diff --git a/.travis.yml b/.travis.yml index 55e40ed..152b3c5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,26 +25,26 @@ script: - sudo wo --help - sudo wo site create wp-php73.net --wp --php73 || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo stack install || sudo tail -n50 /var/log/wo/wordops.log - sudo wo stack install --admin || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create html.net --html && sudo wo site create php.com --php && sudo wo site create mysql.com --mysql || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create proxy.com --proxy=127.0.0.1:3000 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wp1.com --wp || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo site create wpsc1.net --wpsc && sudo wo site create wpfc1.com --wpfc || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsc-php73.net --wpsc --php73 && sudo wo site create wpfc-php73.net --wpfc --php73 || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo site create wpredis.net --wpredis && sudo wo site create wpredis-php73.net --wpredis --php73 || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo site create wpsubdir1.com --wpsubdir && sudo wo site create wpsubdir-php73.com --wpsubdir --php73 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsubdirwpsc1.com --wpsubdir --wpsc && sudo wo site create wpsubdirwpsc2.com --wpsubdir --wpfc || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo site create wpsubdirwpsc1-php73.com --wpsubdir --wpsc --php73 && sudo wo site create wpsubdirwpsc2-php73.com --wpsubdir --wpfc --php73 || sudo tail -n50 /var/log/wo/wordops.log - + - sudo wo site create wpsubdomain1.com --wpsubdomain && sudo wo site create wpsubdomain1-php73.com --wpsubdomain --php73 || sudo tail -n50 /var/log/wo/wordops.log - sudo wo site create wpsubdomainwpsc.org --wpsubdomain --wpsc && sudo wo site create wpsubdomainwpfc.org --wpsubdomain --wpfc && sudo wo site create wpsubdomainwpfc2.in --wpfc --wpsubdomain || sudo tail -n50 /var/log/wo/wordops.log @@ -59,6 +59,7 @@ script: - sudo ls /var/www/ - sudo wp --allow-root --info + - sudo wo info || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'nginx -T 2>&1 > /var/log/wo/nginx.log 2>&1' || sudo tail -n50 /var/log/wo/wordops.log - sudo bash -c 'tar -I pigz -cf wordops.tar.gz /var/log/wo' - sudo curl --progress-bar --upload-file "wordops.tar.gz" https://transfer.vtbox.net/$(basename wordops.tar.gz) && echo "" || sudo echo "transfer.sh is down" diff --git a/CHANGELOG.md b/CHANGELOG.md index f9145ec..d885c88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Install script handle migration from EEv3 - load-balancing on unix socket for php-fpm - stub_status vhost for metrics +- "--letsencrypt=subdomain" option - opcache optimization for php-fpm - EasyEngine configuration backup before migration - EasyEngine configuration cleanup after migration @@ -29,11 +30,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - letsencrypt stack refactored with acme.sh - letsencrypt validation with webroot folder -- "--letsencrypt=subdomain" option - hardened nginx ssl_ecdh_curve - Update phpredisadmin - Increase MySQL root password size to 16 characters - Increase MySQL users password size to 16 characters +- Nginx locations template is the same for php7.2 & 7.3 #### Fixed @@ -47,6 +48,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - PHP 7.2 & PHP 7.3 pool configuration during upgrade - WordOps backup directory creation before upgrade - EasyEngine database sync during migration +- command "wo info" ### v3.9.4 - 2019-03-15 diff --git a/README.md b/README.md index 3c0ae8d..00b2ba3 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@

An essential toolset that eases WordPress site and server administration

-WordOps

- +WordOps +

build @@ -31,13 +31,13 @@ ## Key Features -- Easy Migration from EasyEngine v3 -- Automated WordPress, Nginx, PHP, MySQL & Redis installation -- Nginx 1.14.2 with Brotli support, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 -- Hardened WordPress security with strict Nginx location directives -- Optimized Nginx configurations with multiple cache backends support -- Let's Encrypt SSL certificates handled by Acme.sh -- Secured SSL/TLS encryption with strong ciphers_suite and modern TLS protocols +- **Easy to install** : One step automated installer with migration from EasyEngine v3 support +- **Fast deployment** : Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation +- **Up-to-date** : Nginx 1.14.2 with Brotli support, PHP 7.2 & 7.3, MariaDB 10.3 & Redis 5.0 +- **Secured** : Hardened WordPress security with strict Nginx location directives +- **Powerful** : Optimized Nginx configurations with multiple cache backends support +- **SSL** : Let's Encrypt SSL certificates handled by Acme.sh +- **Modern** : Secured SSL/TLS encryption with strong ciphers_suite and modern TLS protocols ## Requirements @@ -78,8 +78,6 @@ If you are going to migrate from EasyEngine v3, here some important informations - php5.6 and php7.0 will not be removed or uninstalled - previous Nginx common configurations will not be overwritted -A tutorial will be available soon to explain how to fully migrate from EasyEngine v3 to WordOps. - ## Usage ### Standard WordPress sites @@ -149,11 +147,13 @@ For any other questions/suggestions about WordOps or if you need support, please # Contributing If you'd like to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. +There is no need to be a developer or a system administrator to contribute to WordOps project. You can still contribute by helping us to improve [WordOps documentation](https://github.com/WordOps/docs.wordops.io). ## Credits - Main source : [EasyEngine](https://github.com/easyengine/easyengine) - Acme client : [Acme.sh](https://github.com/Neilpang/acme.sh) +- WordPress deployment : [WP-CLI](https://github.com/wp-cli/wp-cli) ## License diff --git a/install b/install index 1fede4e..ef6d4e6 100644 --- a/install +++ b/install @@ -7,7 +7,7 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.4 - 2019-03-22 +# Version 3.9.5 - 2019-03-27 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" readonly wo_version_new="3.9.4.3" @@ -425,7 +425,7 @@ wo_upgrade_nginx() { rm -f /tmp/nginx-wo.key sudo apt-get update - CHECK_NGINX_UPSTREAM_VERSION=$(grep "v3.9.5" /etc/nginx/conf.d/upstream.conf) + CHECK_NGINX_UPSTREAM_VERSION=$(grep "v3.9.5" /etc/nginx/conf.d/fastcgi.conf) if [ -z "$CHECK_NGINX_UPSTREAM_VERSION" ]; then # stop nginx diff --git a/wo/cli/plugins/info.py b/wo/cli/plugins/info.py index 467334a..4f0025f 100644 --- a/wo/cli/plugins/info.py +++ b/wo/cli/plugins/info.py @@ -41,9 +41,9 @@ class WOInfoController(CementBaseController): @expose(hide=True) def info_nginx(self): """Display Nginx information""" - version = os.popen("nginx -v 2 > &1 | awk - F '/' '{print $2}' | '" - "awk -F ' ' '{print $1}'").read() - allow = os.popen("grep allow /etc/nginx/common/acl.conf | " + version = os.popen("nginx -v 2>&1 | awk -F '/' '{print $2}' | " + "awk -F ' ' '{print $1}' | tr '\n' ' '").read() + allow = os.popen("grep ^allow /etc/nginx/common/acl.conf | " "cut -d' ' -f2 | cut -d';' -f1 | tr '\n' ' '").read() nc = NginxConfig() nc.loadf('/etc/nginx/nginx.conf') diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 92dcf5f..439bd1a 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -994,11 +994,13 @@ class WOSiteUpdateController(CementBaseController): renewLetsEncrypt(self, wo_domain) else: Log.error( - self, "You have more than 30 days with the current certificate - refusing to run.") + self, "You have more than 30 days with the current " + "certificate - refusing to run.") else: Log.error( - self, "Cannot renew - HTTPS is not configured for the given site. Install LE first...") + self, "Cannot renew - HTTPS is not configured for " + "the given site. Install LE first...") if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1013,7 +1015,8 @@ class WOSiteUpdateController(CementBaseController): else: Log.warn( - self, "The certificate seems to be already expired. Please renew it as soon as possible...") + self, "The certificate seems to be already expired. " + "Please renew it as soon as possible...") return 0 if pargs.all and pargs.letsencrypt == "renew": @@ -1024,15 +1027,16 @@ class WOSiteUpdateController(CementBaseController): return 0 min_expiry_days = 30 if (expiry_days <= min_expiry_days): - renewLetsEncrypt(self, wo_domain) + Log.info(self, "Certificate was successfully renewed") if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") - Log.info(self, "SUCCESS: Certificate was successfully renewed For" - " https://{0}".format(wo_domain)) + Log.info(self, "SUCCESS: Certificate was successfully " + "renewed For https://{0}".format(wo_domain)) else: Log.info( - self, "You have more than 30 days with the current certificate - refusing to run.\n") + self, "You have more than 30 days with the current " + "certificate - refusing to run.\n") if (SSL.getExpirationDays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + @@ -1044,7 +1048,8 @@ class WOSiteUpdateController(CementBaseController): # Log.warn(self, "Your cert already EXPIRED ! .PLEASE renew soon . ") else: Log.info( - self, "SSL not configured for site http://{0}".format(wo_domain)) + self, "SSL not configured for " + "site http://{0}".format(wo_domain)) return 0 if pargs.all and pargs.letsencrypt == "off": @@ -1404,7 +1409,8 @@ class WOSiteUpdateController(CementBaseController): wo_site_webroot) else: Log.debug( - self, "Updating wp-config.php failed. File could not be located.") + self, "Updating wp-config.php failed. " + "File could not be located.") Log.error( self, "wp-config.php could not be located !!") raise SiteError diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 28a3faa..32987e7 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -141,7 +141,7 @@ def setupdomain(self, data): def setupdatabase(self, data): wo_domain_name = data['site_name'] wo_random = (''.join(random.sample(string.ascii_uppercase + - string.ascii_lowercase + string.digits, 15))) + string.ascii_lowercase + string.digits, 24))) wo_replace_dot = wo_domain_name.replace('.', '_') prompt_dbname = self.app.config.get('mysql', 'db-name') prompt_dbuser = self.app.config.get('mysql', 'db-user') @@ -804,8 +804,8 @@ def site_package_check(self, stype): not os.path.isfile("/etc/nginx/common/php73.conf")): data = dict() Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php73.conf') - wo_nginx = open('/etc/nginx/common/locations-php73.conf', + 'file /etc/nginx/common/locations-wo.conf') + wo_nginx = open('/etc/nginx/common/locations-wo.conf', encoding='utf-8', mode='w') self.app.render((data), 'locations-php7.mustache', out=wo_nginx) @@ -1197,11 +1197,23 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='', # setup letsencrypt for domain + www.domain def setupLetsEncrypt(self, wo_domain_name): - if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf" - .format(wo_domain_name)): - Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" - .format(wo_domain_name)) - ssl = archivedCertificateHandle(self, wo_domain_name) + if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"): + if os.path.isfile("/etc/letsencrypt/" + "renewal/{0}_ecc/" + "fullchain.cer".format(wo_domain_name)): + Log.debug(self, "Let's Encrypt certificate " + "found for the domain: {0}" + .format(wo_domain_name)) + ssl = archivedCertificateHandle(self, wo_domain_name) + else: + Log.info(self, "Issuing SSL cert with acme.sh") + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -d www.{0} -w /var/www/html " + "-k ec-384 --force" + .format(wo_domain_name)) else: Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " @@ -1266,11 +1278,23 @@ def setupLetsEncrypt(self, wo_domain_name): def setupLetsEncryptSubdomain(self, wo_domain_name): - if os.path.isfile("{0}/{1}_ecc/{1}.conf" - .format(WOVariables.wo_ssl_archive, wo_domain_name)): - Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" - .format(wo_domain_name)) - ssl = archivedCertificateHandle(self, wo_domain_name) + if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"): + if os.path.isfile("/etc/letsencrypt/" + "renewal/{0}_ecc/" + "fullchain.cer".format(wo_domain_name)): + Log.debug(self, "Let's Encrypt certificate " + "found for the domain: {0}" + .format(wo_domain_name)) + ssl = archivedCertificateHandle(self, wo_domain_name) + else: + Log.info(self, "Issuing SSL cert with acme.sh") + ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " + "--config-home " + "'/etc/letsencrypt/config' " + "--issue " + "-d {0} -w /var/www/html " + "-k ec-384 --force" + .format(wo_domain_name)) else: Log.info(self, "Issuing SSL cert with acme.sh") ssl = WOShellExec.cmd_exec(self, "/etc/letsencrypt/acme.sh " diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index d3bef64..5e2d166 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -271,8 +271,8 @@ class WOStackController(CementBaseController): wo_nginx.close() Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php72.conf') - wo_nginx = open('/etc/nginx/common/locations-php72.conf', + 'file /etc/nginx/common/locations-wo.conf') + wo_nginx = open('/etc/nginx/common/locations-wo.conf', encoding='utf-8', mode='w') self.app.render((data), 'locations.mustache', out=wo_nginx) @@ -321,14 +321,6 @@ class WOStackController(CementBaseController): # php73 conf if not os.path.isfile("/etc/nginx/common/php73.conf"): # data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php73.conf') - wo_nginx = open('/etc/nginx/common/locations-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'locations-php7.mustache', - out=wo_nginx) - wo_nginx.close() - Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/php73.conf') wo_nginx = open('/etc/nginx/common/php73.conf', @@ -369,6 +361,15 @@ class WOStackController(CementBaseController): out=wo_nginx) wo_nginx.close() + if not os.path.isfile("/etc/nginx/common/locations-wo.conf"): + Log.debug(self, 'Writting the nginx configuration to ' + 'file /etc/nginx/common/locations-wo.conf') + wo_nginx = open('/etc/nginx/common/locations-wo.conf', + encoding='utf-8', mode='w') + self.app.render((data), 'locations.mustache', + out=wo_nginx) + wo_nginx.close() + # Nginx-Plus does not have nginx # package structure like this # So creating directories @@ -564,13 +565,6 @@ class WOStackController(CementBaseController): if (os.path.isdir("/etc/nginx/common") and not os.path.isfile("/etc/nginx/common/php73.conf")): data = dict() - Log.debug(self, 'Writting the nginx configuration to ' - 'file /etc/nginx/common/locations-php73.conf') - wo_nginx = open('/etc/nginx/common/locations-php73.conf', - encoding='utf-8', mode='w') - self.app.render((data), 'locations-php7.mustache', - out=wo_nginx) - wo_nginx.close() Log.debug(self, 'Writting the nginx configuration to ' 'file /etc/nginx/common/php73.conf') @@ -1400,6 +1394,9 @@ class WOStackController(CementBaseController): # set redis.conf parameter # set maxmemory 10% for ram below 512MB and 20% for others # set maxmemory-policy allkeys-lru + # enable systemd service + Log.debug(self, "Enabling redis systemd service") + WOShellExec.cmd_exec(self, "systemctl enable redis-server") if os.path.isfile("/etc/redis/redis.conf"): if WOVariables.wo_ram < 512: Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" @@ -1410,6 +1407,7 @@ class WOStackController(CementBaseController): self, "Setting maxmemory-policy variable to allkeys-lru in redis.conf") WOShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy allkeys-lru/' " "/etc/redis/redis.conf") + WOService.restart_service(self, 'redis-server') else: Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" @@ -1470,17 +1468,24 @@ class WOStackController(CementBaseController): # PHP 7.2 if self.app.pargs.php: Log.debug(self, "Removing apt_packages variable of PHP") - if not WOAptGet.is_installed(self, 'php7.2-fpm'): - apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + if WOAptGet.is_installed(self, 'php7.2-fpm'): + if not WOAptGet.is_installed(self, 'php7.3-fpm'): + apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + else: + apt_packages = apt_packages + WOVariables.wo_php + else: + Log.error(self, "PHP 7.2 not found") # PHP7.3 if self.app.pargs.php73: Log.debug(self, "Removing apt_packages variable of PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): + if WOAptGet.is_installed(self, 'php7.3-fpm'): if not (WOAptGet.is_installed(self, 'php7.2-fpm')): apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php73 + else: + Log.error(self, "PHP 7.3 not found") # REDIS if self.app.pargs.redis: @@ -1554,15 +1559,6 @@ class WOStackController(CementBaseController): Log.info(self, "Successfully removed packages") - # Added for Ondrej Repo missing package Fix - if self.app.pargs.php: - if WOAptGet.is_installed(self, 'php7.2-fpm'): - Log.info(self, "PHP7.2-fpm found on system.") - Log.info( - self, "Verifying and installing missing packages,") - WOShellExec.cmd_exec( - self, "apt-get install -y php-memcached php-igbinary") - @expose(help="Purge packages") def purge(self): """Start purging of packages""" @@ -1607,21 +1603,25 @@ class WOStackController(CementBaseController): # PHP if self.app.pargs.php: Log.debug(self, "Purge apt_packages variable PHP") - if not WOAptGet.is_installed(self, 'php7.2-fpm'): - apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + if WOAptGet.is_installed(self, 'php7.2-fpm'): + if not (WOAptGet.is_installed(self, 'php7.3-fpm')): + apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + else: + apt_packages = apt_packages + WOVariables.wo_php else: Log.error(self, "Cannot Purge PHP 7.2. not found.") # PHP 7.3 if self.app.pargs.php73: Log.debug(self, "Removing apt_packages variable of PHP 7.3") - if not WOAptGet.is_installed(self, 'php7.3-fpm'): + if WOAptGet.is_installed(self, 'php7.3-fpm'): if not (WOAptGet.is_installed(self, 'php7.2-fpm')): apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra else: apt_packages = apt_packages + WOVariables.wo_php73 else: Log.error(self, "Cannot Purge PHP 7.3. not found.") + # WP-CLI if self.app.pargs.wpcli: Log.debug(self, "Purge package variable WPCLI") diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index 6ac25aa..0e844aa 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -72,7 +72,7 @@ class WOStackUpgradeController(CementBaseController): WOAptGet.update(self) Log.info(self, "Installing packages, please wait ...") WOAptGet.install(self, WOVariables.wo_php + - WOVariables.wo_php_extra) + WOVariables.wo_php_extra) @expose(hide=True) def default(self): @@ -106,7 +106,10 @@ class WOStackUpgradeController(CementBaseController): if self.app.pargs.php: if WOAptGet.is_installed(self, 'php7.2-fpm'): - apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + if not WOAptGet.is_installed(self, 'php7.3-fpm'): + apt_packages = apt_packages + WOVariables.wo_php + WOVariables.wo_php_extra + else: + apt_packages = apt_packages + WOVariables.wo_php else: Log.info(self, "PHP 7.2 is not installed") diff --git a/wo/cli/templates/22222.mustache b/wo/cli/templates/22222.mustache index 232e88f..82bfcb6 100644 --- a/wo/cli/templates/22222.mustache +++ b/wo/cli/templates/22222.mustache @@ -1,4 +1,4 @@ -# WordOps admin NGINX CONFIGURATION +# WordOps admin NGINX CONFIGURATION - WO v3.9.5 server { @@ -21,7 +21,7 @@ server { # HTTP Authentication on port 22222 include common/acl.conf; - + # nginx-vts-status location /vts_status { vhost_traffic_status_display; @@ -47,7 +47,7 @@ server { include fastcgi_params; fastcgi_pass php72; } - + location /netdata { return 301 /netdata/; } diff --git a/wo/cli/templates/fastcgi.mustache b/wo/cli/templates/fastcgi.mustache index fcf02bd..be7469a 100644 --- a/wo/cli/templates/fastcgi.mustache +++ b/wo/cli/templates/fastcgi.mustache @@ -1,4 +1,4 @@ -# FastCGI cache settings +# FastCGI cache settings - WO v3.9.5 fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m inactive=60m max_size=256M; fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; diff --git a/wo/cli/templates/locations-php7.mustache b/wo/cli/templates/locations-php7.mustache index 9576ff3..267891c 100644 --- a/wo/cli/templates/locations-php7.mustache +++ b/wo/cli/templates/locations-php7.mustache @@ -1,4 +1,4 @@ -# NGINX CONFIGURATION FOR COMMON LOCATION +# NGINX CONFIGURATION FOR COMMON LOCATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # Basic locations files location = /favicon.ico { @@ -52,29 +52,3 @@ location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|b location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; } -# Status pages -location = /nginx_status { - stub_status on; - access_log off; - include common/acl.conf; -} -location ~ ^/(status|ping)$ { - include fastcgi_params; - fastcgi_pass php73; - include common/acl.conf; -} -# WordOps (wo) utilities -# phpMyAdmin settings -location = /pma { - return 301 https://$host:22222/db/pma; -} -location = /phpMyAdmin { - return 301 https://$host:22222/db/pma; -} -location = /phpmyadmin { - return 301 https://$host:22222/db/pma; -} -# Adminer settings -location = /adminer { - return 301 https://$host:22222/db/adminer; -} diff --git a/wo/cli/templates/locations.mustache b/wo/cli/templates/locations.mustache index 88c98b4..267891c 100644 --- a/wo/cli/templates/locations.mustache +++ b/wo/cli/templates/locations.mustache @@ -1,4 +1,4 @@ -# NGINX CONFIGURATION FOR COMMON LOCATION +# NGINX CONFIGURATION FOR COMMON LOCATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # Basic locations files location = /favicon.ico { @@ -52,29 +52,3 @@ location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|b location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; } -# Status pages -location = /nginx_status { - stub_status on; - access_log off; - include common/acl.conf; -} -location ~ ^/(status|ping)$ { - include fastcgi_params; - fastcgi_pass php72; - include common/acl.conf; -} -# WordOps (wo) utilities -# phpMyAdmin settings -location = /pma { - return 301 https://$host:22222/db/pma; -} -location = /phpMyAdmin { - return 301 https://$host:22222/db/pma; -} -location = /phpmyadmin { - return 301 https://$host:22222/db/pma; -} -# Adminer settings -location = /adminer { - return 301 https://$host:22222/db/adminer; -} diff --git a/wo/cli/templates/map-wp.mustache b/wo/cli/templates/map-wp.mustache index cd6b21e..a289cee 100644 --- a/wo/cli/templates/map-wp.mustache +++ b/wo/cli/templates/map-wp.mustache @@ -1,4 +1,4 @@ -# NGINX CONFIGURATION FOR FASTCGI_CACHE EXCEPTION +# NGINX CONFIGURATION FOR FASTCGI_CACHE EXCEPTION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # do not cache xhtml request @@ -52,4 +52,3 @@ map $skip_cache $cache_uri { default 'null cache'; 0 $request_uri; } - diff --git a/wo/cli/templates/php.mustache b/wo/cli/templates/php.mustache index 7288f48..59903a8 100644 --- a/wo/cli/templates/php.mustache +++ b/wo/cli/templates/php.mustache @@ -1,4 +1,4 @@ -# PHP NGINX CONFIGURATION +# PHP NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE location / { try_files $uri $uri/ /index.php$is_args$args; diff --git a/wo/cli/templates/php7.mustache b/wo/cli/templates/php7.mustache index d0ab167..4005572 100644 --- a/wo/cli/templates/php7.mustache +++ b/wo/cli/templates/php7.mustache @@ -1,4 +1,4 @@ -# PHP NGINX CONFIGURATION +# PHP NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE location / { try_files $uri $uri/ /index.php$is_args$args; diff --git a/wo/cli/templates/redis-php7.mustache b/wo/cli/templates/redis-php7.mustache index 217509d..5e21f7a 100644 --- a/wo/cli/templates/redis-php7.mustache +++ b/wo/cli/templates/redis-php7.mustache @@ -1,4 +1,4 @@ -# Redis NGINX CONFIGURATION +# Redis NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $skip_cache variable set in /etc/nginx/conf.d/map-wp.conf diff --git a/wo/cli/templates/redis.mustache b/wo/cli/templates/redis.mustache index 0a7004f..cdde0b1 100644 --- a/wo/cli/templates/redis.mustache +++ b/wo/cli/templates/redis.mustache @@ -1,4 +1,4 @@ -# Redis NGINX CONFIGURATION +# Redis NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $skip_cache variable set in /etc/nginx/conf.d/map-wp.conf diff --git a/wo/cli/templates/upstream.mustache b/wo/cli/templates/upstream.mustache index fe3aa45..26e06b9 100644 --- a/wo/cli/templates/upstream.mustache +++ b/wo/cli/templates/upstream.mustache @@ -1,4 +1,4 @@ -# NGINX UPSTREAM CONFIGURATION v3.9.5 +# NGINX UPSTREAM CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE #------------------------------- # PHP 5.6 diff --git a/wo/cli/templates/virtualconf-php7.mustache b/wo/cli/templates/virtualconf-php7.mustache index c06e1e7..625fd2a 100644 --- a/wo/cli/templates/virtualconf-php7.mustache +++ b/wo/cli/templates/virtualconf-php7.mustache @@ -25,7 +25,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - + # Security settings for better privacy # Deny hidden files location ~ /\.(?!well-known\/) { @@ -52,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php73.conf;{{/basic}}{{#wpfc}}common/wpfc-php73.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php73.conf;{{/wpsc}}{{#wpredis}}common/redis-php73.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php73.conf;{{/wp}} - include common/locations-php73.conf;{{/proxy}} + include common/locations-wo.conf;{{/proxy}} include {{webroot}}/conf/nginx/*.conf; - + } diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache index 5aea885..d8610de 100644 --- a/wo/cli/templates/virtualconf.mustache +++ b/wo/cli/templates/virtualconf.mustache @@ -13,7 +13,7 @@ server { #server_name_in_redirect off; {{/multisite}} - access_log /var/log/nginx/{{site_name}}.access.log {{^wpredis}}{{^static}}rt_cache{{/static}}{{/wpredis}}{{#wpredis}}rt_cache_redis{{/wpredis}}; + access_log /var/log/nginx/{{site_name}}.access.log {{^wpredis}}{{^static}}rt_cache{{/static}}{{/wpredis}}{{#wpredis}}rt_cache_redis{{/wpredis}}; error_log /var/log/nginx/{{site_name}}.error.log; {{#proxy}} @@ -25,7 +25,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - + # Security settings for better privacy # Deny hidden files location ~ /\.(?!well-known\/) { @@ -40,7 +40,7 @@ server { {{^proxy}} root {{webroot}}/htdocs; - + index {{^static}}index.php{{/static}} index.html index.htm; {{#static}} @@ -52,7 +52,7 @@ server { {{^static}}include {{#basic}}common/php72.conf;{{/basic}}{{#wpfc}}common/wpfc-php72.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php72.conf;{{/wpsc}}{{#wpredis}}common/redis-php72.conf;{{/wpredis}} {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}} {{#wp}}include common/wpcommon-php72.conf;{{/wp}} - include common/locations-php72.conf;{{/proxy}} + include common/locations-wo.conf;{{/proxy}} include {{webroot}}/conf/nginx/*.conf; - + } diff --git a/wo/cli/templates/webp.mustache b/wo/cli/templates/webp.mustache index db3aac4..3ed187b 100644 --- a/wo/cli/templates/webp.mustache +++ b/wo/cli/templates/webp.mustache @@ -1,4 +1,4 @@ -# WEBP NGINX CONFIGURATION +# WEBP NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE map $http_accept $webp_suffix { diff --git a/wo/cli/templates/wpcommon-php7.mustache b/wo/cli/templates/wpcommon-php7.mustache index e99977b..52054ad 100644 --- a/wo/cli/templates/wpcommon-php7.mustache +++ b/wo/cli/templates/wpcommon-php7.mustache @@ -1,4 +1,4 @@ -# WordPress COMMON SETTINGS +# WordPress COMMON SETTINGS - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # Limit access to avoid brute force attack location = /wp-login.php { diff --git a/wo/cli/templates/wpcommon.mustache b/wo/cli/templates/wpcommon.mustache index 89f0e92..8ddc377 100644 --- a/wo/cli/templates/wpcommon.mustache +++ b/wo/cli/templates/wpcommon.mustache @@ -1,4 +1,4 @@ -# WordPress COMMON SETTINGS +# WordPress COMMON SETTINGS - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # Limit access to avoid brute force attack location = /wp-login.php { diff --git a/wo/cli/templates/wpfc-php7.mustache b/wo/cli/templates/wpfc-php7.mustache index aa7f087..3667c40 100644 --- a/wo/cli/templates/wpfc-php7.mustache +++ b/wo/cli/templates/wpfc-php7.mustache @@ -1,4 +1,4 @@ -# WPFC NGINX CONFIGURATION +# WPFC NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $skip_cache variable set in /etc/nginx/conf.d/map-wp.conf diff --git a/wo/cli/templates/wpfc.mustache b/wo/cli/templates/wpfc.mustache index 12258d8..447870f 100644 --- a/wo/cli/templates/wpfc.mustache +++ b/wo/cli/templates/wpfc.mustache @@ -1,4 +1,4 @@ -# WPFC NGINX CONFIGURATION +# WPFC NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $skip_cache variable set in /etc/nginx/conf.d/map-wp.conf diff --git a/wo/cli/templates/wpsc-php7.mustache b/wo/cli/templates/wpsc-php7.mustache index 9c5267e..1fe48a6 100644 --- a/wo/cli/templates/wpsc-php7.mustache +++ b/wo/cli/templates/wpsc-php7.mustache @@ -1,4 +1,4 @@ -# WPSC NGINX CONFIGURATION +# WPSC NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $cache_uri variable set in /etc/nginx/conf.d/map-wp.conf diff --git a/wo/cli/templates/wpsc.mustache b/wo/cli/templates/wpsc.mustache index d1f795c..cfe5070 100644 --- a/wo/cli/templates/wpsc.mustache +++ b/wo/cli/templates/wpsc.mustache @@ -1,4 +1,4 @@ -# WPSC NGINX CONFIGURATION +# WPSC NGINX CONFIGURATION - WO v3.9.5 # DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE # $cache_uri variable set in /etc/nginx/conf.d/map-wp.conf