diff --git a/.editorconfig b/.editorconfig index 3b0653a..1e114ad 100644 --- a/.editorconfig +++ b/.editorconfig @@ -5,5 +5,5 @@ indent_style = space indent_size = 4 end_of_line = lf charset = utf-8 -trim_trailing_whitespace = false +trim_trailing_whitespace = true insert_final_newline = false \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index bcdc614..699ca7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,344 +1,353 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - -## Releases - -### v3.9.x - [Unreleased] - -#### Changed - -- Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf - -#### Fixed - -- MySQLTuner installation -- `wo stack remove/purge --all` -- variable substitution in install script - -### v3.9.8 - 2019-08-16 - -#### Added - -- Allow web browser caching for json and webmanifest files -- nginx-core.mustache template used to render nginx.conf during stack setup -- APT Packages configuration step with `wo stack upgrade` to apply new configurations -- Cloudflare restore real_ip configuration -- WP-Rocket plugin support with the flag `--wprocket` -- Cache-Enabler plugin support with the flag `--wpce` -- Install unattended-upgrade and enable automated security updates -- Enable time synchronization with ntp -- Additional cache exception for woocommerce - -#### Changed - -- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected -- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf -- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default) -- Moving package configuration in a new plugin stack_pref.py -- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables -- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered -- Disable temporary adding swap feature (not working) -- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration - -#### Fixed - -- Error in HSTS header syntax - -### v3.9.7.2 - 2019-08-12 - -#### Fixed - -- redis.conf permissions additional fix - -### v3.9.7.1 - 2019-08-09 - -#### Changed - -- Set WordOps backend password length from 16 to 24 -- Upgrade framework cement to 2.6.0 -- Upgrade PyMySQL to 0.9.3 -- Upgrade Psutil to 5.6.3 - -#### Fixed - -- Missing import in `wo sync` -- redis.conf incorrect permissions - -### v3.9.7 - 2019-08-02 - -#### Added - -- MySQL configuration tuning -- Cronjob to optimize MySQL databases weekly -- WO-kernel systemd service to automatically apply kernel tweaks on server startup -- Proftpd stack now secured with TLS -- New Nginx package built with Brotli from operating system libraries -- Brotli configuration with only well compressible MIME types -- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag -- More informations during certificate issuance about validation mode selected -- `--php72` as alternative for `--php` -- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf -- Project Contributing guidelines -- Project Code of conduct - -#### Changed - -- `wo maintenance` refactored -- Improved debug log -- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..) -- Adminer updated to v4.7.2 -- eXtplorer updated to v2.1.13 -- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues -- Several code quality improvements to speed up WordOps execution -- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks) -- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration - -#### Fixed - -- Kernel tweaks were not applied without server reboot -- Fail2ban standalone install -- `wo stack purge --all` error due to PHP7.3 check -- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache -- phpRedisAdmin stack installation -- Fixed Travis CI build on pull requests -- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade - -### v3.9.6.2 - 2019-07-24 - -#### Changed - -- Improve `wo update` process duration -- Improve package install/upgrade/remove process - -#### Fixed - -- phpMyAdmin archive download link archive -- Arguments `--letsencrypt=clean/purge` -- Incorrect directory removal during stack upgrade - -### v3.9.6.1 - 2019-07-23 - -#### Fixed - -- Typo in `--letsencrypt=subdomain` -- phpMyAdmin upgrade archive extraction -- Error in the command `wo update`. Please `wo update --beta` as workaround - -### v3.9.6 - 2019-07-20 - -#### Added - -- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records -- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin` -- Wildcard SSL Certificates support with DNS validation -- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard -- Flag `--letsencrypt=clean` to purge a previous SSL configuration -- Support for Debian 10 buster (testing - not ready for production) -- Fail2ban with custom jails to secure WordPress & SSH -- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght -- ProFTPd stack with UFW & Fail2ban configurationz -- Beta branch and command `wo update --beta` for beta releases -- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases) - -#### Fixed - -- Nginx was not reloaded after enabling HSTS -- Netdata, Composer & Fail2Ban stack remove and purge -- WordPress not installed by `wo site update` with basic php73 sites - -### v3.9.5.4 - 2019-07-13 - -#### Added - -- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c) -- Netdata upgrade with `wo stack upgrade --netdata` -- Netdata stack remove/purge - -#### Changed - -- phpRedisAdmin is now installed with the stack `--admin` -- Remove memcached - not required anymore - -#### Fixed - -- phpRedisAdmin installation -- Duplicated locations /robots.txt after upgrade to v3.9.5.3 -- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off` -- pt-query-advisor dead link -- Netdata persistant configuration - -### v3.9.5.3 - 2019-06-18 - -#### Added - -- Argument `--preserve` with the command `wo update` to keep current Nginx configuration - -#### Fixed - -- Nginx upgrade failure when running wo update - -### v3.9.5.2 - 2019-06-17 - -#### Added - -- Non-interactive install/upgrade -- Argument `--force` with the command `wo update` -- Argument `-s|--silent` to perform non interactive installation - -#### Changed - -- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php - -#### Fixed - -- WP_CACHE_KEY_SALT set twice with wpredis -- WordOps version check when using `wo update` -- robots.txt file download if not created -- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82) - -### v3.9.5.1 - 2019-05-10 - -#### Fixed - -- Adminer download link - -### v3.9.5 - 2019-05-02 - -#### Added - -- IPv6 support with HTTPS -- Brotli support in Nginx -- Let's Encrypt support with --proxy -- Install script handle migration from EEv3 -- load-balancing on unix socket for php-fpm -- stub_status vhost for metrics -- `--letsencrypt=subdomain` option -- opcache optimization for php-fpm -- EasyEngine configuration backup before migration -- EasyEngine configuration cleanup after migration -- WordOps configuration backup before upgrade -- Previous acme.sh certs migration -- "wo maintenance" command to perform server package update & cleanup -- Support for Netdata on backend : https://server.hostname:22222/netdata/ -- New Stacks : composer and netdata -- additional argument for letsencrypt : --hsts -- Clean Theme for adminer -- Credits for tools shipped with WordOps -- Cache exception for Easy Digital Download -- Additional cache exceptions for Woocommerce -- MySQL monitoring with Netdata -- WordOps-dashboard on 22222, can be installed with `wo stack install` -- Extplorer filemanager in WordOps backend -- Enable OSCP Stapling with Let's Encrypt -- Compress database backup with pigz (faster than gzip) before updating sites -- Support for Ubuntu 19.04 (disco) - few php extensions missing -- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+ -- backup letsencrypt certificate before upgrade -- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure -- EasyEngine cronjob removal during install -- Kernel tweaks via systctl.conf -- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache - -#### Changed - -- letsencrypt stack refactored with acme.sh -- letsencrypt validation with webroot folder -- hardened nginx ssl_ecdh_curve -- Update phpredisadmin -- Increase MySQL root password size to 24 characters -- Increase MySQL users password size to 24 characters -- Nginx locations template is the same for php7.2 & 7.3 -- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf -- Install Netdata with static pre-built binaries instead of having to compile it from source -- Nginx updated to new stable release (1.16.0) -- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore - -#### Fixed - -- PHP 7.3 extras when php 7.2 isn't installed -- acme.sh installation -- acme.sh alias with config home variable -- deb.sury.org repository gpg key -- Nginx upgrade from previous WordOps release -- Force new Nginx templates during update -- Error message about missing my.cnf file during upgrade -- PHP 7.2 & PHP 7.3 pool configuration during upgrade -- WordOps backup directory creation before upgrade -- EasyEngine database sync during migration -- fix command "wo info" -- phpmyadmin install with composer -- command "wo clean --memcached" -- phpredisadmin setup -- --hsts flag with basic html site -- hsts flag on site not secure with letsencrypt -- fix import of previous acme.sh certificate -- fix proxy webroot folder creation - -### v3.9.4 - 2019-03-15 - -#### Added - -- Nginx module nginx_vts -- Migration script from nginx-ee to nginx-wo -- Support for Debian 9 (testing) -- New Nginx build v1.14.2 - -#### Changed - -- Update WP-CLI version to 2.1.0 -- Update Adminer to 4.6.2 -- Update predis to v1.1.1 -- Refactored nginx.conf -- Removed HHVM Stack -- Removed old linux distro checks -- Replace wo-acme-sh by acme.sh - -#### Fixed - -- Outdated Nginx ssl_ciphers suite -- Debian 9 nginx build - -### v3.9.3 - 2019-03-07 - -#### Changed - -- Updated Nginx fastcgi_cache templates -- Updated Nginx redis_cache templates -- Updated Nginx wp-super-cache templates -- Updated Nginx configuration for WordPress 5.0 -- remove --experimental args -- MariaDB version bumped to 10.3 -- Refactored Changelog -- Updated WO manual -- Updated WO bash_completion -- Refactored README.md - -#### Added - -- Add WebP image support with Nginx mapping -- Add PHP 7.3 support -- WordPress $skip_cache variable mapping - -#### Fixed - -- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21)) -- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7)) -- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12)) -- Fix WP-CLI install - -### v3.9.2 - 2018-11-30 - -#### Changed - -- Re-branded the fork to WordOps -- Codebase cleanup -- Set PHP 7.2 as the default -- Included support for newer OS releases -- Reworked the HTTPS configuration -- Added more automated testing with Redis -- Replaced Postfix with smtp-cli -- Dropped mail services +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), + +## Releases + +### v3.9.x - [Unreleased] + +### v3.9.8.1 - 2019-08-18 + +#### Added + +- WordOps backend is automatically secured by the first Let's Encrypt SSL certificate issued + +#### Changed + +- Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf + +#### Fixed + +- MySQLTuner installation +- `wo stack remove/purge --all` +- variable substitution in install script +- `wo stack upgrade --phpmyadmin/--dashboard` +- phpmyadmin blowfish_secret key length +- Cement App not exiting on close in case of error + +### v3.9.8 - 2019-08-16 + +#### Added + +- Allow web browser caching for json and webmanifest files +- nginx-core.mustache template used to render nginx.conf during stack setup +- APT Packages configuration step with `wo stack upgrade` to apply new configurations +- Cloudflare restore real_ip configuration +- WP-Rocket plugin support with the flag `--wprocket` +- Cache-Enabler plugin support with the flag `--wpce` +- Install unattended-upgrade and enable automated security updates +- Enable time synchronization with ntp +- Additional cache exception for woocommerce + +#### Changed + +- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected +- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf +- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default) +- Moving package configuration in a new plugin stack_pref.py +- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables +- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered +- Disable temporary adding swap feature (not working) +- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration + +#### Fixed + +- Error in HSTS header syntax + +### v3.9.7.2 - 2019-08-12 + +#### Fixed + +- redis.conf permissions additional fix + +### v3.9.7.1 - 2019-08-09 + +#### Changed + +- Set WordOps backend password length from 16 to 24 +- Upgrade framework cement to 2.6.0 +- Upgrade PyMySQL to 0.9.3 +- Upgrade Psutil to 5.6.3 + +#### Fixed + +- Missing import in `wo sync` +- redis.conf incorrect permissions + +### v3.9.7 - 2019-08-02 + +#### Added + +- MySQL configuration tuning +- Cronjob to optimize MySQL databases weekly +- WO-kernel systemd service to automatically apply kernel tweaks on server startup +- Proftpd stack now secured with TLS +- New Nginx package built with Brotli from operating system libraries +- Brotli configuration with only well compressible MIME types +- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag +- More informations during certificate issuance about validation mode selected +- `--php72` as alternative for `--php` +- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf +- Project Contributing guidelines +- Project Code of conduct + +#### Changed + +- `wo maintenance` refactored +- Improved debug log +- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..) +- Adminer updated to v4.7.2 +- eXtplorer updated to v2.1.13 +- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues +- Several code quality improvements to speed up WordOps execution +- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks) +- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration + +#### Fixed + +- Kernel tweaks were not applied without server reboot +- Fail2ban standalone install +- `wo stack purge --all` error due to PHP7.3 check +- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache +- phpRedisAdmin stack installation +- Fixed Travis CI build on pull requests +- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade + +### v3.9.6.2 - 2019-07-24 + +#### Changed + +- Improve `wo update` process duration +- Improve package install/upgrade/remove process + +#### Fixed + +- phpMyAdmin archive download link archive +- Arguments `--letsencrypt=clean/purge` +- Incorrect directory removal during stack upgrade + +### v3.9.6.1 - 2019-07-23 + +#### Fixed + +- Typo in `--letsencrypt=subdomain` +- phpMyAdmin upgrade archive extraction +- Error in the command `wo update`. Please `wo update --beta` as workaround + +### v3.9.6 - 2019-07-20 + +#### Added + +- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records +- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin` +- Wildcard SSL Certificates support with DNS validation +- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard +- Flag `--letsencrypt=clean` to purge a previous SSL configuration +- Support for Debian 10 buster (testing - not ready for production) +- Fail2ban with custom jails to secure WordPress & SSH +- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght +- ProFTPd stack with UFW & Fail2ban configurationz +- Beta branch and command `wo update --beta` for beta releases +- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases) + +#### Fixed + +- Nginx was not reloaded after enabling HSTS +- Netdata, Composer & Fail2Ban stack remove and purge +- WordPress not installed by `wo site update` with basic php73 sites + +### v3.9.5.4 - 2019-07-13 + +#### Added + +- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c) +- Netdata upgrade with `wo stack upgrade --netdata` +- Netdata stack remove/purge + +#### Changed + +- phpRedisAdmin is now installed with the stack `--admin` +- Remove memcached - not required anymore + +#### Fixed + +- phpRedisAdmin installation +- Duplicated locations /robots.txt after upgrade to v3.9.5.3 +- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off` +- pt-query-advisor dead link +- Netdata persistant configuration + +### v3.9.5.3 - 2019-06-18 + +#### Added + +- Argument `--preserve` with the command `wo update` to keep current Nginx configuration + +#### Fixed + +- Nginx upgrade failure when running wo update + +### v3.9.5.2 - 2019-06-17 + +#### Added + +- Non-interactive install/upgrade +- Argument `--force` with the command `wo update` +- Argument `-s|--silent` to perform non interactive installation + +#### Changed + +- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php + +#### Fixed + +- WP_CACHE_KEY_SALT set twice with wpredis +- WordOps version check when using `wo update` +- robots.txt file download if not created +- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82) + +### v3.9.5.1 - 2019-05-10 + +#### Fixed + +- Adminer download link + +### v3.9.5 - 2019-05-02 + +#### Added + +- IPv6 support with HTTPS +- Brotli support in Nginx +- Let's Encrypt support with --proxy +- Install script handle migration from EEv3 +- load-balancing on unix socket for php-fpm +- stub_status vhost for metrics +- `--letsencrypt=subdomain` option +- opcache optimization for php-fpm +- EasyEngine configuration backup before migration +- EasyEngine configuration cleanup after migration +- WordOps configuration backup before upgrade +- Previous acme.sh certs migration +- "wo maintenance" command to perform server package update & cleanup +- Support for Netdata on backend : https://server.hostname:22222/netdata/ +- New Stacks : composer and netdata +- additional argument for letsencrypt : --hsts +- Clean Theme for adminer +- Credits for tools shipped with WordOps +- Cache exception for Easy Digital Download +- Additional cache exceptions for Woocommerce +- MySQL monitoring with Netdata +- WordOps-dashboard on 22222, can be installed with `wo stack install` +- Extplorer filemanager in WordOps backend +- Enable OSCP Stapling with Let's Encrypt +- Compress database backup with pigz (faster than gzip) before updating sites +- Support for Ubuntu 19.04 (disco) - few php extensions missing +- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+ +- backup letsencrypt certificate before upgrade +- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure +- EasyEngine cronjob removal during install +- Kernel tweaks via systctl.conf +- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache + +#### Changed + +- letsencrypt stack refactored with acme.sh +- letsencrypt validation with webroot folder +- hardened nginx ssl_ecdh_curve +- Update phpredisadmin +- Increase MySQL root password size to 24 characters +- Increase MySQL users password size to 24 characters +- Nginx locations template is the same for php7.2 & 7.3 +- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf +- Install Netdata with static pre-built binaries instead of having to compile it from source +- Nginx updated to new stable release (1.16.0) +- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore + +#### Fixed + +- PHP 7.3 extras when php 7.2 isn't installed +- acme.sh installation +- acme.sh alias with config home variable +- deb.sury.org repository gpg key +- Nginx upgrade from previous WordOps release +- Force new Nginx templates during update +- Error message about missing my.cnf file during upgrade +- PHP 7.2 & PHP 7.3 pool configuration during upgrade +- WordOps backup directory creation before upgrade +- EasyEngine database sync during migration +- fix command "wo info" +- phpmyadmin install with composer +- command "wo clean --memcached" +- phpredisadmin setup +- --hsts flag with basic html site +- hsts flag on site not secure with letsencrypt +- fix import of previous acme.sh certificate +- fix proxy webroot folder creation + +### v3.9.4 - 2019-03-15 + +#### Added + +- Nginx module nginx_vts +- Migration script from nginx-ee to nginx-wo +- Support for Debian 9 (testing) +- New Nginx build v1.14.2 + +#### Changed + +- Update WP-CLI version to 2.1.0 +- Update Adminer to 4.6.2 +- Update predis to v1.1.1 +- Refactored nginx.conf +- Removed HHVM Stack +- Removed old linux distro checks +- Replace wo-acme-sh by acme.sh + +#### Fixed + +- Outdated Nginx ssl_ciphers suite +- Debian 9 nginx build + +### v3.9.3 - 2019-03-07 + +#### Changed + +- Updated Nginx fastcgi_cache templates +- Updated Nginx redis_cache templates +- Updated Nginx wp-super-cache templates +- Updated Nginx configuration for WordPress 5.0 +- remove --experimental args +- MariaDB version bumped to 10.3 +- Refactored Changelog +- Updated WO manual +- Updated WO bash_completion +- Refactored README.md + +#### Added + +- Add WebP image support with Nginx mapping +- Add PHP 7.3 support +- WordPress $skip_cache variable mapping + +#### Fixed + +- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21)) +- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7)) +- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12)) +- Fix WP-CLI install + +### v3.9.2 - 2018-11-30 + +#### Changed + +- Re-branded the fork to WordOps +- Codebase cleanup +- Set PHP 7.2 as the default +- Included support for newer OS releases +- Reworked the HTTPS configuration +- Added more automated testing with Redis +- Replaced Postfix with smtp-cli +- Dropped mail services - Dropped w3tc support \ No newline at end of file diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index c550992..3520216 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -79,7 +79,7 @@ _wo_complete() ;; "upgrade" ) COMPREPLY=( $(compgen \ - -W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --no-prompt --wpcli" \ + -W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --no-prompt --wpcli" \ -- $cur) ) ;; "start" | "stop" | "reload" | "restart" | "status") @@ -159,13 +159,13 @@ _wo_complete() "create") COMPREPLY=( $(compgen \ - -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ + -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -- $cur) ) ;; "update") COMPREPLY=( $(compgen \ - -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ + -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -- $cur) ) ;; "delete") @@ -211,9 +211,9 @@ _wo_complete() "--wp") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73" + retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do" + retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -230,9 +230,9 @@ _wo_complete() "--wpsubdir" | "--wpsubdomain") if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do" + retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" + retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -246,9 +246,9 @@ _wo_complete() -- $cur) ) ;; - "--wpredis --wprocket" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") + "--wpredis --wprocket --wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" + retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -259,9 +259,9 @@ _wo_complete() -- $cur) ) ;; - "--wpredis --wprocket" | "--wpfc") + "--wpredis --wprocket --wpce" | "--wpfc") if [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" + retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -314,7 +314,7 @@ _wo_complete() elif [ ${COMP_WORDS[2]} == "delete" ]; then retlist="--db --files --force" elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" + retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" else retlist="" fi @@ -363,7 +363,7 @@ _wo_complete() case "$mprev" in "--user" | "--email" | "--pass") if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" + retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" fi ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ diff --git a/install b/install index 87493c2..30deb99 100755 --- a/install +++ b/install @@ -7,10 +7,11 @@ # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- -# Version 3.9.8 - 2019-08-17 +# wget -qO wo wops.cc && sudo bash wo # ------------------------------------------------------------------------- -readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.8" +# Version 3.9.8.1 - 2019-08-18 +# ------------------------------------------------------------------------- + # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -87,22 +88,32 @@ done ### if [[ $EUID -ne 0 ]]; then wo_lib_echo_fail "Sudo privilege required..." - wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" + wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo " exit 100 fi +### +# 1- Update the apt sewers with fresh info +### +export DEBIAN_FRONTEND=noninteractive +[ -z "$wo_travis" ] && { + apt-get update -qq +} + +if [ -z "$(command -v curl)" ]; then + apt-get -y install curl -qq +fi + +if [ -f ./setup.py ]; then + readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1) +else + readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1) +fi + echo "" wo_lib_echo "Welcome to WordOps install script v${wo_version_new}" echo "" -### -# 1- Update the apt sewers with fresh info -### -[ -z "$wo_travis" ] && { - wo_lib_echo "Updating apt-get repository info" - apt-get update -qq -} - ### # 1- Check whether lsb_release is installed, and if not, install it ### @@ -176,7 +187,7 @@ fi wo_install_dep() { { - export DEBIAN_FRONTEND=noninteractive + [ -z "$wo_travis" ] && { # update server packages apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet @@ -186,7 +197,7 @@ wo_install_dep() { apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 - add-apt-repository ppa:wordops/nginx-wo -yu + add-apt-repository ppa:wordops/nginx-wo -yu else # install dependencies apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ @@ -315,13 +326,6 @@ wo_sync_db() { echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db - wo_lib_echo "Updating WordOps Database" - echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db - echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db fi # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db @@ -735,7 +739,7 @@ else # 1 - WO already installed if [ -x /usr/local/bin/wo ]; then if ! { - wo -v 2>&1 | grep $wo_version_new + wo -v 2>&1 | grep -q "$wo_version_new" } || [ "$wo_force_install" = "y" ]; then if [ -z "$wo_force_install" ]; then echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER diff --git a/setup.py b/setup.py index 306e30e..12d2961 100644 --- a/setup.py +++ b/setup.py @@ -57,7 +57,7 @@ if not os.path.isfile('/root/.gitconfig'): shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') setup(name='wo', - version='3.9.8', + version='3.9.8.1', description=long_description, long_description=long_description, classifiers=[], diff --git a/wo/cli/main.py b/wo/cli/main.py index 230257d..4579177 100644 --- a/wo/cli/main.py +++ b/wo/cli/main.py @@ -65,6 +65,8 @@ class WOApp(foundation.CementApp): debug = TOGGLE_DEBUG + exit_on_close = True + class WOTestApp(WOApp): """A test app that is better suited for testing.""" diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 0f19a81..6eb1e76 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -8,8 +8,10 @@ from wo.core.domainvalidate import ValidateDomain from wo.core.fileutils import WOFileUtils from wo.cli.plugins.site_functions import * from wo.core.services import WOService -from wo.cli.plugins.sitedb import * +from wo.cli.plugins.sitedb import (addNewSite, getSiteInfo, + updateSiteInfo, deleteSiteInfo, getAllsites) from wo.core.git import WOGit +from wo.core.logging import Log from subprocess import Popen from wo.core.nginxhashbucket import hashbucket import os @@ -29,6 +31,7 @@ class WOSiteController(CementBaseController): label = 'site' stacked_on = 'base' stacked_type = 'nested' + exit_on_close = True description = ('Performs website specific operations') arguments = [ (['site_name'], @@ -248,6 +251,7 @@ class WOSiteEditController(CementBaseController): label = 'edit' stacked_on = 'site' stacked_type = 'nested' + exit_on_close = True description = ('Edit Nginx configuration of site') arguments = [ (['site_name'], @@ -301,6 +305,7 @@ class WOSiteCreateController(CementBaseController): label = 'create' stacked_on = 'site' stacked_type = 'nested' + exit_on_close = True description = ('this commands set up configuration and installs ' 'required files as options are provided') arguments = [ @@ -805,6 +810,7 @@ class WOSiteUpdateController(CementBaseController): label = 'update' stacked_on = 'site' stacked_type = 'nested' + exit_on_close = True description = ('This command updates websites configuration to ' 'another as per the options are provided') arguments = [ @@ -1027,7 +1033,7 @@ class WOSiteUpdateController(CementBaseController): data = dict(site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, - multisite=False,wpsubdir=False, webroot=wo_site_webroot, + multisite=False, wpsubdir=False, webroot=wo_site_webroot, wo_db_name='', wo_db_user='', wo_db_pass='', wo_db_host='', currsitetype=oldsitetype, currcachetype=oldcachetype) @@ -1741,6 +1747,7 @@ class WOSiteDeleteController(CementBaseController): label = 'delete' stacked_on = 'site' stacked_type = 'nested' + exit_on_close = True description = 'delete an existing website' arguments = [ (['site_name'], @@ -1878,6 +1885,7 @@ class WOSiteListController(CementBaseController): label = 'list' stacked_on = 'site' stacked_type = 'nested' + exit_on_close = True description = 'List websites' arguments = [ (['--enabled'], diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index d925c78..dbb1db4 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -8,15 +8,15 @@ import string import subprocess from subprocess import CalledProcessError -from wo.cli.plugins.sitedb import * +from wo.cli.plugins.sitedb import getSiteInfo from wo.cli.plugins.stack import WOStackController from wo.core.aptget import WOAptGet from wo.core.fileutils import WOFileUtils from wo.core.git import WOGit from wo.core.logging import Log -from wo.core.mysql import * +from wo.core.mysql import WOMysql from wo.core.services import WOService -from wo.cli.plugins.stack_pref import pre_pref, post_pref +from wo.cli.plugins.stack_pref import post_pref from wo.core.shellexec import CommandExecutionError, WOShellExec from wo.core.sslutils import SSL from wo.core.variables import WOVariables @@ -1365,6 +1365,19 @@ def setupLetsEncrypt(self, wo_domain_name, subdomain=False, wildcard=False, .format(WOVariables.wo_ssl_live, wo_domain_name)) sslconf.close() # updateSiteInfo(self, wo_domain_name, ssl=True) + if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf', + '/etc/letsencrypt'): + Log.info(self, "Securing WordOps backend with {0} certificate" + .format(wo_domain_name)) + sslconf = open("/var/www/22222/conf/nginx/ssl.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n" + "ssl_certificate_key {0}/{1}/key.pem;\n" + "ssl_trusted_certificate {0}/{1}/ca.pem;\n" + "ssl_stapling_verify on;\n" + .format(WOVariables.wo_ssl_live, wo_domain_name)) + sslconf.close() WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 37f2bcc..12732cd 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -44,6 +44,7 @@ class WOStackController(CementBaseController): label = 'stack' stacked_on = 'base' stacked_type = 'nested' + exit_on_close = True description = 'Stack command manages stack operations' arguments = [ (['--all'], diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 7f5604a..559a6bc 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -800,7 +800,7 @@ def post_pref(self, apt_packages, packages): encoding='utf-8', mode='w') as myfile: myfile.write("") - WOFileUtils.chown(self, "{0}22222" + WOFileUtils.chown(self, "{0}22222/htdocs" .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, recursive=True) @@ -964,7 +964,7 @@ def post_pref(self, apt_packages, packages): encoding='utf-8', mode='w') as myfile: myfile.write("") - WOFileUtils.chown(self, "{0}22222" + WOFileUtils.chown(self, "{0}22222/htdocs" .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, recursive=True) @@ -1282,7 +1282,7 @@ def post_pref(self, apt_packages, packages): blowfish_key = ''.join([random.choice (string.ascii_letters + string.digits) - for n in range(25)]) + for n in range(32)]) WOFileUtils.searchreplace(self, '{0}22222/htdocs/db/pma' '/config.inc.php' @@ -1304,8 +1304,10 @@ def post_pref(self, apt_packages, packages): "[\'Servers\'][$i][\'host\'] = \'{0}\';" .format(WOVariables.wo_mysql_host)) Log.debug(self, 'Setting Privileges of webroot permission to ' - '{0}22222/htdocs/db/pma file '.format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222'.format(WOVariables.wo_webroot), + '{0}22222/htdocs/db/pma file ' + .format(WOVariables.wo_webroot)) + WOFileUtils.chown(self, '{0}22222/htdocs' + .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, recursive=True) @@ -1405,7 +1407,7 @@ def post_pref(self, apt_packages, packages): Log.debug(self, "Setting Privileges to " "{0}22222/htdocs" .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222' + WOFileUtils.chown(self, '{0}22222/htdocs' .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, @@ -1428,7 +1430,7 @@ def post_pref(self, apt_packages, packages): Log.debug(self, "Setting Privileges to " "{0}22222/htdocs/files" .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222' + WOFileUtils.chown(self, '{0}22222/htdocs' .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, @@ -1473,7 +1475,7 @@ def post_pref(self, apt_packages, packages): Log.debug(self, "Setting Privileges of webroot permission to " "{0}22222/htdocs/php/webgrind/ file " .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222' + WOFileUtils.chown(self, '{0}22222/htdocs' .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, @@ -1550,7 +1552,7 @@ def post_pref(self, apt_packages, packages): .format(WOVariables.wo_webroot)) os.makedirs('{0}22222/htdocs/cache/redis/phpRedisAdmin' .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222' + WOFileUtils.chown(self, '{0}22222/htdocs' .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, @@ -1565,7 +1567,7 @@ def post_pref(self, apt_packages, packages): Log.debug(self, 'Setting Privileges of webroot permission to ' '{0}22222/htdocs/cache/file ' .format(WOVariables.wo_webroot)) - WOFileUtils.chown(self, '{0}22222' + WOFileUtils.chown(self, '{0}22222/htdocs' .format(WOVariables.wo_webroot), WOVariables.wo_php_user, WOVariables.wo_php_user, diff --git a/wo/cli/plugins/stack_services.py b/wo/cli/plugins/stack_services.py index 4060fc3..a9b7550 100644 --- a/wo/cli/plugins/stack_services.py +++ b/wo/cli/plugins/stack_services.py @@ -12,6 +12,7 @@ class WOStackStatusController(CementBaseController): label = 'stack_services' stacked_on = 'stack' stacked_type = 'embedded' + exit_on_close = True description = 'Check the stack status' @expose(help="Start stack services") diff --git a/wo/cli/plugins/stack_upgrade.py b/wo/cli/plugins/stack_upgrade.py index b4c7fbc..d9b1e85 100644 --- a/wo/cli/plugins/stack_upgrade.py +++ b/wo/cli/plugins/stack_upgrade.py @@ -20,6 +20,7 @@ class WOStackUpgradeController(CementBaseController): label = 'upgrade' stacked_on = 'stack' stacked_type = 'nested' + exit_on_close = True description = ('Upgrade stack safely') arguments = [ (['--all'], @@ -229,6 +230,10 @@ class WOStackUpgradeController(CementBaseController): 'wo-dashboard.tar.gz', '{0}22222/htdocs' .format(WOVariables.wo_webroot)) + WOFileUtils.chown(self, "{0}22222/htdocs" + .format(WOVariables.wo_webroot), + WOVariables.wo_php_user, + WOVariables.wo_php_user, recursive=True) if pargs.composer: Log.info(self, "Upgrading Composer, please wait...") @@ -257,6 +262,10 @@ class WOStackUpgradeController(CementBaseController): .format(WOVariables.wo_phpmyadmin), '{0}22222/htdocs/db/pma/' .format(WOVariables.wo_webroot)) + WOFileUtils.chown(self, "{0}22222/htdocs" + .format(WOVariables.wo_webroot), + WOVariables.wo_php_user, + WOVariables.wo_php_user, recursive=True) Log.info(self, "Successfully updated packages") else: diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 987aab4..d79b947 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -1,124 +1,125 @@ -user www-data; -worker_processes auto; -worker_cpu_affinity auto; -worker_rlimit_nofile 100000; -pid /run/nginx.pid; - -pcre_jit on; - -events { - multi_accept on; - worker_connections 50000; - accept_mutex on; - use epoll; -} - - -http { - - ## - # WordOps Settings - ## - - # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ - # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio - aio threads; - - server_tokens off; - reset_timedout_connection on; - more_set_headers "X-Powered-By : WordOps"; - - # Limit Request - limit_req_status 403; - limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; - - # Proxy Settings - # set_real_ip_from proxy-server-ip; - # real_ip_header X-Forwarded-For; - - fastcgi_read_timeout 300; - client_max_body_size 100m; - - # ngx_vts_module - vhost_traffic_status_zone; - - # tls dynamic records patch directive - ssl_dyn_rec_enable on; - - ## - # SSL Settings - ## - - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - ssl_prefer_server_ciphers on; - {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; - ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} - ssl_ecdh_curve X25519:P-521:P-384:P-256; - # Previous TLS v1.2 configuration - {{^tls13}}ssl_protocols TLSv1.2; - ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} - - # Common security headers - more_set_headers "X-Frame-Options : SAMEORIGIN"; - more_set_headers "X-Xss-Protection : 1; mode=block"; - more_set_headers "X-Content-Type-Options : nosniff"; - more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; - more_set_headers "X-Download-Options : noopen"; - - # oscp settings - resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s; - resolver_timeout 10; - ssl_stapling on; - - ## - # Basic Settings - ## - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - access_log off; - error_log /var/log/nginx/error.log; - - # Log format Settings - log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' - '$http_host "$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent" "$server_protocol"'; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} +user www-data; +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 100000; +pid /run/nginx.pid; + +pcre_jit on; + +events { + multi_accept on; + worker_connections 50000; + accept_mutex on; + use epoll; +} + + +http { + ## + # WordOps Settings + ## + + keepalive_timeout 8; + + # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ + # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio + aio threads; + + server_tokens off; + reset_timedout_connection on; + more_set_headers "X-Powered-By : WordOps"; + + # Limit Request + limit_req_status 403; + limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; + + # Proxy Settings + # set_real_ip_from proxy-server-ip; + # real_ip_header X-Forwarded-For; + + fastcgi_read_timeout 300; + client_max_body_size 100m; + + # ngx_vts_module + vhost_traffic_status_zone; + + # tls dynamic records patch directive + ssl_dyn_rec_enable on; + + ## + # SSL Settings + ## + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; + ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} + ssl_ecdh_curve X25519:P-521:P-384:P-256; + # Previous TLS v1.2 configuration + {{^tls13}}ssl_protocols TLSv1.2; + ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} + + # Common security headers + more_set_headers "X-Frame-Options : SAMEORIGIN"; + more_set_headers "X-Xss-Protection : 1; mode=block"; + more_set_headers "X-Content-Type-Options : nosniff"; + more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; + more_set_headers "X-Download-Options : noopen"; + + # oscp settings + resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s; + resolver_timeout 10; + ssl_stapling on; + + ## + # Basic Settings + ## + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log off; + error_log /var/log/nginx/error.log; + + # Log format Settings + log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' + '$http_host "$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$server_protocol"'; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/wo/cli/templates/tweaks.mustache b/wo/cli/templates/tweaks.mustache index 141db61..6f7f56f 100644 --- a/wo/cli/templates/tweaks.mustache +++ b/wo/cli/templates/tweaks.mustache @@ -16,7 +16,6 @@ tcp_nopush on; tcp_nodelay on; - keepalive_timeout 8; keepalive_requests 500; keepalive_disable msie6; diff --git a/wo/core/logging.py b/wo/core/logging.py index 84a3508..89a53da 100644 --- a/wo/core/logging.py +++ b/wo/core/logging.py @@ -24,6 +24,7 @@ class Log: if exit: self.app.close(1) + def info(self, msg, end='\n', log=True): """ Logs info messages into log file diff --git a/wo/core/variables.py b/wo/core/variables.py index 7c6b6c4..7069670 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -10,7 +10,7 @@ class WOVariables(): """Intialization of core variables""" # WordOps version - wo_version = "3.9.8" + wo_version = "3.9.8.1" # WordOps packages versions wo_wp_cli = "2.2.0" wo_adminer = "4.7.2"