mirror of https://github.com/WordOps/WordOps
ngxblocker implementation
This commit is contained in:
parent
6bdafd7286
commit
6c3d645d9e
2
install
2
install
|
@ -232,7 +232,7 @@ wo_install_dep() {
|
|||
if [ "$wo_linux_distro" == "Ubuntu" ]; then
|
||||
# install dependencies
|
||||
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
|
||||
build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \
|
||||
build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz \
|
||||
gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
|
||||
add-apt-repository ppa:wordops/nginx-wo -yn
|
||||
else
|
||||
|
|
8
setup.py
8
setup.py
|
@ -7,10 +7,10 @@
|
|||
conf = []
|
||||
templates = []
|
||||
|
||||
long_description = '''WordOps An essential toolset that eases WordPress
|
||||
long_description = '''WordOps is an essential toolset that eases WordPress
|
||||
site and server administration. It provide the ability
|
||||
to install a high performance WordPress stack
|
||||
with a few keystrokes'''
|
||||
with a few keystrokes.'''
|
||||
|
||||
for name in glob.glob('config/plugins.d/*.conf'):
|
||||
conf.insert(1, name)
|
||||
|
@ -21,8 +21,8 @@
|
|||
if not os.path.exists('/var/log/wo/'):
|
||||
os.makedirs('/var/log/wo/')
|
||||
|
||||
if not os.path.exists('/var/lib/wo/'):
|
||||
os.makedirs('/var/lib/wo/')
|
||||
if not os.path.exists('/var/lib/wo/tmp/'):
|
||||
os.makedirs('/var/lib/wo/tmp/')
|
||||
|
||||
setup(name='wo',
|
||||
version='3.9.9.1',
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
name: test-wordops
|
||||
version: git
|
||||
summary: WordOps
|
||||
description: |
|
||||
WordOps is an essential toolset that eases WordPress
|
||||
site and server administration. It provide the ability
|
||||
to install a high performance WordPress stack
|
||||
with a few keystrokes.
|
||||
confinement: devmode
|
||||
base: core18
|
||||
|
||||
parts:
|
||||
test-wordops:
|
||||
plugin: python
|
||||
python-version: python3
|
||||
source: .
|
||||
stage-packages:
|
||||
- cement
|
||||
- python-apt
|
||||
|
||||
apps:
|
||||
test-wordops:
|
||||
command: wo
|
|
@ -106,14 +106,14 @@ def main():
|
|||
# Catch our application errors and exit 1 (error)
|
||||
code = 1
|
||||
print(e)
|
||||
except FrameworkError as e:
|
||||
# Catch framework errors and exit 1 (error)
|
||||
code = 1
|
||||
print(e)
|
||||
except CaughtSignal as e:
|
||||
# Default Cement signals are SIGINT and SIGTERM, exit 0 (non-error)
|
||||
code = 0
|
||||
print(e)
|
||||
except FrameworkError as e:
|
||||
# Catch framework errors and exit 1 (error)
|
||||
code = 1
|
||||
print(e)
|
||||
except Exception as e:
|
||||
code = 1
|
||||
print(e)
|
||||
|
|
|
@ -137,8 +137,8 @@ def info(self):
|
|||
pargs.site_name = pargs.site_name.strip()
|
||||
(wo_domain,
|
||||
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
|
||||
(wo_domain_type,
|
||||
wo_root_domain) = WODomain.getdomainlevel(self, wo_domain)
|
||||
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(
|
||||
self, wo_domain)
|
||||
wo_db_name = ''
|
||||
wo_db_user = ''
|
||||
wo_db_pass = ''
|
||||
|
@ -731,9 +731,8 @@ def default(self):
|
|||
|
||||
if pargs.letsencrypt:
|
||||
acme_domains = []
|
||||
(wo_domain_type,
|
||||
wo_root_domain) = WODomain.getdomainlevel(self,
|
||||
wo_domain)
|
||||
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(
|
||||
self, wo_domain)
|
||||
data['letsencrypt'] = True
|
||||
letsencrypt = True
|
||||
if data['letsencrypt'] is True:
|
||||
|
@ -1036,7 +1035,6 @@ def doupdatesite(self, pargs):
|
|||
except SiteError as e:
|
||||
Log.debug(self, str(e))
|
||||
Log.info(self, "\nHSTS not enabled.")
|
||||
return 0
|
||||
elif pargs.hsts == "off":
|
||||
if os.path.isfile(
|
||||
'/var/www/{0}/conf/nginx/hsts.conf'
|
||||
|
@ -1047,9 +1045,12 @@ def doupdatesite(self, pargs):
|
|||
'/var/www/{0}/conf/'
|
||||
'nginx/hsts.conf.disabled'
|
||||
.format(wo_domain))
|
||||
return 0
|
||||
else:
|
||||
Log.error(self, "HSTS isn't enabled")
|
||||
# Service Nginx Reload
|
||||
if not WOService.reload_service(self, 'nginx'):
|
||||
Log.error(self, "service nginx reload failed. "
|
||||
"check issues with `nginx -t` command")
|
||||
|
||||
if (pargs.ngxblocker and not (pargs.html or
|
||||
pargs.php or pargs.php73 or
|
||||
|
@ -1059,23 +1060,11 @@ def doupdatesite(self, pargs):
|
|||
pargs.wpsubdir or pargs.wpsubdomain or
|
||||
pargs.hsts)):
|
||||
if pargs.ngxblocker == "on":
|
||||
if not os.path.isfile(
|
||||
'/var/www/{0}/conf/nginx/ngxblocker.conf.disabled'
|
||||
.format(wo_domain)):
|
||||
try:
|
||||
setupngxblocker(self, wo_domain)
|
||||
except SiteError as e:
|
||||
Log.debug(self, str(e))
|
||||
Log.info(self, "\nngxblocker not enabled.")
|
||||
return 0
|
||||
else:
|
||||
WOFileUtils.mvfile(self, '/var/www/{0}/conf/'
|
||||
'nginx/ngxblocker.conf.disabled'
|
||||
.format(wo_domain),
|
||||
'/var/www/{0}/conf/'
|
||||
'nginx/ngxblocker.conf'
|
||||
.format(wo_domain))
|
||||
return 0
|
||||
try:
|
||||
setupngxblocker(self, wo_domain)
|
||||
except SiteError as e:
|
||||
Log.debug(self, str(e))
|
||||
Log.info(self, "\nngxblocker not enabled.")
|
||||
elif pargs.ngxblocker == "off":
|
||||
if os.path.isfile(
|
||||
'/var/www/{0}/conf/nginx/ngxblocker.conf'
|
||||
|
@ -1086,10 +1075,14 @@ def doupdatesite(self, pargs):
|
|||
'/var/www/{0}/conf/'
|
||||
'nginx/ngxblocker.conf.disabled'
|
||||
.format(wo_domain))
|
||||
return 0
|
||||
else:
|
||||
Log.error(self, "ngxblocker isn't enabled")
|
||||
|
||||
# Service Nginx Reload
|
||||
if not WOService.reload_service(self, 'nginx'):
|
||||
Log.error(self, "service nginx reload failed. "
|
||||
"check issues with `nginx -t` command")
|
||||
|
||||
if ((stype == 'php' and
|
||||
oldsitetype not in ['html', 'proxy', 'php73']) or
|
||||
(stype == 'mysql' and oldsitetype not in ['html', 'php',
|
||||
|
@ -1243,8 +1236,8 @@ def doupdatesite(self, pargs):
|
|||
acme_domains = []
|
||||
acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf',
|
||||
dnsalias=False, acme_alias='')
|
||||
(wo_domain_type,
|
||||
wo_root_domain) = WODomain.getdomainlevel(self, wo_domain)
|
||||
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(
|
||||
self, wo_domain)
|
||||
|
||||
if pargs.letsencrypt == 'on':
|
||||
data['letsencrypt'] = True
|
||||
|
@ -1660,16 +1653,7 @@ def doupdatesite(self, pargs):
|
|||
"site")
|
||||
if pargs.ngxblocker:
|
||||
if ngxblocker is True:
|
||||
if not os.path.isfile("{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||
.format(wo_site_webroot)):
|
||||
setupngxblocker(self, wo_domain)
|
||||
else:
|
||||
WOFileUtils.mvfile(
|
||||
self,
|
||||
"{0}/conf/nginx/ngxblocker.conf.disabled"
|
||||
.format(wo_site_webroot),
|
||||
"{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(wo_site_webroot))
|
||||
setupngxblocker(self, wo_domain)
|
||||
elif ngxblocker is False:
|
||||
if os.path.isfile("{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(wo_site_webroot)):
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
import os
|
||||
import random
|
||||
import re
|
||||
import shutil
|
||||
import string
|
||||
import subprocess
|
||||
from subprocess import CalledProcessError
|
||||
|
@ -409,7 +410,6 @@ def setupwordpress(self, data, vhostonly=False):
|
|||
# os.path.abspath(os.path.join(os.getcwd(), os.pardir)))
|
||||
|
||||
try:
|
||||
import shutil
|
||||
|
||||
Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd(
|
||||
)+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(),
|
||||
|
@ -1606,12 +1606,20 @@ def setuprocketchat(self):
|
|||
return True
|
||||
|
||||
|
||||
def setupngxblocker(self, domain):
|
||||
def setupngxblocker(self, domain, block=True):
|
||||
if os.path.isdir('/var/www/{0}/conf/nginx'.format(domain)):
|
||||
ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(domain),
|
||||
encoding='utf-8', mode='w')
|
||||
ngxconf.write("# Bad Bot Blocker\n"
|
||||
"include /etc/nginx/bots.d/ddos.conf;\n"
|
||||
"include /etc/nginx/bots.d/blockbots.conf;\n")
|
||||
ngxconf.close()
|
||||
if not os.path.isfile('/var/www/{0}/conf/nginx/ngxblocker.disabled'
|
||||
.format(domain)):
|
||||
ngxconf = open("/var/www/{0}/conf/nginx/ngxblocker.conf"
|
||||
.format(domain),
|
||||
encoding='utf-8', mode='w')
|
||||
ngxconf.write("# Bad Bot Blocker\n"
|
||||
"include /etc/nginx/bots.d/ddos.conf;\n"
|
||||
"include /etc/nginx/bots.d/blockbots.conf;\n")
|
||||
ngxconf.close()
|
||||
else:
|
||||
WOFileUtils.mvfile(
|
||||
self, '/var/www/{0}/conf/nginx/ngxblocker.disabled'
|
||||
.format(domain), '/var/www/{0}/conf/nginx/ngxblocker'
|
||||
.format(domain))
|
||||
return 0
|
|
@ -5,19 +5,21 @@ CURL_BIN=$(command -v curl)
|
|||
CF_IPV4=$($CURL_BIN -sL https://www.cloudflare.com/ips-v4)
|
||||
CF_IPV6=$($CURL_BIN -sL https://www.cloudflare.com/ips-v6)
|
||||
|
||||
echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf
|
||||
echo "####################################"
|
||||
echo "Adding Cloudflare IPv4"
|
||||
echo "####################################"
|
||||
for cf_ip4 in $CF_IPV4; do
|
||||
echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf
|
||||
done
|
||||
echo "####################################"
|
||||
echo "Adding Cloudflare IPv6"
|
||||
echo "####################################"
|
||||
for cf_ip6 in $CF_IPV6; do
|
||||
echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf
|
||||
done
|
||||
echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf
|
||||
if [ -d /etc/nginx/conf.d ]; then
|
||||
echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf
|
||||
echo "####################################"
|
||||
echo "Adding Cloudflare IPv4"
|
||||
echo "####################################"
|
||||
for cf_ip4 in $CF_IPV4; do
|
||||
echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf
|
||||
done
|
||||
echo "####################################"
|
||||
echo "Adding Cloudflare IPv6"
|
||||
echo "####################################"
|
||||
for cf_ip6 in $CF_IPV6; do
|
||||
echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf
|
||||
done
|
||||
echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf
|
||||
|
||||
nginx -t && service nginx reload
|
||||
nginx -t && service nginx reload
|
||||
fi
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
"""WordOps domain validation module."""
|
||||
import os
|
||||
from urllib.parse import urlparse
|
||||
|
||||
|
||||
class WODomain():
|
||||
|
|
|
@ -11,7 +11,7 @@ class WOVariables():
|
|||
"""Intialization of core variables"""
|
||||
|
||||
# WordOps version
|
||||
wo_version = "3.9.9.1"
|
||||
wo_version = "3.9.9.2"
|
||||
# WordOps packages versions
|
||||
wo_wp_cli = "2.3.0"
|
||||
wo_adminer = "4.7.3"
|
||||
|
@ -66,9 +66,9 @@ class WOVariables():
|
|||
except Exception:
|
||||
wo_user = input("Enter your name: ")
|
||||
wo_email = input("Enter your email: ")
|
||||
os.system("/usr/bin/git config --global user.name {0}".format(wo_user))
|
||||
os.system("git config --global user.name {0}".format(wo_user))
|
||||
os.system(
|
||||
"/usr/bin/git config --global user.email {0}".format(wo_email))
|
||||
"git config --global user.email {0}".format(wo_email))
|
||||
|
||||
# MySQL hostname
|
||||
wo_mysql_host = ""
|
||||
|
|
Loading…
Reference in New Issue