Move setuphsts into sslutils

2019-09-06 22:21:16 +02:00
parent 0cc32a8565
commit e444886c52
5 changed files with 57 additions and 22 deletions
--- a/wo/cli/plugins/site.py
+++ b/wo/cli/plugins/site.py
@@ -768,7 +768,7 @@ class WOSiteCreateController(CementBaseController):
                httpsRedirect(self, wo_domain, True, wo_wildcard)

                if pargs.hsts:
-                    setupHsts(self, wo_domain)
+                    SSL.setuphsts(self, wo_domain)

                SSL.siteurlhttps(self, wo_domain)
                if not WOService.reload_service(self, 'nginx'):
@@ -969,7 +969,7 @@ class WOSiteUpdateController(CementBaseController):
                                pargs.wpsubdir or pargs.wpsubdomain or
                                pargs.password)):
            try:
-                setupHsts(self, wo_domain)
+                SSL.setuphsts(self, wo_domain)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, "\nFail to enable HSTS")
@@ -1474,7 +1474,7 @@ class WOSiteUpdateController(CementBaseController):
                                  .format(wo_site_webroot)):
                    if not os.path.isfile("{0}/conf/nginx/hsts.conf"
                                          .format(wo_site_webroot)):
-                        setupHsts(self, wo_domain)
+                        SSL.setuphsts(self, wo_domain)
                    else:
                        Log.error(self, "HSTS is already configured for given "
                                        "site")
--- a/wo/cli/plugins/site_functions.py
+++ b/wo/cli/plugins/site_functions.py
@@ -1548,23 +1548,6 @@ def renewLetsEncrypt(self, wo_domain_name):
 # redirect= False to disable https redirection


-def setupHsts(self, wo_domain_name):
-    Log.info(
-        self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
-        .format(wo_domain_name))
-
-    hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
-                    .format(wo_domain_name),
-                    encoding='utf-8', mode='w')
-    hstsconf.write("more_set_headers "
-                   "\"Strict-Transport-Security: "
-                   "max-age=31536000; "
-                   "includeSubDomains; "
-                   "preload\";")
-    hstsconf.close()
-    return 0
-
-
 def httpsRedirect(self, wo_domain_name, redirect=True, wildcard=False):
    if redirect:
        if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
--- a/wo/cli/plugins/stack_config.py
+++ b/wo/cli/plugins/stack_config.py
@@ -0,0 +1,52 @@
+import os
+import shutil
+
+from cement.core import handler, hook
+from cement.core.controller import CementBaseController, expose
+
+from wo.cli.plugins.stack_pref import post_pref, pre_pref
+from wo.core.aptget import WOAptGet
+from wo.core.download import WODownload
+from wo.core.extract import WOExtract
+from wo.core.fileutils import WOFileUtils
+from wo.core.logging import Log
+from wo.core.services import WOService
+from wo.core.shellexec import WOShellExec
+from wo.core.variables import WOVariables
+
+
+class WOStackUpgradeController(CementBaseController):
+    class Meta:
+        label = 'config'
+        stacked_on = 'stack'
+        stacked_type = 'nested'
+        exit_on_close = True
+        description = ('Upgrade stack safely')
+        arguments = [
+            (['--nginx'],
+                dict(help='Upgrade all stack', action='store_true')),
+            (['--php'],
+                dict(help='Upgrade PHP 7.2 stack', action='store_true')),
+            (['--php73'],
+             dict(help='Upgrade PHP 7.3 stack', action='store_true')),
+            (['--mysql'],
+                dict(help='Upgrade MySQL stack', action='store_true')),
+            (['--wpcli'],
+                dict(help='Upgrade WPCLI', action='store_true')),
+            (['--redis'],
+                dict(help='Upgrade Redis', action='store_true')),
+            (['--netdata'],
+                dict(help='Upgrade Netdata', action='store_true')),
+            (['--dashboard'],
+                dict(help='Upgrade WordOps Dashboard', action='store_true')),
+            (['--composer'],
+             dict(help='Upgrade Composer', action='store_true')),
+            (['--phpmyadmin'],
+             dict(help='Upgrade phpMyAdmin', action='store_true')),
+            (['--no-prompt'],
+                dict(help="Upgrade Packages without any prompt",
+                     action='store_true')),
+            (['--force'],
+                dict(help="Force Packages upgrade without any prompt",
+                     action='store_true')),
+        ]
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -32,7 +32,7 @@ http {
 	# Limit Request
 	limit_req_status 403;
 	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
-    limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;
+	limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

 	# Proxy Settings
 	# set_real_ip_from	proxy-server-ip;
--- a/wo/core/sslutils.py
+++ b/wo/core/sslutils.py
@@ -119,7 +119,7 @@ class SSL:

        return iswildcard

-    def setupHsts(self, wo_domain_name):
+    def setuphsts(self, wo_domain_name):
        Log.info(
            self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
            .format(wo_domain_name))