diff --git a/CHANGELOG.md b/CHANGELOG.md index e347b0d..df458f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues - Several code quality improvements to speed up WordOps execution - Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks) +- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration #### Fixed diff --git a/README.md b/README.md index 019b5b2..2aaccac 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@

An essential toolset that eases WordPress site and server administration

-WordOps + +

@@ -33,7 +34,7 @@

WordOps.netDocumentation • -Community forum • +Community ForumDashboard demo

@@ -48,28 +49,28 @@ - **Secured** : Hardened WordPress security with strict Nginx location directives - **Powerful** : Optimized Nginx configurations with multiple cache backends support - **SSL** : Domain, Subdomain & Wildcard Let's Encrypt SSL certificates with DNS API handled by acme.sh -- **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on ssllabs) +- **Modern** : Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on [ssllabs](https://www.ssllabs.com/ssltest/analyze.html?d=demo.wordops.eu&latest)) - **Monitoring** : Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata +- **User Friendly** : WordOps dashboard with server status/monitoring and tools ([demo](https://demo.wordops.eu)) + +--- ## Requirements ### Operating System -- Ubuntu 16.04 LTS (Xenial) +#### Recommended + - Ubuntu 18.04 LTS (Bionic) + +#### Also compatible + +- Ubuntu 16.04 LTS (Xenial) - Ubuntu 19.04 (Disco) -- Debian 8 (Jessie) - Debian 9 (Stretch) - Debian 10 (Buster) - Not ready for production - Raspbian 9 (Stretch) -### Ports requirements - -- SSH (22 or custom) -- HTTP & HTTPS (80 & 443) -- WO Admin (22222) -- GPG key Server (11371 outbound) - ## Getting Started ```bash @@ -77,9 +78,7 @@ wget -qO wo wops.cc && sudo bash wo # Install WordOps sudo wo site create example.com --wp # Install required packages & setup WordPress on example.com ``` -## Must read - -[From EasyEngine to WordOps](https://docs.wordops.net/about/from-easyengine-to-wordops/) +Detailed Getting Started guide with additional installation methods can be found in [the documentation](https://docs.wordops.net/getting-started/installation-guide/). ## Usage @@ -88,9 +87,9 @@ sudo wo site create example.com --wp # Install required packages & setup Wor ```bash wo site create example.com --wp # install wordpress without any page caching wo site create example.com --wp --php73 # install wordpress with PHP 7.3 without any page caching -wo site create example.com --wpsc # install wordpress with wp-super-cache plugin wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache wo site create example.com --wpredis # install wordpress + nginx redis_cache +wo site create example.com --wpsc # install wordpress with wp-super-cache plugin ``` ### WordPress multisite with subdirectory @@ -116,17 +115,19 @@ wo site create example.com --wpsubdomain --wpredis # install wpmu-subdomain + n ```bash wo site create example.com --html # create example.com for static/html sites wo site create example.com --php # create example.com with php support +wo site create example.com --php73 # create example.com with php 7.3 support wo site create example.com --mysql # create example.com with php & mysql support +wo site create example.com --mysql --php73 # create example.com with php 7.3 & mysql support wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy ``` ### Sites secured with Let's Encrypt ```bash -wo site create example.com --wp --letsencrypt # wordpress secured with letsencrypt -wo site create sub.example.com --wp --letsencrypt=subdomain # wordpress + letsencrypt subdomain -wo site create site.tld --wp --letsencrypt --hsts # install wordpress & secure site with letsencrypt with HSTS -wo site create site.tld --wp --letsencrypt=wildcard --dns=dns_cf # install wordpress & issue a wildcard SSL certificate with Cloudflare DNS API +wo site create example.com --wp --letsencrypt # wordpress & letsencrypt +wo site create sub.example.com --wp --letsencrypt=subdomain # wordpress & letsencrypt subdomain +wo site create site.tld --wp --letsencrypt --hsts # wordpress & letsencrypt with HSTS +wo site create site.tld --wp --letsencrypt=wildcard --dns=dns_cf # wordpress & wildcard SSL certificate with Cloudflare DNS API ``` ## Update WordOps diff --git a/install b/install index a650341..18957e6 100755 --- a/install +++ b/install @@ -686,6 +686,10 @@ wo_tweak_kernel() { } +wo_clean() { + rm -rf /usr/local/lib/python3.*/dist-packages/wo-* +} + wo_uninstall() { rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates >> /var/log/wo/install.log 2>&1 } @@ -716,9 +720,9 @@ else wo_install_dep | tee -ai $wo_install_log wo_lib_echo "Backing-up WO install" | tee -ai $wo_install_log wo_backup_wo | tee -ai $wo_install_log - wo_lib_echo "Syncing WO database" | tee -ai $wo_install_log secure_wo_db | tee -ai $wo_install_log wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log + wo_clean | tee -ai $wo_install_log if [ -f "$HOME/.gitconfig" ]; then wo_install >> $wo_install_log 2>&1 else @@ -726,15 +730,17 @@ else fi if [ -z "$wo_preserve_config" ]; then if [ -n "$(command -v nginx)" ]; then - if [ ! -f /etc/nginx/common/release ] || ! grep -q "v3.9.6" /etc/nginx/common/release; then + if [ ! -f /etc/nginx/common/release ] || ! grep -q "v3.9.7" /etc/nginx/common/release; then wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log wo_upgrade_nginx | tee -ai $wo_install_log fi fi fi wo_update_latest | tee -ai $wo_install_log - wo_lib_echo "Updating acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh | tee -ai $wo_install_log + if [ ! -d /opt/acme/.sh ]; then + wo_lib_echo "Updating acme.sh" | tee -ai $wo_install_log + wo_install_acme_sh | tee -ai $wo_install_log + fi wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log wo_tweak_kernel | tee -ai $wo_install_log wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index ef34d53..804b49f 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -11,6 +11,7 @@ import random import shutil import string import re +import request import psutil # from pynginxconfig import NginxConfig @@ -486,7 +487,7 @@ class WOStackController(CementBaseController): passwd = ''.join([random.choice (string.ascii_letters + string.digits) - for n in range(6)]) + for n in range(16)]) try: WOShellExec.cmd_exec(self, "printf \"WordOps:" "$(openssl passwd -crypt " @@ -594,6 +595,10 @@ class WOStackController(CementBaseController): ["/etc/nginx"], msg="Adding Nginx into Git") WOService.reload_service(self, 'nginx') if set(["nginx"]).issubset(set(apt_packages)): + server_ip = requests.get('http://v4.wordops.eu') + print("WordOps backend configuration was successful\n" + + "You can access it on : https://{0}:22222" + .format(server_ip)) print("HTTP Auth User Name: WordOps" + "\nHTTP Auth Password : {0}".format(passwd)) WOService.reload_service(self, 'nginx') @@ -716,7 +721,8 @@ class WOStackController(CementBaseController): encoding='utf-8', mode='a') as myfile: myfile.write("\nphp_admin_value[open_basedir] " "= \"/var/www/:/usr/share/php/:" - "/tmp/:/var/run/nginx-cache/\"\n") + "/tmp/:/var/run/nginx-cache/:" + "/dev/shm:/dev/urandom\"\n") # Generate /etc/php/7.2/fpm/pool.d/www-two.conf WOFileUtils.copyfile(self, "/etc/php/7.2/fpm/pool.d/www.conf", @@ -879,7 +885,8 @@ class WOStackController(CementBaseController): encoding='utf-8', mode='a') as myfile: myfile.write("\nphp_admin_value[open_basedir] " "= \"/var/www/:/usr/share/php/:" - "/tmp/:/var/run/nginx-cache/\"\n") + "/tmp/:/var/run/nginx-cache/:" + "/dev/shm:/dev/urandom\"\n") # Generate /etc/php/7.3/fpm/pool.d/www-two.conf WOFileUtils.copyfile(self, "/etc/php/7.3/fpm/pool.d/www.conf",