Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #119 from WordOps/updating-configuration

Browse Source 
Updating configuration
This commit is contained in:
VirtuBox
2019-08-18 12:43:40 +02:00
committed by GitHub
parent 042ac2a9eb a5d0eed9a7
commit f9cbc872c1
16 changed files with 571 additions and 521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.editorconfig
View File

@@ -5,5 +5,5 @@ indent_style = space
indent_size = 4
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = false
trim_trailing_whitespace = true
insert_final_newline = false

695
CHANGELOG.md
View File

@@ -1,344 +1,353 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Releases
### v3.9.x - [Unreleased]
#### Changed
- Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf
#### Fixed
- MySQLTuner installation
- `wo stack remove/purge --all`
- variable substitution in install script
### v3.9.8 - 2019-08-16
#### Added
- Allow web browser caching for json and webmanifest files
- nginx-core.mustache template used to render nginx.conf during stack setup
- APT Packages configuration step with `wo stack upgrade` to apply new configurations
- Cloudflare restore real_ip configuration
- WP-Rocket plugin support with the flag `--wprocket`
- Cache-Enabler plugin support with the flag `--wpce`
- Install unattended-upgrade and enable automated security updates
- Enable time synchronization with ntp
- Additional cache exception for woocommerce
#### Changed
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default)
- Moving package configuration in a new plugin stack_pref.py
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered
- Disable temporary adding swap feature (not working)
- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration
#### Fixed
- Error in HSTS header syntax
### v3.9.7.2 - 2019-08-12
#### Fixed
- redis.conf permissions additional fix
### v3.9.7.1 - 2019-08-09
#### Changed
- Set WordOps backend password length from 16 to 24
- Upgrade framework cement to 2.6.0
- Upgrade PyMySQL to 0.9.3
- Upgrade Psutil to 5.6.3
#### Fixed
- Missing import in `wo sync`
- redis.conf incorrect permissions
### v3.9.7 - 2019-08-02
#### Added
- MySQL configuration tuning
- Cronjob to optimize MySQL databases weekly
- WO-kernel systemd service to automatically apply kernel tweaks on server startup
- Proftpd stack now secured with TLS
- New Nginx package built with Brotli from operating system libraries
- Brotli configuration with only well compressible MIME types
- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag
- More informations during certificate issuance about validation mode selected
- `--php72` as alternative for `--php`
- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf
- Project Contributing guidelines
- Project Code of conduct
#### Changed
- `wo maintenance` refactored
- Improved debug log
- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..)
- Adminer updated to v4.7.2
- eXtplorer updated to v2.1.13
- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues
- Several code quality improvements to speed up WordOps execution
- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks)
- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration
#### Fixed
- Kernel tweaks were not applied without server reboot
- Fail2ban standalone install
- `wo stack purge --all` error due to PHP7.3 check
- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache
- phpRedisAdmin stack installation
- Fixed Travis CI build on pull requests
- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade
### v3.9.6.2 - 2019-07-24
#### Changed
- Improve `wo update` process duration
- Improve package install/upgrade/remove process
#### Fixed
- phpMyAdmin archive download link archive
- Arguments `--letsencrypt=clean/purge`
- Incorrect directory removal during stack upgrade
### v3.9.6.1 - 2019-07-23
#### Fixed
- Typo in `--letsencrypt=subdomain`
- phpMyAdmin upgrade archive extraction
- Error in the command `wo update`. Please `wo update --beta` as workaround
### v3.9.6 - 2019-07-20
#### Added
- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records
- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin`
- Wildcard SSL Certificates support with DNS validation
- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard
- Flag `--letsencrypt=clean` to purge a previous SSL configuration
- Support for Debian 10 buster (testing - not ready for production)
- Fail2ban with custom jails to secure WordPress & SSH
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
- ProFTPd stack with UFW & Fail2ban configurationz
- Beta branch and command `wo update --beta` for beta releases
- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases)
#### Fixed
- Nginx was not reloaded after enabling HSTS
- Netdata, Composer & Fail2Ban stack remove and purge
- WordPress not installed by `wo site update` with basic php73 sites
### v3.9.5.4 - 2019-07-13
#### Added
- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c)
- Netdata upgrade with `wo stack upgrade --netdata`
- Netdata stack remove/purge
#### Changed
- phpRedisAdmin is now installed with the stack `--admin`
- Remove memcached - not required anymore
#### Fixed
- phpRedisAdmin installation
- Duplicated locations /robots.txt after upgrade to v3.9.5.3
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
- pt-query-advisor dead link
- Netdata persistant configuration
### v3.9.5.3 - 2019-06-18
#### Added
- Argument `--preserve` with the command `wo update` to keep current Nginx configuration
#### Fixed
- Nginx upgrade failure when running wo update
### v3.9.5.2 - 2019-06-17
#### Added
- Non-interactive install/upgrade
- Argument `--force` with the command `wo update`
- Argument `-s|--silent` to perform non interactive installation
#### Changed
- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php
#### Fixed
- WP_CACHE_KEY_SALT set twice with wpredis
- WordOps version check when using `wo update`
- robots.txt file download if not created
- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82)
### v3.9.5.1 - 2019-05-10
#### Fixed
- Adminer download link
### v3.9.5 - 2019-05-02
#### Added
- IPv6 support with HTTPS
- Brotli support in Nginx
- Let's Encrypt support with --proxy
- Install script handle migration from EEv3
- load-balancing on unix socket for php-fpm
- stub_status vhost for metrics
- `--letsencrypt=subdomain` option
- opcache optimization for php-fpm
- EasyEngine configuration backup before migration
- EasyEngine configuration cleanup after migration
- WordOps configuration backup before upgrade
- Previous acme.sh certs migration
- "wo maintenance" command to perform server package update & cleanup
- Support for Netdata on backend : https://server.hostname:22222/netdata/
- New Stacks : composer and netdata
- additional argument for letsencrypt : --hsts
- Clean Theme for adminer
- Credits for tools shipped with WordOps
- Cache exception for Easy Digital Download
- Additional cache exceptions for Woocommerce
- MySQL monitoring with Netdata
- WordOps-dashboard on 22222, can be installed with `wo stack install`
- Extplorer filemanager in WordOps backend
- Enable OSCP Stapling with Let's Encrypt
- Compress database backup with pigz (faster than gzip) before updating sites
- Support for Ubuntu 19.04 (disco) - few php extensions missing
- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+
- backup letsencrypt certificate before upgrade
- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure
- EasyEngine cronjob removal during install
- Kernel tweaks via systctl.conf
- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache
#### Changed
- letsencrypt stack refactored with acme.sh
- letsencrypt validation with webroot folder
- hardened nginx ssl_ecdh_curve
- Update phpredisadmin
- Increase MySQL root password size to 24 characters
- Increase MySQL users password size to 24 characters
- Nginx locations template is the same for php7.2 & 7.3
- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf
- Install Netdata with static pre-built binaries instead of having to compile it from source
- Nginx updated to new stable release (1.16.0)
- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore
#### Fixed
- PHP 7.3 extras when php 7.2 isn't installed
- acme.sh installation
- acme.sh alias with config home variable
- deb.sury.org repository gpg key
- Nginx upgrade from previous WordOps release
- Force new Nginx templates during update
- Error message about missing my.cnf file during upgrade
- PHP 7.2 & PHP 7.3 pool configuration during upgrade
- WordOps backup directory creation before upgrade
- EasyEngine database sync during migration
- fix command "wo info"
- phpmyadmin install with composer
- command "wo clean --memcached"
- phpredisadmin setup
- --hsts flag with basic html site
- hsts flag on site not secure with letsencrypt
- fix import of previous acme.sh certificate
- fix proxy webroot folder creation
### v3.9.4 - 2019-03-15
#### Added
- Nginx module nginx_vts
- Migration script from nginx-ee to nginx-wo
- Support for Debian 9 (testing)
- New Nginx build v1.14.2
#### Changed
- Update WP-CLI version to 2.1.0
- Update Adminer to 4.6.2
- Update predis to v1.1.1
- Refactored nginx.conf
- Removed HHVM Stack
- Removed old linux distro checks
- Replace wo-acme-sh by acme.sh
#### Fixed
- Outdated Nginx ssl_ciphers suite
- Debian 9 nginx build
### v3.9.3 - 2019-03-07
#### Changed
- Updated Nginx fastcgi_cache templates
- Updated Nginx redis_cache templates
- Updated Nginx wp-super-cache templates
- Updated Nginx configuration for WordPress 5.0
- remove --experimental args
- MariaDB version bumped to 10.3
- Refactored Changelog
- Updated WO manual
- Updated WO bash_completion
- Refactored README.md
#### Added
- Add WebP image support with Nginx mapping
- Add PHP 7.3 support
- WordPress $skip_cache variable mapping
#### Fixed
- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21))
- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7))
- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12))
- Fix WP-CLI install
### v3.9.2 - 2018-11-30
#### Changed
- Re-branded the fork to WordOps
- Codebase cleanup
- Set PHP 7.2 as the default
- Included support for newer OS releases
- Reworked the HTTPS configuration
- Added more automated testing with Redis
- Replaced Postfix with smtp-cli
- Dropped mail services
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Releases
### v3.9.x - [Unreleased]
### v3.9.8.1 - 2019-08-18
#### Added
- WordOps backend is automatically secured by the first Let's Encrypt SSL certificate issued
#### Changed
- Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf
#### Fixed
- MySQLTuner installation
- `wo stack remove/purge --all`
- variable substitution in install script
- `wo stack upgrade --phpmyadmin/--dashboard`
- phpmyadmin blowfish_secret key length
- Cement App not exiting on close in case of error
### v3.9.8 - 2019-08-16
#### Added
- Allow web browser caching for json and webmanifest files
- nginx-core.mustache template used to render nginx.conf during stack setup
- APT Packages configuration step with `wo stack upgrade` to apply new configurations
- Cloudflare restore real_ip configuration
- WP-Rocket plugin support with the flag `--wprocket`
- Cache-Enabler plugin support with the flag `--wpce`
- Install unattended-upgrade and enable automated security updates
- Enable time synchronization with ntp
- Additional cache exception for woocommerce
#### Changed
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default)
- Moving package configuration in a new plugin stack_pref.py
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered
- Disable temporary adding swap feature (not working)
- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration
#### Fixed
- Error in HSTS header syntax
### v3.9.7.2 - 2019-08-12
#### Fixed
- redis.conf permissions additional fix
### v3.9.7.1 - 2019-08-09
#### Changed
- Set WordOps backend password length from 16 to 24
- Upgrade framework cement to 2.6.0
- Upgrade PyMySQL to 0.9.3
- Upgrade Psutil to 5.6.3
#### Fixed
- Missing import in `wo sync`
- redis.conf incorrect permissions
### v3.9.7 - 2019-08-02
#### Added
- MySQL configuration tuning
- Cronjob to optimize MySQL databases weekly
- WO-kernel systemd service to automatically apply kernel tweaks on server startup
- Proftpd stack now secured with TLS
- New Nginx package built with Brotli from operating system libraries
- Brotli configuration with only well compressible MIME types
- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag
- More informations during certificate issuance about validation mode selected
- `--php72` as alternative for `--php`
- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf
- Project Contributing guidelines
- Project Code of conduct
#### Changed
- `wo maintenance` refactored
- Improved debug log
- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..)
- Adminer updated to v4.7.2
- eXtplorer updated to v2.1.13
- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues
- Several code quality improvements to speed up WordOps execution
- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks)
- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration
#### Fixed
- Kernel tweaks were not applied without server reboot
- Fail2ban standalone install
- `wo stack purge --all` error due to PHP7.3 check
- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache
- phpRedisAdmin stack installation
- Fixed Travis CI build on pull requests
- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade
### v3.9.6.2 - 2019-07-24
#### Changed
- Improve `wo update` process duration
- Improve package install/upgrade/remove process
#### Fixed
- phpMyAdmin archive download link archive
- Arguments `--letsencrypt=clean/purge`
- Incorrect directory removal during stack upgrade
### v3.9.6.1 - 2019-07-23
#### Fixed
- Typo in `--letsencrypt=subdomain`
- phpMyAdmin upgrade archive extraction
- Error in the command `wo update`. Please `wo update --beta` as workaround
### v3.9.6 - 2019-07-20
#### Added
- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records
- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin`
- Wildcard SSL Certificates support with DNS validation
- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard
- Flag `--letsencrypt=clean` to purge a previous SSL configuration
- Support for Debian 10 buster (testing - not ready for production)
- Fail2ban with custom jails to secure WordPress & SSH
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
- ProFTPd stack with UFW & Fail2ban configurationz
- Beta branch and command `wo update --beta` for beta releases
- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases)
#### Fixed
- Nginx was not reloaded after enabling HSTS
- Netdata, Composer & Fail2Ban stack remove and purge
- WordPress not installed by `wo site update` with basic php73 sites
### v3.9.5.4 - 2019-07-13
#### Added
- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c)
- Netdata upgrade with `wo stack upgrade --netdata`
- Netdata stack remove/purge
#### Changed
- phpRedisAdmin is now installed with the stack `--admin`
- Remove memcached - not required anymore
#### Fixed
- phpRedisAdmin installation
- Duplicated locations /robots.txt after upgrade to v3.9.5.3
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
- pt-query-advisor dead link
- Netdata persistant configuration
### v3.9.5.3 - 2019-06-18
#### Added
- Argument `--preserve` with the command `wo update` to keep current Nginx configuration
#### Fixed
- Nginx upgrade failure when running wo update
### v3.9.5.2 - 2019-06-17
#### Added
- Non-interactive install/upgrade
- Argument `--force` with the command `wo update`
- Argument `-s|--silent` to perform non interactive installation
#### Changed
- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php
#### Fixed
- WP_CACHE_KEY_SALT set twice with wpredis
- WordOps version check when using `wo update`
- robots.txt file download if not created
- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82)
### v3.9.5.1 - 2019-05-10
#### Fixed
- Adminer download link
### v3.9.5 - 2019-05-02
#### Added
- IPv6 support with HTTPS
- Brotli support in Nginx
- Let's Encrypt support with --proxy
- Install script handle migration from EEv3
- load-balancing on unix socket for php-fpm
- stub_status vhost for metrics
- `--letsencrypt=subdomain` option
- opcache optimization for php-fpm
- EasyEngine configuration backup before migration
- EasyEngine configuration cleanup after migration
- WordOps configuration backup before upgrade
- Previous acme.sh certs migration
- "wo maintenance" command to perform server package update & cleanup
- Support for Netdata on backend : https://server.hostname:22222/netdata/
- New Stacks : composer and netdata
- additional argument for letsencrypt : --hsts
- Clean Theme for adminer
- Credits for tools shipped with WordOps
- Cache exception for Easy Digital Download
- Additional cache exceptions for Woocommerce
- MySQL monitoring with Netdata
- WordOps-dashboard on 22222, can be installed with `wo stack install`
- Extplorer filemanager in WordOps backend
- Enable OSCP Stapling with Let's Encrypt
- Compress database backup with pigz (faster than gzip) before updating sites
- Support for Ubuntu 19.04 (disco) - few php extensions missing
- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+
- backup letsencrypt certificate before upgrade
- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure
- EasyEngine cronjob removal during install
- Kernel tweaks via systctl.conf
- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache
#### Changed
- letsencrypt stack refactored with acme.sh
- letsencrypt validation with webroot folder
- hardened nginx ssl_ecdh_curve
- Update phpredisadmin
- Increase MySQL root password size to 24 characters
- Increase MySQL users password size to 24 characters
- Nginx locations template is the same for php7.2 & 7.3
- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf
- Install Netdata with static pre-built binaries instead of having to compile it from source
- Nginx updated to new stable release (1.16.0)
- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore
#### Fixed
- PHP 7.3 extras when php 7.2 isn't installed
- acme.sh installation
- acme.sh alias with config home variable
- deb.sury.org repository gpg key
- Nginx upgrade from previous WordOps release
- Force new Nginx templates during update
- Error message about missing my.cnf file during upgrade
- PHP 7.2 & PHP 7.3 pool configuration during upgrade
- WordOps backup directory creation before upgrade
- EasyEngine database sync during migration
- fix command "wo info"
- phpmyadmin install with composer
- command "wo clean --memcached"
- phpredisadmin setup
- --hsts flag with basic html site
- hsts flag on site not secure with letsencrypt
- fix import of previous acme.sh certificate
- fix proxy webroot folder creation
### v3.9.4 - 2019-03-15
#### Added
- Nginx module nginx_vts
- Migration script from nginx-ee to nginx-wo
- Support for Debian 9 (testing)
- New Nginx build v1.14.2
#### Changed
- Update WP-CLI version to 2.1.0
- Update Adminer to 4.6.2
- Update predis to v1.1.1
- Refactored nginx.conf
- Removed HHVM Stack
- Removed old linux distro checks
- Replace wo-acme-sh by acme.sh
#### Fixed
- Outdated Nginx ssl_ciphers suite
- Debian 9 nginx build
### v3.9.3 - 2019-03-07
#### Changed
- Updated Nginx fastcgi_cache templates
- Updated Nginx redis_cache templates
- Updated Nginx wp-super-cache templates
- Updated Nginx configuration for WordPress 5.0
- remove --experimental args
- MariaDB version bumped to 10.3
- Refactored Changelog
- Updated WO manual
- Updated WO bash_completion
- Refactored README.md
#### Added
- Add WebP image support with Nginx mapping
- Add PHP 7.3 support
- WordPress $skip_cache variable mapping
#### Fixed
- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21))
- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7))
- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12))
- Fix WP-CLI install
### v3.9.2 - 2018-11-30
#### Changed
- Re-branded the fork to WordOps
- Codebase cleanup
- Set PHP 7.2 as the default
- Included support for newer OS releases
- Reworked the HTTPS configuration
- Added more automated testing with Redis
- Replaced Postfix with smtp-cli
- Dropped mail services
- Dropped w3tc support

26
config/bash_completion.d/wo_auto.rc
View File

@@ -79,7 +79,7 @@ _wo_complete()
;;
"upgrade" )
COMPREPLY=( $(compgen \
-W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --no-prompt --wpcli" \
-W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --no-prompt --wpcli" \
-- $cur) )
;;
"start" | "stop" | "reload" | "restart" | "status")
@@ -159,13 +159,13 @@ _wo_complete()
"create")
COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-- $cur) )
;;
"update")
COMPREPLY=( $(compgen \
-W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-- $cur) )
;;
"delete")
@@ -211,9 +211,9 @@ _wo_complete()
"--wp")
if [ ${COMP_WORDS[1]} != "debug" ]; then
if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73"
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73"
elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do"
retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do"
else
retlist=""
fi
@@ -230,9 +230,9 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain")
if [ ${COMP_WORDS[1]} != "debug" ]; then
if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do"
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do"
elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
else
retlist=""
fi
@@ -246,9 +246,9 @@ _wo_complete()
-- $cur) )
;;
"--wpredis --wprocket" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
"--wpredis --wprocket --wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
else
retlist=""
fi
@@ -259,9 +259,9 @@ _wo_complete()
-- $cur) )
;;
"--wpredis --wprocket" | "--wpfc")
"--wpredis --wprocket --wpce" | "--wpfc")
if [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
else
retlist=""
fi
@@ -314,7 +314,7 @@ _wo_complete()
elif [ ${COMP_WORDS[2]} == "delete" ]; then
retlist="--db --files --force"
elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew"
retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew"
else
retlist=""
fi
@@ -363,7 +363,7 @@ _wo_complete()
case "$mprev" in
"--user" | "--email" | "--pass")
if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
fi
ret="${retlist[@]/$prev}"
COMPREPLY=( $(compgen \

48
install
View File

@@ -7,10 +7,11 @@
# Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# Version 3.9.8 - 2019-08-17
# wget -qO wo wops.cc && sudo bash wo
# -------------------------------------------------------------------------
readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.8"
# Version 3.9.8.1 - 2019-08-18
# -------------------------------------------------------------------------
# CONTENTS
# ---
# 1. VARIABLES AND DECLARATIONS
@@ -87,22 +88,32 @@ done
###
if [[ $EUID -ne 0 ]]; then
wo_lib_echo_fail "Sudo privilege required..."
wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash"
wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo "
exit 100
fi
###
# 1- Update the apt sewers with fresh info
###
export DEBIAN_FRONTEND=noninteractive
[ -z "$wo_travis" ] && {
apt-get update -qq
}
if [ -z "$(command -v curl)" ]; then
apt-get -y install curl -qq
fi
if [ -f ./setup.py ]; then
readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1)
else
readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1)
fi
echo ""
wo_lib_echo "Welcome to WordOps install script v${wo_version_new}"
echo ""
###
# 1- Update the apt sewers with fresh info
###
[ -z "$wo_travis" ] && {
wo_lib_echo "Updating apt-get repository info"
apt-get update -qq
}
###
# 1- Check whether lsb_release is installed, and if not, install it
###
@@ -176,7 +187,7 @@ fi
wo_install_dep() {
{
export DEBIAN_FRONTEND=noninteractive
[ -z "$wo_travis" ] && {
# update server packages
apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet
@@ -186,7 +197,7 @@ wo_install_dep() {
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
add-apt-repository ppa:wordops/nginx-wo -yu
add-apt-repository ppa:wordops/nginx-wo -yu
else
# install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
@@ -315,13 +326,6 @@ wo_sync_db() {
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
wo_lib_echo "Updating WordOps Database"
echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db
fi
# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
@@ -735,7 +739,7 @@ else
# 1 - WO already installed
if [ -x /usr/local/bin/wo ]; then
if ! {
wo -v 2>&1 | grep $wo_version_new
wo -v 2>&1 | grep -q "$wo_version_new"
} || [ "$wo_force_install" = "y" ]; then
if [ -z "$wo_force_install" ]; then
echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER

2
setup.py
View File

@@ -57,7 +57,7 @@ if not os.path.isfile('/root/.gitconfig'):
shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig')
setup(name='wo',
version='3.9.8',
version='3.9.8.1',
description=long_description,
long_description=long_description,
classifiers=[],

2
wo/cli/main.py
View File

@@ -65,6 +65,8 @@ class WOApp(foundation.CementApp):
debug = TOGGLE_DEBUG
exit_on_close = True
class WOTestApp(WOApp):
"""A test app that is better suited for testing."""

12
wo/cli/plugins/site.py
View File

@@ -8,8 +8,10 @@ from wo.core.domainvalidate import ValidateDomain
from wo.core.fileutils import WOFileUtils
from wo.cli.plugins.site_functions import *
from wo.core.services import WOService
from wo.cli.plugins.sitedb import *
from wo.cli.plugins.sitedb import (addNewSite, getSiteInfo,
updateSiteInfo, deleteSiteInfo, getAllsites)
from wo.core.git import WOGit
from wo.core.logging import Log
from subprocess import Popen
from wo.core.nginxhashbucket import hashbucket
import os
@@ -29,6 +31,7 @@ class WOSiteController(CementBaseController):
label = 'site'
stacked_on = 'base'
stacked_type = 'nested'
exit_on_close = True
description = ('Performs website specific operations')
arguments = [
(['site_name'],
@@ -248,6 +251,7 @@ class WOSiteEditController(CementBaseController):
label = 'edit'
stacked_on = 'site'
stacked_type = 'nested'
exit_on_close = True
description = ('Edit Nginx configuration of site')
arguments = [
(['site_name'],
@@ -301,6 +305,7 @@ class WOSiteCreateController(CementBaseController):
label = 'create'
stacked_on = 'site'
stacked_type = 'nested'
exit_on_close = True
description = ('this commands set up configuration and installs '
'required files as options are provided')
arguments = [
@@ -805,6 +810,7 @@ class WOSiteUpdateController(CementBaseController):
label = 'update'
stacked_on = 'site'
stacked_type = 'nested'
exit_on_close = True
description = ('This command updates websites configuration to '
'another as per the options are provided')
arguments = [
@@ -1027,7 +1033,7 @@ class WOSiteUpdateController(CementBaseController):
data = dict(site_name=wo_domain, www_domain=wo_www_domain,
static=False, basic=True, wp=False, wpfc=False,
wpsc=False, wpredis=False, wprocket=False, wpce=False,
multisite=False,wpsubdir=False, webroot=wo_site_webroot,
multisite=False, wpsubdir=False, webroot=wo_site_webroot,
wo_db_name='', wo_db_user='', wo_db_pass='',
wo_db_host='',
currsitetype=oldsitetype, currcachetype=oldcachetype)
@@ -1741,6 +1747,7 @@ class WOSiteDeleteController(CementBaseController):
label = 'delete'
stacked_on = 'site'
stacked_type = 'nested'
exit_on_close = True
description = 'delete an existing website'
arguments = [
(['site_name'],
@@ -1878,6 +1885,7 @@ class WOSiteListController(CementBaseController):
label = 'list'
stacked_on = 'site'
stacked_type = 'nested'
exit_on_close = True
description = 'List websites'
arguments = [
(['--enabled'],

19
wo/cli/plugins/site_functions.py
View File

@@ -8,15 +8,15 @@ import string
import subprocess
from subprocess import CalledProcessError
from wo.cli.plugins.sitedb import *
from wo.cli.plugins.sitedb import getSiteInfo
from wo.cli.plugins.stack import WOStackController
from wo.core.aptget import WOAptGet
from wo.core.fileutils import WOFileUtils
from wo.core.git import WOGit
from wo.core.logging import Log
from wo.core.mysql import *
from wo.core.mysql import WOMysql
from wo.core.services import WOService
from wo.cli.plugins.stack_pref import pre_pref, post_pref
from wo.cli.plugins.stack_pref import post_pref
from wo.core.shellexec import CommandExecutionError, WOShellExec
from wo.core.sslutils import SSL
from wo.core.variables import WOVariables
@@ -1365,6 +1365,19 @@ def setupLetsEncrypt(self, wo_domain_name, subdomain=False, wildcard=False,
.format(WOVariables.wo_ssl_live, wo_domain_name))
sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True)
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with {0} certificate"
.format(wo_domain_name))
sslconf = open("/var/www/22222/conf/nginx/ssl.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n"
.format(WOVariables.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")

1
wo/cli/plugins/stack.py
View File

@@ -44,6 +44,7 @@ class WOStackController(CementBaseController):
label = 'stack'
stacked_on = 'base'
stacked_type = 'nested'
exit_on_close = True
description = 'Stack command manages stack operations'
arguments = [
(['--all'],

22
wo/cli/plugins/stack_pref.py
View File

@@ -800,7 +800,7 @@ def post_pref(self, apt_packages, packages):
encoding='utf-8', mode='w') as myfile:
myfile.write("<?php\nphpinfo();\n?>")
WOFileUtils.chown(self, "{0}22222"
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
@@ -964,7 +964,7 @@ def post_pref(self, apt_packages, packages):
encoding='utf-8', mode='w') as myfile:
myfile.write("<?php\nphpinfo();\n?>")
WOFileUtils.chown(self, "{0}22222"
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
@@ -1282,7 +1282,7 @@ def post_pref(self, apt_packages, packages):
blowfish_key = ''.join([random.choice
(string.ascii_letters +
string.digits)
for n in range(25)])
for n in range(32)])
WOFileUtils.searchreplace(self,
'{0}22222/htdocs/db/pma'
'/config.inc.php'
@@ -1304,8 +1304,10 @@ def post_pref(self, apt_packages, packages):
"[\'Servers\'][$i][\'host\'] = \'{0}\';"
.format(WOVariables.wo_mysql_host))
Log.debug(self, 'Setting Privileges of webroot permission to '
'{0}22222/htdocs/db/pma file '.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'.format(WOVariables.wo_webroot),
'{0}22222/htdocs/db/pma file '
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,
recursive=True)
@@ -1405,7 +1407,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges to "
"{0}22222/htdocs"
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,
@@ -1428,7 +1430,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges to "
"{0}22222/htdocs/files"
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,
@@ -1473,7 +1475,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges of webroot permission to "
"{0}22222/htdocs/php/webgrind/ file "
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,
@@ -1550,7 +1552,7 @@ def post_pref(self, apt_packages, packages):
.format(WOVariables.wo_webroot))
os.makedirs('{0}22222/htdocs/cache/redis/phpRedisAdmin'
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,
@@ -1565,7 +1567,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, 'Setting Privileges of webroot permission to '
'{0}22222/htdocs/cache/file '
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222'
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user,

1
wo/cli/plugins/stack_services.py
View File

@@ -12,6 +12,7 @@ class WOStackStatusController(CementBaseController):
label = 'stack_services'
stacked_on = 'stack'
stacked_type = 'embedded'
exit_on_close = True
description = 'Check the stack status'
@expose(help="Start stack services")

9
wo/cli/plugins/stack_upgrade.py
View File

@@ -20,6 +20,7 @@ class WOStackUpgradeController(CementBaseController):
label = 'upgrade'
stacked_on = 'stack'
stacked_type = 'nested'
exit_on_close = True
description = ('Upgrade stack safely')
arguments = [
(['--all'],
@@ -229,6 +230,10 @@ class WOStackUpgradeController(CementBaseController):
'wo-dashboard.tar.gz',
'{0}22222/htdocs'
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
if pargs.composer:
Log.info(self, "Upgrading Composer, please wait...")
@@ -257,6 +262,10 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVariables.wo_phpmyadmin),
'{0}22222/htdocs/db/pma/'
.format(WOVariables.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
Log.info(self, "Successfully updated packages")
else:

249
wo/cli/templates/nginx-core.mustache
View File

@@ -1,124 +1,125 @@
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
pcre_jit on;
events {
multi_accept on;
worker_connections 50000;
accept_mutex on;
use epoll;
}
http {
##
# WordOps Settings
##
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
aio threads;
server_tokens off;
reset_timedout_connection on;
more_set_headers "X-Powered-By : WordOps";
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
# ngx_vts_module
vhost_traffic_status_zone;
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
##
# SSL Settings
##
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
ssl_ecdh_curve X25519:P-521:P-384:P-256;
# Previous TLS v1.2 configuration
{{^tls13}}ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
# oscp settings
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
resolver_timeout 10;
ssl_stapling on;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
pcre_jit on;
events {
multi_accept on;
worker_connections 50000;
accept_mutex on;
use epoll;
}
http {
##
# WordOps Settings
##
keepalive_timeout 8;
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
aio threads;
server_tokens off;
reset_timedout_connection on;
more_set_headers "X-Powered-By : WordOps";
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
# ngx_vts_module
vhost_traffic_status_zone;
# tls dynamic records patch directive
ssl_dyn_rec_enable on;
##
# SSL Settings
##
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
ssl_ecdh_curve X25519:P-521:P-384:P-256;
# Previous TLS v1.2 configuration
{{^tls13}}ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
# oscp settings
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
resolver_timeout 10;
ssl_stapling on;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

1
wo/cli/templates/tweaks.mustache
View File

@@ -16,7 +16,6 @@
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 8;
keepalive_requests 500;
keepalive_disable msie6;

1
wo/core/logging.py
View File

@@ -24,6 +24,7 @@ class Log:
if exit:
self.app.close(1)
def info(self, msg, end='\n', log=True):
"""
Logs info messages into log file

2
wo/core/variables.py
View File

@@ -10,7 +10,7 @@ class WOVariables():
"""Intialization of core variables"""
# WordOps version
wo_version = "3.9.8"
wo_version = "3.9.8.1"
# WordOps packages versions
wo_wp_cli = "2.2.0"
wo_adminer = "4.7.2"