Move setuphsts into sslutils
This commit is contained in:
VirtuBox
@@ -768,7 +768,7 @@ class WOSiteCreateController(CementBaseController):
|
|||||||
httpsRedirect(self, wo_domain, True, wo_wildcard)
|
httpsRedirect(self, wo_domain, True, wo_wildcard)
|
||||||
|
|
||||||
if pargs.hsts:
|
if pargs.hsts:
|
||||||
setupHsts(self, wo_domain)
|
SSL.setuphsts(self, wo_domain)
|
||||||
|
|
||||||
SSL.siteurlhttps(self, wo_domain)
|
SSL.siteurlhttps(self, wo_domain)
|
||||||
if not WOService.reload_service(self, 'nginx'):
|
if not WOService.reload_service(self, 'nginx'):
|
||||||
@@ -969,7 +969,7 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
pargs.wpsubdir or pargs.wpsubdomain or
|
pargs.wpsubdir or pargs.wpsubdomain or
|
||||||
pargs.password)):
|
pargs.password)):
|
||||||
try:
|
try:
|
||||||
setupHsts(self, wo_domain)
|
SSL.setuphsts(self, wo_domain)
|
||||||
except SiteError as e:
|
except SiteError as e:
|
||||||
Log.debug(self, str(e))
|
Log.debug(self, str(e))
|
||||||
Log.info(self, "\nFail to enable HSTS")
|
Log.info(self, "\nFail to enable HSTS")
|
||||||
@@ -1474,7 +1474,7 @@ class WOSiteUpdateController(CementBaseController):
|
|||||||
.format(wo_site_webroot)):
|
.format(wo_site_webroot)):
|
||||||
if not os.path.isfile("{0}/conf/nginx/hsts.conf"
|
if not os.path.isfile("{0}/conf/nginx/hsts.conf"
|
||||||
.format(wo_site_webroot)):
|
.format(wo_site_webroot)):
|
||||||
setupHsts(self, wo_domain)
|
SSL.setuphsts(self, wo_domain)
|
||||||
else:
|
else:
|
||||||
Log.error(self, "HSTS is already configured for given "
|
Log.error(self, "HSTS is already configured for given "
|
||||||
"site")
|
"site")
|
||||||
|
|||||||
@@ -1548,23 +1548,6 @@ def renewLetsEncrypt(self, wo_domain_name):
|
|||||||
# redirect= False to disable https redirection
|
# redirect= False to disable https redirection
|
||||||
|
|
||||||
|
|
||||||
def setupHsts(self, wo_domain_name):
|
|
||||||
Log.info(
|
|
||||||
self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
|
|
||||||
.format(wo_domain_name))
|
|
||||||
|
|
||||||
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
|
|
||||||
.format(wo_domain_name),
|
|
||||||
encoding='utf-8', mode='w')
|
|
||||||
hstsconf.write("more_set_headers "
|
|
||||||
"\"Strict-Transport-Security: "
|
|
||||||
"max-age=31536000; "
|
|
||||||
"includeSubDomains; "
|
|
||||||
"preload\";")
|
|
||||||
hstsconf.close()
|
|
||||||
return 0
|
|
||||||
|
|
||||||
|
|
||||||
def httpsRedirect(self, wo_domain_name, redirect=True, wildcard=False):
|
def httpsRedirect(self, wo_domain_name, redirect=True, wildcard=False):
|
||||||
if redirect:
|
if redirect:
|
||||||
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
|
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
|
||||||
|
|||||||
52
wo/cli/plugins/stack_config.py
Normal file
52
wo/cli/plugins/stack_config.py
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
import os
|
||||||
|
import shutil
|
||||||
|
|
||||||
|
from cement.core import handler, hook
|
||||||
|
from cement.core.controller import CementBaseController, expose
|
||||||
|
|
||||||
|
from wo.cli.plugins.stack_pref import post_pref, pre_pref
|
||||||
|
from wo.core.aptget import WOAptGet
|
||||||
|
from wo.core.download import WODownload
|
||||||
|
from wo.core.extract import WOExtract
|
||||||
|
from wo.core.fileutils import WOFileUtils
|
||||||
|
from wo.core.logging import Log
|
||||||
|
from wo.core.services import WOService
|
||||||
|
from wo.core.shellexec import WOShellExec
|
||||||
|
from wo.core.variables import WOVariables
|
||||||
|
|
||||||
|
|
||||||
|
class WOStackUpgradeController(CementBaseController):
|
||||||
|
class Meta:
|
||||||
|
label = 'config'
|
||||||
|
stacked_on = 'stack'
|
||||||
|
stacked_type = 'nested'
|
||||||
|
exit_on_close = True
|
||||||
|
description = ('Upgrade stack safely')
|
||||||
|
arguments = [
|
||||||
|
(['--nginx'],
|
||||||
|
dict(help='Upgrade all stack', action='store_true')),
|
||||||
|
(['--php'],
|
||||||
|
dict(help='Upgrade PHP 7.2 stack', action='store_true')),
|
||||||
|
(['--php73'],
|
||||||
|
dict(help='Upgrade PHP 7.3 stack', action='store_true')),
|
||||||
|
(['--mysql'],
|
||||||
|
dict(help='Upgrade MySQL stack', action='store_true')),
|
||||||
|
(['--wpcli'],
|
||||||
|
dict(help='Upgrade WPCLI', action='store_true')),
|
||||||
|
(['--redis'],
|
||||||
|
dict(help='Upgrade Redis', action='store_true')),
|
||||||
|
(['--netdata'],
|
||||||
|
dict(help='Upgrade Netdata', action='store_true')),
|
||||||
|
(['--dashboard'],
|
||||||
|
dict(help='Upgrade WordOps Dashboard', action='store_true')),
|
||||||
|
(['--composer'],
|
||||||
|
dict(help='Upgrade Composer', action='store_true')),
|
||||||
|
(['--phpmyadmin'],
|
||||||
|
dict(help='Upgrade phpMyAdmin', action='store_true')),
|
||||||
|
(['--no-prompt'],
|
||||||
|
dict(help="Upgrade Packages without any prompt",
|
||||||
|
action='store_true')),
|
||||||
|
(['--force'],
|
||||||
|
dict(help="Force Packages upgrade without any prompt",
|
||||||
|
action='store_true')),
|
||||||
|
]
|
||||||
@@ -32,7 +32,7 @@ http {
|
|||||||
# Limit Request
|
# Limit Request
|
||||||
limit_req_status 403;
|
limit_req_status 403;
|
||||||
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
||||||
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;
|
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;
|
||||||
|
|
||||||
# Proxy Settings
|
# Proxy Settings
|
||||||
# set_real_ip_from proxy-server-ip;
|
# set_real_ip_from proxy-server-ip;
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ class SSL:
|
|||||||
|
|
||||||
return iswildcard
|
return iswildcard
|
||||||
|
|
||||||
def setupHsts(self, wo_domain_name):
|
def setuphsts(self, wo_domain_name):
|
||||||
Log.info(
|
Log.info(
|
||||||
self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
|
self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
|
||||||
.format(wo_domain_name))
|
.format(wo_domain_name))
|
||||||
|
|||||||
Reference in New Issue
Block a user