Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #119 from WordOps/updating-configuration

Browse Source 
Updating configuration
This commit is contained in:
VirtuBox
2019-08-18 12:43:40 +02:00
committed by GitHub
parent 042ac2a9eb a5d0eed9a7
commit f9cbc872c1
16 changed files with 571 additions and 521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.editorconfig
View File

@@ -5,5 +5,5 @@ indent_style = space
indent_size = 4 indent_size = 4
end_of_line = lf end_of_line = lf
charset = utf-8 charset = utf-8
trim_trailing_whitespace = false trim_trailing_whitespace = true
insert_final_newline = false insert_final_newline = false

695
CHANGELOG.md
View File

@@ -1,344 +1,353 @@
# Changelog # Changelog
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## Releases ## Releases
### v3.9.x - [Unreleased] ### v3.9.x - [Unreleased]
#### Changed ### v3.9.8.1 - 2019-08-18
- Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf #### Added
#### Fixed - WordOps backend is automatically secured by the first Let's Encrypt SSL certificate issued
- MySQLTuner installation #### Changed
- `wo stack remove/purge --all`
- variable substitution in install script - Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf
### v3.9.8 - 2019-08-16 #### Fixed
#### Added - MySQLTuner installation
- `wo stack remove/purge --all`
- Allow web browser caching for json and webmanifest files - variable substitution in install script
- nginx-core.mustache template used to render nginx.conf during stack setup - `wo stack upgrade --phpmyadmin/--dashboard`
- APT Packages configuration step with `wo stack upgrade` to apply new configurations - phpmyadmin blowfish_secret key length
- Cloudflare restore real_ip configuration - Cement App not exiting on close in case of error
- WP-Rocket plugin support with the flag `--wprocket`
- Cache-Enabler plugin support with the flag `--wpce` ### v3.9.8 - 2019-08-16
- Install unattended-upgrade and enable automated security updates
- Enable time synchronization with ntp #### Added
- Additional cache exception for woocommerce
- Allow web browser caching for json and webmanifest files
#### Changed - nginx-core.mustache template used to render nginx.conf during stack setup
- APT Packages configuration step with `wo stack upgrade` to apply new configurations
- Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected - Cloudflare restore real_ip configuration
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf - WP-Rocket plugin support with the flag `--wprocket`
- Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default) - Cache-Enabler plugin support with the flag `--wpce`
- Moving package configuration in a new plugin stack_pref.py - Install unattended-upgrade and enable automated security updates
- Cleanup templates by removing all doublons (with/without php7) and replacing them with variables - Enable time synchronization with ntp
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered - Additional cache exception for woocommerce
- Disable temporary adding swap feature (not working)
- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration #### Changed
#### Fixed - Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected
- Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf
- Error in HSTS header syntax - Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default)
- Moving package configuration in a new plugin stack_pref.py
### v3.9.7.2 - 2019-08-12 - Cleanup templates by removing all doublons (with/without php7) and replacing them with variables
- Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered
#### Fixed - Disable temporary adding swap feature (not working)
- `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration
- redis.conf permissions additional fix
#### Fixed
### v3.9.7.1 - 2019-08-09
- Error in HSTS header syntax
#### Changed
### v3.9.7.2 - 2019-08-12
- Set WordOps backend password length from 16 to 24
- Upgrade framework cement to 2.6.0 #### Fixed
- Upgrade PyMySQL to 0.9.3
- Upgrade Psutil to 5.6.3 - redis.conf permissions additional fix
#### Fixed ### v3.9.7.1 - 2019-08-09
- Missing import in `wo sync` #### Changed
- redis.conf incorrect permissions
- Set WordOps backend password length from 16 to 24
### v3.9.7 - 2019-08-02 - Upgrade framework cement to 2.6.0
- Upgrade PyMySQL to 0.9.3
#### Added - Upgrade Psutil to 5.6.3
- MySQL configuration tuning #### Fixed
- Cronjob to optimize MySQL databases weekly
- WO-kernel systemd service to automatically apply kernel tweaks on server startup - Missing import in `wo sync`
- Proftpd stack now secured with TLS - redis.conf incorrect permissions
- New Nginx package built with Brotli from operating system libraries
- Brotli configuration with only well compressible MIME types ### v3.9.7 - 2019-08-02
- WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag
- More informations during certificate issuance about validation mode selected #### Added
- `--php72` as alternative for `--php`
- Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf - MySQL configuration tuning
- Project Contributing guidelines - Cronjob to optimize MySQL databases weekly
- Project Code of conduct - WO-kernel systemd service to automatically apply kernel tweaks on server startup
- Proftpd stack now secured with TLS
#### Changed - New Nginx package built with Brotli from operating system libraries
- Brotli configuration with only well compressible MIME types
- `wo maintenance` refactored - WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag
- Improved debug log - More informations during certificate issuance about validation mode selected
- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..) - `--php72` as alternative for `--php`
- Adminer updated to v4.7.2 - Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf
- eXtplorer updated to v2.1.13 - Project Contributing guidelines
- Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues - Project Code of conduct
- Several code quality improvements to speed up WordOps execution
- Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks) #### Changed
- Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration
- `wo maintenance` refactored
#### Fixed - Improved debug log
- Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..)
- Kernel tweaks were not applied without server reboot - Adminer updated to v4.7.2
- Fail2ban standalone install - eXtplorer updated to v2.1.13
- `wo stack purge --all` error due to PHP7.3 check - Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues
- Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache - Several code quality improvements to speed up WordOps execution
- phpRedisAdmin stack installation - Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks)
- Fixed Travis CI build on pull requests - Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration
- Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade
#### Fixed
### v3.9.6.2 - 2019-07-24
- Kernel tweaks were not applied without server reboot
#### Changed - Fail2ban standalone install
- `wo stack purge --all` error due to PHP7.3 check
- Improve `wo update` process duration - Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache
- Improve package install/upgrade/remove process - phpRedisAdmin stack installation
- Fixed Travis CI build on pull requests
#### Fixed - Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade
- phpMyAdmin archive download link archive ### v3.9.6.2 - 2019-07-24
- Arguments `--letsencrypt=clean/purge`
- Incorrect directory removal during stack upgrade #### Changed
### v3.9.6.1 - 2019-07-23 - Improve `wo update` process duration
- Improve package install/upgrade/remove process
#### Fixed
#### Fixed
- Typo in `--letsencrypt=subdomain`
- phpMyAdmin upgrade archive extraction - phpMyAdmin archive download link archive
- Error in the command `wo update`. Please `wo update --beta` as workaround - Arguments `--letsencrypt=clean/purge`
- Incorrect directory removal during stack upgrade
### v3.9.6 - 2019-07-20
### v3.9.6.1 - 2019-07-23
#### Added
#### Fixed
- New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records
- phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin` - Typo in `--letsencrypt=subdomain`
- Wildcard SSL Certificates support with DNS validation - phpMyAdmin upgrade archive extraction
- Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard - Error in the command `wo update`. Please `wo update --beta` as workaround
- Flag `--letsencrypt=clean` to purge a previous SSL configuration
- Support for Debian 10 buster (testing - not ready for production) ### v3.9.6 - 2019-07-20
- Fail2ban with custom jails to secure WordPress & SSH
- Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght #### Added
- ProFTPd stack with UFW & Fail2ban configurationz
- Beta branch and command `wo update --beta` for beta releases - New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records
- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases) - phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin`
- Wildcard SSL Certificates support with DNS validation
#### Fixed - Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard
- Flag `--letsencrypt=clean` to purge a previous SSL configuration
- Nginx was not reloaded after enabling HSTS - Support for Debian 10 buster (testing - not ready for production)
- Netdata, Composer & Fail2Ban stack remove and purge - Fail2ban with custom jails to secure WordPress & SSH
- WordPress not installed by `wo site update` with basic php73 sites - Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght
- ProFTPd stack with UFW & Fail2ban configurationz
### v3.9.5.4 - 2019-07-13 - Beta branch and command `wo update --beta` for beta releases
- Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases)
#### Added
#### Fixed
- New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c)
- Netdata upgrade with `wo stack upgrade --netdata` - Nginx was not reloaded after enabling HSTS
- Netdata stack remove/purge - Netdata, Composer & Fail2Ban stack remove and purge
- WordPress not installed by `wo site update` with basic php73 sites
#### Changed
### v3.9.5.4 - 2019-07-13
- phpRedisAdmin is now installed with the stack `--admin`
- Remove memcached - not required anymore #### Added
#### Fixed - New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c)
- Netdata upgrade with `wo stack upgrade --netdata`
- phpRedisAdmin installation - Netdata stack remove/purge
- Duplicated locations /robots.txt after upgrade to v3.9.5.3
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off` #### Changed
- pt-query-advisor dead link
- Netdata persistant configuration - phpRedisAdmin is now installed with the stack `--admin`
- Remove memcached - not required anymore
### v3.9.5.3 - 2019-06-18
#### Fixed
#### Added
- phpRedisAdmin installation
- Argument `--preserve` with the command `wo update` to keep current Nginx configuration - Duplicated locations /robots.txt after upgrade to v3.9.5.3
- Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off`
#### Fixed - pt-query-advisor dead link
- Netdata persistant configuration
- Nginx upgrade failure when running wo update
### v3.9.5.3 - 2019-06-18
### v3.9.5.2 - 2019-06-17
#### Added
#### Added
- Argument `--preserve` with the command `wo update` to keep current Nginx configuration
- Non-interactive install/upgrade
- Argument `--force` with the command `wo update` #### Fixed
- Argument `-s|--silent` to perform non interactive installation
- Nginx upgrade failure when running wo update
#### Changed
### v3.9.5.2 - 2019-06-17
- robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php
#### Added
#### Fixed
- Non-interactive install/upgrade
- WP_CACHE_KEY_SALT set twice with wpredis - Argument `--force` with the command `wo update`
- WordOps version check when using `wo update` - Argument `-s|--silent` to perform non interactive installation
- robots.txt file download if not created
- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82) #### Changed
### v3.9.5.1 - 2019-05-10 - robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php
#### Fixed #### Fixed
- Adminer download link - WP_CACHE_KEY_SALT set twice with wpredis
- WordOps version check when using `wo update`
### v3.9.5 - 2019-05-02 - robots.txt file download if not created
- PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82)
#### Added
### v3.9.5.1 - 2019-05-10
- IPv6 support with HTTPS
- Brotli support in Nginx #### Fixed
- Let's Encrypt support with --proxy
- Install script handle migration from EEv3 - Adminer download link
- load-balancing on unix socket for php-fpm
- stub_status vhost for metrics ### v3.9.5 - 2019-05-02
- `--letsencrypt=subdomain` option
- opcache optimization for php-fpm #### Added
- EasyEngine configuration backup before migration
- EasyEngine configuration cleanup after migration - IPv6 support with HTTPS
- WordOps configuration backup before upgrade - Brotli support in Nginx
- Previous acme.sh certs migration - Let's Encrypt support with --proxy
- "wo maintenance" command to perform server package update & cleanup - Install script handle migration from EEv3
- Support for Netdata on backend : https://server.hostname:22222/netdata/ - load-balancing on unix socket for php-fpm
- New Stacks : composer and netdata - stub_status vhost for metrics
- additional argument for letsencrypt : --hsts - `--letsencrypt=subdomain` option
- Clean Theme for adminer - opcache optimization for php-fpm
- Credits for tools shipped with WordOps - EasyEngine configuration backup before migration
- Cache exception for Easy Digital Download - EasyEngine configuration cleanup after migration
- Additional cache exceptions for Woocommerce - WordOps configuration backup before upgrade
- MySQL monitoring with Netdata - Previous acme.sh certs migration
- WordOps-dashboard on 22222, can be installed with `wo stack install` - "wo maintenance" command to perform server package update & cleanup
- Extplorer filemanager in WordOps backend - Support for Netdata on backend : https://server.hostname:22222/netdata/
- Enable OSCP Stapling with Let's Encrypt - New Stacks : composer and netdata
- Compress database backup with pigz (faster than gzip) before updating sites - additional argument for letsencrypt : --hsts
- Support for Ubuntu 19.04 (disco) - few php extensions missing - Clean Theme for adminer
- Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+ - Credits for tools shipped with WordOps
- backup letsencrypt certificate before upgrade - Cache exception for Easy Digital Download
- directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure - Additional cache exceptions for Woocommerce
- EasyEngine cronjob removal during install - MySQL monitoring with Netdata
- Kernel tweaks via systctl.conf - WordOps-dashboard on 22222, can be installed with `wo stack install`
- open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache - Extplorer filemanager in WordOps backend
- Enable OSCP Stapling with Let's Encrypt
#### Changed - Compress database backup with pigz (faster than gzip) before updating sites
- Support for Ubuntu 19.04 (disco) - few php extensions missing
- letsencrypt stack refactored with acme.sh - Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+
- letsencrypt validation with webroot folder - backup letsencrypt certificate before upgrade
- hardened nginx ssl_ecdh_curve - directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure
- Update phpredisadmin - EasyEngine cronjob removal during install
- Increase MySQL root password size to 24 characters - Kernel tweaks via systctl.conf
- Increase MySQL users password size to 24 characters - open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache
- Nginx locations template is the same for php7.2 & 7.3
- backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf #### Changed
- Install Netdata with static pre-built binaries instead of having to compile it from source
- Nginx updated to new stable release (1.16.0) - letsencrypt stack refactored with acme.sh
- New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore - letsencrypt validation with webroot folder
- hardened nginx ssl_ecdh_curve
#### Fixed - Update phpredisadmin
- Increase MySQL root password size to 24 characters
- PHP 7.3 extras when php 7.2 isn't installed - Increase MySQL users password size to 24 characters
- acme.sh installation - Nginx locations template is the same for php7.2 & 7.3
- acme.sh alias with config home variable - backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf
- deb.sury.org repository gpg key - Install Netdata with static pre-built binaries instead of having to compile it from source
- Nginx upgrade from previous WordOps release - Nginx updated to new stable release (1.16.0)
- Force new Nginx templates during update - New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore
- Error message about missing my.cnf file during upgrade
- PHP 7.2 & PHP 7.3 pool configuration during upgrade #### Fixed
- WordOps backup directory creation before upgrade
- EasyEngine database sync during migration - PHP 7.3 extras when php 7.2 isn't installed
- fix command "wo info" - acme.sh installation
- phpmyadmin install with composer - acme.sh alias with config home variable
- command "wo clean --memcached" - deb.sury.org repository gpg key
- phpredisadmin setup - Nginx upgrade from previous WordOps release
- --hsts flag with basic html site - Force new Nginx templates during update
- hsts flag on site not secure with letsencrypt - Error message about missing my.cnf file during upgrade
- fix import of previous acme.sh certificate - PHP 7.2 & PHP 7.3 pool configuration during upgrade
- fix proxy webroot folder creation - WordOps backup directory creation before upgrade
- EasyEngine database sync during migration
### v3.9.4 - 2019-03-15 - fix command "wo info"
- phpmyadmin install with composer
#### Added - command "wo clean --memcached"
- phpredisadmin setup
- Nginx module nginx_vts - --hsts flag with basic html site
- Migration script from nginx-ee to nginx-wo - hsts flag on site not secure with letsencrypt
- Support for Debian 9 (testing) - fix import of previous acme.sh certificate
- New Nginx build v1.14.2 - fix proxy webroot folder creation
#### Changed ### v3.9.4 - 2019-03-15
- Update WP-CLI version to 2.1.0 #### Added
- Update Adminer to 4.6.2
- Update predis to v1.1.1 - Nginx module nginx_vts
- Refactored nginx.conf - Migration script from nginx-ee to nginx-wo
- Removed HHVM Stack - Support for Debian 9 (testing)
- Removed old linux distro checks - New Nginx build v1.14.2
- Replace wo-acme-sh by acme.sh
#### Changed
#### Fixed
- Update WP-CLI version to 2.1.0
- Outdated Nginx ssl_ciphers suite - Update Adminer to 4.6.2
- Debian 9 nginx build - Update predis to v1.1.1
- Refactored nginx.conf
### v3.9.3 - 2019-03-07 - Removed HHVM Stack
- Removed old linux distro checks
#### Changed - Replace wo-acme-sh by acme.sh
- Updated Nginx fastcgi_cache templates #### Fixed
- Updated Nginx redis_cache templates
- Updated Nginx wp-super-cache templates - Outdated Nginx ssl_ciphers suite
- Updated Nginx configuration for WordPress 5.0 - Debian 9 nginx build
- remove --experimental args
- MariaDB version bumped to 10.3 ### v3.9.3 - 2019-03-07
- Refactored Changelog
- Updated WO manual #### Changed
- Updated WO bash_completion
- Refactored README.md - Updated Nginx fastcgi_cache templates
- Updated Nginx redis_cache templates
#### Added - Updated Nginx wp-super-cache templates
- Updated Nginx configuration for WordPress 5.0
- Add WebP image support with Nginx mapping - remove --experimental args
- Add PHP 7.3 support - MariaDB version bumped to 10.3
- WordPress $skip_cache variable mapping - Refactored Changelog
- Updated WO manual
#### Fixed - Updated WO bash_completion
- Refactored README.md
- Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21))
- wo update command ([#7](https://github.com/WordOps/WordOps/issues/7)) #### Added
- Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12))
- Fix WP-CLI install - Add WebP image support with Nginx mapping
- Add PHP 7.3 support
### v3.9.2 - 2018-11-30 - WordPress $skip_cache variable mapping
#### Changed #### Fixed
- Re-branded the fork to WordOps - Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21))
- Codebase cleanup - wo update command ([#7](https://github.com/WordOps/WordOps/issues/7))
- Set PHP 7.2 as the default - Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12))
- Included support for newer OS releases - Fix WP-CLI install
- Reworked the HTTPS configuration
- Added more automated testing with Redis ### v3.9.2 - 2018-11-30
- Replaced Postfix with smtp-cli
- Dropped mail services #### Changed
- Re-branded the fork to WordOps
- Codebase cleanup
- Set PHP 7.2 as the default
- Included support for newer OS releases
- Reworked the HTTPS configuration
- Added more automated testing with Redis
- Replaced Postfix with smtp-cli
- Dropped mail services
- Dropped w3tc support - Dropped w3tc support

26
config/bash_completion.d/wo_auto.rc
View File

@@ -79,7 +79,7 @@ _wo_complete()
;; ;;
"upgrade" ) "upgrade" )
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --no-prompt --wpcli" \ -W "--web --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --no-prompt --wpcli" \
-- $cur) ) -- $cur) )
;; ;;
"start" | "stop" | "reload" | "restart" | "status") "start" | "stop" | "reload" | "restart" | "status")
@@ -159,13 +159,13 @@ _wo_complete()
"create") "create")
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -W "--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --proxy= --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-- $cur) ) -- $cur) )
;; ;;
"update") "update")
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \
-W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \ -W "--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=subdomain -le=wildcard --dns --dns=dns_cf --dns=dns_do" \
-- $cur) ) -- $cur) )
;; ;;
"delete") "delete")
@@ -211,9 +211,9 @@ _wo_complete()
"--wp") "--wp")
if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[1]} != "debug" ]; then
if [ ${COMP_WORDS[2]} == "create" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73" retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=subdomain --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73"
elif [ ${COMP_WORDS[2]} == "update" ]; then elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do" retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do"
else else
retlist="" retlist=""
fi fi
@@ -230,9 +230,9 @@ _wo_complete()
"--wpsubdir" | "--wpsubdomain") "--wpsubdir" | "--wpsubdomain")
if [ ${COMP_WORDS[1]} != "debug" ]; then if [ ${COMP_WORDS[1]} != "debug" ]; then
if [ ${COMP_WORDS[2]} == "create" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do" retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --php73 --dns --dns=dns_cf --dns=dns_do"
elif [ ${COMP_WORDS[2]} == "update" ]; then elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
else else
retlist="" retlist=""
fi fi
@@ -246,9 +246,9 @@ _wo_complete()
-- $cur) ) -- $cur) )
;; ;;
"--wpredis --wprocket" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") "--wpredis --wprocket --wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp")
if [ ${COMP_WORDS[2]} == "create" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
else else
retlist="" retlist=""
fi fi
@@ -259,9 +259,9 @@ _wo_complete()
-- $cur) ) -- $cur) )
;; ;;
"--wpredis --wprocket" | "--wpfc") "--wpredis --wprocket --wpce" | "--wpfc")
if [ ${COMP_WORDS[2]} == "update" ]; then if [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do" retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew --letsencrypt=clean -le --dns --dns=dns_cf --dns=dns_do"
else else
retlist="" retlist=""
fi fi
@@ -314,7 +314,7 @@ _wo_complete()
elif [ ${COMP_WORDS[2]} == "delete" ]; then elif [ ${COMP_WORDS[2]} == "delete" ]; then
retlist="--db --files --force" retlist="--db --files --force"
elif [ ${COMP_WORDS[2]} == "update" ]; then elif [ ${COMP_WORDS[2]} == "update" ]; then
retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew" retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=off --letsencrypt=renew"
else else
retlist="" retlist=""
fi fi
@@ -363,7 +363,7 @@ _wo_complete()
case "$mprev" in case "$mprev" in
"--user" | "--email" | "--pass") "--user" | "--email" | "--pass")
if [ ${COMP_WORDS[2]} == "create" ]; then if [ ${COMP_WORDS[2]} == "create" ]; then
retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do" retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --letsencrypt --letsencrypt=subdomain --letsencrypt=wildcard -le --dns --dns=dns_cf --dns=dns_do"
fi fi
ret="${retlist[@]/$prev}" ret="${retlist[@]/$prev}"
COMPREPLY=( $(compgen \ COMPREPLY=( $(compgen \

48
install
View File

@@ -7,10 +7,11 @@
# Copyright (c) 2019 - WordOps # Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T # This script is licensed under M.I.T
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
# Version 3.9.8 - 2019-08-17 # wget -qO wo wops.cc && sudo bash wo
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
readonly wo_version_old="2.2.3" # Version 3.9.8.1 - 2019-08-18
readonly wo_version_new="3.9.8" # -------------------------------------------------------------------------
# CONTENTS # CONTENTS
# --- # ---
# 1. VARIABLES AND DECLARATIONS # 1. VARIABLES AND DECLARATIONS
@@ -87,22 +88,32 @@ done
### ###
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
wo_lib_echo_fail "Sudo privilege required..." wo_lib_echo_fail "Sudo privilege required..."
wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash" wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo "
exit 100 exit 100
fi fi
###
# 1- Update the apt sewers with fresh info
###
export DEBIAN_FRONTEND=noninteractive
[ -z "$wo_travis" ] && {
apt-get update -qq
}
if [ -z "$(command -v curl)" ]; then
apt-get -y install curl -qq
fi
if [ -f ./setup.py ]; then
readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1)
else
readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1)
fi
echo "" echo ""
wo_lib_echo "Welcome to WordOps install script v${wo_version_new}" wo_lib_echo "Welcome to WordOps install script v${wo_version_new}"
echo "" echo ""
###
# 1- Update the apt sewers with fresh info
###
[ -z "$wo_travis" ] && {
wo_lib_echo "Updating apt-get repository info"
apt-get update -qq
}
### ###
# 1- Check whether lsb_release is installed, and if not, install it # 1- Check whether lsb_release is installed, and if not, install it
### ###
@@ -176,7 +187,7 @@ fi
wo_install_dep() { wo_install_dep() {
{ {
export DEBIAN_FRONTEND=noninteractive
[ -z "$wo_travis" ] && { [ -z "$wo_travis" ] && {
# update server packages # update server packages
apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet
@@ -186,7 +197,7 @@ wo_install_dep() {
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
add-apt-repository ppa:wordops/nginx-wo -yu add-apt-repository ppa:wordops/nginx-wo -yu
else else
# install dependencies # install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
@@ -315,13 +326,6 @@ wo_sync_db() {
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
wo_lib_echo "Updating WordOps Database"
echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db
fi fi
# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
@@ -735,7 +739,7 @@ else
# 1 - WO already installed # 1 - WO already installed
if [ -x /usr/local/bin/wo ]; then if [ -x /usr/local/bin/wo ]; then
if ! { if ! {
wo -v 2>&1 | grep $wo_version_new wo -v 2>&1 | grep -q "$wo_version_new"
} || [ "$wo_force_install" = "y" ]; then } || [ "$wo_force_install" = "y" ]; then
if [ -z "$wo_force_install" ]; then if [ -z "$wo_force_install" ]; then
echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER

2
setup.py
View File

@@ -57,7 +57,7 @@ if not os.path.isfile('/root/.gitconfig'):
shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig')
setup(name='wo', setup(name='wo',
version='3.9.8', version='3.9.8.1',
description=long_description, description=long_description,
long_description=long_description, long_description=long_description,
classifiers=[], classifiers=[],

2
wo/cli/main.py
View File

@@ -65,6 +65,8 @@ class WOApp(foundation.CementApp):
debug = TOGGLE_DEBUG debug = TOGGLE_DEBUG
exit_on_close = True
class WOTestApp(WOApp): class WOTestApp(WOApp):
"""A test app that is better suited for testing.""" """A test app that is better suited for testing."""

12
wo/cli/plugins/site.py
View File

@@ -8,8 +8,10 @@ from wo.core.domainvalidate import ValidateDomain
from wo.core.fileutils import WOFileUtils from wo.core.fileutils import WOFileUtils
from wo.cli.plugins.site_functions import * from wo.cli.plugins.site_functions import *
from wo.core.services import WOService from wo.core.services import WOService
from wo.cli.plugins.sitedb import * from wo.cli.plugins.sitedb import (addNewSite, getSiteInfo,
updateSiteInfo, deleteSiteInfo, getAllsites)
from wo.core.git import WOGit from wo.core.git import WOGit
from wo.core.logging import Log
from subprocess import Popen from subprocess import Popen
from wo.core.nginxhashbucket import hashbucket from wo.core.nginxhashbucket import hashbucket
import os import os
@@ -29,6 +31,7 @@ class WOSiteController(CementBaseController):
label = 'site' label = 'site'
stacked_on = 'base' stacked_on = 'base'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = ('Performs website specific operations') description = ('Performs website specific operations')
arguments = [ arguments = [
(['site_name'], (['site_name'],
@@ -248,6 +251,7 @@ class WOSiteEditController(CementBaseController):
label = 'edit' label = 'edit'
stacked_on = 'site' stacked_on = 'site'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = ('Edit Nginx configuration of site') description = ('Edit Nginx configuration of site')
arguments = [ arguments = [
(['site_name'], (['site_name'],
@@ -301,6 +305,7 @@ class WOSiteCreateController(CementBaseController):
label = 'create' label = 'create'
stacked_on = 'site' stacked_on = 'site'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = ('this commands set up configuration and installs ' description = ('this commands set up configuration and installs '
'required files as options are provided') 'required files as options are provided')
arguments = [ arguments = [
@@ -805,6 +810,7 @@ class WOSiteUpdateController(CementBaseController):
label = 'update' label = 'update'
stacked_on = 'site' stacked_on = 'site'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = ('This command updates websites configuration to ' description = ('This command updates websites configuration to '
'another as per the options are provided') 'another as per the options are provided')
arguments = [ arguments = [
@@ -1027,7 +1033,7 @@ class WOSiteUpdateController(CementBaseController):
data = dict(site_name=wo_domain, www_domain=wo_www_domain, data = dict(site_name=wo_domain, www_domain=wo_www_domain,
static=False, basic=True, wp=False, wpfc=False, static=False, basic=True, wp=False, wpfc=False,
wpsc=False, wpredis=False, wprocket=False, wpce=False, wpsc=False, wpredis=False, wprocket=False, wpce=False,
multisite=False,wpsubdir=False, webroot=wo_site_webroot, multisite=False, wpsubdir=False, webroot=wo_site_webroot,
wo_db_name='', wo_db_user='', wo_db_pass='', wo_db_name='', wo_db_user='', wo_db_pass='',
wo_db_host='', wo_db_host='',
currsitetype=oldsitetype, currcachetype=oldcachetype) currsitetype=oldsitetype, currcachetype=oldcachetype)
@@ -1741,6 +1747,7 @@ class WOSiteDeleteController(CementBaseController):
label = 'delete' label = 'delete'
stacked_on = 'site' stacked_on = 'site'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = 'delete an existing website' description = 'delete an existing website'
arguments = [ arguments = [
(['site_name'], (['site_name'],
@@ -1878,6 +1885,7 @@ class WOSiteListController(CementBaseController):
label = 'list' label = 'list'
stacked_on = 'site' stacked_on = 'site'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = 'List websites' description = 'List websites'
arguments = [ arguments = [
(['--enabled'], (['--enabled'],

19
wo/cli/plugins/site_functions.py
View File

@@ -8,15 +8,15 @@ import string
import subprocess import subprocess
from subprocess import CalledProcessError from subprocess import CalledProcessError
from wo.cli.plugins.sitedb import * from wo.cli.plugins.sitedb import getSiteInfo
from wo.cli.plugins.stack import WOStackController from wo.cli.plugins.stack import WOStackController
from wo.core.aptget import WOAptGet from wo.core.aptget import WOAptGet
from wo.core.fileutils import WOFileUtils from wo.core.fileutils import WOFileUtils
from wo.core.git import WOGit from wo.core.git import WOGit
from wo.core.logging import Log from wo.core.logging import Log
from wo.core.mysql import * from wo.core.mysql import WOMysql
from wo.core.services import WOService from wo.core.services import WOService
from wo.cli.plugins.stack_pref import pre_pref, post_pref from wo.cli.plugins.stack_pref import post_pref
from wo.core.shellexec import CommandExecutionError, WOShellExec from wo.core.shellexec import CommandExecutionError, WOShellExec
from wo.core.sslutils import SSL from wo.core.sslutils import SSL
from wo.core.variables import WOVariables from wo.core.variables import WOVariables
@@ -1365,6 +1365,19 @@ def setupLetsEncrypt(self, wo_domain_name, subdomain=False, wildcard=False,
.format(WOVariables.wo_ssl_live, wo_domain_name)) .format(WOVariables.wo_ssl_live, wo_domain_name))
sslconf.close() sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True) # updateSiteInfo(self, wo_domain_name, ssl=True)
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with {0} certificate"
.format(wo_domain_name))
sslconf = open("/var/www/22222/conf/nginx/ssl.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n"
.format(WOVariables.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"], WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder") msg="Adding letsencrypt folder")

1
wo/cli/plugins/stack.py
View File

@@ -44,6 +44,7 @@ class WOStackController(CementBaseController):
label = 'stack' label = 'stack'
stacked_on = 'base' stacked_on = 'base'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = 'Stack command manages stack operations' description = 'Stack command manages stack operations'
arguments = [ arguments = [
(['--all'], (['--all'],

22
wo/cli/plugins/stack_pref.py
View File

@@ -800,7 +800,7 @@ def post_pref(self, apt_packages, packages):
encoding='utf-8', mode='w') as myfile: encoding='utf-8', mode='w') as myfile:
myfile.write("<?php\nphpinfo();\n?>") myfile.write("<?php\nphpinfo();\n?>")
WOFileUtils.chown(self, "{0}22222" WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True) WOVariables.wo_php_user, recursive=True)
@@ -964,7 +964,7 @@ def post_pref(self, apt_packages, packages):
encoding='utf-8', mode='w') as myfile: encoding='utf-8', mode='w') as myfile:
myfile.write("<?php\nphpinfo();\n?>") myfile.write("<?php\nphpinfo();\n?>")
WOFileUtils.chown(self, "{0}22222" WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True) WOVariables.wo_php_user, recursive=True)
@@ -1282,7 +1282,7 @@ def post_pref(self, apt_packages, packages):
blowfish_key = ''.join([random.choice blowfish_key = ''.join([random.choice
(string.ascii_letters + (string.ascii_letters +
string.digits) string.digits)
for n in range(25)]) for n in range(32)])
WOFileUtils.searchreplace(self, WOFileUtils.searchreplace(self,
'{0}22222/htdocs/db/pma' '{0}22222/htdocs/db/pma'
'/config.inc.php' '/config.inc.php'
@@ -1304,8 +1304,10 @@ def post_pref(self, apt_packages, packages):
"[\'Servers\'][$i][\'host\'] = \'{0}\';" "[\'Servers\'][$i][\'host\'] = \'{0}\';"
.format(WOVariables.wo_mysql_host)) .format(WOVariables.wo_mysql_host))
Log.debug(self, 'Setting Privileges of webroot permission to ' Log.debug(self, 'Setting Privileges of webroot permission to '
'{0}22222/htdocs/db/pma file '.format(WOVariables.wo_webroot)) '{0}22222/htdocs/db/pma file '
WOFileUtils.chown(self, '{0}22222'.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,
recursive=True) recursive=True)
@@ -1405,7 +1407,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges to " Log.debug(self, "Setting Privileges to "
"{0}22222/htdocs" "{0}22222/htdocs"
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222' WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,
@@ -1428,7 +1430,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges to " Log.debug(self, "Setting Privileges to "
"{0}22222/htdocs/files" "{0}22222/htdocs/files"
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222' WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,
@@ -1473,7 +1475,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, "Setting Privileges of webroot permission to " Log.debug(self, "Setting Privileges of webroot permission to "
"{0}22222/htdocs/php/webgrind/ file " "{0}22222/htdocs/php/webgrind/ file "
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222' WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,
@@ -1550,7 +1552,7 @@ def post_pref(self, apt_packages, packages):
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
os.makedirs('{0}22222/htdocs/cache/redis/phpRedisAdmin' os.makedirs('{0}22222/htdocs/cache/redis/phpRedisAdmin'
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222' WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,
@@ -1565,7 +1567,7 @@ def post_pref(self, apt_packages, packages):
Log.debug(self, 'Setting Privileges of webroot permission to ' Log.debug(self, 'Setting Privileges of webroot permission to '
'{0}22222/htdocs/cache/file ' '{0}22222/htdocs/cache/file '
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, '{0}22222' WOFileUtils.chown(self, '{0}22222/htdocs'
.format(WOVariables.wo_webroot), .format(WOVariables.wo_webroot),
WOVariables.wo_php_user, WOVariables.wo_php_user,
WOVariables.wo_php_user, WOVariables.wo_php_user,

1
wo/cli/plugins/stack_services.py
View File

@@ -12,6 +12,7 @@ class WOStackStatusController(CementBaseController):
label = 'stack_services' label = 'stack_services'
stacked_on = 'stack' stacked_on = 'stack'
stacked_type = 'embedded' stacked_type = 'embedded'
exit_on_close = True
description = 'Check the stack status' description = 'Check the stack status'
@expose(help="Start stack services") @expose(help="Start stack services")

9
wo/cli/plugins/stack_upgrade.py
View File

@@ -20,6 +20,7 @@ class WOStackUpgradeController(CementBaseController):
label = 'upgrade' label = 'upgrade'
stacked_on = 'stack' stacked_on = 'stack'
stacked_type = 'nested' stacked_type = 'nested'
exit_on_close = True
description = ('Upgrade stack safely') description = ('Upgrade stack safely')
arguments = [ arguments = [
(['--all'], (['--all'],
@@ -229,6 +230,10 @@ class WOStackUpgradeController(CementBaseController):
'wo-dashboard.tar.gz', 'wo-dashboard.tar.gz',
'{0}22222/htdocs' '{0}22222/htdocs'
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
if pargs.composer: if pargs.composer:
Log.info(self, "Upgrading Composer, please wait...") Log.info(self, "Upgrading Composer, please wait...")
@@ -257,6 +262,10 @@ class WOStackUpgradeController(CementBaseController):
.format(WOVariables.wo_phpmyadmin), .format(WOVariables.wo_phpmyadmin),
'{0}22222/htdocs/db/pma/' '{0}22222/htdocs/db/pma/'
.format(WOVariables.wo_webroot)) .format(WOVariables.wo_webroot))
WOFileUtils.chown(self, "{0}22222/htdocs"
.format(WOVariables.wo_webroot),
WOVariables.wo_php_user,
WOVariables.wo_php_user, recursive=True)
Log.info(self, "Successfully updated packages") Log.info(self, "Successfully updated packages")
else: else:

249
wo/cli/templates/nginx-core.mustache
View File

@@ -1,124 +1,125 @@
user www-data; user www-data;
worker_processes auto; worker_processes auto;
worker_cpu_affinity auto; worker_cpu_affinity auto;
worker_rlimit_nofile 100000; worker_rlimit_nofile 100000;
pid /run/nginx.pid; pid /run/nginx.pid;
pcre_jit on; pcre_jit on;
events { events {
multi_accept on; multi_accept on;
worker_connections 50000; worker_connections 50000;
accept_mutex on; accept_mutex on;
use epoll; use epoll;
} }
http { http {
##
## # WordOps Settings
# WordOps Settings ##
##
keepalive_timeout 8;
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
aio threads; # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
aio threads;
server_tokens off;
reset_timedout_connection on; server_tokens off;
more_set_headers "X-Powered-By : WordOps"; reset_timedout_connection on;
more_set_headers "X-Powered-By : WordOps";
# Limit Request
limit_req_status 403; # Limit Request
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip; # Proxy Settings
# real_ip_header X-Forwarded-For; # set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m; fastcgi_read_timeout 300;
client_max_body_size 100m;
# ngx_vts_module
vhost_traffic_status_zone; # ngx_vts_module
vhost_traffic_status_zone;
# tls dynamic records patch directive
ssl_dyn_rec_enable on; # tls dynamic records patch directive
ssl_dyn_rec_enable on;
##
# SSL Settings ##
## # SSL Settings
##
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d;
ssl_session_tickets off; ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on; ssl_session_tickets off;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20'; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}} {{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_ecdh_curve X25519:P-521:P-384:P-256; ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
# Previous TLS v1.2 configuration ssl_ecdh_curve X25519:P-521:P-384:P-256;
{{^tls13}}ssl_protocols TLSv1.2; # Previous TLS v1.2 configuration
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}} {{^tls13}}ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN"; # Common security headers
more_set_headers "X-Xss-Protection : 1; mode=block"; more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "X-Download-Options : noopen"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
# oscp settings
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s; # oscp settings
resolver_timeout 10; resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
ssl_stapling on; resolver_timeout 10;
ssl_stapling on;
##
# Basic Settings ##
## # Basic Settings
# server_names_hash_bucket_size 64; ##
# server_name_in_redirect off; # server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream; include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings ##
## # Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log; access_log off;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' # Log format Settings
'$http_host "$request" $status $body_bytes_sent ' log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'"$http_referer" "$http_user_agent" "$server_protocol"'; '$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Virtual Host Configs ##
## # Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; include /etc/nginx/conf.d/*.conf;
} include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at: #mail {
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # See sample authentication script at:
# # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# # auth_http localhost/auth.php; #
# # pop3_capabilities "TOP" "USER"; # # auth_http localhost/auth.php;
# # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # pop3_capabilities "TOP" "USER";
# # # imap_capabilities "IMAP4rev1" "UIDPLUS";
# server { #
# listen localhost:110; # server {
# protocol pop3; # listen localhost:110;
# proxy on; # protocol pop3;
# } # proxy on;
# # }
# server { #
# listen localhost:143; # server {
# protocol imap; # listen localhost:143;
# proxy on; # protocol imap;
# } # proxy on;
#} # }
#}

1
wo/cli/templates/tweaks.mustache
View File

@@ -16,7 +16,6 @@
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 8;
keepalive_requests 500; keepalive_requests 500;
keepalive_disable msie6; keepalive_disable msie6;

1
wo/core/logging.py
View File

@@ -24,6 +24,7 @@ class Log:
if exit: if exit:
self.app.close(1) self.app.close(1)
def info(self, msg, end='\n', log=True): def info(self, msg, end='\n', log=True):
""" """
Logs info messages into log file Logs info messages into log file

2
wo/core/variables.py
View File

@@ -10,7 +10,7 @@ class WOVariables():
"""Intialization of core variables""" """Intialization of core variables"""
# WordOps version # WordOps version
wo_version = "3.9.8" wo_version = "3.9.8.1"
# WordOps packages versions # WordOps packages versions
wo_wp_cli = "2.2.0" wo_wp_cli = "2.2.0"
wo_adminer = "4.7.2" wo_adminer = "4.7.2"