diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f6dc8b..1bec441 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### v3.9.x - [Unreleased]
+#### Fixed
+
+- `wo upgrade` output
+
### v3.9.8.2 - 2019-08-20
#### Added
diff --git a/install b/install
index b127fed..523439d 100755
--- a/install
+++ b/install
@@ -548,22 +548,6 @@ wo_upgrade_nginx() {
wo_update_latest() {
- if [ -f /etc/nginx/fastcgi_params ]; then
- CHECK_HTTP_PROXY=$(grep 'HTTP_PROXY' /etc/nginx/fastcgi_params)
- if [ -z "$CHECK_HTTP_PROXY" ]; then
- echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi_params
- echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi.conf
- service nginx restart | tee -ai $wo_install_log
- fi
- fi
-
- if [ -f /etc/ImageMagick/policy.xml ]; then
- if [ ! -f /etc/ImageMagick/patch.txt ]; then
- echo -e "\t\n\t\n\t\n\t\n\t" >> /etc/ImageMagick/patch.txt
- sed -i '//r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
- fi
- fi
-
# Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
# create conf.d folder if not exist
diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py
index 77648f5..65ba0e3 100644
--- a/wo/cli/plugins/stack_pref.py
+++ b/wo/cli/plugins/stack_pref.py
@@ -354,15 +354,10 @@ def post_pref(self, apt_packages, packages):
os.makedirs('/etc/nginx/sites-enabled')
# 22222 port settings
- if not os.path.isfile("/etc/nginx/sites-available/22222"):
- Log.debug(self, 'Writting the nginx configuration to '
- 'file /etc/nginx/sites-available/'
- '22222')
- wo_nginx = open('/etc/nginx/sites-available/22222',
- encoding='utf-8', mode='w')
- self.app.render((data), '22222.mustache',
- out=wo_nginx)
- wo_nginx.close()
+ if not os.path.isfile('/etc/nginx/sites-available/22222'):
+ WOTemplate.tmpl_render(self,
+ '/etc/nginx/sites-available/22222',
+ '22222.mustache', data, overwrite=False)
passwd = ''.join([random.choice
(string.ascii_letters + string.digits)
@@ -497,57 +492,6 @@ def post_pref(self, apt_packages, packages):
else:
WOService.restart_service(self, 'nginx')
- # add rule for Nginx with UFW
- if WOAptGet.is_installed(self, 'ufw'):
- try:
- WOShellExec.cmd_exec(self, "/usr/bin/ufw allow "
- "http")
- WOShellExec.cmd_exec(self, "/usr/bin/ufw allow "
- "https")
- WOShellExec.cmd_exec(self, "/usr/bin/ufw allow "
- "22222")
- except CommandExecutionError as e:
- Log.debug(self, "{0}".format(e))
- Log.error(self, "Unable to add UFW rule")
-
- # create nginx configuration for redis
- if set(WOVariables.wo_redis).issubset(set(apt_packages)):
- if os.path.isdir('/etc/nginx/common'):
- data = dict(upstream="php72")
- Log.debug(self, 'Writting the nginx configuration to '
- 'file /etc/nginx/common/redis-php72.conf')
- wo_nginx = open('/etc/nginx/common/redis-php72.conf',
- encoding='utf-8', mode='w')
- self.app.render((data), 'redis.mustache',
- out=wo_nginx)
- wo_nginx.close()
-
- if os.path.isfile("/etc/nginx/conf.d/upstream.conf"):
- if not WOFileUtils.grep(self, "/etc/nginx/conf.d/"
- "upstream.conf",
- "redis"):
- with open("/etc/nginx/conf.d/upstream.conf",
- "a") as redis_file:
- redis_file.write("upstream redis {\n"
- " server 127.0.0.1:6379;\n"
- " keepalive 10;\n}\n")
-
- if os.path.isfile("/etc/nginx/nginx.conf"):
- if not os.path.isfile("/etc/nginx/conf.d/redis.conf"):
- with open("/etc/nginx/conf.d/redis.conf",
- "a") as redis_file:
- redis_file.write("# Log format Settings\n"
- "log_format rt_cache_redis "
- "'$remote_addr "
- "$upstream_response_time "
- "$srcache_fetch_status "
- "[$time_local]"
- " '\n '$http_host"
- " \"$request\" "
- "$status $body_bytes_sent '\n"
- "'\"$http_referer\" "
- "\"$http_user_agent\"';\n")
-
if set(WOVariables.wo_php).issubset(set(apt_packages)):
ngxroot = '/var/www/'
# Create log directories
@@ -1007,28 +951,21 @@ def post_pref(self, apt_packages, packages):
if set(WOVariables.wo_fail2ban).issubset(set(apt_packages)):
if not os.path.isfile("/etc/fail2ban/jail.d/custom.conf"):
data = dict()
- Log.debug(self, "Setting up fail2ban jails configuration")
- fail2ban_config = open('/etc/fail2ban/jail.d/custom.conf',
- encoding='utf-8', mode='w')
- self.app.render((data), 'fail2ban.mustache',
- out=fail2ban_config)
- fail2ban_config.close()
-
- Log.debug(self, "Setting up fail2ban wp filter")
- fail2ban_config = open('/etc/fail2ban/filter.d/'
+ WOTemplate.tmpl_render(self,
+ '/etc/fail2ban/jail.d/custom.conf',
+ 'fail2ban.mustache',
+ data, overwrite=False)
+ WOTemplate.tmpl_render(self,
+ '/etc/fail2ban/filter.d/'
'wo-wordpress.conf',
- encoding='utf-8', mode='w')
- self.app.render((data), 'fail2ban-wp.mustache',
- out=fail2ban_config)
- fail2ban_config.close()
-
- Log.debug(self, "Setting up fail2ban wp filter")
- fail2ban_config = open('/etc/fail2ban/filter.d/'
+ 'fail2ban-wp.mustache',
+ data, overwrite=False)
+ WOTemplate.tmpl_render(self,
+ '/etc/fail2ban/filter.d/'
'nginx-forbidden.conf',
- encoding='utf-8', mode='w')
- self.app.render((data), 'fail2ban-forbidden.mustache',
- out=fail2ban_config)
- fail2ban_config.close()
+ 'fail2ban-forbidden.mustache',
+ data, overwrite=False)
+
WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git")
WOService.reload_service(self, 'fail2ban')
@@ -1115,6 +1052,31 @@ def post_pref(self, apt_packages, packages):
# Redis configuration
if set(WOVariables.wo_redis).issubset(set(apt_packages)):
+ if os.path.isfile("/etc/nginx/conf.d/upstream.conf"):
+ if not WOFileUtils.grep(self, "/etc/nginx/conf.d/"
+ "upstream.conf",
+ "redis"):
+ with open("/etc/nginx/conf.d/upstream.conf",
+ "a") as redis_file:
+ redis_file.write("upstream redis {\n"
+ " server 127.0.0.1:6379;\n"
+ " keepalive 10;\n}\n")
+
+ if os.path.isfile("/etc/nginx/nginx.conf"):
+ if not os.path.isfile("/etc/nginx/conf.d/redis.conf"):
+ with open("/etc/nginx/conf.d/redis.conf",
+ "a") as redis_file:
+ redis_file.write("# Log format Settings\n"
+ "log_format rt_cache_redis "
+ "'$remote_addr "
+ "$upstream_response_time "
+ "$srcache_fetch_status "
+ "[$time_local]"
+ " '\n '$http_host"
+ " \"$request\" "
+ "$status $body_bytes_sent '\n"
+ "'\"$http_referer\" "
+ "\"$http_user_agent\"';\n")
# set redis.conf parameter
# set maxmemory 10% for ram below 512MB and 20% for others
# set maxmemory-policy allkeys-lru
diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py
index 7fa7236..584215b 100644
--- a/wo/cli/plugins/stack_upgrade.py
+++ b/wo/cli/plugins/stack_upgrade.py
@@ -171,95 +171,95 @@ class WOStackUpgradeController(CementBaseController):
"Composer"]]
else:
Log.error(self, "Composer isn't installed")
+ if len(apt_packages) or len(packages):
+ if len(apt_packages):
+ Log.info(self, "Your site may be down for few seconds if "
+ "you are upgrading Nginx, PHP-FPM, MariaDB or Redis")
+ # Check prompt
+ if ((not pargs.no_prompt) and (not pargs.force)):
+ start_upgrade = input("Do you want to continue:[y/N]")
+ if start_upgrade != "Y" and start_upgrade != "y":
+ Log.error(self, "Not starting package update")
+ Log.info(self, "Updating APT packages, please wait...")
+ # apt-get update
+ WOAptGet.update(self)
+ if set(WOVariables.wo_php).issubset(set(apt_packages)):
+ WOAptGet.remove(self, ['php7.2-fpm'],
+ auto=False, purge=True)
+ if set(WOVariables.wo_php73).issubset(set(apt_packages)):
+ WOAptGet.remove(self, ['php7.3-fpm'],
+ auto=False, purge=True)
+ # Update packages
+ WOAptGet.install(self, apt_packages)
+ post_pref(self, apt_packages, empty_packages)
+ # Post Actions after package updates
- if len(apt_packages):
- Log.info(self, "Your site may be down for few seconds if "
- "you are upgrading Nginx, PHP-FPM, MariaDB or Redis")
- # Check prompt
- if ((not pargs.no_prompt) and (not pargs.force)):
- start_upgrade = input("Do you want to continue:[y/N]")
- if start_upgrade != "Y" and start_upgrade != "y":
- Log.error(self, "Not starting package update")
- Log.info(self, "Updating APT packages, please wait...")
- # apt-get update
- WOAptGet.update(self)
- if set(WOVariables.wo_php).issubset(set(apt_packages)):
- WOAptGet.remove(self, ['php7.2-fpm'],
- auto=False, purge=True)
- if set(WOVariables.wo_php73).issubset(set(apt_packages)):
- WOAptGet.remove(self, ['php7.3-fpm'],
- auto=False, purge=True)
- # Update packages
- WOAptGet.install(self, apt_packages)
- post_pref(self, apt_packages, empty_packages)
- # Post Actions after package updates
+ if len(packages):
+ if pargs.wpcli:
+ WOFileUtils.rm(self, '/usr/local/bin/wp')
- if len(packages):
- if pargs.wpcli:
- WOFileUtils.rm(self, '/usr/local/bin/wp')
+ if pargs.netdata:
+ WOFileUtils.rm(self, '/var/lib/wo/tmp/kickstart.sh')
- if pargs.netdata:
- WOFileUtils.rm(self, '/var/lib/wo/tmp/kickstart.sh')
+ if pargs.dashboard:
+ WOFileUtils.rm(self, '/var/www/22222/htdocs/index.php')
- if pargs.dashboard:
- WOFileUtils.rm(self, '/var/www/22222/htdocs/index.php')
+ Log.debug(self, "Downloading following: {0}".format(packages))
+ WODownload.download(self, packages)
- Log.debug(self, "Downloading following: {0}".format(packages))
- WODownload.download(self, packages)
+ if pargs.wpcli:
+ WOFileUtils.chmod(self, "/usr/local/bin/wp", 0o775)
- if pargs.wpcli:
- WOFileUtils.chmod(self, "/usr/local/bin/wp", 0o775)
+ if pargs.netdata:
+ Log.info(self, "Upgrading Netdata, please wait...")
+ WOShellExec.cmd_exec(self, "/bin/bash /var/lib/wo/tmp/"
+ "kickstart.sh "
+ "--dont-wait")
- if pargs.netdata:
- Log.info(self, "Upgrading Netdata, please wait...")
- WOShellExec.cmd_exec(self, "/bin/bash /var/lib/wo/tmp/"
- "kickstart.sh "
- "--dont-wait")
+ if pargs.dashboard:
+ Log.debug(self, "Extracting wo-dashboard.tar.gz "
+ "to location {0}22222/htdocs/"
+ .format(WOVariables.wo_webroot))
+ WOExtract.extract(self, '/var/lib/wo/tmp/'
+ 'wo-dashboard.tar.gz',
+ '{0}22222/htdocs'
+ .format(WOVariables.wo_webroot))
+ WOFileUtils.chown(self, "{0}22222/htdocs"
+ .format(WOVariables.wo_webroot),
+ WOVariables.wo_php_user,
+ WOVariables.wo_php_user, recursive=True)
- if pargs.dashboard:
- Log.debug(self, "Extracting wo-dashboard.tar.gz "
- "to location {0}22222/htdocs/"
- .format(WOVariables.wo_webroot))
- WOExtract.extract(self, '/var/lib/wo/tmp/'
- 'wo-dashboard.tar.gz',
- '{0}22222/htdocs'
- .format(WOVariables.wo_webroot))
- WOFileUtils.chown(self, "{0}22222/htdocs"
- .format(WOVariables.wo_webroot),
- WOVariables.wo_php_user,
- WOVariables.wo_php_user, recursive=True)
+ if pargs.composer:
+ Log.info(self, "Upgrading Composer, please wait...")
+ WOShellExec.cmd_exec(self, "php -q /var/lib/wo"
+ "/tmp/composer-install "
+ "--install-dir=/var/lib/wo/tmp/")
+ shutil.copyfile('/var/lib/wo/tmp/composer.phar',
+ '/usr/local/bin/composer')
+ WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775)
- if pargs.composer:
- Log.info(self, "Upgrading Composer, please wait...")
- WOShellExec.cmd_exec(self, "php -q /var/lib/wo"
- "/tmp/composer-install "
- "--install-dir=/var/lib/wo/tmp/")
- shutil.copyfile('/var/lib/wo/tmp/composer.phar',
- '/usr/local/bin/composer')
- WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775)
-
- if pargs.phpmyadmin:
- Log.info(self, "Upgrading phpMyAdmin, please wait...")
- WOExtract.extract(self, '/var/lib/wo/tmp/pma.tar.gz',
- '/var/lib/wo/tmp/')
- shutil.copyfile(('{0}22222/htdocs/db/pma'
- '/config.inc.php'
- .format(WOVariables.wo_webroot)),
- ('/var/lib/wo/tmp/phpMyAdmin-{0}'
- '-all-languages/config.inc.php'
- .format(WOVariables.wo_phpmyadmin))
- )
- WOFileUtils.rm(self, '{0}22222/htdocs/db/pma'
- .format(WOVariables.wo_webroot))
- shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
- '-all-languages/'
- .format(WOVariables.wo_phpmyadmin),
- '{0}22222/htdocs/db/pma/'
- .format(WOVariables.wo_webroot))
- WOFileUtils.chown(self, "{0}22222/htdocs"
- .format(WOVariables.wo_webroot),
- WOVariables.wo_php_user,
- WOVariables.wo_php_user, recursive=True)
+ if pargs.phpmyadmin:
+ Log.info(self, "Upgrading phpMyAdmin, please wait...")
+ WOExtract.extract(self, '/var/lib/wo/tmp/pma.tar.gz',
+ '/var/lib/wo/tmp/')
+ shutil.copyfile(('{0}22222/htdocs/db/pma'
+ '/config.inc.php'
+ .format(WOVariables.wo_webroot)),
+ ('/var/lib/wo/tmp/phpMyAdmin-{0}'
+ '-all-languages/config.inc.php'
+ .format(WOVariables.wo_phpmyadmin))
+ )
+ WOFileUtils.rm(self, '{0}22222/htdocs/db/pma'
+ .format(WOVariables.wo_webroot))
+ shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
+ '-all-languages/'
+ .format(WOVariables.wo_phpmyadmin),
+ '{0}22222/htdocs/db/pma/'
+ .format(WOVariables.wo_webroot))
+ WOFileUtils.chown(self, "{0}22222/htdocs"
+ .format(WOVariables.wo_webroot),
+ WOVariables.wo_php_user,
+ WOVariables.wo_php_user, recursive=True)
Log.info(self, "Successfully updated packages")
else:
diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache
index 5773adc..4e75fdc 100644
--- a/wo/cli/templates/locations.mustache
+++ b/wo/cli/templates/locations.mustache
@@ -41,3 +41,55 @@ location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|b
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
}
+
+# block base64_encoded content
+location ~* "(base64_encode)(.*)(\()" {
+ deny all;
+}
+
+# block javascript eval()
+location ~* "(eval\()" {
+ deny all;
+}
+
+# Additional security settings
+
+location ~* "(127\.0\.0\.1)" {
+ deny all;
+}
+location ~* "([a-z0-9]{2000})" {
+ deny all;
+}
+location ~* "(javascript\:)(.*)(\;)" {
+ deny all;
+}
+location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
+ deny all;
+}
+location ~* "(<|%3C).*script.*(>|%3)" {
+ deny all;
+}
+location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
+ deny all;
+}
+location ~* "(boot\.ini|etc/passwd|self/environ)" {
+ deny all;
+}
+location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
+ deny all;
+}
+location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
+ deny all;
+}
+location ~* "(https?|ftp|php):/" {
+ deny all;
+}
+location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
+ deny all;
+}
+location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
+ deny all;
+}
+location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
+ deny all;
+}
diff --git a/wo/cli/templates/wpcommon.mustache b/wo/cli/templates/wpcommon.mustache
index 33a9e4a..89d3e1c 100644
--- a/wo/cli/templates/wpcommon.mustache
+++ b/wo/cli/templates/wpcommon.mustache
@@ -66,7 +66,7 @@ location /wp-content/cache {
expires 30d;
}
location ~ \.php$ {
-#Prevent Direct Access Of PHP Files From Web Browsers
+ #Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}