From 7765b2ce84479ced16acf870c9cd0075b3e823a6 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 25 Oct 2019 23:58:08 +0200 Subject: [PATCH] Several improvements * Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed * WordOps now check if a repository already exist before trying to adding it again. * install script refactored --- CHANGELOG.md | 4 ++ config/bash_completion.d/wo_auto.rc | 2 +- docs/wo.8 | 34 ++++++++------ install | 59 ++++++++++++------------- wo/cli/plugins/site.py | 2 +- wo/cli/plugins/stack_migrate.py | 1 - wo/cli/plugins/stack_pref.py | 66 +++++++++++++++++++++------- wo/cli/plugins/sync.py | 28 +++++++----- wo/cli/templates/nextcloud.mustache | 9 ++-- wo/cli/templates/nginx-core.mustache | 6 +-- wo/core/acme.py | 9 ++++ wo/core/domainvalidate.py | 1 - wo/core/fileutils.py | 14 +++--- 13 files changed, 146 insertions(+), 89 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7773879..f00707f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), #### Added - WordOps install is now installed with pip from PyPi (easier, cleaner and safer) inside a wheel +- Redis 5.0.6 package backported to Debian 8/9/10 +- Custom motd to display a message if a new WordOps release is available +- Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed #### Changed @@ -18,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Nginx systemd tweaks during Nginx install/upgrade and removed from install script - Initial creation of .gitconfig is displayed the first time you run the command `wo` - Added `/var/lib/php/sessions/` to open_basedir to allow php sessions storage +- WordOps now check if a repository already exist before trying to adding it again. #### Fixed diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index d5dacc0..c3146c0 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -79,7 +79,7 @@ _wo_complete() ;; "upgrade" ) COMPREPLY=( $(compgen \ - -W "--web --admin --utils --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --no-prompt --mysqtuner --wpcli --force" \ + -W "--web --admin --utils --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --mysqtuner --wpcli --force" \ -- $cur) ) ;; "start" | "stop" | "reload" | "restart" | "status") diff --git a/docs/wo.8 b/docs/wo.8 index b6f23b7..357d1ea 100644 --- a/docs/wo.8 +++ b/docs/wo.8 @@ -1,27 +1,27 @@ -.TH wo 8 "WordOps (wo) version: 3.9.6.3" "Jul 26,2019" "WordOps" +.TH wo 8 "WordOps (wo) version: 3.10.0" "Oct 24,2019" "WordOps" .SH NAME .B WordOps (wo) \- Manage Nginx Based Websites. .SH SYNOPSIS wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync | maintenance ] .TP -wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils | --dashboard | --netdata | --fail2ban | --proftpd ] +wo stack [ install | remove | purge | migrate | upgrade ] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils | --dashboard | --netdata | --fail2ban | --proftpd ] .TP wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --redis | --netdata | --fail2ban | --proftpd] .TP wo site [ list | info | show | enable | disable | edit | cd | show ] [ example.com ] .TP -wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --letsencrypt/-le/--letsencrypt=wildcard][--dns/--dns=dns_cf/dns_do]] +wo site create example.com [ --html | --php | --php73 | --mysql][[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis | --wpce | --wprocket ] [ -le/--letsencrypt=wildcard ][ --dns/--dns=dns_cf/dns_dgon]] .TP -wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ] [--password] [-le/--letsencrypt/--letsencrypt=on/off/wildcard/clean/purge] [--dns/--dns=dns_cf/dns_do]] +wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --wpce | --wprocket ] [--password] [-le/--letsencrypt=on/off/wildcard/clean/purge ] [ --dns/--dns=dns_cf/dns_dgon ] .TP -wo site delete example.com [--db | --files | --all | --no-prompt | --force/-f ] +wo site delete example.com [--db | --files | --all | --no-prompt | --force ] .TP wo debug [ -i | --all=on/off |--nginx=on/off | --rewrite=on/off | --php=on/off | --fpm=on/off | --mysql=on/off ] .TP wo debug example.com [ -i | --all=on/off | --nginx=on/off | --rewrite=on/off | --wp=on/off ] .TP -wo secure [ --auth | --port | --ip ] +wo secure [ --auth | --port | --ip | --ssh | --sshport ] .SH DESCRIPTION WordOps aka wo is the opensource project developed with the purpose to automate web-server configuration. .br @@ -48,7 +48,7 @@ Display WordOps (wo) help. .TP .B install [ --all | --web | --nginx | --php | --php73 |--mysql | --redis | --adminer | --phpmyadmin | --phpredismyadmin | --wpcli | --utils | --netdata | --dashboard | --fail2ban | --proftpd ] .br -Install Nginx PHP5 MySQL Postfix stack Packages if not used with +Install Nginx PHP7.2 MariaDB SendMail Netdata Fail2Ban stack Packages if not used with .br any options.Installs specific package if used with option. .TP @@ -129,13 +129,13 @@ Disable site by Destroying softlink with site file in .br Edit NGINX configuration of site. .TP -.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ]] +.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ] .br Create new site according to given options. If no options provided .br create static site with html only. .TP -.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password]] +.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password ] .br Update site configuration according to specified options. .TP @@ -270,17 +270,23 @@ used with wo secure command. Update whitelist IP address .TP .B --wpsc .br -Install and activate Nginx-helper and WP Super Cache plugin. +Install and activate WP Super Cache plugin and serve pages from cache directly with Nginx. .TP .B --wpfc .br -Install and activate Nginx-helper plugin with -.br -Nginx FastCGI cache. +Install and activate Nginx-helper plugin with Nginx FastCGI cache. .TP .B --wpredis .br -Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Page Caching. +Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Full-Page Caching. +.TP +.B --wpce +.br +Install and activate Cache-enabler plugin and serve pages from cache directly with Nginx. +.TP +.B --wprocket +.br +Configure Nginx for WP-Rocket plugin to serve pages from cache directly with Nginx. .SH FILES .br /etc/wo/wo.conf diff --git a/install b/install index 8e54d15..7e09b22 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo bash wo # ------------------------------------------------------------------------- -# Version 3.9.9.4 - 2019-10-18 +# Version 3.10.0 - 2019-10-25 # ------------------------------------------------------------------------- # CONTENTS @@ -122,6 +122,10 @@ _run() { } +_curl() { + curl -m 10 --retry 3 -sL "$@" +} + ### # 1 - Define variables for later use ### @@ -180,12 +184,13 @@ wo_check_distro() { wo_dir_init() { if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then - mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? + mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" # create wordops log files touch /var/log/wo/{wordops.log,install.log} - chmod -R 700 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $? + chmod -R 750 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" + chown -R root:adm "$wo_log_dir" fi } @@ -203,7 +208,6 @@ wo_install_dep() { build-essential curl gzip python3-pip python3-wheel python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz \ gnupg2 cron ccze rsync apt-transport-https tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 curl -sL https://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_18.04/Release.key | apt-key add - - add-apt-repository ppa:wordops/nginx-wo -yn else # install dependencies apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ @@ -221,7 +225,8 @@ wo_install_dep() { cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades fi # upgrade pip - python3 -m pip install --upgrade pip setuptools wheel + python3 -m pip install --upgrade pip + python3 -m pip install --upgrade setuptools wheel } @@ -411,12 +416,10 @@ wo_install_acme_sh() { # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge - chown -R www-data:www-data /var/www/html /var/www/html/.well-known - chmod 750 /var/www/html /var/www/html/.well-known - else - chown -R www-data:www-data /var/www/html /var/www/html/.well-known - chmod 750 /var/www/html /var/www/html/.well-known fi + chown -R www-data:www-data /var/www/html /var/www/html/.well-known + chmod 750 /var/www/html /var/www/html/.well-known + } # WordOps install @@ -537,24 +540,20 @@ wo_upgrade_nginx() { wo_update_latest() { # Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf - if [ ! -f /etc/mysql/conf.d/my.cnf ]; then - # create conf.d folder if not exist - [ ! -d /etc/mysql/conf.d ] && { - mkdir -p /etc/mysql/conf.d - chmod 755 /etc/mysql/conf.d - } - if [ -f "$HOME/.my.cnf" ]; then - cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf - chmod 600 /etc/mysql/conf.d/my.cnf - - elif [ -f /root/.my.cnf ]; then - cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf - chmod 600 /etc/mysql/conf.d/my.cnf - fi - else - if [ ! -f /root/.my.cnf ]; then - cp /etc/mysql/conf.d/my.cnf /root/.my.cnf - chmod 600 /root/.my.cnf + if [ -d /etc/mysql ]; then + if [ ! -f /etc/mysql/conf.d/my.cnf ]; then + # create conf.d folder if not exist + [ ! -d /etc/mysql/conf.d ] && { + mkdir -p /etc/mysql/conf.d + chmod 755 /etc/mysql/conf.d + } + if [ -f /root/.my.cnf ]; then + cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf + chmod 600 /etc/mysql/conf.d/my.cnf + elif [ -f "$HOME/.my.cnf"]; then + cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf + chmod 600 /etc/mysql/conf.d/my.cnf + fi fi fi } @@ -586,7 +585,7 @@ wo_remove_ee_cron() { } wo_domain_suffix() { - curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat + _curl https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat } wo_mariadb_tweak() { @@ -658,7 +657,7 @@ wo_init() { if [ -f ./setup.py ]; then readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1) else - readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1) + readonly wo_version_new=$(curl -m 10 --retry 3 -sI https://github.com/WordOps/WordOps/releases/latest | grep tag | awk -F "/" '{print $8}' 2>&1) fi echo "" diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index bbb6b8e..344d0ea 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1151,7 +1151,7 @@ class WOSiteUpdateController(CementBaseController): stype = oldsitetype cache = oldcachetype if oldsitetype == 'html' or oldsitetype == 'proxy': - data['static'] = True + data['static'] = False data['wp'] = False data['multisite'] = False data['wpsubdir'] = False diff --git a/wo/cli/plugins/stack_migrate.py b/wo/cli/plugins/stack_migrate.py index 20bf585..205714e 100644 --- a/wo/cli/plugins/stack_migrate.py +++ b/wo/cli/plugins/stack_migrate.py @@ -1,7 +1,6 @@ import configparser import os -from cement.core import handler, hook from cement.core.controller import CementBaseController, expose from wo.core.apt_repo import WORepo diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index cce911b..5cd7987 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -102,41 +102,68 @@ def pre_pref(self, apt_packages): # add nginx repository if set(WOVar.wo_nginx).issubset(set(apt_packages)): - Log.info(self, "Adding repository for NGINX, please wait...") if (WOVar.wo_distro == 'ubuntu'): - WORepo.add(self, ppa=WOVar.wo_nginx_repo) - Log.debug(self, 'Adding ppa for Nginx') + if not os.path.isfile( + 'wordops-ubuntu-nginx-wo-{0}.list' + .format(WOVar.wo_platform_codename)): + Log.info(self, "Adding repository for NGINX, please wait...") + WORepo.add(self, ppa=WOVar.wo_nginx_repo) + Log.debug(self, 'Adding ppa for Nginx') else: - WORepo.add(self, repo_url=WOVar.wo_nginx_repo) - Log.debug(self, 'Adding repository for Nginx') + if not WOFileUtils.grepcheck( + self, '/etc/apt/sources.list/wo-repo.list', + 'download.opensuse.org'): + Log.info(self, "Adding repository for NGINX, please wait...") + Log.debug(self, 'Adding repository for Nginx') + WORepo.add(self, repo_url=WOVar.wo_nginx_repo) WORepo.add_key(self, WOVar.wo_nginx_key) # add php repository if (set(WOVar.wo_php73).issubset(set(apt_packages)) or set(WOVar.wo_php).issubset(set(apt_packages))): - Log.info(self, "Adding repository for PHP, please wait...") if (WOVar.wo_distro == 'ubuntu'): Log.debug(self, 'Adding ppa for PHP') - WORepo.add(self, ppa=WOVar.wo_php_repo) + if not os.path.isfile( + '/etc/apt/sources.list.d/ondrej-ubuntu-php-{0}.list' + .format(WOVar.wo_platform_codename)): + Log.info(self, "Adding repository for PHP, please wait...") + WORepo.add(self, ppa=WOVar.wo_php_repo) else: # Add repository for php if (WOVar.wo_platform_codename == 'buster'): php_pref = ("Package: *\nPin: origin " "packages.sury.org" "\nPin-Priority: 1000\n") - with open('/etc/apt/preferences.d/' - 'PHP.pref', 'w') as php_pref_file: + with open( + '/etc/apt/preferences.d/' + 'PHP.pref', mode='w', + encoding='utf-8') as php_pref_file: php_pref_file.write(php_pref) - Log.debug(self, 'Adding repo_url of php for debian') - WORepo.add(self, repo_url=WOVar.wo_php_repo) + if not WOFileUtils.grepcheck( + self, '/etc/apt/sources.list.d/wo-repo.list', + 'packages.sury.org'): + Log.debug(self, 'Adding repo_url of php for debian') + Log.info(self, "Adding repository for PHP, please wait...") + WORepo.add(self, repo_url=WOVar.wo_php_repo) Log.debug(self, 'Adding deb.sury GPG key') WORepo.add_key(self, WOVar.wo_php_key) # add redis repository if set(WOVar.wo_redis).issubset(set(apt_packages)): - Log.info(self, "Adding repository for Redis, please wait...") if WOVar.wo_distro == 'ubuntu': - Log.debug(self, 'Adding ppa for redis') - WORepo.add(self, ppa=WOVar.wo_redis_repo) + if not os.path.isfile( + '/etc/apt/sources.list.d/' + 'chris-lea-ubuntu-redis-server-{0}.list' + .format(WOVar.wo_platform_codename)): + Log.info(self, "Adding repository for Redis, please wait...") + Log.debug(self, 'Adding ppa for redis') + WORepo.add(self, ppa=WOVar.wo_redis_repo) + else: + if not WOFileUtils.grepcheck( + self, '/etc/apt/sources.list/wo-repo.list', + 'download.opensuse.org'): + Log.info(self, "Adding repository for Redis, please wait...") + WORepo.add(self, repo_url=WOVar.wo_php_repo) + WORepo.add_key(self, WOVar.wo_nginx_key) def post_pref(self, apt_packages, packages, upgrade=False): @@ -1374,21 +1401,29 @@ def post_pref(self, apt_packages, packages, upgrade=False): def pre_stack(self): """Inital server configuration and tweak""" # wo sysctl tweaks - Log.wait(self, 'Applying Linux tweaks') + # check system type wo_arch = os.uname()[4] if os.path.isfile('/proc/1/environ'): + # detect lxc containers wo_lxc = WOFileUtils.grepcheck( self, '/proc/1/environ', 'container=lxc') + # detect wsl wo_wsl = WOFileUtils.grepcheck( self, '/proc/1/environ', 'wsl') + else: + wo_wsl = True + wo_lxc = True + # remove old sysctl tweak if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'): WOFileUtils.rm(self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf') + if wo_arch == 'x86_64': if (wo_lxc is not True) and (wo_wsl is not True): data = dict() WOTemplate.deploy( self, '/etc/sysctl.d/60-wo-tweaks.conf', 'sysctl.mustache', data, True) + # use tcp_bbr congestion algorithm only on new kernels if (WOVar.wo_platform_codename == 'bionic' or WOVar.wo_platform_codename == 'disco' or WOVar.wo_platform_codename == 'buster'): @@ -1410,6 +1445,7 @@ def pre_stack(self): encoding='utf-8', mode='a') as sysctl_file: sysctl_file.write( '\nnet.ipv4.tcp_congestion_control = htcp') + # apply sysctl tweaks WOShellExec.cmd_exec( self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf') # sysctl tweak service diff --git a/wo/cli/plugins/sync.py b/wo/cli/plugins/sync.py index 662466d..872f962 100644 --- a/wo/cli/plugins/sync.py +++ b/wo/cli/plugins/sync.py @@ -52,18 +52,22 @@ class WOSyncController(CementBaseController): if configfiles: if WOFileUtils.isexist(self, configfiles[0]): - wo_db_name = (WOFileUtils.grep(self, configfiles[0], - 'DB_NAME').split(',')[1] - .split(')')[0].strip().replace('\'', '')) - wo_db_user = (WOFileUtils.grep(self, configfiles[0], - 'DB_USER').split(',')[1] - .split(')')[0].strip().replace('\'', '')) - wo_db_pass = (WOFileUtils.grep(self, configfiles[0], - 'DB_PASSWORD').split(',')[1] - .split(')')[0].strip().replace('\'', '')) - wo_db_host = (WOFileUtils.grep(self, configfiles[0], - 'DB_HOST').split(',')[1] - .split(')')[0].strip().replace('\'', '')) + wo_db_name = ( + WOFileUtils.grep(self, configfiles[0], + 'DB_NAME').split(',')[1] + .split(')')[0].strip().replace('\'', '')) + wo_db_user = ( + WOFileUtils.grep(self, configfiles[0], + 'DB_USER').split(',')[1] + .split(')')[0].strip().replace('\'', '')) + wo_db_pass = ( + WOFileUtils.grep(self, configfiles[0], + 'DB_PASSWORD').split(',')[1] + .split(')')[0].strip().replace('\'', '')) + wo_db_host = ( + WOFileUtils.grep(self, configfiles[0], + 'DB_HOST').split(',')[1] + .split(')')[0].strip().replace('\'', '')) # Check if database really exist try: diff --git a/wo/cli/templates/nextcloud.mustache b/wo/cli/templates/nextcloud.mustache index 48a7df1..8d2eae0 100644 --- a/wo/cli/templates/nextcloud.mustache +++ b/wo/cli/templates/nextcloud.mustache @@ -8,7 +8,7 @@ location = /robots.txt { access_log off; } location / { - rewrite ^ /index.php$request_uri; + rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; @@ -18,13 +18,12 @@ location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + try_files $uri =404; include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; -# Avoid sending the security headers twice + # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; -# Enable pretty urls + # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass {{upstream}}; fastcgi_intercept_errors on; diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 5de705c..97fc476 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -55,12 +55,12 @@ http { ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_prefer_server_ciphers on; - ssl_early_data on; + ssl_early_data on; {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} ssl_ecdh_curve X25519:P-521:P-384:P-256; - # Previous TLS v1.2 configuration - {{^tls13}}ssl_protocols TLSv1.2; + {{^tls13}}# Previous TLS v1.2 configuration + ssl_protocols TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} # Common security headers diff --git a/wo/core/acme.py b/wo/core/acme.py index 3d5e04d..9ae31ce 100644 --- a/wo/core/acme.py +++ b/wo/core/acme.py @@ -22,6 +22,7 @@ class WOAcme: self, "{0} ".format(WOAcme.wo_acme_exec) + "--list --listraw > /var/lib/wo/cert.csv"): Log.error(self, "Unable to export certs list") + WOFileUtils.chmod(self, '/var/lib/wo/cert.csv', 0o600) def setupletsencrypt(self, acme_domains, acmedata): """Issue SSL certificates with acme.sh""" @@ -38,6 +39,14 @@ class WOAcme: acme_mode = "-w /var/www/html" validation_mode = "Webroot challenge" Log.debug(self, "Validation : Webroot mode") + if not os.path.isdir('/var/www/html/.well-known/acme-challenge'): + WOFileUtils.mkdir( + self, '/var/www/html/.well-known/acme-challenge') + WOFileUtils.chown( + self, '/var/www/html/.well-known', 'www-data', 'www-data', + recursive=True) + WOFileUtils.chmod(self, '/var/www/html/.well-known', 0o750, + recursive=True) Log.info(self, "Validation mode : {0}".format(validation_mode)) Log.wait(self, "Issuing SSL cert with acme.sh") diff --git a/wo/core/domainvalidate.py b/wo/core/domainvalidate.py index fb4f477..0db491d 100644 --- a/wo/core/domainvalidate.py +++ b/wo/core/domainvalidate.py @@ -25,7 +25,6 @@ class WODomain(): return domain_name - def getlevel(self, domain): """ Returns the domain type : domain, subdomain and the root domain diff --git a/wo/core/fileutils.py b/wo/core/fileutils.py index 6a9b505..94a70a0 100644 --- a/wo/core/fileutils.py +++ b/wo/core/fileutils.py @@ -280,17 +280,19 @@ class WOFileUtils(): """ Searches for string in file and returns True or False. """ - try: - Log.debug(self, "Finding string {0} to file {1}" - .format(sstr, fnm)) + if os.path.isfile(fnm): + try: + Log.debug(self, "Finding string {0} to file {1}" + .format(sstr, fnm)) for line in open(fnm, encoding='utf-8'): if sstr in line: return True return False except OSError as e: - Log.debug(self, "{0}".format(e.strerror)) - Log.error(self, "Unable to Search string {0} in {1}" - .format(sstr, fnm)) + Log.debug(self, "{0}".format(e.strerror)) + Log.error(self, "Unable to Search string {0} in {1}" + .format(sstr, fnm)) + return False def rm(self, path): """