Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b01f395070db8261d6d937429b99a0160a8a6b1
WPIQ/install
VirtuBox 3b01f39507 Use the first letsencrypt certificate to secure 22222 
* during the first certificate issuance, WO will check if the certificate used for 22222 is from letsencrypt. If not it will replace it with the first certificate issued
2019-08-17 13:03:31 +02:00

859 lines
32 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# -------------------------------------------------------------------------
# WordOps install and update script
# -------------------------------------------------------------------------
# Website: https://wordops.net
# GitHub: https://github.com/WordOps/WordOps
# Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# Version 3.9.8 - 2019-08-17
# -------------------------------------------------------------------------
readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.8"
# CONTENTS
# ---
# 1. VARIABLES AND DECLARATIONS
# 2. PREPARE FOR INSTALLATION
# 3. INSTALLATION
# 4.
###
# 1 - Set the CLI output colors
###
TPUT_RESET=$(tput sgr0)
TPUT_FAIL=$(tput setaf 1)
TPUT_INFO=$(tput setaf 7)
TPUT_ECHO=$(tput setaf 4)
wo_lib_echo() {
echo "${TPUT_ECHO}${*}${TPUT_RESET}"
}
wo_lib_echo_info() {
echo "${TPUT_INFO}${*}${TPUT_RESET}"
}
wo_lib_echo_fail() {
echo "${TPUT_FAIL}${*}${TPUT_RESET}"
}
###
# 1 - Capture errors
###
wo_lib_error() {
echo "[ $(date) ] ${TPUT_FAIL}${*}${TPUT_RESET}"
exit "$2"
}
###
# 1 - script argument parsing
###
while [ "$#" -gt 0 ]; do
case "$1" in
-b | --branch)
wo_branch="$2"
shift
;;
-p | --preserve)
wo_preserve_config="y"
;;
--force)
wo_force_install="y"
;;
--travis)
wo_travis="y"
;;
-s | --silent)
wo_force_install="y"
;;
--purge | --uninstall)
wo_purge="y"
;;
*) # positional args
;;
esac
shift
done
###
# 1 - Check whether the installation is called with elevated rights
###
if [[ $EUID -ne 0 ]]; then
wo_lib_echo_fail "Sudo privilege required..."
wo_lib_echo_fail "Use: curl -sL wops.cc | sudo bash"
exit 100
fi
echo ""
wo_lib_echo "Welcome to WordOps install script v${wo_version_new}"
echo ""
###
# 1- Update the apt sewers with fresh info
###
[ -z "$wo_travis" ] && {
wo_lib_echo "Updating apt-get repository info"
apt-get update -qq
}
###
# 1- Check whether lsb_release is installed, and if not, install it
###
if [ -z "$(command -v lsb_release)" ]; then
wo_lib_echo "Installing lsb-release, please wait..."
apt-get -y install lsb-release -qq
fi
###
# 1 - Define variables for later use
###
if [ -z "$wo_branch" ]; then
wo_branch=master
fi
readonly wo_log_dir=/var/log/wo/
readonly wo_backup_dir=/var/lib/wo-backup/
readonly wo_tmp_dir=/var/lib/wo/tmp
readonly wo_install_log=/var/log/wo/install.log
readonly wo_linux_distro=$(lsb_release -is)
readonly wo_distro_version=$(lsb_release -sc)
readonly wo_distro_id=$(lsb_release -rs)
readonly TIME_FORMAT='%d-%b-%Y-%H%M%S'
readonly TIME=$(date +"$TIME_FORMAT")
readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz"
readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz"
readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz"
readonly wo_env=$(grep "container=lxc" /proc/1/environ)
WO_ARCH="$(uname -m)"
if [ -x /usr/local/bin/ee ]; then
ee_migration=1
elif [ -x /usr/local/bin/wo ]; then
wo_upgrade=1
fi
###
# 1 - Checking linux distro
###
if [ -z "$wo_force_install" ]; then
if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ] && [ "$wo_linux_distro" != "Raspbian" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu, Debian & Raspbian at the moment."
wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support"
wo_lib_echo_fail "other Linux distributions and perhaps even Unix deratives."
exit 100
else
check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster")
if [ -z "$check_wo_linux_distro" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/19.04 LTS, Debian 9.x/10.x and Raspbian 9.x"
exit 100
fi
fi
fi
###
# 1 - To prevent errors or unexpected behaviour, create the log and ACL it
###
if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then
wo_lib_echo "Creating WordOps backup, tmp & log directory, just a second..."
mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
# create wordops log files
touch /var/log/wo/{wordops.log,install.log}
chmod -R 700 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $?
fi
###
# 2 - Setup the dependencies for installation
####
wo_install_dep() {
{
export DEBIAN_FRONTEND=noninteractive
[ -z "$wo_travis" ] && {
# update server packages
apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet
}
if [ "$wo_linux_distro" == "Ubuntu" ]; then
# install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
add-apt-repository ppa:wordops/nginx-wo -yu
else
# install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-requests python3-dev ca-certificates sqlite3 git tar \
software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
# add php repository gpg key
[ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; }
# add nginx repository gpg key
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_10/Release.key | apt-key add -
fi
locale-gen en
# enable unattended upgades
cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
# set default ntp pools
sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf
# enable ntp
timedatectl set-ntp 1
} >> "$wo_install_log" 2>&1
}
###
# 3 - Create/migrate the essentials
###
wo_sync_db() {
###
# Switching from EE -> WO
###
if [ ! -f /var/lib/wo/dbase.db ]; then
# Create the WordOps folder
mkdir -p /var/lib/wo
if [ -f /var/lib/ee/ee.db ]; then
# Copy the EasyEngine database
cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db
###
# Clean WO installation
###
cp /var/lib/ee/ee.db /var/lib/wo/dbase.db
else
# Create an empty database for WordOps
echo "CREATE TABLE sites (
id INTEGER PRIMARY KEY AUTOINCREMENT,
sitename UNIQUE,
site_type CHAR,
cache_type CHAR,
site_path CHAR,
created_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_enabled INT,
is_ssl INT,
storage_fs CHAR,
storage_db CHAR,
db_name VARCHAR,
db_user VARCHAR,
db_password VARCHAR,
db_host VARCHAR,
is_hhvm INT INT DEFAULT '0',
php_version VARCHAR
);" | sqlite3 /var/lib/wo/dbase.db
# Check site is enable/live or disable
AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)"
for site in $AV_SITES; do
if [ -h "/etc/nginx/sites-enabled/$site" ]; then
wo_site_status='1'
else
wo_site_status='0'
fi
# Acquire information about the current nginx configuration
wo_site_current_type=$(grep "common/" "/etc/nginx/sites-available/$site" | awk -F "/" '{print $2}')
if echo "$wo_site_current_type" | grep -q "php"; then
if echo "$wo_site_current_type" | grep -q "php7"; then
wo_php_version="7.0"
else
wo_php_version="5.6"
fi
else
wo_php_version=""
fi
if echo "$wo_site_current_type" | grep -q "redis"; then
wo_site_current_cache="wpredis"
elif echo "$wo_site_current_type" | grep -q wpsc; then
wo_site_current_cache="wpsc"
elif echo "$wo_site_current_type" | grep -q wpfc; then
wo_site_current_cache="wpfc"
else
wo_site_current_cache="basic"
fi
if echo "$wo_site_current_type" | grep -q wp; then
if echo "$wo_site_current_type" | grep -q wpsubdir; then
wo_site_current="wpsubdir"
elif echo "$wo_site_current_type" | grep -q wpsudomain; then
wo_site_current="wpsubdomain"
else
wo_site_current="wp"
fi
else
if echo "$wo_site_current_type" | grep -q location; then
wo_site_current="proxy"
elif echo "$wo_site_current_type" | grep -q php; then
wo_site_current="html"
else
if [ -f "/var/www/${site}/ee-config.php" ] || [ -f "/var/www/${site}/wo-config.php" ]; then
wo_site_current="mysql"
else
wo_site_current="php"
fi
fi
fi
done
wo_webroot="/var/www/$site"
# Import the configuration into the WordOps SQLite database
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
fi
# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
# echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db
fi
}
# Once again, set the proper ACL on the WordOps configuration directory
secure_wo_db() {
# The owner is root
chown -R root:root /var/lib/wo
# Only allow access by root, block others
chmod -R 600 /var/lib/wo
}
# Update the WP-CLI version
wo_update_wp_cli() {
{
WP_CLI_PATH=$(command -v wp)
if [ -n "$WP_CLI_PATH" ]; then
rm -rf "$WP_CLI_PATH"
fi
# Update WP-CLI to the most recent version
wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x /usr/local/bin/wp
[ ! -h /usr/bin/wp ] && {
ln -s /usr/local/bin/wp /usr/bin/
}
[ -d /etc/bash_completion.d ] && {
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
}
} >> "$wo_install_log" 2>&1
}
wo_install_acme_sh() {
# check if acme.sh is already installed
if [ ! -x /etc/letsencrypt/acme.sh ]; then
{
# clone the git repository
if [ -d /opt/acme.sh/.git ]; then
git -C /opt/acme.sh pull origin master
else
git clone https://github.com/Neilpang/acme.sh.git /opt/acme.sh -q
fi
cd /opt/acme.sh || exit 1
# create conf directories
mkdir -p /etc/letsencrypt/{config,live,renewal}
# install acme.sh
./acme.sh --install \
--home /etc/letsencrypt \
--config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal
# enable auto-upgrade
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade
} >> "$wo_install_log" 2>&1
fi
if [ -x "$HOME/.acme.sh/acme.sh" ]; then
{
# backup acme.sh folder
/bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh"
# rsync previous certificates to new acme.sh location
/usr/bin/rsync -rltgoDpz --exclude="account.conf" \
--exclude="acme.sh" \
--exclude="acme.sh.env" \
--exclude="deploy" \
--exclude="dnsapi" \
--exclude="http.header" \
--exclude="ca" \
"$HOME/.acme.sh/" \
/etc/letsencrypt/renewal/
# remove previous acme.sh folder
rm -rf "$HOME/.acme.sh"
# create acme.sh.env file inlcuded in .bashrc to avoid error when logging in
mkdir -p "$HOME/.acme.sh"
echo '' > "$HOME/.acme.sh/acme.sh.env"
# removing previous cronjob
crontab -l | sed '/41 0 \* \* \* "\/root\/\.acme\.sh"\/acme.sh --cron --home "\/root\/\.acme\.sh" > \/dev\/null/d' | crontab -
} >> "$wo_install_log" 2>&1
fi
# Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
mkdir -p /var/www/html/.well-known/acme-challenge
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
chmod 750 /var/www/html /var/www/html/.well-known
else
chmod 750 /var/www/html /var/www/html/.well-known
fi
}
# Clone Github repository if it doesn't exist
wo_install() {
{
rm -f /etc/bash_completion.d/wo_auto.rc
rm -rf /var/lib/wo/tmp/WordOps-*
curl -sL https://github.com/WordOps/WordOps/archive/${wo_branch}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp
cd /var/lib/wo/tmp/WordOps-${wo_branch} || exit 1
} \
>> "$wo_install_log" 2>&1
if [ "$wo_force_install" = "y" ]; then
[ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; }
fi
if [ -f "$HOME/.gitconfig" ]; then
# install and redirect log to not print python package install
python3 setup.py install >> $wo_install_log 2>&1
else
# install without redirecting logs to prompt user for name & email
python3 setup.py install
fi
}
# Clone Github repository if it doesn't exist
wo_install_travis() {
if [ -f "$HOME/.gitconfig" ]; then
# install and redirect log to not print python package install
python3 setup.py install >> $wo_install_log 2>&1
fi
}
wo_upgrade_nginx() {
{
if [ -d /var/lib/wo-backup/nginx ]; then
/bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx
rm -rf /var/lib/wo-backup/nginx
fi
# backup nginx conf
if [ -d /etc/nginx ]; then
/usr/bin/rsync -a --noatime /etc/nginx/ /var/lib/wo-backup/nginx/
fi
if [ -d /etc/php ]; then
/usr/bin/rsync -a --noatime /etc/php/ /var/lib/wo-backup/php/
fi
# chec if the package nginx-ee is installed
CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee)
CHECK_PHP72=$(command -v php-fpm7.2)
# add new Nginx repository
if [ "$wo_distro_version" == "jessie" ]; then
# import the respository key for updates
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key | apt-key add -
else
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key | apt-key add -
fi
# install new nginx package
if [ -n "$CHECK_NGINX_EE" ]; then
if [ -x /usr/local/bin/wo ]; then
# stop nginx
service nginx stop
# remove previous package
apt-mark unhold nginx-ee nginx-common nginx-custom
apt-get --assume-yes purge nginx-ee nginx-common nginx-custom --allow-change-held-packages
# remove previous php-fpm pool configuration
if [ -n "$CHECK_PHP72" ]; then
apt-get purge php7.2-fpm -y -qq
rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf}
fi
if [ -d /etc/nginx ]; then
rm -rf /etc/nginx
fi
/usr/local/bin/wo stack install --nginx --php
rm -f /etc/nginx/common/acl.conf /etc/nginx/htpasswd-wo
/usr/bin/rsync -au --noatime /var/lib/wo-backup/nginx/ /etc/nginx/
fi
else
/usr/local/bin/wo stack upgrade --nginx --force
fi
# restore sites and configuration
[ -f /etc/nginx/htpasswd-ee ] && { mv /etc/nginx/htpasswd-ee /etc/nginx/htpasswd-wo; }
sed -i "s/locations.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php7.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php72.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php73.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i 's/ssl on;/#ssl on;/' /var/www/*/conf/nginx/ssl.conf
# update redis.conf headers
if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf
fi
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
# check if nginx -t do not return errors
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
systemctl stop nginx
systemctl start nginx
else
VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size")
if [ -n "$VERIFY_NGINX_BUCKET" ]; then
sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g" /etc/nginx/nginx.conf
fi
systemctl stop nginx
systemctl start nginx
fi
} \
>> "$wo_install_log" 2>&1
}
wo_update_latest() {
if [ -f /etc/nginx/fastcgi_params ]; then
CHECK_HTTP_PROXY=$(grep 'HTTP_PROXY' /etc/nginx/fastcgi_params)
if [ -z "$CHECK_HTTP_PROXY" ]; then
echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi_params
echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi.conf
service nginx restart | tee -ai $wo_install_log
fi
fi
if [ -f /etc/ImageMagick/policy.xml ]; then
if [ ! -f /etc/ImageMagick/patch.txt ]; then
echo -e "\t<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n\t<policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n\t<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n\t<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n\t<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />" >> /etc/ImageMagick/patch.txt
sed -i '/<policymap>/r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
fi
fi
# Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
# create conf.d folder if not exist
[ ! -d /etc/mysql/conf.d ] && {
mkdir -p /etc/mysql/conf.d
chmod 755 /etc/mysql/conf.d
}
if [ -f "$HOME/.my.cnf" ]; then
cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf
chmod 600 /etc/mysql/conf.d/my.cnf
elif [ -f /root/.my.cnf ]; then
cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf
chmod 600 /etc/mysql/conf.d/my.cnf
fi
else
if [ ! -f /root/.my.cnf ]; then
cp /etc/mysql/conf.d/my.cnf /root/.my.cnf
chmod 600 /root/.my.cnf
fi
fi
# Fix Redis-server security issue
# http://redis.io/topics/security
if [ -f /etc/redis/redis.conf ]; then
CHECK_REDIS_BIND=$(grep -0 -v "#" /etc/redis/redis.conf | grep 'bind' >> /dev/null 2>&1)
if [ -z "$CHECK_REDIS_BIND" ]; then
echo 'bind 127.0.0.1 ::1' >> /etc/redis/redis.conf
service redis-server restart > /dev/null 2>&1
fi
fi
}
# Do git intialisation
wo_git_init() {
# Nginx under git version control
[ -d /etc/nginx ] && {
cd /etc/nginx || exit 1
[ ! -d /etc/nginx/.git ] && {
git init
}
git add -A .
git commit -am "Updated Nginx"
} >> /var/log/wo/install.log 2>&1
# WordOps under git version control
[ -d /etc/wo ] && {
cd /etc/wo || exit 1
[ ! -d /etc/wo/.git ] && {
git init
}
git add -A .
git commit -am "Installed/Updated to WordOps"
} >> /var/log/wo/install.log 2>&1
# PHP under git version control
[ -d /etc/php ] && {
cd /etc/php || exit 1
[ ! -d /etc/php/.git ] && {
git init
}
git add -A .
git commit -am "Updated PHP"
} >> /var/log/wo/install.log 2>&1
}
wo_backup_ee() {
/bin/tar -I pigz -cf "$EE_BACKUP_FILE" /etc/nginx /usr/local/bin/ee /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee /etc/letsencrypt >> /var/log/wo/install.log 2>&1
}
wo_backup_wo() {
/bin/tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx /usr/local/lib/python3.*/dist-packages/wo-*.egg /etc/wo /var/lib/wo /etc/letsencrypt >> /var/log/wo/install.log 2>&1
}
wo_clean_ee() {
rm -f /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee >> /var/log/wo/install.log 2>&1
}
wo_remove_ee_cron() {
crontab -l | sed '/ee site update --le=renew --all 2> \/dev\/null/d' | crontab -
}
wo_tweak_kernel() {
if [ "$WO_ARCH" = "x86_64" ] && [ -z "$wo_env" ]; then
rm -f /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
wget -qO /etc/sysctl.d/60-wo-tweaks.conf https://raw.githubusercontent.com/WordOps/WordOps/"$wo_branch"/wo/cli/templates/sysctl.mustache
if [ "$wo_distro_version" = "bionic" ] || [ "$wo_distro_version" = "disco" ] || [ "$wo_distro_version" = "buster" ]; then
modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-wo-tweaks.conf
else
modprobe tcp_htcp && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf
echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-wo-tweaks.conf
fi
# apply sysctl tweaks
sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf
fi
if [ ! -x /opt/wo-kernel.sh ]; then
{
# download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup
wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache
chmod +x /opt/wo-kernel.sh
wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache
systemctl enable wo-kernel.service
systemctl start wo-kernel.service
} >> /var/log/wo/install.log 2>&1
fi
LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf)
if [ -z "$LIMIT_CHECK" ]; then
echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf
fi
}
wo_clean() {
rm -rf /usr/local/lib/python3.*/dist-packages/wo-*
}
wo_uninstall() {
rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates >> /var/log/wo/install.log 2>&1
}
wo_ufw_setup() {
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
if [ ! -d /etc/ufw ]; then
apt-get install ufw -y
fi
# define firewall rules
ufw logging low
ufw default allow outgoing
ufw default deny incoming
# default ssh port
ufw allow 22
# custom ssh port
if [ "$CURRENT_SSH_PORT" != "22" ]; then
ufw allow "$CURRENT_SSH_PORT"
fi
# dns
ufw allow 53
# nginx
ufw allow http
ufw allow https
# ntp
ufw allow 123
# wordops backend
ufw allow 22222
# enable ufw
echo "y" | ufw enable
} >> $wo_install_log
###
# 4 - WO MAIN SETUP
###
if [ "$wo_purge" = "y" ]; then
wo_lib_echo "Backing-up WO install" | tee -ai $wo_install_log
wo_backup_wo | tee -ai $wo_install_log
wo_lib_echo "Uninstalling WordOps" | tee -ai $wo_install_log
wo_uninstall | tee -ai $wo_install_log
wo_lib_echo "The WordOps backup files can be found in $WO_BACKUP_FILE"
else
# 1 - WO already installed
if [ -x /usr/local/bin/wo ]; then
if ! {
wo -v 2>&1 | grep $wo_version_new
} || [ "$wo_force_install" = "y" ]; then
if [ -z "$wo_force_install" ]; then
echo -e "Update WordOps to $wo_version_new (y/n): " && read -r WO_ANSWER
else
WO_ANSWER="y"
fi
if [ "$WO_ANSWER" = "y" ] || [ "$WO_ANSWER" = "Y" ]; then
wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log
wo_install_dep | tee -ai $wo_install_log
wo_lib_echo "Backing-up WO install" | tee -ai $wo_install_log
wo_backup_wo | tee -ai $wo_install_log
secure_wo_db | tee -ai $wo_install_log
wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log
wo_clean | tee -ai $wo_install_log
if [ -f "$HOME/.gitconfig" ]; then
wo_install >> $wo_install_log 2>&1
else
wo_install | tee -ai $wo_install_log
fi
if [ -z "$wo_preserve_config" ]; then
if [ -n "$(command -v nginx)" ]; then
if [ ! -f /etc/apt/preferences.d/nginx-block ]; then
wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
wo_upgrade_nginx | tee -ai $wo_install_log
fi
fi
fi
wo_update_latest | tee -ai $wo_install_log
if [ ! -d /opt/acme/.sh ]; then
wo_lib_echo "Updating acme.sh" | tee -ai $wo_install_log
wo_install_acme_sh | tee -ai $wo_install_log
fi
wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log
wo_tweak_kernel | tee -ai $wo_install_log
wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log
wo_update_wp_cli | tee -ai $wo_install_log
else
wo_lib_error "Not updating WordOps to $wo_version_new, exit status = " 1
fi
else
wo_lib_error "You already have WordOps $wo_version_new, exit status = " 1
fi
else
# 2 - Migration from EEv3
if [ -x /usr/local/bin/ee ]; then
if [ -z "$wo_force_install" ]; then
echo -e "Migrate from EasyEngine to WordOps (y/n): " && read -r WO_ANSWER
else
WO_ANSWER="y"
fi
if [ "$WO_ANSWER" = "y" ] || [ "$WO_ANSWER" = "Y" ]; then
wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log
wo_install_dep | tee -ai $wo_install_log
wo_lib_echo "Backing-up EE install" | tee -ai $wo_install_log
wo_backup_ee | tee -ai $wo_install_log
wo_lib_echo "Removing EasyEngine cronjob" | tee -ai $wo_install_log
wo_remove_ee_cron | tee -ai $wo_install_log
wo_lib_echo "Syncing WO database" | tee -ai $wo_install_log
wo_sync_db | tee -ai $wo_install_log
secure_wo_db | tee -ai $wo_install_log
wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log
if [ -f "$HOME/.gitconfig" ]; then
wo_install >> $wo_install_log 2>&1
else
wo_install | tee -ai $wo_install_log
fi
if [ -n "$(command -v nginx)" ]; then
wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log
wo_upgrade_nginx | tee -ai $wo_install_log
fi
wo_update_latest | tee -ai $wo_install_log
wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log
wo_install_acme_sh | tee -ai $wo_install_log
wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log
wo_tweak_kernel | tee -ai $wo_install_log
wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log
wo_git_init | tee -ai $wo_install_log
wo_update_wp_cli | tee -ai $wo_install_log
wo_lib_echo "Cleaning-up EE previous install" | tee -ai $wo_install_log
wo_clean_ee | tee -ai $wo_install_log
else
wo_lib_error "Not installing WordOps, exit status = " 1
fi
else
# 3 - Fresh WO setup
wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log
wo_install_dep | tee -ai $wo_install_log
wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log
if [ "$wo_travis" = "y" ]; then
wo_install_travis | tee -ai $wo_install_log
else
wo_install | tee -ai $wo_install_log
fi
wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log
wo_tweak_kernel | tee -ai $wo_install_log
wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log
wo_install_acme_sh | tee -ai $wo_install_log
wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log
secure_wo_db | tee -ai $wo_install_log
wo_git_init | tee -ai $wo_install_log
wo_update_wp_cli | tee -ai $wo_install_log
fi
fi
wo sync | tee -ai $wo_install_log
if [ "$ee_migration" = "1" ]; then
echo
wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!"
wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz"
echo
elif [ "$wo_upgrade" = "1" ]; then
wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!"
else
wo_lib_echo "WordOps (wo) installed successfully"
fi
echo
wo_lib_echo_info "For autocompletion, run the following command:"
wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc"
echo
wo_lib_echo "WordOps Documentation : https://docs.wordops.net"
wo_lib_echo "WordOps Community Forum : https://community.wordops.net"
echo
wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/"
echo
fi
Reference in New Issue View Git Blame Copy Permalink