinstall | grep nginx-common
+ if [ $? -eq 0 ]; then
+ apt-get update
+ dpkg --get-selections | grep -v deinstall | grep nginx-mainline
+ if [ $? -eq 0 ]; then
+ apt-get remove -y nginx-mainline
+ fi
+ systemctl stop nginx &>> /dev/null
+ DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
+ systemctl restart nginx &>> /dev/null
+ fi
+ fi
if [ -f /etc/nginx/nginx.conf ]; then
sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/nginx.conf &>> /dev/null
@@ -521,56 +528,47 @@ if [ -f /etc/ImageMagick/policy.xml ]
# Rename Redis Header
if [ -f /etc/nginx/common/redis-hhvm.conf ]; then
- sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
- sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
fi
if [ -f /etc/nginx/common/redis.conf ]; then
- sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
- sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
+ sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
+ sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
fi
if [ -f /etc/nginx/common/redis-hhvm.conf ]; then
- # Update Timeout redis-hhvm.conf
- grep -0 'redis2_query expire $key 6h' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
- if [ $? -eq 0 ]; then
- sed -i 's/redis2_query expire $key 6h/redis2_query expire $key 14400/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
- fi
+ # Update Timeout redis-hhvm.conf
+ grep -0 'redis2_query expire $key 6h' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ if [ $? -eq 0 ]; then
+ sed -i 's/redis2_query expire $key 6h/redis2_query expire $key 14400/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ fi
- #Fix for 3.3.4 redis-hhvm issue
- grep -0 'HTTP_ACCEPT_ENCODING' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
- if [ $? -ne 0 ]; then
- sed -i 's/fastcgi_params;/fastcgi_params;\n fastcgi_param HTTP_ACCEPT_ENCODING "";/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
- fi
- fi
-
- #Fix Security Issue. commit #c64f28e
- if [ -f /etc/nginx/common/locations.conf ]; then
- grep -0 '$request_uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"' /etc/nginx/common/locations.conf &>> /dev/null
- if [ $? -eq 0 ]; then
- sed -i 's/$request_uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"/$uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"/g' /etc/nginx/common/locations.conf &>> /dev/null
- fi
+ #Fix for 3.3.4 redis-hhvm issue
+ grep -0 'HTTP_ACCEPT_ENCODING' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ if [ $? -ne 0 ]; then
+ sed -i 's/fastcgi_params;/fastcgi_params;\n fastcgi_param HTTP_ACCEPT_ENCODING "";/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
+ fi
fi
#Fix Redis-server security issue
#http://redis.io/topics/security
- if [ -f /etc/redis/redis.conf ]; then
- grep -0 -v "#" /etc/redis/redis.confse | grep 'bind' &>> /dev/null
- if [ $? -ne 0 ]; then
+ if [ -f /etc/redis/redis.conf ]; then
+ grep -0 -v "#" /etc/redis/redis.confse | grep 'bind' &>> /dev/null
+ if [ $? -ne 0 ]; then
sed -i '$ a bind 127.0.0.1' /etc/redis/redis.conf &>> /dev/null
service redis-server restart &>> /dev/null
- fi
- fi
-
- #Fix For --letsencrypt
- if [ -f /etc/nginx/common/locations.conf ]; then
- grep -0 'location ~ \/\\.well-known' /etc/nginx/common/locations.conf &>> /dev/null
- if [ $? -ne 0 ]; then
- sed -i 's/# Deny hidden files/# Deny hidden files\nlocation ~ \/\\.well-known {\n allow all;\n}\n /g' /etc/nginx/common/locations.conf &>> /dev/null
- fi
+ fi
fi
+ # Let's Encrypt .well-known folder setup
+ if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
+ mkdir -p /var/www/html/.well-known/acme-challenge
+ chown -R www-data:www-data /var/www/html/.well-known
+ fi
+
+
# Fix for 3.3.2 renamed nginx.conf
nginx -V 2>&1 &>>/dev/null
if [[ $? -eq 0 ]]; then
@@ -618,7 +616,7 @@ if [ -f /etc/ImageMagick/policy.xml ]
touch /var/log/php/7.2/slow.log /var/log/php/7.2/fpm.log
systemctl php7.2-fpm restart &>> /dev/null
- elif [ "$wo_linux_distro" == "Debian" ]; then
+ elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get install apt-transport-https lsb-release ca-certificates locales locales-all -y
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
@@ -626,7 +624,7 @@ if [ -f /etc/ImageMagick/policy.xml ]
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed." 1
- systemctl php7.2-fpm restart &>> /dev/null
+ systemctl php7.2-fpm restart &>> /dev/null
fi
#Fix for SSL cert --all
diff --git a/wo/cli/templates/locations-php7.mustache b/wo/cli/templates/locations-php7.mustache
index f7de530..ec75110 100644
--- a/wo/cli/templates/locations-php7.mustache
+++ b/wo/cli/templates/locations-php7.mustache
@@ -7,38 +7,49 @@ location = /favicon.ico {
expires max;
}
location = /robots.txt {
- # Some WordPress plugin gererate robots.txt file
- # Refer #340 issue
- try_files $uri $uri/ /index.php?$args;
- access_log off;
- log_not_found off;
+# Some WordPress plugin gererate robots.txt file
+# Refer #340 issue
+ try_files $uri $uri/ /index.php?$args @robots;
+ access_log off;
+ log_not_found off;
+}
+# fallback for robots.txt with default wordpress rules
+location @robots {
+ return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
-location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
- add_header "Access-Control-Allow-Origin" "*";
- access_log off;
- log_not_found off;
- expires max;
+location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
+ add_header "Access-Control-Allow-Origin" "*";
+ access_log off;
+ log_not_found off;
+ expires max;
+}
+# Cache css & js files
+location ~* \.(?:css(\.map)?|js(\.map)?)$ {
+ add_header "Access-Control-Allow-Origin" "*";
+ access_log off;
+ log_not_found off;
+ expires 30d;
}
# Security settings for better privacy
# Deny hidden files
-location ~ /\.well-known {
- allow all;
+location ~ /\.(?!well-known\/) {
+ deny all;
}
-location ~ /\. {
- deny all;
- access_log off;
- log_not_found off;
+# letsencrypt validation
+location /.well-known/acme-challenge/ {
+ alias /var/www/html/.well-known/acme-challenge/;
}
-# Deny backup extensions & log files
-location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
- deny all;
- access_log off;
- log_not_found off;
+# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
+location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
+ deny all;
}
-# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
-if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
- return 403;
+# Deny backup extensions & log files and return 403 forbidden
+location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
+ deny all;
+}
+location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
+ deny all;
}
# Status pages
location = /nginx_status {
diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache
index 1acfb17..38e20dd 100644
--- a/wo/cli/templates/locations.mustache
+++ b/wo/cli/templates/locations.mustache
@@ -7,38 +7,49 @@ location = /favicon.ico {
expires max;
}
location = /robots.txt {
- # Some WordPress plugin gererate robots.txt file
- # Refer #340 issue
- try_files $uri $uri/ /index.php?$args;
- access_log off;
- log_not_found off;
+# Some WordPress plugin gererate robots.txt file
+# Refer #340 issue
+ try_files $uri $uri/ /index.php?$args @robots;
+ access_log off;
+ log_not_found off;
+}
+# fallback for robots.txt with default wordpress rules
+location @robots {
+ return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
# Cache static files
-location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
- add_header "Access-Control-Allow-Origin" "*";
- access_log off;
- log_not_found off;
- expires max;
+location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
+ add_header "Access-Control-Allow-Origin" "*";
+ access_log off;
+ log_not_found off;
+ expires max;
+}
+# Cache css & js files
+location ~* \.(?:css(\.map)?|js(\.map)?)$ {
+ add_header "Access-Control-Allow-Origin" "*";
+ access_log off;
+ log_not_found off;
+ expires 30d;
}
# Security settings for better privacy
# Deny hidden files
-location ~ /\.well-known {
- allow all;
+location ~ /\.(?!well-known\/) {
+ deny all;
}
-location ~ /\. {
- deny all;
- access_log off;
- log_not_found off;
+# letsencrypt validation
+location /.well-known/acme-challenge/ {
+ alias /var/www/html/.well-known/acme-challenge/;
}
-# Deny backup extensions & log files
-location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
- deny all;
- access_log off;
- log_not_found off;
+# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
+location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
+ deny all;
}
-# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
-if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
- return 403;
+# Deny backup extensions & log files and return 403 forbidden
+location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
+ deny all;
+}
+location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
+ deny all;
}
# Status pages
location = /nginx_status {
diff --git a/wo/cli/templates/wpcommon-php7.mustache b/wo/cli/templates/wpcommon-php7.mustache
index f43f426..1b4b0fc 100644
--- a/wo/cli/templates/wpcommon-php7.mustache
+++ b/wo/cli/templates/wpcommon-php7.mustache
@@ -2,20 +2,42 @@
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# Limit access to avoid brute force attack
location = /wp-login.php {
- limit_req zone=one burst=1 nodelay;
- include fastcgi_params;
- fastcgi_pass php7;
+ limit_req zone=one burst=1 nodelay;
+ include fastcgi_params;
+ fastcgi_pass php7;
}
# Disable wp-config.txt
location = /wp-config.txt {
- deny all;
- access_log off;
- log_not_found off;
-}
-# Disallow php in upload folder
-location /wp-content/uploads/ {
- location ~ \.php$ {
- #Prevent Direct Access Of PHP Files From Web Browsers
deny all;
- }
+ access_log off;
+ log_not_found off;
+}
+# webp rewrite rules for jpg and png images
+# try to load alternative image.png.webp before image.png
+location /wp-content/uploads {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ add_header "Access-Control-Allow-Origin" "*";
+ add_header Cache-Control "public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~ \.php$ {
+#Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+}
+# Deny access to any files with a .php extension in the uploads directory
+# Works in sub-directory installs and also in multisite network
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~* /(?:uploads|files)/.*\.php$ {
+ deny all;
+}
+# mitigate DoS attack CVE with WordPress script concatenation
+# add the following line to wp-config.php
+# define( 'CONCATENATE_SCRIPTS', false );
+location ~ \/wp-admin\/load-(scripts|styles).php {
+ deny all;
}
diff --git a/wo/cli/templates/wpcommon.mustache b/wo/cli/templates/wpcommon.mustache
index e866a99..1444c22 100644
--- a/wo/cli/templates/wpcommon.mustache
+++ b/wo/cli/templates/wpcommon.mustache
@@ -2,20 +2,42 @@
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# Limit access to avoid brute force attack
location = /wp-login.php {
- limit_req zone=one burst=1 nodelay;
- include fastcgi_params;
- fastcgi_pass php;
+ limit_req zone=one burst=1 nodelay;
+ include fastcgi_params;
+ fastcgi_pass php;
}
# Disable wp-config.txt
location = /wp-config.txt {
- deny all;
- access_log off;
- log_not_found off;
-}
-# Disallow php in upload folder
-location /wp-content/uploads/ {
- location ~ \.php$ {
- #Prevent Direct Access Of PHP Files From Web Browsers
deny all;
- }
+ access_log off;
+ log_not_found off;
+}
+# webp rewrite rules for jpg and png images
+# try to load alternative image.png.webp before image.png
+location /wp-content/uploads {
+ location ~ \.(png|jpe?g)$ {
+ add_header Vary "Accept-Encoding";
+ add_header "Access-Control-Allow-Origin" "*";
+ add_header Cache-Control "public, no-transform";
+ access_log off;
+ log_not_found off;
+ expires max;
+ try_files $uri$webp_suffix $uri =404;
+ }
+ location ~ \.php$ {
+#Prevent Direct Access Of PHP Files From Web Browsers
+ deny all;
+ }
+}
+# Deny access to any files with a .php extension in the uploads directory
+# Works in sub-directory installs and also in multisite network
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~* /(?:uploads|files)/.*\.php$ {
+ deny all;
+}
+# mitigate DoS attack CVE with WordPress script concatenation
+# add the following line to wp-config.php
+# define( 'CONCATENATE_SCRIPTS', false );
+location ~ \/wp-admin\/load-(scripts|styles).php {
+ deny all;
}