Merge pull request #32 from WordOps/updating-configuration
Updating configuration
This commit is contained in:
VirtuBox
@@ -18,6 +18,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
|
||||
- PHP 7.3 extras when php 7.2 isn't installed
|
||||
- acme.sh installation
|
||||
- acme.sh alias with config home variable
|
||||
- deb.sury.org repository gpg key
|
||||
|
||||
### v3.9.4 - 2019-03-15
|
||||
|
||||
|
||||
9
install
9
install
@@ -134,9 +134,9 @@ wo_install_dep()
|
||||
|
||||
{
|
||||
if [ "$wo_linux_distro" == "Ubuntu" ]; then
|
||||
apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1
|
||||
else
|
||||
apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban > /dev/null 2>&1
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
locale-gen en
|
||||
@@ -348,10 +348,7 @@ wo_install_acme_sh() {
|
||||
--config-home /etc/letsencrypt/config \
|
||||
--cert-home /etc/letsencrypt/renewal
|
||||
# enable auto-upgrade
|
||||
/etc/letsencrypt/acme.sh --upgrade --auto-upgrade \
|
||||
--home /etc/letsencrypt \
|
||||
--config-home /etc/letsencrypt/config \
|
||||
--cert-home /etc/letsencrypt/renewal
|
||||
/etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade
|
||||
|
||||
# Let's Encrypt .well-known folder setup
|
||||
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
|
||||
|
||||
@@ -331,7 +331,7 @@ class WOSiteCreateController(CementBaseController):
|
||||
(['-le', '--letsencrypt'],
|
||||
dict(help="configure letsencrypt ssl for the site",
|
||||
action='store' or 'store_const',
|
||||
choices=('on', 'off', 'subdomain', 'wildcard'),
|
||||
choices=('on', 'subdomain', 'wildcard'),
|
||||
const='on', nargs='?')),
|
||||
(['--user'],
|
||||
dict(help="provide user for wordpress site")),
|
||||
@@ -680,9 +680,6 @@ class WOSiteCreateController(CementBaseController):
|
||||
"`tail /var/log/wo/wordops.log` and please try again")
|
||||
|
||||
if self.app.pargs.letsencrypt == "on":
|
||||
if stype in ['wpsubdomain']:
|
||||
Log.warn(
|
||||
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
|
||||
data['letsencrypt'] = True
|
||||
letsencrypt = True
|
||||
|
||||
@@ -1081,6 +1078,12 @@ class WOSiteUpdateController(CementBaseController):
|
||||
if pargs.letsencrypt == 'on':
|
||||
data['letsencrypt'] = True
|
||||
letsencrypt = True
|
||||
elif pargs.letsencrypt == 'subdomain':
|
||||
data['letsencrypt'] = True
|
||||
letsencrypt = True
|
||||
elif pargs.letsencrypt == 'wildcard':
|
||||
data['letsencrypt'] = True
|
||||
letsencrypt = True
|
||||
elif pargs.letsencrypt == 'off':
|
||||
data['letsencrypt'] = False
|
||||
letsencrypt = False
|
||||
|
||||
@@ -1202,8 +1202,11 @@ def setupLetsEncrypt(self, wo_domain_name):
|
||||
Log.warn(self, "Please wait while we fetch the new HTTPS certificate"
|
||||
" for your site.\nIt may take a few minutes"
|
||||
" depending on the network.")
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue "
|
||||
"-d {0} -d www.{0} -w /var/www/html"
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh "
|
||||
"--config-home "
|
||||
"'/etc/letsencrypt/config' "
|
||||
"--issue "
|
||||
"-d {0} -d www.{0} -w /var/www/html "
|
||||
"-k ec-384"
|
||||
.format(wo_domain_name))
|
||||
if ssl:
|
||||
@@ -1219,14 +1222,16 @@ def setupLetsEncrypt(self, wo_domain_name):
|
||||
Log.debug(self, "Cert deployment for domain: {0}"
|
||||
.format(wo_domain_name))
|
||||
ssl_deploy = WOShellExec.cmd_exec(self,
|
||||
"mkdir -p {0}/{1} &&"
|
||||
"mkdir -p {0}/{1} && "
|
||||
"/etc/letsencrypt/acme.sh "
|
||||
"--config-home "
|
||||
"'/etc/letsencrypt/config'"
|
||||
"--install-cert -d {1} --ecc "
|
||||
"--cert-file {0}/{1}/cert.pem "
|
||||
"--key-file {0}/{1}/key.pem "
|
||||
"--fullchain-file "
|
||||
"{0}/{1}/fullchain.pem "
|
||||
"--reloadcmd="
|
||||
"--reloadcmd "
|
||||
"\"service nginx restart\" "
|
||||
.format(WOVariables.wo_ssl_live,
|
||||
wo_domain_name))
|
||||
@@ -1275,8 +1280,11 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
|
||||
Log.warn(self, "Please wait while we fetch the new HTTPS certificate "
|
||||
"for your site.\nIt may take a "
|
||||
"few minutes depending on the network.")
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue "
|
||||
"-d {0} -w /var/www/html"
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh "
|
||||
"--config-home "
|
||||
"'/etc/letsencrypt/config' "
|
||||
"--issue "
|
||||
"-d {0} -w /var/www/html "
|
||||
"-k ec-384"
|
||||
.format(wo_domain_name))
|
||||
if ssl:
|
||||
@@ -1324,7 +1332,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
|
||||
def renewLetsEncrypt(self, wo_domain_name):
|
||||
|
||||
ssl = WOShellExec.cmd_exec(
|
||||
self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force"
|
||||
self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force"
|
||||
.format(wo_domain_name))
|
||||
|
||||
mail_list = ''
|
||||
@@ -1427,14 +1435,16 @@ def archivedCertificateHandle(self, domain, wo_wp_email):
|
||||
Log.info(self, "Please wait while we reinstall the Let's Encrypt "
|
||||
"certificate for your site.\nIt may take a "
|
||||
"few minutes depending on your network.")
|
||||
ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} &&"
|
||||
ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && "
|
||||
"/etc/letsencrypt/acme.sh "
|
||||
"--config-home "
|
||||
"'/etc/letsencrypt/config' "
|
||||
"--install-cert -d {1} --ecc "
|
||||
"--cert-file {0}/{1}/cert.pem "
|
||||
"--key-file {0}/{1}/key.pem "
|
||||
"--fullchain-file "
|
||||
"{0}/{1}/fullchain.pem "
|
||||
"--reloadcmd="
|
||||
"--reloadcmd "
|
||||
"\"service nginx restart\" "
|
||||
.format(WOVariables.wo_ssl_live, domain))
|
||||
|
||||
@@ -1451,7 +1461,7 @@ def archivedCertificateHandle(self, domain, wo_wp_email):
|
||||
Log.info(self, "Please wait while we renew the Let's Encrypt"
|
||||
"certificate for your site.\nIt may take a few "
|
||||
"minutes depending on your network.")
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force"
|
||||
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force"
|
||||
.format(domain))
|
||||
|
||||
else:
|
||||
|
||||
@@ -149,15 +149,13 @@ class WOStackController(CementBaseController):
|
||||
Log.debug(self, 'Adding repository for Nginx')
|
||||
WORepo.add_key(self, WOVariables.wo_nginx_key)
|
||||
|
||||
if (WOVariables.wo_platform_distro == 'ubuntu'):
|
||||
if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or
|
||||
set(WOVariables.wo_php).issubset(set(apt_packages))):
|
||||
if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or
|
||||
set(WOVariables.wo_php).issubset(set(apt_packages))):
|
||||
if (WOVariables.wo_platform_distro == 'ubuntu'):
|
||||
Log.info(self, "Adding repository for PHP, please wait...")
|
||||
Log.debug(self, 'Adding ppa for PHP')
|
||||
WORepo.add(self, ppa=WOVariables.wo_php_repo)
|
||||
else:
|
||||
if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or
|
||||
set(WOVariables.wo_php).issubset(set(apt_packages))):
|
||||
else:
|
||||
Log.info(self, "Adding repository for PHP, please wait...")
|
||||
# Add repository for php
|
||||
Log.debug(self, 'Adding repo_url of php for debian')
|
||||
@@ -167,14 +165,11 @@ class WOStackController(CementBaseController):
|
||||
|
||||
if set(WOVariables.wo_redis).issubset(set(apt_packages)):
|
||||
Log.info(self, "Adding repository for Redis, please wait...")
|
||||
if WOVariables.wo_platform_distro == 'debian':
|
||||
Log.debug(self, 'Adding repo_url of redis for debian')
|
||||
WORepo.add(self, repo_url=WOVariables.wo_redis_repo)
|
||||
Log.debug(self, 'Adding Deb.sury GPG key')
|
||||
WORepo.add_key(self, 'AC0E47584A7A714D')
|
||||
else:
|
||||
if WOVariables.wo_platform_distro == 'ubuntu':
|
||||
Log.debug(self, 'Adding ppa for redis')
|
||||
WORepo.add(self, ppa=WOVariables.wo_redis_repo)
|
||||
else:
|
||||
Log.debug(self, 'Adding repo_url of redis for debian')
|
||||
|
||||
@expose(hide=True)
|
||||
def post_pref(self, apt_packages, packages):
|
||||
|
||||
@@ -5,39 +5,37 @@ from wo.core.logging import Log
|
||||
|
||||
class SSL:
|
||||
|
||||
def getExpirationDays(self,domain,returnonerror=False):
|
||||
def getExpirationDays(self, domain, returnonerror=False):
|
||||
# check if exist
|
||||
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain)):
|
||||
Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain),False)
|
||||
.format(domain)):
|
||||
Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain), False)
|
||||
if returnonerror:
|
||||
return -1
|
||||
Log.error(self, "Check the WordOps log for more details "
|
||||
"`tail /var/log/wo/wordops.log` and please try again...")
|
||||
|
||||
|
||||
current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s")
|
||||
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
|
||||
" -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain))
|
||||
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
|
||||
" -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain))
|
||||
|
||||
days_left = int((int(expiration_date) - int(current_date))/ 86400)
|
||||
days_left = int((int(expiration_date) - int(current_date)) / 86400)
|
||||
if (days_left > 0):
|
||||
return days_left
|
||||
else:
|
||||
# return "Certificate Already Expired ! Please Renew soon."
|
||||
return -1
|
||||
|
||||
def getExpirationDate(self,domain):
|
||||
def getExpirationDate(self, domain):
|
||||
# check if exist
|
||||
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain)):
|
||||
Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain),False)
|
||||
.format(domain)):
|
||||
Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
|
||||
.format(domain), False)
|
||||
Log.error(self, "Check the WordOps log for more details "
|
||||
"`tail /var/log/wo/wordops.log` and please try again...")
|
||||
|
||||
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
|
||||
" -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain))
|
||||
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
|
||||
" -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain))
|
||||
return expiration_date
|
||||
|
||||
|
||||
@@ -138,7 +138,7 @@ class WOVariables():
|
||||
"php7.3-zip", "php7.3-xml", "php7.3-soap"]
|
||||
wo_php_extra = ["php-memcached", "php-imagick", "memcached",
|
||||
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
|
||||
wo_php_key = '188C9FB063F0247A'
|
||||
wo_php_key = 'AC0E47584A7A714D'
|
||||
|
||||
# MySQL repo and packages
|
||||
if wo_platform_distro == 'ubuntu':
|
||||
|
||||
Reference in New Issue
Block a user