#!/usr/bin/env bash # ------------------------------------------------------------------------- # WordOps install and update script # ------------------------------------------------------------------------- # Website: https://wordops.net # GitHub: https://github.com/WordOps/WordOps # Copyright (c) 2019 - WordOps # This script is licensed under M.I.T # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo bash wo # ------------------------------------------------------------------------- # Version 3.9.8.12 - 2019-09-20 # ------------------------------------------------------------------------- # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS # 2. PREPARE FOR INSTALLATION # 3. INSTALLATION # 4. ### # 1 - Set the CLI output colors ### TPUT_RESET=$(tput sgr0) TPUT_FAIL=$(tput setaf 1) TPUT_INFO=$(tput setaf 7) TPUT_ECHO=$(tput setaf 4) wo_lib_echo() { echo "${TPUT_ECHO}${*}${TPUT_RESET}" } wo_lib_echo_info() { echo "${TPUT_INFO}${*}${TPUT_RESET}" } wo_lib_echo_fail() { echo "${TPUT_FAIL}${*}${TPUT_RESET}" } ### # 1 - Capture errors ### wo_lib_error() { echo "[ $(date) ] ${TPUT_FAIL}${*}${TPUT_RESET}" exit "$2" } ### # 1 - script argument parsing ### while [ "$#" -gt 0 ]; do case "$1" in -b | --branch) wo_branch="$2" shift ;; -p | --preserve) wo_preserve_config="y" ;; --force) wo_force_install="y" ;; --travis) wo_travis="y" ;; -s | --silent) wo_force_install="y" ;; --purge | --uninstall) wo_purge="y" ;; -w | --wufw | --without-ufw) ufw="n" ;; -v | --version) wo_version="$2" shift ;; *) # positional args ;; esac shift done ### # 1 - Check whether the installation is called with elevated rights ### if [[ $EUID -ne 0 ]]; then wo_lib_echo_fail "Sudo privilege required..." wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo " exit 100 fi ### # 1- Update the apt sewers with fresh info ### export DEBIAN_FRONTEND=noninteractive unset LANG export LANG='en_US.UTF-8' export LC_ALL='C.UTF-8' # check if a command exist command_exists() { command -v "$@" > /dev/null 2>&1 } # run functions and exit on failure _run() { if [ -n "$2" ]; then wo_lib_echo "$2" fi if ! { "$1" >> "$wo_install_log" 2>&1; }; then exit 1 fi } check_path() { if [ -d "$1" ]; then return 0 else return 1 fi } if [ -z "$wo_travis" ]; then if command_exists curl; then apt-get update -qq else apt-get update -qq && apt-get -y install curl -qq > /dev/null 2>&1 fi fi if [ -f ./setup.py ]; then readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1) else readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1) fi echo "" wo_lib_echo "Welcome to WordOps install/update script v${wo_version_new}" echo "" ### # 1- Check whether lsb_release is installed, and if not, install it ### if ! command_exists lsb_release; then apt-get install lsb-release -qq fi ### # 1 - Define variables for later use ### if [ -z "$wo_branch" ]; then wo_branch=master fi readonly wo_log_dir=/var/log/wo/ readonly wo_backup_dir=/var/lib/wo-backup/ readonly wo_tmp_dir=/var/lib/wo/tmp readonly wo_install_log=/var/log/wo/install.log readonly wo_linux_distro=$(lsb_release -is) readonly wo_distro_version=$(lsb_release -sc) readonly wo_distro_id=$(lsb_release -rs) readonly TIME_FORMAT='%d-%b-%Y-%H%M%S' readonly TIME=$(date +"$TIME_FORMAT") readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz" readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" readonly wo_lxc=$(grep "container=lxc" /proc/1/environ) readonly wo_wsl=$(grep "wsl" /proc/1/environ) WO_ARCH="$(uname -m)" if [ -x /usr/local/bin/ee ]; then ee_migration=1 ufw="n" elif [ -x /usr/local/bin/wo ]; then wo_upgrade=1 ufw="n" fi if [ -z "$ufw" ]; then ufw="y" fi ### # 1 - Checking linux distro ### if [ -z "$wo_force_install" ]; then if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ] && [ "$wo_linux_distro" != "Raspbian" ]; then wo_lib_echo_fail "WordOps (wo) only supports Ubuntu, Debian & Raspbian at the moment." wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support" wo_lib_echo_fail "other Linux distributions and perhaps even Unix deratives." exit 100 else check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster") if [ -z "$check_wo_linux_distro" ]; then wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/19.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x" exit 100 fi fi fi ### # 1 - To prevent errors or unexpected behaviour, create the log and ACL it ### if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? # create wordops log files touch /var/log/wo/{wordops.log,install.log} chmod -R 700 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $? fi ### # 2 - Setup the dependencies for installation #### wo_dist_upgrade() { # perform server packages upgrade apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet } wo_install_dep() { if [ "$wo_linux_distro" == "Ubuntu" ]; then # install dependencies apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 add-apt-repository ppa:wordops/nginx-wo -yn else # install dependencies apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-requests python3-dev ca-certificates sqlite3 git tar \ software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 # add php repository gpg key [ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; } # add nginx repository gpg key curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_10/Release.key | apt-key add - fi locale-gen en # enable unattended upgades if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades fi } wo_timesync() { # set default ntp pools if [ -f /etc/systemd/timesyncd.conf ]; then if ! grep -q "time.cloudflare.com" /etc/systemd/timesyncd.conf; then sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf # enable ntp timedatectl set-ntp 1 fi fi } ### # 3 - Create/migrate the essentials ### wo_sync_db() { ### # Switching from EE -> WO ### if [ ! -f /var/lib/wo/dbase.db ]; then # Create the WordOps folder mkdir -p /var/lib/wo if [ -f /var/lib/ee/ee.db ]; then # Copy the EasyEngine database cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db ### # Clean WO installation ### cp /var/lib/ee/ee.db /var/lib/wo/dbase.db else # Create an empty database for WordOps echo "CREATE TABLE sites ( id INTEGER PRIMARY KEY AUTOINCREMENT, sitename UNIQUE, site_type CHAR, cache_type CHAR, site_path CHAR, created_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP, is_enabled INT, is_ssl INT, storage_fs CHAR, storage_db CHAR, db_name VARCHAR, db_user VARCHAR, db_password VARCHAR, db_host VARCHAR, is_hhvm INT INT DEFAULT '0', php_version VARCHAR );" | sqlite3 /var/lib/wo/dbase.db # Check site is enable/live or disable AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)" for site in $AV_SITES; do if [ -h "/etc/nginx/sites-enabled/$site" ]; then wo_site_status='1' else wo_site_status='0' fi # Acquire information about the current nginx configuration wo_site_current_type=$(grep "common/" "/etc/nginx/sites-available/$site" | awk -F "/" '{print $2}') if echo "$wo_site_current_type" | grep -q "php"; then if echo "$wo_site_current_type" | grep -q "php7"; then wo_php_version="7.0" else wo_php_version="5.6" fi else wo_php_version="" fi if echo "$wo_site_current_type" | grep -q "redis"; then wo_site_current_cache="wpredis" elif echo "$wo_site_current_type" | grep -q wpsc; then wo_site_current_cache="wpsc" elif echo "$wo_site_current_type" | grep -q wpfc; then wo_site_current_cache="wpfc" else wo_site_current_cache="basic" fi if echo "$wo_site_current_type" | grep -q wp; then if echo "$wo_site_current_type" | grep -q wpsubdir; then wo_site_current="wpsubdir" elif echo "$wo_site_current_type" | grep -q wpsudomain; then wo_site_current="wpsubdomain" else wo_site_current="wp" fi else if echo "$wo_site_current_type" | grep -q location; then wo_site_current="proxy" elif echo "$wo_site_current_type" | grep -q php; then wo_site_current="html" else if [ -f "/var/www/${site}/ee-config.php" ] || [ -f "/var/www/${site}/wo-config.php" ]; then wo_site_current="mysql" else wo_site_current="php" fi fi fi wo_webroot="/var/www/$site" # Import the configuration into the WordOps SQLite database echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db done fi # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db # echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db fi } # Once again, set the proper ACL on the WordOps configuration directory secure_wo_db() { # The owner is root chown -R root:root /var/lib/wo # Only allow access by root, block others chmod -R 600 /var/lib/wo } # Update the WP-CLI version wo_update_wp_cli() { WP_CLI_PATH=$(command -v wp) if [ -n "$WP_CLI_PATH" ]; then rm -rf "$WP_CLI_PATH" fi # Update WP-CLI to the most recent version wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x /usr/local/bin/wp [ ! -h /usr/bin/wp ] && { ln -s /usr/local/bin/wp /usr/bin/ } [ -d /etc/bash_completion.d ] && { wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash } } wo_install_acme_sh() { # check if acme.sh is already installed if [ ! -x /etc/letsencrypt/acme.sh ]; then # clone the git repository if [ -d /opt/acme.sh/.git ]; then git -C /opt/acme.sh pull origin master else git clone --depth=50 https://github.com/Neilpang/acme.sh.git /opt/acme.sh -q fi cd /opt/acme.sh || exit 1 # create conf directories mkdir -p /etc/letsencrypt/{config,live,renewal} # install acme.sh ./acme.sh --install \ --home /etc/letsencrypt \ --config-home /etc/letsencrypt/config \ --cert-home /etc/letsencrypt/renewal # enable auto-upgrade /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade fi if [ -x "$HOME/.acme.sh/acme.sh" ]; then # backup acme.sh folder /bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh" # rsync previous certificates to new acme.sh location /usr/bin/rsync -rltgoDpz --exclude="account.conf" \ --exclude="acme.sh" \ --exclude="acme.sh.env" \ --exclude="deploy" \ --exclude="dnsapi" \ --exclude="http.header" \ --exclude="ca" \ "$HOME/.acme.sh/" \ /etc/letsencrypt/renewal/ # remove previous acme.sh folder rm -rf "$HOME/.acme.sh" mkdir "$HOME/.acme.sh" touch "$HOME/.acme.sh/acme.sh.env" # removing previous cronjob crontab -l | sed '/41 0 \* \* \* "\/root\/\.acme\.sh"\/acme.sh --cron --home "\/root\/\.acme\.sh" > \/dev\/null/d' | crontab - fi # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge chown -R www-data:www-data /var/www/html /var/www/html/.well-known chmod 750 /var/www/html /var/www/html/.well-known else chmod 750 /var/www/html /var/www/html/.well-known fi } # Download WordOps wo_download() { rm -f /etc/bash_completion.d/wo_auto.rc rm -rf /var/lib/wo/tmp/WordOps-* if [ -z "$wo_version" ]; then curl -sL https://github.com/WordOps/WordOps/archive/${wo_branch}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp mv "/var/lib/wo/tmp/WordOps-$wo_branch" /var/lib/wo/tmp/WordOps-install else curl -sL https://github.com/WordOps/WordOps/archive/v${wo_version}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp mv "/var/lib/wo/tmp/WordOps-$wo_version" /var/lib/wo/tmp/WordOps-install fi } wo_git_config() { if [ "$wo_force_install" = "y" ]; then [ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; } fi # .gitconfig inital setup cd /var/lib/wo/tmp/WordOps-install || exit 1 python3 gitconfig.py } # WordOps install wo_install() { cd /var/lib/wo/tmp/WordOps-install || exit 1 python3 setup.py install } # Clone Github repository if it doesn't exist wo_install_travis() { if [ -f "$HOME/.gitconfig" ]; then # install and redirect log to not print python package install python3 setup.py install fi } wo_upgrade_nginx() { if [ -d /var/lib/wo-backup/nginx ]; then /bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx rm -rf /var/lib/wo-backup/nginx fi # backup nginx conf if [ -d /etc/nginx ]; then /usr/bin/rsync -a --noatime /etc/nginx/ /var/lib/wo-backup/nginx/ fi if [ -d /etc/php ]; then /usr/bin/rsync -a --noatime /etc/php/ /var/lib/wo-backup/php/ fi # chec if the package nginx-ee is installed CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) CHECK_PHP72=$(command -v php-fpm7.2) # add new Nginx repository if [ "$wo_distro_version" == "jessie" ]; then # import the respository key for updates curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key | apt-key add - else curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key | apt-key add - fi # install new nginx package if [ -n "$CHECK_NGINX_EE" ]; then if [ -x /usr/local/bin/wo ]; then [ -f /etc/apt/preferences.d/nginx-block ] && { mv /etc/apt/preferences.d/nginx-block /var/lib/wo/tmp/nginx-block; } # stop nginx service nginx stop # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom apt-get autoremove nginx-ee nginx-common nginx-custom --allow-change-held-packages --purge -qq # remove previous php-fpm pool configuration if [ -n "$CHECK_PHP72" ]; then apt-get purge php7.2-fpm -y -qq rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} fi if [ -d /etc/nginx ]; then rm -rf /etc/nginx fi /usr/local/bin/wo stack install --nginx --php rm -f /etc/nginx/common/acl.conf /etc/nginx/htpasswd-wo /usr/bin/rsync -au --noatime /var/lib/wo-backup/nginx/ /etc/nginx/ /usr/local/bin/wo stack upgrade --nginx --force fi fi # restore sites and configuration [ -f /etc/nginx/htpasswd-ee ] && { cp -f /etc/nginx/htpasswd-ee /etc/nginx/htpasswd-wo; } sed -i "s/locations.conf/locations-wo.conf/" /etc/nginx/sites-available/* sed -i "s/locations-php7.conf/locations-wo.conf/" /etc/nginx/sites-available/* sed -i "s/locations-php71.conf/locations-wo.conf/" /etc/nginx/sites-available/* sed -i "s/locations-php72.conf/locations-wo.conf/" /etc/nginx/sites-available/* sed -i "s/locations-php73.conf/locations-wo.conf/" /etc/nginx/sites-available/* sed -i "s/htpasswd-ee/htpasswd-wo/" /etc/nginx/common/acl.conf sed -i 's/ssl on;/#ssl on;/' /var/www/*/conf/nginx/ssl.conf # update redis.conf headers if [ -f /etc/nginx/common/redis.conf ]; then sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf fi VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) # check if nginx -t do not return errors if [ -z "$VERIFY_NGINX_CONFIG" ]; then systemctl stop nginx systemctl start nginx else VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") if [ -n "$VERIFY_NGINX_BUCKET" ]; then sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g" /etc/nginx/nginx.conf fi systemctl stop nginx systemctl start nginx fi [ -f /var/lib/wo/tmp/nginx-block ] && { mv /var/lib/wo/tmp/nginx-block /etc/apt/preferences.d/nginx-block; } } wo_update_latest() { # Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf if [ ! -f /etc/mysql/conf.d/my.cnf ]; then # create conf.d folder if not exist [ ! -d /etc/mysql/conf.d ] && { mkdir -p /etc/mysql/conf.d chmod 755 /etc/mysql/conf.d } if [ -f "$HOME/.my.cnf" ]; then cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf chmod 600 /etc/mysql/conf.d/my.cnf elif [ -f /root/.my.cnf ]; then cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf chmod 600 /etc/mysql/conf.d/my.cnf fi else if [ ! -f /root/.my.cnf ]; then cp /etc/mysql/conf.d/my.cnf /root/.my.cnf chmod 600 /root/.my.cnf fi fi # Fix Redis-server security issue # http://redis.io/topics/security if [ -f /etc/redis/redis.conf ]; then CHECK_REDIS_BIND=$(grep -0 -v "#" /etc/redis/redis.conf | grep 'bind' >> /dev/null 2>&1) if [ -z "$CHECK_REDIS_BIND" ]; then echo 'bind 127.0.0.1 ::1' >> /etc/redis/redis.conf service redis-server restart fi fi } # Do git intialisation wo_git_init() { # Nginx under git version control [ -d /etc/nginx ] && { cd /etc/nginx || exit 1 [ ! -d /etc/nginx/.git ] && { git init } git add -A . git commit -am "Updated Nginx" } # WordOps under git version control [ -d /etc/wo ] && { cd /etc/wo || exit 1 [ ! -d /etc/wo/.git ] && { git init } git add -A . git commit -am "Installed/Updated to WordOps" } # PHP under git version control [ -d /etc/php ] && { cd /etc/php || exit 1 [ ! -d /etc/php/.git ] && { git init } git add -A . git commit -am "Updated PHP" } } wo_backup_ee() { if [ -d /etc/nginx ]; then local EE_NGINX="/etc/nginx" else local EE_NGINX="" fi if [ -d /etc/letsencrypt ]; then local EE_LE="/etc/letsencrypt" else local EE_LE="" fi /bin/tar -I pigz -cf "$EE_BACKUP_FILE" "$EE_NGINX" /usr/local/bin/ee /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee "$EE_LE" } wo_backup_wo() { /bin/tar -I pigz -cf "$WO_BACKUP_FILE" "$WO_NGINX" /etc/wo /var/lib/wo "$WO_LE" return 0 } wo_clean_ee() { rm -f /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee return 0 } wo_remove_ee_cron() { crontab -l | sed '/ee site update --le=renew --all 2> \/dev\/null/d' | crontab - } wo_tweak_kernel() { if [ "$WO_ARCH" = "x86_64" ] && [ -z "$wo_lxc" ] && [ -z "$wo_wsl" ]; then rm -f /etc/sysctl.d/60-ubuntu-nginx-web-server.conf wget -qO /etc/sysctl.d/60-wo-tweaks.conf https://raw.githubusercontent.com/WordOps/WordOps/"$wo_branch"/wo/cli/templates/sysctl.mustache if [ "$wo_distro_version" = "bionic" ] || [ "$wo_distro_version" = "disco" ] || [ "$wo_distro_version" = "buster" ]; then modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-wo-tweaks.conf else modprobe tcp_htcp && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-wo-tweaks.conf fi # apply sysctl tweaks sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf fi } wo_systemd_tweak() { if [ ! -x /opt/wo-kernel.sh ]; then # download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache chmod +x /opt/wo-kernel.sh wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache systemctl enable wo-kernel.service systemctl start wo-kernel.service fi LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf) if [ -z "$LIMIT_CHECK" ]; then echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf fi } wo_domain_suffix() { curl -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat } wo_mariadb_tweak() { # increase mariadb open_files_limit if [ -d /etc/systemd/system/mariadb.service.d ] && [ ! -f /etc/systemd/system/mariadb.service.d/limits.conf ]; then echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/mariadb.service.d/limits.conf systemctl daemon-reload service mysql restart fi } wo_nginx_tweak() { # increase nginx open_files_limit if [ ! -d /etc/systemd/system/nginx.service.d ]; then mkdir -p /etc/systemd/system/nginx.service.d if [ ! -f /etc/systemd/system/nginx.service.d/limits.conf ]; then echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/nginx.service.d/limits.conf systemctl daemon-reload nginx -t && service nginx restart fi fi } wo_clean() { rm -rf /usr/local/lib/python3.*/dist-packages/wo-* } wo_uninstall() { rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates } wo_ufw_setup() { if ! grep -q "ENABLED=yes" /etc/ufw/ufw.conf; then # get custom ssh port if [ -f /etc/ssh/sshd_config ]; then CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}') fi # define firewall rules if ! grep -q "LOGLEVEL=low" /etc/ufw/ufw.conf; then ufw logging low fi if ! grep -q 'DEFAULT_OUTPUT_POLICY="ACCEPT"' /etc/default/ufw; then ufw default allow outgoing fi if ! grep -q 'DEFAULT_INPUT_POLICY="DROP"' /etc/default/ufw; then ufw default deny incoming fi if ! grep -q "\-\-dport 22 -j" /etc/ufw/user.rules; then # default ssh port ufw limit 22 fi # custom ssh port if [ "$CURRENT_SSH_PORT" != "22" ]; then if ! grep -q "\-\-dport $CURRENT_SSH_PORT -j" /etc/ufw/user.rules; then ufw limit "$CURRENT_SSH_PORT" fi fi # nginx if ! grep -q "\-\-dport 80 -j" /etc/ufw/user.rules; then # http ufw allow http fi if ! grep -q "\-\-dport 443 -j" /etc/ufw/user.rules; then # https ufw allow https fi # ntp if ! grep -q "\-\-dport 123 -j" /etc/ufw/user.rules; then ufw allow 123 fi if ! grep -q "\-\-dport 22222 -j" /etc/ufw/user.rules; then # wordops backend ufw limit 22222 fi # enable ufw if [ -n "$CURRENT_SSH_PORT" ]; then ufw --force enable fi # remove ufw from syslog if [ -f /etc/rsyslog.d/20-ufw.conf ]; then sed -i 's/\#\& stop/\& stop/' /etc/rsyslog.d/20-ufw.conf service rsyslog restart fi fi } wo_cheat_install() { curl -sL https://cht.sh/:cht.sh > /usr/local/bin/cht.sh chmod +x /usr/local/bin/cht.sh [ ! -h /usr/local/bin/cheat ] && { rm -f /usr/local/bin/cheat ln -s /usr/local/bin/cht.sh /usr/local/bin/cheat } curl -sL https://cheat.sh/:bash_completion > /etc/bash_completion.d/cht.sh } ### # 4 - WO MAIN SETUP ### # wo uninstall script if [ "$wo_purge" = "y" ]; then _run wo_backup_wo "Backing-up WO install" _run wo_uninstall "Uninstalling WordOps" wo_lib_echo "The WordOps backup files can be found in $WO_BACKUP_FILE" exit 0 else # 1 - WO already installed if [ -x /usr/local/bin/wo ]; then if [ -z "$wo_force_install" ]; then if { wo -v 2>&1 | grep -q "$wo_version_new"; }; then wo_lib_error "You already have WordOps $wo_version_new" 1 fi fi _run wo_backup_wo "Backing-up WO install" _run wo_clean # 2 - Migration from EEv3 elif [ -x /usr/local/bin/ee ]; then if [ -z "$wo_force_install" ]; then echo -e "Migrate from EasyEngine to WordOps (y/n): " && read -r WO_ANSWER if [ "$WO_ANSWER" != "y" ] && [ "$WO_ANSWER" != "Y" ]; then wo_lib_error "Not installing WordOps" 1 fi fi _run wo_backup_ee "Backing-up EE install" _run wo_remove_ee_cron "Removing EasyEngine cronjob" _run wo_sync_db "Syncing WO database" fi _run wo_install_dep "Installing wo dependencies" _run wo_timesync if [ "$ufw" = "y" ]; then _run wo_ufw_setup "Configuring UFW" fi # skip steps if travis if [ -z "$wo_travis" ]; then _run wo_dist_upgrade _run wo_download "Downloading WordOps" wo_git_config _run wo_install "Installing WordOps" else _run wo_install_travis "Installing WordOps" fi if [ -x /usr/local/bin/ee ]; then _run wo_upgrade_nginx "Upgrading Nginx" _run wo_clean_ee "Cleaning previous EasyEngine install" fi _run wo_install_acme_sh _run wo_tweak_kernel "Applying Kernel tweaks" if [ ! -f /opt/wo-kernel.sh ]; then _run wo_systemd_tweak "Adding systemd service tweak" fi if [ -x /usr/sbin/nginx ]; then _run wo_nginx_tweak fi if [ -d /etc/systemd/system/mariadb.service.d ]; then _run wo_mariadb_tweak fi _run wo_cheat_install "Running post-install steps" _run wo_domain_suffix _run wo_update_wp_cli _run wo_update_latest _run secure_wo_db wo sync >> $wo_install_log 2>&1 if [ "$ee_migration" = "1" ]; then echo wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!" wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz" echo elif [ "$wo_upgrade" = "1" ]; then wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!" echo wo_lib_echo "To upgrade WordOps stacks use the command:" wo_lib_echo_info "wo stack upgrade --all" echo wo_lib_echo "To update all other server packages use the command:" wo_lib_echo_info "wo maintenance" else wo_lib_echo "WordOps (wo) installed successfully" echo wo_lib_echo "To enable bash-completion, just use the command:" wo_lib_echo_info "bash" echo wo_lib_echo "To install WordOps recommended stacks, you can use the command:" wo_lib_echo_info "wo stack install" echo wo_lib_echo "To create a first WordPress site, you can use the command:" wo_lib_echo_info "wo site create site.tld --wp" fi echo wo_lib_echo "WordOps Documentation : https://docs.wordops.net" wo_lib_echo "WordOps Community Forum : https://community.wordops.net" echo wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/" echo fi # if [ -z "$wo_travis" ]; then # /bin/bash --init-file "/var/lib/wo/tmp/WordOps-$wo_branch/tests/init-file" # fi