Fix HSTS and update changelog
This commit is contained in:
VirtuBox
@@ -36,6 +36,7 @@ script:
|
|||||||
- sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql && sudo wo site create proxy.com --proxy=127.0.0.1:3000
|
- sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql && sudo wo site create proxy.com --proxy=127.0.0.1:3000
|
||||||
- sudo wo site create wp1.com --wp && sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc
|
- sudo wo site create wp1.com --wp && sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc
|
||||||
- sudo wo site create wpsc-php73.net --wpsc --php73 && sudo wo site create wpfc-php73.net --wpfc --php73
|
- sudo wo site create wpsc-php73.net --wpsc --php73 && sudo wo site create wpfc-php73.net --wpfc --php73
|
||||||
|
- sudo wo site create wprocket.net --wprocket && sudo wo site create wprocket-php73.net --wprocket --php73
|
||||||
- sudo wo site create wpredis.net --wpredis && sudo wo site create wpredis-php73.net --wpredis --php73
|
- sudo wo site create wpredis.net --wpredis && sudo wo site create wpredis-php73.net --wpredis --php73
|
||||||
- sudo wo site create wpsubdir1.com --wpsubdir && sudo wo site create wpsubdir-php73.com --wpsubdir --php73
|
- sudo wo site create wpsubdir1.com --wpsubdir && sudo wo site create wpsubdir-php73.com --wpsubdir --php73
|
||||||
|
|
||||||
|
|||||||
14
CHANGELOG.md
14
CHANGELOG.md
@@ -12,14 +12,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|||||||
|
|
||||||
- Allow web browser caching for json and webmanifest files
|
- Allow web browser caching for json and webmanifest files
|
||||||
- nginx-core.mustache template used to render nginx.conf during stack setup
|
- nginx-core.mustache template used to render nginx.conf during stack setup
|
||||||
|
- APT Packages configuration step with `wo stack upgrade` to apply new configurations
|
||||||
|
- Cloudflare restore real_ip configuration
|
||||||
|
- WP-Rocket support with the flag `--wprocket`
|
||||||
|
|
||||||
#### Changed
|
#### Changed
|
||||||
|
|
||||||
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
|
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
|
||||||
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
|
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
|
||||||
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf (easier to disable in case of issues)
|
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default)
|
||||||
- Moving package configuration in a new plugin stack_pref.py
|
- Moving package configuration in a new plugin stack_pref.py
|
||||||
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
|
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
|
||||||
|
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered
|
||||||
|
- Disable temporary adding swap feature (not working)
|
||||||
|
|
||||||
|
#### Fixed
|
||||||
|
|
||||||
|
- Error in HSTS header syntax
|
||||||
|
|
||||||
### v3.9.7.2 - 2019-08-12
|
### v3.9.7.2 - 2019-08-12
|
||||||
|
|
||||||
@@ -29,9 +38,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|||||||
|
|
||||||
### v3.9.7.1 - 2019-08-09
|
### v3.9.7.1 - 2019-08-09
|
||||||
|
|
||||||
- APT Packages configuration step with `wo stack upgrade` to apply new configurations
|
|
||||||
- Cloudflare restore real_ip configuration
|
|
||||||
|
|
||||||
#### Changed
|
#### Changed
|
||||||
|
|
||||||
- Set WordOps backend password length from 16 to 24
|
- Set WordOps backend password length from 16 to 24
|
||||||
|
|||||||
@@ -42,7 +42,7 @@
|
|||||||
|
|
||||||
- **Easy to install** : One step automated installer with migration from EasyEngine v3 support
|
- **Easy to install** : One step automated installer with migration from EasyEngine v3 support
|
||||||
- **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation
|
- **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation
|
||||||
- **Custom Nginx build** : Nginx 1.16.0 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support
|
- **Custom Nginx build** : Nginx 1.16.1 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support
|
||||||
- **Up-to-date** : PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0
|
- **Up-to-date** : PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0
|
||||||
- **Secured** : Hardened WordPress security with strict Nginx location directives
|
- **Secured** : Hardened WordPress security with strict Nginx location directives
|
||||||
- **Powerful** : Optimized Nginx configurations with multiple cache backends support
|
- **Powerful** : Optimized Nginx configurations with multiple cache backends support
|
||||||
|
|||||||
@@ -1534,7 +1534,7 @@ def setupHsts(self, wo_domain_name):
|
|||||||
hstsconf.write("more_set_headers "
|
hstsconf.write("more_set_headers "
|
||||||
"\"Strict-Transport-Security: "
|
"\"Strict-Transport-Security: "
|
||||||
"max-age=31536000; "
|
"max-age=31536000; "
|
||||||
"'includeSubDomains; "
|
"includeSubDomains; "
|
||||||
"preload\";")
|
"preload\";")
|
||||||
hstsconf.close()
|
hstsconf.close()
|
||||||
return 0
|
return 0
|
||||||
|
|||||||
@@ -397,12 +397,12 @@ class WOStackController(CementBaseController):
|
|||||||
Log.debug(self, "Calling pre_pref")
|
Log.debug(self, "Calling pre_pref")
|
||||||
pre_pref(self, apt_packages)
|
pre_pref(self, apt_packages)
|
||||||
if (apt_packages):
|
if (apt_packages):
|
||||||
meminfo = (os.popen('/bin/cat /proc/meminfo '
|
# meminfo = (os.popen('/bin/cat /proc/meminfo '
|
||||||
'| grep MemTotal').read()).split(":")
|
# '| grep MemTotal').read()).split(":")
|
||||||
memsplit = re.split(" kB", meminfo[1])
|
# memsplit = re.split(" kB", meminfo[1])
|
||||||
wo_mem = int(memsplit[0])
|
# wo_mem = int(memsplit[0])
|
||||||
if (wo_mem < 4000000):
|
# if (wo_mem < 4000000):
|
||||||
WOSwap.add(self)
|
# WOSwap.add(self)
|
||||||
Log.info(self, "Updating apt-cache, please wait...")
|
Log.info(self, "Updating apt-cache, please wait...")
|
||||||
WOAptGet.update(self)
|
WOAptGet.update(self)
|
||||||
Log.info(self, "Installing packages, please wait...")
|
Log.info(self, "Installing packages, please wait...")
|
||||||
|
|||||||
@@ -198,10 +198,10 @@ def post_pref(self, apt_packages, packages):
|
|||||||
(data), 'gzip.mustache', out=wo_nginx)
|
(data), 'gzip.mustache', out=wo_nginx)
|
||||||
wo_nginx.close()
|
wo_nginx.close()
|
||||||
|
|
||||||
if not os.path.isfile('/etc/nginx/conf.d/brotli.conf'):
|
if not os.path.isfile('/etc/nginx/conf.d/brotli.conf.disabled'):
|
||||||
Log.debug(self, 'Writting the nginx configuration to '
|
Log.debug(self, 'Writting the nginx configuration to '
|
||||||
'file /etc/nginx/conf.d/brotli.conf')
|
'file /etc/nginx/conf.d/brotli.conf.disabled')
|
||||||
wo_nginx = open('/etc/nginx/conf.d/brotli.conf',
|
wo_nginx = open('/etc/nginx/conf.d/brotli.conf.disabled',
|
||||||
encoding='utf-8', mode='w')
|
encoding='utf-8', mode='w')
|
||||||
self.app.render(
|
self.app.render(
|
||||||
(data), 'brotli.mustache', out=wo_nginx)
|
(data), 'brotli.mustache', out=wo_nginx)
|
||||||
|
|||||||
@@ -12,19 +12,40 @@
|
|||||||
gzip_http_version 1.1;
|
gzip_http_version 1.1;
|
||||||
gzip_types
|
gzip_types
|
||||||
application/atom+xml
|
application/atom+xml
|
||||||
|
application/geo+json
|
||||||
application/javascript
|
application/javascript
|
||||||
application/json
|
application/json
|
||||||
|
application/ld+json
|
||||||
|
application/manifest+json
|
||||||
|
application/rdf+xml
|
||||||
application/rss+xml
|
application/rss+xml
|
||||||
application/vnd.ms-fontobject
|
application/vnd.ms-fontobject
|
||||||
|
application/wasm
|
||||||
|
application/x-font-opentype
|
||||||
|
application/x-font-truetype
|
||||||
application/x-font-ttf
|
application/x-font-ttf
|
||||||
|
application/x-javascript
|
||||||
application/x-web-app-manifest+json
|
application/x-web-app-manifest+json
|
||||||
application/xhtml+xml
|
application/xhtml+xml
|
||||||
application/xml
|
application/xml
|
||||||
|
application/xml+rss
|
||||||
|
font/eot
|
||||||
font/opentype
|
font/opentype
|
||||||
|
font/otf
|
||||||
|
image/bmp
|
||||||
image/svg+xml
|
image/svg+xml
|
||||||
|
image/vnd.microsoft.icon
|
||||||
image/x-icon
|
image/x-icon
|
||||||
|
image/x-win-bitmap
|
||||||
|
text/cache-manifest
|
||||||
|
text/calendar
|
||||||
text/css
|
text/css
|
||||||
|
text/javascript
|
||||||
|
text/markdown
|
||||||
text/plain
|
text/plain
|
||||||
|
text/vcard
|
||||||
|
text/vnd.rim.location.xloc
|
||||||
|
text/vtt
|
||||||
text/x-component
|
text/x-component
|
||||||
text/xml
|
text/x-cross-domain-policy
|
||||||
text/javascript;
|
text/xml;
|
||||||
@@ -66,7 +66,7 @@ http {
|
|||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
|
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
|
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
|
||||||
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
||||||
# Previous TLS v1.2 configuration
|
# Previous TLS v1.2 configuration
|
||||||
|
|||||||
Reference in New Issue
Block a user