From 6c3d645d9ef73d35221caf210931a47326ef98e1 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 30 Sep 2019 03:10:30 +0200 Subject: [PATCH] ngxblocker implementation --- install | 2 +- setup.py | 8 ++-- snapcraft.yaml | 23 ++++++++++++ wo/cli/main.py | 8 ++-- wo/cli/plugins/site.py | 58 +++++++++++------------------ wo/cli/plugins/site_functions.py | 26 ++++++++----- wo/cli/templates/cf-update.mustache | 32 ++++++++-------- wo/core/domainvalidate.py | 1 - wo/core/variables.py | 6 +-- 9 files changed, 90 insertions(+), 74 deletions(-) create mode 100644 snapcraft.yaml diff --git a/install b/install index bb9d970..4378362 100755 --- a/install +++ b/install @@ -232,7 +232,7 @@ wo_install_dep() { if [ "$wo_linux_distro" == "Ubuntu" ]; then # install dependencies apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ - build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ + build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz \ gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 add-apt-repository ppa:wordops/nginx-wo -yn else diff --git a/setup.py b/setup.py index 0bf7c71..1fa7f3b 100644 --- a/setup.py +++ b/setup.py @@ -7,10 +7,10 @@ from setuptools import find_packages, setup conf = [] templates = [] -long_description = '''WordOps An essential toolset that eases WordPress +long_description = '''WordOps is an essential toolset that eases WordPress site and server administration. It provide the ability to install a high performance WordPress stack - with a few keystrokes''' + with a few keystrokes.''' for name in glob.glob('config/plugins.d/*.conf'): conf.insert(1, name) @@ -21,8 +21,8 @@ for name in glob.glob('wo/cli/templates/*.mustache'): if not os.path.exists('/var/log/wo/'): os.makedirs('/var/log/wo/') -if not os.path.exists('/var/lib/wo/'): - os.makedirs('/var/lib/wo/') +if not os.path.exists('/var/lib/wo/tmp/'): + os.makedirs('/var/lib/wo/tmp/') setup(name='wo', version='3.9.9.1', diff --git a/snapcraft.yaml b/snapcraft.yaml new file mode 100644 index 0000000..eb46364 --- /dev/null +++ b/snapcraft.yaml @@ -0,0 +1,23 @@ +name: test-wordops +version: git +summary: WordOps +description: | + WordOps is an essential toolset that eases WordPress + site and server administration. It provide the ability + to install a high performance WordPress stack + with a few keystrokes. +confinement: devmode +base: core18 + +parts: + test-wordops: + plugin: python + python-version: python3 + source: . + stage-packages: + - cement + - python-apt + +apps: + test-wordops: + command: wo diff --git a/wo/cli/main.py b/wo/cli/main.py index 00ddd6a..dad8f1c 100644 --- a/wo/cli/main.py +++ b/wo/cli/main.py @@ -106,14 +106,14 @@ def main(): # Catch our application errors and exit 1 (error) code = 1 print(e) - except FrameworkError as e: - # Catch framework errors and exit 1 (error) - code = 1 - print(e) except CaughtSignal as e: # Default Cement signals are SIGINT and SIGTERM, exit 0 (non-error) code = 0 print(e) + except FrameworkError as e: + # Catch framework errors and exit 1 (error) + code = 1 + print(e) except Exception as e: code = 1 print(e) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index d393aa3..869f296 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -137,8 +137,8 @@ class WOSiteController(CementBaseController): pargs.site_name = pargs.site_name.strip() (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) - (wo_domain_type, - wo_root_domain) = WODomain.getdomainlevel(self, wo_domain) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel( + self, wo_domain) wo_db_name = '' wo_db_user = '' wo_db_pass = '' @@ -731,9 +731,8 @@ class WOSiteCreateController(CementBaseController): if pargs.letsencrypt: acme_domains = [] - (wo_domain_type, - wo_root_domain) = WODomain.getdomainlevel(self, - wo_domain) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel( + self, wo_domain) data['letsencrypt'] = True letsencrypt = True if data['letsencrypt'] is True: @@ -1036,7 +1035,6 @@ class WOSiteUpdateController(CementBaseController): except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nHSTS not enabled.") - return 0 elif pargs.hsts == "off": if os.path.isfile( '/var/www/{0}/conf/nginx/hsts.conf' @@ -1047,9 +1045,12 @@ class WOSiteUpdateController(CementBaseController): '/var/www/{0}/conf/' 'nginx/hsts.conf.disabled' .format(wo_domain)) - return 0 else: Log.error(self, "HSTS isn't enabled") + # Service Nginx Reload + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") if (pargs.ngxblocker and not (pargs.html or pargs.php or pargs.php73 or @@ -1059,23 +1060,11 @@ class WOSiteUpdateController(CementBaseController): pargs.wpsubdir or pargs.wpsubdomain or pargs.hsts)): if pargs.ngxblocker == "on": - if not os.path.isfile( - '/var/www/{0}/conf/nginx/ngxblocker.conf.disabled' - .format(wo_domain)): - try: - setupngxblocker(self, wo_domain) - except SiteError as e: - Log.debug(self, str(e)) - Log.info(self, "\nngxblocker not enabled.") - return 0 - else: - WOFileUtils.mvfile(self, '/var/www/{0}/conf/' - 'nginx/ngxblocker.conf.disabled' - .format(wo_domain), - '/var/www/{0}/conf/' - 'nginx/ngxblocker.conf' - .format(wo_domain)) - return 0 + try: + setupngxblocker(self, wo_domain) + except SiteError as e: + Log.debug(self, str(e)) + Log.info(self, "\nngxblocker not enabled.") elif pargs.ngxblocker == "off": if os.path.isfile( '/var/www/{0}/conf/nginx/ngxblocker.conf' @@ -1086,10 +1075,14 @@ class WOSiteUpdateController(CementBaseController): '/var/www/{0}/conf/' 'nginx/ngxblocker.conf.disabled' .format(wo_domain)) - return 0 else: Log.error(self, "ngxblocker isn't enabled") + # Service Nginx Reload + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + if ((stype == 'php' and oldsitetype not in ['html', 'proxy', 'php73']) or (stype == 'mysql' and oldsitetype not in ['html', 'php', @@ -1243,8 +1236,8 @@ class WOSiteUpdateController(CementBaseController): acme_domains = [] acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf', dnsalias=False, acme_alias='') - (wo_domain_type, - wo_root_domain) = WODomain.getdomainlevel(self, wo_domain) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel( + self, wo_domain) if pargs.letsencrypt == 'on': data['letsencrypt'] = True @@ -1660,16 +1653,7 @@ class WOSiteUpdateController(CementBaseController): "site") if pargs.ngxblocker: if ngxblocker is True: - if not os.path.isfile("{0}/conf/nginx/ngxblocker.conf.disabled" - .format(wo_site_webroot)): - setupngxblocker(self, wo_domain) - else: - WOFileUtils.mvfile( - self, - "{0}/conf/nginx/ngxblocker.conf.disabled" - .format(wo_site_webroot), - "{0}/conf/nginx/ngxblocker.conf" - .format(wo_site_webroot)) + setupngxblocker(self, wo_domain) elif ngxblocker is False: if os.path.isfile("{0}/conf/nginx/ngxblocker.conf" .format(wo_site_webroot)): diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index f4d11c2..7ebf2e9 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -4,6 +4,7 @@ import json import os import random import re +import shutil import string import subprocess from subprocess import CalledProcessError @@ -409,7 +410,6 @@ def setupwordpress(self, data, vhostonly=False): # os.path.abspath(os.path.join(os.getcwd(), os.pardir))) try: - import shutil Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd( )+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), @@ -1606,12 +1606,20 @@ def setuprocketchat(self): return True -def setupngxblocker(self, domain): +def setupngxblocker(self, domain, block=True): if os.path.isdir('/var/www/{0}/conf/nginx'.format(domain)): - ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf" - .format(domain), - encoding='utf-8', mode='w') - ngxconf.write("# Bad Bot Blocker\n" - "include /etc/nginx/bots.d/ddos.conf;\n" - "include /etc/nginx/bots.d/blockbots.conf;\n") - ngxconf.close() + if not os.path.isfile('/var/www/{0}/conf/nginx/ngxblocker.disabled' + .format(domain)): + ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf" + .format(domain), + encoding='utf-8', mode='w') + ngxconf.write("# Bad Bot Blocker\n" + "include /etc/nginx/bots.d/ddos.conf;\n" + "include /etc/nginx/bots.d/blockbots.conf;\n") + ngxconf.close() + else: + WOFileUtils.mvfile( + self, '/var/www/{0}/conf/nginx/ngxblocker.disabled' + .format(domain), '/var/www/{0}/conf/nginx/ngxblocker' + .format(domain)) + return 0 \ No newline at end of file diff --git a/wo/cli/templates/cf-update.mustache b/wo/cli/templates/cf-update.mustache index 562b451..60739a1 100644 --- a/wo/cli/templates/cf-update.mustache +++ b/wo/cli/templates/cf-update.mustache @@ -5,19 +5,21 @@ CURL_BIN=$(command -v curl) CF_IPV4=$($CURL_BIN -sL https://www.cloudflare.com/ips-v4) CF_IPV6=$($CURL_BIN -sL https://www.cloudflare.com/ips-v6) -echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf -echo "####################################" -echo "Adding Cloudflare IPv4" -echo "####################################" -for cf_ip4 in $CF_IPV4; do - echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf -done -echo "####################################" -echo "Adding Cloudflare IPv6" -echo "####################################" -for cf_ip6 in $CF_IPV6; do - echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf -done -echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf +if [ -d /etc/nginx/conf.d ]; then + echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf + echo "####################################" + echo "Adding Cloudflare IPv4" + echo "####################################" + for cf_ip4 in $CF_IPV4; do + echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf + done + echo "####################################" + echo "Adding Cloudflare IPv6" + echo "####################################" + for cf_ip6 in $CF_IPV6; do + echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf + done + echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf -nginx -t && service nginx reload \ No newline at end of file + nginx -t && service nginx reload +fi diff --git a/wo/core/domainvalidate.py b/wo/core/domainvalidate.py index 1daff0c..d198adf 100644 --- a/wo/core/domainvalidate.py +++ b/wo/core/domainvalidate.py @@ -1,6 +1,5 @@ """WordOps domain validation module.""" import os -from urllib.parse import urlparse class WODomain(): diff --git a/wo/core/variables.py b/wo/core/variables.py index d0154c0..d5ce887 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -11,7 +11,7 @@ class WOVariables(): """Intialization of core variables""" # WordOps version - wo_version = "3.9.9.1" + wo_version = "3.9.9.2" # WordOps packages versions wo_wp_cli = "2.3.0" wo_adminer = "4.7.3" @@ -66,9 +66,9 @@ class WOVariables(): except Exception: wo_user = input("Enter your name: ") wo_email = input("Enter your email: ") - os.system("/usr/bin/git config --global user.name {0}".format(wo_user)) + os.system("git config --global user.name {0}".format(wo_user)) os.system( - "/usr/bin/git config --global user.email {0}".format(wo_email)) + "git config --global user.email {0}".format(wo_email)) # MySQL hostname wo_mysql_host = ""