diff --git a/install b/install index ab61528..30deb99 100755 --- a/install +++ b/install @@ -739,7 +739,7 @@ else # 1 - WO already installed if [ -x /usr/local/bin/wo ]; then if ! { - wo -v 2>&1 | grep $wo_version_new + wo -v 2>&1 | grep -q "$wo_version_new" } || [ "$wo_force_install" = "y" ]; then if [ -z "$wo_force_install" ]; then echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 987aab4..d79b947 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -1,124 +1,125 @@ -user www-data; -worker_processes auto; -worker_cpu_affinity auto; -worker_rlimit_nofile 100000; -pid /run/nginx.pid; - -pcre_jit on; - -events { - multi_accept on; - worker_connections 50000; - accept_mutex on; - use epoll; -} - - -http { - - ## - # WordOps Settings - ## - - # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ - # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio - aio threads; - - server_tokens off; - reset_timedout_connection on; - more_set_headers "X-Powered-By : WordOps"; - - # Limit Request - limit_req_status 403; - limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; - - # Proxy Settings - # set_real_ip_from proxy-server-ip; - # real_ip_header X-Forwarded-For; - - fastcgi_read_timeout 300; - client_max_body_size 100m; - - # ngx_vts_module - vhost_traffic_status_zone; - - # tls dynamic records patch directive - ssl_dyn_rec_enable on; - - ## - # SSL Settings - ## - - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - ssl_prefer_server_ciphers on; - {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; - ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} - ssl_ecdh_curve X25519:P-521:P-384:P-256; - # Previous TLS v1.2 configuration - {{^tls13}}ssl_protocols TLSv1.2; - ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} - - # Common security headers - more_set_headers "X-Frame-Options : SAMEORIGIN"; - more_set_headers "X-Xss-Protection : 1; mode=block"; - more_set_headers "X-Content-Type-Options : nosniff"; - more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; - more_set_headers "X-Download-Options : noopen"; - - # oscp settings - resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s; - resolver_timeout 10; - ssl_stapling on; - - ## - # Basic Settings - ## - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - access_log off; - error_log /var/log/nginx/error.log; - - # Log format Settings - log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' - '$http_host "$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent" "$server_protocol"'; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} +user www-data; +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 100000; +pid /run/nginx.pid; + +pcre_jit on; + +events { + multi_accept on; + worker_connections 50000; + accept_mutex on; + use epoll; +} + + +http { + ## + # WordOps Settings + ## + + keepalive_timeout 8; + + # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ + # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio + aio threads; + + server_tokens off; + reset_timedout_connection on; + more_set_headers "X-Powered-By : WordOps"; + + # Limit Request + limit_req_status 403; + limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; + + # Proxy Settings + # set_real_ip_from proxy-server-ip; + # real_ip_header X-Forwarded-For; + + fastcgi_read_timeout 300; + client_max_body_size 100m; + + # ngx_vts_module + vhost_traffic_status_zone; + + # tls dynamic records patch directive + ssl_dyn_rec_enable on; + + ## + # SSL Settings + ## + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; + ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} + ssl_ecdh_curve X25519:P-521:P-384:P-256; + # Previous TLS v1.2 configuration + {{^tls13}}ssl_protocols TLSv1.2; + ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} + + # Common security headers + more_set_headers "X-Frame-Options : SAMEORIGIN"; + more_set_headers "X-Xss-Protection : 1; mode=block"; + more_set_headers "X-Content-Type-Options : nosniff"; + more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; + more_set_headers "X-Download-Options : noopen"; + + # oscp settings + resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s; + resolver_timeout 10; + ssl_stapling on; + + ## + # Basic Settings + ## + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log off; + error_log /var/log/nginx/error.log; + + # Log format Settings + log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' + '$http_host "$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$server_protocol"'; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/wo/cli/templates/tweaks.mustache b/wo/cli/templates/tweaks.mustache index 141db61..6f7f56f 100644 --- a/wo/cli/templates/tweaks.mustache +++ b/wo/cli/templates/tweaks.mustache @@ -16,7 +16,6 @@ tcp_nopush on; tcp_nodelay on; - keepalive_timeout 8; keepalive_requests 500; keepalive_disable msie6;