Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #32 from WordOps/updating-configuration

Browse Source 
Updating configuration
This commit is contained in:
VirtuBox
2019-03-16 10:44:24 +01:00
committed by GitHub
parent 5d6398142a 9e0f92b2cf
commit dd5bb810c9
7 changed files with 53 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -18,6 +18,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- PHP 7.3 extras when php 7.2 isn't installed - PHP 7.3 extras when php 7.2 isn't installed
- acme.sh installation - acme.sh installation
- acme.sh alias with config home variable
- deb.sury.org repository gpg key
### v3.9.4 - 2019-03-15 ### v3.9.4 - 2019-03-15

9
install
View File

@@ -134,9 +134,9 @@ wo_install_dep()
{ {
if [ "$wo_linux_distro" == "Ubuntu" ]; then if [ "$wo_linux_distro" == "Ubuntu" ]; then
apt-get -y -qq install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban > /dev/null 2>&1 DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1
else else
apt-get -y -qq install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban > /dev/null 2>&1 DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1
fi fi
locale-gen en locale-gen en
@@ -348,10 +348,7 @@ wo_install_acme_sh() {
--config-home /etc/letsencrypt/config \ --config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal --cert-home /etc/letsencrypt/renewal
# enable auto-upgrade # enable auto-upgrade
/etc/letsencrypt/acme.sh --upgrade --auto-upgrade \ /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade
--home /etc/letsencrypt \
--config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal
# Let's Encrypt .well-known folder setup # Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then if [ ! -d /var/www/html/.well-known/acme-challenge ]; then

11
wo/cli/plugins/site.py
View File

@@ -331,7 +331,7 @@ class WOSiteCreateController(CementBaseController):
(['-le', '--letsencrypt'], (['-le', '--letsencrypt'],
dict(help="configure letsencrypt ssl for the site", dict(help="configure letsencrypt ssl for the site",
action='store' or 'store_const', action='store' or 'store_const',
choices=('on', 'off', 'subdomain', 'wildcard'), choices=('on', 'subdomain', 'wildcard'),
const='on', nargs='?')), const='on', nargs='?')),
(['--user'], (['--user'],
dict(help="provide user for wordpress site")), dict(help="provide user for wordpress site")),
@@ -680,9 +680,6 @@ class WOSiteCreateController(CementBaseController):
"`tail /var/log/wo/wordops.log` and please try again") "`tail /var/log/wo/wordops.log` and please try again")
if self.app.pargs.letsencrypt == "on": if self.app.pargs.letsencrypt == "on":
if stype in ['wpsubdomain']:
Log.warn(
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
data['letsencrypt'] = True data['letsencrypt'] = True
letsencrypt = True letsencrypt = True
@@ -1081,6 +1078,12 @@ class WOSiteUpdateController(CementBaseController):
if pargs.letsencrypt == 'on': if pargs.letsencrypt == 'on':
data['letsencrypt'] = True data['letsencrypt'] = True
letsencrypt = True letsencrypt = True
elif pargs.letsencrypt == 'subdomain':
data['letsencrypt'] = True
letsencrypt = True
elif pargs.letsencrypt == 'wildcard':
data['letsencrypt'] = True
letsencrypt = True
elif pargs.letsencrypt == 'off': elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False data['letsencrypt'] = False
letsencrypt = False letsencrypt = False

30
wo/cli/plugins/site_functions.py
View File

@@ -1202,8 +1202,11 @@ def setupLetsEncrypt(self, wo_domain_name):
Log.warn(self, "Please wait while we fetch the new HTTPS certificate" Log.warn(self, "Please wait while we fetch the new HTTPS certificate"
" for your site.\nIt may take a few minutes" " for your site.\nIt may take a few minutes"
" depending on the network.") " depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh "
"-d {0} -d www.{0} -w /var/www/html" "--config-home "
"'/etc/letsencrypt/config' "
"--issue "
"-d {0} -d www.{0} -w /var/www/html "
"-k ec-384" "-k ec-384"
.format(wo_domain_name)) .format(wo_domain_name))
if ssl: if ssl:
@@ -1219,14 +1222,16 @@ def setupLetsEncrypt(self, wo_domain_name):
Log.debug(self, "Cert deployment for domain: {0}" Log.debug(self, "Cert deployment for domain: {0}"
.format(wo_domain_name)) .format(wo_domain_name))
ssl_deploy = WOShellExec.cmd_exec(self, ssl_deploy = WOShellExec.cmd_exec(self,
"mkdir -p {0}/{1} &&" "mkdir -p {0}/{1} && "
"/etc/letsencrypt/acme.sh " "/etc/letsencrypt/acme.sh "
"--config-home "
"'/etc/letsencrypt/config'"
"--install-cert -d {1} --ecc " "--install-cert -d {1} --ecc "
"--cert-file {0}/{1}/cert.pem " "--cert-file {0}/{1}/cert.pem "
"--key-file {0}/{1}/key.pem " "--key-file {0}/{1}/key.pem "
"--fullchain-file " "--fullchain-file "
"{0}/{1}/fullchain.pem " "{0}/{1}/fullchain.pem "
"--reloadcmd=" "--reloadcmd "
"\"service nginx restart\" " "\"service nginx restart\" "
.format(WOVariables.wo_ssl_live, .format(WOVariables.wo_ssl_live,
wo_domain_name)) wo_domain_name))
@@ -1275,8 +1280,11 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
Log.warn(self, "Please wait while we fetch the new HTTPS certificate " Log.warn(self, "Please wait while we fetch the new HTTPS certificate "
"for your site.\nIt may take a " "for your site.\nIt may take a "
"few minutes depending on the network.") "few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --issue " ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh "
"-d {0} -w /var/www/html" "--config-home "
"'/etc/letsencrypt/config' "
"--issue "
"-d {0} -w /var/www/html "
"-k ec-384" "-k ec-384"
.format(wo_domain_name)) .format(wo_domain_name))
if ssl: if ssl:
@@ -1324,7 +1332,7 @@ def setupLetsEncryptSubdomain(self, wo_domain_name):
def renewLetsEncrypt(self, wo_domain_name): def renewLetsEncrypt(self, wo_domain_name):
ssl = WOShellExec.cmd_exec( ssl = WOShellExec.cmd_exec(
self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force"
.format(wo_domain_name)) .format(wo_domain_name))
mail_list = '' mail_list = ''
@@ -1427,14 +1435,16 @@ def archivedCertificateHandle(self, domain, wo_wp_email):
Log.info(self, "Please wait while we reinstall the Let's Encrypt " Log.info(self, "Please wait while we reinstall the Let's Encrypt "
"certificate for your site.\nIt may take a " "certificate for your site.\nIt may take a "
"few minutes depending on your network.") "few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} &&" ssl = WOShellExec.cmd_exec(self, "mkdir -p {0}/{1} && "
"/etc/letsencrypt/acme.sh " "/etc/letsencrypt/acme.sh "
"--config-home "
"'/etc/letsencrypt/config' "
"--install-cert -d {1} --ecc " "--install-cert -d {1} --ecc "
"--cert-file {0}/{1}/cert.pem " "--cert-file {0}/{1}/cert.pem "
"--key-file {0}/{1}/key.pem " "--key-file {0}/{1}/key.pem "
"--fullchain-file " "--fullchain-file "
"{0}/{1}/fullchain.pem " "{0}/{1}/fullchain.pem "
"--reloadcmd=" "--reloadcmd "
"\"service nginx restart\" " "\"service nginx restart\" "
.format(WOVariables.wo_ssl_live, domain)) .format(WOVariables.wo_ssl_live, domain))
@@ -1451,7 +1461,7 @@ def archivedCertificateHandle(self, domain, wo_wp_email):
Log.info(self, "Please wait while we renew the Let's Encrypt" Log.info(self, "Please wait while we renew the Let's Encrypt"
"certificate for your site.\nIt may take a few " "certificate for your site.\nIt may take a few "
"minutes depending on your network.") "minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --renew -d {0} --ecc --force" ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --renew -d {0} --ecc --force"
.format(domain)) .format(domain))
else: else:

19
wo/cli/plugins/stack.py
View File

@@ -149,15 +149,13 @@ class WOStackController(CementBaseController):
Log.debug(self, 'Adding repository for Nginx') Log.debug(self, 'Adding repository for Nginx')
WORepo.add_key(self, WOVariables.wo_nginx_key) WORepo.add_key(self, WOVariables.wo_nginx_key)
if (WOVariables.wo_platform_distro == 'ubuntu'): if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or
if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or set(WOVariables.wo_php).issubset(set(apt_packages))):
set(WOVariables.wo_php).issubset(set(apt_packages))): if (WOVariables.wo_platform_distro == 'ubuntu'):
Log.info(self, "Adding repository for PHP, please wait...") Log.info(self, "Adding repository for PHP, please wait...")
Log.debug(self, 'Adding ppa for PHP') Log.debug(self, 'Adding ppa for PHP')
WORepo.add(self, ppa=WOVariables.wo_php_repo) WORepo.add(self, ppa=WOVariables.wo_php_repo)
else: else:
if (set(WOVariables.wo_php73).issubset(set(apt_packages)) or
set(WOVariables.wo_php).issubset(set(apt_packages))):
Log.info(self, "Adding repository for PHP, please wait...") Log.info(self, "Adding repository for PHP, please wait...")
# Add repository for php # Add repository for php
Log.debug(self, 'Adding repo_url of php for debian') Log.debug(self, 'Adding repo_url of php for debian')
@@ -167,14 +165,11 @@ class WOStackController(CementBaseController):
if set(WOVariables.wo_redis).issubset(set(apt_packages)): if set(WOVariables.wo_redis).issubset(set(apt_packages)):
Log.info(self, "Adding repository for Redis, please wait...") Log.info(self, "Adding repository for Redis, please wait...")
if WOVariables.wo_platform_distro == 'debian': if WOVariables.wo_platform_distro == 'ubuntu':
Log.debug(self, 'Adding repo_url of redis for debian')
WORepo.add(self, repo_url=WOVariables.wo_redis_repo)
Log.debug(self, 'Adding Deb.sury GPG key')
WORepo.add_key(self, 'AC0E47584A7A714D')
else:
Log.debug(self, 'Adding ppa for redis') Log.debug(self, 'Adding ppa for redis')
WORepo.add(self, ppa=WOVariables.wo_redis_repo) WORepo.add(self, ppa=WOVariables.wo_redis_repo)
else:
Log.debug(self, 'Adding repo_url of redis for debian')
@expose(hide=True) @expose(hide=True)
def post_pref(self, apt_packages, packages): def post_pref(self, apt_packages, packages):

28
wo/core/sslutils.py
View File

@@ -5,39 +5,37 @@ from wo.core.logging import Log
class SSL: class SSL:
def getExpirationDays(self,domain,returnonerror=False): def getExpirationDays(self, domain, returnonerror=False):
# check if exist # check if exist
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
.format(domain)): .format(domain)):
Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
.format(domain),False) .format(domain), False)
if returnonerror: if returnonerror:
return -1 return -1
Log.error(self, "Check the WordOps log for more details " Log.error(self, "Check the WordOps log for more details "
"`tail /var/log/wo/wordops.log` and please try again...") "`tail /var/log/wo/wordops.log` and please try again...")
current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s") current_date = WOShellExec.cmd_exec_stdout(self, "date -d \"now\" +%s")
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
" -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain)) " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s".format(domain))
days_left = int((int(expiration_date) - int(current_date))/ 86400) days_left = int((int(expiration_date) - int(current_date)) / 86400)
if (days_left > 0): if (days_left > 0):
return days_left return days_left
else: else:
# return "Certificate Already Expired ! Please Renew soon." # return "Certificate Already Expired ! Please Renew soon."
return -1 return -1
def getExpirationDate(self,domain): def getExpirationDate(self, domain):
# check if exist # check if exist
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
.format(domain)): .format(domain)):
Log.error(self,'File Not Found : /etc/letsencrypt/live/{0}/cert.pem' Log.error(self, 'File Not Found : /etc/letsencrypt/live/{0}/cert.pem'
.format(domain),False) .format(domain), False)
Log.error(self, "Check the WordOps log for more details " Log.error(self, "Check the WordOps log for more details "
"`tail /var/log/wo/wordops.log` and please try again...") "`tail /var/log/wo/wordops.log` and please try again...")
expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem" expiration_date = WOShellExec.cmd_exec_stdout(self, "date -d \"`openssl x509 -in /etc/letsencrypt/live/{0}/cert.pem"
" -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain)) " -text -noout|grep \"Not After\"|cut -c 25-`\" ".format(domain))
return expiration_date return expiration_date

2
wo/core/variables.py
View File

@@ -138,7 +138,7 @@ class WOVariables():
"php7.3-zip", "php7.3-xml", "php7.3-soap"] "php7.3-zip", "php7.3-xml", "php7.3-soap"]
wo_php_extra = ["php-memcached", "php-imagick", "memcached", wo_php_extra = ["php-memcached", "php-imagick", "memcached",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"] "graphviz", "php-xdebug", "php-msgpack", "php-redis"]
wo_php_key = '188C9FB063F0247A' wo_php_key = 'AC0E47584A7A714D'
# MySQL repo and packages # MySQL repo and packages
if wo_platform_distro == 'ubuntu': if wo_platform_distro == 'ubuntu':