From 3a6c3d98957946ce10d2191278e2593426d26983 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 4 Apr 2019 15:53:45 +0200 Subject: [PATCH 01/36] update nginx upgrade in install script --- README.md | 1 + install | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a7d6530..1b8cbe4 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,7 @@ There is no need to be a developer or a system administrator to contribute to Wo - Main source : [EasyEngine](https://github.com/easyengine/easyengine) - Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) - WordPress deployment : [WP-CLI](https://github.com/wp-cli/wp-cli) +- Monitoring : [Netdata](https://github.com/netdata/netdata) ## License diff --git a/install b/install index 213832c..05113d3 100644 --- a/install +++ b/install @@ -7,7 +7,7 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-03-27 +# Version 3.9.5 - 2019-04-03 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" readonly wo_version_new="3.9.4.3" @@ -403,12 +403,13 @@ wo_upgrade_nginx() { fi # backup nginx conf /usr/bin/rsync -az /etc/nginx/ /var/lib/wo-backup/nginx/ + /usr/bin/rsync -az /etc/php/ /var/lib/wo-backup/php/ # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo) - CHECK_PHP72=$(dpkg --list | grep php7.2-fpm) - CHECK_PHP73=$(dpkg --list | grep php7.3-fpm) + CHECK_PHP72=$(command -v php-fpm7.2) + CHECK_PHP73=$(command -v php-fpm7.3) # add new Nginx repository if [ "$wo_linux_distro" = "Ubuntu" ]; then @@ -447,25 +448,25 @@ wo_upgrade_nginx() { # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge - rm -rf /etc/nginx elif [ -n "$CHECK_NGINX_WO" ]; then apt-mark unhold nginx-wo nginx-common nginx-custom apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge + + fi + if [ -d /etc/nginx ]; then rm -rf /etc/nginx fi - # remove previous php-fpm pool configuration if [ -n "$CHECK_PHP72" ]; then apt-get remove php7.2-fpm -y -qq --purge rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} fi - /usr/local/bin/wo stack install --nginx --php - echo "$wo_version_new" > /etc/nginx/common/release if [ -n "$CHECK_PHP73" ]; then apt-get remove php7.3-fpm -y -qq --purge rm -f /etc/php/7.3/fpm/pool.d/{www.conf,www-two.conf,debug.conf} - /usr/local/bin/wo stack install --php73 fi + /usr/local/bin/wo stack install --nginx --php --php73 + echo "$wo_version_new" > /etc/nginx/common/release rm -f /etc/nginx/common/acl.conf /etc/nginx/conf.d/{map-wp-cache.conf,map-wp.conf} fi From 3a470859274e16cc3408873e2732b0d7bd096fed Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 5 Apr 2019 10:02:20 +0200 Subject: [PATCH 02/36] update docs and bash_completion --- config/bash_completion.d/wo_auto.rc | 14 +++++++------- docs/wo.8 | 24 ++++++++++-------------- setup.py | 12 +++++------- wo/cli/controllers/base.py | 7 +++---- 4 files changed, 25 insertions(+), 32 deletions(-) diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index 8ff11e5..c4b5c62 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -74,7 +74,7 @@ _wo_complete() # HANDLE EVERYTHING AFTER THE THIRD LEVEL NAMESPACE "install" | "purge" | "remove" ) COMPREPLY=( $(compgen \ - -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin" \ + -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin --composer --netdata" \ -- $cur) ) ;; "upgrade" ) @@ -159,7 +159,7 @@ _wo_complete() "create") COMPREPLY=( $(compgen \ - -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt -le" \ + -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --letsencrypt --letsencrypt=subdomain -le" \ -- $cur) ) ;; @@ -230,7 +230,7 @@ _wo_complete() "--wpsubdir" | "--wpsubdomain") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --php73" + retlist="--wpsc --wpfc --user --email --pass --wpredis --letsencrypt --letsencrypt=subdomain --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then retlist="--wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" else @@ -248,7 +248,7 @@ _wo_complete() "--wpredis" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt " + retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --php73 --letsencrypt --letsencrypt=subdomain" else retlist="" fi @@ -272,7 +272,7 @@ _wo_complete() -- $cur) ) ;; - "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--memcache" | "--redis | --phpredisadmin") + "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--memcached" | "--redis | --phpredisadmin") if [[ ${COMP_WORDS[2]} == "install" || ${COMP_WORDS[2]} == "purge" || ${COMP_WORDS[2]} == "remove" ]]; then retlist="--web --admin --nginx --php --php73 --mysql--wpcli --phpmyadmin --adminer --utils --memcache --redis --phpredisadmin" elif [[ ${COMP_WORDS[2]} == "start" || ${COMP_WORDS[2]} == "reload" || ${COMP_WORDS[2]} == "restart" || ${COMP_WORDS[2]} == "stop" ]]; then @@ -324,8 +324,8 @@ _wo_complete() -- $cur) ) ;; - "--memcache" | "--opcache" | "--fastcgi" | "--all" | "--redis") - retlist="--memcache --opcache --fastcgi --redis --all" + "--memcached" | "--opcache" | "--fastcgi" | "--all" | "--redis") + retlist="--memcached --opcache --fastcgi --redis --all" ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ -W "$(echo $ret)" \ diff --git a/docs/wo.8 b/docs/wo.8 index a6128b8..5c62929 100644 --- a/docs/wo.8 +++ b/docs/wo.8 @@ -3,17 +3,17 @@ .B WordOps (wo) \- Manage Nginx Based Websites. .SH SYNOPSIS -wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync] +wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync | maintenance] .TP -wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --hhvm | --phpmyadmin | --phpredisadmin | --wpcli | --utils ] +wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils ] .TP -wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --memcache | --redis] +wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --memcached | --redis] .TP wo site [ list | info | show | enable | disable | edit | cd | show ] [ example.com ] .TP -wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm | --letsencrypt/-le]] +wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --letsencrypt/-le/--letsencrypt=subdomain]] .TP -wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm ] [--password] [--letsencrypt=on/off/renew]] +wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ] [--password] [--letsencrypt=on/off/subdomain/renew]] .TP wo site delete example.com [--db | --files | --all | --no-prompt | --force/-f ] .TP @@ -129,13 +129,13 @@ Disable site by Destroying softlink with site file in .br Edit NGINX configuration of site. .TP -.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --hhvm ]] +.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ]] .br Create new site according to given options. If no options provided .br create static site with html only. .TP -.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis | --hhvm ] [--password]] +.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password]] .br Update site configuration according to specified options. .TP @@ -163,9 +163,9 @@ if used with --all=off argument. .br Update security settings. .TP -.B clean [ --fastcgi | --opcache | --memcache | --redis | --all ] +.B clean [ --fastcgi | --opcache | --memcached | --redis | --all ] .br -Clean NGINX fastCGI cache, Opcache, Memcache, Redis cache. +Clean NGINX fastCGI cache, Opcache, memcached, Redis cache. .br Clean NGINX fastCGI cache if no option specified. .SH ARGUMENTS @@ -274,17 +274,13 @@ Install and activate Nginx-helper and WP Super Cache plugin. .TP .B --wpfc .br -Install and activate Nginx-helper and W3 Total Cache plugin with +Install and activate Nginx-helper plugin with .br Nginx FastCGI cache. .TP .B --wpredis .br Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Page Caching. -.TP -.B --hhvm -.br -Install, activate Nginx-helper and configure NGINX for HHVM. .SH FILES .br /etc/wo/wo.conf diff --git a/setup.py b/setup.py index df2f56d..177f910 100644 --- a/setup.py +++ b/setup.py @@ -33,11 +33,9 @@ try: wo_user = config['user']['name'] wo_email = config['user']['email'] except Exception as e: - print("WordOps (wo) required your name & email address to track" - " changes you made under the Git version control") - print("WordOps (wo) will be able to send you daily reports & alerts in " - "upcoming version") - print("WordOps (wo) will NEVER share your information with other parties") + print("WordOps (wo) require an username & and an email " + "address to configure Git (used to save server configurations)") + print("Your informations will ONLY be stored locally") wo_user = input("Enter your name: ") while wo_user is "": @@ -55,7 +53,7 @@ except Exception as e: os.system("git config --global user.email {0}".format(wo_email)) if not os.path.isfile('/root/.gitconfig'): - shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') + shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') setup(name='wo', version='3.9.4', @@ -87,7 +85,7 @@ setup(name='wo', 'psutil == 3.1.1', 'sh', 'SQLAlchemy', - ], + ], data_files=[('/etc/wo', ['config/wo.conf']), ('/etc/wo/plugins.d', conf), ('/usr/lib/wo/templates', templates), diff --git a/wo/cli/controllers/base.py b/wo/cli/controllers/base.py index 9a2dbc0..ac0e34f 100644 --- a/wo/cli/controllers/base.py +++ b/wo/cli/controllers/base.py @@ -13,12 +13,11 @@ Copyright (c) 2019 WordOps. class WOBaseController(CementBaseController): class Meta: label = 'base' - description = ("WordOps is the commandline tool to manage your" - " websites based on WordPress and Nginx with easy to" - " use commands") + description = ("An essential toolset that eases WordPress " + "site and server administration with Nginx") arguments = [ (['-v', '--version'], dict(action='version', version=BANNER)), - ] + ] @expose(hide=True) def default(self): From 9acb49ca5799d85b1f5d45f583a50010b93d4095 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 5 Apr 2019 10:02:39 +0200 Subject: [PATCH 03/36] fix opcache cache clean --- wo/cli/plugins/clean.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/wo/cli/plugins/clean.py b/wo/cli/plugins/clean.py index 58b1246..b434815 100644 --- a/wo/cli/plugins/clean.py +++ b/wo/cli/plugins/clean.py @@ -89,11 +89,12 @@ class WOCleanController(CementBaseController): try: Log.info(self, "Cleaning opcache") wp = urllib.request.urlopen(" https://127.0.0.1:22222/cache" - "/opcache/opgui.php?page=reset").read() + "/opcache/opgui.php?reset=1").read() except Exception as e: Log.debug(self, "{0}".format(e)) Log.debug(self, "Unable hit url, " - " https://127.0.0.1:22222/cache/opcache/opgui.php?page=reset," + " https://127.0.0.1:22222/cache/opcache/" + "opgui.php?reset=1," " please check you have admin tools installed") Log.debug(self, "please check you have admin tools installed," " or install them with `wo stack install --admin`") From 7c6e86a4ca2087e51d7d64a4b2c3732121ff4155 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 7 Apr 2019 12:57:35 +0200 Subject: [PATCH 04/36] add hsts --- README.md | 6 +- install | 14 +-- logo.png | Bin 0 -> 5978 bytes wo/cli/plugins/site.py | 145 ++++++++++++++++++++++---- wo/cli/plugins/site_functions.py | 97 +++++++++++------ wo/cli/templates/fail2ban-wp.mustache | 3 + wo/cli/templates/fail2ban.mustache | 24 +++++ wo/core/variables.py | 2 + 8 files changed, 228 insertions(+), 63 deletions(-) create mode 100644 logo.png create mode 100644 wo/cli/templates/fail2ban-wp.mustache create mode 100644 wo/cli/templates/fail2ban.mustache diff --git a/README.md b/README.md index 1b8cbe4..8b059ec 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -

- WordOps +

Wordops +
-

+

An essential toolset that eases WordPress site and server administration

diff --git a/install b/install index 05113d3..732770b 100644 --- a/install +++ b/install @@ -7,10 +7,10 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-04-03 +# Version 3.9.5 - 2019-04-05 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.3" +readonly wo_version_new="3.9.4.4" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -81,7 +81,11 @@ fi ### # 1 - Define variables for later use ### -wo_branch="$1" +if [ -n "$1" ]; then + wo_branch="$1" +else + wo_branch="master" +fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_install_log=/var/log/wo/install.log @@ -381,10 +385,6 @@ wo_install() { rm -rf /tmp/easyengine rm -rf /tmp/wordops - [ -z "$wo_branch" ] && { - wo_branch=master - } - git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet cd /tmp/wordops || exit 1 diff --git a/logo.png b/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..2fe842ef518e40c76cfd4c2fb0c174e5e15a37ee GIT binary patch literal 5978 zcmX|FbyQSQ_oV~@5$TYSlx~KQkdzv_5y=68Ap``ayQD*629QQ1ha6H$at3LJ6osKd zy5To|-}-&$kA3$!XRq_#TKB%U*4?qX+OJ56=!vkfut?O^l=ZQ&a3B~S@(>q;UOoEH zF$SE-sECm=F^a z6A}^<6&1x)FdT#b4Giby<;9?|u<-xa{s}OFNiq8W63m4EcK=8ISH}W=#WJkKGW<%V z8HHt3aesf0(O~J9V*yKX&1z$6XKRMmyb6Bib}XM?-B8-rq4&>N!HrV>9o8Ac{c}6h ze-3qG`?95mnJ}-*<*l!6fJIe;J@^aHmXKRM`f5(ypM>mb&SovEM2e8X&m;G?{eti2 z&gaY6zNJV)9AH#iUCIT%Ry=cdabs`{B;fe+i&?-FOjp zHgeYHI`7kXk?I5TUv4^xEsdOPa^Lz{Wzn4Q1fRdN78Nqsbg(&IWzr0sq_&y|-!DWp ztyqne0(%zDWG!3YZ#M;6WV+?Hx_$;O@In3qO=bXo2nJm15ilnRXc7iDaj9(DYj8j{ zfXy+j&%hA}GQg~kub@P;3y~S5S+#Zl61|RoZ-)`=_oA;ra2IoF_vYE9ErG?wgP_BA zb|@Jx$g)r(zT3{9B!RKT!+@!GcZ>iD%^9YtzB=Okbed{-K3^ZY-z~=2PR9$B`sU;E z`0d;DH}tn`V866M*Xjs>Y{J4lK13$Rd1Q#9xxGaAW(M$J4tnByyK6i}(?qZpb3^MC zRPWQ;2BW*706#9;CUQY2{JO;jFFU?8Cm(+;aR19hAVXgL;}7Izb=oz>Y2%ds40kfFNun+ZYVlD#sn0=8+4qdGb+%?$mA@Bm^ddC}gUiD;={CN3iFl?Hv zk4_m7ElQGou(vTNWoP<>R5V1!)(48t0tLC6SiK=2(wD zH%Xsi@J-A?aAY95rg$ZCh}B66JI(ne+Z-2lFT_9prm~Fk(8>2=Xa|HPNIFG-}ZB>x6 z3A2BVsPmlyCwk&F(c3&&E}uylFbfX;xXQo}VO2k(-7vC07M%W0Z9~CVI83i7+2zUt zntDGzE#c^us!&h={=o^<#%>s5xFTf?$d9cyPlv=rE^Qj(>~X8p<*U!Amh-X3;8_}P z``4RojDu~Q3g@9aSxz36V7HiR^RUvzo;xyuYl8^jVEQ+_vaVwb`4bKDuy4mmvU=3* z(8nD$GC?ChhMrS9LN!r$7Ct(CU>?pM6LC?w1#^BFeF35&&FX}$`0fcgr(n#o}joOtUkW>0ExGeWvsS^ za%D9X(66AXnQptHc`>=LD@jI3WpyO2pV!fpyf%P4%!|$Ocu3}0+mV7?*;J0hsMuYV zW$HE2UqE;fXcBj*Juc>uVdVa|9V@+ zW=$c|iO(dhhC4jnuLpy(v}|{27XF$V0g6DREeKYDqqo?^uxRvY^0k7sm15eg;AUYq|BQ@BkUMh40rKHN=;TzY)cAtX8H9mI}I~=w?e)B@F z^T*ucrszTcEG)Dx?b~41xyKgmU?4#GO2A!ncS zW57wqtH?!Bi+Wb1)b9SYTG3U0>P9QWx2;OchT5xkC-=2IMClt3Icu;S&BH6iwUKk+ zvw@TGtz;6C3{Q&O>B@M>he$V-0S6whw(!N3IPyaOxD4~C#8hAm+>&kR(Knoalk-c9 z_kM$3r-85WrEE0Kd}fOKsF#HT>ST6k92g2p*H%{?Ofn3Y zq#0H`GX9l3$3Vz7{X{=8?$j}X-U}ZG!h>7x{6ryEpm*a-F4r@N4XkbEXVs&v=`(u+ ztLsi>h%lNHjL*}ZO+CKX{-F{U|4ibKZD4@Z`4o(85ZP<(q!N^B0Z4WI015>@k&H4E z@(?VXI?H}z5+HJM^R}&wx9y$`nvO(^XCoTT5N&jjzX;8#uCz}<6E2`Q^7x8?Wwn)o zZw_ltsPqJP>oD{S=+{V^xd?NrNxrNkfz@N|Ge6CGo@(CP!p0>B8NydtBk<>-WsVZH zqzEa_t2D)2sIo^`MEf8}lO53Xr-D4(Ozc`#e$$wz*F$b3OF;_C4GC(3!46uhEvP1{ zu#+5u8M>A>ZnYQjAC4Etg-m^^lF{3w!`@Dx&#G$O9z)x7=x^cQIiW>!)Z@cf)_RXT zF78AQf>CxWi)GN;Ei`M!PeCBjVPoATr z!*s-2ajt++8}vb=*q%hi5am%c$MCM}Pjw0%gtGyXGobXxH)R$LN*RrLyN)Gy9Z~m# z2e|8HL!~%Zmwaxn4VJXOea;=d3Wi8Jeu0;tjsPhDEbbF8Evdd_;cy);bXLd-xbff| zt-iFB%Y&gjQcomWuVgNqdHOmVxgh4F^@I^sS{$!kqhejH(h@y-Dt_4@IBsP&sZ$kgYRIgyf}y=xE^jH*VZP$|WB67ic^Pv1U}DQ|l=nH*97| zaSDnxFLzAHb-rV4!1a4xU14c0%GYW0xOMjN7$-Vt$23&kR7gzJ!K+{@c9sX=J}8g* z{qx0Pdkvs)gp#tVQ| zebv1hSadyz(HqxNvn1W#}*Q zOt}s}+hPLhC~97y#{%cWb~MmK^^xPDq?qoXsf-ZE{R-fWQly)_&`5!(f^pp8p_x|) zy2xi9d^rqF!wOXT(uC%dBlTYwi$a#v>tgamp&tQHIcl@-KLmuK*5oR7H+E=(n3Mps zF8zwX5^@j;th3&Y=Vo|=;3Bbo^*swD(aVji7Bgda6Wk~RTBStbDZ|4>b$Azr0h9}Z z_95y7LJ<+{s^^i~hsr^KL$HgY75^Pu#Z z;$vkEjUVly{N%1|@gH2&ptvs$e&>A1X#M<{chs6}h-J=j;LhVL2F6AU;7c2tJ zf7qUt%S3PpQ~n;7+IMQ>$dTp0c#PZyjl^+u3=*H<=^P3PfAf!fNCxGTpX8RjjJsJb z+eRe6WeR|E2VdJO9fW{?cmJ$PM7Z?s!4Y}Xts%!NaG345s;BWItvux?_-ojtDSm|3 z>S^Se(caI!HG|Xu@27{sIC$A2e&+;1*B;_Ef1q^ zlw`hr_m*zS7Bq~+J{eCAC*i;O7-Lr>pNn;T_xC=CthxLz`A0w+E|Pd_t}h-=fu=5i z?zzguzG}G1u;_h$*ac9lcCsXb*g~tgLJ1?2+4S&ONIaM5WR#KK-&Aur74c5vpx2V zS_<97ta6YPr2MexoY}m~42tj-o_C2`08Zt4qFxU^?*+LCRfF(7mAtopfEBYg9ZTSb z99M8jF#IN$wUFEHEb}u^DB@=$w)a}^QR$nHEJQ}A}%c{Hti{H;>}#K!19JUpM=Uv z+FbfDw~WXq71?LFmnS`7>U`bkS2U&78g|Eaz18i9yEIbX#CEEF+uPqLCC#|WFS(5W z5G0D`64Mo%Wq!(04p}pNvEH+>--szqel+0QpMr*bk#)oN;I41Pb!25sF@$4)^C_% zJABN*)u557wI6?z)OM#==OQ|t%6-jWkRhB48Faha7yVy~-p*6l)6d@~KS~mwIfyot zJQrvaV+BX)M=iCJeN+*8qp7d^X<{w{m3MwXz2;B|zhJc2b@F^go3_Dc6gu>{nVNn$Bbd!DD3#`ip(rN&q~SLU(;vn!5p4Ts?dv&-*`B@_8oDCz%alx|DYoA z+E*|vA?=0OIX7$w+By{V&ARsRcKLli=L@$Ks5xjMl-7ZY+P*tBf3B2YQXm6(R~#BO zLu&alO0-DUsH6H5{?7?(9>@h+D(2cSH_fK@508Zr-{nm}FGnH1fxhm-mXC(*abo+8 zt%880KqSI@a8cV?kxB}lo@qw1>-v_9P0#*kBUt)1`F!pT)p`KSRjWl)iFRd6wqL5Ov0?k7k6W;wz_}@Y3x5_@ns4v6ROTXti6@fgW_=xk z!`yWFm5H`X-u{}1L}(9zd&oL9o<`Q_jL{>h5%f}b8a4nafD!Yfg?l7>b?6rX%;%6> z7R2g)rY8acpXVlj*QX!N5XQ=@6b55!T;I)jC+7=GHZnLUs$D)Xm9R zZq0e~Y`hM&ulzaK7=yCr^Zbnh59^#)&_GwQPi=f+ps9$btwjPn5})d%hNha|7AIxO z3cpp%IWn^x=6mk@Is+U-GPkCi?B+f#W$A<(bu|sC4)}ZF#aY%Jn};wGOt%XZI#wz7ccR z9AYZqwDg2j9px6Hr^l)e>4?S*`{n;yPs=2cMI(@Dj141p1{{(Hu^TnculLmml-inW<`E^<_xVc)?H_%HZh_`cC`B}+9_$buBzH=pg z6weoYvE;n2x;mg2v?SztD!!-+c5t6^-gToKCCCiHVrTzrQu%44#$-u>QYFF5L{hMx zS^BD2c!bo@pXM~F{yuC|%aWa;_84b?rbuJs7SK2>W zP$>^#DPSV2olei3H&9Ahf1nD^`{0H6*qf3WWK=O$BWj_yFea^lB>`hjC{~Ak#a`Xt z072;n=b16v#w9@v8_HG;`_6PLB=u>A_&Ucfqz+`}fEf`>9`^2Ok7S8U`DGw^cFweY zJP_eEgai^j4lT_=i02~OY(49rLBItpB}`GoxoZ9Myp4M zFO5b~G-B#|Qv~$VmU}@}*+!wQ8~V>r2ZNhvAQF9P6I7gMXV1W}Me)d{pDl_7jOxHw z2JpZ*DaiB277jQ<3@ErSr*ND4BPq?NPIdm#(rXdN6(LU3+Dg}pKQat zfPgwkc&)me1*L>n=r2;_UQ=58b~+f+0TpH0nuvKvp{D+c#>SWtV}n z?bZO5e9f!(>>DC~EE#o%m%nM+k@Ra?5e*>KW0C>zfITg||OLX_W{6b6KwRKnb=HZ*uO>d~kpF8haJq?v@q56^yG?3)a!C 0): @@ -1194,6 +1220,12 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1217,6 +1249,16 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") + .format(wo_site_webroot)): + setupHsts(self, wo_domain) + else: + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf.disabled" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf' + .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1243,6 +1285,14 @@ class WOSiteUpdateController(CementBaseController): '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) httpsRedirect(self, wo_domain, False) + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") @@ -1269,7 +1319,8 @@ class WOSiteUpdateController(CementBaseController): "check issues with `nginx -t` command") updateSiteInfo(self, wo_domain, stype=stype, cache=cache, - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) @@ -1327,44 +1378,94 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_fastcgi",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and - (data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): + (data['wpredis'])) or (oldsitetype == 'wp' and + data['multisite'] and data['wpredis'])): try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1","redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 else: try: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":0,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":0,"enable_map":0,"enable_log":0,' + '"enable_stamp":0,"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1",' + '"redis_port":"6379","redis_prefix":"nginx-cache:"}' setupwp_plugin( - self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) + self, 'nginx-helper', + 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) - Log.info(self, Log.FAIL + "Update nginx-helper settings failed. " + Log.info(self, Log.FAIL + "Update nginx-helper " + "settings failed. " "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpsc' and not data['wpsc']: @@ -1374,7 +1475,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype == 'wpredis' and not data['wpredis']: @@ -1384,7 +1486,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" - " `tail /var/log/wo/wordops.log` and please try again") + " `tail /var/log/wo/wordops.log` " + "and please try again") return 1 if oldcachetype != 'wpsc' and data['wpsc']: @@ -1401,10 +1504,12 @@ class WOSiteUpdateController(CementBaseController): try: if installwp_plugin(self, 'redis-cache', data): # search for wp-config.php - if WOFileUtils.isexist(self, "{0}/wp-config.php".format(wo_site_webroot)): + if WOFileUtils.isexist(self, "{0}/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/wp-config.php'.format( wo_site_webroot) - elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php".format(wo_site_webroot)): + elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php" + .format(wo_site_webroot)): config_path = '{0}/htdocs/wp-config.php'.format( wo_site_webroot) else: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index fb779aa..8b49670 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -96,8 +96,8 @@ def setupdomain(self, data): Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]") except CalledProcessError as e: Log.debug(self, "{0}".format(str(e))) - Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" - + Log.OKBLUE + "]") + Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + + Log.OKBLUE + "]") raise SiteError("created nginx configuration failed for site." " check with `nginx -t`") @@ -312,8 +312,8 @@ def setupwordpress(self, data): "--dbuser=\'{2}\' --dbhost=\'{3}\' " .format(data['wo_db_name'], wo_wp_prefix, data['wo_db_user'], data['wo_db_host'] - ) - + "--dbpass=\'{0}\' " + ) + + "--dbpass=\'{0}\' " "--extra-php<.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 +ignoreregex = diff --git a/wo/cli/templates/fail2ban.mustache b/wo/cli/templates/fail2ban.mustache new file mode 100644 index 0000000..10937f6 --- /dev/null +++ b/wo/cli/templates/fail2ban.mustache @@ -0,0 +1,24 @@ +[recidive] +enabled = true + +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true + +[wo-wordpress] +enabled = true +filter = wo-wordpress +action = iptables-multiport[name="wo-wordpress", port="http,https"] +logpath = /var/log/nginx/*access.log +maxretry = 5 + +[nginx-forbidden] +enabled = true +filter = nginx-forbidden +port = http,https +logpath = /var/log/nginx/*error*.log +findtime = 60 +bantime = 6000 +maxretry = 3 \ No newline at end of file diff --git a/wo/core/variables.py b/wo/core/variables.py index ab2eb2b..2aa6237 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -152,6 +152,8 @@ class WOVariables(): wo_mysql = ["mariadb-server", "percona-toolkit"] + wo_fail2ban = "fail2ban" + # Redis repo details if wo_platform_distro == 'ubuntu': wo_redis_repo = ("ppa:chris-lea/redis-server") From 1823e1bd186e16f0210b83d9d1c5b6e65f793ad8 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 7 Apr 2019 13:11:14 +0200 Subject: [PATCH 05/36] fix hsts --- wo/cli/plugins/site_functions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 8b49670..55c61db 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1424,7 +1424,7 @@ def setupHsts(self, wo_domain_name): "\"Strict-Transport-Security: " "max-age=31536000; " "'includeSubDomains; " - "preload\"") + "preload\";") hstsconf.close() From f0e48ad7549d4b1d019c86bdad5c734e287aedd0 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 7 Apr 2019 22:10:08 +0200 Subject: [PATCH 06/36] add hsts on site creation --- wo/cli/plugins/site.py | 100 +++++++++++++++++++++++++++++------------ 1 file changed, 72 insertions(+), 28 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 1c85972..11c9d1b 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -163,7 +163,8 @@ class WOSiteController(CementBaseController): sslexpiry = '' data = dict(domain=wo_domain, webroot=wo_site_webroot, accesslog=access_log, errorlog=error_log, - dbname=wo_db_name, dbuser=wo_db_user, php_version=php_version, + dbname=wo_db_name, dbuser=wo_db_user, + php_version=php_version, dbpass=wo_db_pass, ssl=ssl, sslprovider=sslprovider, sslexpiry=sslexpiry, type=sitetype + " " + cachetype + " ({0})" @@ -279,7 +280,8 @@ class WOSiteEditController(CementBaseController): except CommandExecutionError as e: Log.error(self, "Failed invoke editor") if (WOGit.checkfilestatus(self, "/etc/nginx", - '/etc/nginx/sites-available/{0}'.format(wo_domain))): + '/etc/nginx/sites-available/{0}' + .format(wo_domain))): WOGit.add(self, ["/etc/nginx"], msg="Edit website: {0}" .format(wo_domain)) # Reload NGINX @@ -334,6 +336,8 @@ class WOSiteCreateController(CementBaseController): action='store' or 'store_const', choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), + (['--hsts'], + dict(help="enable HSTS for site secured with letsencrypt")), (['--user'], dict(help="provide user for WordPress site")), (['--email'], @@ -493,7 +497,8 @@ class WOSiteCreateController(CementBaseController): webroot=data['webroot']) Log.debug(self, str(e)) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") if 'proxy' in data.keys() and data['proxy']: addNewSite(self, wo_domain, stype, cache, wo_site_webroot) @@ -507,7 +512,8 @@ class WOSiteCreateController(CementBaseController): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg, log=False) @@ -545,7 +551,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") try: wodbconfig = open("{0}/wo-config.php" @@ -575,7 +582,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") # Setup WordPress if Wordpress site if data['wp']: @@ -599,7 +607,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") # Service Nginx Reload call cleanup if failed to reload nginx if not WOService.reload_service(self, 'nginx'): @@ -617,7 +626,8 @@ class WOSiteCreateController(CementBaseController): Log.info(self, Log.FAIL + "service nginx reload failed." " check issues with `nginx -t` command.") Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` " + "and please try again") WOGit.add(self, ["/etc/nginx"], msg="{0} created with {1} {2}" @@ -640,7 +650,8 @@ class WOSiteCreateController(CementBaseController): dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error(self, "Check the log for details: " - "`tail /var/log/wo/wordops.log` and please try again") + "`tail /var/log/wo/wordops.log` and " + "please try again") if wo_auth and len(wo_auth): for msg in wo_auth: @@ -664,15 +675,23 @@ class WOSiteCreateController(CementBaseController): data['letsencrypt'] = True letsencrypt = True + if self.app.pargs.hsts == 'on': + data['hsts'] = True + hsts = True + if data['letsencrypt'] is True: setupLetsEncrypt(self, wo_domain) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + setupHsts(self, wo_domain) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully Configured " + "SSl for Site " " https://{0}".format(wo_domain)) # Add nginx conf folder into GIT @@ -689,15 +708,23 @@ class WOSiteCreateController(CementBaseController): data['letsencrypt'] = True letsencrypt = True + if self.app.pargs.hsts == 'on': + data['hsts'] = True + hsts = True + if data['letsencrypt'] is True: setupLetsEncryptSubdomain(self, wo_domain) httpsRedirect(self, wo_domain) + if data['hsts'] is True: + setupHsts(self, wo_domain) + if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "Congratulations! Successfully Configured SSl for Site " + Log.info(self, "Congratulations! Successfully Configured " + "SSl for Site " " https://{0}".format(wo_domain)) # Add nginx conf folder into GIT @@ -1014,7 +1041,8 @@ class WOSiteUpdateController(CementBaseController): " https://{0}".format(wo_domain)) if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") Log.info(self, "Expiration date: " + str(SSL.getExpirationDate(self, wo_domain))) @@ -1045,12 +1073,14 @@ class WOSiteUpdateController(CementBaseController): if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") Log.info(self, "Expiration date: \n\n" + str(SSL.getExpirationDate(self, wo_domain))) return 0 # else: - # Log.warn(self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + # Log.warn(self, "Your cert already EXPIRED ! + # .PLEASE renew soon . ") else: Log.info( self, "SSL not configured for " @@ -1206,10 +1236,12 @@ class WOSiteUpdateController(CementBaseController): if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") else: Log.warn( - self, "Your cert already EXPIRED ! .PLEASE renew soon . ") + self, "Your cert already EXPIRED ! " + ".PLEASE renew soon . ") elif data['letsencrypt'] is False: if os.path.isfile("{0}/conf/nginx/ssl.conf" @@ -1270,7 +1302,8 @@ class WOSiteUpdateController(CementBaseController): if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + - str(SSL.getExpirationDays(self, wo_domain)) + " days.") + str(SSL.getExpirationDays(self, wo_domain)) + + " days.") else: Log.warn( self, "Your cert already EXPIRED !" @@ -1383,15 +1416,18 @@ class WOSiteUpdateController(CementBaseController): return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and - (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): + (data['wpfc'])) or (oldsitetype == 'wp' and + data['multisite'] and data['wpfc'])): try: plugin_data = '{"log_level":"INFO","log_filesize":5,' '"enable_purge":1,"enable_map":0,"enable_log":0,' '"enable_stamp":0,"purge_homepage_on_new":1,' '"purge_homepage_on_edit":1,"purge_homepage_on_del":1,' '"purge_archive_on_new":1,"purge_archive_on_edit":0,' - '"purge_archive_on_del":0,"purge_archive_on_new_comment":0,' - '"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' '"purge_page_on_new_comment":1,' '"purge_page_on_deleted_comment":1,' '"cache_method":"enable_fastcgi",' @@ -1412,7 +1448,8 @@ class WOSiteUpdateController(CementBaseController): elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and (data['wpredis'])) or (oldsitetype == 'wp' and - data['multisite'] and data['wpredis'])): + data['multisite'] and + data['wpredis'])): try: plugin_data = '{"log_level":"INFO","log_filesize":5,' '"enable_purge":1,"enable_map":0,"enable_log":0,' @@ -1520,14 +1557,16 @@ class WOSiteUpdateController(CementBaseController): self, "wp-config.php could not be located !!") raise SiteError - if WOShellExec.cmd_exec(self, "grep -q \"WP_CACHE_KEY_SALT\" {0}" + if WOShellExec.cmd_exec(self, "grep -q " + "\"WP_CACHE_KEY_SALT\" {0}" .format(config_path)): pass else: try: wpconfig = open("{0}".format(config_path), encoding='utf-8', mode='a') - wpconfig.write("\n\ndefine( \'WP_CACHE_KEY_SALT\', \'{0}:\' );" + wpconfig.write("\n\ndefine( \'WP_CACHE_KEY_SALT\'," + " \'{0}:\' );" .format(wo_domain)) wpconfig.close() except IOError as e: @@ -1535,7 +1574,8 @@ class WOSiteUpdateController(CementBaseController): Log.debug(self, "Updating wp-config.php failed.") Log.warn(self, "Updating wp-config.php failed. " "Could not append:" - "\ndefine( \'WP_CACHE_KEY_SALT\', \'{0}:\' );".format(wo_domain) + + "\ndefine( \'WP_CACHE_KEY_SALT\', " + "\'{0}:\' );".format(wo_domain) + "\nPlease add manually") except SiteError as e: Log.debug(self, str(e)) @@ -1578,10 +1618,12 @@ class WOSiteUpdateController(CementBaseController): db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host'], - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) else: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, - ssl=True if check_site.is_ssl else False, php_version=check_php_version) + ssl=True if check_site.is_ssl else False, + php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 @@ -1713,9 +1755,11 @@ class WOSiteDeleteController(CementBaseController): deleteSiteInfo(self, wo_domain) Log.info(self, "Deleted site {0}".format(wo_domain)) # else: - # Log.error(self, " site {0} does not exists".format(wo_domain)) + # Log.error(self, " site {0} does + # not exists".format(wo_domain)) else: - if (mark_db_delete_prompt or mark_webroot_delete_prompt or (mark_webroot_deleted and mark_db_deleted)): + if (mark_db_delete_prompt or mark_webroot_delete_prompt or + (mark_webroot_deleted and mark_db_deleted)): # TODO Delete nginx conf removeNginxConf(self, wo_domain) deleteSiteInfo(self, wo_domain) From 4a5a86798f2102736361b638fc9a7e7cc86fc6a1 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 01:38:14 +0200 Subject: [PATCH 07/36] fix hsts --- wo/cli/plugins/site.py | 60 +++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 11c9d1b..8e29f6c 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -337,7 +337,8 @@ class WOSiteCreateController(CementBaseController): choices=('on', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--hsts'], - dict(help="enable HSTS for site secured with letsencrypt")), + dict(help="enable HSTS for site secured with letsencrypt", + action='store_true')), (['--user'], dict(help="provide user for WordPress site")), (['--email'], @@ -675,9 +676,10 @@ class WOSiteCreateController(CementBaseController): data['letsencrypt'] = True letsencrypt = True - if self.app.pargs.hsts == 'on': - data['hsts'] = True - hsts = True + if self.app.pargs.hsts: + if self.app.pargs.hsts == "on": + data['hsts'] = True + hsts = True if data['letsencrypt'] is True: setupLetsEncrypt(self, wo_domain) @@ -781,7 +783,7 @@ class WOSiteUpdateController(CementBaseController): choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--hsts'], - dict(help="configure hsts on site secured with letsencrypt", + dict(help="configure HSTS on site secured with letsencrypt", action='store' or 'store_const', choices=('on', 'off'), const='on', nargs='?')), @@ -1111,14 +1113,6 @@ class WOSiteUpdateController(CementBaseController): data['hsts'] = False hsts = False - if pargs.hsts: - if pargs.hsts == 'on': - data['hsts'] = True - hsts = True - elif pargs.hsts == 'off': - data['hsts'] = False - hsts = False - if letsencrypt is check_ssl: if letsencrypt is False: Log.error(self, "SSl is not configured for given " @@ -1128,6 +1122,14 @@ class WOSiteUpdateController(CementBaseController): "site") pargs.letsencrypt = False + if pargs.hsts: + if pargs.hsts == 'on': + data['hsts'] = True + hsts = True + elif pargs.hsts == 'off': + data['hsts'] = False + hsts = False + if data and (not pargs.php73): if old_php73 is True: data['php73'] = True @@ -1344,6 +1346,38 @@ class WOSiteUpdateController(CementBaseController): updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 + if pargs.htsts == "on": + if check_ssl: + if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") + .format(wo_site_webroot)): + setupHsts(self, wo_domain) + else: + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf.disabled" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf' + .format(wo_site_webroot)) + else: + Log.error(self, "HTTPS is not configured for given " + "site") + return 0 + + if pargs.htsts == "off": + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/" + "hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + else: + Log.error(self, "HSTS is not configured for given " + "site") + if stype == oldsitetype and cache == oldcachetype: # Service Nginx Reload From 28069ac34e8ba33ca488f514cb044a5e51376817 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 09:14:23 +0200 Subject: [PATCH 08/36] change hsts flag --- wo/cli/plugins/site.py | 54 +++----------------------------- wo/cli/plugins/site_functions.py | 27 +++++++--------- wo/core/shellexec.py | 3 +- 3 files changed, 17 insertions(+), 67 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 8e29f6c..ffafd07 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -783,10 +783,8 @@ class WOSiteUpdateController(CementBaseController): choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--hsts'], - dict(help="configure HSTS on site secured with letsencrypt", - action='store' or 'store_const', - choices=('on', 'off'), - const='on', nargs='?')), + dict(help="configure HSTS on site secured with letsencrypt", + action='store_true')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--experimental'], @@ -1110,8 +1108,6 @@ class WOSiteUpdateController(CementBaseController): elif pargs.letsencrypt == 'off': data['letsencrypt'] = False letsencrypt = False - data['hsts'] = False - hsts = False if letsencrypt is check_ssl: if letsencrypt is False: @@ -1123,12 +1119,6 @@ class WOSiteUpdateController(CementBaseController): pargs.letsencrypt = False if pargs.hsts: - if pargs.hsts == 'on': - data['hsts'] = True - hsts = True - elif pargs.hsts == 'off': - data['hsts'] = False - hsts = False if data and (not pargs.php73): if old_php73 is True: @@ -1217,16 +1207,6 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) - if data['hsts'] is True: - if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") - .format(wo_site_webroot)): - setupHsts(self, wo_domain) - else: - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf.disabled" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf' - .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1283,16 +1263,6 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) - if data['hsts'] is True: - if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") - .format(wo_site_webroot)): - setupHsts(self, wo_domain) - else: - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf.disabled" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf' - .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1346,7 +1316,7 @@ class WOSiteUpdateController(CementBaseController): updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 - if pargs.htsts == "on": + if pargs.hsts: if check_ssl: if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") .format(wo_site_webroot)): @@ -1360,23 +1330,7 @@ class WOSiteUpdateController(CementBaseController): else: Log.error(self, "HTTPS is not configured for given " "site") - return 0 - - if pargs.htsts == "off": - if os.path.isfile(("{0}/conf/nginx/hsts.conf") - .format(wo_site_webroot)): - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf.disabled' - .format(wo_site_webroot)) - - if not WOService.reload_service(self, 'nginx'): - Log.error(self, "service nginx reload failed. " - "check issues with `nginx -t` command") - else: - Log.error(self, "HSTS is not configured for given " - "site") + return 0 if stype == oldsitetype and cache == oldcachetype: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 55c61db..56a904a 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1410,22 +1410,19 @@ def renewLetsEncrypt(self, wo_domain_name): def setupHsts(self, wo_domain_name): - if os.path.isfile("/etc/letsencrypt/" - "renewal/{0}_ecc/" - "fullchain.cer".format(wo_domain_name)): - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - hstsconf.write("more_set_headers " - "\"Strict-Transport-Security: " - "max-age=31536000; " - "'includeSubDomains; " - "preload\";") - hstsconf.close() + hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + hstsconf.write("more_set_headers " + "\"Strict-Transport-Security: " + "max-age=31536000; " + "'includeSubDomains; " + "preload\";") + hstsconf.close() def httpsRedirect(self, wo_domain_name, redirect=True): diff --git a/wo/core/shellexec.py b/wo/core/shellexec.py index c64d5bc..77b3dcf 100644 --- a/wo/core/shellexec.py +++ b/wo/core/shellexec.py @@ -53,7 +53,6 @@ class WOShellExec(): Log.debug(self, "{0}{1}".format(e.errno, e.strerror)) raise CommandExecutionError - def cmd_exec_stdout(self, command, errormsg='', log=True): """Run shell command from Python""" try: @@ -80,4 +79,4 @@ class WOShellExec(): raise CommandExecutionError except Exception as e: Log.debug(self, str(e)) - raise CommandExecutionError \ No newline at end of file + raise CommandExecutionError From 3b1cb2f1d54f445f1f66f52a7cafbb1a5e1bd581 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 09:17:11 +0200 Subject: [PATCH 09/36] fix indentation --- wo/cli/plugins/site.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index ffafd07..6961188 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1118,8 +1118,6 @@ class WOSiteUpdateController(CementBaseController): "site") pargs.letsencrypt = False - if pargs.hsts: - if data and (not pargs.php73): if old_php73 is True: data['php73'] = True From 4d5b8af45d4756463a314fd438ee1a1128edc32f Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 12:38:01 +0200 Subject: [PATCH 10/36] refactor sslutils --- wo/core/sslutils.py | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index 78c2df4..1c00482 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -9,7 +9,8 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + Log.error(self, 'File Not Found: " + "/etc/letsencrypt/live/{0}/cert.pem'" .format(domain), False) if returnonerror: return -1 @@ -17,8 +18,14 @@ class SSL: "`tail /var/log/wo/wordops.log` and please try again...") current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"" + "`openssl x509 -in " + "/etc/letsencrypt/live/" + "{0}/cert.pem" + " -text -noout|grep " + "\"Not After\"|" + "cut -c 25-`\" " + "+%s".format(domain)) days_left = int((int(expiration_date) - int(current_date)) / 86400) if (days_left > 0): @@ -31,11 +38,18 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' + Log.error(self, 'File Not Found: "/etc/letsencrypt/" + "live/{0}/cert.pem'" .format(domain), False) Log.error(self, "Check the WordOps log for more details " "`tail /var/log/wo/wordops.log` and please try again...") - expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" - " -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain)) + expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d " + "\"`openssl x509 -in " + "/etc/letsencrypt/live/" + "{0}/cert.pem" + " -text -noout|grep " + "\"Not After\"|" + "cut -c 25-`\" " + .format(domain)) return expiration_date From 2bc216d81779de992a2bb0dfec799f3b162a2550 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 13:01:13 +0200 Subject: [PATCH 11/36] fix ssl util --- wo/core/sslutils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index 1c00482..161a484 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -9,8 +9,8 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found: " - "/etc/letsencrypt/live/{0}/cert.pem'" + Log.error(self, 'File Not Found: ' + '/etc/letsencrypt/live/{0}/cert.pem' .format(domain), False) if returnonerror: return -1 @@ -38,8 +38,8 @@ class SSL: # check if exist if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): - Log.error(self, 'File Not Found: "/etc/letsencrypt/" - "live/{0}/cert.pem'" + Log.error(self, 'File Not Found: /etc/letsencrypt/' + 'live/{0}/cert.pem' .format(domain), False) Log.error(self, "Check the WordOps log for more details " "`tail /var/log/wo/wordops.log` and please try again...") From dc27235220f2a2c5e88ba1288bc8b4a2801b2b92 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 10 Apr 2019 16:09:25 +0200 Subject: [PATCH 12/36] add wo.sh downloader --- .travis.yml | 2 +- install | 21 ++++++++++++++------- wo.sh | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 wo.sh diff --git a/.travis.yml b/.travis.yml index e1898ba..b554dfb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,7 +21,7 @@ script: - sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig' - sudo echo "Travis Banch = $TRAVIS_BRANCH" - sudo apt-get install -y --force-yes git python3-setuptools python3-dev python3-apt ccze tree - - sudo bash install $TRAVIS_BRANCH + - sudo bash wo.sh $TRAVIS_BRANCH - sudo wo --help - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log diff --git a/install b/install index 732770b..a5d3b41 100644 --- a/install +++ b/install @@ -402,9 +402,12 @@ wo_upgrade_nginx() { rm -rf /var/lib/wo-backup/nginx fi # backup nginx conf - /usr/bin/rsync -az /etc/nginx/ /var/lib/wo-backup/nginx/ - /usr/bin/rsync -az /etc/php/ /var/lib/wo-backup/php/ - + if [ -d /etc/nginx ]; then + /usr/bin/rsync -az /etc/nginx/ /var/lib/wo-backup/nginx/ + fi + if [ -d /etc/php ]; then + /usr/bin/rsync -az /etc/php/ /var/lib/wo-backup/php/ + fi # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo) @@ -462,10 +465,13 @@ wo_upgrade_nginx() { rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} fi if [ -n "$CHECK_PHP73" ]; then + WO_STACK_INSTALL_ARGS="--php73" apt-get remove php7.3-fpm -y -qq --purge rm -f /etc/php/7.3/fpm/pool.d/{www.conf,www-two.conf,debug.conf} + else + WO WO_STACK_INSTALL_ARGS="" fi - /usr/local/bin/wo stack install --nginx --php --php73 + /usr/local/bin/wo stack install --nginx --php $WO_STACK_INSTALL_ARGS echo "$wo_version_new" > /etc/nginx/common/release rm -f /etc/nginx/common/acl.conf /etc/nginx/conf.d/{map-wp-cache.conf,map-wp.conf} fi @@ -693,13 +699,14 @@ if [ "$migration" -eq "1" ]; then wo_lib_echo_info "For autocompletion, run the following command:" wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" echo - wo_lib_echo "WordOps (wo) help: https://docs.wordops.net" -else + wo_lib_echo "WordOps Documentation : https://docs.wordops.net" + wo_lib_echo "WordOps Community Forum : https://community.wordops.net" echo wo_lib_echo "For WordOps (wo) auto completion, run the following command" echo wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" echo wo_lib_echo "Yay! WordOps (wo) installed/updated successfully" - wo_lib_echo "WordOps (wo) help: https://docs.wordops.net" + wo_lib_echo "WordOps Documentation : https://docs.wordops.net" + wo_lib_echo "WordOps Community Forum : https://community.wordops.net" fi diff --git a/wo.sh b/wo.sh new file mode 100644 index 0000000..8160bac --- /dev/null +++ b/wo.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# ------------------------------------------------------------------------- +# WordOps install script downloader +# ------------------------------------------------------------------------- +# Website: https://wordops.net +# GitHub: https://github.com/WordOps/WordOps +# Copyright (c) 2019 - WordOps +# This script is licensed under M.I.T +# ------------------------------------------------------------------------- +# Version 3.9.5 - 2019-04-10 +# ------------------------------------------------------------------------- + +### +# 1 - Check whether the installation is called with elevated rights +### +if [[ $EUID -ne 0 ]]; then + wo_lib_echo_fail "Sudo privilege required..." + wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo" + exit 100 +fi + +[ -z "$(command -v git)" ] && { + apt-get update -qq && apt-get install git -qq +} > /dev/null 2>&1 + +# update or clone wordops repositoru +if [ -d /tmp/WordOps/.git ]; then + git -C /tmp/WordOps pull origin master -q +else + rm -rf /tmp/WordOps + git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$@" -q +fi + +if [ -x /tmp/WordOps/install ]; then +/tmp/WordOps/install "$@" +fi From f8e14def03737487a571e92d9a87566a43ca62aa Mon Sep 17 00:00:00 2001 From: virtubox Date: Wed, 10 Apr 2019 16:10:34 +0200 Subject: [PATCH 13/36] make install executable --- install | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 install diff --git a/install b/install old mode 100644 new mode 100755 From 10f4e8269e9acafcb00b213a8001e7930e45fd4e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 10 Apr 2019 17:18:24 +0200 Subject: [PATCH 14/36] fix wo.sh --- CHANGELOG.md | 2 ++ install | 6 +----- wo.sh | 10 ++++++++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ed4b35..127d4cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - "wo maintenance" command to perform server package update & cleanup - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata +- additional argument for letsencrypt : --hsts +- wo.sh installer downloader script #### Changed diff --git a/install b/install index a5d3b41..0782d7a 100644 --- a/install +++ b/install @@ -382,12 +382,8 @@ wo_install_acme_sh() { # Now, finally, let's install WordOps wo_install() { { - rm -rf /tmp/easyengine - rm -rf /tmp/wordops - git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet - - cd /tmp/wordops || exit 1 + cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 python3 setup.py install diff --git a/wo.sh b/wo.sh index 8160bac..a1bc421 100644 --- a/wo.sh +++ b/wo.sh @@ -23,14 +23,20 @@ fi apt-get update -qq && apt-get install git -qq } > /dev/null 2>&1 +if [ "${#}" = "0" ]; then + wo_branch=master +else + wo_branch="$@" +fi + # update or clone wordops repositoru if [ -d /tmp/WordOps/.git ]; then git -C /tmp/WordOps pull origin master -q else rm -rf /tmp/WordOps - git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$@" -q + git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" -q fi if [ -x /tmp/WordOps/install ]; then -/tmp/WordOps/install "$@" + /tmp/WordOps/install "$wo_branch" fi From bd5a44cf9286c3b47def89079012eeed1940dc3e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 10 Apr 2019 21:18:09 +0200 Subject: [PATCH 15/36] last modification to install script --- CHANGELOG.md | 2 +- install | 67 +++++++++++++++++++++++----------------------------- wo.sh | 15 ++++++++---- 3 files changed, 40 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 127d4cf..298297a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,7 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata - additional argument for letsencrypt : --hsts -- wo.sh installer downloader script +- refactor install script #### Changed diff --git a/install b/install index 0782d7a..804bcc2 100755 --- a/install +++ b/install @@ -7,10 +7,10 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-04-05 +# Version 3.9.5 - 2019-04-10 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.4" +readonly wo_version_new="3.9.4.5" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -81,11 +81,6 @@ fi ### # 1 - Define variables for later use ### -if [ -n "$1" ]; then - wo_branch="$1" -else - wo_branch="master" -fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_install_log=/var/log/wo/install.log @@ -99,9 +94,9 @@ EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" if [ -x /usr/local/bin/ee ]; then - migration=1 -else - migration=0 + ee_migration=1 +elif [ -x /usr/local/bin/wo ]; then + wo_upgrade=1 fi ### @@ -158,20 +153,20 @@ wo_install_dep() { locale-gen en } >> "$wo_install_log" 2>&1 # Support PFS - if [ -f /etc/nginx/nginx.conf ]; then - # Replace previous ciphers - new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" - sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf - # Change the TLS protocols - sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf - fi + # if [ -f /etc/nginx/nginx.conf ]; then + # # Replace previous ciphers + # new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" + # sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf + # # Change the TLS protocols + # sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf + # fi - # Let's Encrypt .well-known folder setup - if [ ! -d /var/www/html/.well-known/acme-challenge ]; then - mkdir -p /var/www/html/.well-known/acme-challenge - chown -R www-data:www-data /var/www/html /var/www/html/.well-known - chmod 750 /var/www/html /var/www/html/.well-known - fi + # # Let's Encrypt .well-known folder setup + # if [ ! -d /var/www/html/.well-known/acme-challenge ]; then + # mkdir -p /var/www/html/.well-known/acme-challenge + # chown -R www-data:www-data /var/www/html /var/www/html/.well-known + # chmod 750 /var/www/html /var/www/html/.well-known + # fi } ### @@ -382,7 +377,6 @@ wo_install_acme_sh() { # Now, finally, let's install WordOps wo_install() { { - cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 python3 setup.py install @@ -687,22 +681,19 @@ fi wo sync | tee -ai $wo_install_log -if [ "$migration" -eq "1" ]; then +if [ "$ee_migration" -eq "1" ]; then echo wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!" wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz" echo - wo_lib_echo_info "For autocompletion, run the following command:" - wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" - echo - wo_lib_echo "WordOps Documentation : https://docs.wordops.net" - wo_lib_echo "WordOps Community Forum : https://community.wordops.net" - echo - wo_lib_echo "For WordOps (wo) auto completion, run the following command" - echo - wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" - echo - wo_lib_echo "Yay! WordOps (wo) installed/updated successfully" - wo_lib_echo "WordOps Documentation : https://docs.wordops.net" - wo_lib_echo "WordOps Community Forum : https://community.wordops.net" +elif [ "$wo_upgrade" = "1" ]; then + wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!" +else + wo_lib_echo "WordOps (wo) installed successfully" fi +wo_lib_echo_info "For autocompletion, run the following command:" +wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc" +echo +wo_lib_echo "WordOps Documentation : https://docs.wordops.net" +wo_lib_echo "WordOps Community Forum : https://community.wordops.net" +echo diff --git a/wo.sh b/wo.sh index a1bc421..2c937a0 100644 --- a/wo.sh +++ b/wo.sh @@ -19,24 +19,29 @@ if [[ $EUID -ne 0 ]]; then exit 100 fi +# check if git is installed [ -z "$(command -v git)" ] && { apt-get update -qq && apt-get install git -qq } > /dev/null 2>&1 -if [ "${#}" = "0" ]; then - wo_branch=master +# set github repository branch +if [ -n "$1" ]; then + wo_branch="$1" else - wo_branch="$@" + wo_branch=master fi # update or clone wordops repositoru if [ -d /tmp/WordOps/.git ]; then - git -C /tmp/WordOps pull origin master -q + git -C /tmp/WordOps fetch --all + git -C /tmp/WordOps reset --hard origin/${wo_branch} + git -C /tmp/WordOps clean -f else rm -rf /tmp/WordOps git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" -q fi +# execute install script if [ -x /tmp/WordOps/install ]; then - /tmp/WordOps/install "$wo_branch" + /tmp/WordOps/install fi From f5095751c92bb09ecb9fc51edd9350cdcc4d3a7a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 10 Apr 2019 21:45:02 +0200 Subject: [PATCH 16/36] update readme --- CHANGELOG.md | 2 +- README.md | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 298297a..1e57efb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,7 +28,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata - additional argument for letsencrypt : --hsts -- refactor install script #### Changed @@ -39,6 +38,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Increase MySQL root password size to 16 characters - Increase MySQL users password size to 16 characters - Nginx locations template is the same for php7.2 & 7.3 +- refactor install script #### Fixed diff --git a/README.md b/README.md index 8b059ec..4afeb33 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@

Key Features • - Getting Started • Usage • RoadMap • Changelog • @@ -28,8 +27,10 @@

WordOps site • +Documentation • Community forum • -Documentation +Slack +

--- @@ -41,8 +42,9 @@ - **Up-to-date** : Nginx 1.14.2 with Brotli support, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 - **Secured** : Hardened WordPress security with strict Nginx location directives - **Powerful** : Optimized Nginx configurations with multiple cache backends support -- **SSL** : Let's Encrypt SSL certificates handled by Acme.sh -- **Modern** : Secured SSL/TLS encryption with strong ciphers_suite and modern TLS protocols +- **SSL** : Let's Encrypt SSL certificates handled by acme.sh +- **Modern** : Secured SSL/TLS encryption with strong ciphers_suite, modern TLS protocols and HSTS support +- **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata ## Requirements @@ -63,7 +65,7 @@ ## Getting Started ```bash -wget -qO wo wordops.se/tup && sudo bash wo # Install WordOps +curl -sL wops.cc | sudo bash # Install WordOps sudo wo site create example.com --wp # Install required packages & setup WordPress on example.com ``` @@ -75,6 +77,7 @@ WordOps made some fundamental changes: - Support for w3tc is dropped as a security precaution. - PHP 5.6 has been replaced by PHP 7.2 and PHP 7.0 has been replaced by PHP 7.3. - Nginx-ee package has been replaced by Nginx-wo (based on Nginx stable v1.14.2 with Brolti support) +- HHVM stack has been removed - Let's Encrypt stack isn't based on letsencrypt-auto anymore, we use acme.sh to handle SSL certificates If you are going to migrate from EasyEngine v3, here some important informations : @@ -129,15 +132,6 @@ wo site create example.com --wp --letsencrypt # install wordpress & secure site wo site create sub.example.com --wp --letsencrypt=subdomain # install wordpress and secure subdomain with letsencrypt ``` -## Cheatsheet - -| | single site | multisite w/ subdir | multisite w/ subdom | -|--------------------|---------------|-----------------------|--------------------------| -| **NO Cache** | --wp | --wpsubdir | --wpsubdomain | -| **WP Super Cache** | --wpsc | -wpsubdir --wpsc | --wpsubdomain --wpsc | -| **Nginx fastcgi_cache** | --wpfc | --wpsubdir --wpfc | --wpsubdomain --wpfc | -| **Redis cache** | --wpredis | --wpsubdir --wpredis | --wpsubdomain --wpredis | - ## Update WordOps ```bash From e5996de2b630d6227f99d08c7dd30c2327d3a9fd Mon Sep 17 00:00:00 2001 From: virtubox Date: Thu, 11 Apr 2019 12:58:32 +0200 Subject: [PATCH 17/36] make wo.sh executable --- wo.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 wo.sh diff --git a/wo.sh b/wo.sh old mode 100644 new mode 100755 From 61de8136456ceef7891e13a3b6b81e8491f85573 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 11 Apr 2019 13:04:30 +0200 Subject: [PATCH 18/36] fix installer in case of manual install --- install | 31 +++++++++++++++++++------------ wo.sh | 2 +- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/install b/install index 804bcc2..ca064a5 100755 --- a/install +++ b/install @@ -56,7 +56,7 @@ wo_lib_error() { ### if [[ $EUID -ne 0 ]]; then wo_lib_echo_fail "Sudo privilege required..." - wo_lib_echo_fail "Use: wget -qO wo wordops.se/tup && sudo bash wo" + wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" exit 100 fi @@ -81,6 +81,11 @@ fi ### # 1 - Define variables for later use ### +if [ -z "$1" ]; then + wo_branch=master +else + wo_branch="$1" +fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_install_log=/var/log/wo/install.log @@ -227,8 +232,8 @@ wo_sync_db() { wo_site_current_type=$(grep "common/" /etc/nginx/sites-available/$site | awk -F "/" '{print $2}') - if [ "$(echo "$wo_site_current_type" | grep php)" ]; then - if [ "$(echo "$wo_site_current_type" | grep php7)" ]; then + if [ "$(echo $wo_site_current_type | grep php)" ]; then + if [ "$(echo $wo_site_current_type | grep php7)" ]; then wo_php_version="7.0" else wo_php_version="5.6" @@ -237,28 +242,28 @@ wo_sync_db() { wo_php_version="" fi - if [ "$(echo "$wo_site_current_type" | grep redis)" ]; then + if [ "$(echo $wo_site_current_type | grep redis)" ]; then wo_site_current_cache="wpredis" - elif [ -z "$(echo "$wo_site_current_type" | grep wpsc)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpsc)" ]; then wo_site_current_cache="wpsc" - elif [ -z "$(echo "$wo_site_current_type" | grep wpfc)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpfc)" ]; then wo_site_current_cache="wpfc" else wo_site_current_cache="basic" fi - if [ "$(echo "$wo_site_current_type" | grep wp)" ]; then - if [ -z "$(echo "$wo_site_current_type" | grep wpsubdir)" ]; then + if [ "$(echo $wo_site_current_type | grep wp)" ]; then + if [ -z "$(echo $wo_site_current_type | grep wpsubdir)" ]; then wo_site_current="wpsubdir" - elif [ -z "$(echo "$wo_site_current_type" | grep wpsudomain)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep wpsudomain)" ]; then wo_site_current="wpsubdomain" else wo_site_current="wp" fi else - if [ -z "$(echo "$wo_site_current_type" | grep location)" ]; then + if [ -z "$(echo $wo_site_current_type | grep location)" ]; then wo_site_current="proxy" - elif [ -z "$(echo "$wo_site_current_type" | grep php)" ]; then + elif [ -z "$(echo $wo_site_current_type | grep php)" ]; then wo_site_current="html" else if [ -f /var/www/${site}/ee-config.php ] || [ -f /var/www/${site}/wo-config.php ]; then @@ -377,10 +382,12 @@ wo_install_acme_sh() { # Now, finally, let's install WordOps wo_install() { { + if [ ! -d /tmp/WordOps ]; then + git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" + fi cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 python3 setup.py install - } wo_upgrade_nginx() { diff --git a/wo.sh b/wo.sh index 2c937a0..b4c7353 100644 --- a/wo.sh +++ b/wo.sh @@ -15,7 +15,7 @@ ### if [[ $EUID -ne 0 ]]; then wo_lib_echo_fail "Sudo privilege required..." - wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo" + wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" exit 100 fi From 333b118c5d8e8c4199a54c26c5d77f4155976126 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 11 Apr 2019 20:35:03 +0200 Subject: [PATCH 19/36] improving stack --- .travis.yml | 5 ++- wo/cli/plugins/stack.py | 79 +++++++++++++++++++++++++++++------------ 2 files changed, 58 insertions(+), 26 deletions(-) diff --git a/.travis.yml b/.travis.yml index b554dfb..08e893e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,11 +24,11 @@ script: - sudo bash wo.sh $TRAVIS_BRANCH - sudo wo --help - - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log + - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create proxy.com --proxy=127.0.0.1:3000 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log @@ -62,5 +62,4 @@ script: - sudo wo info || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.vtbox.net/$(basename wordops.tar.gz) && echo "" || sudo echo "transfer.sh is down" - sudo tree -L 2 /etc/nginx diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 2699c52..1f5bf42 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -90,7 +90,8 @@ class WOStackController(CementBaseController): if set(WOVariables.wo_mysql).issubset(set(apt_packages)): Log.info(self, "Adding repository for MySQL, please wait...") - mysql_pref = ("Package: *\nPin: origin sfo1.mirrors.digitalocean.com" + mysql_pref = ("Package: *\nPin: origin " + "sfo1.mirrors.digitalocean.com" "\nPin-Priority: 1000\n") with open('/etc/apt/preferences.d/' 'MariaDB.pref', 'w') as mysql_pref_file: @@ -487,7 +488,8 @@ class WOStackController(CementBaseController): except CommandExecutionError as e: Log.error( - self, "Failed to generate HTTPS certificate for 22222") + self, "Failed to generate HTTPS " + "certificate for 22222") # Nginx Configation into GIT WOGit.add(self, @@ -541,7 +543,8 @@ class WOStackController(CementBaseController): " keepalive 10;\n}\n") if (os.path.isfile("/etc/nginx/nginx.conf") and - not os.path.isfile("/etc/nginx/conf.d/redis.conf")): + not os.path.isfile("/etc/nginx/conf.d" + "/redis.conf")): with open("/etc/nginx/conf.d/" "redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" @@ -841,7 +844,8 @@ class WOStackController(CementBaseController): config.write(configfile) # Parse /etc/php/7.3/fpm/php-fpm.conf - data = dict(pid="/run/php/php7.3-fpm.pid", error_log="/var/log/php7.3-fpm.log", + data = dict(pid="/run/php/php7.3-fpm.pid", + error_log="/var/log/php7.3-fpm.log", include="/etc/php/7.3/fpm/pool.d/*.conf") Log.debug(self, "writting php 7.3 configuration into " "/etc/php/7.3/fpm/php-fpm.conf") @@ -1011,28 +1015,38 @@ class WOStackController(CementBaseController): shutil.move('/tmp/phpmyadmin-STABLE/', '{0}22222/htdocs/db/pma/' .format(WOVariables.wo_webroot)) - shutil.copyfile('{0}22222/htdocs/db/pma/config.sample.inc.php' + shutil.copyfile('{0}22222/htdocs/db/pma' + '/config.sample.inc.php' .format(WOVariables.wo_webroot), '{0}22222/htdocs/db/pma/config.inc.php' .format(WOVariables.wo_webroot)) - Log.debug(self, 'Setting Blowfish Secret Key FOR COOKIE AUTH to ' + Log.debug(self, 'Setting Blowfish Secret Key ' + 'FOR COOKIE AUTH to ' '{0}22222/htdocs/db/pma/config.inc.php file ' .format(WOVariables.wo_webroot)) blowfish_key = ''.join([random.choice - (string.ascii_letters + string.digits) + (string.ascii_letters + + string.digits) for n in range(25)]) WOFileUtils.searchreplace(self, - '{0}22222/htdocs/db/pma/config.inc.php' + '{0}22222/htdocs/db/pma' + '/config.inc.php' .format(WOVariables.wo_webroot), - "$cfg[\'blowfish_secret\'] = \'\';", "$cfg[\'blowfish_secret\'] = \'{0}\';" + "$cfg[\'blowfish_secret\']" + " = \'\';", + "$cfg[\'blowfish_secret\']" + " = \'{0}\';" .format(blowfish_key)) Log.debug(self, 'Setting HOST Server For Mysql to ' '{0}22222/htdocs/db/pma/config.inc.php file ' .format(WOVariables.wo_webroot)) WOFileUtils.searchreplace(self, - '{0}22222/htdocs/db/pma/config.inc.php' + '{0}22222/htdocs/db/pma' + '/config.inc.php' .format(WOVariables.wo_webroot), - "$cfg[\'Servers\'][$i][\'host\'] = \'localhost\';", "$cfg[\'Servers\'][$i][\'host\'] = \'{0}\';" + "$cfg[\'Servers\'][$i][\'host\']" + " = \'localhost\';", "$cfg" + "[\'Servers\'][$i][\'host\'] = \'{0}\';" .format(WOVariables.wo_mysql_host)) Log.debug(self, 'Setting Privileges of webroot permission to ' '{0}22222/htdocs/db/pma file ' @@ -1045,11 +1059,13 @@ class WOStackController(CementBaseController): # composer install and phpmyadmin update if any('/tmp/composer-install' == x[1] for x in packages): + Log.info(self, "Installing composer, please wait...") WOShellExec.cmd_exec(self, "php -q /tmp/composer-install " "--install-dir=/tmp/") shutil.copyfile('/tmp/composer.phar', '/usr/local/bin/composer') WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775) + Log.info(self, "Updating phpMyAdmin, please wait...") WOShellExec.cmd_exec(self, "sudo -u www-data -H composer " "update --no-dev -d " "/var/www/22222/htdocs/db/pma/") @@ -1057,6 +1073,7 @@ class WOStackController(CementBaseController): if any('/tmp/kickstart.sh' == x[1] for x in packages): if not os.path.exists('/etc/netdata'): + Log.info(self, "Installing Netdata, please wait...") WOShellExec.cmd_exec(self, "bash /tmp/kickstart.sh " "--dont-wait --no-updates") WOFileUtils.searchreplace(self, "/usr/lib/netdata/conf.d/" @@ -1160,7 +1177,8 @@ class WOStackController(CementBaseController): ' BY \'{1}\''.format(self.app.config.get( 'mysql', 'grant-host'), chars), - errormsg="cannot grant priviledges", log=False) + errormsg="cannot grant priviledges", + log=False) # Custom Anemometer configuration Log.debug(self, "configration Anemometer") @@ -1451,24 +1469,36 @@ class WOStackController(CementBaseController): WOShellExec.cmd_exec(self, "systemctl enable redis-server") if os.path.isfile("/etc/redis/redis.conf"): if WOVariables.wo_ram < 512: - Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" + Log.debug(self, "Setting maxmemory variable to " + "{0} in redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.1))) - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory" + " /maxmemory {0}/'" + " /etc/redis/redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.1))) Log.debug( - self, "Setting maxmemory-policy variable to allkeys-lru in redis.conf") - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy allkeys-lru/' " + self, "Setting maxmemory-policy variable to " + "allkeys-lru in redis.conf") + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-" + "policy.*/maxmemory-policy " + "allkeys-lru/' " "/etc/redis/redis.conf") WOService.restart_service(self, 'redis-server') else: - Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" + Log.debug(self, "Setting maxmemory variable to {0} " + "in redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.2))) - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory " + "/maxmemory {0}/' " + "/etc/redis/redis.conf" .format(int(WOVariables.wo_ram*1024*1024*0.2))) Log.debug( - self, "Setting maxmemory-policy variable to allkeys-lru in redis.conf") - WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy allkeys-lru/' " + self, "Setting maxmemory-policy variable " + "to allkeys-lru in redis.conf") + WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-" + "policy.*/maxmemory-policy " + "allkeys-lru/' " "/etc/redis/redis.conf") WOService.restart_service(self, 'redis-server') if disp_msg: @@ -1518,7 +1548,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Removing apt_packages variable of Nginx") apt_packages = apt_packages + WOVariables.wo_nginx else: - Log.error(self, "Cannot Remove! Nginx Stable version not found.") + Log.error(self, "Cannot Remove! Nginx Stable " + "version not found.") # PHP 7.2 if self.app.pargs.php: Log.debug(self, "Removing apt_packages variable of PHP") @@ -1662,7 +1693,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Purge apt_packages variable PHP") if WOAptGet.is_installed(self, 'php7.2-fpm'): if not (WOAptGet.is_installed(self, 'php7.3-fpm')): - apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + apt_packages = apt_packages + WOVariables.wo_php + \ + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php else: @@ -1673,7 +1705,8 @@ class WOStackController(CementBaseController): Log.debug(self, "Removing apt_packages variable of PHP 7.3") if WOAptGet.is_installed(self, 'php7.3-fpm'): if not (WOAptGet.is_installed(self, 'php7.2-fpm')): - apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra + apt_packages = apt_packages + WOVariables.wo_php73 + \ + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php73 else: From b8fbf44b616f70b047ae6a3dd6bb7e67e87f13d3 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Thu, 11 Apr 2019 20:40:43 +0200 Subject: [PATCH 20/36] fix installer --- install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install b/install index ca064a5..4e1d59a 100755 --- a/install +++ b/install @@ -688,7 +688,7 @@ fi wo sync | tee -ai $wo_install_log -if [ "$ee_migration" -eq "1" ]; then +if [ "$ee_migration" = "1" ]; then echo wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!" wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz" From 1686775f604e6613e49afa445b5819889345e753 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 12 Apr 2019 02:43:41 +0200 Subject: [PATCH 21/36] update 22222 ssl configuration --- README.md | 6 +++--- wo/cli/plugins/stack.py | 17 +++++++++++++++++ wo/cli/templates/22222.mustache | 8 ++------ 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4afeb33..f30ff20 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -

Wordops +

Wordops

@@ -140,8 +140,8 @@ wo update ## Support -If you feel there is a bug directly related to WordOps, feel free to open an issue. -For any other questions/suggestions about WordOps or if you need support, please use the [WordOps Community Forum](https://community.wordops.net/). +If you feel there is a bug directly related to WordOps, or if you want to suggest new features for WordOps, feel free to open an issue. +For any other questions about WordOps or if you need support, please use the [Community Forum](https://community.wordops.net/). # Contributing diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 1f5bf42..2f707ce 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -442,6 +442,14 @@ class WOStackController(CementBaseController): os.makedirs('{0}22222/cert' .format(WOVariables.wo_webroot)) + if not os.path.exists('{0}22222/conf/nginx' + .format(WOVariables.wo_webroot)): + Log.debug(self, "Creating directory " + "{0}22222/conf/nginx" + .format(WOVariables.wo_webroot)) + os.makedirs('{0}22222/conf/nginx' + .format(WOVariables.wo_webroot)) + WOFileUtils.create_symlink(self, ['/var/log/nginx/' '22222.access.log', '{0}22222/' @@ -491,6 +499,15 @@ class WOStackController(CementBaseController): self, "Failed to generate HTTPS " "certificate for 22222") + if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' + .format(WOVariables.wo_webroot)): + with open("/etc/nginx/conf.d/" + "upstream.conf", "a") as php_file: + php_file.write("ssl_certificate " + "/var/www/22222/cert/22222.crt;\n" + "ssl_certificate_key " + "/var/www/22222/cert/22222.key;\n") + # Nginx Configation into GIT WOGit.add(self, ["/etc/nginx"], msg="Adding Nginx into Git") diff --git a/wo/cli/templates/22222.mustache b/wo/cli/templates/22222.mustache index 82bfcb6..3106ee7 100644 --- a/wo/cli/templates/22222.mustache +++ b/wo/cli/templates/22222.mustache @@ -7,9 +7,6 @@ server { access_log /var/log/nginx/22222.access.log rt_cache; error_log /var/log/nginx/22222.error.log; - ssl_certificate {{webroot}}22222/cert/22222.crt; - ssl_certificate_key {{webroot}}22222/cert/22222.key; - # Force HTTP to HTTPS error_page 497 =200 https://$host:22222$request_uri; @@ -65,9 +62,8 @@ server { proxy_store off; proxy_pass http://netdata/$ndpath$is_args$args; - gzip on; - gzip_proxied any; - gzip_types *; } + include {{webroot}}22222/conf/nginx/*.conf; + } From 60325e548a3e5098b288bbc1a7685055566d2c15 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 12 Apr 2019 10:43:34 +0200 Subject: [PATCH 22/36] fix phpredisadmin setup --- wo/cli/plugins/stack.py | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 2f707ce..db116d8 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -1084,7 +1084,7 @@ class WOStackController(CementBaseController): WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775) Log.info(self, "Updating phpMyAdmin, please wait...") WOShellExec.cmd_exec(self, "sudo -u www-data -H composer " - "update --no-dev -d " + "update -n --no-dev -d " "/var/www/22222/htdocs/db/pma/") # netdata install if any('/tmp/kickstart.sh' == x[1] @@ -1215,9 +1215,6 @@ class WOStackController(CementBaseController): if any('/tmp/pra.tar.gz' == x[1] for x in packages): - Log.debug(self, 'Extracting file /tmp/pra.tar.gz to ' - 'loaction /tmp/') - WOExtract.extract(self, '/tmp/pra.tar.gz', '/tmp/') if not os.path.exists('{0}22222/htdocs/cache/redis' .format(WOVariables.wo_webroot)): Log.debug(self, "Creating new directory " @@ -1225,23 +1222,15 @@ class WOStackController(CementBaseController): .format(WOVariables.wo_webroot)) os.makedirs('{0}22222/htdocs/cache/redis' .format(WOVariables.wo_webroot)) - if not os.path.exists('{0}22222/htdocs/cache/' - 'redis/phpRedisAdmin' - .format(WOVariables.wo_webroot)): - shutil.move('/tmp/phpRedisAdmin-master/', - '{0}22222/htdocs/cache/redis/phpRedisAdmin' - .format(WOVariables.wo_webroot)) - - Log.debug(self, 'Extracting file /tmp/predis.tar.gz to ' - 'loaction /tmp/') - WOExtract.extract(self, '/tmp/predis.tar.gz', '/tmp/') - shutil.move('/tmp/predis-1.0.1/', - '{0}22222/htdocs/cache/redis/' - 'phpRedisAdmin/vendor' - .format(WOVariables.wo_webroot)) - + if os.path.isfile("/usr/local/bin/composer"): + WOShellExec.cmd_exec(self, "sudo -u www-data -H " + "composer " + "create-project -n -s dev " + "erik-dubbelboer/php-redis-admin " + "/var/www/22222/htdocs/cache" + "/redis/phpRedisAdmin/ ") Log.debug(self, 'Setting Privileges of webroot permission to ' - '{0}22222/htdocs/cache/ file ' + '{0}22222/htdocs/cache/file ' .format(WOVariables.wo_webroot)) WOFileUtils.chown(self, '{0}22222' .format(WOVariables.wo_webroot), From 1e10bf6294ca2f8a529a5199de981ffd688124ae Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 14 Apr 2019 19:43:23 +0200 Subject: [PATCH 23/36] update install script and travis --- .travis.yml | 18 ++++++------ CHANGELOG.md | 2 ++ install | 11 +++++--- wo.sh | 47 -------------------------------- wo/cli/plugins/stack_services.py | 6 ++-- 5 files changed, 21 insertions(+), 63 deletions(-) delete mode 100755 wo.sh diff --git a/.travis.yml b/.travis.yml index 08e893e..8a5c578 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,12 @@ before_script: - sudo bash -c 'echo example.com > /etc/hostname' - sudo apt-get -qq purge mysql* graphviz* - sudo apt-get -qq autoremove --purge - - sudo apt-get update +addons: + apt: + update: true + +git: + quiet: true script: - lsb_release -a @@ -21,13 +26,8 @@ script: - sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig' - sudo echo "Travis Banch = $TRAVIS_BRANCH" - sudo apt-get install -y --force-yes git python3-setuptools python3-dev python3-apt ccze tree - - sudo bash wo.sh $TRAVIS_BRANCH - - sudo wo --help - - - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log - - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - - - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log + - sudo bash install $TRAVIS_BRANCH + - sudo wo --help && sudo wo stack install && sudo wo stack install --admin - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create proxy.com --proxy=127.0.0.1:3000 || sudo tail -n50 /var/log/wo/wordops.log @@ -60,6 +60,4 @@ script: - sudo ls /var/www/ - sudo wp --allow-root --info - sudo wo info || sudo tail -n50 /var/log/wo/wordops.log - - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - sudo tree -L 2 /etc/nginx diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e57efb..1bda98d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Increase MySQL users password size to 16 characters - Nginx locations template is the same for php7.2 & 7.3 - refactor install script +- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf + #### Fixed diff --git a/install b/install index 4e1d59a..8c6f43f 100755 --- a/install +++ b/install @@ -7,7 +7,7 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-04-10 +# Version 3.9.5 - 2019-04-14 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" readonly wo_version_new="3.9.4.5" @@ -379,11 +379,14 @@ wo_install_acme_sh() { fi } -# Now, finally, let's install WordOps +# Clone Github repository if it doesn't exist wo_install() { { - if [ ! -d /tmp/WordOps ]; then + if [ ! -d /tmp/WordOps/.git ]; then + rm -rf /tmp/WordOps git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" + else + git -C /tmp/WordOps pull fi cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 @@ -597,7 +600,7 @@ wo_backup_ee() { } wo_backup_wo() { - tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx/ /usr/local/lib/python3.6/dist-packages/wo-*.egg /etc/wo >> /var/log/wo/install.log 2>&1 + tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx/ /usr/local/lib/python3.6/dist-packages/wo-*.egg /etc/wo /var/lib/wo >> /var/log/wo/install.log 2>&1 } wo_clean_ee() { diff --git a/wo.sh b/wo.sh deleted file mode 100755 index b4c7353..0000000 --- a/wo.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash -# ------------------------------------------------------------------------- -# WordOps install script downloader -# ------------------------------------------------------------------------- -# Website: https://wordops.net -# GitHub: https://github.com/WordOps/WordOps -# Copyright (c) 2019 - WordOps -# This script is licensed under M.I.T -# ------------------------------------------------------------------------- -# Version 3.9.5 - 2019-04-10 -# ------------------------------------------------------------------------- - -### -# 1 - Check whether the installation is called with elevated rights -### -if [[ $EUID -ne 0 ]]; then - wo_lib_echo_fail "Sudo privilege required..." - wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" - exit 100 -fi - -# check if git is installed -[ -z "$(command -v git)" ] && { - apt-get update -qq && apt-get install git -qq -} > /dev/null 2>&1 - -# set github repository branch -if [ -n "$1" ]; then - wo_branch="$1" -else - wo_branch=master -fi - -# update or clone wordops repositoru -if [ -d /tmp/WordOps/.git ]; then - git -C /tmp/WordOps fetch --all - git -C /tmp/WordOps reset --hard origin/${wo_branch} - git -C /tmp/WordOps clean -f -else - rm -rf /tmp/WordOps - git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" -q -fi - -# execute install script -if [ -x /tmp/WordOps/install ]; then - /tmp/WordOps/install -fi diff --git a/wo/cli/plugins/stack_services.py b/wo/cli/plugins/stack_services.py index 358eb85..8b81b86 100644 --- a/wo/cli/plugins/stack_services.py +++ b/wo/cli/plugins/stack_services.py @@ -14,7 +14,8 @@ class WOStackStatusController(CementBaseController): description = 'Check the stack status' arguments = [ (['--memcached'], - dict(help='start/stop/restart memcached', action='store_true')), + dict(help='start/stop/restart memcached', + action='store_true')), ] @expose(help="Start stack services") @@ -186,7 +187,8 @@ class WOStackStatusController(CementBaseController): if ((WOVariables.wo_mysql_host is "localhost") or (WOVariables.wo_mysql_host is "127.0.0.1")): if ((WOAptGet.is_installed(self, 'mysql-server') or - WOAptGet.is_installed(self, 'percona-server-server-5.6') or + WOAptGet.is_installed(self, + 'percona-server-server-5.6') or WOAptGet.is_installed(self, 'mariadb-server'))): services = services + ['mysql'] else: From ce50ee30a471b0f4678e474c7cc614c54cadd92a Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 14:44:06 +0200 Subject: [PATCH 24/36] fix hsts arg --- config/bash_completion.d/wo_auto.rc | 8 ++-- wo/cli/plugins/site.py | 35 +++++++++------ wo/cli/plugins/site_functions.py | 67 ++++++++++++++++++++++++----- 3 files changed, 81 insertions(+), 29 deletions(-) diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index c4b5c62..6a6e3a9 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -74,7 +74,7 @@ _wo_complete() # HANDLE EVERYTHING AFTER THE THIRD LEVEL NAMESPACE "install" | "purge" | "remove" ) COMPREPLY=( $(compgen \ - -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin --composer --netdata" \ + -W "--web --admin --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --all --redis --phpredisadmin --composer --netdata --fail2ban" \ -- $cur) ) ;; "upgrade" ) @@ -84,7 +84,7 @@ _wo_complete() ;; "start" | "stop" | "reload" | "restart" | "status") COMPREPLY=( $(compgen \ - -W "--nginx --php --php73 --mysql --memcache --redis" \ + -W "--nginx --php --php73 --mysql --memcache --redis --fail2ban --netdata" \ -- $cur) ) ;; "migrate") @@ -213,7 +213,7 @@ _wo_complete() if [ ${COMP_WORDS[2]} == "create" ]; then retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --letsencrypt --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" + retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --le --le=subdomain --le=off " else retlist="" fi @@ -363,7 +363,7 @@ _wo_complete() case "$mprev" in "--user" | "--email" | "--pass") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt" + retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --letsencrypt --letsencrypt=subdomain" fi ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 6961188..285f2fe 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -673,13 +673,16 @@ class WOSiteCreateController(CementBaseController): "`tail /var/log/wo/wordops.log` and please try again") if self.app.pargs.letsencrypt == "on": - data['letsencrypt'] = True - letsencrypt = True - if self.app.pargs.hsts: - if self.app.pargs.hsts == "on": - data['hsts'] = True - hsts = True + data['letsencrypt'] = True + letsencrypt = True + data['hsts'] = True + hsts = True + else: + data['letsencrypt'] = True + letsencrypt = True + data['hsts'] = False + hsts = False if data['letsencrypt'] is True: setupLetsEncrypt(self, wo_domain) @@ -808,7 +811,7 @@ class WOSiteUpdateController(CementBaseController): if not (pargs.php or pargs.php73 or pargs.mysql or pargs.wp or pargs.wpsubdir or pargs.wpsubdomain or pargs.wpfc or pargs.wpsc or - pargs.wpredis or pargs.letsencrypt): + pargs.wpredis or pargs.letsencrypt or pargs.hsts): Log.error(self, "Please provide options to update sites.") if pargs.all: @@ -1315,16 +1318,21 @@ class WOSiteUpdateController(CementBaseController): return 0 if pargs.hsts: - if check_ssl: - if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") - .format(wo_site_webroot)): + if os.path.isfile(("{0}/conf/nginx/ssl.conf") + .format(wo_site_webroot)): + if (not os.path.isfile("{0}/conf/nginx/hsts.conf.disabled" + .format(wo_site_webroot))): setupHsts(self, wo_domain) + else: WOFileUtils.mvfile(self, "{0}/conf/nginx/" "hsts.conf.disabled" .format(wo_site_webroot), '{0}/conf/nginx/hsts.conf' .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") else: Log.error(self, "HTTPS is not configured for given " "site") @@ -1552,15 +1560,14 @@ class WOSiteUpdateController(CementBaseController): wpconfig = open("{0}".format(config_path), encoding='utf-8', mode='a') wpconfig.write("\n\ndefine( \'WP_CACHE_KEY_SALT\'," - " \'{0}:\' );" - .format(wo_domain)) + " \'{0}:\' );".format(wo_domain)) wpconfig.close() except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Updating wp-config.php failed.") Log.warn(self, "Updating wp-config.php failed. " - "Could not append:" - "\ndefine( \'WP_CACHE_KEY_SALT\', " + "Could not append:" + "\ndefine( \'WP_CACHE_KEY_SALT\', " "\'{0}:\' );".format(wo_domain) + "\nPlease add manually") except SiteError as e: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 56a904a..3fd57f2 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -141,7 +141,8 @@ def setupdomain(self, data): def setupdatabase(self, data): wo_domain_name = data['site_name'] wo_random = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 24))) + string.ascii_lowercase + + string.digits, 24))) wo_replace_dot = wo_domain_name.replace('.', '_') prompt_dbname = self.app.config.get('mysql', 'db-name') prompt_dbuser = self.app.config.get('mysql', 'db-user') @@ -242,7 +243,8 @@ def setupwordpress(self, data): wo_wp_email = self.app.config.get('wordpress', 'email') # Random characters wo_random = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 15))) + string.ascii_lowercase + + string.digits, 15))) wo_wp_prefix = '' # wo_wp_user = '' # wo_wp_pass = '' @@ -375,13 +377,15 @@ def setupwordpress(self, data): import shutil Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd( - )+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir)))) + )+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), + os.pardir)))) shutil.move(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))) except Exception as e: Log.error(self, 'Unable to move file from {0} to {1}' .format(os.getcwd()+'/wp-config.php', - os.path.abspath(os.path.join(os.getcwd(), os.pardir))), False) + os.path.abspath(os.path.join(os.getcwd(), + os.pardir))), False) raise SiteError("Unable to move wp-config.php") if not wo_wp_user: @@ -488,11 +492,47 @@ def setupwordpress(self, data): """Install nginx-helper plugin """ installwp_plugin(self, 'nginx-helper', data) if data['wpfc']: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,' + '"enable_log":0,"enable_stamp":0,' + '"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,' + '"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,' + '"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_fastcgi",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1",' + '"redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) elif data['wpredis']: - plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' + plugin_data = '{"log_level":"INFO","log_filesize":5,' + '"enable_purge":1,"enable_map":0,' + '"enable_log":0,"enable_stamp":0,' + '"purge_homepage_on_new":1,' + '"purge_homepage_on_edit":1,' + '"purge_homepage_on_del":1,' + '"purge_archive_on_new":1,' + '"purge_archive_on_edit":0,' + '"purge_archive_on_del":0,' + '"purge_archive_on_new_comment":0,' + '"purge_archive_on_deleted_comment":0,' + '"purge_page_on_mod":1,' + '"purge_page_on_new_comment":1,' + '"purge_page_on_deleted_comment":1,' + '"cache_method":"enable_redis",' + '"purge_method":"get_request",' + '"redis_hostname":"127.0.0.1",' + '"redis_port":"6379",' + '"redis_prefix":"nginx-cache:"}' setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) @@ -722,7 +762,8 @@ def site_package_check(self, stype): self, "Error: two different PHP versions cannot be " "combined within the same WordOps site") - if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', 'wpsubdomain']: + if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', + 'wpsubdomain']: Log.debug(self, "Setting apt_packages variable for PHP 7.2") if not WOAptGet.is_installed(self, 'php7.2-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'): @@ -1105,7 +1146,8 @@ def detSitePar(opts): def generate_random(): wo_random10 = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 16))) + string.ascii_lowercase + + string.digits, 16))) return wo_random10 @@ -1375,10 +1417,12 @@ def renewLetsEncrypt(self, wo_domain_name): mail_list = '' if not ssl: - Log.error(self, "ERROR : Let's Encrypt certificate renewal FAILED!", False) + Log.error(self, "ERROR : Let's Encrypt certificate renewal FAILED!", + False) if (SSL.getExpirationDays(self, wo_domain_name) > 0): Log.error(self, "Your current certificate will expire within " + - str(SSL.getExpirationDays(self, wo_domain_name)) + " days.", False) + str(SSL.getExpirationDays(self, wo_domain_name)) + + " days.", False) else: Log.error(self, "Your current certificate already expired!", False) @@ -1523,7 +1567,8 @@ def archivedCertificateHandle(self, domain): sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl on;\n" - "ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate " + "{0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" .format(WOVariables.wo_ssl_live, domain)) sslconf.close() From 8282ff0aaa2c9021e4d76fccbf88746aeefeabf7 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 15:09:10 +0200 Subject: [PATCH 25/36] fix hsts --- wo/cli/plugins/site.py | 14 ++++++-------- wo/cli/plugins/site_functions.py | 8 ++++---- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 285f2fe..58e0e1d 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -888,7 +888,8 @@ class WOSiteUpdateController(CementBaseController): if (pargs.password and not (pargs.html or pargs.php or pargs.php73 or pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or - pargs.wpsubdir or pargs.wpsubdomain)): + pargs.wpsubdir or pargs.wpsubdomain or + pargs.hsts)): try: updatewpuserpassword(self, wo_domain, wo_site_webroot) except SiteError as e: @@ -1320,16 +1321,13 @@ class WOSiteUpdateController(CementBaseController): if pargs.hsts: if os.path.isfile(("{0}/conf/nginx/ssl.conf") .format(wo_site_webroot)): - if (not os.path.isfile("{0}/conf/nginx/hsts.conf.disabled" + if (not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot))): - setupHsts(self, wo_domain) + setupHsts(self, wo_domain, True) else: - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf.disabled" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf' - .format(wo_site_webroot)) + Log.error(self, "HSTS is already configured for given " + "site") if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 3fd57f2..b302cbd 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1453,13 +1453,13 @@ def renewLetsEncrypt(self, wo_domain_name): # redirect= False to disable https redirection -def setupHsts(self, wo_domain_name): +def setupHsts(self, wo_domain, hsts=True): Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + self, "Adding /var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain)) hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name), + .format(wo_domain), encoding='utf-8', mode='w') hstsconf.write("more_set_headers " "\"Strict-Transport-Security: " From ad3900f710a367b2f675413dbaea26a79c22f36e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 15:31:19 +0200 Subject: [PATCH 26/36] change hsts settings --- wo/cli/plugins/site.py | 51 ++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 58e0e1d..e228d80 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -785,9 +785,11 @@ class WOSiteUpdateController(CementBaseController): action='store' or 'store_const', choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), - (['--hsts'], - dict(help="configure HSTS on site secured with letsencrypt", - action='store_true')), + (['-hsts'], + dict(help="configure hsts for the site", + action='store' or 'store_const', + choices=('on', 'off'), + const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--experimental'], @@ -1319,22 +1321,37 @@ class WOSiteUpdateController(CementBaseController): return 0 if pargs.hsts: - if os.path.isfile(("{0}/conf/nginx/ssl.conf") - .format(wo_site_webroot)): - if (not os.path.isfile("{0}/conf/nginx/hsts.conf" - .format(wo_site_webroot))): - setupHsts(self, wo_domain, True) - + if pargs.hsts == 'on': + if os.path.isfile(("{0}/conf/nginx/ssl.conf") + .format(wo_site_webroot)): + if (not os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot))): + setupHsts(self, wo_domain, True) + else: + Log.error(self, "HSTS is already configured for given " + "site") + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") else: - Log.error(self, "HSTS is already configured for given " + Log.error(self, "HTTPS is not configured for given " "site") - if not WOService.reload_service(self, 'nginx'): - Log.error(self, "service nginx reload failed. " - "check issues with `nginx -t` command") - else: - Log.error(self, "HTTPS is not configured for given " - "site") - return 0 + return 0 + + elif pargs.hsts == 'off': + if os.path.isfile(("{0}/conf/nginx/hsts.conf") + .format(wo_site_webroot)): + WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot), + '{0}/conf/nginx/hsts.conf.disabled' + .format(wo_site_webroot)) + if not WOService.reload_service(self, 'nginx'): + Log.error(self, "service nginx reload failed. " + "check issues with `nginx -t` command") + else: + Log.error(self, "HSTS is not configured for given " + "site") + return 0 if stype == oldsitetype and cache == oldcachetype: From 409f1cbbb47194b823ca75c924b0bfcbb331235b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 15:45:40 +0200 Subject: [PATCH 27/36] add return for hsts --- wo/cli/plugins/site_functions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index b302cbd..f202acb 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1467,6 +1467,7 @@ def setupHsts(self, wo_domain, hsts=True): "'includeSubDomains; " "preload\";") hstsconf.close() + return 0 def httpsRedirect(self, wo_domain_name, redirect=True): From 992e4f9aaab4ae4e767c20ac5eceb612b02fd40c Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 15:51:17 +0200 Subject: [PATCH 28/36] add data for hsts --- wo/cli/plugins/site.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index e228d80..7413013 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1156,6 +1156,13 @@ class WOSiteUpdateController(CementBaseController): cache == oldcachetype): return 1 + if pargs.hsts: + if not data: + data = dict(site_name=wo_domain, www_domain=wo_www_domain, + currsitetype=oldsitetype, + currcachetype=oldcachetype, + webroot=wo_site_webroot) + if not data: Log.error(self, "Cannot update {0}, Invalid Options" .format(wo_domain)) From cf97f18a153e6eefbecff07eda8f9a22aa236a69 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 16:00:26 +0200 Subject: [PATCH 29/36] add variable for hsts --- wo/cli/plugins/site.py | 12 +++++++++--- wo/cli/plugins/site_functions.py | 6 +++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 7413013..9d1c145 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1162,6 +1162,12 @@ class WOSiteUpdateController(CementBaseController): currsitetype=oldsitetype, currcachetype=oldcachetype, webroot=wo_site_webroot) + if pargs.hsts == "on": + data['hsts'] = True + hsts = True + elif pargs.hsts == "off": + data['hsts'] = False + hsts = False if not data: Log.error(self, "Cannot update {0}, Invalid Options" @@ -1328,12 +1334,12 @@ class WOSiteUpdateController(CementBaseController): return 0 if pargs.hsts: - if pargs.hsts == 'on': + if data['hsts'] is True: if os.path.isfile(("{0}/conf/nginx/ssl.conf") .format(wo_site_webroot)): if (not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot))): - setupHsts(self, wo_domain, True) + setupHsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " "site") @@ -1345,7 +1351,7 @@ class WOSiteUpdateController(CementBaseController): "site") return 0 - elif pargs.hsts == 'off': + elif data['hsts'] is False: if os.path.isfile(("{0}/conf/nginx/hsts.conf") .format(wo_site_webroot)): WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index f202acb..818e23e 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1453,13 +1453,13 @@ def renewLetsEncrypt(self, wo_domain_name): # redirect= False to disable https redirection -def setupHsts(self, wo_domain, hsts=True): +def setupHsts(self, wo_domain_name): Log.info( self, "Adding /var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain)) + .format(wo_domain_name)) hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain), + .format(wo_domain_name), encoding='utf-8', mode='w') hstsconf.write("more_set_headers " "\"Strict-Transport-Security: " From eef613359ef137ec40e28ea67ee9ba0496fc7642 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 21:31:13 +0200 Subject: [PATCH 30/36] add argument parsing to install script --- .travis.yml | 2 +- install | 44 ++++++++++++++++++++++++++++++-------------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8a5c578..0581229 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,7 +26,7 @@ script: - sudo bash -c 'echo -e "[user]\n\tname = abc\n\temail = root@localhost.com" > /home/travis/.gitconfig' - sudo echo "Travis Banch = $TRAVIS_BRANCH" - sudo apt-get install -y --force-yes git python3-setuptools python3-dev python3-apt ccze tree - - sudo bash install $TRAVIS_BRANCH + - sudo bash install -b $TRAVIS_BRANCH - sudo wo --help && sudo wo stack install && sudo wo stack install --admin - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log diff --git a/install b/install index 8c6f43f..fc47f13 100755 --- a/install +++ b/install @@ -78,13 +78,29 @@ if [ -z "$(command -v lsb_release)" ]; then apt-get -y install lsb-release -qq fi +while [ "$#" -gt 0 ]; do + case "$1" in + -b | --branch) + wo_branch="$2" + shift + ;; + -p | --preserve) + wo_preserve_config="y" + ;; + --force) + wo_force_install="y" + ;; + *) # positional args + ;; + esac + shift +done + ### # 1 - Define variables for later use ### -if [ -z "$1" ]; then +if [ -z "$wo_branch" ]; then wo_branch=master -else - wo_branch="$1" fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ @@ -107,6 +123,7 @@ fi ### # 1 - Checking linux distro ### +if [ -z "$wo_force_install" ]; then if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ]; then wo_lib_echo_fail "WordOps (wo) only supports Ubuntu and Debian at the moment." wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support" @@ -119,6 +136,7 @@ else exit 100 fi fi +fi ### # 1 - To prevent errors or unexpected behaviour, create the log and ACL it @@ -364,17 +382,19 @@ wo_install_acme_sh() { } >> "$wo_install_log" 2>&1 fi - if [ -d "$HOME/.acme/.sh" ]; then + if [ -d "$HOME/.acme.sh" ]; then { - rsync -az --exclude="account.conf" \ + /usr/bin/rsync -rltgoDpz --exclude="account.conf" \ --exclude="acme.sh" \ --exclude="acme.sh.env" \ --exclude="deploy" \ --exclude="dnsapi" \ --exclude="http.header" \ --exclude="ca" \ + --del \ "$HOME/.acme.sh/" \ /etc/letsencrypt/renewal/ + } >> "$wo_install_log" 2>&1 fi } @@ -386,7 +406,7 @@ wo_install() { rm -rf /tmp/WordOps git clone https://github.com/WordOps/WordOps.git /tmp/WordOps -b "$wo_branch" else - git -C /tmp/WordOps pull + git -C /tmp/WordOps pull origin "$wo_branch" fi cd /tmp/WordOps || exit 1 } >> "$wo_install_log" 2>&1 @@ -630,10 +650,8 @@ if [ -x /usr/local/bin/wo ]; then wo_upgrade_nginx | tee -ai $wo_install_log fi wo_update_latest | tee -ai $wo_install_log - if [ ! -d /opt/acme.sh ]; then - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log - fi + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log @@ -662,10 +680,8 @@ else wo_upgrade_nginx | tee -ai $wo_install_log fi wo_update_latest | tee -ai $wo_install_log - if [ ! -d /opt/acme.sh ]; then - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log - fi + wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log From 4e577919e3eb1c5cd45e7287e751e06e15c6399b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 23:54:05 +0200 Subject: [PATCH 31/36] fix typo --- wo/cli/plugins/site.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 9d1c145..1fc36ea 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -785,7 +785,7 @@ class WOSiteUpdateController(CementBaseController): action='store' or 'store_const', choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), - (['-hsts'], + (['--hsts'], dict(help="configure hsts for the site", action='store' or 'store_const', choices=('on', 'off'), @@ -1337,8 +1337,8 @@ class WOSiteUpdateController(CementBaseController): if data['hsts'] is True: if os.path.isfile(("{0}/conf/nginx/ssl.conf") .format(wo_site_webroot)): - if (not os.path.isfile("{0}/conf/nginx/hsts.conf" - .format(wo_site_webroot))): + if not os.path.isfile("{0}/conf/nginx/hsts.conf" + .format(wo_site_webroot)): setupHsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " From b9f04b246351c91afb1a1ed38a801c673b195358 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 15 Apr 2019 23:57:19 +0200 Subject: [PATCH 32/36] make hsts simple --- wo/cli/plugins/site.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 1fc36ea..01b6ac8 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1157,11 +1157,6 @@ class WOSiteUpdateController(CementBaseController): return 1 if pargs.hsts: - if not data: - data = dict(site_name=wo_domain, www_domain=wo_www_domain, - currsitetype=oldsitetype, - currcachetype=oldcachetype, - webroot=wo_site_webroot) if pargs.hsts == "on": data['hsts'] = True hsts = True From 50532183793a4b7de19be8238544e2577eb5cae5 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 16 Apr 2019 00:00:21 +0200 Subject: [PATCH 33/36] exclude hsts from test --- wo/cli/plugins/site.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 01b6ac8..dbe9a19 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1174,7 +1174,7 @@ class WOSiteUpdateController(CementBaseController): data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host - if not pargs.letsencrypt: + if not pargs.letsencrypt or pargs.hsts: try: pre_run_checks(self) except SiteError as e: From 2881510cf199e074e81fa6dfdb30ab3501cfc328 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 16 Apr 2019 00:01:09 +0200 Subject: [PATCH 34/36] make sure condition is valid --- wo/cli/plugins/site.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index dbe9a19..f96642f 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -1174,7 +1174,7 @@ class WOSiteUpdateController(CementBaseController): data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host - if not pargs.letsencrypt or pargs.hsts: + if not (pargs.letsencrypt or pargs.hsts): try: pre_run_checks(self) except SiteError as e: From d7842c641cca412a85a81baabf36056ed5760839 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 16 Apr 2019 08:50:15 +0200 Subject: [PATCH 35/36] add theme for adminer --- wo/cli/plugins/stack.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index db116d8..33c3bda 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -1387,11 +1387,19 @@ class WOStackController(CementBaseController): Log.debug(self, "Setting packages variable for Adminer ") packages = packages + [["https://www.adminer.org/static/" "download/{0}/adminer-{0}.php" - "".format(WOVariables.wo_adminer), + .format(WOVariables.wo_adminer), "{0}22222/" "htdocs/db/adminer/index.php" .format(WOVariables.wo_webroot), - "Adminer"]] + "Adminer"], + ["https://raw.githubusercontent.com" + "/vrana/adminer/master/designs/" + "pepa-linha/adminer.css", + "{0}22222/" + "htdocs/db/adminer/adminer.css" + .format(WOVariables.wo_webroot), + "Adminer theme"]] + # Netdata if self.app.pargs.netdata: Log.debug(self, "Setting packages variable for Netdata") From f85d2073dc5f665fb59a2439e99ec6265e23b497 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Tue, 16 Apr 2019 11:16:55 +0200 Subject: [PATCH 36/36] update changelog and readme --- CHANGELOG.md | 3 ++- README.md | 10 +++++++++- wo/cli/plugins/stack.py | 3 +++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1bda98d..d71a0dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata - additional argument for letsencrypt : --hsts +- Theme for adminer +- Credits for tools shipped with WordOps #### Changed @@ -41,7 +43,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - refactor install script - backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf - #### Fixed - PHP 7.3 extras when php 7.2 isn't installed diff --git a/README.md b/README.md index f30ff20..d22d233 100644 --- a/README.md +++ b/README.md @@ -150,10 +150,18 @@ There is no need to be a developer or a system administrator to contribute to Wo ## Credits -- Main source : [EasyEngine](https://github.com/easyengine/easyengine) +- Source : [EasyEngine](https://github.com/easyengine/easyengine) + +Shipped with WordOps + - Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) - WordPress deployment : [WP-CLI](https://github.com/wp-cli/wp-cli) - Monitoring : [Netdata](https://github.com/netdata/netdata) +- [phpMyAdmin](https://www.phpmyadmin.net/) +- [Adminer](https://www.adminer.org/) +- [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) +- [PHPMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) +- [opcacheGUI](https://github.com/amnuts/opcache-gui) ## License diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 33c3bda..b50f8ee 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -523,6 +523,7 @@ class WOStackController(CementBaseController): else: WOService.restart_service(self, 'nginx') + # create redis conf is redis is installed if WOAptGet.is_installed(self, 'redis-server'): if (os.path.isfile("/etc/nginx/nginx.conf") and not os.path.isfile("/etc/nginx/common/" @@ -549,6 +550,7 @@ class WOStackController(CementBaseController): out=wo_nginx) wo_nginx.close() + # add redis upstream if not available in upstream.conf if os.path.isfile("/etc/nginx/conf.d/upstream.conf"): if not WOFileUtils.grep(self, "/etc/nginx/conf.d/" "upstream.conf", @@ -559,6 +561,7 @@ class WOStackController(CementBaseController): " server 127.0.0.1:6379;\n" " keepalive 10;\n}\n") + # add redis cache format if not already done if (os.path.isfile("/etc/nginx/nginx.conf") and not os.path.isfile("/etc/nginx/conf.d" "/redis.conf")):