Add ngxblocker
This commit is contained in:
VirtuBox
3
install
3
install
@@ -9,7 +9,7 @@
|
||||
# -------------------------------------------------------------------------
|
||||
# wget -qO wo wops.cc && sudo bash wo
|
||||
# -------------------------------------------------------------------------
|
||||
# Version 3.9.8.12 - 2019-09-20
|
||||
# Version 3.9.9.1 - 2019-09-26
|
||||
# -------------------------------------------------------------------------
|
||||
|
||||
# CONTENTS
|
||||
@@ -455,6 +455,7 @@ wo_install_acme_sh() {
|
||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||
chmod 750 /var/www/html /var/www/html/.well-known
|
||||
else
|
||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||
chmod 750 /var/www/html /var/www/html/.well-known
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -5,7 +5,6 @@ import subprocess
|
||||
|
||||
from cement.core import handler, hook
|
||||
from cement.core.controller import CementBaseController, expose
|
||||
|
||||
from wo.cli.plugins.site_functions import *
|
||||
from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites,
|
||||
getSiteInfo, updateSiteInfo)
|
||||
@@ -381,6 +380,9 @@ class WOSiteCreateController(CementBaseController):
|
||||
(['--hsts'],
|
||||
dict(help="enable HSTS for site secured with letsencrypt",
|
||||
action='store_true')),
|
||||
(['--ngxblocker'],
|
||||
dict(help="enable HSTS for site secured with letsencrypt",
|
||||
action='store_true')),
|
||||
(['--user'],
|
||||
dict(help="provide user for WordPress site")),
|
||||
(['--email'],
|
||||
@@ -906,6 +908,10 @@ class WOSiteUpdateController(CementBaseController):
|
||||
action='store' or 'store_const',
|
||||
choices=('on', 'off'),
|
||||
const='on', nargs='?')),
|
||||
(['--ngxblocker'],
|
||||
dict(help="enable HSTS for site secured with letsencrypt",
|
||||
action='store' or 'store_const',
|
||||
const='on', nargs='?')),
|
||||
(['--proxy'],
|
||||
dict(help="update to proxy site", nargs='+')),
|
||||
(['--all'],
|
||||
@@ -1010,7 +1016,7 @@ class WOSiteUpdateController(CementBaseController):
|
||||
pargs.wp or pargs.wpfc or pargs.wpsc or
|
||||
pargs.wprocket or pargs.wpce or
|
||||
pargs.wpsubdir or pargs.wpsubdomain or
|
||||
pargs.hsts)):
|
||||
pargs.hsts or pargs.ngxblocker)):
|
||||
try:
|
||||
updatewpuserpassword(self, wo_domain, wo_site_webroot)
|
||||
except SiteError as e:
|
||||
@@ -1018,24 +1024,6 @@ class WOSiteUpdateController(CementBaseController):
|
||||
Log.info(self, "\nPassword Unchanged.")
|
||||
return 0
|
||||
|
||||
if (pargs.hsts and not (pargs.html or
|
||||
pargs.php or pargs.php73 or pargs.mysql or
|
||||
pargs.wp or pargs.wpfc or pargs.wpsc or
|
||||
pargs.wprocket or pargs.wpce or
|
||||
pargs.wpsubdir or pargs.wpsubdomain or
|
||||
pargs.password)):
|
||||
try:
|
||||
SSL.setuphsts(self, wo_domain)
|
||||
except SiteError as e:
|
||||
Log.debug(self, str(e))
|
||||
Log.info(self, "\nFail to enable HSTS")
|
||||
if not WOService.reload_service(self, 'nginx'):
|
||||
Log.error(self, "service nginx reload failed. "
|
||||
"check issues with `nginx -t` command")
|
||||
Log.info(self, "HSTS is enabled for "
|
||||
"https://{0}".format(wo_domain))
|
||||
return 0
|
||||
|
||||
if ((stype == 'php' and
|
||||
oldsitetype not in ['html', 'proxy', 'php73']) or
|
||||
(stype == 'mysql' and oldsitetype not in ['html', 'php',
|
||||
@@ -1364,6 +1352,12 @@ class WOSiteUpdateController(CementBaseController):
|
||||
elif pargs.hsts == "off":
|
||||
data['hsts'] = False
|
||||
|
||||
if pargs.ngxblocker:
|
||||
if pargs.ngxblocker == 'on':
|
||||
ngxblocker = True
|
||||
elif pargs.ngxblocker == 'off':
|
||||
ngxblocker = False
|
||||
|
||||
if not data:
|
||||
Log.error(self, "Cannot update {0}, Invalid Options"
|
||||
.format(wo_domain))
|
||||
@@ -1374,7 +1368,7 @@ class WOSiteUpdateController(CementBaseController):
|
||||
data['wo_db_pass'] = check_site.db_password
|
||||
data['wo_db_host'] = check_site.db_host
|
||||
|
||||
if not (pargs.letsencrypt or pargs.hsts):
|
||||
if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker):
|
||||
try:
|
||||
pre_run_checks(self)
|
||||
except SiteError as e:
|
||||
@@ -1598,6 +1592,31 @@ class WOSiteUpdateController(CementBaseController):
|
||||
else:
|
||||
Log.error(self, "HSTS is not configured for given "
|
||||
"site")
|
||||
if pargs.ngxblocker:
|
||||
if ngxblocker is True:
|
||||
if not os.path.isfile("{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||
.format(wo_site_webroot)):
|
||||
setupngxblocker(self, wo_domain)
|
||||
else:
|
||||
WOFileUtils.mvfile(
|
||||
self,
|
||||
"{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||
.format(wo_site_webroot),
|
||||
"{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(wo_site_webroot))
|
||||
elif ngxblocker is False:
|
||||
if os.path.isfile("{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(wo_site_webroot)):
|
||||
WOFileUtils.mvfile(
|
||||
self,
|
||||
"{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(wo_site_webroot),
|
||||
"{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||
.format(wo_site_webroot))
|
||||
# Service Nginx Reload
|
||||
if not WOService.reload_service(self, 'nginx'):
|
||||
Log.error(self, "service nginx reload failed. "
|
||||
"check issues with `nginx -t` command")
|
||||
|
||||
if stype == oldsitetype and cache == oldcachetype:
|
||||
|
||||
|
||||
@@ -1592,3 +1592,14 @@ def setuprocketchat(self):
|
||||
WOAptGet.install(self, ["snapd"])
|
||||
if WOShellExec.cmd_exec(self, "snap install rocketchat-server"):
|
||||
return True
|
||||
|
||||
|
||||
def setupngxblocker(self, domain):
|
||||
if os.path.isdir('/var/www/{0}/conf/nginx'.format(domain)):
|
||||
ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(domain),
|
||||
encoding='utf-8', mode='w')
|
||||
ngxconf.write("# Bad Bot Blocker\n"
|
||||
"include /etc/nginx/bots.d/ddos.conf;\n"
|
||||
"include /etc/nginx/bots.d/blockbots.conf;\n")
|
||||
ngxconf.close()
|
||||
|
||||
@@ -85,6 +85,9 @@ class WOStackController(CementBaseController):
|
||||
dict(help='Install phpRedisAdmin', action='store_true')),
|
||||
(['--proftpd'],
|
||||
dict(help='Install ProFTPd', action='store_true')),
|
||||
(['--ngxblocker'],
|
||||
dict(help='Install Nginx Ultimate Bad Bot Blocker',
|
||||
action='store_true')),
|
||||
(['--force'],
|
||||
dict(help='Force install/remove/purge without prompt',
|
||||
action='store_true')),
|
||||
@@ -424,6 +427,19 @@ class WOStackController(CementBaseController):
|
||||
Log.debug(self, "eXtplorer is already installed")
|
||||
Log.info(self, "eXtplorer is already installed")
|
||||
|
||||
if pargs.ngxblocker:
|
||||
if not os.path.isdir('/etc/nginx/bots.d'):
|
||||
Log.debug(self, "Setting packages variable for ngxblocker")
|
||||
packages = packages + \
|
||||
[["https://raw.githubusercontent.com/"
|
||||
"mitchellkrogza/nginx-ultimate-bad-bot-blocker"
|
||||
"/master/install-ngxblocker",
|
||||
"/usr/local/sbin/install-ngxblocker",
|
||||
"ngxblocker"]]
|
||||
else:
|
||||
Log.debug(self, "ngxblocker is already installed")
|
||||
Log.info(self, "ngxblocker is already installed")
|
||||
|
||||
# UTILS
|
||||
if pargs.utils:
|
||||
Log.debug(self, "Setting packages variable for utils")
|
||||
|
||||
@@ -1337,3 +1337,12 @@ def post_pref(self, apt_packages, packages, upgrade=False):
|
||||
if any('/usr/bin/pt-query-advisor' == x[1]
|
||||
for x in packages):
|
||||
WOFileUtils.chmod(self, "/usr/bin/pt-query-advisor", 0o775)
|
||||
|
||||
# ngxblocker
|
||||
if any('/usr/local/sbin/install-ngxblocker' == x[1]
|
||||
for x in packages):
|
||||
WOFileUtils.chmod(
|
||||
self, "/usr/local/sbin/install-ngxblocker", 0o700)
|
||||
WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x')
|
||||
WOFileUtils.chmod(
|
||||
self, "/usr/local/sbin/update-ngxblocker", 0o700)
|
||||
|
||||
Reference in New Issue
Block a user