Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add hsts

Browse Source
This commit is contained in:
VirtuBox
2019-04-07 12:57:35 +02:00
parent 9acb49ca57
commit 7c6e86a4ca
8 changed files with 228 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -1,7 +1,7 @@
<h1 align="center" style="font-size:54px;"><a href="https://wordops.net"> <p align="center"><img src="https://docs.wordops.net/images/logo.png" width="400" alt="Wordops" /><a href="https://wordops.net">
WordOps</a>
<br> <br>
</h1> </p>
<h2 align="center">An essential toolset that eases WordPress site and server administration</h2> <h2 align="center">An essential toolset that eases WordPress site and server administration</h2>

12
install
View File

@@ -7,10 +7,10 @@
# Copyright (c) 2019 - WordOps # Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T # This script is licensed under M.I.T
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.9.5 - 2019-04-03 # Version 3.9.5 - 2019-04-05
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
readonly wo_version_old="2.2.3" readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.4.3" readonly wo_version_new="3.9.4.4"
# CONTENTS # CONTENTS
# --- # ---
# 1. VARIABLES AND DECLARATIONS # 1. VARIABLES AND DECLARATIONS
@@ -81,7 +81,11 @@ fi
### ###
# 1 - Define variables for later use # 1 - Define variables for later use
### ###
if [ -n "$1" ]; then
wo_branch="$1" wo_branch="$1"
else
wo_branch="master"
fi
readonly wo_log_dir=/var/log/wo/ readonly wo_log_dir=/var/log/wo/
readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_backup_dir=/var/lib/wo-backup/
readonly wo_install_log=/var/log/wo/install.log readonly wo_install_log=/var/log/wo/install.log
@@ -381,10 +385,6 @@ wo_install() {
rm -rf /tmp/easyengine rm -rf /tmp/easyengine
rm -rf /tmp/wordops rm -rf /tmp/wordops
[ -z "$wo_branch" ] && {
wo_branch=master
}
git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet
cd /tmp/wordops || exit 1 cd /tmp/wordops || exit 1

BIN
logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

145
wo/cli/plugins/site.py
View File

@@ -753,6 +753,11 @@ class WOSiteUpdateController(CementBaseController):
action='store' or 'store_const', action='store' or 'store_const',
choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), choices=('on', 'off', 'renew', 'subdomain', 'wildcard'),
const='on', nargs='?')), const='on', nargs='?')),
(['--hsts'],
dict(help="configure hsts on site secured with letsencrypt",
action='store' or 'store_const',
choices=('on', 'off'),
const='on', nargs='?')),
(['--proxy'], (['--proxy'],
dict(help="update to proxy site", nargs='+')), dict(help="update to proxy site", nargs='+')),
(['--experimental'], (['--experimental'],
@@ -1073,6 +1078,16 @@ class WOSiteUpdateController(CementBaseController):
elif pargs.letsencrypt == 'off': elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False data['letsencrypt'] = False
letsencrypt = False letsencrypt = False
data['hsts'] = False
hsts = False
if pargs.hsts:
if pargs.hsts == 'on':
data['hsts'] = True
hsts = True
elif pargs.hsts == 'off':
data['hsts'] = False
hsts = False
if letsencrypt is check_ssl: if letsencrypt is check_ssl:
if letsencrypt is False: if letsencrypt is False:
@@ -1170,12 +1185,23 @@ class WOSiteUpdateController(CementBaseController):
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully Configured SSl for Site " Log.info(self, "Congratulations! Successfully "
"Configured SSl for Site "
" https://{0}".format(wo_domain)) " https://{0}".format(wo_domain))
if (SSL.getExpirationDays(self, wo_domain) > 0): if (SSL.getExpirationDays(self, wo_domain) > 0):
@@ -1194,6 +1220,12 @@ class WOSiteUpdateController(CementBaseController):
'{0}/conf/nginx/ssl.conf.disabled' '{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain, False) httpsRedirect(self, wo_domain, False)
if os.path.isfile("{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
@@ -1217,6 +1249,16 @@ class WOSiteUpdateController(CementBaseController):
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
@@ -1243,6 +1285,14 @@ class WOSiteUpdateController(CementBaseController):
'{0}/conf/nginx/ssl.conf.disabled' '{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain, False) httpsRedirect(self, wo_domain, False)
if os.path.isfile(("{0}/conf/nginx/hsts.conf")
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
@@ -1269,7 +1319,8 @@ class WOSiteUpdateController(CementBaseController):
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
updateSiteInfo(self, wo_domain, stype=stype, cache=cache, updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
ssl=True if check_site.is_ssl else False, php_version=check_php_version) ssl=True if check_site.is_ssl else False,
php_version=check_php_version)
Log.info(self, "Successfully updated site" Log.info(self, "Successfully updated site"
" http://{0}".format(wo_domain)) " http://{0}".format(wo_domain))
@@ -1327,44 +1378,94 @@ class WOSiteUpdateController(CementBaseController):
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed. " Log.info(self, Log.FAIL + "Update site failed. "
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and
(data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])):
try: try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":1,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,'
'"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_fastcgi",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1","redis_port":"6379",'
'"redis_prefix":"nginx-cache:"}'
setupwp_plugin( setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e: except SiteError as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and
(data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): (data['wpredis'])) or (oldsitetype == 'wp' and
data['multisite'] and data['wpredis'])):
try: try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":1,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,'
'"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,'
'"purge_page_on_mod":1,'
'"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_redis",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1","redis_port":"6379",'
'"redis_prefix":"nginx-cache:"}'
setupwp_plugin( setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e: except SiteError as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
else: else:
try: try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":0,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":0,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,'
'"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,'
'"purge_page_on_mod":1,"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_redis",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1",'
'"redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin( setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e: except SiteError as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
if oldcachetype == 'wpsc' and not data['wpsc']: if oldcachetype == 'wpsc' and not data['wpsc']:
@@ -1374,7 +1475,8 @@ class WOSiteUpdateController(CementBaseController):
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed." Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
if oldcachetype == 'wpredis' and not data['wpredis']: if oldcachetype == 'wpredis' and not data['wpredis']:
@@ -1384,7 +1486,8 @@ class WOSiteUpdateController(CementBaseController):
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed." Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:" "Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again") " `tail /var/log/wo/wordops.log` "
"and please try again")
return 1 return 1
if oldcachetype != 'wpsc' and data['wpsc']: if oldcachetype != 'wpsc' and data['wpsc']:
@@ -1401,10 +1504,12 @@ class WOSiteUpdateController(CementBaseController):
try: try:
if installwp_plugin(self, 'redis-cache', data): if installwp_plugin(self, 'redis-cache', data):
# search for wp-config.php # search for wp-config.php
if WOFileUtils.isexist(self, "{0}/wp-config.php".format(wo_site_webroot)): if WOFileUtils.isexist(self, "{0}/wp-config.php"
.format(wo_site_webroot)):
config_path = '{0}/wp-config.php'.format( config_path = '{0}/wp-config.php'.format(
wo_site_webroot) wo_site_webroot)
elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php".format(wo_site_webroot)): elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php"
.format(wo_site_webroot)):
config_path = '{0}/htdocs/wp-config.php'.format( config_path = '{0}/htdocs/wp-config.php'.format(
wo_site_webroot) wo_site_webroot)
else: else:

93
wo/cli/plugins/site_functions.py
View File

@@ -96,8 +96,8 @@ def setupdomain(self, data):
Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]") Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]")
except CalledProcessError as e: except CalledProcessError as e:
Log.debug(self, "{0}".format(str(e))) Log.debug(self, "{0}".format(str(e)))
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" +
+ Log.OKBLUE + "]") Log.OKBLUE + "]")
raise SiteError("created nginx configuration failed for site." raise SiteError("created nginx configuration failed for site."
" check with `nginx -t`") " check with `nginx -t`")
@@ -312,8 +312,8 @@ def setupwordpress(self, data):
"--dbuser=\'{2}\' --dbhost=\'{3}\' " "--dbuser=\'{2}\' --dbhost=\'{3}\' "
.format(data['wo_db_name'], wo_wp_prefix, .format(data['wo_db_name'], wo_wp_prefix,
data['wo_db_user'], data['wo_db_host'] data['wo_db_user'], data['wo_db_host']
) ) +
+ "--dbpass=\'{0}\' " "--dbpass=\'{0}\' "
"--extra-php<<PHP \n {1} {redissalt}\nPHP\"" "--extra-php<<PHP \n {1} {redissalt}\nPHP\""
.format(data['wo_db_pass'], .format(data['wo_db_pass'],
"\n\ndefine(\'WP_DEBUG\', false);", "\n\ndefine(\'WP_DEBUG\', false);",
@@ -344,13 +344,13 @@ def setupwordpress(self, data):
"\n\ndefine(\'WP_DEBUG\', false);")) "\n\ndefine(\'WP_DEBUG\', false);"))
try: try:
if WOShellExec.cmd_exec(self, "bash -c \"php {0} --allow-root" if WOShellExec.cmd_exec(self, "bash -c \"php {0} --allow-root"
.format(WOVariables.wo_wpcli_path) .format(WOVariables.wo_wpcli_path) +
+ " core config " " core config " +
+ "--dbname=\'{0}\' --dbprefix=\'{1}\' " "--dbname=\'{0}\' --dbprefix=\'{1}\' "
"--dbhost=\'{2}\' " "--dbhost=\'{2}\' "
.format(data['wo_db_name'], wo_wp_prefix, .format(data['wo_db_name'], wo_wp_prefix,
data['wo_db_host']) data['wo_db_host']) +
+ "--dbuser=\'{0}\' --dbpass=\'{1}\' " "--dbuser=\'{0}\' --dbpass=\'{1}\' "
"--extra-php<<PHP \n {2} {3} {redissalt}\nPHP\"" "--extra-php<<PHP \n {2} {3} {redissalt}\nPHP\""
.format(data['wo_db_user'], .format(data['wo_db_user'],
data['wo_db_pass'], data['wo_db_pass'],
@@ -569,13 +569,13 @@ def uninstallwp_plugin(self, plugin_name, data):
.format(plugin_name)) .format(plugin_name))
try: try:
WOShellExec.cmd_exec(self, "php {0} plugin " WOShellExec.cmd_exec(self, "php {0} plugin "
.format(WOVariables.wo_wpcli_path) .format(WOVariables.wo_wpcli_path) +
+ "--allow-root deactivate " "--allow-root deactivate "
"{0}".format(plugin_name)) "{0}".format(plugin_name))
WOShellExec.cmd_exec(self, "php {0} plugin " WOShellExec.cmd_exec(self, "php {0} plugin "
.format(WOVariables.wo_wpcli_path) .format(WOVariables.wo_wpcli_path) +
+ "--allow-root uninstall " "--allow-root uninstall "
"{0}".format(plugin_name)) "{0}".format(plugin_name))
except CommandExecutionError as e: except CommandExecutionError as e:
raise SiteError("plugin uninstall failed") raise SiteError("plugin uninstall failed")
@@ -590,16 +590,17 @@ def setupwp_plugin(self, plugin_name, plugin_option, plugin_data, data):
if not data['multisite']: if not data['multisite']:
try: try:
WOShellExec.cmd_exec(self, "php {0} " WOShellExec.cmd_exec(self, "php {0} "
.format(WOVariables.wo_wpcli_path) .format(WOVariables.wo_wpcli_path) +
+ "--allow-root option update " "--allow-root option update "
"{0} \'{1}\' --format=json".format(plugin_option, plugin_data)) "{0} \'{1}\' --format=json"
.format(plugin_option, plugin_data))
except CommandExecutionError as e: except CommandExecutionError as e:
raise SiteError("plugin setup failed") raise SiteError("plugin setup failed")
else: else:
try: try:
WOShellExec.cmd_exec(self, "php {0} " WOShellExec.cmd_exec(self, "php {0} "
.format(WOVariables.wo_wpcli_path) .format(WOVariables.wo_wpcli_path) +
+ "--allow-root network meta update 1 " "--allow-root network meta update 1 "
"{0} \'{1}\' --format=json" "{0} \'{1}\' --format=json"
.format(plugin_option, plugin_data .format(plugin_option, plugin_data
)) ))
@@ -730,7 +731,8 @@ def site_package_check(self, stype):
else: else:
apt_packages = apt_packages + WOVariables.wo_php apt_packages = apt_packages + WOVariables.wo_php
if self.app.pargs.php73 and stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: if self.app.pargs.php73 and stype in ['mysql', 'wp',
'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting apt_packages variable for PHP 7.3") Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'):
if not WOAptGet.is_installed(self, 'php7.2-fpm'): if not WOAptGet.is_installed(self, 'php7.2-fpm'):
@@ -1146,8 +1148,8 @@ def deleteDB(self, dbname, dbuser, dbhost, exit=True):
def deleteWebRoot(self, webroot): def deleteWebRoot(self, webroot):
# do some preprocessing before proceeding # do some preprocessing before proceeding
webroot = webroot.strip() webroot = webroot.strip()
if (webroot == "/var/www/" or webroot == "/var/www" if (webroot == "/var/www/" or webroot == "/var/www" or
or webroot == "/var/www/.." or webroot == "/var/www/."): webroot == "/var/www/.." or webroot == "/var/www/."):
Log.debug(self, "Tried to remove {0}, but didn't remove it" Log.debug(self, "Tried to remove {0}, but didn't remove it"
.format(webroot)) .format(webroot))
return False return False
@@ -1200,7 +1202,8 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='',
# setup letsencrypt for domain + www.domain # setup letsencrypt for domain + www.domain
def setupLetsEncrypt(self, wo_domain_name): def setupLetsEncrypt(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"
.format(wo_domain_name)):
if os.path.isfile("/etc/letsencrypt/" if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/" "renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)): "fullchain.cer".format(wo_domain_name)):
@@ -1281,7 +1284,8 @@ def setupLetsEncrypt(self, wo_domain_name):
def setupLetsEncryptSubdomain(self, wo_domain_name): def setupLetsEncryptSubdomain(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"): if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"
.format(wo_domain_name)):
if os.path.isfile("/etc/letsencrypt/" if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/" "renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)): "fullchain.cer".format(wo_domain_name)):
@@ -1405,6 +1409,25 @@ def renewLetsEncrypt(self, wo_domain_name):
# redirect= False to disable https redirection # redirect= False to disable https redirection
def setupHsts(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)):
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name))
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
hstsconf.write("more_set_headers "
"\"Strict-Transport-Security: "
"max-age=31536000; "
"'includeSubDomains; "
"preload\"")
hstsconf.close()
def httpsRedirect(self, wo_domain_name, redirect=True): def httpsRedirect(self, wo_domain_name, redirect=True):
if redirect: if redirect:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
@@ -1426,23 +1449,30 @@ def httpsRedirect(self, wo_domain_name, redirect=True):
sslconf.write("server {\n" sslconf.write("server {\n"
"\tlisten 80;\n" + "\tlisten 80;\n" +
"\tlisten [::]:80;\n" + "\tlisten [::]:80;\n" +
"\tserver_name www.{0} {0};\n".format(wo_domain_name) + "\tserver_name www.{0} {0};\n"
"\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}") .format(wo_domain_name) +
"\treturn 301 https://{0}"
.format(wo_domain_name)+"$request_uri;\n}")
sslconf.close() sslconf.close()
# Nginx Configation into GIT # Nginx Configation into GIT
except IOError as e: except IOError as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.debug(self, "Error occured while generating " Log.debug(self, "Error occured while generating "
"/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) "/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name))
Log.info(self, "Added HTTPS Force Redirection for Site " Log.info(self, "Added HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name)) " http://{0}".format(wo_domain_name))
WOGit.add(self, WOGit.add(self,
["/etc/nginx"], msg="Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) ["/etc/nginx"], msg="Adding /etc/nginx/conf.d/"
"force-ssl-{0}.conf".format(wo_domain_name))
else: else:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)): if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf"
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name), .format(wo_domain_name)):
"/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)) WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name),
"/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
.format(wo_domain_name))
Log.info(self, "Disabled HTTPS Force Redirection for Site " Log.info(self, "Disabled HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name)) " http://{0}".format(wo_domain_name))
@@ -1478,7 +1508,8 @@ def archivedCertificateHandle(self, domain):
"{0}/{1}/fullchain.pem " "{0}/{1}/fullchain.pem "
"--reloadcmd " "--reloadcmd "
"\"service nginx restart\" " "\"service nginx restart\" "
.format(WOVariables.wo_ssl_live, domain)) .format(WOVariables.wo_ssl_live,
domain))
if ssl: if ssl:
try: try:

3
wo/cli/templates/fail2ban-wp.mustache Normal file
View File

@@ -0,0 +1,3 @@
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =

24
wo/cli/templates/fail2ban.mustache Normal file
View File

@@ -0,0 +1,24 @@
[recidive]
enabled = true
[nginx-http-auth]
enabled = true
[nginx-botsearch]
enabled = true
[wo-wordpress]
enabled = true
filter = wo-wordpress
action = iptables-multiport[name="wo-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
[nginx-forbidden]
enabled = true
filter = nginx-forbidden
port = http,https
logpath = /var/log/nginx/*error*.log
findtime = 60
bantime = 6000
maxretry = 3

2
wo/core/variables.py
View File

@@ -152,6 +152,8 @@ class WOVariables():
wo_mysql = ["mariadb-server", "percona-toolkit"] wo_mysql = ["mariadb-server", "percona-toolkit"]
wo_fail2ban = "fail2ban"
# Redis repo details # Redis repo details
if wo_platform_distro == 'ubuntu': if wo_platform_distro == 'ubuntu':
wo_redis_repo = ("ppa:chris-lea/redis-server") wo_redis_repo = ("ppa:chris-lea/redis-server")