Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #279 from WordOps/updating-configuration

Browse Source 
v3.12.0 release
This commit is contained in:
VirtuBox
2020-05-13 15:13:51 +02:00
committed by GitHub
parent ecae406791 327bd96d16
commit e8dc20e367
20 changed files with 309 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -17,6 +17,7 @@
*.bash text eol=lf
*.fish text eol=lf
*.sh text eol=lf
*.rc text eol=lf
# Source files
# ============

29
CHANGELOG.md
View File

@@ -8,6 +8,35 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### v3.9.x - [Unreleased]
### v3.12.0 - 2020-05-13
#### Added
- Set opcache.preload_user for PHP 7.4
- Link to GitHub changelog after WordOps upgrade
- Automated PHPMyAdmin and Adminer latest release download and install
- Enable Let's Encrypt SSL on sites with http auth (PR [#254](https://github.com/WordOps/WordOps/pull/254))
- Ubuntu 20.04 LTS Support (experimental)
- New Nginx 1.18.0 package built with OpenSSL 1.1.1g
- Default PHP version can be set in /etc/wo/wo.conf
#### Changed
- Improved caching rules (PR [#265](https://github.com/WordOps/WordOps/pull/265))
- Default PHP version is now 7.3
#### Fixed
- MySQL databases backup when using remote MySQL server
- PHPMyAdmin assets missing after installation
- Missing WP-CLI argument when switching site URL to https (PR [#257](https://github.com/WordOps/WordOps/pull/257))
- WordOps installation failure with pip
- Installation on raspberry pi 4
- Fail2ban configuration when Nginx is not installed
- Wo-kernel systemd service start failure
- missing letsencrypt settings in wo.conf
- MariaDB issue with innodb_buffer_pool_instances
### v3.11.4 - 2020-01-17
#### Fixed

15
README.md
View File

@@ -41,7 +41,7 @@
- **Easy to install** : One step automated installer with migration from EasyEngine v3 support
- **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation
- **Custom Nginx build** : Nginx 1.16.1 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support
- **Custom Nginx build** : Nginx 1.18.0 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support
- **Up-to-date** : PHP 7.2, 7.3 & 7.4, MariaDB 10.3 & Redis 5.0
- **Secured** : Hardened WordPress security with strict Nginx location directives
- **Powerful** : Optimized Nginx configurations with multiple cache backends support
@@ -62,6 +62,7 @@
#### Also compatible
- Ubuntu 20.04 LTS (Focal) (experimental)
- Ubuntu 16.04 LTS (Xenial)
- Debian 9 (Stretch)
- Debian 10 (Buster)
@@ -82,8 +83,8 @@ Detailed Getting Started guide with additional installation methods can be found
### Standard WordPress sites
```bash
wo site create example.com --wp # install wordpress without any page caching
wo site create example.com --wp --php73 # install wordpress with PHP 7.3 without any page caching
wo site create example.com --wp # install wordpress with PHP 7.3 without any page caching
wo site create example.com --wp --php72 # install wordpress with PHP 7.2 without any page caching
wo site create example.com --wp --php74 # install wordpress with PHP 7.4 without any page caching
wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache
wo site create example.com --wpredis # install wordpress + nginx redis_cache
@@ -118,11 +119,11 @@ wo site create example.com --wpsubdomain --wpce # install wpmu-subdomain + C
```bash
wo site create example.com --html # create example.com for static/html sites
wo site create example.com --php # create example.com with php support
wo site create example.com --php73 # create example.com with php 7.3 support
wo site create example.com --php # create example.com with php 7.3 support
wo site create example.com --php72 # create example.com with php 7.2 support
wo site create example.com --php74 # create example.com with php 7.4 support
wo site create example.com --mysql # create example.com with php & mysql support
wo site create example.com --mysql --php73 # create example.com with php 7.3 & mysql support
wo site create example.com --mysql # create example.com with php 7.3 & mysql support
wo site create example.com --mysql --php72 # create example.com with php 7.2 & mysql support
wo site create example.com --mysql --php74 # create example.com with php 7.4 & mysql support
wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy
```

10
config/bash_completion.d/wo_auto.rc
View File

@@ -154,7 +154,7 @@ _wo_complete()
"create")
COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php73 --php74 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-W "--user --pass --email --html --php --php72 --php73 --php74 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-- $cur) )
;;
@@ -206,7 +206,7 @@ _wo_complete()
"--wp")
if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php73 --php74"
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php72 --php73 --php74"
elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wp --wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
@@ -225,7 +225,7 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain")
if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php73 --php74 --dns --dns=dns_cf --dns=dns_dgon"
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php72 --php73 --php74 --dns --dns=dns_cf --dns=dns_dgon"
elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
@@ -243,7 +243,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 --php74 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php72 --php73 --php74 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else
retlist=""
fi
@@ -267,7 +267,7 @@ _wo_complete()
-- $cur) )
;;
"--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--php74" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav")
"--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--php74" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav" | "--dashboard")
if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then
retlist="--web --admin --security --nginx --php --php73 --php74 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --ufw --phpredisadmin --netdata --force"
elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then

5
config/wo.conf
View File

@@ -76,6 +76,11 @@ email =
keylength = "ec-384"
[php]
### Default PHP version
version = 7.3
[update]
### If enabled, load a plugin named `update` either from the Python module

38
install
View File

@@ -7,9 +7,9 @@
# Copyright (c) 2019-2020 - WordOps
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# wget -qO wo wops.cc && sudo bash wo
# wget -qO wo wops.cc && sudo -E bash wo
# -------------------------------------------------------------------------
# Version 3.11.4 - 2020-01-17
# Version 3.12.0 - 2020-05-13
# -------------------------------------------------------------------------
# CONTENTS
@@ -167,9 +167,9 @@ wo_check_distro() {
wo_lib_echo_fail "Feel free to open a pull-request if you want to add support for another Linux distributions"
exit 100
else
check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster")
check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster|focal")
if [ -z "$check_wo_linux_distro" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/19.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x.\n
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/20.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x.\n
You can bypass this warning by adding the flag --force to the install command"
exit 100
fi
@@ -419,8 +419,8 @@ wo_install_acme_sh() {
export LE_WORKING_DIR="/etc/letsencrypt"
export LE_CONFIG_HOME="/etc/letsencrypt/config"
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade
/etc/letsencrypt/acme.sh --config-home "/etc/letsencrypt/config" --uninstall-cronjob
/etc/letsencrypt/acme.sh --config-home "/etc/letsencrypt/config" --install-cronjob
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --uninstall-cronjob
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --install-cronjob
fi
}
@@ -429,14 +429,13 @@ wo_install_acme_sh() {
wo_install() {
local python_ver
python_ver=$(python3 -c "import sys; print(sys.version_info[1])")
cd /usr/local/lib/python3."$python_ver"/dist-packages || exit 1
rm -f /usr/local/bin/wo
if [ -d /usr/local/lib/python3."$python_ver"/dist-packages ]; then
cd /usr/local/lib/python3."$python_ver"/dist-packages || exit 1
fi
if [ "$wo_branch" = "master" ]; then
python3 -m pip uninstall wo -y
python3 -m pip install --upgrade wordops
python3 -m pip install -I wordops
else
python3 -m pip uninstall wo -y
python3 -m pip install -U "git+git://github.com/WordOps/WordOps.git@$wo_branch#egg=wordops"
python3 -m pip install -I "git+git://github.com/WordOps/WordOps.git@$wo_branch#egg=wordops"
fi
cp -rf /usr/local/lib/python3."$python_ver"/dist-packages/usr/* /usr/
cp -rn /usr/local/lib/python3."$python_ver"/dist-packages/etc/* /etc/
@@ -445,6 +444,7 @@ wo_install() {
# Clone Github repository if it doesn't exist
wo_travis_install() {
local python_ver
python_ver=$(python3 -c "import sys; print(sys.version_info[1])")
if [ -d ./dist ]; then
rm -rf dist
@@ -641,6 +641,18 @@ wo_woconf() {
if grep -q "log.logging" /etc/wo/wo.conf; then
sed -i "s/log.logging/log.colorlog/g" /etc/wo/wo.conf
fi
if ! grep -q "letsencrypt" /etc/wo/wo.conf; then
echo -e '\n[letsencrypt]\n\nkeylength = "ec-384"' >>/etc/wo/wo.conf
fi
if ! grep -q "php" /etc/wo/wo.conf; then
echo -e '\n[php]\n\nversion = 7.3' >>/etc/wo/wo.conf
fi
fi
}
wo_fix_kernel() {
if [ -f /opt/wo-kernel.sh ]; then
chmod +x /opt/wo-kernel.sh
fi
}
@@ -718,6 +730,7 @@ else
if [ -x /usr/local/bin/wo ]; then
_run wo_clean
_run wo_woconf
_run wo_fix_kernel
# 2 - Migration from EEv3
else
if [ -x /usr/local/bin/ee ]; then
@@ -761,6 +774,7 @@ else
echo
elif [ "$wo_upgrade" = "1" ]; then
wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!"
wo_lib_echo "Changelog is available on https://github.com/WordOps/WordOps/releases/tag/$wo_version_new"
echo
wo_lib_echo "To upgrade WordOps web stacks, you can use the command:"
wo_lib_echo_info "wo stack upgrade"

2
setup.py
View File

@@ -27,7 +27,7 @@ if os.geteuid() == 0:
os.makedirs('/var/lib/wo/tmp/')
setup(name='wordops',
version='3.11.4',
version='3.12.0',
description='An essential toolset that eases server administration',
long_description=LONG,
long_description_content_type='text/markdown',

58
tests/travis.sh
View File

@@ -49,7 +49,7 @@ done
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' Simple site create '
echo -e "${CGREEN}#############################################${CEND}"
site_types='html php php73 php74 mysql wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
site_types='html php php72 php73 php74 mysql wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $site_types; do
echo -ne " Creating $site [..]\r"
if {
@@ -67,36 +67,17 @@ done
echo
echo -e "${CGREEN}#############################################${CEND}"
echo
wo site info wp.net
wo site info php.net
echo
echo
wo site info php72.net
echo
echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php73 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql php php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php73 [..]\r"
if {
wo site update ${site}.net --php73
} >>/var/log/wo/test.log; then
echo -ne " Updating site to $site php73 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Updating site to $site php73 [${CRED}FAIL${CEND}]"
echo -ne '\n'
exit_script
fi
done
echo
echo -e "${CGREEN}#############################################${CEND}"
echo
wo site info wp.net
echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php74 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql wp php php73 wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
other_site_types='html mysql php72 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php74 [..]\r"
if {
@@ -117,9 +98,32 @@ echo
wo site info wp.net
echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php73 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql wp php72 php73 wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php73 [..]\r"
if {
wo site update ${site}.net --php73
} >>/var/log/wo/test.log; then
echo -ne " Updating site to $site php73 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Updating site to $site php73 [${CRED}FAIL${CEND}]"
echo -ne '\n'
exit_script
fi
done
echo
echo -e "${CGREEN}#############################################${CEND}"
echo
wo site info wp.net
echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php72 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql php php73 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
other_site_types='html mysql php72 php73 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php72 [..]\r"
if {

12
wo/cli/plugins/secure.py
View File

@@ -133,15 +133,16 @@ class WOSecureController(CementBaseController):
@expose(hide=True)
def secure_ip(self):
"""IP whitelisting"""
WOGit.add(self, ["/etc/nginx"],
msg="Add Nginx to into Git")
if os.path.exists('/etc/nginx'):
WOGit.add(self, ["/etc/nginx"],
msg="Add Nginx to into Git")
pargs = self.app.pargs
if not pargs.user_input:
ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:")
pargs.user_input = ip
try:
user_ip = pargs.user_input.split(',')
user_ip = pargs.user_input.strip().split(',')
except Exception as e:
Log.debug(self, "{0}".format(e))
user_ip = ['127.0.0.1']
@@ -170,8 +171,9 @@ class WOSecureController(CementBaseController):
'Harden SSH security [y/N]')
if start_secure != "Y" and start_secure != "y":
Log.error(self, "Not hardening SSH security")
WOGit.add(self, ["/etc/ssh"],
msg="Adding SSH into Git")
if os.path.exists('/etc/ssh'):
WOGit.add(self, ["/etc/ssh"],
msg="Adding SSH into Git")
Log.debug(self, "check if /etc/ssh/sshd_config exist")
if os.path.isfile('/etc/ssh/sshd_config'):
Log.debug(self, "looking for the current ssh port")

34
wo/cli/plugins/site_create.py
View File

@@ -211,21 +211,35 @@ class WOSiteCreateController(CementBaseController):
else:
pass
data['php73'] = False
data['php74'] = False
data['php72'] = False
if data and pargs.php73:
data['php73'] = True
data['php74'] = False
data['php72'] = False
data['wo_php'] = 'php73'
elif data and pargs.php74:
data['php72'] = False
data['php74'] = True
data['php73'] = False
data['wo_php'] = 'php74'
else:
data['php74'] = False
elif data and pargs.php72:
data['php72'] = True
data['php73'] = False
data['wo_php'] = 'php72'
else:
if self.app.config.has_section('php'):
config_php_ver = self.app.config.get(
'php', 'version')
if config_php_ver == '7.2':
data['php72'] = True
data['wo_php'] = 'php72'
elif config_php_ver == '7.3':
data['php73'] = True
data['wo_php'] = 'php73'
elif config_php_ver == '7.4':
data['php74'] = True
data['wo_php'] = 'php74'
else:
data['php73'] = True
data['wo_php'] = 'php73'
if ((not pargs.wpfc) and (not pargs.wpsc) and
(not pargs.wprocket) and
@@ -288,12 +302,12 @@ class WOSiteCreateController(CementBaseController):
" http://{0}".format(wo_domain))
return
if data['php73']:
php_version = "7.3"
if data['php72']:
php_version = "7.2"
elif data['php74']:
php_version = "7.4"
else:
php_version = "7.2"
php_version = "7.3"
addNewSite(self, wo_domain, stype, cache, wo_site_webroot,
php_version=php_version)

48
wo/cli/plugins/site_functions.py
View File

@@ -871,26 +871,46 @@ def site_package_check(self, stype):
wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
'\t$request_filename;\n')
if pargs.php and pargs.php73:
if ((pargs.php and pargs.php73) or (pargs.php and pargs.php74) or
(pargs.php and pargs.php72) or
(pargs.php73 and pargs.php74) or (pargs.php72 and pargs.php73) or
(pargs.php72 and pargs.php74)):
Log.error(
self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site")
if pargs.php and pargs.php74:
Log.error(
self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site")
if pargs.php73 and pargs.php74:
Log.error(
self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site")
if ((not pargs.php73) and (not pargs.php74) and
stype in ['php', 'php72', 'mysql', 'wp', 'wpsubdir',
if ((not pargs.php72) and (not pargs.php73) and (not pargs.php74) and
stype in ['php', 'mysql', 'wp', 'wpsubdir',
'wpsubdomain']):
Log.debug(self, "Setting apt_packages variable for PHP")
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
if self.app.config.has_section('php'):
config_php_ver = self.app.config.get(
'php', 'version')
if config_php_ver == '7.2':
php_check = 'php7.2-fpm'
php_to_setup = WOVar.wo_php72
elif config_php_ver == '7.3':
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
elif config_php_ver == '7.4':
php_check = 'php7.4-fpm'
php_to_setup = WOVar.wo_php74
else:
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
else:
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
if not (WOAptGet.is_installed(self, php_check)):
apt_packages = apt_packages + php_to_setup + WOVar.wo_php_extra
if pargs.php72 and stype in ['php72', 'mysql', 'wp',
'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting apt_packages variable for PHP 7.2")
if not (WOAptGet.is_installed(self, 'php7.2-fpm')):
if not WOAptGet.is_installed(self, 'php7.2-fpm'):
apt_packages = apt_packages + WOVar.wo_php72 + WOVar.wo_php_extra
if pargs.php73 and stype in ['php73', 'mysql', 'wp',

17
wo/cli/plugins/site_update.py
View File

@@ -220,7 +220,6 @@ class WOSiteUpdateController(CementBaseController):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
return 0
# setup ngxblocker
if (pargs.ngxblocker):
@@ -244,7 +243,6 @@ class WOSiteUpdateController(CementBaseController):
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
return 0
# letsencryot rebew
if (pargs.letsencrypt == 'renew'):
@@ -533,8 +531,8 @@ class WOSiteUpdateController(CementBaseController):
data['wo_php'] = 'php72'
check_php_version = '7.2'
else:
data['wo_php'] = 'php72'
check_php_version = '7.2'
data['wo_php'] = 'php73'
check_php_version = '7.3'
if pargs.hsts:
data['hsts'] = bool(pargs.hsts == "on")
@@ -614,8 +612,9 @@ class WOSiteUpdateController(CementBaseController):
'www.{0}'.format(wo_domain)]
if WOAcme.cert_check(self, wo_domain):
SSL.archivedcertificatehandle(
self, wo_domain, acme_domains)
if SSL.archivedcertificatehandle(
self, wo_domain, acme_domains):
letsencrypt = True
else:
if acme_subdomain:
Log.debug(self, "checkWildcardExist on *.{0}"
@@ -676,6 +675,7 @@ class WOSiteUpdateController(CementBaseController):
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully "
"Configured SSL on https://{0}".format(wo_domain))
letsencrypt = True
if (SSL.getexpirationdays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getexpirationdays(self, wo_domain)) +
@@ -725,8 +725,9 @@ class WOSiteUpdateController(CementBaseController):
# auto-renewal") WOCron.remove_cron(self,'wo site
# update {0} --le=renew --min_expiry_limit 30
# 2> \/dev\/null'.format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain))
letsencrypt = False
# Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],

40
wo/cli/plugins/stack.py
View File

@@ -142,7 +142,7 @@ class WOStackController(CementBaseController):
if pargs.web:
pargs.nginx = True
pargs.php72 = True
pargs.php73 = True
pargs.mysql = True
pargs.wpcli = True
pargs.sendmail = True
@@ -158,6 +158,7 @@ class WOStackController(CementBaseController):
pargs.phpredisadmin = True
pargs.extplorer = True
pargs.cheat = True
pargs.nanorc = True
if pargs.security:
pargs.fail2ban = True
@@ -178,7 +179,7 @@ class WOStackController(CementBaseController):
apt_packages = apt_packages + WOVar.wo_redis
else:
Log.info(self, "Redis already installed")
Log.debug(self, "Redis already installed")
# PHP 7.2
if pargs.php72:
@@ -298,10 +299,11 @@ class WOStackController(CementBaseController):
if not os.path.isdir('/var/www/22222/htdocs/db/pma'):
Log.debug(self, "Setting packages variable "
"for phpMyAdmin ")
packages = packages + [["https://github.com/phpmyadmin/"
"phpmyadmin/archive/STABLE.tar.gz",
"/var/lib/wo/tmp/pma.tar.gz",
"phpMyAdmin"]]
packages = packages + [[
"https://www.phpmyadmin.net/"
"downloads/phpMyAdmin-latest-all-languages.tar.gz",
"/var/lib/wo/tmp/pma.tar.gz",
"PHPMyAdmin"]]
else:
Log.debug(self, "phpMyAdmin already installed")
Log.info(self, "phpMyAdmin already installed")
@@ -344,10 +346,7 @@ class WOStackController(CementBaseController):
.format(WOVar.wo_webroot)):
Log.debug(self, "Setting packages variable for Adminer ")
packages = packages + [[
"https://github.com/vrana/adminer/"
"releases/download/v{0}"
"/adminer-{0}.php"
.format(WOVar.wo_adminer),
"https://www.adminer.org/latest.php",
"{0}22222/"
"htdocs/db/adminer/index.php"
.format(WOVar.wo_webroot),
@@ -588,7 +587,7 @@ class WOStackController(CementBaseController):
if pargs.web:
pargs.nginx = True
pargs.php72 = True
pargs.php73 = True
pargs.mysql = True
pargs.wpcli = True
pargs.sendmail = True
@@ -899,7 +898,7 @@ class WOStackController(CementBaseController):
if pargs.web:
pargs.nginx = True
pargs.php72 = True
pargs.php73 = True
pargs.mysql = True
pargs.wpcli = True
pargs.sendmail = True
@@ -1123,20 +1122,17 @@ class WOStackController(CementBaseController):
if start_purge != "Y" and start_purge != "y":
Log.error(self, "Not starting stack purge")
if (set(["nginx-custom"]).issubset(set(apt_packages))):
if "nginx-custom" in apt_packages:
WOService.stop_service(self, 'nginx')
if (set(["fail2ban"]).issubset(set(apt_packages))):
if "fail2ban" in apt_packages:
WOService.stop_service(self, 'fail2ban')
if (set(["mariadb-server"]).issubset(set(apt_packages))):
if self.app.config.has_section('stack'):
database_host = self.app.config.get(
'stack', 'ip-address')
else:
database_host = 'na'
if database_host == '127.0.0.1':
WOMysql.backupAll(self)
if "mariadb-server" in apt_packages:
if self.app.config.has_section('mysql'):
if self.app.config.get(
'mysql', 'grant-host') == 'localhost':
WOMysql.backupAll(self)
WOService.stop_service(self, 'mysql')
# Netdata uninstaller

103
wo/cli/plugins/stack_pref.py
View File

@@ -21,6 +21,7 @@ from wo.core.sslutils import SSL
from wo.core.template import WOTemplate
from wo.core.variables import WOVar
from wo.core.stackconf import WOConf
from wo.core.download import WODownload
def pre_pref(self, apt_packages):
@@ -28,7 +29,7 @@ def pre_pref(self, apt_packages):
if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages):
# add mariadb repository excepted on raspbian and ubuntu 19.04
if (not WOVar.wo_distro == 'raspbian'):
if ((not WOVar.wo_distro == 'raspbian') and (not WOVar.wo_platform_codename == 'focal')):
Log.info(self, "Adding repository for MySQL, please wait...")
mysql_pref = (
"Package: *\nPin: origin mariadb.mirrors.ovh.net"
@@ -322,14 +323,28 @@ def post_pref(self, apt_packages, packages, upgrade=False):
os.makedirs('/etc/nginx/sites-enabled')
# 22222 port settings
if os.path.exists('/etc/nginx/sites-available/22222'):
Log.debug(self, "looking for the current backend port")
for line in open('/etc/nginx/sites-available/22222',
encoding='utf-8'):
if 'listen' in line:
listen_line = line.strip()
break
port = (listen_line).split(' ')
current_backend_port = (port[1]).strip()
else:
current_backend_port = '22222'
if 'current_backend_port' not in locals():
current_backend_port = '22222'
data = dict(webroot=ngxroot,
release=WOVar.wo_version, port='22222')
if not WOFileUtils.grepcheck(
self, 'WordOps', '/etc/nginx/sites-available/22222'):
WOTemplate.deploy(
self,
'/etc/nginx/sites-available/22222',
'22222.mustache', data, overwrite=True)
release=WOVar.wo_version, port=current_backend_port)
WOTemplate.deploy(
self,
'/etc/nginx/sites-available/22222',
'22222.mustache', data, overwrite=True)
passwd = ''.join([random.choice
(string.ascii_letters + string.digits)
for n in range(24)])
@@ -400,7 +415,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
.format(ngxroot))):
SSL.selfsignedcert(self, proftpd=False, backend=True)
if not os.path.isfile('{0}22222/conf/nginx/ssl.conf'
if not os.path.exists('{0}22222/conf/nginx/ssl.conf'
.format(ngxroot)):
with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as php_file:
@@ -805,6 +820,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
config['opcache']['opcache.revalidate_freq'] = '5'
config['opcache']['opcache.consistency_checks'] = '0'
config['opcache']['opcache.validate_timestamps'] = '1'
config['opcache']['opcache.preload_user'] = 'www-data'
with open('/etc/php/7.4/fpm/php.ini',
encoding='utf-8', mode='w') as configfile:
Log.debug(self, "Writting php configuration into "
@@ -943,6 +959,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
config_file.write(config)
config_file.close()
else:
# make sure root account have all privileges
if "PASSWORD" not in WOShellExec.cmd_exec_stdout(
self, 'mysql -e "use mysql; show grants;"'):
try:
@@ -983,8 +1000,12 @@ def post_pref(self, apt_packages, packages, upgrade=False):
inno_buffer=wo_ram_innodb,
inno_log_buffer=wo_ram_log_buffer,
innodb_instances=wo_innodb_instance)
WOTemplate.deploy(
self, '/etc/mysql/my.cnf', 'my.mustache', data)
if os.path.exists('/etc/mysql/mariadb.conf.d/50-server.cnf'):
WOTemplate.deploy(
self, '/etc/mysql/my.cnf', 'my.mustache', data)
else:
WOTemplate.deploy(
self, '/etc/mysql/my.cnf', 'my.mustache', data)
# replacing default values
Log.debug(self, "Tuning MySQL configuration")
if os.path.isdir('/etc/systemd/system/mariadb.service.d'):
@@ -1016,32 +1037,34 @@ def post_pref(self, apt_packages, packages, upgrade=False):
# create fail2ban configuration files
if "fail2ban" in apt_packages:
WOService.restart_service(self, 'fail2ban')
WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git")
Log.info(self, "Configuring Fail2Ban")
data = dict(release=WOVar.wo_version)
WOTemplate.deploy(
self,
'/etc/fail2ban/jail.d/custom.conf',
'fail2ban.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/wo-wordpress.conf',
'fail2ban-wp.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/nginx-forbidden.conf',
'fail2ban-forbidden.mustache',
data, overwrite=False)
if not WOService.reload_service(self, 'fail2ban'):
WOGit.rollback(
self, ['/etc/fail2ban'], msg="Rollback f2b config")
else:
if os.path.exists('/etc/fail2ban'):
WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git")
Log.info(self, "Configuring Fail2Ban")
data = dict(release=WOVar.wo_version)
WOTemplate.deploy(
self,
'/etc/fail2ban/jail.d/custom.conf',
'fail2ban.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/wo-wordpress.conf',
'fail2ban-wp.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/nginx-forbidden.conf',
'fail2ban-forbidden.mustache',
data, overwrite=False)
if not WOService.reload_service(self, 'fail2ban'):
WOGit.rollback(
self, ['/etc/fail2ban'], msg="Rollback f2b config")
WOService.restart_service(self, 'fail2ban')
else:
WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git")
# Proftpd configuration
if "proftpd-basic" in apt_packages:
@@ -1091,8 +1114,8 @@ def post_pref(self, apt_packages, packages, upgrade=False):
Log.debug(self, "{0}".format(e))
Log.error(self, "Unable to add UFW rules")
if ((os.path.isfile("/etc/fail2ban/jail.d/custom.conf")) and
(not WOFileUtils.grep(
if ((os.path.exists("/etc/fail2ban/jail.d/custom.conf")) and
(not WOFileUtils.grepcheck(
self, "/etc/fail2ban/jail.d/custom.conf",
"proftpd"))):
with open("/etc/fail2ban/jail.d/custom.conf",
@@ -1248,6 +1271,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
# PHPMyAdmin
if any('/var/lib/wo/tmp/pma.tar.gz' == x[1]
for x in packages):
wo_phpmyadmin = WODownload.pma_release(self)
WOExtract.extract(
self, '/var/lib/wo/tmp/pma.tar.gz', '/var/lib/wo/tmp/')
Log.debug(self, 'Extracting file /var/lib/wo/tmp/pma.tar.gz to '
@@ -1261,7 +1285,9 @@ def post_pref(self, apt_packages, packages, upgrade=False):
.format(WOVar.wo_webroot))
if not os.path.exists('{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot)):
shutil.move('/var/lib/wo/tmp/phpmyadmin-STABLE/',
shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/'
.format(wo_phpmyadmin),
'{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot))
shutil.copyfile('{0}22222/htdocs/db/pma'
@@ -1683,6 +1709,7 @@ def pre_stack(self):
if not os.path.isfile('/opt/wo-kernel.sh'):
WOTemplate.deploy(self, '/opt/wo-kernel.sh',
'wo-kernel-script.mustache', data)
WOFileUtils.chmod(self, '/opt/wo-kernel.sh', 0o700)
if not os.path.isfile('/lib/systemd/system/wo-kernel.service'):
WOTemplate.deploy(
self, '/lib/systemd/system/wo-kernel.service',

12
wo/cli/plugins/stack_upgrade.py
View File

@@ -76,6 +76,7 @@ class WOStackUpgradeController(CementBaseController):
packages = []
self.msg = []
pargs = self.app.pargs
wo_phpmyadmin = WODownload.pma_release(self)
if not (pargs.web or pargs.nginx or pargs.php or
pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or
pargs.ngxblocker or pargs.all or pargs.netdata or
@@ -207,7 +208,7 @@ class WOStackUpgradeController(CementBaseController):
"https://files.phpmyadmin.net"
"/phpMyAdmin/{0}/phpMyAdmin-{0}-"
"all-languages.tar.gz"
.format(WOVar.wo_phpmyadmin),
.format(wo_phpmyadmin),
"/var/lib/wo/tmp/pma.tar.gz",
"PHPMyAdmin"]]
else:
@@ -220,10 +221,7 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVar.wo_webroot)):
Log.debug(self, "Setting packages variable for Adminer ")
packages = packages + [[
"https://github.com/vrana/adminer/"
"releases/download/v{0}"
"/adminer-{0}.php"
.format(WOVar.wo_adminer),
"https://www.adminer.org/latest.php",
"{0}22222/"
"htdocs/db/adminer/index.php"
.format(WOVar.wo_webroot),
@@ -403,13 +401,13 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVar.wo_webroot)),
('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/config.inc.php'
.format(WOVar.wo_phpmyadmin))
.format(wo_phpmyadmin))
)
WOFileUtils.rm(self, '{0}22222/htdocs/db/pma'
.format(WOVar.wo_webroot))
shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/'
.format(WOVar.wo_phpmyadmin),
.format(wo_phpmyadmin),
'{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs"

2
wo/cli/templates/my.mustache
View File

@@ -143,7 +143,7 @@ innodb_file_per_table = 1
innodb_open_files = 500000
innodb_io_capacity = 500000
innodb_flush_method = O_DIRECT
innodb_buffer_pool_instances = {{innodb_instances}}
innodb_buffer_pool_instances = 1
#
# * Security Features
#

11
wo/cli/templates/sysctl.mustache
View File

@@ -64,6 +64,13 @@ fs.suid_dumpable = 0
# Hide exposed kernel pointers
kernel.kptr_restrict = 1
# Restrict access to kernel logs
kernel.dmesg_restrict = 1
# Restrict ptrace scope
kernel.yama.ptrace_scope = 1
###
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
###
@@ -96,6 +103,9 @@ vm.min_free_kbytes = 65535
### GENERAL NETWORK SECURITY OPTIONS ###
###
# Harden BPF JIT compiler
net.core.bpf_jit_harden = 1
#Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
@@ -206,7 +216,6 @@ net.core.optmem_max = 65535
net.ipv4.tcp_max_tw_buckets = 1440000
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory

18
wo/core/download.py
View File

@@ -36,7 +36,7 @@ class WODownload():
return False
return 0
def latest_release(self, repository):
def latest_release(self, repository, name=False):
"""Get the latest release number of a GitHub repository.\n
repository format should be: \"user/repo\""""
try:
@@ -48,5 +48,19 @@ class WODownload():
except requests.RequestException as e:
Log.debug(self, str(e))
Log.error(self, "Unable to query GitHub API")
if name:
return github_json["name"]
else:
return github_json["tag_name"]
return github_json["tag_name"]
def pma_release(self):
"""Get the latest phpmyadmin release number from a json file"""
try:
req = requests.get(
'https://www.phpmyadmin.net/home_page/version.json',
timeout=(5, 30))
pma_json = req.json()
except requests.RequestException as e:
Log.debug(self, str(e))
Log.error(self, "Unable to query phpmyadmin API")
return pma_json["version"]

5
wo/core/mysql.py
View File

@@ -31,9 +31,8 @@ class WOMysql():
# Makes connection with MySQL server
try:
if os.path.exists('/etc/mysql/conf.d/my.cnf'):
connection = \
pymysql.connect(read_default_file='/etc/mysql/'
'conf.d/my.cnf')
connection = pymysql.connect(
read_default_file='/etc/mysql/conf.d/my.cnf')
else:
connection = pymysql.connect(read_default_file='~/.my.cnf')
return connection

20
wo/core/variables.py
View File

@@ -14,11 +14,11 @@ class WOVar():
"""Intialization of core variables"""
# WordOps version
wo_version = "3.11.4"
wo_version = "3.12.0"
# WordOps packages versions
wo_wp_cli = "2.4.0"
wo_adminer = "4.7.5"
wo_phpmyadmin = "5.0.1"
wo_phpmyadmin = "5.0.2"
wo_extplorer = "2.1.13"
wo_dashboard = "1.2"
@@ -140,18 +140,22 @@ class WOVar():
"zip", "xml", "soap"]
wo_php72 = []
for module in wo_module:
wo_php72 = wo_php72 + ["php7.2-{0}".format(module),
"php7.2-recode"]
wo_php72 = wo_php72 + ["php7.2-{0}".format(module)]
wo_php72 = wo_php72 + ["php7.2-recode"]
wo_php73 = []
for module in wo_module:
wo_php73 = wo_php73 + ["php7.3-{0}".format(module),
"php7.3-recode"]
wo_php73 = wo_php73 + ["php7.3-{0}".format(module)]
wo_php73 = wo_php73 + ["php7.3-recode"]
wo_php74 = []
for module in wo_module:
wo_php74 = wo_php74 + ["php7.4-{0}".format(module)]
wo_php_extra = ["php-memcached", "php-imagick", "php-igbinary",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
if not wo_platform_codename == 'focal':
wo_php_extra = ["php-memcached", "php-imagick", "php-igbinary",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
else:
wo_php_extra = ["php-imagick", "php-igbinary",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
wo_mysql = ["mariadb-server", "percona-toolkit"]
if wo_distro == 'raspbian':