diff --git a/install b/install index a380e30..d76dec6 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo bash wo # ------------------------------------------------------------------------- -# Version 3.9.8.12 - 2019-09-20 +# Version 3.9.9.1 - 2019-09-26 # ------------------------------------------------------------------------- # CONTENTS @@ -455,6 +455,7 @@ wo_install_acme_sh() { chown -R www-data:www-data /var/www/html /var/www/html/.well-known chmod 750 /var/www/html /var/www/html/.well-known else + chown -R www-data:www-data /var/www/html /var/www/html/.well-known chmod 750 /var/www/html /var/www/html/.well-known fi } diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 5c1fe78..b19ab44 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -5,7 +5,6 @@ import subprocess from cement.core import handler, hook from cement.core.controller import CementBaseController, expose - from wo.cli.plugins.site_functions import * from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites, getSiteInfo, updateSiteInfo) @@ -381,6 +380,9 @@ class WOSiteCreateController(CementBaseController): (['--hsts'], dict(help="enable HSTS for site secured with letsencrypt", action='store_true')), + (['--ngxblocker'], + dict(help="enable HSTS for site secured with letsencrypt", + action='store_true')), (['--user'], dict(help="provide user for WordPress site")), (['--email'], @@ -906,6 +908,10 @@ class WOSiteUpdateController(CementBaseController): action='store' or 'store_const', choices=('on', 'off'), const='on', nargs='?')), + (['--ngxblocker'], + dict(help="enable HSTS for site secured with letsencrypt", + action='store' or 'store_const', + const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--all'], @@ -1010,7 +1016,7 @@ class WOSiteUpdateController(CementBaseController): pargs.wp or pargs.wpfc or pargs.wpsc or pargs.wprocket or pargs.wpce or pargs.wpsubdir or pargs.wpsubdomain or - pargs.hsts)): + pargs.hsts or pargs.ngxblocker)): try: updatewpuserpassword(self, wo_domain, wo_site_webroot) except SiteError as e: @@ -1018,24 +1024,6 @@ class WOSiteUpdateController(CementBaseController): Log.info(self, "\nPassword Unchanged.") return 0 - if (pargs.hsts and not (pargs.html or - pargs.php or pargs.php73 or pargs.mysql or - pargs.wp or pargs.wpfc or pargs.wpsc or - pargs.wprocket or pargs.wpce or - pargs.wpsubdir or pargs.wpsubdomain or - pargs.password)): - try: - SSL.setuphsts(self, wo_domain) - except SiteError as e: - Log.debug(self, str(e)) - Log.info(self, "\nFail to enable HSTS") - if not WOService.reload_service(self, 'nginx'): - Log.error(self, "service nginx reload failed. " - "check issues with `nginx -t` command") - Log.info(self, "HSTS is enabled for " - "https://{0}".format(wo_domain)) - return 0 - if ((stype == 'php' and oldsitetype not in ['html', 'proxy', 'php73']) or (stype == 'mysql' and oldsitetype not in ['html', 'php', @@ -1364,6 +1352,12 @@ class WOSiteUpdateController(CementBaseController): elif pargs.hsts == "off": data['hsts'] = False + if pargs.ngxblocker: + if pargs.ngxblocker == 'on': + ngxblocker = True + elif pargs.ngxblocker == 'off': + ngxblocker = False + if not data: Log.error(self, "Cannot update {0}, Invalid Options" .format(wo_domain)) @@ -1374,7 +1368,7 @@ class WOSiteUpdateController(CementBaseController): data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host - if not (pargs.letsencrypt or pargs.hsts): + if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker): try: pre_run_checks(self) except SiteError as e: @@ -1598,6 +1592,31 @@ class WOSiteUpdateController(CementBaseController): else: Log.error(self, "HSTS is not configured for given " "site") + if pargs.ngxblocker: + if ngxblocker is True: + if not os.path.isfile("{0}/conf/nginx/ngxblocker.conf.disabled" + .format(wo_site_webroot)): + setupngxblocker(self, wo_domain) + else: + WOFileUtils.mvfile( + self, + "{0}/conf/nginx/ngxblocker.conf.disabled" + .format(wo_site_webroot), + "{0}/conf/nginx/ngxblocker.conf" + .format(wo_site_webroot)) + elif ngxblocker is False: + if os.path.isfile("{0}/conf/nginx/ngxblocker.conf" + .format(wo_site_webroot)): + WOFileUtils.mvfile( + self, + "{0}/conf/nginx/ngxblocker.conf" + .format(wo_site_webroot), + "{0}/conf/nginx/ngxblocker.conf.disabled" + .format(wo_site_webroot)) + # Service Nginx Reload + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") if stype == oldsitetype and cache == oldcachetype: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 9f2d641..cd4c19e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1592,3 +1592,14 @@ def setuprocketchat(self): WOAptGet.install(self, ["snapd"]) if WOShellExec.cmd_exec(self, "snap install rocketchat-server"): return True + + +def setupngxblocker(self, domain): + if os.path.isdir('/var/www/{0}/conf/nginx'.format(domain)): + ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf" + .format(domain), + encoding='utf-8', mode='w') + ngxconf.write("# Bad Bot Blocker\n" + "include /etc/nginx/bots.d/ddos.conf;\n" + "include /etc/nginx/bots.d/blockbots.conf;\n") + ngxconf.close() diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 9a2e3ea..b471676 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -85,6 +85,9 @@ class WOStackController(CementBaseController): dict(help='Install phpRedisAdmin', action='store_true')), (['--proftpd'], dict(help='Install ProFTPd', action='store_true')), + (['--ngxblocker'], + dict(help='Install Nginx Ultimate Bad Bot Blocker', + action='store_true')), (['--force'], dict(help='Force install/remove/purge without prompt', action='store_true')), @@ -424,6 +427,19 @@ class WOStackController(CementBaseController): Log.debug(self, "eXtplorer is already installed") Log.info(self, "eXtplorer is already installed") + if pargs.ngxblocker: + if not os.path.isdir('/etc/nginx/bots.d'): + Log.debug(self, "Setting packages variable for ngxblocker") + packages = packages + \ + [["https://raw.githubusercontent.com/" + "mitchellkrogza/nginx-ultimate-bad-bot-blocker" + "/master/install-ngxblocker", + "/usr/local/sbin/install-ngxblocker", + "ngxblocker"]] + else: + Log.debug(self, "ngxblocker is already installed") + Log.info(self, "ngxblocker is already installed") + # UTILS if pargs.utils: Log.debug(self, "Setting packages variable for utils") diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 521e2d3..1fac069 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -1337,3 +1337,12 @@ def post_pref(self, apt_packages, packages, upgrade=False): if any('/usr/bin/pt-query-advisor' == x[1] for x in packages): WOFileUtils.chmod(self, "/usr/bin/pt-query-advisor", 0o775) + + # ngxblocker + if any('/usr/local/sbin/install-ngxblocker' == x[1] + for x in packages): + WOFileUtils.chmod( + self, "/usr/local/sbin/install-ngxblocker", 0o700) + WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x') + WOFileUtils.chmod( + self, "/usr/local/sbin/update-ngxblocker", 0o700)