From e444886c52b3a95f2d46f4d3bc842f22a1a9cfd0 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Fri, 6 Sep 2019 22:21:16 +0200 Subject: [PATCH] Move setuphsts into sslutils --- wo/cli/plugins/site.py | 6 ++-- wo/cli/plugins/site_functions.py | 17 --------- wo/cli/plugins/stack_config.py | 52 ++++++++++++++++++++++++++++ wo/cli/templates/nginx-core.mustache | 2 +- wo/core/sslutils.py | 2 +- 5 files changed, 57 insertions(+), 22 deletions(-) create mode 100644 wo/cli/plugins/stack_config.py diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 4e19cfc..7846d55 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -768,7 +768,7 @@ class WOSiteCreateController(CementBaseController): httpsRedirect(self, wo_domain, True, wo_wildcard) if pargs.hsts: - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) SSL.siteurlhttps(self, wo_domain) if not WOService.reload_service(self, 'nginx'): @@ -969,7 +969,7 @@ class WOSiteUpdateController(CementBaseController): pargs.wpsubdir or pargs.wpsubdomain or pargs.password)): try: - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nFail to enable HSTS") @@ -1474,7 +1474,7 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)): if not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " "site") diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index b6a1355..8156f11 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1548,23 +1548,6 @@ def renewLetsEncrypt(self, wo_domain_name): # redirect= False to disable https redirection -def setupHsts(self, wo_domain_name): - Log.info( - self, "Adding /var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name)) - - hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - hstsconf.write("more_set_headers " - "\"Strict-Transport-Security: " - "max-age=31536000; " - "includeSubDomains; " - "preload\";") - hstsconf.close() - return 0 - - def httpsRedirect(self, wo_domain_name, redirect=True, wildcard=False): if redirect: if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" diff --git a/wo/cli/plugins/stack_config.py b/wo/cli/plugins/stack_config.py new file mode 100644 index 0000000..3c5166a --- /dev/null +++ b/wo/cli/plugins/stack_config.py @@ -0,0 +1,52 @@ +import os +import shutil + +from cement.core import handler, hook +from cement.core.controller import CementBaseController, expose + +from wo.cli.plugins.stack_pref import post_pref, pre_pref +from wo.core.aptget import WOAptGet +from wo.core.download import WODownload +from wo.core.extract import WOExtract +from wo.core.fileutils import WOFileUtils +from wo.core.logging import Log +from wo.core.services import WOService +from wo.core.shellexec import WOShellExec +from wo.core.variables import WOVariables + + +class WOStackUpgradeController(CementBaseController): + class Meta: + label = 'config' + stacked_on = 'stack' + stacked_type = 'nested' + exit_on_close = True + description = ('Upgrade stack safely') + arguments = [ + (['--nginx'], + dict(help='Upgrade all stack', action='store_true')), + (['--php'], + dict(help='Upgrade PHP 7.2 stack', action='store_true')), + (['--php73'], + dict(help='Upgrade PHP 7.3 stack', action='store_true')), + (['--mysql'], + dict(help='Upgrade MySQL stack', action='store_true')), + (['--wpcli'], + dict(help='Upgrade WPCLI', action='store_true')), + (['--redis'], + dict(help='Upgrade Redis', action='store_true')), + (['--netdata'], + dict(help='Upgrade Netdata', action='store_true')), + (['--dashboard'], + dict(help='Upgrade WordOps Dashboard', action='store_true')), + (['--composer'], + dict(help='Upgrade Composer', action='store_true')), + (['--phpmyadmin'], + dict(help='Upgrade phpMyAdmin', action='store_true')), + (['--no-prompt'], + dict(help="Upgrade Packages without any prompt", + action='store_true')), + (['--force'], + dict(help="Force Packages upgrade without any prompt", + action='store_true')), + ] diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 9d205c5..dd1db4b 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -32,7 +32,7 @@ http { # Limit Request limit_req_status 403; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; - limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s; + limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s; # Proxy Settings # set_real_ip_from proxy-server-ip; diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index b04745f..9bb620d 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -119,7 +119,7 @@ class SSL: return iswildcard - def setupHsts(self, wo_domain_name): + def setuphsts(self, wo_domain_name): Log.info( self, "Adding /var/www/{0}/conf/nginx/hsts.conf" .format(wo_domain_name))