mirror of https://github.com/WordOps/WordOps
Several improvements
* Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed * WordOps now check if a repository already exist before trying to adding it again. * install script refactored
This commit is contained in:
parent
b3cf601879
commit
7765b2ce84
|
@ -11,6 +11,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|||
#### Added
|
||||
|
||||
- WordOps install is now installed with pip from PyPi (easier, cleaner and safer) inside a wheel
|
||||
- Redis 5.0.6 package backported to Debian 8/9/10
|
||||
- Custom motd to display a message if a new WordOps release is available
|
||||
- Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed
|
||||
|
||||
#### Changed
|
||||
|
||||
|
@ -18,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|||
- Nginx systemd tweaks during Nginx install/upgrade and removed from install script
|
||||
- Initial creation of .gitconfig is displayed the first time you run the command `wo`
|
||||
- Added `/var/lib/php/sessions/` to open_basedir to allow php sessions storage
|
||||
- WordOps now check if a repository already exist before trying to adding it again.
|
||||
|
||||
#### Fixed
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ _wo_complete()
|
|||
;;
|
||||
"upgrade" )
|
||||
COMPREPLY=( $(compgen \
|
||||
-W "--web --admin --utils --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --no-prompt --mysqtuner --wpcli --force" \
|
||||
-W "--web --admin --utils --nginx --php --php73 --mysql --all --netdata --composer --phpmyadmin --dashboard --mysqtuner --wpcli --force" \
|
||||
-- $cur) )
|
||||
;;
|
||||
"start" | "stop" | "reload" | "restart" | "status")
|
||||
|
|
34
docs/wo.8
34
docs/wo.8
|
@ -1,27 +1,27 @@
|
|||
.TH wo 8 "WordOps (wo) version: 3.9.6.3" "Jul 26,2019" "WordOps"
|
||||
.TH wo 8 "WordOps (wo) version: 3.10.0" "Oct 24,2019" "WordOps"
|
||||
.SH NAME
|
||||
.B WordOps (wo)
|
||||
\- Manage Nginx Based Websites.
|
||||
.SH SYNOPSIS
|
||||
wo [ --version | --help | info | stack | site | debug | update | clean | import_slow_log | log | secure | sync | maintenance ]
|
||||
.TP
|
||||
wo stack [ install | remove | purge | migrate | upgrade] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils | --dashboard | --netdata | --fail2ban | --proftpd ]
|
||||
wo stack [ install | remove | purge | migrate | upgrade ] [ --web | --all | --nginx | --php | --php73 | --mysql | --admin | --adminer | --redis | --phpmyadmin | --phpredisadmin | --wpcli | --utils | --dashboard | --netdata | --fail2ban | --proftpd ]
|
||||
.TP
|
||||
wo stack [ status | start | stop | reload | restart ] [--all | --nginx | --php | --php73 |--mysql | --web | --redis | --netdata | --fail2ban | --proftpd]
|
||||
.TP
|
||||
wo site [ list | info | show | enable | disable | edit | cd | show ] [ example.com ]
|
||||
.TP
|
||||
wo site create example.com [ --html | --php | --php73 | --mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --letsencrypt/-le/--letsencrypt=wildcard][--dns/--dns=dns_cf/dns_do]]
|
||||
wo site create example.com [ --html | --php | --php73 | --mysql][[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis | --wpce | --wprocket ] [ -le/--letsencrypt=wildcard ][ --dns/--dns=dns_cf/dns_dgon]]
|
||||
.TP
|
||||
wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ] [--password] [-le/--letsencrypt/--letsencrypt=on/off/wildcard/clean/purge] [--dns/--dns=dns_cf/dns_do]]
|
||||
wo site update example.com [ --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis | --wpce | --wprocket ] [--password] [-le/--letsencrypt=on/off/wildcard/clean/purge ] [ --dns/--dns=dns_cf/dns_dgon ]
|
||||
.TP
|
||||
wo site delete example.com [--db | --files | --all | --no-prompt | --force/-f ]
|
||||
wo site delete example.com [--db | --files | --all | --no-prompt | --force ]
|
||||
.TP
|
||||
wo debug [ -i | --all=on/off |--nginx=on/off | --rewrite=on/off | --php=on/off | --fpm=on/off | --mysql=on/off ]
|
||||
.TP
|
||||
wo debug example.com [ -i | --all=on/off | --nginx=on/off | --rewrite=on/off | --wp=on/off ]
|
||||
.TP
|
||||
wo secure [ --auth | --port | --ip ]
|
||||
wo secure [ --auth | --port | --ip | --ssh | --sshport ]
|
||||
.SH DESCRIPTION
|
||||
WordOps aka wo is the opensource project developed with the purpose to automate web-server configuration.
|
||||
.br
|
||||
|
@ -48,7 +48,7 @@ Display WordOps (wo) help.
|
|||
.TP
|
||||
.B install [ --all | --web | --nginx | --php | --php73 |--mysql | --redis | --adminer | --phpmyadmin | --phpredismyadmin | --wpcli | --utils | --netdata | --dashboard | --fail2ban | --proftpd ]
|
||||
.br
|
||||
Install Nginx PHP5 MySQL Postfix stack Packages if not used with
|
||||
Install Nginx PHP7.2 MariaDB SendMail Netdata Fail2Ban stack Packages if not used with
|
||||
.br
|
||||
any options.Installs specific package if used with option.
|
||||
.TP
|
||||
|
@ -129,13 +129,13 @@ Disable site by Destroying softlink with site file in
|
|||
.br
|
||||
Edit NGINX configuration of site.
|
||||
.TP
|
||||
.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ]]
|
||||
.B create [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [--wpsc | --wpfc | --wpredis ]
|
||||
.br
|
||||
Create new site according to given options. If no options provided
|
||||
.br
|
||||
create static site with html only.
|
||||
.TP
|
||||
.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password]]
|
||||
.B update [ example.com ] [ --html | --php | --php73 |--mysql] [[--wp | --wpsubdir | --wpsubdomain ] [ --wpsc | --wpfc | --wpredis ] [--password ]
|
||||
.br
|
||||
Update site configuration according to specified options.
|
||||
.TP
|
||||
|
@ -270,17 +270,23 @@ used with wo secure command. Update whitelist IP address
|
|||
.TP
|
||||
.B --wpsc
|
||||
.br
|
||||
Install and activate Nginx-helper and WP Super Cache plugin.
|
||||
Install and activate WP Super Cache plugin and serve pages from cache directly with Nginx.
|
||||
.TP
|
||||
.B --wpfc
|
||||
.br
|
||||
Install and activate Nginx-helper plugin with
|
||||
.br
|
||||
Nginx FastCGI cache.
|
||||
Install and activate Nginx-helper plugin with Nginx FastCGI cache.
|
||||
.TP
|
||||
.B --wpredis
|
||||
.br
|
||||
Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Page Caching.
|
||||
Install, activate, configure Nginx-helper and Redis Object Cache Plugin, Configure NGINX for Redis Full-Page Caching.
|
||||
.TP
|
||||
.B --wpce
|
||||
.br
|
||||
Install and activate Cache-enabler plugin and serve pages from cache directly with Nginx.
|
||||
.TP
|
||||
.B --wprocket
|
||||
.br
|
||||
Configure Nginx for WP-Rocket plugin to serve pages from cache directly with Nginx.
|
||||
.SH FILES
|
||||
.br
|
||||
/etc/wo/wo.conf
|
||||
|
|
59
install
59
install
|
@ -9,7 +9,7 @@
|
|||
# -------------------------------------------------------------------------
|
||||
# wget -qO wo wops.cc && sudo bash wo
|
||||
# -------------------------------------------------------------------------
|
||||
# Version 3.9.9.4 - 2019-10-18
|
||||
# Version 3.10.0 - 2019-10-25
|
||||
# -------------------------------------------------------------------------
|
||||
|
||||
# CONTENTS
|
||||
|
@ -122,6 +122,10 @@ _run() {
|
|||
|
||||
}
|
||||
|
||||
_curl() {
|
||||
curl -m 10 --retry 3 -sL "$@"
|
||||
}
|
||||
|
||||
###
|
||||
# 1 - Define variables for later use
|
||||
###
|
||||
|
@ -180,12 +184,13 @@ wo_check_distro() {
|
|||
wo_dir_init() {
|
||||
if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then
|
||||
|
||||
mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
|
||||
mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir"
|
||||
|
||||
# create wordops log files
|
||||
touch /var/log/wo/{wordops.log,install.log}
|
||||
|
||||
chmod -R 700 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir" || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $?
|
||||
chmod -R 750 "$wo_log_dir" "$wo_backup_dir" "$wo_tmp_dir"
|
||||
chown -R root:adm "$wo_log_dir"
|
||||
fi
|
||||
|
||||
}
|
||||
|
@ -203,7 +208,6 @@ wo_install_dep() {
|
|||
build-essential curl gzip python3-pip python3-wheel python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz \
|
||||
gnupg2 cron ccze rsync apt-transport-https tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1
|
||||
curl -sL https://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_18.04/Release.key | apt-key add -
|
||||
add-apt-repository ppa:wordops/nginx-wo -yn
|
||||
else
|
||||
# install dependencies
|
||||
apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \
|
||||
|
@ -221,7 +225,8 @@ wo_install_dep() {
|
|||
cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
|
||||
fi
|
||||
# upgrade pip
|
||||
python3 -m pip install --upgrade pip setuptools wheel
|
||||
python3 -m pip install --upgrade pip
|
||||
python3 -m pip install --upgrade setuptools wheel
|
||||
|
||||
}
|
||||
|
||||
|
@ -411,12 +416,10 @@ wo_install_acme_sh() {
|
|||
# Let's Encrypt .well-known folder setup
|
||||
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
|
||||
mkdir -p /var/www/html/.well-known/acme-challenge
|
||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||
chmod 750 /var/www/html /var/www/html/.well-known
|
||||
else
|
||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||
chmod 750 /var/www/html /var/www/html/.well-known
|
||||
fi
|
||||
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
|
||||
chmod 750 /var/www/html /var/www/html/.well-known
|
||||
|
||||
}
|
||||
|
||||
# WordOps install
|
||||
|
@ -537,24 +540,20 @@ wo_upgrade_nginx() {
|
|||
wo_update_latest() {
|
||||
|
||||
# Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
|
||||
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
|
||||
# create conf.d folder if not exist
|
||||
[ ! -d /etc/mysql/conf.d ] && {
|
||||
mkdir -p /etc/mysql/conf.d
|
||||
chmod 755 /etc/mysql/conf.d
|
||||
}
|
||||
if [ -f "$HOME/.my.cnf" ]; then
|
||||
cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf
|
||||
chmod 600 /etc/mysql/conf.d/my.cnf
|
||||
|
||||
elif [ -f /root/.my.cnf ]; then
|
||||
cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf
|
||||
chmod 600 /etc/mysql/conf.d/my.cnf
|
||||
fi
|
||||
else
|
||||
if [ ! -f /root/.my.cnf ]; then
|
||||
cp /etc/mysql/conf.d/my.cnf /root/.my.cnf
|
||||
chmod 600 /root/.my.cnf
|
||||
if [ -d /etc/mysql ]; then
|
||||
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
|
||||
# create conf.d folder if not exist
|
||||
[ ! -d /etc/mysql/conf.d ] && {
|
||||
mkdir -p /etc/mysql/conf.d
|
||||
chmod 755 /etc/mysql/conf.d
|
||||
}
|
||||
if [ -f /root/.my.cnf ]; then
|
||||
cp -f /root/.my.cnf /etc/mysql/conf.d/my.cnf
|
||||
chmod 600 /etc/mysql/conf.d/my.cnf
|
||||
elif [ -f "$HOME/.my.cnf"]; then
|
||||
cp -f "$HOME/.my.cnf" /etc/mysql/conf.d/my.cnf
|
||||
chmod 600 /etc/mysql/conf.d/my.cnf
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -586,7 +585,7 @@ wo_remove_ee_cron() {
|
|||
}
|
||||
|
||||
wo_domain_suffix() {
|
||||
curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat
|
||||
_curl https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat
|
||||
}
|
||||
|
||||
wo_mariadb_tweak() {
|
||||
|
@ -658,7 +657,7 @@ wo_init() {
|
|||
if [ -f ./setup.py ]; then
|
||||
readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print$2}' 2>&1)
|
||||
else
|
||||
readonly wo_version_new=$(curl -sL https://wops.cc/setup.py 2>&1 | grep "version='" | awk -F "'" '{print$2}' 2>&1)
|
||||
readonly wo_version_new=$(curl -m 10 --retry 3 -sI https://github.com/WordOps/WordOps/releases/latest | grep tag | awk -F "/" '{print $8}' 2>&1)
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
|
|
@ -1151,7 +1151,7 @@ def doupdatesite(self, pargs):
|
|||
stype = oldsitetype
|
||||
cache = oldcachetype
|
||||
if oldsitetype == 'html' or oldsitetype == 'proxy':
|
||||
data['static'] = True
|
||||
data['static'] = False
|
||||
data['wp'] = False
|
||||
data['multisite'] = False
|
||||
data['wpsubdir'] = False
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import configparser
|
||||
import os
|
||||
|
||||
from cement.core import handler, hook
|
||||
from cement.core.controller import CementBaseController, expose
|
||||
|
||||
from wo.core.apt_repo import WORepo
|
||||
|
|
|
@ -102,41 +102,68 @@ def pre_pref(self, apt_packages):
|
|||
|
||||
# add nginx repository
|
||||
if set(WOVar.wo_nginx).issubset(set(apt_packages)):
|
||||
Log.info(self, "Adding repository for NGINX, please wait...")
|
||||
if (WOVar.wo_distro == 'ubuntu'):
|
||||
WORepo.add(self, ppa=WOVar.wo_nginx_repo)
|
||||
Log.debug(self, 'Adding ppa for Nginx')
|
||||
if not os.path.isfile(
|
||||
'wordops-ubuntu-nginx-wo-{0}.list'
|
||||
.format(WOVar.wo_platform_codename)):
|
||||
Log.info(self, "Adding repository for NGINX, please wait...")
|
||||
WORepo.add(self, ppa=WOVar.wo_nginx_repo)
|
||||
Log.debug(self, 'Adding ppa for Nginx')
|
||||
else:
|
||||
WORepo.add(self, repo_url=WOVar.wo_nginx_repo)
|
||||
Log.debug(self, 'Adding repository for Nginx')
|
||||
if not WOFileUtils.grepcheck(
|
||||
self, '/etc/apt/sources.list/wo-repo.list',
|
||||
'download.opensuse.org'):
|
||||
Log.info(self, "Adding repository for NGINX, please wait...")
|
||||
Log.debug(self, 'Adding repository for Nginx')
|
||||
WORepo.add(self, repo_url=WOVar.wo_nginx_repo)
|
||||
WORepo.add_key(self, WOVar.wo_nginx_key)
|
||||
|
||||
# add php repository
|
||||
if (set(WOVar.wo_php73).issubset(set(apt_packages)) or
|
||||
set(WOVar.wo_php).issubset(set(apt_packages))):
|
||||
Log.info(self, "Adding repository for PHP, please wait...")
|
||||
if (WOVar.wo_distro == 'ubuntu'):
|
||||
Log.debug(self, 'Adding ppa for PHP')
|
||||
WORepo.add(self, ppa=WOVar.wo_php_repo)
|
||||
if not os.path.isfile(
|
||||
'/etc/apt/sources.list.d/ondrej-ubuntu-php-{0}.list'
|
||||
.format(WOVar.wo_platform_codename)):
|
||||
Log.info(self, "Adding repository for PHP, please wait...")
|
||||
WORepo.add(self, ppa=WOVar.wo_php_repo)
|
||||
else:
|
||||
# Add repository for php
|
||||
if (WOVar.wo_platform_codename == 'buster'):
|
||||
php_pref = ("Package: *\nPin: origin "
|
||||
"packages.sury.org"
|
||||
"\nPin-Priority: 1000\n")
|
||||
with open('/etc/apt/preferences.d/'
|
||||
'PHP.pref', 'w') as php_pref_file:
|
||||
with open(
|
||||
'/etc/apt/preferences.d/'
|
||||
'PHP.pref', mode='w',
|
||||
encoding='utf-8') as php_pref_file:
|
||||
php_pref_file.write(php_pref)
|
||||
Log.debug(self, 'Adding repo_url of php for debian')
|
||||
WORepo.add(self, repo_url=WOVar.wo_php_repo)
|
||||
if not WOFileUtils.grepcheck(
|
||||
self, '/etc/apt/sources.list.d/wo-repo.list',
|
||||
'packages.sury.org'):
|
||||
Log.debug(self, 'Adding repo_url of php for debian')
|
||||
Log.info(self, "Adding repository for PHP, please wait...")
|
||||
WORepo.add(self, repo_url=WOVar.wo_php_repo)
|
||||
Log.debug(self, 'Adding deb.sury GPG key')
|
||||
WORepo.add_key(self, WOVar.wo_php_key)
|
||||
# add redis repository
|
||||
if set(WOVar.wo_redis).issubset(set(apt_packages)):
|
||||
Log.info(self, "Adding repository for Redis, please wait...")
|
||||
if WOVar.wo_distro == 'ubuntu':
|
||||
Log.debug(self, 'Adding ppa for redis')
|
||||
WORepo.add(self, ppa=WOVar.wo_redis_repo)
|
||||
if not os.path.isfile(
|
||||
'/etc/apt/sources.list.d/'
|
||||
'chris-lea-ubuntu-redis-server-{0}.list'
|
||||
.format(WOVar.wo_platform_codename)):
|
||||
Log.info(self, "Adding repository for Redis, please wait...")
|
||||
Log.debug(self, 'Adding ppa for redis')
|
||||
WORepo.add(self, ppa=WOVar.wo_redis_repo)
|
||||
else:
|
||||
if not WOFileUtils.grepcheck(
|
||||
self, '/etc/apt/sources.list/wo-repo.list',
|
||||
'download.opensuse.org'):
|
||||
Log.info(self, "Adding repository for Redis, please wait...")
|
||||
WORepo.add(self, repo_url=WOVar.wo_php_repo)
|
||||
WORepo.add_key(self, WOVar.wo_nginx_key)
|
||||
|
||||
|
||||
def post_pref(self, apt_packages, packages, upgrade=False):
|
||||
|
@ -1374,21 +1401,29 @@ def post_pref(self, apt_packages, packages, upgrade=False):
|
|||
def pre_stack(self):
|
||||
"""Inital server configuration and tweak"""
|
||||
# wo sysctl tweaks
|
||||
Log.wait(self, 'Applying Linux tweaks')
|
||||
# check system type
|
||||
wo_arch = os.uname()[4]
|
||||
if os.path.isfile('/proc/1/environ'):
|
||||
# detect lxc containers
|
||||
wo_lxc = WOFileUtils.grepcheck(
|
||||
self, '/proc/1/environ', 'container=lxc')
|
||||
# detect wsl
|
||||
wo_wsl = WOFileUtils.grepcheck(
|
||||
self, '/proc/1/environ', 'wsl')
|
||||
else:
|
||||
wo_wsl = True
|
||||
wo_lxc = True
|
||||
# remove old sysctl tweak
|
||||
if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'):
|
||||
WOFileUtils.rm(self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf')
|
||||
|
||||
if wo_arch == 'x86_64':
|
||||
if (wo_lxc is not True) and (wo_wsl is not True):
|
||||
data = dict()
|
||||
WOTemplate.deploy(
|
||||
self, '/etc/sysctl.d/60-wo-tweaks.conf',
|
||||
'sysctl.mustache', data, True)
|
||||
# use tcp_bbr congestion algorithm only on new kernels
|
||||
if (WOVar.wo_platform_codename == 'bionic' or
|
||||
WOVar.wo_platform_codename == 'disco' or
|
||||
WOVar.wo_platform_codename == 'buster'):
|
||||
|
@ -1410,6 +1445,7 @@ def pre_stack(self):
|
|||
encoding='utf-8', mode='a') as sysctl_file:
|
||||
sysctl_file.write(
|
||||
'\nnet.ipv4.tcp_congestion_control = htcp')
|
||||
# apply sysctl tweaks
|
||||
WOShellExec.cmd_exec(
|
||||
self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf')
|
||||
# sysctl tweak service
|
||||
|
|
|
@ -52,18 +52,22 @@ def sync(self):
|
|||
|
||||
if configfiles:
|
||||
if WOFileUtils.isexist(self, configfiles[0]):
|
||||
wo_db_name = (WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_NAME').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_user = (WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_USER').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_pass = (WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_PASSWORD').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_host = (WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_HOST').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_name = (
|
||||
WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_NAME').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_user = (
|
||||
WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_USER').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_pass = (
|
||||
WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_PASSWORD').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
wo_db_host = (
|
||||
WOFileUtils.grep(self, configfiles[0],
|
||||
'DB_HOST').split(',')[1]
|
||||
.split(')')[0].strip().replace('\'', ''))
|
||||
|
||||
# Check if database really exist
|
||||
try:
|
||||
|
|
|
@ -8,7 +8,7 @@ location = /robots.txt {
|
|||
access_log off;
|
||||
}
|
||||
location / {
|
||||
rewrite ^ /index.php$request_uri;
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
|
@ -18,13 +18,12 @@ location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|||
}
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
# Avoid sending the security headers twice
|
||||
# Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
# Enable pretty urls
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass {{upstream}};
|
||||
fastcgi_intercept_errors on;
|
||||
|
|
|
@ -55,12 +55,12 @@ http {
|
|||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_early_data on;
|
||||
ssl_early_data on;
|
||||
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
|
||||
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
|
||||
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
||||
# Previous TLS v1.2 configuration
|
||||
{{^tls13}}ssl_protocols TLSv1.2;
|
||||
{{^tls13}}# Previous TLS v1.2 configuration
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
|
||||
|
||||
# Common security headers
|
||||
|
|
|
@ -22,6 +22,7 @@ def export_cert(self):
|
|||
self, "{0} ".format(WOAcme.wo_acme_exec) +
|
||||
"--list --listraw > /var/lib/wo/cert.csv"):
|
||||
Log.error(self, "Unable to export certs list")
|
||||
WOFileUtils.chmod(self, '/var/lib/wo/cert.csv', 0o600)
|
||||
|
||||
def setupletsencrypt(self, acme_domains, acmedata):
|
||||
"""Issue SSL certificates with acme.sh"""
|
||||
|
@ -38,6 +39,14 @@ def setupletsencrypt(self, acme_domains, acmedata):
|
|||
acme_mode = "-w /var/www/html"
|
||||
validation_mode = "Webroot challenge"
|
||||
Log.debug(self, "Validation : Webroot mode")
|
||||
if not os.path.isdir('/var/www/html/.well-known/acme-challenge'):
|
||||
WOFileUtils.mkdir(
|
||||
self, '/var/www/html/.well-known/acme-challenge')
|
||||
WOFileUtils.chown(
|
||||
self, '/var/www/html/.well-known', 'www-data', 'www-data',
|
||||
recursive=True)
|
||||
WOFileUtils.chmod(self, '/var/www/html/.well-known', 0o750,
|
||||
recursive=True)
|
||||
|
||||
Log.info(self, "Validation mode : {0}".format(validation_mode))
|
||||
Log.wait(self, "Issuing SSL cert with acme.sh")
|
||||
|
|
|
@ -25,7 +25,6 @@ def validate(self, url):
|
|||
return domain_name
|
||||
|
||||
|
||||
|
||||
def getlevel(self, domain):
|
||||
"""
|
||||
Returns the domain type : domain, subdomain and the root domain
|
||||
|
|
|
@ -280,17 +280,19 @@ def grepcheck(self, fnm, sstr):
|
|||
"""
|
||||
Searches for string in file and returns True or False.
|
||||
"""
|
||||
try:
|
||||
Log.debug(self, "Finding string {0} to file {1}"
|
||||
.format(sstr, fnm))
|
||||
if os.path.isfile(fnm):
|
||||
try:
|
||||
Log.debug(self, "Finding string {0} to file {1}"
|
||||
.format(sstr, fnm))
|
||||
for line in open(fnm, encoding='utf-8'):
|
||||
if sstr in line:
|
||||
return True
|
||||
return False
|
||||
except OSError as e:
|
||||
Log.debug(self, "{0}".format(e.strerror))
|
||||
Log.error(self, "Unable to Search string {0} in {1}"
|
||||
.format(sstr, fnm))
|
||||
Log.debug(self, "{0}".format(e.strerror))
|
||||
Log.error(self, "Unable to Search string {0} in {1}"
|
||||
.format(sstr, fnm))
|
||||
return False
|
||||
|
||||
def rm(self, path):
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue