# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## Releases ### v3.15.0 - [Unreleased] ### v3.14.1 - 2022-02-16 #### Fixed - Cloudflare IP range script ([PR #422](https://github.com/WordOps/WordOps/pull/422)) - Netdata stack installation - Missing php upstream in WordOps backend ### v3.14.0 - 2022-01-26 #### Added - PHP 8.0 and 8.1 support ([PR #413](https://github.com/WordOps/WordOps/pull/413)) - Support arm64 architecture ([PR #392](https://github.com/WordOps/WordOps/pull/392)) #### Changed - Update WP-CLI to v2.6.0 with PHP 8.0/8.1 support - Update adminer to v4.8.1 - Update Redis repository ([PR #377](https://github.com/WordOps/WordOps/pull/377)) - Set PHP 8.0 as default PHP version. Can be changed in `/etc/wo/wo.conf` #### Fixed - WordOps install script issues - acme.sh issues with zero-ssl CA #### v3.13.2 - 2020-10-27 #### Fixed - WordOps install issues on some servers - MariaDB systemd service not fully enabled after upgrade #### v3.13.1 - 2020-10-26 #### Fixed - Python virtualenv configuration - Removing ssl certificate when deleting a site #### v3.13.0 - 2020-10-25 #### Added - MariaDB 10.5 support (installed by default) - Upgrade to MariaDB 10.5 with `wo stack migrate --mariadb` #### Changed - Improved Nginx caching rules to cache requests with query strings related to analytics (utm_, fbclid) - WordOps is installed inside a Python virtual environment in /opt/wo to isolate it from the system's Python libraries #### Fixed - Useless php-cli version removal - Redis 6.0.6 not installed on Ubuntu 20.04 LTS ### v3.12.4 - 2020-10-14 #### Changed - Redis 6.0.6 available on Ubuntu LTS #### Fixed - Avif (AV1 Image Format) & WebP Nginx conditional support([PR #322](https://github.com/WordOps/WordOps/pull/322)) - Sendmail initial configuration with sendmailconfig - SSL certificates export encoding with utf-8 - Nanorc install on Ubuntu 16.04 LTS ### v3.12.3 - 2020-10-13 #### Added - Add avif (AV1 Image Format) support into Nginx ([PR #314](https://github.com/WordOps/WordOps/pull/314)) #### Changed - Use zstd instead of pigz for archive compression - Exclude Nginx_vts status page from traffic calculation ([PR #294](https://github.com/WordOps/WordOps/pull/294)) #### Fixed - fail2ban install without Nginx - Grant MySQL permissions on all MySQL/MariaDB variant ([PR #285](https://github.com/WordOps/WordOps/pull/285)) - PHP PECL extensions and PHP 8.0 issues ### v3.12.2 - 2020-05-15 #### Fixed - Wrong PHP upstream for WordOps backend ### v3.12.1 - 2020-05-14 #### Fixed - Redis repository on Ubuntu 20.04 LTS #### Changed - MariaDB offical repository available for Ubuntu 20.04 LTS ### v3.12.0 - 2020-05-13 #### Added - Set opcache.preload_user for PHP 7.4 - Link to GitHub changelog after WordOps upgrade - Automated PHPMyAdmin and Adminer latest release download and install - Enable Let's Encrypt SSL on sites with http auth (PR [#254](https://github.com/WordOps/WordOps/pull/254)) - Ubuntu 20.04 LTS Support (experimental) - New Nginx 1.18.0 package built with OpenSSL 1.1.1g - Default PHP version can be set in /etc/wo/wo.conf #### Changed - Improved caching rules (PR [#265](https://github.com/WordOps/WordOps/pull/265)) - Default PHP version is now 7.3 #### Fixed - MySQL databases backup when using remote MySQL server - PHPMyAdmin assets missing after installation - Missing WP-CLI argument when switching site URL to https (PR [#257](https://github.com/WordOps/WordOps/pull/257)) - WordOps installation failure with pip - Installation on raspberry pi 4 - Fail2ban configuration when Nginx is not installed - Wo-kernel systemd service start failure - missing letsencrypt settings in wo.conf - MariaDB issue with innodb_buffer_pool_instances ### v3.11.4 - 2020-01-17 #### Fixed - `wo secure --port` variable error - `--letsencrypt` variable error ### v3.11.3 - 2020-01-16 #### Added - Backported Nano editor package for Debian/Ubuntu/Raspbian (which support syntax highlighting with `--nanorc`) - Protect Easy Digital Download files from being accessed directly (PR [#222](https://github.com/WordOps/WordOps/pull/222)) #### Changed - Improved WordOps performance by removing useless imports in `wo site` code - Improved opcache cleaning with `wo clean --opcache` - Force php imagick extension to be enabled after php-fpm install - Netdata upgrade is now performed with fresh install script downloaded from github - Update phpmyadmin to v5.0.1 #### Fixed - Domain IP validation when using CNAME before issuing SSL certificate - Netdata stack purge/remove not working properly - Do not backup all databases when purging `--mysql` stack with remote MySQL server - Netdata upgrade failure due to missing arguments ### v3.11.2 - 2019-12-07 #### Changed - Proxy virtualhost now include proxy_params with X-Forwarded-Proto header - Acme.sh upgrade #### Fixed - Issue with Nginx variables_hash_bucket_size & variables_hash_max_size - Netdata MySQL user error when purging/reinstalling Netdata stack - Fix `wo site cd` ### v3.11.1 - 2019-12-04 #### Added - `--fail2ban` in wo stack upgrade #### Fixed - error with `wo maintenance` - php-igbinary missing for php74 (run `wo stack upgrade` to install it) - opcache reset with `wo clean` ### v3.11.0 - 2019-12-03 #### Added - PHP 7.4 support - Improved Webp images support with Cloudflare (Issue [#95](https://github.com/WordOps/WordOps/issues/95)). Nginx will not serve webp images alternative with Cloudflare IP ranges. - Stack upgrade for adminer - Check acme.sh installation and setup acme.sh if needed before issuing certificate - Add `--ufw` to `wo stack status` - Add Nginx directive `gzip_static on;` to serve precompressed assets with Cache-Enabler or WP-Rocket. (Issue [#207](https://github.com/WordOps/WordOps/issues/207)) #### Changed - Previous `--php73` & `--php73=off` flags are replaced by `--php72`, `--php73`, `--php74` to switch site's php version - phpMyAdmin updated to v4.9.2 - Adminer updated to v4.7.5 - Replace dot and dashes by underscores in database names (Issue [#206](https://github.com/WordOps/WordOps/issues/206)) - Increased database name length to 32 characters from domain name + 8 random characters #### Fixed - typo error in motd-news script (Issue [#204](https://github.com/WordOps/WordOps/issues/204)) - Install Nginx before ngxblocker - WordOps install/update script text color - Issue with MySQL stack on Raspbian 9/10 - Typo error (PR [#205](https://github.com/WordOps/WordOps/pull/205)) - php version in `wo debug` (PR [#209](https://github.com/WordOps/WordOps/pull/209)) - SSL certificates expiration display with shared wildcard certificates ### v3.10.3 - 2019-11-11 #### Added - [ACME] Display warning about sudo usage when issuing certificate with DNS API validation (require `sudo -E`) #### Changed - [ACME] Resolve domain IP over HTTPS with Cloudflare DNS Resolver - [CORE] Cement Framework updated to v2.10.2 - [SITE] database name = 0 to 16 characters from the site name + 4 randomly generated character - [SITE] database user = 0 to 12 characters from the site name + 4 randomy generated character - [STACK] Improve sysctl tweak deployment #### Fixed - [SITE] https redirection missing on subdomains sites - Issues with digitalocean mariadb repository - Cement Framework output handler issues - [CLEAN] check if Nginx is installed before purging fastcgi or opcache ### v3.10.2 - 2019-11-06 #### Added - [STACK] nanorc syntax highlighting for nano editor : `--nanorc` #### Changed - `wo stack remove/purge` without argument print help instead of removing main stacks #### Fixed - Import rtCamp:EasyEngine GPG key to avoid issues with previous nginx repository - Unable to issue certificate for a domain if a subdomain certificate exist - Incorrect WP-CLI path site_url_https function - `wo stack upgrade --ngxblocker` not working properly ### v3.10.1 - 2019-10-30 #### Fixed - WordOps install/upgrade from PyPi ### v3.10.0 - 2019-10-30 #### Added - WordOps is now installed inside a wheel with pip (easier, cleaner and safer) from PyPi - Redis 5.0.6 package backported to Debian 8/9/10 - Custom motd to display a message if a new WordOps release is available - Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed - `wo stack upgrade --ngxblocker` to update ngxblocker blocklist #### Changed - Sysctl tweaks are applied during stack install and removed from install script - Nginx & MariaDB systemd tweaks are removed from install script and applied during stacks install/upgrade - Initial creation of .gitconfig is displayed the first time you run the command `wo` - Added `/var/lib/php/sessions/` to open_basedir to allow php sessions storage - WordOps now check if a repository already exist before trying to adding it again. - Improved SSL certificate error messages by displaying domain IP and server IP - Version check before updating WordOps with `wo update` is now directly handled by `wo` - Refactored WordOps download function with python3-requests - MySQL backup path changed to `/var/lib/wo-backup/mysql` - Do not check anymore if stack are installed with apt in `wo service` but only if there is a systemd service - Refactored `--letsencrypt=renew`. Require the flag `--force` if certificate expiration is more than 45 days - Improve netdata stack upgrade with install from source detection and updater fallback #### Fixed - Incorrect PHP-FPM log path is `wo log` - force-ssl.conf not removed after removing a site - `wo clean --opcache` not working with invalid SSL certificate - `wo stack install --cheat` wasn't working properly previously - `wo info` failure depending on php-fpm pool name. ConfigParser will now detect the section name. ### v3.9.9.4 - 2019-10-18 #### Changed - [STACK] New Nginx package built with libbrotli-dev for all linux distro supported by WordOps #### Fixed - GPG keys error with previous EasyEngine Nginx repository - Issue with `--ngxblocker` stack removal/purge - Install/Update issues with python3 setup.py - WordOps deploying SSL certificate even if acme.sh failed ### v3.9.9.3 - 2019-10-15 #### Added - [STACK] Add Nginx TLS 1.3 0-RTT configuration #### Changed - [STACK] New Nginx package built with OpenSSL_1.1.1d and the latest ngx_brotli module #### Fixed - `wo stack upgrade` when using nginx-ee - `wo secure --auth` - `wo secure --sshport` not working with default ssh config - Issues after APT repositories informations changed - `www` was added to WordPress site url with subdomains [Issue #178](https://github.com/WordOps/WordOps/issues/178) - Issuing certificate with acme.sh for sub.sub-domains not working ### v3.9.9.2 - 2019-10-04 #### Added - [STACK] Nginx server_names_hash_bucket_size automated fix - [STACK] Nginx configuration rollback in case of failure after `wo stack upgrade --nginx` - [STACK] Nginx ultimate bad bots blocker with `wo stack install --ngxblocker` - [STACK] Added support for custom Nginx compiled from source - [STACK] Rollback configuration with Git in case of failure during service reload/restart - [SITE] Enable or disable Nginx ultimate bad bots blocker with `wo site update site.tld --ngxblocker/--ngxblocker=off` #### Changed - [CORE] Query acme.sh database directly to check if a certificate exist - [SITE] `--letsencrypt=renew` is deprecated because not it's not required with acme.sh #### Fixed - [SITE] Issues with root_domain variable with `wo site update` - [SECURE] Wrong sftp-server path in sshd_config - [SITE] Git error when using flag `--vhostonly` - [SITE] Wrong plugin name displayed when installing Cache-Enabler ### v3.9.9.1 - 2019-09-26 #### Added - [SECURE] Allow new ssh port with UFW when running `wo secure --sshport` - [STACK] Additional Nginx directives to prevent access to log files or backup from web browser - [CORE] apt-mirror-updater to select the fastest debian/ubuntu mirror with automatic switching between mirrors if the current mirror is being updated - [SITE] add `--force` to force Let's Encrypt certificate issuance even if DNS check fail - [STACK] check if another mta is installed before installing sendmail - [SECURE] `--allowpassword` to allow password when using `--ssh` with `wo secure` #### Changed - [SECURE] Improved sshd_config template according to Mozilla Infosec guidelines - [STACK] Always add stack configuration into Git before making changes to make rollback easier - [STACK] Render php-fpm pools configuration from template - [STACK] Adminer updated to v4.7.3 #### Fixed - [STACK] UFW setup after removing all stacks with `wo stack purge --all` - [CONFIG] Invalid CORS header - [STACK] PHP-FPM stack upgrade failure due to pool configuration ### v3.9.9 - 2019-09-24 #### Added - [STACK] UFW now available as a stack with flag `--ufw` - [SECURE] `wo secure --ssh` to harden ssh security - [SECURE] `wo secure --sshport` to change ssh port - [SITE] check domain DNS records before issuing a new certificate without DNS API - [STACK] Acme challenge with DNS Alias mode `--dnsalias=aliasdomain.tld` [acme.sh wiki](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode) #### Changed - [APP] WordOps dashboard updated to v1.2, shipped as a html file, it can be used without PHP stack - [STACK] Refactor Let's Encrypt with acme.sh - [STACK] Log error improved with acme.sh depending on the acme challenge (DNS API or Webroot) - [INSTALL] Removed UFW setup from install script - [APP] phpMyAdmin updated to v4.9.1 - [STACK] Commit possible Nginx configuration changes into Git before and after performing tasks (in `wo secure` for example) - [CORE] Update deprecated handlers and hooks registration #### Fixed - [STACK] `wo stack purge --all` failure if mysql isn't installed - [INSTALL] Fix EEv3 files cleanup - [SECURE] Incorrect variable usage in `wo secure --port` - [INSTALL] Fix backup_ee function in install script ### v3.9.8.12 - 2019-09-20 #### Changed - [APP] WP-CLI updated to v2.3.0 - [CORE] Improved SSL certificates management from previous letsencrypt or certbot install - [CORE] Use a separate python file for gitconfig during installation to redirect setup.py output into logs - [CORE] updated cement to v2.8.2 - [CORE] removed old `--experimental flag` - [CORE] Improve and simplify install script #### Fixed - htpasswd protection when migrating from EasyEngine v3 [Issue #152](https://github.com/WordOps/WordOps/issues/152) - acme.sh install when migration from EasyEngine v3 [Issue #153](https://github.com/WordOps/WordOps/issues/153) ### v3.9.8.11 - 2019-09-06 #### Changed - Improved general logs display - UFW configuration is only applied during initial installation if UFW is disabled #### Fixed - Redis-server configuration and start - Nginx upgrade with `wo stack upgrade` ### v3.9.8.10 - 2019-09-04 #### Changed - Improve Let's Encrypt certificate issuance logging informations - MariaDB configuration & optimization is now rendered from a template (can be protected against overwriting with .custom) #### Fixed - Fix cheat.sh install [PR #139](https://github.com/WordOps/WordOps/pull/139) - sslutils error when trying to display SSL certificate expiration - Fix cheat.sh symbolic link check before creation - subdomain detection with complex suffixes like com.br - Fix mariadb install/upgrade when running mariadb-10.1 - Fix mariadb install/upgrade on raspbian and debian 8 - Fix mariadb tuning wrong pool_instance calculation ### v3.9.8.9 - 2019-09-03 #### Added - Rate limiter on wp-cron.php and xmlrpc.php - mime.types template to handle missing extension ttf - try_files directive for favicon - additional settings for fail2ban - asynchronous installer to decrease install/update duration #### Fixed - Several typo or syntax errors - `wo site` errors due to broken symlinks for access.log or error.log - `wo clean` error due to unused memcached flag - MySQL database and user variables overwrited in `wo site` ### v3.9.8.8 - 2019-09-02 #### Added - Sendmail stack to send WordPress welcome email properly - Backup all MySQL databases before removing/purging MySQL stack #### Changed - do not terminate stack install process on errors - WordOps internal log rotation limit increased to 1MB #### Fixed - ufw rules for proftpd not applied - phpredisadmin install - netdata configuration - extplorer installation - add LANG='en_US.UTF-8' in install script - Read public_suffix list with utf8 encoding. Issue [#128](https://github.com/WordOps/WordOps/issues/128) - Netdata uninstall script path. PR [#135](https://github.com/WordOps/WordOps/pull/135) - SSL Certificates expiration for subdomains ### v3.9.8.7 - 2019-08-31 #### Changed - WordPress default permalinks structure from `/%year%/%monthnum%/%day%/%postname%/` -> `/%postname%/` #### Fixed - Error with `wo stack upgrade --nginx` - Install/update script version check - clamAV stack install ### v3.9.8.6 - 2019-08-30 #### Added - Subdomains are automatically secured with an existant Wildcard LetsEncrypt SSL certificate. (If a wildcard certificate exist, WordOps will use this certificate for subdomains instead of issuing new certificates) - MySQL & Redis stack to `wo stack remove/purge` #### Changed - Date format in backup name : /backup/30Aug2019035932 -> /backup/30Aug2019-03-59-32 - Cleanup and update bash_completion - cheat.sh is installed with WordOps install script, not as a stack because it wasn't downloaded at all by WordOps (unknown reason yet) #### Fixed - cache-enabler plugin not installed and configured with `wo site update site.tld --wpce` - possible issue with domain variable in `--letsencrypt=wildcard` - python3-mysqldb not available on Debian 8 (Jessie) - Fix mysql variable skip-name-resolved - Fix typo in redis tuning directives ### v3.9.8.5 - 2019-08-30 #### Changed - updated OpCache Control Panel to v0.2.0 #### Fixed - Fix Netdata install on Raspbian 9/10 - `wo stack remove/purge` confirmation - Nginx error after removing a SSL certificate used to secure WordOps backend - `wo stack install --all` - ProFTPd fail2ban rules set twice if removed and reinstalled - `wo site update` ### v3.9.8.4 - 2019-08-28 #### Added - cht.sh stack : linux online cheatsheet. Usage : `cheat `. Example for tar : `cheat tar` - ClamAV anti-virus with weekly cronjob to update signatures database - Internal function to add daily cronjobs - Additional comment to detect previous configuration tuning (MariaDB & Redis) - Domain/Subdomain detection based on public domain suffixes list for letsencrypt - Increase Nginx & MariaDB systemd open_files limits - Cronjob to update Cloudflare IPs list - mariadb-backup to perform full and non-blocking databases backup (installation only. Backup feature will be available soon) - Nginx configuration check before performing start/reload/restart (If configuration check fail, WordOps will not reload/restart Nginx anymore) - Nginx mapping to proxy web-socket connections #### Changed - eXplorer filemanager isn't installed with WordOps dashboard anymore, and a flag `--extplorer` is available. But it's still installed when running the command `wo stack install` - Template rendering function now check for a .custom file before overwriting a configuration by default. - flag `--letsencrypt=subdomain` is not required anymore, you can use `--letsencrypt` or `-le` - Simplifiy and decrease duration of `apt-key` GPG keys import #### Fixed - typo error in `wo site update` : [PR #126](https://github.com/WordOps/WordOps/pull/126) ### v3.9.8.3 - 2019-08-21 #### Changed - Nginx package OpenSSL configuration improvements (TLS v1.3 now available on all operating systems supported by WordOps) - remove user prompt for confirmation with `wo update` - Nginx stack will not be upgraded with `wo update` anymore. This can be done at anytime with `wo upgrade --nginx` - Databases name and user are now semi-randomly generated (0-8 letters from the domain + 8 random caracters) #### Fixed - `wo upgrade` output - Database name or database user length ### v3.9.8.2 - 2019-08-20 #### Added - Additional cache expection for Easy Digital Downloads [PR #120](https://github.com/WordOps/WordOps/pull/120) - Additional settings to support mobile with WP-Rocket - Add the ability to block nginx configuration overwriting by adding a file .custom. Example with /etc/nginx/conf.d/webp.conf -> `touch /etc/nginx/conf.d/webp.conf.custom` - If there is a custom file, WordOps will write the configuration in a file named fileconf.conf.orig to let users implement possible changes - UFW minimal configuration during install. Can be disabled with the flag `-w`, `--wufw` or `--without-ufw`. Example : `wget -qO wo wops.cc && sudo bash wo -w` #### Fixed - WordOps internal database creation on servers running with custom setup ### v3.9.8.1 - 2019-08-18 #### Added - WordOps backend is automatically secured by the first Let's Encrypt SSL certificate issued #### Changed - Extra Nginx directives moved from nginx.conf to conf.d/tweaks.conf #### Fixed - MySQLTuner installation - `wo stack remove/purge --all` - variable substitution in install script - `wo stack upgrade --phpmyadmin/--dashboard` - phpmyadmin blowfish_secret key length - Cement App not exiting on close in case of error ### v3.9.8 - 2019-08-16 #### Added - Allow web browser caching for json and webmanifest files - nginx-core.mustache template used to render nginx.conf during stack setup - APT Packages configuration step with `wo stack upgrade` to apply new configurations - Cloudflare restore real_ip configuration - WP-Rocket plugin support with the flag `--wprocket` - Cache-Enabler plugin support with the flag `--wpce` - Install unattended-upgrade and enable automated security updates - Enable time synchronization with ntp - Additional cache exception for woocommerce #### Changed - Do not force Nginx upgrade if a custom Nginx package compiled with nginx-ee is detected - Gzip enabled again by default with configuration in /etc/nginx/conf.d/gzip.conf - Brotli configuration moved in /etc/nginx/conf.d/brotli.conf.disabled (disabled by default) - Moving package configuration in a new plugin stack_pref.py - Cleanup templates by removing all doublons (with/without php7) and replacing them with variables - Updated Nginx to v1.16.1 in response to HTTP/2 vulnerabilites discovered - Disable temporary adding swap feature (not working) - `wo stack upgrade --nginx` is now able to apply new configurations during `wo update`, it highly reduce upgrade duration #### Fixed - Error in HSTS header syntax ### v3.9.7.2 - 2019-08-12 #### Fixed - redis.conf permissions additional fix ### v3.9.7.1 - 2019-08-09 #### Changed - Set WordOps backend password length from 16 to 24 - Upgrade framework cement to 2.6.0 - Upgrade PyMySQL to 0.9.3 - Upgrade Psutil to 5.6.3 #### Fixed - Missing import in `wo sync` - redis.conf incorrect permissions ### v3.9.7 - 2019-08-02 #### Added - MySQL configuration tuning - Cronjob to optimize MySQL databases weekly - WO-kernel systemd service to automatically apply kernel tweaks on server startup - Proftpd stack now secured with TLS - New Nginx package built with Brotli from operating system libraries - Brotli configuration with only well compressible MIME types - WordPress site url automatically updated to `https://domain.tld` when using `-le/--letsencrypt` flag - More informations during certificate issuance about validation mode selected - `--php72` as alternative for `--php` - Automated removal of the deprecated variable `ssl on;` in previous Nginx ssl.conf - Project Contributing guidelines - Project Code of conduct #### Changed - `wo maintenance` refactored - Improved debug log - Updated Nginx configuration process to not overwrite files with custom data (htpasswd-wo, acl.conf etc..) - Adminer updated to v4.7.2 - eXtplorer updated to v2.1.13 - Removed WordOps version from the Nginx header X-Powered-By to avoid possible security issues - Several code quality improvements to speed up WordOps execution - Few adjustements on PHP-FPM configuration (max_input_time,opcache.consistency_checks) - Added /dev/urandom & /dev/shm to open_basedir in PHP-FPM configuration #### Fixed - Kernel tweaks were not applied without server reboot - Fail2ban standalone install - `wo stack purge --all` error due to PHP7.3 check - Nginx helper configuration during plugin install for Nginx fastcgi_cache and redis-cache - phpRedisAdmin stack installation - Fixed Travis CI build on pull requests - Nginx `server_names_hash_bucket_size` variable error after WordOps upgrade ### v3.9.6.2 - 2019-07-24 #### Changed - Improve `wo update` process duration - Improve package install/upgrade/remove process #### Fixed - phpMyAdmin archive download link archive - Arguments `--letsencrypt=clean/purge` - Incorrect directory removal during stack upgrade ### v3.9.6.1 - 2019-07-23 #### Fixed - Typo in `--letsencrypt=subdomain` - phpMyAdmin upgrade archive extraction - Error in the command `wo update`. Please `wo update --beta` as workaround ### v3.9.6 - 2019-07-20 #### Added - New Nginx package on Ubuntu with Cloudflare HTTP/2 HPACK and Dynamic TLS records - phpMyAdmin upgrade with `wo stack upgrade --phpmyadmin` - Wildcard SSL Certificates support with DNS validation - Let's Encrypt DNS API support (Cloudflare, DigitalOcean, etc ..) on domain, subdomain, and wildcard - Flag `--letsencrypt=clean` to purge a previous SSL configuration - Support for Debian 10 buster (testing - not ready for production) - Fail2ban with custom jails to secure WordPress & SSH - Variable `keylength` in /etc/wo/wo.conf to define letsencrypt certificate keylenght - ProFTPd stack with UFW & Fail2ban configurationz - Beta branch and command `wo update --beta` for beta releases - Extra directives in wp-config.php (limit posts revisions, set max_memory, enable auto-update for minor-releases) #### Fixed - Nginx was not reloaded after enabling HSTS - Netdata, Composer & Fail2Ban stack remove and purge - WordPress not installed by `wo site update` with basic php73 sites ### v3.9.5.4 - 2019-07-13 #### Added - New Nginx package on Ubuntu with TLS v1.3 support (OpenSSL 1.1.1c) - Netdata upgrade with `wo stack upgrade --netdata` - Netdata stack remove/purge #### Changed - phpRedisAdmin is now installed with the stack `--admin` - Remove memcached - not required anymore #### Fixed - phpRedisAdmin installation - Duplicated locations /robots.txt after upgrade to v3.9.5.3 - Let's Encrypt stack `wo site update --letsencrypt/--letsencrypt=off` - pt-query-advisor dead link - Netdata persistant configuration ### v3.9.5.3 - 2019-06-18 #### Added - Argument `--preserve` with the command `wo update` to keep current Nginx configuration #### Fixed - Nginx upgrade failure when running wo update ### v3.9.5.2 - 2019-06-17 #### Added - Non-interactive install/upgrade - Argument `--force` with the command `wo update` - Argument `-s|--silent` to perform non interactive installation #### Changed - robots.txt location block moved from locations-wo.conf to wpcommon(-php7).php #### Fixed - WP_CACHE_KEY_SALT set twice with wpredis - WordOps version check when using `wo update` - robots.txt file download if not created - PHP-FPM socket path in stub_status.conf : PR [#82](https://github.com/WordOps/WordOps/pull/82) ### v3.9.5.1 - 2019-05-10 #### Fixed - Adminer download link ### v3.9.5 - 2019-05-02 #### Added - IPv6 support with HTTPS - Brotli support in Nginx - Let's Encrypt support with --proxy - Install script handle migration from EEv3 - load-balancing on unix socket for php-fpm - stub_status vhost for metrics - `--letsencrypt=subdomain` option - opcache optimization for php-fpm - EasyEngine configuration backup before migration - EasyEngine configuration cleanup after migration - WordOps configuration backup before upgrade - Previous acme.sh certs migration - "wo maintenance" command to perform server package update & cleanup - Support for Netdata on backend : https://server.hostname:22222/netdata/ - New Stacks : composer and netdata - additional argument for letsencrypt : --hsts - Clean Theme for adminer - Credits for tools shipped with WordOps - Cache exception for Easy Digital Download - Additional cache exceptions for Woocommerce - MySQL monitoring with Netdata - WordOps-dashboard on 22222, can be installed with `wo stack install` - Extplorer filemanager in WordOps backend - Enable OSCP Stapling with Let's Encrypt - Compress database backup with pigz (faster than gzip) before updating sites - Support for Ubuntu 19.04 (disco) - few php extensions missing - Support for Raspbian 9 (stretch) - tested on Raspberry Pi 3b+ - backup letsencrypt certificate before upgrade - directives emergency_restart_threshold & emergency_restart_interval to restart php-fpm in case of failure - EasyEngine cronjob removal during install - Kernel tweaks via systctl.conf - open_basedir on php-fpm process to forbid access with php outside of /var/www & /run/nginx-cache #### Changed - letsencrypt stack refactored with acme.sh - letsencrypt validation with webroot folder - hardened nginx ssl_ecdh_curve - Update phpredisadmin - Increase MySQL root password size to 24 characters - Increase MySQL users password size to 24 characters - Nginx locations template is the same for php7.2 & 7.3 - backend SSL configuration now stored in /var/www/22222/conf/nginx/ssl.conf - Install Netdata with static pre-built binaries instead of having to compile it from source - Nginx updated to new stable release (1.16.0) - New packages (phpmyadmin, adminer, composer) are not download in /tmp anymore #### Fixed - PHP 7.3 extras when php 7.2 isn't installed - acme.sh installation - acme.sh alias with config home variable - deb.sury.org repository gpg key - Nginx upgrade from previous WordOps release - Force new Nginx templates during update - Error message about missing my.cnf file during upgrade - PHP 7.2 & PHP 7.3 pool configuration during upgrade - WordOps backup directory creation before upgrade - EasyEngine database sync during migration - fix command "wo info" - phpmyadmin install with composer - command "wo clean --memcached" - phpredisadmin setup - --hsts flag with basic html site - hsts flag on site not secure with letsencrypt - fix import of previous acme.sh certificate - fix proxy webroot folder creation ### v3.9.4 - 2019-03-15 #### Added - Nginx module nginx_vts - Migration script from nginx-ee to nginx-wo - Support for Debian 9 (testing) - New Nginx build v1.14.2 #### Changed - Update WP-CLI version to 2.1.0 - Update Adminer to 4.6.2 - Update predis to v1.1.1 - Refactored nginx.conf - Removed HHVM Stack - Removed old linux distro checks - Replace wo-acme-sh by acme.sh #### Fixed - Outdated Nginx ssl_ciphers suite - Debian 9 nginx build ### v3.9.3 - 2019-03-07 #### Changed - Updated Nginx fastcgi_cache templates - Updated Nginx redis_cache templates - Updated Nginx wp-super-cache templates - Updated Nginx configuration for WordPress 5.0 - remove --experimental args - MariaDB version bumped to 10.3 - Refactored Changelog - Updated WO manual - Updated WO bash_completion - Refactored README.md #### Added - Add WebP image support with Nginx mapping - Add PHP 7.3 support - WordPress $skip_cache variable mapping #### Fixed - Nginx variable $webp_suffix on fresh install ([#21](https://github.com/WordOps/WordOps/issues/21)) - wo update command ([#7](https://github.com/WordOps/WordOps/issues/7)) - Fix php services management ([#12](https://github.com/WordOps/WordOps/issues/12)) - Fix WP-CLI install ### v3.9.2 - 2018-11-30 #### Changed - Re-branded the fork to WordOps - Codebase cleanup - Set PHP 7.2 as the default - Included support for newer OS releases - Reworked the HTTPS configuration - Added more automated testing with Redis - Replaced Postfix with smtp-cli - Dropped mail services - Dropped w3tc support