Add ngxblocker
This commit is contained in:
VirtuBox
3
install
3
install
@@ -9,7 +9,7 @@
|
|||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
# wget -qO wo wops.cc && sudo bash wo
|
# wget -qO wo wops.cc && sudo bash wo
|
||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
# Version 3.9.8.12 - 2019-09-20
|
# Version 3.9.9.1 - 2019-09-26
|
||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
|
|
||||||
# CONTENTS
|
# CONTENTS
|
||||||
@@ -455,6 +455,7 @@ wo_install_acme_sh() {
|
|||||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||||
chmod 750 /var/www/html /var/www/html/.well-known
|
chmod 750 /var/www/html /var/www/html/.well-known
|
||||||
else
|
else
|
||||||
|
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||||
chmod 750 /var/www/html /var/www/html/.well-known
|
chmod 750 /var/www/html /var/www/html/.well-known
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ import subprocess
|
|||||||
|
|
||||||
from cement.core import handler, hook
|
from cement.core import handler, hook
|
||||||
from cement.core.controller import CementBaseController, expose
|
from cement.core.controller import CementBaseController, expose
|
||||||
|
|
||||||
from wo.cli.plugins.site_functions import *
|
from wo.cli.plugins.site_functions import *
|
||||||
from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites,
|
from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites,
|
||||||
getSiteInfo, updateSiteInfo)
|
getSiteInfo, updateSiteInfo)
|
||||||
@@ -381,6 +380,9 @@ class WOSiteCreateController(CementBaseController):
|
|||||||
(['--hsts'],
|
(['--hsts'],
|
||||||
dict(help="enable HSTS for site secured with letsencrypt",
|
dict(help="enable HSTS for site secured with letsencrypt",
|
||||||
action='store_true')),
|
action='store_true')),
|
||||||
|
(['--ngxblocker'],
|
||||||
|
dict(help="enable HSTS for site secured with letsencrypt",
|
||||||
|
action='store_true')),
|
||||||
(['--user'],
|
(['--user'],
|
||||||
dict(help="provide user for WordPress site")),
|
dict(help="provide user for WordPress site")),
|
||||||
(['--email'],
|
(['--email'],
|
||||||
@@ -906,6 +908,10 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
action='store' or 'store_const',
|
action='store' or 'store_const',
|
||||||
choices=('on', 'off'),
|
choices=('on', 'off'),
|
||||||
const='on', nargs='?')),
|
const='on', nargs='?')),
|
||||||
|
(['--ngxblocker'],
|
||||||
|
dict(help="enable HSTS for site secured with letsencrypt",
|
||||||
|
action='store' or 'store_const',
|
||||||
|
const='on', nargs='?')),
|
||||||
(['--proxy'],
|
(['--proxy'],
|
||||||
dict(help="update to proxy site", nargs='+')),
|
dict(help="update to proxy site", nargs='+')),
|
||||||
(['--all'],
|
(['--all'],
|
||||||
@@ -1010,7 +1016,7 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
pargs.wp or pargs.wpfc or pargs.wpsc or
|
pargs.wp or pargs.wpfc or pargs.wpsc or
|
||||||
pargs.wprocket or pargs.wpce or
|
pargs.wprocket or pargs.wpce or
|
||||||
pargs.wpsubdir or pargs.wpsubdomain or
|
pargs.wpsubdir or pargs.wpsubdomain or
|
||||||
pargs.hsts)):
|
pargs.hsts or pargs.ngxblocker)):
|
||||||
try:
|
try:
|
||||||
updatewpuserpassword(self, wo_domain, wo_site_webroot)
|
updatewpuserpassword(self, wo_domain, wo_site_webroot)
|
||||||
except SiteError as e:
|
except SiteError as e:
|
||||||
@@ -1018,24 +1024,6 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
Log.info(self, "\nPassword Unchanged.")
|
Log.info(self, "\nPassword Unchanged.")
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
if (pargs.hsts and not (pargs.html or
|
|
||||||
pargs.php or pargs.php73 or pargs.mysql or
|
|
||||||
pargs.wp or pargs.wpfc or pargs.wpsc or
|
|
||||||
pargs.wprocket or pargs.wpce or
|
|
||||||
pargs.wpsubdir or pargs.wpsubdomain or
|
|
||||||
pargs.password)):
|
|
||||||
try:
|
|
||||||
SSL.setuphsts(self, wo_domain)
|
|
||||||
except SiteError as e:
|
|
||||||
Log.debug(self, str(e))
|
|
||||||
Log.info(self, "\nFail to enable HSTS")
|
|
||||||
if not WOService.reload_service(self, 'nginx'):
|
|
||||||
Log.error(self, "service nginx reload failed. "
|
|
||||||
"check issues with `nginx -t` command")
|
|
||||||
Log.info(self, "HSTS is enabled for "
|
|
||||||
"https://{0}".format(wo_domain))
|
|
||||||
return 0
|
|
||||||
|
|
||||||
if ((stype == 'php' and
|
if ((stype == 'php' and
|
||||||
oldsitetype not in ['html', 'proxy', 'php73']) or
|
oldsitetype not in ['html', 'proxy', 'php73']) or
|
||||||
(stype == 'mysql' and oldsitetype not in ['html', 'php',
|
(stype == 'mysql' and oldsitetype not in ['html', 'php',
|
||||||
@@ -1364,6 +1352,12 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
elif pargs.hsts == "off":
|
elif pargs.hsts == "off":
|
||||||
data['hsts'] = False
|
data['hsts'] = False
|
||||||
|
|
||||||
|
if pargs.ngxblocker:
|
||||||
|
if pargs.ngxblocker == 'on':
|
||||||
|
ngxblocker = True
|
||||||
|
elif pargs.ngxblocker == 'off':
|
||||||
|
ngxblocker = False
|
||||||
|
|
||||||
if not data:
|
if not data:
|
||||||
Log.error(self, "Cannot update {0}, Invalid Options"
|
Log.error(self, "Cannot update {0}, Invalid Options"
|
||||||
.format(wo_domain))
|
.format(wo_domain))
|
||||||
@@ -1374,7 +1368,7 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
data['wo_db_pass'] = check_site.db_password
|
data['wo_db_pass'] = check_site.db_password
|
||||||
data['wo_db_host'] = check_site.db_host
|
data['wo_db_host'] = check_site.db_host
|
||||||
|
|
||||||
if not (pargs.letsencrypt or pargs.hsts):
|
if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker):
|
||||||
try:
|
try:
|
||||||
pre_run_checks(self)
|
pre_run_checks(self)
|
||||||
except SiteError as e:
|
except SiteError as e:
|
||||||
@@ -1598,6 +1592,31 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
else:
|
else:
|
||||||
Log.error(self, "HSTS is not configured for given "
|
Log.error(self, "HSTS is not configured for given "
|
||||||
"site")
|
"site")
|
||||||
|
if pargs.ngxblocker:
|
||||||
|
if ngxblocker is True:
|
||||||
|
if not os.path.isfile("{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||||
|
.format(wo_site_webroot)):
|
||||||
|
setupngxblocker(self, wo_domain)
|
||||||
|
else:
|
||||||
|
WOFileUtils.mvfile(
|
||||||
|
self,
|
||||||
|
"{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||||
|
.format(wo_site_webroot),
|
||||||
|
"{0}/conf/nginx/ngxblocker.conf"
|
||||||
|
.format(wo_site_webroot))
|
||||||
|
elif ngxblocker is False:
|
||||||
|
if os.path.isfile("{0}/conf/nginx/ngxblocker.conf"
|
||||||
|
.format(wo_site_webroot)):
|
||||||
|
WOFileUtils.mvfile(
|
||||||
|
self,
|
||||||
|
"{0}/conf/nginx/ngxblocker.conf"
|
||||||
|
.format(wo_site_webroot),
|
||||||
|
"{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||||
|
.format(wo_site_webroot))
|
||||||
|
# Service Nginx Reload
|
||||||
|
if not WOService.reload_service(self, 'nginx'):
|
||||||
|
Log.error(self, "service nginx reload failed. "
|
||||||
|
"check issues with `nginx -t` command")
|
||||||
|
|
||||||
if stype == oldsitetype and cache == oldcachetype:
|
if stype == oldsitetype and cache == oldcachetype:
|
||||||
|
|
||||||
|
|||||||
@@ -1592,3 +1592,14 @@ def setuprocketchat(self):
|
|||||||
WOAptGet.install(self, ["snapd"])
|
WOAptGet.install(self, ["snapd"])
|
||||||
if WOShellExec.cmd_exec(self, "snap install rocketchat-server"):
|
if WOShellExec.cmd_exec(self, "snap install rocketchat-server"):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
def setupngxblocker(self, domain):
|
||||||
|
if os.path.isdir('/var/www/{0}/conf/nginx'.format(domain)):
|
||||||
|
ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf"
|
||||||
|
.format(domain),
|
||||||
|
encoding='utf-8', mode='w')
|
||||||
|
ngxconf.write("# Bad Bot Blocker\n"
|
||||||
|
"include /etc/nginx/bots.d/ddos.conf;\n"
|
||||||
|
"include /etc/nginx/bots.d/blockbots.conf;\n")
|
||||||
|
ngxconf.close()
|
||||||
|
|||||||
@@ -85,6 +85,9 @@ class WOStackController(CementBaseController):
|
|||||||
dict(help='Install phpRedisAdmin', action='store_true')),
|
dict(help='Install phpRedisAdmin', action='store_true')),
|
||||||
(['--proftpd'],
|
(['--proftpd'],
|
||||||
dict(help='Install ProFTPd', action='store_true')),
|
dict(help='Install ProFTPd', action='store_true')),
|
||||||
|
(['--ngxblocker'],
|
||||||
|
dict(help='Install Nginx Ultimate Bad Bot Blocker',
|
||||||
|
action='store_true')),
|
||||||
(['--force'],
|
(['--force'],
|
||||||
dict(help='Force install/remove/purge without prompt',
|
dict(help='Force install/remove/purge without prompt',
|
||||||
action='store_true')),
|
action='store_true')),
|
||||||
@@ -424,6 +427,19 @@ class WOStackController(CementBaseController):
|
|||||||
Log.debug(self, "eXtplorer is already installed")
|
Log.debug(self, "eXtplorer is already installed")
|
||||||
Log.info(self, "eXtplorer is already installed")
|
Log.info(self, "eXtplorer is already installed")
|
||||||
|
|
||||||
|
if pargs.ngxblocker:
|
||||||
|
if not os.path.isdir('/etc/nginx/bots.d'):
|
||||||
|
Log.debug(self, "Setting packages variable for ngxblocker")
|
||||||
|
packages = packages + \
|
||||||
|
[["https://raw.githubusercontent.com/"
|
||||||
|
"mitchellkrogza/nginx-ultimate-bad-bot-blocker"
|
||||||
|
"/master/install-ngxblocker",
|
||||||
|
"/usr/local/sbin/install-ngxblocker",
|
||||||
|
"ngxblocker"]]
|
||||||
|
else:
|
||||||
|
Log.debug(self, "ngxblocker is already installed")
|
||||||
|
Log.info(self, "ngxblocker is already installed")
|
||||||
|
|
||||||
# UTILS
|
# UTILS
|
||||||
if pargs.utils:
|
if pargs.utils:
|
||||||
Log.debug(self, "Setting packages variable for utils")
|
Log.debug(self, "Setting packages variable for utils")
|
||||||
|
|||||||
@@ -1337,3 +1337,12 @@ def post_pref(self, apt_packages, packages, upgrade=False):
|
|||||||
if any('/usr/bin/pt-query-advisor' == x[1]
|
if any('/usr/bin/pt-query-advisor' == x[1]
|
||||||
for x in packages):
|
for x in packages):
|
||||||
WOFileUtils.chmod(self, "/usr/bin/pt-query-advisor", 0o775)
|
WOFileUtils.chmod(self, "/usr/bin/pt-query-advisor", 0o775)
|
||||||
|
|
||||||
|
# ngxblocker
|
||||||
|
if any('/usr/local/sbin/install-ngxblocker' == x[1]
|
||||||
|
for x in packages):
|
||||||
|
WOFileUtils.chmod(
|
||||||
|
self, "/usr/local/sbin/install-ngxblocker", 0o700)
|
||||||
|
WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x')
|
||||||
|
WOFileUtils.chmod(
|
||||||
|
self, "/usr/local/sbin/update-ngxblocker", 0o700)
|
||||||
|
|||||||
Reference in New Issue
Block a user