diff --git a/.travis.yml b/.travis.yml index e1898ba..0581229 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,12 @@ before_script: - sudo bash -c 'echo example.com > /etc/hostname' - sudo apt-get -qq purge mysql* graphviz* - sudo apt-get -qq autoremove --purge - - sudo apt-get update +addons: + apt: + update: true + +git: + quiet: true script: - lsb_release -a @@ -21,13 +26,8 @@ script: - sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig' - sudo echo "Travis Banch = $TRAVIS_BRANCH" - sudo apt-get install -y --force-yes git python3-setuptools python3-dev python3-apt ccze tree - - sudo bash install $TRAVIS_BRANCH - - sudo wo --help - - - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log - - - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log + - sudo bash install -b $TRAVIS_BRANCH + - sudo wo --help && sudo wo stack install && sudo wo stack install --admin - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create proxy.com --proxy=127.0.0.1:3000 || sudo tail -n50 /var/log/wo/wordops.log @@ -60,7 +60,4 @@ script: - sudo ls /var/www/ - sudo wp --allow-root --info - sudo wo info || sudo tail -n50 /var/log/wo/wordops.log - - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.vtbox.net/$(basename wordops.tar.gz) && echo "" || sudo echo "transfer.sh is down" - sudo tree -L 2 /etc/nginx diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ed4b35..d71a0dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - "wo maintenance" command to perform server package update & cleanup - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata +- additional argument for letsencrypt : --hsts +- Theme for adminer +- Credits for tools shipped with WordOps #### Changed @@ -37,6 +40,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Increase MySQL root password size to 16 characters - Increase MySQL users password size to 16 characters - Nginx locations template is the same for php7.2 & 7.3 +- refactor install script +- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf #### Fixed diff --git a/README.md b/README.md index deb0e7e..d22d233 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -

- WordOps +

Wordops +
-

+

An essential toolset that eases WordPress site and server administration

@@ -19,7 +19,6 @@

Key Features • - Getting StartedUsageRoadMapChangelog • @@ -28,8 +27,10 @@

WordOps site • +DocumentationCommunity forum • -Documentation +Slack +

--- @@ -41,8 +42,9 @@ - **Up-to-date** : Nginx 1.14.2 with Brotli support, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 - **Secured** : Hardened WordPress security with strict Nginx location directives - **Powerful** : Optimized Nginx configurations with multiple cache backends support -- **SSL** : Let's Encrypt SSL certificates handled by Acme.sh -- **Modern** : Secured SSL/TLS encryption with strong ciphers_suite and modern TLS protocols +- **SSL** : Let's Encrypt SSL certificates handled by acme.sh +- **Modern** : Secured SSL/TLS encryption with strong ciphers_suite, modern TLS protocols and HSTS support +- **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata ## Requirements @@ -63,7 +65,7 @@ ## Getting Started ```bash -wget -qO wo wops.cc && sudo bash wo # Install WordOps +curl -sL wops.cc | sudo bash # Install WordOps sudo wo site create example.com --wp # Install required packages & setup WordPress on example.com ``` @@ -75,6 +77,7 @@ WordOps made some fundamental changes: - Support for w3tc is dropped as a security precaution. - PHP 5.6 has been replaced by PHP 7.2 and PHP 7.0 has been replaced by PHP 7.3. - Nginx-ee package has been replaced by Nginx-wo (based on Nginx stable v1.14.2 with Brolti support) +- HHVM stack has been removed - Let's Encrypt stack isn't based on letsencrypt-auto anymore, we use acme.sh to handle SSL certificates If you are going to migrate from EasyEngine v3, here some important informations : @@ -129,15 +132,6 @@ wo site create example.com --wp --letsencrypt # install wordpress & secure site wo site create sub.example.com --wp --letsencrypt=subdomain # install wordpress and secure subdomain with letsencrypt ``` -## Cheatsheet - -| | single site | multisite w/ subdir | multisite w/ subdom | -|--------------------|---------------|-----------------------|--------------------------| -| **NO Cache** | --wp | --wpsubdir | --wpsubdomain | -| **WP Super Cache** | --wpsc | -wpsubdir --wpsc | --wpsubdomain --wpsc | -| **Nginx fastcgi_cache** | --wpfc | --wpsubdir --wpfc | --wpsubdomain --wpfc | -| **Redis cache** | --wpredis | --wpsubdir --wpredis | --wpsubdomain --wpredis | - ## Update WordOps ```bash @@ -146,8 +140,8 @@ wo update ## Support -If you feel there is a bug directly related to WordOps, feel free to open an issue. -For any other questions/suggestions about WordOps or if you need support, please use the [WordOps Community Forum](https://community.wordops.net/). +If you feel there is a bug directly related to WordOps, or if you want to suggest new features for WordOps, feel free to open an issue. +For any other questions about WordOps or if you need support, please use the [Community Forum](https://community.wordops.net/). # Contributing @@ -156,9 +150,18 @@ There is no need to be a developer or a system administrator to contribute to Wo ## Credits -- Main source : [EasyEngine](https://github.com/easyengine/easyengine) +- Source : [EasyEngine](https://github.com/easyengine/easyengine) + +Shipped with WordOps + - Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) - WordPress deployment : [WP-CLI](https://github.com/wp-cli/wp-cli) +- Monitoring : [Netdata](https://github.com/netdata/netdata) +- [phpMyAdmin](https://www.phpmyadmin.net/) +- [Adminer](https://www.adminer.org/) +- [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) +- [PHPMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) +- [opcacheGUI](https://github.com/amnuts/opcache-gui) ## License diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index 8ff11e5..6a6e3a9 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -74,7 +74,7 @@ _wo_complete() # HANDLE EVERYTHING AFTER THE THIRD LEVEL NAMESPACE "install" | "purge" | "remove" ) COMPREPLY=( $(compgen \ - -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin" \ + -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin --composer --netdata --fail2ban" \ -- $cur) ) ;; "upgrade" ) @@ -84,7 +84,7 @@ _wo_complete() ;; "start" | "stop" | "reload" | "restart" | "status") COMPREPLY=( $(compgen \ - -W "--nginx --php --php73 --mysql --memcache --redis" \ + -W "--nginx --php --php73 --mysql --memcache --redis --fail2ban --netdata" \ -- $cur) ) ;; "migrate") @@ -159,7 +159,7 @@ _wo_complete() "create") COMPREPLY=( $(compgen \ - -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt -le" \ + -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt --letsencrypt=subdomain -le" \ -- $cur) ) ;; @@ -213,7 +213,7 @@ _wo_complete() if [ ${COMP_WORDS[2]} == "create" ]; then retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --letsencrypt --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" + retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=subdomain --le=off " else retlist="" fi @@ -230,7 +230,7 @@ _wo_complete() "--wpsubdir" | "--wpsubdomain") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --php73" + retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --letsencrypt=subdomain --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then retlist="--wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" else @@ -248,7 +248,7 @@ _wo_complete() "--wpredis" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt " + retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt --letsencrypt=subdomain" else retlist="" fi @@ -272,7 +272,7 @@ _wo_complete() -- $cur) ) ;; - "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--memcache" | "--redis | --phpredisadmin") + "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--memcached" | "--redis | --phpredisadmin") if [[ ${COMP_WORDS[2]} == "install" || ${COMP_WORDS[2]} == "purge" || ${COMP_WORDS[2]} == "remove" ]]; then retlist="--web --admin --nginx --php --php73 --mysql--wpcli --phpmyadmin --adminer --utils --memcache --redis --phpredisadmin" elif [[ ${COMP_WORDS[2]} == "start" || ${COMP_WORDS[2]} == "reload" || ${COMP_WORDS[2]} == "restart" || ${COMP_WORDS[2]} == "stop" ]]; then @@ -324,8 +324,8 @@ _wo_complete() -- $cur) ) ;; - "--memcache" | "--opcache" | "--fastcgi" | "--all" | "--redis") - retlist="--memcache --opcache --fastcgi --redis --all" + "--memcached" | "--opcache" | "--fastcgi" | "--all" | "--redis") + retlist="--memcached --opcache --fastcgi --redis --all" ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ -W "$(echo $ret)" \ @@ -363,7 +363,7 @@ _wo_complete() case "$mprev" in "--user" | "--email" | "--pass") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt" + retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain" fi ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ diff --git a/docs/wo.8 b/docs/wo.8 index a6128b8..5c62929 100644 --- a/docs/wo.8 +++ b/docs/wo.8 @@ -3,17 +3,17 @@ .B WordOps (wo) \- Manage Nginx Based Websites. .SH SYNOPSIS -wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync] +wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync | maintenance] .TP -wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --hhvm | --phpmyadmin | --phpredisadmin | --wpcli | --utils ] +wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils ] .TP -wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --memcache | --redis] +wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --memcached | --redis] .TP wo site [ list | info | show | enable | disable | edit | cd | show ] [ example.com ] .TP -wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm | --letsencrypt/-le]] +wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --letsencrypt/-le/--letsencrypt=subdomain]] .TP -wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm ] [--password] [--letsencrypt=on/off/renew]] +wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ] [--password] [--letsencrypt=on/off/subdomain/renew]] .TP wo site delete example.com [--db | --files | --all | --no-prompt | --force/-f ] .TP @@ -129,13 +129,13 @@ Disable site by Destroying softlink with site file in .br Edit NGINX configuration of site. .TP -.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm ]] +.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ]] .br Create new site according to given options. If no options provided .br create static site with html only. .TP -.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis | --hhvm ] [--password]] +.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password]] .br Update site configuration according to specified options. .TP @@ -163,9 +163,9 @@ if used with --all=off argument. .br Update security settings. .TP -.B clean [ --fastcgi | --opcache | --memcache | --redis | --all ] +.B clean [ --fastcgi | --opcache | --memcached | --redis | --all ] .br -Clean NGINX fastCGI cache, Opcache, Memcache, Redis cache. +Clean NGINX fastCGI cache, Opcache, memcached, Redis cache. .br Clean NGINX fastCGI cache if no option specified. .SH ARGUMENTS @@ -274,17 +274,13 @@ Install and activate Nginx-helper and WP Super Cache plugin. .TP .B --wpfc .br -Install and activate Nginx-helper and W3 Total Cache plugin with +Install and activate Nginx-helper plugin with .br Nginx FastCGI cache. .TP .B --wpredis .br Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Page Caching. -.TP -.B --hhvm -.br -Install, activate Nginx-helper and configure NGINX for HHVM. .SH FILES .br /etc/wo/wo.conf diff --git a/install b/install index 213832c..fc47f13 100755 --- a/install +++ b/install @@ -7,10 +7,10 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-03-27 +# Version 3.9.5 - 2019-04-14 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.3" +readonly wo_version_new="3.9.4.5" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -56,7 +56,7 @@ wo_lib_error() { ### if [[ $EUID -ne 0 ]]; then wo_lib_echo_fail "Sudo privilege required..." - wo_lib_echo_fail "Use: wget -qO wo wordops.se/tup && sudo bash wo" + wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" exit 100 fi @@ -78,10 +78,30 @@ if [ -z "$(command -v lsb_release)" ]; then apt-get -y install lsb-release -qq fi +while [ "$#" -gt 0 ]; do + case "$1" in + -b | --branch) + wo_branch="$2" + shift + ;; + -p | --preserve) + wo_preserve_config="y" + ;; + --force) + wo_force_install="y" + ;; + *) # positional args + ;; + esac + shift +done + ### # 1 - Define variables for later use ### -wo_branch="$1" +if [ -z "$wo_branch" ]; then + wo_branch=master +fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_install_log=/var/log/wo/install.log @@ -95,14 +115,15 @@ EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" if [ -x /usr/local/bin/ee ]; then - migration=1 -else - migration=0 + ee_migration=1 +elif [ -x /usr/local/bin/wo ]; then + wo_upgrade=1 fi ### # 1 - Checking linux distro ### +if [ -z "$wo_force_install" ]; then if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ]; then wo_lib_echo_fail "WordOps (wo) only supports Ubuntu and Debian at the moment." wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support" @@ -115,6 +136,7 @@ else exit 100 fi fi +fi ### # 1 - To prevent errors or unexpected behaviour, create the log and ACL it @@ -154,20 +176,20 @@ wo_install_dep() { locale-gen en } >> "$wo_install_log" 2>&1 # Support PFS - if [ -f /etc/nginx/nginx.conf ]; then - # Replace previous ciphers - new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" - sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf - # Change the TLS protocols - sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf - fi + # if [ -f /etc/nginx/nginx.conf ]; then + # # Replace previous ciphers + # new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" + # sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf + # # Change the TLS protocols + # sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf + # fi - # Let's Encrypt .well-known folder setup - if [ ! -d /var/www/html/.well-known/acme-challenge ]; then - mkdir -p /var/www/html/.well-known/acme-challenge - chown -R www-data:www-data /var/www/html /var/www/html/.well-known - chmod 750 /var/www/html /var/www/html/.well-known - fi + # # Let's Encrypt .well-known folder setup + # if [ ! -d /var/www/html/.well-known/acme-challenge ]; then + # mkdir -p /var/www/html/.well-known/acme-challenge + # chown -R www-data:www-data /var/www/html /var/www/html/.well-known + # chmod 750 /var/www/html /var/www/html/.well-known + # fi } ### @@ -228,8 +250,8 @@ wo_sync_db() { wo_site_current_type=$(grep "common/" /etc/nginx/sites-available/$site | awk -F "/" '{print $2}') - if [ "$(echo "$wo_site_current_type" | grep php)" ]; then - if [ "$(echo "$wo_site_current_type" | grep php7)" ]; then + if [ "$(echo $wo_site_current_type | grep php)" ]; then + if [ "$(echo $wo_site_current_type | grep php7)" ]; then wo_php_version="7.0" else wo_php_version="5.6" @@ -238,28 +260,28 @@ wo_sync_db() { wo_php_version="" fi - if [ "$(echo "$wo_site_current_type" | grep redis)" ]; then + if [ "$(echo $wo_site_current_type | grep redis)" ]; then wo_site_current_cache="wpredis" - elif [ -z "$(echo "$wo_site_current_type" | grep wpsc)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpsc)" ]; then wo_site_current_cache="wpsc" - elif [ -z "$(echo "$wo_site_current_type" | grep wpfc)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpfc)" ]; then wo_site_current_cache="wpfc" else wo_site_current_cache="basic" fi - if [ "$(echo "$wo_site_current_type" | grep wp)" ]; then - if [ -z "$(echo "$wo_site_current_type" | grep wpsubdir)" ]; then + if [ "$(echo $wo_site_current_type | grep wp)" ]; then + if [ -z "$(echo $wo_site_current_type | grep wpsubdir)" ]; then wo_site_current="wpsubdir" - elif [ -z "$(echo "$wo_site_current_type" | grep wpsudomain)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpsudomain)" ]; then wo_site_current="wpsubdomain" else wo_site_current="wp" fi else - if [ -z "$(echo "$wo_site_current_type" | grep location)" ]; then + if [ -z "$(echo $wo_site_current_type | grep location)" ]; then wo_site_current="proxy" - elif [ -z "$(echo "$wo_site_current_type" | grep php)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep php)" ]; then wo_site_current="html" else if [ -f /var/www/${site}/ee-config.php ] || [ -f /var/www/${site}/wo-config.php ]; then @@ -360,37 +382,35 @@ wo_install_acme_sh() { } >> "$wo_install_log" 2>&1 fi - if [ -d "$HOME/.acme/.sh" ]; then + if [ -d "$HOME/.acme.sh" ]; then { - rsync -az --exclude="account.conf" \ + /usr/bin/rsync -rltgoDpz --exclude="account.conf" \ --exclude="acme.sh" \ --exclude="acme.sh.env" \ --exclude="deploy" \ --exclude="dnsapi" \ --exclude="http.header" \ --exclude="ca" \ + --del \ "$HOME/.acme.sh/" \ /etc/letsencrypt/renewal/ + } >> "$wo_install_log" 2>&1 fi } -# Now, finally, let's install WordOps +# Clone Github repository if it doesn't exist wo_install() { { - rm -rf /tmp/easyengine - rm -rf /tmp/wordops - - [ -z "$wo_branch" ] && { - wo_branch=master - } - - git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet - - cd /tmp/wordops || exit 1 + if [ ! -d /tmp/WordOps/.git ]; then + rm -rf /tmp/WordOps + git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" + else + git -C /tmp/WordOps pull origin "$wo_branch" + fi + cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 python3 setup.py install - } wo_upgrade_nginx() { @@ -402,13 +422,17 @@ wo_upgrade_nginx() { rm -rf /var/lib/wo-backup/nginx fi # backup nginx conf - /usr/bin/rsync -az /etc/nginx/ /var/lib/wo-backup/nginx/ - + if [ -d /etc/nginx ]; then + /usr/bin/rsync -az /etc/nginx/ /var/lib/wo-backup/nginx/ + fi + if [ -d /etc/php ]; then + /usr/bin/rsync -az /etc/php/ /var/lib/wo-backup/php/ + fi # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo) - CHECK_PHP72=$(dpkg --list | grep php7.2-fpm) - CHECK_PHP73=$(dpkg --list | grep php7.3-fpm) + CHECK_PHP72=$(command -v php-fpm7.2) + CHECK_PHP73=$(command -v php-fpm7.3) # add new Nginx repository if [ "$wo_linux_distro" = "Ubuntu" ]; then @@ -447,25 +471,28 @@ wo_upgrade_nginx() { # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge - rm -rf /etc/nginx elif [ -n "$CHECK_NGINX_WO" ]; then apt-mark unhold nginx-wo nginx-common nginx-custom apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge + + fi + if [ -d /etc/nginx ]; then rm -rf /etc/nginx fi - # remove previous php-fpm pool configuration if [ -n "$CHECK_PHP72" ]; then apt-get remove php7.2-fpm -y -qq --purge rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} fi - /usr/local/bin/wo stack install --nginx --php - echo "$wo_version_new" > /etc/nginx/common/release if [ -n "$CHECK_PHP73" ]; then + WO_STACK_INSTALL_ARGS="--php73" apt-get remove php7.3-fpm -y -qq --purge rm -f /etc/php/7.3/fpm/pool.d/{www.conf,www-two.conf,debug.conf} - /usr/local/bin/wo stack install --php73 + else + WO WO_STACK_INSTALL_ARGS="" fi + /usr/local/bin/wo stack install --nginx --php $WO_STACK_INSTALL_ARGS + echo "$wo_version_new" > /etc/nginx/common/release rm -f /etc/nginx/common/acl.conf /etc/nginx/conf.d/{map-wp-cache.conf,map-wp.conf} fi @@ -593,7 +620,7 @@ wo_backup_ee() { } wo_backup_wo() { - tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx/ /usr/local/lib/python3.6/dist-packages/wo-*.egg /etc/wo >> /var/log/wo/install.log 2>&1 + tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx/ /usr/local/lib/python3.6/dist-packages/wo-*.egg /etc/wo /var/lib/wo >> /var/log/wo/install.log 2>&1 } wo_clean_ee() { @@ -623,10 +650,8 @@ if [ -x /usr/local/bin/wo ]; then wo_upgrade_nginx | tee -ai $wo_install_log fi wo_update_latest | tee -ai $wo_install_log - if [ ! -d /opt/acme.sh ]; then - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log - fi + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log @@ -655,10 +680,8 @@ else wo_upgrade_nginx | tee -ai $wo_install_log fi wo_update_latest | tee -ai $wo_install_log - if [ ! -d /opt/acme.sh ]; then - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log - fi + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log @@ -684,21 +707,19 @@ fi wo sync | tee -ai $wo_install_log -if [ "$migration" -eq "1" ]; then +if [ "$ee_migration" = "1" ]; then echo wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!" wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz" echo - wo_lib_echo_info "For autocompletion, run the following command:" - wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" - echo - wo_lib_echo "WordOps (wo) help: https://docs.wordops.net" +elif [ "$wo_upgrade" = "1" ]; then + wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!" else - echo - wo_lib_echo "For WordOps (wo) auto completion, run the following command" - echo - wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" - echo - wo_lib_echo "Yay! WordOps (wo) installed/updated successfully" - wo_lib_echo "WordOps (wo) help: https://docs.wordops.net" + wo_lib_echo "WordOps (wo) installed successfully" fi +wo_lib_echo_info "For autocompletion, run the following command:" +wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" +echo +wo_lib_echo "WordOps Documentation : https://docs.wordops.net" +wo_lib_echo "WordOps Community Forum : https://community.wordops.net" +echo diff --git a/logo.png b/logo.png new file mode 100644 index 0000000..2fe842e Binary files /dev/null and b/logo.png differ diff --git a/setup.py b/setup.py index df2f56d..177f910 100644 --- a/setup.py +++ b/setup.py @@ -33,11 +33,9 @@ try: wo_user = config['user']['name'] wo_email = config['user']['email'] except Exception as e: - print("WordOps (wo) required your name & email address to track" - " changes you made under the Git version control") - print("WordOps (wo) will be able to send you daily reports & alerts in " - "upcoming version") - print("WordOps (wo) will NEVER share your information with other parties") + print("WordOps (wo) require an username & and an email " + "address to configure Git (used to save server configurations)") + print("Your informations will ONLY be stored locally") wo_user = input("Enter your name: ") while wo_user is "": @@ -55,7 +53,7 @@ except Exception as e: os.system("git config --global user.email {0}".format(wo_email)) if not os.path.isfile('/root/.gitconfig'): - shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') + shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') setup(name='wo', version='3.9.4', @@ -87,7 +85,7 @@ setup(name='wo', 'psutil == 3.1.1', 'sh', 'SQLAlchemy', - ], + ], data_files=[('/etc/wo', ['config/wo.conf']), ('/etc/wo/plugins.d', conf), ('/usr/lib/wo/templates', templates), diff --git a/wo/cli/controllers/base.py b/wo/cli/controllers/base.py index 9a2dbc0..ac0e34f 100644 --- a/wo/cli/controllers/base.py +++ b/wo/cli/controllers/base.py @@ -13,12 +13,11 @@ Copyright (c) 2019 WordOps. class WOBaseController(CementBaseController): class Meta: label = 'base' - description = ("WordOps is the commandline tool to manage your" - " websites based on WordPress and Nginx with easy to" - " use commands") + description = ("An essential toolset that eases WordPress " + "site and server administration with Nginx") arguments = [ (['-v', '--version'], dict(action='version', version=BANNER)), - ] + ] @expose(hide=True) def default(self): diff --git a/wo/cli/plugins/clean.py b/wo/cli/plugins/clean.py index 58b1246..b434815 100644 --- a/wo/cli/plugins/clean.py +++ b/wo/cli/plugins/clean.py @@ -89,11 +89,12 @@ class WOCleanController(CementBaseController): try: Log.info(self, "Cleaning opcache") wp = urllib.request.urlopen(" https://127.0.0.1:22222/cache" - "/opcache/opgui.php?page=reset").read() + "/opcache/opgui.php?reset=1").read() except Exception as e: Log.debug(self, "{0}".format(e)) Log.debug(self, "Unable hit url, " - " https://127.0.0.1:22222/cache/opcache/opgui.php?page=reset," + " https://127.0.0.1:22222/cache/opcache/" + "opgui.php?reset=1," " please check you have admin tools installed") Log.debug(self, "please check you have admin tools installed," " or install them with `wo stack install --admin`") diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 439bd1a..f96642f 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -163,7 +163,8 @@ class WOSiteController(CementBaseController): sslexpiry = '' data = dict(domain=wo_domain, webroot=wo_site_webroot, accesslog=access_log, errorlog=error_log, - dbname=wo_db_name, dbuser=wo_db_user, php_version=php_version, + dbname=wo_db_name, dbuser=wo_db_user, + php_version=php_version, dbpass=wo_db_pass, ssl=ssl, sslprovider=sslprovider, sslexpiry=sslexpiry, type=sitetype + " " + cachetype + " ({0})" @@ -279,7 +280,8 @@ class WOSiteEditController(CementBaseController): except CommandExecutionError as e: Log.error(self, "Failed invoke editor") if (WOGit.checkfilestatus(self, "/etc/nginx", - '/etc/nginx/sites-available/{0}'.format(wo_domain))): + '/etc/nginx/sites-available/{0}' + .format(wo_domain))): WOGit.add(self, ["/etc/nginx"], msg="Edit website: {0}" .format(wo_domain)) # Reload NGINX @@ -334,6 +336,9 @@ class WOSiteCreateController(CementBaseController): action='store' or 'store_const', choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), + (['--hsts'], + dict(help="enable HSTS for site secured with letsencrypt", + action='store_true')), (['--user'], dict(help="provide user for WordPress site")), (['--email'], @@ -493,7 +498,8 @@ class WOSiteCreateController(CementBaseController): webroot=data['webroot']) Log.debug(self, str(e)) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") if 'proxy' in data.keys() and data['proxy']: addNewSite(self, wo_domain, stype, cache, wo_site_webroot) @@ -507,7 +513,8 @@ class WOSiteCreateController(CementBaseController): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg, log=False) @@ -545,7 +552,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") try: wodbconfig = open("{0}/wo-config.php" @@ -575,7 +583,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") # Setup WordPress if Wordpress site if data['wp']: @@ -599,7 +608,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") # Service Nginx Reload call cleanup if failed to reload nginx if not WOService.reload_service(self, 'nginx'): @@ -617,7 +627,8 @@ class WOSiteCreateController(CementBaseController): Log.info(self, Log.FAIL + "service nginx reload failed." " check issues with `nginx -t` command.") Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") WOGit.add(self, ["/etc/nginx"], msg="{0} created with {1} {2}" @@ -640,7 +651,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` and " + "please try again") if wo_auth and len(wo_auth): for msg in wo_auth: @@ -661,18 +673,30 @@ class WOSiteCreateController(CementBaseController): "`tail /var/log/wo/wordops.log` and please try again") if self.app.pargs.letsencrypt == "on": - data['letsencrypt'] = True - letsencrypt = True + if self.app.pargs.hsts: + data['letsencrypt'] = True + letsencrypt = True + data['hsts'] = True + hsts = True + else: + data['letsencrypt'] = True + letsencrypt = True + data['hsts'] = False + hsts = False if data['letsencrypt'] is True: setupLetsEncrypt(self, wo_domain) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + setupHsts(self, wo_domain) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully Configured " + "SSl for Site " " https://{0}".format(wo_domain)) # Add nginx conf folder into GIT @@ -689,15 +713,23 @@ class WOSiteCreateController(CementBaseController): data['letsencrypt'] = True letsencrypt = True + if self.app.pargs.hsts == 'on': + data['hsts'] = True + hsts = True + if data['letsencrypt'] is True: setupLetsEncryptSubdomain(self, wo_domain) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + setupHsts(self, wo_domain) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully Configured " + "SSl for Site " " https://{0}".format(wo_domain)) # Add nginx conf folder into GIT @@ -753,6 +785,11 @@ class WOSiteUpdateController(CementBaseController): action='store' or 'store_const', choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), + (['--hsts'], + dict(help="configure hsts for the site", + action='store' or 'store_const', + choices=('on', 'off'), + const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--experimental'], @@ -776,7 +813,7 @@ class WOSiteUpdateController(CementBaseController): if not (pargs.php or pargs.php73 or pargs.mysql or pargs.wp or pargs.wpsubdir or pargs.wpsubdomain or pargs.wpfc or pargs.wpsc or - pargs.wpredis or pargs.letsencrypt): + pargs.wpredis or pargs.letsencrypt or pargs.hsts): Log.error(self, "Please provide options to update sites.") if pargs.all: @@ -853,7 +890,8 @@ class WOSiteUpdateController(CementBaseController): if (pargs.password and not (pargs.html or pargs.php or pargs.php73 or pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or - pargs.wpsubdir or pargs.wpsubdomain)): + pargs.wpsubdir or pargs.wpsubdomain or + pargs.hsts)): try: updatewpuserpassword(self, wo_domain, wo_site_webroot) except SiteError as e: @@ -1009,7 +1047,8 @@ class WOSiteUpdateController(CementBaseController): " https://{0}".format(wo_domain)) if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") Log.info(self, "Expiration date: " + str(SSL.getExpirationDate(self, wo_domain))) @@ -1040,12 +1079,14 @@ class WOSiteUpdateController(CementBaseController): if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") Log.info(self, "Expiration date: \n\n" + str(SSL.getExpirationDate(self, wo_domain))) return 0 # else: - # Log.warn(self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + # Log.warn(self, "Your cert already EXPIRED ! + # .PLEASE renew soon . ") else: Log.info( self, "SSL not configured for " @@ -1115,6 +1156,14 @@ class WOSiteUpdateController(CementBaseController): cache == oldcachetype): return 1 + if pargs.hsts: + if pargs.hsts == "on": + data['hsts'] = True + hsts = True + elif pargs.hsts == "off": + data['hsts'] = False + hsts = False + if not data: Log.error(self, "Cannot update {0}, Invalid Options" .format(wo_domain)) @@ -1125,7 +1174,7 @@ class WOSiteUpdateController(CementBaseController): data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host - if not pargs.letsencrypt: + if not (pargs.letsencrypt or pargs.hsts): try: pre_run_checks(self) except SiteError as e: @@ -1175,15 +1224,18 @@ class WOSiteUpdateController(CementBaseController): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully " + "Configured SSl for Site " " https://{0}".format(wo_domain)) if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") else: Log.warn( - self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + self, "Your cert already EXPIRED ! " + ".PLEASE renew soon . ") elif data['letsencrypt'] is False: if os.path.isfile("{0}/conf/nginx/ssl.conf" @@ -1194,6 +1246,12 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1228,7 +1286,8 @@ class WOSiteUpdateController(CementBaseController): if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") else: Log.warn( self, "Your cert already EXPIRED !" @@ -1243,6 +1302,14 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1261,6 +1328,39 @@ class WOSiteUpdateController(CementBaseController): updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 + if pargs.hsts: + if data['hsts'] is True: + if os.path.isfile(("{0}/conf/nginx/ssl.conf") + .format(wo_site_webroot)): + if not os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): + setupHsts(self, wo_domain) + else: + Log.error(self, "HSTS is already configured for given " + "site") + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + else: + Log.error(self, "HTTPS is not configured for given " + "site") + return 0 + + elif data['hsts'] is False: + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + else: + Log.error(self, "HSTS is not configured for given " + "site") + return 0 + if stype == oldsitetype and cache == oldcachetype: # Service Nginx Reload @@ -1269,7 +1369,8 @@ class WOSiteUpdateController(CementBaseController): "check issues with `nginx -t` command") updateSiteInfo(self, wo_domain, stype=stype, cache=cache, - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) @@ -1327,44 +1428,98 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and - (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): + (data['wpfc'])) or (oldsitetype == 'wp' and + data['multisite'] and data['wpfc'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_fastcgi",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and - (data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): + (data['wpredis'])) or (oldsitetype == 'wp' and + data['multisite'] and + data['wpredis'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 else: try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":0,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":0,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1",' + '"redis_port":"6379","redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpsc' and not data['wpsc']: @@ -1374,7 +1529,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpredis' and not data['wpredis']: @@ -1384,7 +1540,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype != 'wpsc' and data['wpsc']: @@ -1401,10 +1558,12 @@ class WOSiteUpdateController(CementBaseController): try: if installwp_plugin(self, 'redis-cache', data): # search for wp-config.php - if WOFileUtils.isexist(self, "{0}/wp-config.php".format(wo_site_webroot)): + if WOFileUtils.isexist(self, "{0}/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/wp-config.php'.format( wo_site_webroot) - elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php".format(wo_site_webroot)): + elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/htdocs/wp-config.php'.format( wo_site_webroot) else: @@ -1415,22 +1574,24 @@ class WOSiteUpdateController(CementBaseController): self, "wp-config.php could not be located !!") raise SiteError - if WOShellExec.cmd_exec(self, "grep -q \"WP_CACHE_KEY_SALT\" {0}" + if WOShellExec.cmd_exec(self, "grep -q " + "\"WP_CACHE_KEY_SALT\" {0}" .format(config_path)): pass else: try: wpconfig = open("{0}".format(config_path), encoding='utf-8', mode='a') - wpconfig.write("\n\ndefine( \'WP_CACHE_KEY_SALT\', \'{0}:\' );" - .format(wo_domain)) + wpconfig.write("\n\ndefine( \'WP_CACHE_KEY_SALT\'," + " \'{0}:\' );".format(wo_domain)) wpconfig.close() except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Updating wp-config.php failed.") Log.warn(self, "Updating wp-config.php failed. " - "Could not append:" - "\ndefine( \'WP_CACHE_KEY_SALT\', \'{0}:\' );".format(wo_domain) + + "Could not append:" + "\ndefine( \'WP_CACHE_KEY_SALT\', " + "\'{0}:\' );".format(wo_domain) + "\nPlease add manually") except SiteError as e: Log.debug(self, str(e)) @@ -1473,10 +1634,12 @@ class WOSiteUpdateController(CementBaseController): db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host'], - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) else: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 @@ -1608,9 +1771,11 @@ class WOSiteDeleteController(CementBaseController): deleteSiteInfo(self, wo_domain) Log.info(self, "Deleted site {0}".format(wo_domain)) # else: - # Log.error(self, " site {0} does not exists".format(wo_domain)) + # Log.error(self, " site {0} does + # not exists".format(wo_domain)) else: - if (mark_db_delete_prompt or mark_webroot_delete_prompt or (mark_webroot_deleted and mark_db_deleted)): + if (mark_db_delete_prompt or mark_webroot_delete_prompt or + (mark_webroot_deleted and mark_db_deleted)): # TODO Delete nginx conf removeNginxConf(self, wo_domain) deleteSiteInfo(self, wo_domain) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index fb779aa..818e23e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -96,8 +96,8 @@ def setupdomain(self, data): Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]") except CalledProcessError as e: Log.debug(self, "{0}".format(str(e))) - Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" - + Log.OKBLUE + "]") + Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + + Log.OKBLUE + "]") raise SiteError("created nginx configuration failed for site." " check with `nginx -t`") @@ -141,7 +141,8 @@ def setupdomain(self, data): def setupdatabase(self, data): wo_domain_name = data['site_name'] wo_random = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 24))) + string.ascii_lowercase + + string.digits, 24))) wo_replace_dot = wo_domain_name.replace('.', '_') prompt_dbname = self.app.config.get('mysql', 'db-name') prompt_dbuser = self.app.config.get('mysql', 'db-user') @@ -242,7 +243,8 @@ def setupwordpress(self, data): wo_wp_email = self.app.config.get('wordpress', 'email') # Random characters wo_random = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 15))) + string.ascii_lowercase + + string.digits, 15))) wo_wp_prefix = '' # wo_wp_user = '' # wo_wp_pass = '' @@ -312,8 +314,8 @@ def setupwordpress(self, data): "--dbuser=\'{2}\' --dbhost=\'{3}\' " .format(data['wo_db_name'], wo_wp_prefix, data['wo_db_user'], data['wo_db_host'] - ) - + "--dbpass=\'{0}\' " + ) + + "--dbpass=\'{0}\' " "--extra-php< 0): Log.error(self, "Your current certificate will expire within " + - str(SSL.getExpirationDays(self, wo_domain_name)) + " days.", False) + str(SSL.getExpirationDays(self, wo_domain_name)) + + " days.", False) else: Log.error(self, "Your current certificate already expired!", False) @@ -1405,6 +1453,23 @@ def renewLetsEncrypt(self, wo_domain_name): # redirect= False to disable https redirection +def setupHsts(self, wo_domain_name): + Log.info( + self, "Adding /var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name)) + + hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + hstsconf.write("more_set_headers " + "\"Strict-Transport-Security: " + "max-age=31536000; " + "'includeSubDomains; " + "preload\";") + hstsconf.close() + return 0 + + def httpsRedirect(self, wo_domain_name, redirect=True): if redirect: if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" @@ -1426,23 +1491,30 @@ def httpsRedirect(self, wo_domain_name, redirect=True): sslconf.write("server {\n" "\tlisten 80;\n" + "\tlisten [::]:80;\n" + - "\tserver_name www.{0} {0};\n".format(wo_domain_name) + - "\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}") + "\tserver_name www.{0} {0};\n" + .format(wo_domain_name) + + "\treturn 301 https://{0}" + .format(wo_domain_name)+"$request_uri;\n}") sslconf.close() # Nginx Configation into GIT except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Error occured while generating " - "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) + "/etc/nginx/conf.d/force-ssl-{0}.conf" + .format(wo_domain_name)) Log.info(self, "Added HTTPS Force Redirection for Site " " http://{0}".format(wo_domain_name)) WOGit.add(self, - ["/etc/nginx"], msg="Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) + ["/etc/nginx"], msg="Adding /etc/nginx/conf.d/" + "force-ssl-{0}.conf".format(wo_domain_name)) else: - if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)): - WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name), - "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)) + if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf" + .format(wo_domain_name)): + WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf" + .format(wo_domain_name), + "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" + .format(wo_domain_name)) Log.info(self, "Disabled HTTPS Force Redirection for Site " " http://{0}".format(wo_domain_name)) @@ -1478,7 +1550,8 @@ def archivedCertificateHandle(self, domain): "{0}/{1}/fullchain.pem " "--reloadcmd " "\"service nginx restart\" " - .format(WOVariables.wo_ssl_live, domain)) + .format(WOVariables.wo_ssl_live, + domain)) if ssl: try: @@ -1495,7 +1568,8 @@ def archivedCertificateHandle(self, domain): sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate " + "{0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" .format(WOVariables.wo_ssl_live, domain)) sslconf.close() @@ -1525,7 +1599,7 @@ def archivedCertificateHandle(self, domain): "'/etc/letsencrypt/config' " "--renew -d {0} --ecc " "--force" - .format(domain)) + .format(domain)) if ssl: diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 2699c52..b50f8ee 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -90,7 +90,8 @@ class WOStackController(CementBaseController): if set(WOVariables.wo_mysql).issubset(set(apt_packages)): Log.info(self, "Adding repository for MySQL, please wait...") - mysql_pref = ("Package: *\nPin: origin sfo1.mirrors.digitalocean.com" + mysql_pref = ("Package: *\nPin: origin " + "sfo1.mirrors.digitalocean.com" "\nPin-Priority: 1000\n") with open('/etc/apt/preferences.d/' 'MariaDB.pref', 'w') as mysql_pref_file: @@ -441,6 +442,14 @@ class WOStackController(CementBaseController): os.makedirs('{0}22222/cert' .format(WOVariables.wo_webroot)) + if not os.path.exists('{0}22222/conf/nginx' + .format(WOVariables.wo_webroot)): + Log.debug(self, "Creating directory " + "{0}22222/conf/nginx" + .format(WOVariables.wo_webroot)) + os.makedirs('{0}22222/conf/nginx' + .format(WOVariables.wo_webroot)) + WOFileUtils.create_symlink(self, ['/var/log/nginx/' '22222.access.log', '{0}22222/' @@ -487,7 +496,17 @@ class WOStackController(CementBaseController): except CommandExecutionError as e: Log.error( - self, "Failed to generate HTTPS certificate for 22222") + self, "Failed to generate HTTPS " + "certificate for 22222") + + if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' + .format(WOVariables.wo_webroot)): + with open("/etc/nginx/conf.d/" + "upstream.conf", "a") as php_file: + php_file.write("ssl_certificate " + "/var/www/22222/cert/22222.crt;\n" + "ssl_certificate_key " + "/var/www/22222/cert/22222.key;\n") # Nginx Configation into GIT WOGit.add(self, @@ -504,6 +523,7 @@ class WOStackController(CementBaseController): else: WOService.restart_service(self, 'nginx') + # create redis conf is redis is installed if WOAptGet.is_installed(self, 'redis-server'): if (os.path.isfile("/etc/nginx/nginx.conf") and not os.path.isfile("/etc/nginx/common/" @@ -530,6 +550,7 @@ class WOStackController(CementBaseController): out=wo_nginx) wo_nginx.close() + # add redis upstream if not available in upstream.conf if os.path.isfile("/etc/nginx/conf.d/upstream.conf"): if not WOFileUtils.grep(self, "/etc/nginx/conf.d/" "upstream.conf", @@ -540,8 +561,10 @@ class WOStackController(CementBaseController): " server 127.0.0.1:6379;\n" " keepalive 10;\n}\n") + # add redis cache format if not already done if (os.path.isfile("/etc/nginx/nginx.conf") and - not os.path.isfile("/etc/nginx/conf.d/redis.conf")): + not os.path.isfile("/etc/nginx/conf.d" + "/redis.conf")): with open("/etc/nginx/conf.d/" "redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" @@ -841,7 +864,8 @@ class WOStackController(CementBaseController): config.write(configfile) # Parse /etc/php/7.3/fpm/php-fpm.conf - data = dict(pid="/run/php/php7.3-fpm.pid", error_log="/var/log/php7.3-fpm.log", + data = dict(pid="/run/php/php7.3-fpm.pid", + error_log="/var/log/php7.3-fpm.log", include="/etc/php/7.3/fpm/pool.d/*.conf") Log.debug(self, "writting php 7.3 configuration into " "/etc/php/7.3/fpm/php-fpm.conf") @@ -1011,28 +1035,38 @@ class WOStackController(CementBaseController): shutil.move('/tmp/phpmyadmin-STABLE/', '{0}22222/htdocs/db/pma/' .format(WOVariables.wo_webroot)) - shutil.copyfile('{0}22222/htdocs/db/pma/config.sample.inc.php' + shutil.copyfile('{0}22222/htdocs/db/pma' + '/config.sample.inc.php' .format(WOVariables.wo_webroot), '{0}22222/htdocs/db/pma/config.inc.php' .format(WOVariables.wo_webroot)) - Log.debug(self, 'Setting Blowfish Secret Key FOR COOKIE AUTH to ' + Log.debug(self, 'Setting Blowfish Secret Key ' + 'FOR COOKIE AUTH to ' '{0}22222/htdocs/db/pma/config.inc.php file ' .format(WOVariables.wo_webroot)) blowfish_key = ''.join([random.choice - (string.ascii_letters + string.digits) + (string.ascii_letters + + string.digits) for n in range(25)]) WOFileUtils.searchreplace(self, - '{0}22222/htdocs/db/pma/config.inc.php' + '{0}22222/htdocs/db/pma' + '/config.inc.php' .format(WOVariables.wo_webroot), - "$cfg[\'blowfish_secret\'] = \'\';", "$cfg[\'blowfish_secret\'] = \'{0}\';" + "$cfg[\'blowfish_secret\']" + " = \'\';", + "$cfg[\'blowfish_secret\']" + " = \'{0}\';" .format(blowfish_key)) Log.debug(self, 'Setting HOST Server For Mysql to ' '{0}22222/htdocs/db/pma/config.inc.php file ' .format(WOVariables.wo_webroot)) WOFileUtils.searchreplace(self, - '{0}22222/htdocs/db/pma/config.inc.php' + '{0}22222/htdocs/db/pma' + '/config.inc.php' .format(WOVariables.wo_webroot), - "$cfg[\'Servers\'][$i][\'host\'] = \'localhost\';", "$cfg[\'Servers\'][$i][\'host\'] = \'{0}\';" + "$cfg[\'Servers\'][$i][\'host\']" + " = \'localhost\';", "$cfg" + "[\'Servers\'][$i][\'host\'] = \'{0}\';" .format(WOVariables.wo_mysql_host)) Log.debug(self, 'Setting Privileges of webroot permission to ' '{0}22222/htdocs/db/pma file ' @@ -1045,18 +1079,21 @@ class WOStackController(CementBaseController): # composer install and phpmyadmin update if any('/tmp/composer-install' == x[1] for x in packages): + Log.info(self, "Installing composer, please wait...") WOShellExec.cmd_exec(self, "php -q /tmp/composer-install " "--install-dir=/tmp/") shutil.copyfile('/tmp/composer.phar', '/usr/local/bin/composer') WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775) + Log.info(self, "Updating phpMyAdmin, please wait...") WOShellExec.cmd_exec(self, "sudo -u www-data -H composer " - "update --no-dev -d " + "update -n --no-dev -d " "/var/www/22222/htdocs/db/pma/") # netdata install if any('/tmp/kickstart.sh' == x[1] for x in packages): if not os.path.exists('/etc/netdata'): + Log.info(self, "Installing Netdata, please wait...") WOShellExec.cmd_exec(self, "bash /tmp/kickstart.sh " "--dont-wait --no-updates") WOFileUtils.searchreplace(self, "/usr/lib/netdata/conf.d/" @@ -1160,7 +1197,8 @@ class WOStackController(CementBaseController): ' BY \'{1}\''.format(self.app.config.get( 'mysql', 'grant-host'), chars), - errormsg="cannot grant priviledges", log=False) + errormsg="cannot grant priviledges", + log=False) # Custom Anemometer configuration Log.debug(self, "configration Anemometer") @@ -1180,9 +1218,6 @@ class WOStackController(CementBaseController): if any('/tmp/pra.tar.gz' == x[1] for x in packages): - Log.debug(self, 'Extracting file /tmp/pra.tar.gz to ' - 'loaction /tmp/') - WOExtract.extract(self, '/tmp/pra.tar.gz', '/tmp/') if not os.path.exists('{0}22222/htdocs/cache/redis' .format(WOVariables.wo_webroot)): Log.debug(self, "Creating new directory " @@ -1190,23 +1225,15 @@ class WOStackController(CementBaseController): .format(WOVariables.wo_webroot)) os.makedirs('{0}22222/htdocs/cache/redis' .format(WOVariables.wo_webroot)) - if not os.path.exists('{0}22222/htdocs/cache/' - 'redis/phpRedisAdmin' - .format(WOVariables.wo_webroot)): - shutil.move('/tmp/phpRedisAdmin-master/', - '{0}22222/htdocs/cache/redis/phpRedisAdmin' - .format(WOVariables.wo_webroot)) - - Log.debug(self, 'Extracting file /tmp/predis.tar.gz to ' - 'loaction /tmp/') - WOExtract.extract(self, '/tmp/predis.tar.gz', '/tmp/') - shutil.move('/tmp/predis-1.0.1/', - '{0}22222/htdocs/cache/redis/' - 'phpRedisAdmin/vendor' - .format(WOVariables.wo_webroot)) - + if os.path.isfile("/usr/local/bin/composer"): + WOShellExec.cmd_exec(self, "sudo -u www-data -H " + "composer " + "create-project -n -s dev " + "erik-dubbelboer/php-redis-admin " + "/var/www/22222/htdocs/cache" + "/redis/phpRedisAdmin/ ") Log.debug(self, 'Setting Privileges of webroot permission to ' - '{0}22222/htdocs/cache/ file ' + '{0}22222/htdocs/cache/file ' .format(WOVariables.wo_webroot)) WOFileUtils.chown(self, '{0}22222' .format(WOVariables.wo_webroot), @@ -1363,11 +1390,19 @@ class WOStackController(CementBaseController): Log.debug(self, "Setting packages variable for Adminer ") packages = packages + [["https://www.adminer.org/static/" "download/{0}/adminer-{0}.php" - "".format(WOVariables.wo_adminer), + .format(WOVariables.wo_adminer), "{0}22222/" "htdocs/db/adminer/index.php" .format(WOVariables.wo_webroot), - "Adminer"]] + "Adminer"], + ["https://raw.githubusercontent.com" + "/vrana/adminer/master/designs/" + "pepa-linha/adminer.css", + "{0}22222/" + "htdocs/db/adminer/adminer.css" + .format(WOVariables.wo_webroot), + "Adminer theme"]] + # Netdata if self.app.pargs.netdata: Log.debug(self, "Setting packages variable for Netdata") @@ -1451,24 +1486,36 @@ class WOStackController(CementBaseController): WOShellExec.cmd_exec(self, "systemctl enable redis-server") if os.path.isfile("/etc/redis/redis.conf"): if WOVariables.wo_ram < 512: - Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" + Log.debug(self, "Setting maxmemory variable to " + "{0} in redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.1))) - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory" + " /maxmemory {0}/'" + " /etc/redis/redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.1))) Log.debug( - self, "Setting maxmemory-policy variable to allkeys-lru in redis.conf") - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy allkeys-lru/' " + self, "Setting maxmemory-policy variable to " + "allkeys-lru in redis.conf") + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-" + "policy.*/maxmemory-policy " + "allkeys-lru/' " "/etc/redis/redis.conf") WOService.restart_service(self, 'redis-server') else: - Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" + Log.debug(self, "Setting maxmemory variable to {0} " + "in redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.2))) - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory " + "/maxmemory {0}/' " + "/etc/redis/redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.2))) Log.debug( - self, "Setting maxmemory-policy variable to allkeys-lru in redis.conf") - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy allkeys-lru/' " + self, "Setting maxmemory-policy variable " + "to allkeys-lru in redis.conf") + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-" + "policy.*/maxmemory-policy " + "allkeys-lru/' " "/etc/redis/redis.conf") WOService.restart_service(self, 'redis-server') if disp_msg: @@ -1518,7 +1565,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Removing apt_packages variable of Nginx") apt_packages = apt_packages + WOVariables.wo_nginx else: - Log.error(self, "Cannot Remove! Nginx Stable version not found.") + Log.error(self, "Cannot Remove! Nginx Stable " + "version not found.") # PHP 7.2 if self.app.pargs.php: Log.debug(self, "Removing apt_packages variable of PHP") @@ -1662,7 +1710,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Purge apt_packages variable PHP") if WOAptGet.is_installed(self, 'php7.2-fpm'): if not (WOAptGet.is_installed(self, 'php7.3-fpm')): - apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + apt_packages = apt_packages + WOVariables.wo_php + \ + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php else: @@ -1673,7 +1722,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Removing apt_packages variable of PHP 7.3") if WOAptGet.is_installed(self, 'php7.3-fpm'): if not (WOAptGet.is_installed(self, 'php7.2-fpm')): - apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra + apt_packages = apt_packages + WOVariables.wo_php73 + \ + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php73 else: diff --git a/wo/cli/plugins/stack_services.py b/wo/cli/plugins/stack_services.py index 358eb85..8b81b86 100644 --- a/wo/cli/plugins/stack_services.py +++ b/wo/cli/plugins/stack_services.py @@ -14,7 +14,8 @@ class WOStackStatusController(CementBaseController): description = 'Check the stack status' arguments = [ (['--memcached'], - dict(help='start/stop/restart memcached', action='store_true')), + dict(help='start/stop/restart memcached', + action='store_true')), ] @expose(help="Start stack services") @@ -186,7 +187,8 @@ class WOStackStatusController(CementBaseController): if ((WOVariables.wo_mysql_host is "localhost") or (WOVariables.wo_mysql_host is "127.0.0.1")): if ((WOAptGet.is_installed(self, 'mysql-server') or - WOAptGet.is_installed(self, 'percona-server-server-5.6') or + WOAptGet.is_installed(self, + 'percona-server-server-5.6') or WOAptGet.is_installed(self, 'mariadb-server'))): services = services + ['mysql'] else: diff --git a/wo/cli/templates/22222.mustache b/wo/cli/templates/22222.mustache index 82bfcb6..3106ee7 100644 --- a/wo/cli/templates/22222.mustache +++ b/wo/cli/templates/22222.mustache @@ -7,9 +7,6 @@ server { access_log /var/log/nginx/22222.access.log rt_cache; error_log /var/log/nginx/22222.error.log; - ssl_certificate {{webroot}}22222/cert/22222.crt; - ssl_certificate_key {{webroot}}22222/cert/22222.key; - # Force HTTP to HTTPS error_page 497 =200 https://$host:22222$request_uri; @@ -65,9 +62,8 @@ server { proxy_store off; proxy_pass http://netdata/$ndpath$is_args$args; - gzip on; - gzip_proxied any; - gzip_types *; } + include {{webroot}}22222/conf/nginx/*.conf; + } diff --git a/wo/cli/templates/fail2ban-wp.mustache b/wo/cli/templates/fail2ban-wp.mustache new file mode 100644 index 0000000..acb989d --- /dev/null +++ b/wo/cli/templates/fail2ban-wp.mustache @@ -0,0 +1,3 @@ +[Definition] +failregex = ^.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 +ignoreregex = diff --git a/wo/cli/templates/fail2ban.mustache b/wo/cli/templates/fail2ban.mustache new file mode 100644 index 0000000..10937f6 --- /dev/null +++ b/wo/cli/templates/fail2ban.mustache @@ -0,0 +1,24 @@ +[recidive] +enabled = true + +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true + +[wo-wordpress] +enabled = true +filter = wo-wordpress +action = iptables-multiport[name="wo-wordpress", port="http,https"] +logpath = /var/log/nginx/*access.log +maxretry = 5 + +[nginx-forbidden] +enabled = true +filter = nginx-forbidden +port = http,https +logpath = /var/log/nginx/*error*.log +findtime = 60 +bantime = 6000 +maxretry = 3 \ No newline at end of file diff --git a/wo/core/shellexec.py b/wo/core/shellexec.py index c64d5bc..77b3dcf 100644 --- a/wo/core/shellexec.py +++ b/wo/core/shellexec.py @@ -53,7 +53,6 @@ class WOShellExec(): Log.debug(self, "{0}{1}".format(e.errno, e.strerror)) raise CommandExecutionError - def cmd_exec_stdout(self, command, errormsg='', log=True): """Run shell command from Python""" try: @@ -80,4 +79,4 @@ class WOShellExec(): raise CommandExecutionError except Exception as e: Log.debug(self, str(e)) - raise CommandExecutionError \ No newline at end of file + raise CommandExecutionError diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index 78c2df4..161a484 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -9,7 +9,8 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + Log.error(self, 'File Not Found: ' + '/etc/letsencrypt/live/{0}/cert.pem' .format(domain), False) if returnonerror: return -1 @@ -17,8 +18,14 @@ class SSL: "`tail /var/log/wo/wordops.log` and please try again...") current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"" + "`openssl x509 -in " + "/etc/letsencrypt/live/" + "{0}/cert.pem" + " -text -noout|grep " + "\"Not After\"|" + "cut -c 25-`\" " + "+%s".format(domain)) days_left = int((int(expiration_date) - int(current_date)) / 86400) if (days_left > 0): @@ -31,11 +38,18 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + Log.error(self, 'File Not Found: /etc/letsencrypt/' + 'live/{0}/cert.pem' .format(domain), False) Log.error(self, "Check the WordOps log for more details " "`tail /var/log/wo/wordops.log` and please try again...") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d " + "\"`openssl x509 -in " + "/etc/letsencrypt/live/" + "{0}/cert.pem" + " -text -noout|grep " + "\"Not After\"|" + "cut -c 25-`\" " + .format(domain)) return expiration_date diff --git a/wo/core/variables.py b/wo/core/variables.py index ab2eb2b..2aa6237 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -152,6 +152,8 @@ class WOVariables(): wo_mysql = ["mariadb-server", "percona-toolkit"] + wo_fail2ban = "fail2ban" + # Redis repo details if wo_platform_distro == 'ubuntu': wo_redis_repo = ("ppa:chris-lea/redis-server")