Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #30 from WordOps/updating-configuration

Browse Source 
Updating configuration
This commit is contained in:
VirtuBox
2019-03-15 23:22:25 +01:00
committed by GitHub
parent e2ec5365bd 5651d7072e
commit 55cc230db5
6 changed files with 230 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -16,7 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Nginx module nginx_vts - Nginx module nginx_vts
- Migration script from nginx-ee to nginx-wo - Migration script from nginx-ee to nginx-wo
- Partial support for Debian 9 (testing) - Support for Debian 9 (testing)
- New Nginx build v1.14.2 - New Nginx build v1.14.2
#### Changed #### Changed

9
install
View File

@@ -136,7 +136,7 @@ wo_install_dep()
if [ "$wo_linux_distro" == "Ubuntu" ]; then if [ "$wo_linux_distro" == "Ubuntu" ]; then
apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1
else else
apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban > /dev/null 2>&1
fi fi
locale-gen en locale-gen en
@@ -348,7 +348,10 @@ wo_install_acme_sh() {
--config-home /etc/letsencrypt/config \ --config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal --cert-home /etc/letsencrypt/renewal
# enable auto-upgrade # enable auto-upgrade
/etc/letsencrypt/acme.sh --upgrade --auto-upgrade /etc/letsencrypt/acme.sh --upgrade --auto-upgrade \
--home /etc/letsencrypt \
--config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal
# Let's Encrypt .well-known folder setup # Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
@@ -356,7 +359,7 @@ wo_install_acme_sh() {
chown -R www-data:www-data /var/www/html /var/www/html/.well-known chown -R www-data:www-data /var/www/html /var/www/html/.well-known
fi fi
} >> /var/log/wo/install.log } >> /var/log/wo/install.log 2>&1
fi fi
} }

2
setup.py
View File

@@ -58,7 +58,7 @@ if not os.path.isfile('/root/.gitconfig'):
shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig')
setup(name='wo', setup(name='wo',
version='3.9.3', version='3.9.4',
description=long_description, description=long_description,
long_description=long_description, long_description=long_description,
classifiers=[], classifiers=[],

56
wo/cli/plugins/debug.py
View File

@@ -191,14 +191,15 @@ class WODebugController(CementBaseController):
nc.savef('/etc/nginx/conf.d/upstream.conf') nc.savef('/etc/nginx/conf.d/upstream.conf')
# Enable xdebug # Enable xdebug
WOFileUtils.searchreplace(self, "/etc/{0}/mods-available/".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5") + WOFileUtils.searchreplace(self, "/etc/{0}/mods-available/".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php/7.2") +
"xdebug.ini", "xdebug.ini",
";zend_extension", ";zend_extension",
"zend_extension") "zend_extension")
# Fix slow log is not enabled default in PHP5.6 # Fix slow log is not enabled default in PHP5.6
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.read('/etc/{0}/fpm/pool.d/debug.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config.read('/etc/{0}/fpm/pool.d/debug.conf'.format(
"php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5"))
config['debug']['slowlog'] = '/var/log/{0}/slow.log'.format("php/7.2" if ( config['debug']['slowlog'] = '/var/log/{0}/slow.log'.format("php/7.2" if (
WOVariables.wo_platform_distro == 'ubuntu') else "php5") WOVariables.wo_platform_distro == 'ubuntu') else "php5")
config['debug']['request_slowlog_timeout'] = '10s' config['debug']['request_slowlog_timeout'] = '10s'
@@ -249,7 +250,8 @@ class WODebugController(CementBaseController):
"/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")): "/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")):
Log.info(self, "Setting up PHP5-FPM log_level = debug") Log.info(self, "Setting up PHP5-FPM log_level = debug")
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (
WOVariables.wo_platform_distro == 'ubuntu') else "php5"))
config.remove_option('global', 'include') config.remove_option('global', 'include')
config['global']['log_level'] = 'debug' config['global']['log_level'] = 'debug'
config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if ( config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if (
@@ -272,7 +274,8 @@ class WODebugController(CementBaseController):
"/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")): "/etc/{0}/fpm/php-fpm.conf".format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")):
Log.info(self, "Disabling PHP5-FPM log_level = debug") Log.info(self, "Disabling PHP5-FPM log_level = debug")
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (WOVariables.wo_platform_distro == 'ubuntu') else "php5")) config.read('/etc/{0}/fpm/php-fpm.conf'.format("php/7.2" if (
WOVariables.wo_platform_distro == 'ubuntu') else "php5"))
config.remove_option('global', 'include') config.remove_option('global', 'include')
config['global']['log_level'] = 'notice' config['global']['log_level'] = 'notice'
config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if ( config['global']['include'] = '/etc/{0}/fpm/pool.d/*.conf'.format("php/7.2" if (
@@ -340,7 +343,8 @@ class WODebugController(CementBaseController):
# Change upstream.conf # Change upstream.conf
nc = NginxConfig() nc = NginxConfig()
nc.loadf('/etc/nginx/conf.d/upstream.conf') nc.loadf('/etc/nginx/conf.d/upstream.conf')
nc.set([('upstream', 'php72',), 'server'], 'unix:/var/run/php/php72-fpm.sock') nc.set([('upstream', 'php72',), 'server'],
'unix:/var/run/php/php72-fpm.sock')
nc.savef('/etc/nginx/conf.d/upstream.conf') nc.savef('/etc/nginx/conf.d/upstream.conf')
# Disable xdebug # Disable xdebug
@@ -620,13 +624,10 @@ class WODebugController(CementBaseController):
# Reload PHP # Reload PHP
if self.trigger_php: if self.trigger_php:
if WOVariables.wo_platform_distro == 'ubuntu': if WOAptGet.is_installed(self, 'php7.2-fpm'):
if WOAptGet.is_installed(self, 'php7.2-fpm'):
WOService.reload_service(self, 'php7.2-fpm')
if WOAptGet.is_installed(self, 'php7.3-fpm'):
WOService.reload_service(self, 'php7.3-fpm')
else:
WOService.reload_service(self, 'php7.2-fpm') WOService.reload_service(self, 'php7.2-fpm')
if WOAptGet.is_installed(self, 'php7.3-fpm'):
WOService.reload_service(self, 'php7.3-fpm')
self.app.close(0) self.app.close(0)
@expose(hide=True) @expose(hide=True)
@@ -638,12 +639,12 @@ class WODebugController(CementBaseController):
self.trigger_nginx = False self.trigger_nginx = False
self.trigger_php = False self.trigger_php = False
if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and (not self.app.pargs.php73) if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and
and (not self.app.pargs.fpm) and (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) (not self.app.pargs.php73) and (not self.app.pargs.fpm) and
and (not self.app.pargs.wp) and (not self.app.pargs.rewrite) (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) and
and (not self.app.pargs.all) (not self.app.pargs.wp) and (not self.app.pargs.rewrite) and
and (not self.app.pargs.site_name) (not self.app.pargs.all) and (not self.app.pargs.site_name) and
and (not self.app.pargs.import_slow_log) (not self.app.pargs.import_slow_log)
and (not self.app.pargs.interval)): and (not self.app.pargs.interval)):
if self.app.pargs.stop or self.app.pargs.start: if self.app.pargs.stop or self.app.pargs.start:
print("--start/stop option is deprecated since ee v3.0.5") print("--start/stop option is deprecated since ee v3.0.5")
@@ -711,7 +712,7 @@ class WODebugController(CementBaseController):
self.app.pargs.nginx = 'on' self.app.pargs.nginx = 'on'
self.app.pargs.php = 'on' self.app.pargs.php = 'on'
self.app.pargs.fpm = 'on' self.app.pargs.fpm = 'on'
if (WOVariables.wo_platform_distro == 'ubuntu') and WOAptGet.is_installed(self, 'php7.2-fpm'): if WOAptGet.is_installed(self, 'php7.2-fpm'):
self.app.pargs.php73 = 'on' self.app.pargs.php73 = 'on'
self.app.pargs.fpm73 = 'on' self.app.pargs.fpm73 = 'on'
self.app.pargs.mysql = 'on' self.app.pargs.mysql = 'on'
@@ -723,16 +724,17 @@ class WODebugController(CementBaseController):
self.app.pargs.nginx = 'off' self.app.pargs.nginx = 'off'
self.app.pargs.php = 'off' self.app.pargs.php = 'off'
self.app.pargs.fpm = 'off' self.app.pargs.fpm = 'off'
if (WOVariables.wo_platform_distro == 'ubuntu') and WOAptGet.is_installed(self, 'php7.2-fpm'): if WOAptGet.is_installed(self, 'php7.2-fpm'):
self.app.pargs.php73 = 'off' self.app.pargs.php73 = 'off'
self.app.pargs.fpm73 = 'off' self.app.pargs.fpm73 = 'off'
self.app.pargs.mysql = 'off' self.app.pargs.mysql = 'off'
self.app.pargs.rewrite = 'off' self.app.pargs.rewrite = 'off'
if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and (not self.app.pargs.php73) if ((not self.app.pargs.nginx) and (not self.app.pargs.php) and
and (not self.app.pargs.fpm) and (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) (not self.app.pargs.php73) and (not self.app.pargs.fpm) and
and (not self.app.pargs.wp) and (not self.app.pargs.rewrite) (not self.app.pargs.fpm73) and (not self.app.pargs.mysql) and
and self.app.pargs.site_name): (not self.app.pargs.wp) and (not self.app.pargs.rewrite) and
self.app.pargs.site_name):
self.app.args.print_help() self.app.args.print_help()
# self.app.pargs.nginx = 'on' # self.app.pargs.nginx = 'on'
# self.app.pargs.wp = 'on' # self.app.pargs.wp = 'on'
@@ -768,10 +770,10 @@ class WODebugController(CementBaseController):
WOService.reload_service(self, 'nginx') WOService.reload_service(self, 'nginx')
# Reload PHP # Reload PHP
if self.trigger_php: if self.trigger_php:
if WOAptGet.is_installed(self, 'php7.2-fpm'): if WOAptGet.is_installed(self, 'php7.2-fpm'):
WOService.restart_service(self, 'php7.2-fpm') WOService.restart_service(self, 'php7.2-fpm')
if WOAptGet.is_installed(self, 'php7.3-fpm'): if WOAptGet.is_installed(self, 'php7.3-fpm'):
WOService.restart_service(self, 'php7.3-fpm') WOService.restart_service(self, 'php7.3-fpm')
if len(self.msg) > 0: if len(self.msg) > 0:
if not self.app.pargs.interactive: if not self.app.pargs.interactive:

89
wo/cli/plugins/site.py
View File

@@ -678,7 +678,8 @@ class WOSiteCreateController(CementBaseController):
Log.error(self, "Check the log for details: " Log.error(self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again") "`tail /var/log/wo/wordops.log` and please try again")
if self.app.pargs.letsencrypt and (not self.app.pargs.subdomain): if (self.app.pargs.letsencrypt and
not pargs.letsencrypt == "wildcard"):
if stype in ['wpsubdomain']: if stype in ['wpsubdomain']:
Log.warn( Log.warn(
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.") self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
@@ -772,7 +773,8 @@ class WOSiteUpdateController(CementBaseController):
(['-le', '--letsencrypt'], (['-le', '--letsencrypt'],
dict(help="configure letsencrypt ssl for the site", dict(help="configure letsencrypt ssl for the site",
action='store' or 'store_const', action='store' or 'store_const',
choices=('on', 'off', 'renew'), const='on', nargs='?')), choices=('on', 'off', 'renew', 'subdomain', 'wildcard'),
const='on', nargs='?')),
(['--proxy'], (['--proxy'],
dict(help="update to proxy site", nargs='+')), dict(help="update to proxy site", nargs='+')),
(['--experimental'], (['--experimental'],
@@ -1119,28 +1121,14 @@ class WOSiteUpdateController(CementBaseController):
php73 = True php73 = True
if pargs.letsencrypt == "on": if pargs.letsencrypt == "on":
if oldsitetype in ['wpsubdomain']:
if pargs.experimental: data['letsencrypt'] = True
letsencrypt = True
if oldsitetype in ['wpsubdomain']: wildcard = True
Log.warn(
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
Log.info(self, "Letsencrypt is currently in beta phase."
" \nDo you wish"
" to enable SSl now for {0}?".format(wo_domain))
check_prompt = input("Type \"y\" to continue [n]:")
if check_prompt != "Y" and check_prompt != "y":
Log.info(self, "Not using letsencrypt for site")
data['letsencrypt'] = False
letsencrypt = False
else:
data['letsencrypt'] = True
letsencrypt = True
else: else:
data['letsencrypt'] = True data['letsencrypt'] = True
letsencrypt = True letsencrypt = True
wildcard = True
if pargs.wpredis and data['currcachetype'] != 'wpredis': if pargs.wpredis and data['currcachetype'] != 'wpredis':
if pargs.experimental: if pargs.experimental:
@@ -1202,7 +1190,7 @@ class WOSiteUpdateController(CementBaseController):
" http://{0}".format(wo_domain)) " http://{0}".format(wo_domain))
return 0 return 0
if pargs.letsencrypt: if pargs.letsencrypt and (not pargs.subdomain):
if data['letsencrypt'] is True: if data['letsencrypt'] is True:
if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled" if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled"
.format(wo_site_webroot)): .format(wo_site_webroot)):
@@ -1215,9 +1203,6 @@ class WOSiteUpdateController(CementBaseController):
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
Log.info(self, "Creating Cron Job for cert auto-renewal")
WOCron.setcron_weekly(self, 'wo site update --le=renew --all 2> /dev/null'.format(wo_domain), 'Renew all'
' letsencrypt SSL cert. Set by WordOps')
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
@@ -1245,8 +1230,58 @@ class WOSiteUpdateController(CementBaseController):
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
# Log.info(self,"Removing Cron Job set for cert auto-renewal") # Log.info(self,"Removing Cron Job set for cert
# WOCron.remove_cron(self,'wo site update {0} --le=renew --min_expiry_limit 30 2> \/dev\/null'.format(wo_domain)) # auto-renewal") WOCron.remove_cron(self,'wo site
# update {0} --le=renew --min_expiry_limit 30
# 2> \/dev\/null'.format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain))
if pargs.letsencrypt and (pargs.subdomain):
if data['letsencrypt'] is True:
if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled"
.format(wo_site_webroot)):
setupLetsEncryptSubdomain(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/ssl.conf'
.format(wo_site_webroot))
httpsRedirect(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully Configured SSl for Site "
" https://{0}".format(wo_domain))
if (SSL.getExpirationDays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getExpirationDays(self, wo_domain)) + " days.")
else:
Log.warn(
self, "Your cert already EXPIRED ! .PLEASE renew soon . ")
elif data['letsencrypt'] is False:
if os.path.isfile("{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot)):
Log.info(self, 'Setting Nginx configuration')
WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot))
httpsRedirect(self, wo_domain, False)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
# Log.info(self,"Removing Cron Job set for
# cert auto-renewal")
# WOCron.remove_cron(self,'wo site update {0}
# --le=renew --min_expiry_limit 30 2> \/dev\/null'
# .format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site " Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain)) " http://{0}".format(wo_domain))

203
wo/cli/plugins/site_functions.py
View File

@@ -690,7 +690,8 @@ def site_package_check(self, stype):
Log.debug(self, "Setting apt_packages variable for Nginx") Log.debug(self, "Setting apt_packages variable for Nginx")
# Check if server has nginx-custom package # Check if server has nginx-custom package
if not (WOAptGet.is_installed(self, 'nginx-custom') or WOAptGet.is_installed(self, 'nginx-mainline')): if not (WOAptGet.is_installed(self, 'nginx-custom') or
WOAptGet.is_installed(self, 'nginx-mainline')):
# check if Server has nginx-plus installed # check if Server has nginx-plus installed
if WOAptGet.is_installed(self, 'nginx-plus'): if WOAptGet.is_installed(self, 'nginx-plus'):
# do something # do something
@@ -1187,27 +1188,52 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='',
raise SiteError("dbhost not provided") raise SiteError("dbhost not provided")
deleteDB(self, dbname, dbuser, dbhost) deleteDB(self, dbname, dbuser, dbhost)
# setup letsencrypt for domain + www.domain
def setupLetsEncrypt(self, wo_domain_name): def setupLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"
.format(wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name)) .format(wo_domain_name))
ssl = archivedCertificateHandle(self, wo_domain_name, wo_wp_email) ssl = archivedCertificateHandle(self, wo_domain_name)
else: else:
Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.") Log.warn(self, "Please wait while we fetch the new HTTPS certificate"
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -d {0} -d www.{0} --standalone" " for your site.\nIt may take a few minutes"
" depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue "
"-d {0} -d www.{0} -w /var/www/html"
"-k ec-384"
.format(wo_domain_name)) .format(wo_domain_name))
if ssl: if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!") Log.info(self, "The HTTPS setup for your website is "
"successfully completed!")
Log.info(self, "Your certificate and chain have been saved in " Log.info(self, "Your certificate and chain have been saved in "
"/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name)) "{0}/{1}/fullchain.pem"
.format(WOVariables.wo_ssl_live, wo_domain_name))
Log.info(self, "Configuring nginx HTTPS configuration") Log.info(self, "Configuring nginx HTTPS configuration")
if os.path.isfile("{0}/{1}_ecc/fullchain.cer"
.format(WOVariables.wo_ssl_archive, wo_domain_name)):
Log.debug(self, "Cert deployment for domain: {0}"
.format(wo_domain_name))
ssl_deploy = WOShellExec.cmd_exec(self,
"mkdir -p {0}/{1} &&"
"/etc/letsencrypt/acme.sh "
"--install-cert -d {1} --ecc "
"--cert-file {0}/{1}/cert.pem "
"--key-file {0}/{1}/key.pem "
"--fullchain-file "
"{0}/{1}/fullchain.pem "
"--reloadcmd="
"\"service nginx restart\" "
.format(WOVariables.wo_ssl_live,
wo_domain_name))
try: try:
Log.info( Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name)) self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name), .format(wo_domain_name),
@@ -1215,9 +1241,9 @@ def setupLetsEncrypt(self, wo_domain_name):
sslconf.write("listen 443 ssl http2;\n" sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n" "listen [::]:443 ssl http2;\n"
"ssl on;\n" "ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n"
.format(wo_domain_name)) .format(wo_ssl_live, wo_domain_name))
sslconf.close() sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True) # updateSiteInfo(self, wo_domain_name, ssl=True)
@@ -1231,29 +1257,40 @@ def setupLetsEncrypt(self, wo_domain_name):
else: else:
Log.error(self, "Unable to setup, Let\'s Encrypt", False) Log.error(self, "Unable to setup, Let\'s Encrypt", False)
Log.error(self, "Please make sure that your site is pointed to \n" Log.error(self, "Please make sure that your site is pointed to \n"
"same server on which you are running Let\'s Encrypt Client " "same server on which "
"you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.") "\n to allow it to verify the site automatically.")
# setup letsencrypt for a subdomain
def setupLetsEncryptSubdomain(self, wo_domain_name): def setupLetsEncryptSubdomain(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email wo_wp_email = WOVariables.wo_email
if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)): if os.path.isfile("{0}/{1}_ecc/{1}.conf"
.format(WOVariables.wo_ssl_archive, wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name)) .format(wo_domain_name))
else: else:
Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.") Log.warn(self, "Please wait while we fetch the new HTTPS certificate "
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone" "for your site.\nIt may take a "
"few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue "
"-d {0} -w /var/www/html"
"-k ec-384"
.format(wo_domain_name)) .format(wo_domain_name))
if ssl: if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!") Log.info(self, "The HTTPS setup for your website "
"is successfully completed!")
Log.info(self, "Your certificate and chain have been saved in " Log.info(self, "Your certificate and chain have been saved in "
"/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name)) "{0}/{1}/fullchain.pem"
.format(WOVariables.wo_ssl_live, wo_domain_name))
Log.info(self, "Configuring nginx HTTPS configuration") Log.info(self, "Configuring nginx HTTPS configuration")
try: try:
Log.info( Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name)) self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name), .format(wo_domain_name),
@@ -1261,9 +1298,9 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
sslconf.write("listen 443 ssl http2;\n" sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n" "listen [::]:443 ssl http2;\n"
"ssl on;\n" "ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n"
.format(wo_domain_name)) .format(WOVariables.wo_ssl_live, wo_domain_name))
sslconf.close() sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True) # updateSiteInfo(self, wo_domain_name, ssl=True)
@@ -1277,24 +1314,18 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
else: else:
Log.error(self, "Unable to setup, Let\'s Encrypt", False) Log.error(self, "Unable to setup, Let\'s Encrypt", False)
Log.error(self, "Please make sure that your site is pointed to \n" Log.error(self, "Please make sure that your site is pointed to \n"
"same server on which you are running Let\'s Encrypt Client " "same server on which "
"you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.") "\n to allow it to verify the site automatically.")
# letsencrypt cert renewal
def renewLetsEncrypt(self, wo_domain_name): def renewLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
while not wo_wp_email:
try:
wo_wp_email = input('Enter email address: ')
except EOFError as e:
Log.debug(self, "{0}".format(e))
raise SiteError("Input WordPress email failed")
Log.info(self, "Renewing SSl cert for https://{0}".format(wo_domain_name))
ssl = WOShellExec.cmd_exec( ssl = WOShellExec.cmd_exec(
self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name)) self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force"
.format(wo_domain_name))
mail_list = '' mail_list = ''
if not ssl: if not ssl:
@@ -1305,36 +1336,47 @@ def renewLetsEncrypt(self, wo_domain_name):
else: else:
Log.error(self, "Your current certificate already expired!", False) Log.error(self, "Your current certificate already expired!", False)
WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name), # WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email,
"Hi,\n\nHTTPS certificate renewal for https://{0} was unsuccessful.".format(wo_domain_name) + # "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name),
"\nPlease check the WordOps log for reason. The current expiry date is : " + # "Hi,\n\nHTTPS certificate renewal for https://{0}
str(SSL.getExpirationDate(self, wo_domain_name)) + # was unsuccessful.".format(wo_domain_name) +
"\n\nFor support visit https://wordops.org/support .\n\nBest regards,\nYour WordOps Worker", files=mail_list, # "\nPlease check the WordOps log for reason
port=25, isTls=False) # The current expiry date is : " +
# str(SSL.getExpirationDate(self, wo_domain_name)) +
# "\n\nFor support visit https://wordops.org/support .
# \n\nBest regards,\nYour WordOps Worker", files=mail_list,
# port=25, isTls=False)
Log.error(self, "Check the WO log for more details " Log.error(self, "Check the WO log for more details "
"`tail /var/log/wo/wordops.log`") "`tail /var/log/wo/wordops.log`")
WOGit.add(self, ["/etc/letsencrypt"], WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder") msg="Adding letsencrypt folder")
WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name), # WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email,
"Hi,\n\nYour Let's Encrypt certificate has been renewed for https://{0} .".format(wo_domain_name) + # "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name),
"\nYour new certificate will expire on : " + # "Hi,\n\nYour Let's Encrypt certificate has been renewed for
str(SSL.getExpirationDate(self, wo_domain_name)) + # https://{0} .".format(wo_domain_name) +
"\n\nBest regards,\nYour WordOps Worker", files=mail_list, # "\nYour new certificate will expire on : " +
port=25, isTls=False) # str(SSL.getExpirationDate(self, wo_domain_name)) +
# "\n\nBest regards,\nYour WordOps Worker", files=mail_list,
# port=25, isTls=False)
# redirect= False to disable https redirection # redirect= False to disable https redirection
def httpsRedirect(self, wo_domain_name, redirect=True): def httpsRedirect(self, wo_domain_name, redirect=True):
if redirect: if redirect:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)): if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name), .format(wo_domain_name)):
"/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) WOFileUtils.mvfile(self,
"/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
.format(wo_domain_name),
"/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name))
else: else:
try: try:
Log.info( Log.info(
self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name))
sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf" sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name), .format(wo_domain_name),
@@ -1364,8 +1406,10 @@ def httpsRedirect(self, wo_domain_name, redirect=True):
def archivedCertificateHandle(self, domain, wo_wp_email): def archivedCertificateHandle(self, domain, wo_wp_email):
Log.warn(self, "You already have an existing certificate for the domain requested.\n" Log.warn(self, "You already have an existing certificate "
"(ref: /etc/letsencrypt/renewal/{0}.conf)".format(domain) + "for the domain requested.\n"
"(ref: {0}/"
"{0}_ecc/{0}.conf)".format(WOVariables.wo_ssl_archive, domain) +
"\nPlease select an option from below?" "\nPlease select an option from below?"
"\n\t1: Reinstall existing certificate" "\n\t1: Reinstall existing certificate"
"\n\t2: Keep the existing certificate for now" "\n\t2: Keep the existing certificate for now"
@@ -1373,28 +1417,43 @@ def archivedCertificateHandle(self, domain, wo_wp_email):
"") "")
check_prompt = input( check_prompt = input(
"\nType the appropriate number [1-3] or any other key to cancel: ") "\nType the appropriate number [1-3] or any other key to cancel: ")
if not os.path.isfile("/etc/letsencrypt/live/{0}/cert.pem".format(domain)): if not os.path.isfile("{0}/{1}/fullchain.pem"
.format(WOVariables.wo_ssl_live, domain)):
Log.error( Log.error(
self, "/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain)) self, "{0}/{1}/cert.pem file is missing."
if check_prompt == "1": .format(WOVariables.wo_ssl_live, domain))
Log.info(self, "Please wait while we reinstall the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto certonly --rsa-key-size 4096 --reinstall --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} " if check_prompt == "1":
.format(domain) Log.info(self, "Please wait while we reinstall the Let's Encrypt "
+ "--email {0} --text --agree-tos".format(wo_wp_email)) "certificate for your site.\nIt may take a "
elif check_prompt == "2": "few minutes depending on your network.")
Log.info(self, "Using Existing Certificate files") ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} &&"
if not (os.path.isfile("/etc/letsencrypt/live/{0}/fullchain.pem".format(domain)) or "/etc/letsencrypt/acme.sh "
os.path.isfile("/etc/letsencrypt/live/{0}/key.pem".format(domain))): "--install-cert -d {1} --ecc "
Log.error(self, "Certificate files not found. Skipping.\n" "--cert-file {0}/{1}/cert.pem "
"Please check if following file exist\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t" "--key-file {0}/{1}/key.pem "
"/etc/letsencrypt/live/{0}/key.pem".format(domain)) "--fullchain-file "
ssl = True "{0}/{1}/fullchain.pem "
"--reloadcmd="
"\"service nginx restart\" "
.format(WOVariables.wo_ssl_live, domain))
elif (check_prompt == "2"):
Log.info(self, "Using Existing Certificate files")
if not os.path.isfile("{0}/{1}/fullchain.pem".format(WOVariables.wo_ssl_live, domain)):
Log.error(self, "Certificate files not found. Skipping.\n"
"Please check if following file exist"
"\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t"
"/etc/letsencrypt/live/{0}/key.pem".format(domain))
ssl = True
elif (check_prompt == "3"):
Log.info(self, "Please wait while we renew the Let's Encrypt"
"certificate for your site.\nIt may take a few "
"minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force"
.format(domain))
elif check_prompt == "3":
Log.info(self, "Please wait while we renew the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto --renew-by-default --rsa-key-size 4096 certonly --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} "
.format(domain)
+ "--email {0} --text --agree-tos".format(wo_wp_email))
else: else:
Log.error(self, "Operation cancelled by user.") Log.error(self, "Operation cancelled by user.")