Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #279 from WordOps/updating-configuration

Browse Source 
v3.12.0 release
This commit is contained in:
VirtuBox
2020-05-13 15:13:51 +02:00
committed by GitHub
parent ecae406791 327bd96d16
commit e8dc20e367
20 changed files with 309 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -17,6 +17,7 @@
*.bash text eol=lf *.bash text eol=lf
*.fish text eol=lf *.fish text eol=lf
*.sh text eol=lf *.sh text eol=lf
*.rc text eol=lf
# Source files # Source files
# ============ # ============

29
CHANGELOG.md
View File

@@ -8,6 +8,35 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### v3.9.x - [Unreleased] ### v3.9.x - [Unreleased]
### v3.12.0 - 2020-05-13
#### Added
- Set opcache.preload_user for PHP 7.4
- Link to GitHub changelog after WordOps upgrade
- Automated PHPMyAdmin and Adminer latest release download and install
- Enable Let's Encrypt SSL on sites with http auth (PR [#254](https://github.com/WordOps/WordOps/pull/254))
- Ubuntu 20.04 LTS Support (experimental)
- New Nginx 1.18.0 package built with OpenSSL 1.1.1g
- Default PHP version can be set in /etc/wo/wo.conf
#### Changed
- Improved caching rules (PR [#265](https://github.com/WordOps/WordOps/pull/265))
- Default PHP version is now 7.3
#### Fixed
- MySQL databases backup when using remote MySQL server
- PHPMyAdmin assets missing after installation
- Missing WP-CLI argument when switching site URL to https (PR [#257](https://github.com/WordOps/WordOps/pull/257))
- WordOps installation failure with pip
- Installation on raspberry pi 4
- Fail2ban configuration when Nginx is not installed
- Wo-kernel systemd service start failure
- missing letsencrypt settings in wo.conf
- MariaDB issue with innodb_buffer_pool_instances
### v3.11.4 - 2020-01-17 ### v3.11.4 - 2020-01-17
#### Fixed #### Fixed

15
README.md
View File

@@ -41,7 +41,7 @@
- **Easy to install** : One step automated installer with migration from EasyEngine v3 support - **Easy to install** : One step automated installer with migration from EasyEngine v3 support
- **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation - **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation
- **Custom Nginx build** : Nginx 1.16.1 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support - **Custom Nginx build** : Nginx 1.18.0 - TLS v1.3 Cloudflare HTTP/2 HPACK & Brotli support
- **Up-to-date** : PHP 7.2, 7.3 & 7.4, MariaDB 10.3 & Redis 5.0 - **Up-to-date** : PHP 7.2, 7.3 & 7.4, MariaDB 10.3 & Redis 5.0
- **Secured** : Hardened WordPress security with strict Nginx location directives - **Secured** : Hardened WordPress security with strict Nginx location directives
- **Powerful** : Optimized Nginx configurations with multiple cache backends support - **Powerful** : Optimized Nginx configurations with multiple cache backends support
@@ -62,6 +62,7 @@
#### Also compatible #### Also compatible
- Ubuntu 20.04 LTS (Focal) (experimental)
- Ubuntu 16.04 LTS (Xenial) - Ubuntu 16.04 LTS (Xenial)
- Debian 9 (Stretch) - Debian 9 (Stretch)
- Debian 10 (Buster) - Debian 10 (Buster)
@@ -82,8 +83,8 @@ Detailed Getting Started guide with additional installation methods can be found
### Standard WordPress sites ### Standard WordPress sites
```bash ```bash
wo site create example.com --wp # install wordpress without any page caching wo site create example.com --wp # install wordpress with PHP 7.3 without any page caching
wo site create example.com --wp --php73 # install wordpress with PHP 7.3 without any page caching wo site create example.com --wp --php72 # install wordpress with PHP 7.2 without any page caching
wo site create example.com --wp --php74 # install wordpress with PHP 7.4 without any page caching wo site create example.com --wp --php74 # install wordpress with PHP 7.4 without any page caching
wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache wo site create example.com --wpfc # install wordpress + nginx fastcgi_cache
wo site create example.com --wpredis # install wordpress + nginx redis_cache wo site create example.com --wpredis # install wordpress + nginx redis_cache
@@ -118,11 +119,11 @@ wo site create example.com --wpsubdomain --wpce # install wpmu-subdomain + C
```bash ```bash
wo site create example.com --html # create example.com for static/html sites wo site create example.com --html # create example.com for static/html sites
wo site create example.com --php # create example.com with php support wo site create example.com --php # create example.com with php 7.3 support
wo site create example.com --php73 # create example.com with php 7.3 support wo site create example.com --php72 # create example.com with php 7.2 support
wo site create example.com --php74 # create example.com with php 7.4 support wo site create example.com --php74 # create example.com with php 7.4 support
wo site create example.com --mysql # create example.com with php & mysql support wo site create example.com --mysql # create example.com with php 7.3 & mysql support
wo site create example.com --mysql --php73 # create example.com with php 7.3 & mysql support wo site create example.com --mysql --php72 # create example.com with php 7.2 & mysql support
wo site create example.com --mysql --php74 # create example.com with php 7.4 & mysql support wo site create example.com --mysql --php74 # create example.com with php 7.4 & mysql support
wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy wo site create example.com --proxy=127.0.0.1:3000 # create example.com with nginx as reverse-proxy
``` ```

10
config/bash_completion.d/wo_auto.rc
View File

@@ -154,7 +154,7 @@ _wo_complete()
"create") "create")
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php73 --php74 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \ -W "--user --pass --email --html --php --php72 --php73 --php74 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" \
-- $cur) ) -- $cur) )
;; ;;
@@ -206,7 +206,7 @@ _wo_complete()
"--wp") "--wp")
if [ "${COMP_WORDS[1]}" != "debug" ]; then if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php73 --php74" retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon --php72 --php73 --php74"
elif [ "${COMP_WORDS[2]}" == "update" ]; then elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wp --wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon" retlist="--wp --wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
@@ -225,7 +225,7 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain") "--wpsubdir" | "--wpsubdomain")
if [ "${COMP_WORDS[1]}" != "debug" ]; then if [ "${COMP_WORDS[1]}" != "debug" ]; then
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php73 --php74 --dns --dns=dns_cf --dns=dns_dgon" retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php72 --php73 --php74 --dns --dns=dns_cf --dns=dns_dgon"
elif [ "${COMP_WORDS[2]}" == "update" ]; then elif [ "${COMP_WORDS[2]}" == "update" ]; then
retlist="--wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon" retlist="--wpfc --wpsc --php72 --php73 --php74 --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
@@ -243,7 +243,7 @@ _wo_complete()
"--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") "--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ "${COMP_WORDS[2]}" == "create" ]; then if [ "${COMP_WORDS[2]}" == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 --php74 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon" retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php72 --php73 --php74 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_dgon"
else else
retlist="" retlist=""
fi fi
@@ -267,7 +267,7 @@ _wo_complete()
-- $cur) ) -- $cur) )
;; ;;
"--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--php74" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav") "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--php74" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--ufw" | "--redis" | "--phpredisadmin" | "--netdata" | "--sendmail" | "--composer" | "--proftpd" | "--cheat" | "--nanorc" | "--clamav" | "--dashboard")
if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then
retlist="--web --admin --security --nginx --php --php73 --php74 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --ufw --phpredisadmin --netdata --force" retlist="--web --admin --security --nginx --php --php73 --php74 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --ufw --phpredisadmin --netdata --force"
elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then

5
config/wo.conf
View File

@@ -76,6 +76,11 @@ email =
keylength = "ec-384" keylength = "ec-384"
[php]
### Default PHP version
version = 7.3
[update] [update]
### If enabled, load a plugin named `update` either from the Python module ### If enabled, load a plugin named `update` either from the Python module

38
install
View File

@@ -7,9 +7,9 @@
# Copyright (c) 2019-2020 - WordOps # Copyright (c) 2019-2020 - WordOps
# This script is licensed under M.I.T # This script is licensed under M.I.T
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# wget -qO wo wops.cc && sudo bash wo # wget -qO wo wops.cc && sudo -E bash wo
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.11.4 - 2020-01-17 # Version 3.12.0 - 2020-05-13
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# CONTENTS # CONTENTS
@@ -167,9 +167,9 @@ wo_check_distro() {
wo_lib_echo_fail "Feel free to open a pull-request if you want to add support for another Linux distributions" wo_lib_echo_fail "Feel free to open a pull-request if you want to add support for another Linux distributions"
exit 100 exit 100
else else
check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster") check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster|focal")
if [ -z "$check_wo_linux_distro" ]; then if [ -z "$check_wo_linux_distro" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/19.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x.\n wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/20.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x.\n
You can bypass this warning by adding the flag --force to the install command" You can bypass this warning by adding the flag --force to the install command"
exit 100 exit 100
fi fi
@@ -419,8 +419,8 @@ wo_install_acme_sh() {
export LE_WORKING_DIR="/etc/letsencrypt" export LE_WORKING_DIR="/etc/letsencrypt"
export LE_CONFIG_HOME="/etc/letsencrypt/config" export LE_CONFIG_HOME="/etc/letsencrypt/config"
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade
/etc/letsencrypt/acme.sh --config-home "/etc/letsencrypt/config" --uninstall-cronjob /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --uninstall-cronjob
/etc/letsencrypt/acme.sh --config-home "/etc/letsencrypt/config" --install-cronjob /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --install-cronjob
fi fi
} }
@@ -429,14 +429,13 @@ wo_install_acme_sh() {
wo_install() { wo_install() {
local python_ver local python_ver
python_ver=$(python3 -c "import sys; print(sys.version_info[1])") python_ver=$(python3 -c "import sys; print(sys.version_info[1])")
cd /usr/local/lib/python3."$python_ver"/dist-packages || exit 1 if [ -d /usr/local/lib/python3."$python_ver"/dist-packages ]; then
rm -f /usr/local/bin/wo cd /usr/local/lib/python3."$python_ver"/dist-packages || exit 1
fi
if [ "$wo_branch" = "master" ]; then if [ "$wo_branch" = "master" ]; then
python3 -m pip uninstall wo -y python3 -m pip install -I wordops
python3 -m pip install --upgrade wordops
else else
python3 -m pip uninstall wo -y python3 -m pip install -I "git+git://github.com/WordOps/WordOps.git@$wo_branch#egg=wordops"
python3 -m pip install -U "git+git://github.com/WordOps/WordOps.git@$wo_branch#egg=wordops"
fi fi
cp -rf /usr/local/lib/python3."$python_ver"/dist-packages/usr/* /usr/ cp -rf /usr/local/lib/python3."$python_ver"/dist-packages/usr/* /usr/
cp -rn /usr/local/lib/python3."$python_ver"/dist-packages/etc/* /etc/ cp -rn /usr/local/lib/python3."$python_ver"/dist-packages/etc/* /etc/
@@ -445,6 +444,7 @@ wo_install() {
# Clone Github repository if it doesn't exist # Clone Github repository if it doesn't exist
wo_travis_install() { wo_travis_install() {
local python_ver
python_ver=$(python3 -c "import sys; print(sys.version_info[1])") python_ver=$(python3 -c "import sys; print(sys.version_info[1])")
if [ -d ./dist ]; then if [ -d ./dist ]; then
rm -rf dist rm -rf dist
@@ -641,6 +641,18 @@ wo_woconf() {
if grep -q "log.logging" /etc/wo/wo.conf; then if grep -q "log.logging" /etc/wo/wo.conf; then
sed -i "s/log.logging/log.colorlog/g" /etc/wo/wo.conf sed -i "s/log.logging/log.colorlog/g" /etc/wo/wo.conf
fi fi
if ! grep -q "letsencrypt" /etc/wo/wo.conf; then
echo -e '\n[letsencrypt]\n\nkeylength = "ec-384"' >>/etc/wo/wo.conf
fi
if ! grep -q "php" /etc/wo/wo.conf; then
echo -e '\n[php]\n\nversion = 7.3' >>/etc/wo/wo.conf
fi
fi
}
wo_fix_kernel() {
if [ -f /opt/wo-kernel.sh ]; then
chmod +x /opt/wo-kernel.sh
fi fi
} }
@@ -718,6 +730,7 @@ else
if [ -x /usr/local/bin/wo ]; then if [ -x /usr/local/bin/wo ]; then
_run wo_clean _run wo_clean
_run wo_woconf _run wo_woconf
_run wo_fix_kernel
# 2 - Migration from EEv3 # 2 - Migration from EEv3
else else
if [ -x /usr/local/bin/ee ]; then if [ -x /usr/local/bin/ee ]; then
@@ -761,6 +774,7 @@ else
echo echo
elif [ "$wo_upgrade" = "1" ]; then elif [ "$wo_upgrade" = "1" ]; then
wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!" wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!"
wo_lib_echo "Changelog is available on https://github.com/WordOps/WordOps/releases/tag/$wo_version_new"
echo echo
wo_lib_echo "To upgrade WordOps web stacks, you can use the command:" wo_lib_echo "To upgrade WordOps web stacks, you can use the command:"
wo_lib_echo_info "wo stack upgrade" wo_lib_echo_info "wo stack upgrade"

2
setup.py
View File

@@ -27,7 +27,7 @@ if os.geteuid() == 0:
os.makedirs('/var/lib/wo/tmp/') os.makedirs('/var/lib/wo/tmp/')
setup(name='wordops', setup(name='wordops',
version='3.11.4', version='3.12.0',
description='An essential toolset that eases server administration', description='An essential toolset that eases server administration',
long_description=LONG, long_description=LONG,
long_description_content_type='text/markdown', long_description_content_type='text/markdown',

58
tests/travis.sh
View File

@@ -49,7 +49,7 @@ done
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
echo -e ' Simple site create ' echo -e ' Simple site create '
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
site_types='html php php73 php74 mysql wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker' site_types='html php php72 php73 php74 mysql wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $site_types; do for site in $site_types; do
echo -ne " Creating $site [..]\r" echo -ne " Creating $site [..]\r"
if { if {
@@ -67,36 +67,17 @@ done
echo echo
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
echo echo
wo site info wp.net wo site info php.net
echo
echo
wo site info php72.net
echo
echo echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php73 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql php php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php73 [..]\r"
if {
wo site update ${site}.net --php73
} >>/var/log/wo/test.log; then
echo -ne " Updating site to $site php73 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Updating site to $site php73 [${CRED}FAIL${CEND}]"
echo -ne '\n'
exit_script
fi
done
echo
echo -e "${CGREEN}#############################################${CEND}"
echo
wo site info wp.net
echo
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php74 ' echo -e ' wo site update --php74 '
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql wp php php73 wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker' other_site_types='html mysql php72 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do for site in $other_site_types; do
echo -ne " Updating site to $site php74 [..]\r" echo -ne " Updating site to $site php74 [..]\r"
if { if {
@@ -117,9 +98,32 @@ echo
wo site info wp.net wo site info wp.net
echo echo
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php73 '
echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql wp php72 php73 wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do
echo -ne " Updating site to $site php73 [..]\r"
if {
wo site update ${site}.net --php73
} >>/var/log/wo/test.log; then
echo -ne " Updating site to $site php73 [${CGREEN}OK${CEND}]\\r"
echo -ne '\n'
else
echo -e " Updating site to $site php73 [${CRED}FAIL${CEND}]"
echo -ne '\n'
exit_script
fi
done
echo
echo -e "${CGREEN}#############################################${CEND}"
echo
wo site info wp.net
echo
echo -e "${CGREEN}#############################################${CEND}"
echo -e ' wo site update --php72 ' echo -e ' wo site update --php72 '
echo -e "${CGREEN}#############################################${CEND}" echo -e "${CGREEN}#############################################${CEND}"
other_site_types='html mysql php php73 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker' other_site_types='html mysql php72 php73 php74 wp wpfc wpsc wpredis wpce wprocket wpsubdomain wpsubdir ngxblocker'
for site in $other_site_types; do for site in $other_site_types; do
echo -ne " Updating site to $site php72 [..]\r" echo -ne " Updating site to $site php72 [..]\r"
if { if {

12
wo/cli/plugins/secure.py
View File

@@ -133,15 +133,16 @@ class WOSecureController(CementBaseController):
@expose(hide=True) @expose(hide=True)
def secure_ip(self): def secure_ip(self):
"""IP whitelisting""" """IP whitelisting"""
WOGit.add(self, ["/etc/nginx"], if os.path.exists('/etc/nginx'):
msg="Add Nginx to into Git") WOGit.add(self, ["/etc/nginx"],
msg="Add Nginx to into Git")
pargs = self.app.pargs pargs = self.app.pargs
if not pargs.user_input: if not pargs.user_input:
ip = input("Enter the comma separated IP addresses " ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:") "to white list [127.0.0.1]:")
pargs.user_input = ip pargs.user_input = ip
try: try:
user_ip = pargs.user_input.split(',') user_ip = pargs.user_input.strip().split(',')
except Exception as e: except Exception as e:
Log.debug(self, "{0}".format(e)) Log.debug(self, "{0}".format(e))
user_ip = ['127.0.0.1'] user_ip = ['127.0.0.1']
@@ -170,8 +171,9 @@ class WOSecureController(CementBaseController):
'Harden SSH security [y/N]') 'Harden SSH security [y/N]')
if start_secure != "Y" and start_secure != "y": if start_secure != "Y" and start_secure != "y":
Log.error(self, "Not hardening SSH security") Log.error(self, "Not hardening SSH security")
WOGit.add(self, ["/etc/ssh"], if os.path.exists('/etc/ssh'):
msg="Adding SSH into Git") WOGit.add(self, ["/etc/ssh"],
msg="Adding SSH into Git")
Log.debug(self, "check if /etc/ssh/sshd_config exist") Log.debug(self, "check if /etc/ssh/sshd_config exist")
if os.path.isfile('/etc/ssh/sshd_config'): if os.path.isfile('/etc/ssh/sshd_config'):
Log.debug(self, "looking for the current ssh port") Log.debug(self, "looking for the current ssh port")

34
wo/cli/plugins/site_create.py
View File

@@ -211,21 +211,35 @@ class WOSiteCreateController(CementBaseController):
else: else:
pass pass
data['php73'] = False
data['php74'] = False
data['php72'] = False
if data and pargs.php73: if data and pargs.php73:
data['php73'] = True data['php73'] = True
data['php74'] = False
data['php72'] = False
data['wo_php'] = 'php73' data['wo_php'] = 'php73'
elif data and pargs.php74: elif data and pargs.php74:
data['php72'] = False
data['php74'] = True data['php74'] = True
data['php73'] = False
data['wo_php'] = 'php74' data['wo_php'] = 'php74'
else: elif data and pargs.php72:
data['php74'] = False
data['php72'] = True data['php72'] = True
data['php73'] = False
data['wo_php'] = 'php72' data['wo_php'] = 'php72'
else:
if self.app.config.has_section('php'):
config_php_ver = self.app.config.get(
'php', 'version')
if config_php_ver == '7.2':
data['php72'] = True
data['wo_php'] = 'php72'
elif config_php_ver == '7.3':
data['php73'] = True
data['wo_php'] = 'php73'
elif config_php_ver == '7.4':
data['php74'] = True
data['wo_php'] = 'php74'
else:
data['php73'] = True
data['wo_php'] = 'php73'
if ((not pargs.wpfc) and (not pargs.wpsc) and if ((not pargs.wpfc) and (not pargs.wpsc) and
(not pargs.wprocket) and (not pargs.wprocket) and
@@ -288,12 +302,12 @@ class WOSiteCreateController(CementBaseController):
" http://{0}".format(wo_domain)) " http://{0}".format(wo_domain))
return return
if data['php73']: if data['php72']:
php_version = "7.3" php_version = "7.2"
elif data['php74']: elif data['php74']:
php_version = "7.4" php_version = "7.4"
else: else:
php_version = "7.2" php_version = "7.3"
addNewSite(self, wo_domain, stype, cache, wo_site_webroot, addNewSite(self, wo_domain, stype, cache, wo_site_webroot,
php_version=php_version) php_version=php_version)

48
wo/cli/plugins/site_functions.py
View File

@@ -871,26 +871,46 @@ def site_package_check(self, stype):
wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME ' wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
'\t$request_filename;\n') '\t$request_filename;\n')
if pargs.php and pargs.php73: if ((pargs.php and pargs.php73) or (pargs.php and pargs.php74) or
(pargs.php and pargs.php72) or
(pargs.php73 and pargs.php74) or (pargs.php72 and pargs.php73) or
(pargs.php72 and pargs.php74)):
Log.error( Log.error(
self, "Error: two different PHP versions cannot be " self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site") "combined within the same WordOps site")
if pargs.php and pargs.php74: if ((not pargs.php72) and (not pargs.php73) and (not pargs.php74) and
Log.error( stype in ['php', 'mysql', 'wp', 'wpsubdir',
self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site")
if pargs.php73 and pargs.php74:
Log.error(
self, "Error: two different PHP versions cannot be "
"combined within the same WordOps site")
if ((not pargs.php73) and (not pargs.php74) and
stype in ['php', 'php72', 'mysql', 'wp', 'wpsubdir',
'wpsubdomain']): 'wpsubdomain']):
Log.debug(self, "Setting apt_packages variable for PHP")
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
if self.app.config.has_section('php'):
config_php_ver = self.app.config.get(
'php', 'version')
if config_php_ver == '7.2':
php_check = 'php7.2-fpm'
php_to_setup = WOVar.wo_php72
elif config_php_ver == '7.3':
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
elif config_php_ver == '7.4':
php_check = 'php7.4-fpm'
php_to_setup = WOVar.wo_php74
else:
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
else:
php_check = 'php7.3-fpm'
php_to_setup = WOVar.wo_php73
if not (WOAptGet.is_installed(self, php_check)):
apt_packages = apt_packages + php_to_setup + WOVar.wo_php_extra
if pargs.php72 and stype in ['php72', 'mysql', 'wp',
'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting apt_packages variable for PHP 7.2") Log.debug(self, "Setting apt_packages variable for PHP 7.2")
if not (WOAptGet.is_installed(self, 'php7.2-fpm')): if not WOAptGet.is_installed(self, 'php7.2-fpm'):
apt_packages = apt_packages + WOVar.wo_php72 + WOVar.wo_php_extra apt_packages = apt_packages + WOVar.wo_php72 + WOVar.wo_php_extra
if pargs.php73 and stype in ['php73', 'mysql', 'wp', if pargs.php73 and stype in ['php73', 'mysql', 'wp',

17
wo/cli/plugins/site_update.py
View File

@@ -220,7 +220,6 @@ class WOSiteUpdateController(CementBaseController):
Log.error( Log.error(
self, "service nginx reload failed. " self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
return 0
# setup ngxblocker # setup ngxblocker
if (pargs.ngxblocker): if (pargs.ngxblocker):
@@ -244,7 +243,6 @@ class WOSiteUpdateController(CementBaseController):
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
return 0
# letsencryot rebew # letsencryot rebew
if (pargs.letsencrypt == 'renew'): if (pargs.letsencrypt == 'renew'):
@@ -533,8 +531,8 @@ class WOSiteUpdateController(CementBaseController):
data['wo_php'] = 'php72' data['wo_php'] = 'php72'
check_php_version = '7.2' check_php_version = '7.2'
else: else:
data['wo_php'] = 'php72' data['wo_php'] = 'php73'
check_php_version = '7.2' check_php_version = '7.3'
if pargs.hsts: if pargs.hsts:
data['hsts'] = bool(pargs.hsts == "on") data['hsts'] = bool(pargs.hsts == "on")
@@ -614,8 +612,9 @@ class WOSiteUpdateController(CementBaseController):
'www.{0}'.format(wo_domain)] 'www.{0}'.format(wo_domain)]
if WOAcme.cert_check(self, wo_domain): if WOAcme.cert_check(self, wo_domain):
SSL.archivedcertificatehandle( if SSL.archivedcertificatehandle(
self, wo_domain, acme_domains) self, wo_domain, acme_domains):
letsencrypt = True
else: else:
if acme_subdomain: if acme_subdomain:
Log.debug(self, "checkWildcardExist on *.{0}" Log.debug(self, "checkWildcardExist on *.{0}"
@@ -676,6 +675,7 @@ class WOSiteUpdateController(CementBaseController):
"check issues with `nginx -t` command") "check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully " Log.info(self, "Congratulations! Successfully "
"Configured SSL on https://{0}".format(wo_domain)) "Configured SSL on https://{0}".format(wo_domain))
letsencrypt = True
if (SSL.getexpirationdays(self, wo_domain) > 0): if (SSL.getexpirationdays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " + Log.info(self, "Your cert will expire within " +
str(SSL.getexpirationdays(self, wo_domain)) + str(SSL.getexpirationdays(self, wo_domain)) +
@@ -725,8 +725,9 @@ class WOSiteUpdateController(CementBaseController):
# auto-renewal") WOCron.remove_cron(self,'wo site # auto-renewal") WOCron.remove_cron(self,'wo site
# update {0} --le=renew --min_expiry_limit 30 # update {0} --le=renew --min_expiry_limit 30
# 2> \/dev\/null'.format(wo_domain)) # 2> \/dev\/null'.format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site " Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain)) " http://{0}".format(wo_domain))
letsencrypt = False
# Add nginx conf folder into GIT # Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)], WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],

40
wo/cli/plugins/stack.py
View File

@@ -142,7 +142,7 @@ class WOStackController(CementBaseController):
if pargs.web: if pargs.web:
pargs.nginx = True pargs.nginx = True
pargs.php72 = True pargs.php73 = True
pargs.mysql = True pargs.mysql = True
pargs.wpcli = True pargs.wpcli = True
pargs.sendmail = True pargs.sendmail = True
@@ -158,6 +158,7 @@ class WOStackController(CementBaseController):
pargs.phpredisadmin = True pargs.phpredisadmin = True
pargs.extplorer = True pargs.extplorer = True
pargs.cheat = True pargs.cheat = True
pargs.nanorc = True
if pargs.security: if pargs.security:
pargs.fail2ban = True pargs.fail2ban = True
@@ -178,7 +179,7 @@ class WOStackController(CementBaseController):
apt_packages = apt_packages + WOVar.wo_redis apt_packages = apt_packages + WOVar.wo_redis
else: else:
Log.info(self, "Redis already installed") Log.debug(self, "Redis already installed")
# PHP 7.2 # PHP 7.2
if pargs.php72: if pargs.php72:
@@ -298,10 +299,11 @@ class WOStackController(CementBaseController):
if not os.path.isdir('/var/www/22222/htdocs/db/pma'): if not os.path.isdir('/var/www/22222/htdocs/db/pma'):
Log.debug(self, "Setting packages variable " Log.debug(self, "Setting packages variable "
"for phpMyAdmin ") "for phpMyAdmin ")
packages = packages + [["https://github.com/phpmyadmin/" packages = packages + [[
"phpmyadmin/archive/STABLE.tar.gz", "https://www.phpmyadmin.net/"
"/var/lib/wo/tmp/pma.tar.gz", "downloads/phpMyAdmin-latest-all-languages.tar.gz",
"phpMyAdmin"]] "/var/lib/wo/tmp/pma.tar.gz",
"PHPMyAdmin"]]
else: else:
Log.debug(self, "phpMyAdmin already installed") Log.debug(self, "phpMyAdmin already installed")
Log.info(self, "phpMyAdmin already installed") Log.info(self, "phpMyAdmin already installed")
@@ -344,10 +346,7 @@ class WOStackController(CementBaseController):
.format(WOVar.wo_webroot)): .format(WOVar.wo_webroot)):
Log.debug(self, "Setting packages variable for Adminer ") Log.debug(self, "Setting packages variable for Adminer ")
packages = packages + [[ packages = packages + [[
"https://github.com/vrana/adminer/" "https://www.adminer.org/latest.php",
"releases/download/v{0}"
"/adminer-{0}.php"
.format(WOVar.wo_adminer),
"{0}22222/" "{0}22222/"
"htdocs/db/adminer/index.php" "htdocs/db/adminer/index.php"
.format(WOVar.wo_webroot), .format(WOVar.wo_webroot),
@@ -588,7 +587,7 @@ class WOStackController(CementBaseController):
if pargs.web: if pargs.web:
pargs.nginx = True pargs.nginx = True
pargs.php72 = True pargs.php73 = True
pargs.mysql = True pargs.mysql = True
pargs.wpcli = True pargs.wpcli = True
pargs.sendmail = True pargs.sendmail = True
@@ -899,7 +898,7 @@ class WOStackController(CementBaseController):
if pargs.web: if pargs.web:
pargs.nginx = True pargs.nginx = True
pargs.php72 = True pargs.php73 = True
pargs.mysql = True pargs.mysql = True
pargs.wpcli = True pargs.wpcli = True
pargs.sendmail = True pargs.sendmail = True
@@ -1123,20 +1122,17 @@ class WOStackController(CementBaseController):
if start_purge != "Y" and start_purge != "y": if start_purge != "Y" and start_purge != "y":
Log.error(self, "Not starting stack purge") Log.error(self, "Not starting stack purge")
if (set(["nginx-custom"]).issubset(set(apt_packages))): if "nginx-custom" in apt_packages:
WOService.stop_service(self, 'nginx') WOService.stop_service(self, 'nginx')
if (set(["fail2ban"]).issubset(set(apt_packages))): if "fail2ban" in apt_packages:
WOService.stop_service(self, 'fail2ban') WOService.stop_service(self, 'fail2ban')
if (set(["mariadb-server"]).issubset(set(apt_packages))): if "mariadb-server" in apt_packages:
if self.app.config.has_section('stack'): if self.app.config.has_section('mysql'):
database_host = self.app.config.get( if self.app.config.get(
'stack', 'ip-address') 'mysql', 'grant-host') == 'localhost':
else: WOMysql.backupAll(self)
database_host = 'na'
if database_host == '127.0.0.1':
WOMysql.backupAll(self)
WOService.stop_service(self, 'mysql') WOService.stop_service(self, 'mysql')
# Netdata uninstaller # Netdata uninstaller

103
wo/cli/plugins/stack_pref.py
View File

@@ -21,6 +21,7 @@ from wo.core.sslutils import SSL
from wo.core.template import WOTemplate from wo.core.template import WOTemplate
from wo.core.variables import WOVar from wo.core.variables import WOVar
from wo.core.stackconf import WOConf from wo.core.stackconf import WOConf
from wo.core.download import WODownload
def pre_pref(self, apt_packages): def pre_pref(self, apt_packages):
@@ -28,7 +29,7 @@ def pre_pref(self, apt_packages):
if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages): if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages):
# add mariadb repository excepted on raspbian and ubuntu 19.04 # add mariadb repository excepted on raspbian and ubuntu 19.04
if (not WOVar.wo_distro == 'raspbian'): if ((not WOVar.wo_distro == 'raspbian') and (not WOVar.wo_platform_codename == 'focal')):
Log.info(self, "Adding repository for MySQL, please wait...") Log.info(self, "Adding repository for MySQL, please wait...")
mysql_pref = ( mysql_pref = (
"Package: *\nPin: origin mariadb.mirrors.ovh.net" "Package: *\nPin: origin mariadb.mirrors.ovh.net"
@@ -322,14 +323,28 @@ def post_pref(self, apt_packages, packages, upgrade=False):
os.makedirs('/etc/nginx/sites-enabled') os.makedirs('/etc/nginx/sites-enabled')
# 22222 port settings # 22222 port settings
if os.path.exists('/etc/nginx/sites-available/22222'):
Log.debug(self, "looking for the current backend port")
for line in open('/etc/nginx/sites-available/22222',
encoding='utf-8'):
if 'listen' in line:
listen_line = line.strip()
break
port = (listen_line).split(' ')
current_backend_port = (port[1]).strip()
else:
current_backend_port = '22222'
if 'current_backend_port' not in locals():
current_backend_port = '22222'
data = dict(webroot=ngxroot, data = dict(webroot=ngxroot,
release=WOVar.wo_version, port='22222') release=WOVar.wo_version, port=current_backend_port)
if not WOFileUtils.grepcheck( WOTemplate.deploy(
self, 'WordOps', '/etc/nginx/sites-available/22222'): self,
WOTemplate.deploy( '/etc/nginx/sites-available/22222',
self, '22222.mustache', data, overwrite=True)
'/etc/nginx/sites-available/22222',
'22222.mustache', data, overwrite=True)
passwd = ''.join([random.choice passwd = ''.join([random.choice
(string.ascii_letters + string.digits) (string.ascii_letters + string.digits)
for n in range(24)]) for n in range(24)])
@@ -400,7 +415,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
.format(ngxroot))): .format(ngxroot))):
SSL.selfsignedcert(self, proftpd=False, backend=True) SSL.selfsignedcert(self, proftpd=False, backend=True)
if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' if not os.path.exists('{0}22222/conf/nginx/ssl.conf'
.format(ngxroot)): .format(ngxroot)):
with open("/var/www/22222/conf/nginx/" with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as php_file: "ssl.conf", "w") as php_file:
@@ -805,6 +820,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
config['opcache']['opcache.revalidate_freq'] = '5' config['opcache']['opcache.revalidate_freq'] = '5'
config['opcache']['opcache.consistency_checks'] = '0' config['opcache']['opcache.consistency_checks'] = '0'
config['opcache']['opcache.validate_timestamps'] = '1' config['opcache']['opcache.validate_timestamps'] = '1'
config['opcache']['opcache.preload_user'] = 'www-data'
with open('/etc/php/7.4/fpm/php.ini', with open('/etc/php/7.4/fpm/php.ini',
encoding='utf-8', mode='w') as configfile: encoding='utf-8', mode='w') as configfile:
Log.debug(self, "Writting php configuration into " Log.debug(self, "Writting php configuration into "
@@ -943,6 +959,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
config_file.write(config) config_file.write(config)
config_file.close() config_file.close()
else: else:
# make sure root account have all privileges
if "PASSWORD" not in WOShellExec.cmd_exec_stdout( if "PASSWORD" not in WOShellExec.cmd_exec_stdout(
self, 'mysql -e "use mysql; show grants;"'): self, 'mysql -e "use mysql; show grants;"'):
try: try:
@@ -983,8 +1000,12 @@ def post_pref(self, apt_packages, packages, upgrade=False):
inno_buffer=wo_ram_innodb, inno_buffer=wo_ram_innodb,
inno_log_buffer=wo_ram_log_buffer, inno_log_buffer=wo_ram_log_buffer,
innodb_instances=wo_innodb_instance) innodb_instances=wo_innodb_instance)
WOTemplate.deploy( if os.path.exists('/etc/mysql/mariadb.conf.d/50-server.cnf'):
self, '/etc/mysql/my.cnf', 'my.mustache', data) WOTemplate.deploy(
self, '/etc/mysql/my.cnf', 'my.mustache', data)
else:
WOTemplate.deploy(
self, '/etc/mysql/my.cnf', 'my.mustache', data)
# replacing default values # replacing default values
Log.debug(self, "Tuning MySQL configuration") Log.debug(self, "Tuning MySQL configuration")
if os.path.isdir('/etc/systemd/system/mariadb.service.d'): if os.path.isdir('/etc/systemd/system/mariadb.service.d'):
@@ -1016,32 +1037,34 @@ def post_pref(self, apt_packages, packages, upgrade=False):
# create fail2ban configuration files # create fail2ban configuration files
if "fail2ban" in apt_packages: if "fail2ban" in apt_packages:
WOService.restart_service(self, 'fail2ban') WOService.restart_service(self, 'fail2ban')
WOGit.add(self, ["/etc/fail2ban"], if os.path.exists('/etc/fail2ban'):
msg="Adding Fail2ban into Git")
Log.info(self, "Configuring Fail2Ban")
data = dict(release=WOVar.wo_version)
WOTemplate.deploy(
self,
'/etc/fail2ban/jail.d/custom.conf',
'fail2ban.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/wo-wordpress.conf',
'fail2ban-wp.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/nginx-forbidden.conf',
'fail2ban-forbidden.mustache',
data, overwrite=False)
if not WOService.reload_service(self, 'fail2ban'):
WOGit.rollback(
self, ['/etc/fail2ban'], msg="Rollback f2b config")
else:
WOGit.add(self, ["/etc/fail2ban"], WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git") msg="Adding Fail2ban into Git")
Log.info(self, "Configuring Fail2Ban")
data = dict(release=WOVar.wo_version)
WOTemplate.deploy(
self,
'/etc/fail2ban/jail.d/custom.conf',
'fail2ban.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/wo-wordpress.conf',
'fail2ban-wp.mustache',
data, overwrite=False)
WOTemplate.deploy(
self,
'/etc/fail2ban/filter.d/nginx-forbidden.conf',
'fail2ban-forbidden.mustache',
data, overwrite=False)
if not WOService.reload_service(self, 'fail2ban'):
WOGit.rollback(
self, ['/etc/fail2ban'], msg="Rollback f2b config")
WOService.restart_service(self, 'fail2ban')
else:
WOGit.add(self, ["/etc/fail2ban"],
msg="Adding Fail2ban into Git")
# Proftpd configuration # Proftpd configuration
if "proftpd-basic" in apt_packages: if "proftpd-basic" in apt_packages:
@@ -1091,8 +1114,8 @@ def post_pref(self, apt_packages, packages, upgrade=False):
Log.debug(self, "{0}".format(e)) Log.debug(self, "{0}".format(e))
Log.error(self, "Unable to add UFW rules") Log.error(self, "Unable to add UFW rules")
if ((os.path.isfile("/etc/fail2ban/jail.d/custom.conf")) and if ((os.path.exists("/etc/fail2ban/jail.d/custom.conf")) and
(not WOFileUtils.grep( (not WOFileUtils.grepcheck(
self, "/etc/fail2ban/jail.d/custom.conf", self, "/etc/fail2ban/jail.d/custom.conf",
"proftpd"))): "proftpd"))):
with open("/etc/fail2ban/jail.d/custom.conf", with open("/etc/fail2ban/jail.d/custom.conf",
@@ -1248,6 +1271,7 @@ def post_pref(self, apt_packages, packages, upgrade=False):
# PHPMyAdmin # PHPMyAdmin
if any('/var/lib/wo/tmp/pma.tar.gz' == x[1] if any('/var/lib/wo/tmp/pma.tar.gz' == x[1]
for x in packages): for x in packages):
wo_phpmyadmin = WODownload.pma_release(self)
WOExtract.extract( WOExtract.extract(
self, '/var/lib/wo/tmp/pma.tar.gz', '/var/lib/wo/tmp/') self, '/var/lib/wo/tmp/pma.tar.gz', '/var/lib/wo/tmp/')
Log.debug(self, 'Extracting file /var/lib/wo/tmp/pma.tar.gz to ' Log.debug(self, 'Extracting file /var/lib/wo/tmp/pma.tar.gz to '
@@ -1261,7 +1285,9 @@ def post_pref(self, apt_packages, packages, upgrade=False):
.format(WOVar.wo_webroot)) .format(WOVar.wo_webroot))
if not os.path.exists('{0}22222/htdocs/db/pma/' if not os.path.exists('{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot)): .format(WOVar.wo_webroot)):
shutil.move('/var/lib/wo/tmp/phpmyadmin-STABLE/', shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/'
.format(wo_phpmyadmin),
'{0}22222/htdocs/db/pma/' '{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot)) .format(WOVar.wo_webroot))
shutil.copyfile('{0}22222/htdocs/db/pma' shutil.copyfile('{0}22222/htdocs/db/pma'
@@ -1683,6 +1709,7 @@ def pre_stack(self):
if not os.path.isfile('/opt/wo-kernel.sh'): if not os.path.isfile('/opt/wo-kernel.sh'):
WOTemplate.deploy(self, '/opt/wo-kernel.sh', WOTemplate.deploy(self, '/opt/wo-kernel.sh',
'wo-kernel-script.mustache', data) 'wo-kernel-script.mustache', data)
WOFileUtils.chmod(self, '/opt/wo-kernel.sh', 0o700)
if not os.path.isfile('/lib/systemd/system/wo-kernel.service'): if not os.path.isfile('/lib/systemd/system/wo-kernel.service'):
WOTemplate.deploy( WOTemplate.deploy(
self, '/lib/systemd/system/wo-kernel.service', self, '/lib/systemd/system/wo-kernel.service',

12
wo/cli/plugins/stack_upgrade.py
View File

@@ -76,6 +76,7 @@ class WOStackUpgradeController(CementBaseController):
packages = [] packages = []
self.msg = [] self.msg = []
pargs = self.app.pargs pargs = self.app.pargs
wo_phpmyadmin = WODownload.pma_release(self)
if not (pargs.web or pargs.nginx or pargs.php or if not (pargs.web or pargs.nginx or pargs.php or
pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or
pargs.ngxblocker or pargs.all or pargs.netdata or pargs.ngxblocker or pargs.all or pargs.netdata or
@@ -207,7 +208,7 @@ class WOStackUpgradeController(CementBaseController):
"https://files.phpmyadmin.net" "https://files.phpmyadmin.net"
"/phpMyAdmin/{0}/phpMyAdmin-{0}-" "/phpMyAdmin/{0}/phpMyAdmin-{0}-"
"all-languages.tar.gz" "all-languages.tar.gz"
.format(WOVar.wo_phpmyadmin), .format(wo_phpmyadmin),
"/var/lib/wo/tmp/pma.tar.gz", "/var/lib/wo/tmp/pma.tar.gz",
"PHPMyAdmin"]] "PHPMyAdmin"]]
else: else:
@@ -220,10 +221,7 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVar.wo_webroot)): .format(WOVar.wo_webroot)):
Log.debug(self, "Setting packages variable for Adminer ") Log.debug(self, "Setting packages variable for Adminer ")
packages = packages + [[ packages = packages + [[
"https://github.com/vrana/adminer/" "https://www.adminer.org/latest.php",
"releases/download/v{0}"
"/adminer-{0}.php"
.format(WOVar.wo_adminer),
"{0}22222/" "{0}22222/"
"htdocs/db/adminer/index.php" "htdocs/db/adminer/index.php"
.format(WOVar.wo_webroot), .format(WOVar.wo_webroot),
@@ -403,13 +401,13 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVar.wo_webroot)), .format(WOVar.wo_webroot)),
('/var/lib/wo/tmp/phpMyAdmin-{0}' ('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/config.inc.php' '-all-languages/config.inc.php'
.format(WOVar.wo_phpmyadmin)) .format(wo_phpmyadmin))
) )
WOFileUtils.rm(self, '{0}22222/htdocs/db/pma' WOFileUtils.rm(self, '{0}22222/htdocs/db/pma'
.format(WOVar.wo_webroot)) .format(WOVar.wo_webroot))
shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}' shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
'-all-languages/' '-all-languages/'
.format(WOVar.wo_phpmyadmin), .format(wo_phpmyadmin),
'{0}22222/htdocs/db/pma/' '{0}22222/htdocs/db/pma/'
.format(WOVar.wo_webroot)) .format(WOVar.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs" WOFileUtils.chown(self, "{0}22222/htdocs"

2
wo/cli/templates/my.mustache
View File

@@ -143,7 +143,7 @@ innodb_file_per_table = 1
innodb_open_files = 500000 innodb_open_files = 500000
innodb_io_capacity = 500000 innodb_io_capacity = 500000
innodb_flush_method = O_DIRECT innodb_flush_method = O_DIRECT
innodb_buffer_pool_instances = {{innodb_instances}} innodb_buffer_pool_instances = 1
# #
# * Security Features # * Security Features
# #

11
wo/cli/templates/sysctl.mustache
View File

@@ -64,6 +64,13 @@ fs.suid_dumpable = 0
# Hide exposed kernel pointers # Hide exposed kernel pointers
kernel.kptr_restrict = 1 kernel.kptr_restrict = 1
# Restrict access to kernel logs
kernel.dmesg_restrict = 1
# Restrict ptrace scope
kernel.yama.ptrace_scope = 1
### ###
### IMPROVE SYSTEM MEMORY MANAGEMENT ### ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
### ###
@@ -96,6 +103,9 @@ vm.min_free_kbytes = 65535
### GENERAL NETWORK SECURITY OPTIONS ### ### GENERAL NETWORK SECURITY OPTIONS ###
### ###
# Harden BPF JIT compiler
net.core.bpf_jit_harden = 1
#Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached) #Prevent SYN attack, enable SYNcookies (they will kick-in when the max_syn_backlog reached)
net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_syn_retries = 2
@@ -206,7 +216,6 @@ net.core.optmem_max = 65535
net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.tcp_max_tw_buckets = 1440000
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT) # try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_reuse = 1
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory # Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory

18
wo/core/download.py
View File

@@ -36,7 +36,7 @@ class WODownload():
return False return False
return 0 return 0
def latest_release(self, repository): def latest_release(self, repository, name=False):
"""Get the latest release number of a GitHub repository.\n """Get the latest release number of a GitHub repository.\n
repository format should be: \"user/repo\"""" repository format should be: \"user/repo\""""
try: try:
@@ -48,5 +48,19 @@ class WODownload():
except requests.RequestException as e: except requests.RequestException as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
Log.error(self, "Unable to query GitHub API") Log.error(self, "Unable to query GitHub API")
if name:
return github_json["name"]
else:
return github_json["tag_name"]
return github_json["tag_name"] def pma_release(self):
"""Get the latest phpmyadmin release number from a json file"""
try:
req = requests.get(
'https://www.phpmyadmin.net/home_page/version.json',
timeout=(5, 30))
pma_json = req.json()
except requests.RequestException as e:
Log.debug(self, str(e))
Log.error(self, "Unable to query phpmyadmin API")
return pma_json["version"]

5
wo/core/mysql.py
View File

@@ -31,9 +31,8 @@ class WOMysql():
# Makes connection with MySQL server # Makes connection with MySQL server
try: try:
if os.path.exists('/etc/mysql/conf.d/my.cnf'): if os.path.exists('/etc/mysql/conf.d/my.cnf'):
connection = \ connection = pymysql.connect(
pymysql.connect(read_default_file='/etc/mysql/' read_default_file='/etc/mysql/conf.d/my.cnf')
'conf.d/my.cnf')
else: else:
connection = pymysql.connect(read_default_file='~/.my.cnf') connection = pymysql.connect(read_default_file='~/.my.cnf')
return connection return connection

20
wo/core/variables.py
View File

@@ -14,11 +14,11 @@ class WOVar():
"""Intialization of core variables""" """Intialization of core variables"""
# WordOps version # WordOps version
wo_version = "3.11.4" wo_version = "3.12.0"
# WordOps packages versions # WordOps packages versions
wo_wp_cli = "2.4.0" wo_wp_cli = "2.4.0"
wo_adminer = "4.7.5" wo_adminer = "4.7.5"
wo_phpmyadmin = "5.0.1" wo_phpmyadmin = "5.0.2"
wo_extplorer = "2.1.13" wo_extplorer = "2.1.13"
wo_dashboard = "1.2" wo_dashboard = "1.2"
@@ -140,18 +140,22 @@ class WOVar():
"zip", "xml", "soap"] "zip", "xml", "soap"]
wo_php72 = [] wo_php72 = []
for module in wo_module: for module in wo_module:
wo_php72 = wo_php72 + ["php7.2-{0}".format(module), wo_php72 = wo_php72 + ["php7.2-{0}".format(module)]
"php7.2-recode"] wo_php72 = wo_php72 + ["php7.2-recode"]
wo_php73 = [] wo_php73 = []
for module in wo_module: for module in wo_module:
wo_php73 = wo_php73 + ["php7.3-{0}".format(module), wo_php73 = wo_php73 + ["php7.3-{0}".format(module)]
"php7.3-recode"] wo_php73 = wo_php73 + ["php7.3-recode"]
wo_php74 = [] wo_php74 = []
for module in wo_module: for module in wo_module:
wo_php74 = wo_php74 + ["php7.4-{0}".format(module)] wo_php74 = wo_php74 + ["php7.4-{0}".format(module)]
wo_php_extra = ["php-memcached", "php-imagick", "php-igbinary", if not wo_platform_codename == 'focal':
"graphviz", "php-xdebug", "php-msgpack", "php-redis"] wo_php_extra = ["php-memcached", "php-imagick", "php-igbinary",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
else:
wo_php_extra = ["php-imagick", "php-igbinary",
"graphviz", "php-xdebug", "php-msgpack", "php-redis"]
wo_mysql = ["mariadb-server", "percona-toolkit"] wo_mysql = ["mariadb-server", "percona-toolkit"]
if wo_distro == 'raspbian': if wo_distro == 'raspbian':