Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a9a8b3348c8a5d251947d0acd06f1ebcbccd5ee7
WPIQ/install
VirtuBox a9a8b3348c Fix install on xenial
2019-10-09 11:43:09 +02:00

864 lines
30 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# -------------------------------------------------------------------------
# WordOps install and update script
# -------------------------------------------------------------------------
# Website: https://wordops.net
# GitHub: https://github.com/WordOps/WordOps
# Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# wget -qO wo wops.cc && sudo bash wo
# -------------------------------------------------------------------------
# Version 3.9.9.3 - 2019-10-08
# -------------------------------------------------------------------------
# CONTENTS
# ---
# 1. VARIABLES AND DECLARATIONS
# 2. PREPARE FOR INSTALLATION
# 3. INSTALLATION
# 4.
###
# 1 - Set the CLI output colors
###
TPUT_RESET=$(tput sgr0)
TPUT_FAIL=$(tput setaf 1)
TPUT_INFO=$(tput setaf 7)
TPUT_ECHO=$(tput setaf 4)
wo_lib_echo() {
echo "${TPUT_ECHO}${*}${TPUT_RESET}"
}
wo_lib_echo_info() {
echo "${TPUT_INFO}${*}${TPUT_RESET}"
}
wo_lib_echo_fail() {
echo "${TPUT_FAIL}${*}${TPUT_RESET}"
}
###
# 1 - Capture errors
###
wo_lib_error() {
echo "[ $(date) ] ${TPUT_FAIL}${*}${TPUT_RESET}"
exit "$2"
}
###
# 1 - script argument parsing
###
while [ "$#" -gt 0 ]; do
case "$1" in
-b | --branch)
wo_branch="$2"
shift
;;
--force)
wo_force_install="y"
;;
--travis)
wo_travis="y"
wo_force_install="y"
;;
-s | --silent)
wo_force_install="y"
;;
--purge | --uninstall)
wo_purge="y"
;;
*) # positional args
;;
esac
shift
done
###
# 1 - Check whether the installation is called with elevated rights
###
if [[ $EUID -ne 0 ]]; then
wo_lib_echo_fail "Sudo privilege required..."
wo_lib_echo_fail "Use: wget -qO wo wops.cc && sudo bash wo "
exit 100
fi
export DEBIAN_FRONTEND=noninteractive
unset LANG
export LANG='en_US.UTF-8'
export LC_ALL='C.UTF-8'
###
# 1- Main functions
###
# check if a command exist
command_exists() {
command -v "$@" > /dev/null 2>&1
}
# run functions and exit on failure
_run() {
if [ -n "$2" ]; then
wo_lib_echo "$2"
fi
if ! { "$1" >> "$wo_install_log" 2>&1; }; then
exit 1
fi
}
###
# 1- Update the apt sewers with fresh info
###
if [ -z "$wo_travis" ]; then
if ! {
apt-get update --allow-releaseinfo-change -qq > /dev/null 2>&1
}; then
apt-get update -qq > /dev/null 2>&1
fi
if ! command_exists curl; then
apt-get update -qq && apt-get -y install curl -qq > /dev/null 2>&1
fi
fi
if [ -f ./setup.py ]; then
readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1)
else
readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1)
fi
echo ""
wo_lib_echo "Welcome to WordOps install/update script v${wo_version_new}"
echo ""
###
# 1- Check whether lsb_release is installed, and if not, install it
###
if ! command_exists lsb_release; then
apt-get install lsb-release -qq
fi
###
# 1 - Define variables for later use
###
if [ -z "$wo_branch" ]; then
wo_branch=master
fi
readonly wo_log_dir=/var/log/wo/
readonly wo_backup_dir=/var/lib/wo-backup/
readonly wo_tmp_dir=/var/lib/wo/tmp
readonly wo_install_log=/var/log/wo/install.log
readonly wo_linux_distro=$(lsb_release -is)
readonly wo_distro_version=$(lsb_release -sc)
readonly TIME_FORMAT='%d-%b-%Y-%H%M%S'
readonly TIME=$(date +"$TIME_FORMAT")
readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz"
readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz"
readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz"
readonly wo_lxc=$(grep "container=lxc" /proc/1/environ)
readonly wo_wsl=$(grep "wsl" /proc/1/environ)
WO_ARCH="$(uname -m)"
if [ -x /usr/local/bin/ee ]; then
ee_migration=1
ufw="n"
elif [ -x /usr/local/bin/wo ]; then
wo_upgrade=1
ufw="n"
fi
if [ -z "$ufw" ]; then
ufw="y"
fi
###
# 1 - Checking linux distro
###
if [ -z "$wo_force_install" ]; then
if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ] && [ "$wo_linux_distro" != "Raspbian" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu, Debian & Raspbian at the moment."
wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support"
wo_lib_echo_fail "other Linux distributions and perhaps even Unix deratives."
exit 100
else
check_wo_linux_distro=$(lsb_release -sc | grep -E "xenial|bionic|disco|jessie|stretch|buster")
if [ -z "$check_wo_linux_distro" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 16.04/18.04/19.04 LTS, Debian 9.x/10.x and Raspbian 9.x/10x"
exit 100
fi
fi
fi
###
# 1 - To prevent errors or unexpected behaviour, create the log and ACL it
###
if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then
mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
# create wordops log files
touch /var/log/wo/{wordops.log,install.log}
chmod -R 700 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $?
fi
###
# 2 - Setup the dependencies for installation
####
wo_dist_upgrade() {
# perform server packages upgrade
apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet
}
# install apt-mirror-updater and find the fastest mirror available
wo_apt_mirror() {
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
python3-pip python3-wheel python3-apt python3-setuptools > /dev/null 2>&1
python3 -m pip install pip --upgrade
if {
python3 -m pip install apt-mirror-updater --upgrade
}; then
/usr/local/bin/apt-mirror-updater -a
apt-get update -qq
fi
}
wo_install_dep() {
if [ "$wo_linux_distro" == "Ubuntu" ]; then
# install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip python3-dev sqlite3 git tar software-properties-common pigz \
gnupg2 cron ccze rsync apt-transport-https tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
add-apt-repository ppa:wordops/nginx-wo -yn
else
# install dependencies
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
build-essential curl gzip dirmngr sudo python3-dev ca-certificates sqlite3 git tar \
software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
# add php repository gpg key
[ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; }
# add nginx repository gpg key
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_10/Release.key | apt-key add -
fi
locale-gen en
# enable unattended upgades
if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then
cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
fi
}
wo_timesync() {
# set default ntp pools
if [ -f /etc/systemd/timesyncd.conf ]; then
if ! grep -q "time.cloudflare.com" /etc/systemd/timesyncd.conf; then
sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf
# enable ntp
timedatectl set-ntp 1
fi
fi
}
###
# 3 - Create/migrate the essentials
###
wo_sync_db() {
###
# Switching from EE -> WO
###
if [ ! -f /var/lib/wo/dbase.db ]; then
# Create the WordOps folder
mkdir -p /var/lib/wo
if [ -f /var/lib/ee/ee.db ]; then
# Make a backup of the EasyEngine database
cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db
# Copy ee database
cp /var/lib/ee/ee.db /var/lib/wo/dbase.db
else
if [ -d /etc/nginx/sites-available ]; then
# Create an empty database for WordOps
echo "CREATE TABLE sites (
id INTEGER PRIMARY KEY AUTOINCREMENT,
sitename UNIQUE,
site_type CHAR,
cache_type CHAR,
site_path CHAR,
created_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_enabled INT,
is_ssl INT,
storage_fs CHAR,
storage_db CHAR,
db_name VARCHAR,
db_user VARCHAR,
db_password VARCHAR,
db_host VARCHAR,
is_hhvm INT INT DEFAULT '0',
php_version VARCHAR
);" | sqlite3 /var/lib/wo/dbase.db
# Check site is enable/live or disable
AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)"
for site in $AV_SITES; do
if [ -h "/etc/nginx/sites-enabled/$site" ]; then
wo_site_status='1'
else
wo_site_status='0'
fi
# Acquire information about the current nginx configuration
wo_site_current_type=$(grep "common/" "/etc/nginx/sites-available/$site" | awk -F "/" '{print $2}')
if echo "$wo_site_current_type" | grep -q "redis"; then
wo_site_current_cache="wpredis"
elif echo "$wo_site_current_type" | grep -q wpsc; then
wo_site_current_cache="wpsc"
elif echo "$wo_site_current_type" | grep -q wpfc; then
wo_site_current_cache="wpfc"
else
wo_site_current_cache="basic"
fi
if echo "$wo_site_current_type" | grep -q wp; then
if echo "$wo_site_current_type" | grep -q wpsubdir; then
wo_site_current="wpsubdir"
elif echo "$wo_site_current_type" | grep -q wpsudomain; then
wo_site_current="wpsubdomain"
else
wo_site_current="wp"
fi
else
if echo "$wo_site_current_type" | grep -q location; then
wo_site_current="proxy"
elif echo "$wo_site_current_type" | grep -q php; then
wo_site_current="html"
else
if [ -f "/var/www/${site}/ee-config.php" ] || [ -f "/var/www/${site}/wo-config.php" ]; then
wo_site_current="mysql"
else
wo_site_current="php"
fi
fi
fi
wo_webroot="/var/www/$site"
# Import the configuration into the WordOps SQLite database
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
done
fi
fi
# echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
# echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db
fi
}
# Once again, set the proper ACL on the WordOps configuration directory
secure_wo_db() {
# The owner is root
chown -R root:root /var/lib/wo
# Only allow access by root, block others
chmod -R 600 /var/lib/wo
}
# Update the WP-CLI version
wo_update_wp_cli() {
WP_CLI_PATH=$(command -v wp)
if [ -n "$WP_CLI_PATH" ]; then
rm -rf "$WP_CLI_PATH"
fi
# Update WP-CLI to the most recent version
wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x /usr/local/bin/wp
[ ! -h /usr/bin/wp ] && {
ln -s /usr/local/bin/wp /usr/bin/
}
[ -d /etc/bash_completion.d ] && {
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
}
}
wo_install_acme_sh() {
# check if acme.sh is already installed
if [ ! -x /etc/letsencrypt/acme.sh ]; then
# clone the git repository
if [ -d /opt/acme.sh/.git ]; then
git -C /opt/acme.sh pull origin master
else
git clone --depth=50 https://github.com/Neilpang/acme.sh.git /opt/acme.sh -q
fi
cd /opt/acme.sh || exit 1
# create conf directories
mkdir -p /etc/letsencrypt/{config,live,renewal}
# install acme.sh
./acme.sh --install \
--home /etc/letsencrypt \
--config-home /etc/letsencrypt/config \
--cert-home /etc/letsencrypt/renewal
# enable auto-upgrade
/etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade
fi
if [ -x "$HOME/.acme.sh/acme.sh" ]; then
# backup acme.sh folder
/bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh"
# rsync previous certificates to new acme.sh location
/usr/bin/rsync -rltgoDpz --exclude="account.conf" \
--exclude="acme.sh" \
--exclude="acme.sh.env" \
--exclude="deploy" \
--exclude="dnsapi" \
--exclude="http.header" \
--exclude="ca" \
"$HOME/.acme.sh/" \
/etc/letsencrypt/renewal/
# remove previous acme.sh folder
rm -rf "$HOME/.acme.sh"
mkdir "$HOME/.acme.sh"
touch "$HOME/.acme.sh/acme.sh.env"
# removing previous cronjob
crontab -l | sed '/41 0 \* \* \* "\/root\/\.acme\.sh"\/acme.sh --cron --home "\/root\/\.acme\.sh" > \/dev\/null/d' | crontab -
fi
# Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
mkdir -p /var/www/html/.well-known/acme-challenge
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
chmod 750 /var/www/html /var/www/html/.well-known
else
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
chmod 750 /var/www/html /var/www/html/.well-known
fi
}
wo_git_config() {
if [ "$wo_force_install" = "y" ]; then
[ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; }
fi
# .gitconfig inital setup
cd /var/lib/wo/tmp/WordOps-install || exit 1
python3 gitconfig.py
}
# WordOps install
wo_install() {
python3 -m pip install wordops --upgrade
cp -rf /usr/local/lib/python3.*/dist-packages/etc/* /etc/
cp -rf /usr/local/lib/python3.*/dist-packages/usr/* /usr/
}
# WordOps install
wo_travis_install() {
python3 -m pip install dist/*.whl --upgrade
cp -rf /usr/local/lib/python3.*/dist-packages/etc/* /etc/
cp -rf /usr/local/lib/python3.*/dist-packages/usr/* /usr/
}
wo_upgrade_nginx() {
if [ -d /var/lib/wo-backup/nginx ]; then
/bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx
rm -rf /var/lib/wo-backup/nginx
fi
# backup nginx conf
if [ -d /etc/nginx ]; then
/usr/bin/rsync -a --noatime /etc/nginx/ /var/lib/wo-backup/nginx/
fi
if [ -d /etc/php ]; then
/usr/bin/rsync -a --noatime /etc/php/ /var/lib/wo-backup/php/
fi
# chec if the package nginx-ee is installed
CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee)
CHECK_PHP72=$(command -v php-fpm7.2)
# add new Nginx repository
if [ "$wo_distro_version" == "jessie" ]; then
# import the respository key for updates
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key | apt-key add -
else
curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key | apt-key add -
fi
# install new nginx package
if [ -n "$CHECK_NGINX_EE" ]; then
if [ -x /usr/local/bin/wo ]; then
[ -f /etc/apt/preferences.d/nginx-block ] && { mv /etc/apt/preferences.d/nginx-block /var/lib/wo/tmp/nginx-block; }
# stop nginx
service nginx stop
# remove previous package
apt-mark unhold nginx-ee nginx-common nginx-custom
apt-get autoremove nginx-ee nginx-common nginx-custom --allow-change-held-packages --purge -qq
# remove previous php-fpm pool configuration
if [ -n "$CHECK_PHP72" ]; then
apt-get purge php7.2-fpm -y -qq
rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf}
fi
if [ -d /etc/nginx ]; then
rm -rf /etc/nginx
fi
/usr/local/bin/wo stack install --nginx --php
rm -f /etc/nginx/common/acl.conf /etc/nginx/htpasswd-wo
/usr/bin/rsync -au --noatime /var/lib/wo-backup/nginx/ /etc/nginx/
/usr/local/bin/wo stack upgrade --nginx --force
fi
fi
# restore sites and configuration
[ -f /etc/nginx/htpasswd-ee ] && { cp -f /etc/nginx/htpasswd-ee /etc/nginx/htpasswd-wo; }
sed -i "s/locations.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php7.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php71.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php72.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/locations-php73.conf/locations-wo.conf/" /etc/nginx/sites-available/*
sed -i "s/htpasswd-ee/htpasswd-wo/" /etc/nginx/common/acl.conf
sed -i 's/ssl on;/#ssl on;/' /var/www/*/conf/nginx/ssl.conf
# update redis.conf headers
if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf
fi
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
# check if nginx -t do not return errors
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
systemctl stop nginx
systemctl start nginx
else
VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size")
if [ -n "$VERIFY_NGINX_BUCKET" ]; then
sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g" /etc/nginx/nginx.conf
fi
systemctl stop nginx
systemctl start nginx
fi
[ -f /var/lib/wo/tmp/nginx-block ] && { mv /var/lib/wo/tmp/nginx-block /etc/apt/preferences.d/nginx-block; }
}
wo_update_latest() {
# Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
# create conf.d folder if not exist
[ ! -d /etc/mysql/conf.d ] && {
mkdir -p /etc/mysql/conf.d
chmod 755 /etc/mysql/conf.d
}
if [ -f "$HOME/.my.cnf" ]; then
cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf
chmod 600 /etc/mysql/conf.d/my.cnf
elif [ -f /root/.my.cnf ]; then
cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf
chmod 600 /etc/mysql/conf.d/my.cnf
fi
else
if [ ! -f /root/.my.cnf ]; then
cp /etc/mysql/conf.d/my.cnf /root/.my.cnf
chmod 600 /root/.my.cnf
fi
fi
}
wo_backup_ee() {
local BACKUP_EE=""
[ -d /etc/nginx ] && { BACKUP_EE="$BACKUP_EE /etc/nginx"; }
[ -d /etc/letsencrypt ] && { BACKUP_EE="$BACKUP_EE /etc/letsencrypt"; }
/bin/tar -I pigz -cf "$EE_BACKUP_FILE" /usr/local/bin/ee /usr/lib/ee/templates /etc/ee /var/lib/ee "$BACKUP_EE"
return 0
}
wo_backup_wo() {
if [ -d /etc/nginx ] && [ -d /etc/wo ] && [ -d /var/lib/wo ]; then
/bin/tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx /etc/wo /var/lib/wo
fi
return 0
}
wo_clean_ee() {
rm -rf /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee
return 0
}
wo_remove_ee_cron() {
crontab -l | sed '/ee site update --le=renew --all 2> \/dev\/null/d' | crontab -
}
wo_tweak_kernel() {
if [ "$WO_ARCH" = "x86_64" ] && [ -z "$wo_lxc" ] && [ -z "$wo_wsl" ]; then
rm -f /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
wget -qO /etc/sysctl.d/60-wo-tweaks.conf https://raw.githubusercontent.com/WordOps/WordOps/"$wo_branch"/wo/cli/templates/sysctl.mustache
if [ "$wo_distro_version" = "bionic" ] || [ "$wo_distro_version" = "disco" ] || [ "$wo_distro_version" = "buster" ]; then
modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-wo-tweaks.conf
else
modprobe tcp_htcp && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf
echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-wo-tweaks.conf
fi
# apply sysctl tweaks
sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf
fi
}
wo_systemd_tweak() {
if [ ! -x /opt/wo-kernel.sh ]; then
# download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup
wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache
chmod +x /opt/wo-kernel.sh
wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache
systemctl enable wo-kernel.service
systemctl start wo-kernel.service
fi
LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf)
if [ -z "$LIMIT_CHECK" ]; then
echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf
fi
}
wo_domain_suffix() {
curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat
}
wo_mariadb_tweak() {
# increase mariadb open_files_limit
if [ -d /etc/systemd/system/mariadb.service.d ] && [ ! -f /etc/systemd/system/mariadb.service.d/limits.conf ]; then
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/mariadb.service.d/limits.conf
systemctl daemon-reload
service mysql restart
fi
}
wo_nginx_tweak() {
# increase nginx open_files_limit
if [ ! -d /etc/systemd/system/nginx.service.d ]; then
mkdir -p /etc/systemd/system/nginx.service.d
if [ ! -f /etc/systemd/system/nginx.service.d/limits.conf ]; then
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/nginx.service.d/limits.conf
systemctl daemon-reload
nginx -t && service nginx restart
fi
fi
}
wo_clean() {
rm -rf /usr/local/lib/python3.*/dist-packages/wo-*
}
wo_uninstall() {
python3 -m pip uninstall wordops -y
rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates
}
wo_ufw_setup() {
if ! grep -q "ENABLED=yes" /etc/ufw/ufw.conf; then
# get custom ssh port
if [ -f /etc/ssh/sshd_config ]; then
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
fi
# define firewall rules
if ! grep -q "LOGLEVEL=low" /etc/ufw/ufw.conf; then
ufw logging low
fi
if ! grep -q 'DEFAULT_OUTPUT_POLICY="ACCEPT"' /etc/default/ufw; then
ufw default allow outgoing
fi
if ! grep -q 'DEFAULT_INPUT_POLICY="DROP"' /etc/default/ufw; then
ufw default deny incoming
fi
if ! grep -q "\-\-dport 22 -j" /etc/ufw/user.rules; then
# default ssh port
ufw limit 22
fi
# custom ssh port
if [ "$CURRENT_SSH_PORT" != "22" ]; then
if ! grep -q "\-\-dport $CURRENT_SSH_PORT -j" /etc/ufw/user.rules; then
ufw limit "$CURRENT_SSH_PORT"
fi
fi
# nginx
if ! grep -q "\-\-dport 80 -j" /etc/ufw/user.rules; then
# http
ufw allow http
fi
if ! grep -q "\-\-dport 443 -j" /etc/ufw/user.rules; then
# https
ufw allow https
fi
# ntp
if ! grep -q "\-\-dport 123 -j" /etc/ufw/user.rules; then
ufw allow 123
fi
if ! grep -q "\-\-dport 22222 -j" /etc/ufw/user.rules; then
# wordops backend
ufw limit 22222
fi
# enable ufw
if [ -n "$CURRENT_SSH_PORT" ]; then
ufw --force enable
fi
# remove ufw from syslog
if [ -f /etc/rsyslog.d/20-ufw.conf ]; then
sed -i 's/\#\& stop/\& stop/' /etc/rsyslog.d/20-ufw.conf
service rsyslog restart
fi
fi
}
wo_cheat_install() {
curl -sL https://cht.sh/:cht.sh > /usr/local/bin/cht.sh
chmod +x /usr/local/bin/cht.sh
[ ! -h /usr/local/bin/cheat ] && {
rm -f /usr/local/bin/cheat
ln -s /usr/local/bin/cht.sh /usr/local/bin/cheat
}
curl -sL https://cheat.sh/:bash_completion > /etc/bash_completion.d/cht.sh
}
###
# 4 - WO MAIN SETUP
###
# wo uninstall script
if [ "$wo_purge" = "y" ]; then
_run wo_backup_wo "Backing-up WO install"
_run wo_uninstall "Uninstalling WordOps"
wo_lib_echo "The WordOps backup files can be found in $WO_BACKUP_FILE"
exit 0
else
# 1 - WO already installed
if [ -x /usr/local/bin/wo ]; then
if [ -z "$wo_force_install" ]; then
if { wo -v 2>&1 | grep -q "$wo_version_new"; }; then
wo_lib_error "You already have WordOps $wo_version_new" 1
fi
fi
_run wo_backup_wo "Backing-up WO install"
_run wo_clean
# 2 - Migration from EEv3
elif [ -x /usr/local/bin/ee ]; then
if [ -z "$wo_force_install" ]; then
echo -e "Migrate from EasyEngine to WordOps (y/n): " && read -r WO_ANSWER
if [ "$WO_ANSWER" != "y" ] && [ "$WO_ANSWER" != "Y" ]; then
wo_lib_error "Not installing WordOps" 1
fi
fi
_run wo_backup_ee "Backing-up EE install"
_run wo_remove_ee_cron "Removing EasyEngine cronjob"
_run wo_sync_db "Syncing WO database"
fi
_run wo_apt_mirror "Finding the fastest APT mirror"
_run wo_install_dep "Installing wo dependencies"
_run wo_timesync
#if [ "$ufw" = "y" ]; then
# _run wo_ufw_setup "Configuring UFW"
#fi
# skip steps if travis
if [ -z "$wo_travis" ]; then
_run wo_dist_upgrade
wo_git_config
_run wo_install "Installing WordOps"
else
_run wo_travis_install "Installing WordOps"
fi
if [ -x /usr/local/bin/ee ]; then
_run wo_upgrade_nginx "Upgrading Nginx"
_run wo_clean_ee "Cleaning previous EasyEngine install"
fi
_run wo_install_acme_sh
_run wo_tweak_kernel "Applying Kernel tweaks"
if [ ! -f /opt/wo-kernel.sh ]; then
_run wo_systemd_tweak "Adding systemd service tweak"
fi
if [ -x /usr/sbin/nginx ]; then
_run wo_nginx_tweak
fi
if [ -d /etc/systemd/system/mariadb.service.d ]; then
_run wo_mariadb_tweak
fi
_run wo_cheat_install "Running post-install steps"
_run wo_domain_suffix
_run wo_update_wp_cli
_run wo_update_latest
_run secure_wo_db
wo sync >> $wo_install_log 2>&1
if [ "$ee_migration" = "1" ]; then
echo
wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!"
wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo-backup/ee-backup.tgz"
echo
elif [ "$wo_upgrade" = "1" ]; then
wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!"
echo
wo_lib_echo "To upgrade WordOps stacks use the command:"
wo_lib_echo_info "wo stack upgrade --all"
echo
wo_lib_echo "To update all other server packages use the command:"
wo_lib_echo_info "wo maintenance"
else
wo_lib_echo "WordOps (wo) installed successfully"
echo
wo_lib_echo "To enable bash-completion, just use the command:"
wo_lib_echo_info "bash -l"
echo
wo_lib_echo "To install WordOps recommended stacks, you can use the command:"
wo_lib_echo_info "wo stack install"
echo
wo_lib_echo "To create a first WordPress site, you can use the command:"
wo_lib_echo_info "wo site create site.tld --wp"
fi
echo
wo_lib_echo "WordOps Documentation : https://docs.wordops.net"
wo_lib_echo "WordOps Community Forum : https://community.wordops.net"
echo
wo_lib_echo "Give WordOps a GitHub star : https://github.com/WordOps/WordOps/"
echo
fi
# if [ -z "$wo_travis" ]; then
# /bin/bash --init-file "/var/lib/wo/tmp/WordOps-$wo_branch/tests/init-file"
# fi
Reference in New Issue View Git Blame Copy Permalink