virtubox
/
WordOps
mirror of https://github.com/WordOps/WordOps
1
0
Fork 0
Code Issues Releases Wiki Activity

add hsts

This commit is contained in:
VirtuBox 2019-04-07 12:57:35 +02:00
parent 9acb49ca57
commit 7c6e86a4ca
8 changed files with 228 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,7 +1,7 @@
<h1 align="center" style="font-size:54px;"><a href="https://wordops.net">
WordOps</a>
<p align="center"><img src="https://docs.wordops.net/images/logo.png" width="400" alt="Wordops" /><a href="https://wordops.net">
<br>
</h1>
</p>
<h2 align="center">An essential toolset that eases WordPress site and server administration</h2>

14
install
View File

@ -7,10 +7,10 @@
# Copyright (c) 2019 - WordOps
# This script is licensed under M.I.T
# -------------------------------------------------------------------------
# Version 3.9.5 - 2019-04-03
# Version 3.9.5 - 2019-04-05
# -------------------------------------------------------------------------
readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.4.3"
readonly wo_version_new="3.9.4.4"
# CONTENTS
# ---
# 1. VARIABLES AND DECLARATIONS
@ -81,7 +81,11 @@ fi
###
# 1 - Define variables for later use
###
wo_branch="$1"
if [ -n "$1" ]; then
wo_branch="$1"
else
wo_branch="master"
fi
readonly wo_log_dir=/var/log/wo/
readonly wo_backup_dir=/var/lib/wo-backup/
readonly wo_install_log=/var/log/wo/install.log
@ -381,10 +385,6 @@ wo_install() {
rm -rf /tmp/easyengine
rm -rf /tmp/wordops
[ -z "$wo_branch" ] && {
wo_branch=master
}
git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet
cd /tmp/wordops || exit 1

BIN
logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

145
wo/cli/plugins/site.py
View File

@ -753,6 +753,11 @@ class Meta:
action='store' or 'store_const',
choices=('on', 'off', 'renew', 'subdomain', 'wildcard'),
const='on', nargs='?')),
(['--hsts'],
dict(help="configure hsts on site secured with letsencrypt",
action='store' or 'store_const',
choices=('on', 'off'),
const='on', nargs='?')),
(['--proxy'],
dict(help="update to proxy site", nargs='+')),
(['--experimental'],
@ -1073,6 +1078,16 @@ def doupdatesite(self, pargs):
elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False
letsencrypt = False
data['hsts'] = False
hsts = False
if pargs.hsts:
if pargs.hsts == 'on':
data['hsts'] = True
hsts = True
elif pargs.hsts == 'off':
data['hsts'] = False
hsts = False
if letsencrypt is check_ssl:
if letsencrypt is False:
@ -1170,12 +1185,23 @@ def doupdatesite(self, pargs):
.format(wo_site_webroot))
httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully Configured SSl for Site "
Log.info(self, "Congratulations! Successfully "
"Configured SSl for Site "
" https://{0}".format(wo_domain))
if (SSL.getExpirationDays(self, wo_domain) > 0):
@ -1194,6 +1220,12 @@ def doupdatesite(self, pargs):
'{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot))
httpsRedirect(self, wo_domain, False)
if os.path.isfile("{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
@ -1217,6 +1249,16 @@ def doupdatesite(self, pargs):
.format(wo_site_webroot))
httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
@ -1243,6 +1285,14 @@ def doupdatesite(self, pargs):
'{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot))
httpsRedirect(self, wo_domain, False)
if os.path.isfile(("{0}/conf/nginx/hsts.conf")
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
@ -1269,7 +1319,8 @@ def doupdatesite(self, pargs):
"check issues with `nginx -t` command")
updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
ssl=True if check_site.is_ssl else False, php_version=check_php_version)
ssl=True if check_site.is_ssl else False,
php_version=check_php_version)
Log.info(self, "Successfully updated site"
" http://{0}".format(wo_domain))
@ -1327,44 +1378,94 @@ def doupdatesite(self, pargs):
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if ((oldcachetype in ['wpsc', 'basic', 'wpredis'] and
(data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])):
try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":1,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,'
'"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_fastcgi",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1","redis_port":"6379",'
'"redis_prefix":"nginx-cache:"}'
setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data)
self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. "
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
elif ((oldcachetype in ['wpsc', 'basic', 'wpfc'] and
(data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])):
(data['wpredis'])) or (oldsitetype == 'wp' and
data['multisite'] and data['wpredis'])):
try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":1,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,'
'"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,'
'"purge_page_on_mod":1,'
'"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_redis",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1","redis_port":"6379",'
'"redis_prefix":"nginx-cache:"}'
setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data)
self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. "
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
else:
try:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":0,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
plugin_data = '{"log_level":"INFO","log_filesize":5,'
'"enable_purge":0,"enable_map":0,"enable_log":0,'
'"enable_stamp":0,"purge_homepage_on_new":1,'
'"purge_homepage_on_edit":1,"purge_homepage_on_del":1,'
'"purge_archive_on_new":1,"purge_archive_on_edit":0,'
'"purge_archive_on_del":0,'
'"purge_archive_on_new_comment":0,'
'"purge_archive_on_deleted_comment":0,'
'"purge_page_on_mod":1,"purge_page_on_new_comment":1,'
'"purge_page_on_deleted_comment":1,'
'"cache_method":"enable_redis",'
'"purge_method":"get_request",'
'"redis_hostname":"127.0.0.1",'
'"redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin(
self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data)
self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper settings failed. "
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype == 'wpsc' and not data['wpsc']:
@ -1374,7 +1475,8 @@ def doupdatesite(self, pargs):
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype == 'wpredis' and not data['wpredis']:
@ -1384,7 +1486,8 @@ def doupdatesite(self, pargs):
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
" `tail /var/log/wo/wordops.log` and please try again")
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype != 'wpsc' and data['wpsc']:
@ -1401,10 +1504,12 @@ def doupdatesite(self, pargs):
try:
if installwp_plugin(self, 'redis-cache', data):
# search for wp-config.php
if WOFileUtils.isexist(self, "{0}/wp-config.php".format(wo_site_webroot)):
if WOFileUtils.isexist(self, "{0}/wp-config.php"
.format(wo_site_webroot)):
config_path = '{0}/wp-config.php'.format(
wo_site_webroot)
elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php".format(wo_site_webroot)):
elif WOFileUtils.isexist(self, "{0}/htdocs/wp-config.php"
.format(wo_site_webroot)):
config_path = '{0}/htdocs/wp-config.php'.format(
wo_site_webroot)
else:

97
wo/cli/plugins/site_functions.py
View File

@ -96,8 +96,8 @@ def setupdomain(self, data):
Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]")
except CalledProcessError as e:
Log.debug(self, "{0}".format(str(e)))
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail"
+ Log.OKBLUE + "]")
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" +
Log.OKBLUE + "]")
raise SiteError("created nginx configuration failed for site."
" check with `nginx -t`")
@ -312,8 +312,8 @@ def setupwordpress(self, data):
"--dbuser=\'{2}\' --dbhost=\'{3}\' "
.format(data['wo_db_name'], wo_wp_prefix,
data['wo_db_user'], data['wo_db_host']
)
+ "--dbpass=\'{0}\' "
) +
"--dbpass=\'{0}\' "
"--extra-php<<PHP \n {1} {redissalt}\nPHP\""
.format(data['wo_db_pass'],
"\n\ndefine(\'WP_DEBUG\', false);",
@ -344,13 +344,13 @@ def setupwordpress(self, data):
"\n\ndefine(\'WP_DEBUG\', false);"))
try:
if WOShellExec.cmd_exec(self, "bash -c \"php {0} --allow-root"
.format(WOVariables.wo_wpcli_path)
+ " core config "
+ "--dbname=\'{0}\' --dbprefix=\'{1}\' "
.format(WOVariables.wo_wpcli_path) +
" core config " +
"--dbname=\'{0}\' --dbprefix=\'{1}\' "
"--dbhost=\'{2}\' "
.format(data['wo_db_name'], wo_wp_prefix,
data['wo_db_host'])
+ "--dbuser=\'{0}\' --dbpass=\'{1}\' "
data['wo_db_host']) +
"--dbuser=\'{0}\' --dbpass=\'{1}\' "
"--extra-php<<PHP \n {2} {3} {redissalt}\nPHP\""
.format(data['wo_db_user'],
data['wo_db_pass'],
@ -569,13 +569,13 @@ def uninstallwp_plugin(self, plugin_name, data):
.format(plugin_name))
try:
WOShellExec.cmd_exec(self, "php {0} plugin "
.format(WOVariables.wo_wpcli_path)
+ "--allow-root deactivate "
.format(WOVariables.wo_wpcli_path) +
"--allow-root deactivate "
"{0}".format(plugin_name))
WOShellExec.cmd_exec(self, "php {0} plugin "
.format(WOVariables.wo_wpcli_path)
+ "--allow-root uninstall "
.format(WOVariables.wo_wpcli_path) +
"--allow-root uninstall "
"{0}".format(plugin_name))
except CommandExecutionError as e:
raise SiteError("plugin uninstall failed")
@ -590,16 +590,17 @@ def setupwp_plugin(self, plugin_name, plugin_option, plugin_data, data):
if not data['multisite']:
try:
WOShellExec.cmd_exec(self, "php {0} "
.format(WOVariables.wo_wpcli_path)
+ "--allow-root option update "
"{0} \'{1}\' --format=json".format(plugin_option, plugin_data))
.format(WOVariables.wo_wpcli_path) +
"--allow-root option update "
"{0} \'{1}\' --format=json"
.format(plugin_option, plugin_data))
except CommandExecutionError as e:
raise SiteError("plugin setup failed")
else:
try:
WOShellExec.cmd_exec(self, "php {0} "
.format(WOVariables.wo_wpcli_path)
+ "--allow-root network meta update 1 "
.format(WOVariables.wo_wpcli_path) +
"--allow-root network meta update 1 "
"{0} \'{1}\' --format=json"
.format(plugin_option, plugin_data
))
@ -730,7 +731,8 @@ def site_package_check(self, stype):
else:
apt_packages = apt_packages + WOVariables.wo_php
if self.app.pargs.php73 and stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
if self.app.pargs.php73 and stype in ['mysql', 'wp',
'wpsubdir', 'wpsubdomain']:
Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
if not WOAptGet.is_installed(self, 'php7.2-fpm'):
@ -799,7 +801,7 @@ def site_package_check(self, stype):
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
if not WOAptGet.is_installed(self, 'php7.2-fpm'):
apt_packages = apt_packages + WOVariables.wo_php + \
WOVariables.wo_php73 + WOVariables.wo_php_extra
WOVariables.wo_php73 + WOVariables.wo_php_extra
else:
apt_packages = apt_packages + WOVariables.wo_php73
@ -1146,8 +1148,8 @@ def deleteDB(self, dbname, dbuser, dbhost, exit=True):
def deleteWebRoot(self, webroot):
# do some preprocessing before proceeding
webroot = webroot.strip()
if (webroot == "/var/www/" or webroot == "/var/www"
or webroot == "/var/www/.." or webroot == "/var/www/."):
if (webroot == "/var/www/" or webroot == "/var/www" or
webroot == "/var/www/.." or webroot == "/var/www/."):
Log.debug(self, "Tried to remove {0}, but didn't remove it"
.format(webroot))
return False
@ -1200,7 +1202,8 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='',
# setup letsencrypt for domain + www.domain
def setupLetsEncrypt(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"
.format(wo_domain_name)):
if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)):
@ -1281,7 +1284,8 @@ def setupLetsEncrypt(self, wo_domain_name):
def setupLetsEncryptSubdomain(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"):
if os.path.isfile("/etc/letsencrypt/renewal/{0}_ecc/{0}.conf"
.format(wo_domain_name)):
if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)):
@ -1405,6 +1409,25 @@ def renewLetsEncrypt(self, wo_domain_name):
# redirect= False to disable https redirection
def setupHsts(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/"
"renewal/{0}_ecc/"
"fullchain.cer".format(wo_domain_name)):
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name))
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
hstsconf.write("more_set_headers "
"\"Strict-Transport-Security: "
"max-age=31536000; "
"'includeSubDomains; "
"preload\"")
hstsconf.close()
def httpsRedirect(self, wo_domain_name, redirect=True):
if redirect:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
@ -1426,23 +1449,30 @@ def httpsRedirect(self, wo_domain_name, redirect=True):
sslconf.write("server {\n"
"\tlisten 80;\n" +
"\tlisten [::]:80;\n" +
"\tserver_name www.{0} {0};\n".format(wo_domain_name) +
"\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}")
"\tserver_name www.{0} {0};\n"
.format(wo_domain_name) +
"\treturn 301 https://{0}"
.format(wo_domain_name)+"$request_uri;\n}")
sslconf.close()
# Nginx Configation into GIT
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "Error occured while generating "
"/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
"/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name))
Log.info(self, "Added HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name))
WOGit.add(self,
["/etc/nginx"], msg="Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
["/etc/nginx"], msg="Adding /etc/nginx/conf.d/"
"force-ssl-{0}.conf".format(wo_domain_name))
else:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)):
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name),
"/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name))
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name)):
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name),
"/etc/nginx/conf.d/force-ssl-{0}.conf.disabled"
.format(wo_domain_name))
Log.info(self, "Disabled HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name))
@ -1478,7 +1508,8 @@ def archivedCertificateHandle(self, domain):
"{0}/{1}/fullchain.pem "
"--reloadcmd "
"\"service nginx restart\" "
.format(WOVariables.wo_ssl_live, domain))
.format(WOVariables.wo_ssl_live,
domain))
if ssl:
try:
@ -1525,7 +1556,7 @@ def archivedCertificateHandle(self, domain):
"'/etc/letsencrypt/config' "
"--renew -d {0} --ecc "
"--force"
.format(domain))
.format(domain))
if ssl:

3
wo/cli/templates/fail2ban-wp.mustache Normal file
View File

@ -0,0 +1,3 @@
[Definition]
failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200
ignoreregex =

24
wo/cli/templates/fail2ban.mustache Normal file
View File

@ -0,0 +1,24 @@
[recidive]
enabled = true
[nginx-http-auth]
enabled = true
[nginx-botsearch]
enabled = true
[wo-wordpress]
enabled = true
filter = wo-wordpress
action = iptables-multiport[name="wo-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
[nginx-forbidden]
enabled = true
filter = nginx-forbidden
port = http,https
logpath = /var/log/nginx/*error*.log
findtime = 60
bantime = 6000
maxretry = 3

2
wo/core/variables.py
View File

@ -152,6 +152,8 @@ class WOVariables():
wo_mysql = ["mariadb-server", "percona-toolkit"]
wo_fail2ban = "fail2ban"
# Redis repo details
if wo_platform_distro == 'ubuntu':
wo_redis_repo = ("ppa:chris-lea/redis-server")