diff --git a/install b/install index aaf6f81..51c7a0b 100644 --- a/install +++ b/install @@ -24,15 +24,17 @@ readonly wo_version_new="3.9.3" TPUT_RESET=$(tput sgr0) TPUT_FAIL=$(tput setaf 1) +TPUT_INFO=$(tput setaf 7) +TPUT_ECHO=$(tput setaf 4) wo_lib_echo () { - TPUT_ECHO=$(tput setaf 4) + echo "${*}${TPUT_RESET}" } wo_lib_echo_info() { - TPUT_INFO=$(tput setaf 7) + echo "${TPUT_INFO}${*}${TPUT_RESET}" } @@ -151,7 +153,7 @@ wo_install_dep() # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge - chown -R www-data:www-data /var/www/html/.well-known + chown -R www-data:www-data /var/www/html /var/www/html/.well-known fi } @@ -282,22 +284,6 @@ wo_sync_db() echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db fi - ### - # Copy the upstream config - ### - if [ -f /etc/nginx/conf.d/upstream.conf ]; then - wo_lib_echo "Replace the PHP ports for PHP 7.2" - # Copy the previous upstream.conf - cp /etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.bak - { - # Replace the ports for PHP 7.2 - sed -i 's/9000/9072/g' /etc/nginx/conf.d/upstream.conf - sed -i 's/9070/9072/g' /etc/nginx/conf.d/upstream.conf - # Replace the ports for debug PHP 7.2 - sed -i 's/9001/9172/g' /etc/nginx/conf.d/upstream.conf - sed -i 's/9170/9172/g' /etc/nginx/conf.d/upstream.conf - } > /dev/null 2>&1 - fi echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db @@ -330,27 +316,31 @@ wo_sync_db() # Once again, set the proper ACL on the WordOps configuration directory secure_wo_db() { + # The owner is root chown -R root:root /var/lib/wo/ # Only allow access by root, block others chmod -R 600 /var/lib/wo/ + } # Update the WP-CLI version wo_update_wp_cli() { - wo_lib_echo "Updating WP-CLI version to resolve compatibility issue." + WP_CLI_PATH=$(command -v wp) - if [ -n "$WP_CLI_PATH" ]; then + if [ "$WP_CLI_PATH" != "/usr/local/bin/wp" ]; then + rm -rf "$WP_CLI_PATH" # Update WP-CLI to the most recent version - wget -qO "$WP_CLI_PATH" https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar - chmod +x "$WP_CLI_PATH" + wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar + chmod +x /usr/local/bin/wp else wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar chmod +x /usr/local/bin/wp - ln -s /usr/local/bin/wp /usr/bin/ fi - + [ ! -x /usr/bin/wp ] && { + ln -s /usr/local/bin/wp /usr/bin/ + } [ -d /etc/bash_completion.d ] && { wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash } @@ -359,8 +349,8 @@ wo_update_wp_cli() # Now, finally, let's install WordOps wo_install() { - if { - echo -ne "${TPUT_ECHO}Installing Wordops $wo_branch ${TPUT_RESET}[..]\r" + echo -ne "${TPUT_ECHO}Installing Wordops $wo_branch ${TPUT_RESET}[..]\r" + { rm -rf /tmp/easyengine rm -rf /tmp/wordops @@ -368,16 +358,14 @@ wo_install() wo_branch=master } - git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet > /dev/null 2>&1 + git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet cd /tmp/wordops || exit 1 - python3 setup.py install > /dev/null 2>&1 - }; then echo -ne "${TPUT_ECHO}Installing Wordops $wo_branch ${TPUT_RESET}[OK]\r" - echo -ne '\n' - else - echo -e "${TPUT_FAIL}Installing Wordops $wo_branch ${TPUT_RESET}[FAIL]" - echo -ne '\n' - fi + python3 setup.py install + } >> /var/log/wo/install.log 2>&1; + echo -ne "${TPUT_ECHO}Installing Wordops $wo_branch ${TPUT_RESET}[OK]\r" + echo -ne '\n' + } wo_update_latest() @@ -625,19 +613,20 @@ wo_git_init() [ -d /etc/nginx ] && { cd /etc/nginx || exit 1 if [ ! -d /etc/nginx/.git ]; then - git init &>> /dev/null + git init fi git add -A . - git commit -am "Updated Nginx" > /dev/null - } + git commit -am "Updated Nginx" + } >> /var/log/wo/install.log 2>&1 # WordOps under git version control + [ -d /etc/wo ] && { cd /etc/wo || exit 1 [ ! -d /etc/wo/.git ] && { - git init > /dev/null + git init } git add -A . - git commit -am "Installed/Updated to WordOps" &>> /dev/null - + git commit -am "Installed/Updated to WordOps" + } >> /var/log/wo/install.log 2>&1 # PHP under git version control [ -d /etc/php ] && { cd /etc/php || exit 1 @@ -646,7 +635,7 @@ wo_git_init() fi git add -A . git commit -am "Updated PHP" - }> /dev/null + } >> /var/log/wo/install.log 2>&1 } ### @@ -702,10 +691,12 @@ else # 3 - Fresh WO setup wo_install_dep | tee -ai $wo_install_log wo_install | tee -ai $wo_install_log - wo_lib_echo "Running post-install steps" | tee -ai $wo_install_log - secure_wo_db | tee -ai $EE_INSTALL_LOG + echo -ne "${TPUT_ECHO}Running post-install steps ${TPUT_RESET}[..]\r" + secure_wo_db | tee -ai $wo_install_log wo_git_init | tee -ai $wo_install_log wo_update_wp_cli | tee -ai $wo_install_log + echo -ne "${TPUT_ECHO}Running post-install steps ${TPUT_RESET}[OK]\r" + echo -ne '\n' fi fi diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index ea23221..68b700d 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -226,9 +226,47 @@ class WOStackController(CementBaseController): "add_header") WOFileUtils.searchreplace(self, "/etc/nginx/nginx.conf", - "\"WordOps\"", + "\"EasyEngine\"", "\"WordOps{0}\"" .format(WOVariables.wo_version)) + WOFileUtils.searchreplace(self, '/etc/nginx/nginx.conf', + 'ECDHE-RSA-AES128-GCM' + '-SHA256:' + 'ECDHE-ECDSA-AES128' + '-GCM-SHA256:' + 'ECDHE-RSA-AES256-GCM-SHA384:' + 'ECDHE-ECDSA-AES256-GCM-SHA384:' + 'DHE-RSA-AES128-GCM-SHA256:' + 'DHE-DSS-AES128-GCM-SHA256:' + 'kEDH+AESGCM:' + 'ECDHE-RSA-AES128-SHA256:' + 'ECDHE-ECDSA-AES128-SHA256:' + 'ECDHE-RSA-AES128-SHA:' + 'ECDHE-ECDSA-AES128-SHA:' + 'ECDHE-RSA-AES256-SHA384:' + 'ECDHE-ECDSA-AES256-SHA384:' + 'ECDHE-RSA-AES256-SHA:' + 'ECDHE-ECDSA-AES256-SHA:' + 'DHE-RSA-AES128-SHA256:' + 'DHE-RSA-AES128-SHA' + 'DHE-DSS-AES128-SHA256:' + 'DHE-RSA-AES256-SHA256:' + 'DHE-DSS-AES256-SHA:' + 'DHE-RSA-AES256-SHA:' + 'ECDHE-RSA-DES-CBC3-SHA:' + 'ECDHE-ECDSA-DES-CBC3-SHA:' + 'AES128-GCM-SA256:' + 'AES256-GCM-SHA384:' + 'AES128-SHA256:AES256-SHA256:' + 'AES128-SHA:AES256-SHA:AES:' + 'CAMELLIA:DES-CBC3-SHA:!aNULL:' + '!eNULL:!EXPORT:!DES:' + '!RC4:!MD5:!PSK:' + '!ECDH:!EDH-DSS-DES-CBC3-SHA:' + '!EDH-RSA-DES-CBC3-SHA:' + '!KRB5-DES-CBC3-SHA', + 'EECDH+CHACHA20:EECDH+AESGCM:' + 'EECDH+AES') data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/conf.d/blockips.conf') @@ -558,8 +596,7 @@ class WOStackController(CementBaseController): wo_nginx.close() if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): - if os.path.isfile("/etc/nginx/nginx.conf") and (not - os.path.isfile("/etc/nginx/common/redis-php73.conf")): + if os.path.isfile("/etc/nginx/nginx.conf") and (not os.path.isfile("/etc/nginx/common/redis-php73.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/redis-php73.conf') @@ -579,8 +616,7 @@ class WOStackController(CementBaseController): " server 127.0.0.1:6379;\n" " keepalive 10;\n}\n") - if os.path.isfile("/etc/nginx/nginx.conf") and (not - os.path.isfile("/etc/nginx/conf.d/redis.conf")): + if os.path.isfile("/etc/nginx/nginx.conf") and (not os.path.isfile("/etc/nginx/conf.d/redis.conf")): with open("/etc/nginx/conf.d/redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" "log_format rt_cache_redis '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] '\n" @@ -589,7 +625,7 @@ class WOStackController(CementBaseController): # setup nginx common folder for php7 if self.app.pargs.php73: if os.path.isdir("/etc/nginx/common") and (not - os.path.isfile("/etc/nginx/common/php73.conf")): + os.path.isfile("/etc/nginx/common/php73.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/locations-php73.conf') @@ -727,7 +763,7 @@ class WOStackController(CementBaseController): if set(WOVariables.wo_redis).issubset(set(apt_packages)): if os.path.isfile("/etc/nginx/nginx.conf") and (not - os.path.isfile("/etc/nginx/common/redis-php72.conf")): + os.path.isfile("/etc/nginx/common/redis-php72.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' @@ -739,7 +775,7 @@ class WOStackController(CementBaseController): wo_nginx.close() if os.path.isfile("/etc/nginx/nginx.conf") and (not - os.path.isfile("/etc/nginx/common/redis-hhvm.conf")): + os.path.isfile("/etc/nginx/common/redis-hhvm.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' @@ -760,8 +796,7 @@ class WOStackController(CementBaseController): " server 127.0.0.1:6379;\n" " keepalive 10;\n}\n") - if os.path.isfile("/etc/nginx/nginx.conf") and (not - os.path.isfile("/etc/nginx/conf.d/redis.conf")): + if os.path.isfile("/etc/nginx/nginx.conf") and (not os.path.isfile("/etc/nginx/conf.d/redis.conf")): with open("/etc/nginx/conf.d/redis.conf", "a") as redis_file: redis_file.write("# Log format Settings\n" "log_format rt_cache_redis '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] '\n" @@ -1893,6 +1928,7 @@ class WOStackController(CementBaseController): Log.info(self, "Successfully purged packages") + def load(app): # register the plugin class.. this only happens if the plugin is enabled handler.register(WOStackController)