Merge branch 'release/v0.2.0-beta'

CHANGELOG.txt

@@ -1,3 +1,11 @@
+v0.2.0-beta - May 17, 2017
+- Debian 8
+- UTC TimeZone
+- Fail2Ban Support
+- PageSpeed Configuration
+- WooCommerce Cache Bypass
+- Fix #14 #21 #24 #25
+
 v0.1.0-beta - March 1, 2017
 - First Beta Release
 - NGINX PageSpeed Support
@@ -10,4 +18,3 @@ v0.1.0-beta - March 1, 2017
 	4. WordPress
 	5. WordPress W3TC (W3 Total Cache)
 	6. WordPress FastCGI Cache
-

README.md

@@ -1,19 +1,45 @@
 # AnsiPress
 
-[![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/)
+ <a href="https://www.paypal.me/AnsiPress"><img src="https://cloud.githubusercontent.com/assets/1223371/23652872/75a751aa-0350-11e7-8a1f-20460e1e82fa.png" width="80" height="20"></a> [![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/)
 
 
+[![AnsiPress](https://cloud.githubusercontent.com/assets/1223371/23602874/937c6338-0278-11e7-8a91-6d62d677c46b.png)](https://www.youtube.com/watch?v=s7ShsNrQ4-0)
+
 ## Quick Start
 
+✓ = Under Testing
+⚠ = Under Progress
+
+### Features
+
+✓ True Shared Hosting
+
+✓ NGINX + PageSpeed
+
+✓ PHP 7.1 With Different Master Process for Each User
+
+✓ MariaDB
+
+✓ WordPress (W3TC & FastCGI Cache)
+
+✓ Google PageSpeed Configuration
+
+✓ Fail2Ban
+
+⚠ Lets Encrypt (ETA in 2 Weeks)
+
+⚠ NGINX Redis Module (ETA in 5 weeks)
+
+⚠ Laravel Support (ETA in 10 weeks)
+
+⚠ Drupal Support (ETA in 15 weeks)
+
 **Operating System:**
 
 - ✓ Ubuntu 16.04
-- ⚠	Debian 8 & 9
+- ✓	Debian 8
 - ⚠ CentOS 7
 
-✓ = Supported OS
-
-⚠ = Under Progress
 
 **Port Requirements:**
 
@@ -26,7 +52,7 @@
 
 
 
-#### Ansible - [Install Ansible] (https://miteshshah.github.io/devops/ansible/ansible-installation/)
+### Ansible - [Install Ansible](https://miteshshah.github.io/devops/ansible/ansible-installation/)
 
 #### Clone AnsiPress
 
@@ -38,9 +64,9 @@ $ cd AnsiPress && git checkout develop
 #### Setup SSH Server Login Details
 
 * AnsiPress required you can login to remote server via `ssh AnsiPress.local`
-* Change the [AnsiPerss.local] (https://github.com/AnsiPress/AnsiPress/blob/develop/hosts#L2) server name
+* Change the [AnsiPerss.local](https://github.com/AnsiPress/AnsiPress/blob/develop/hosts#L2) server name
 * Make sure you are able to connect server via `ssh example.com`
-* Refer - [SSH Configuration] (https://miteshshah.github.io/linux/ssh/ssh-tips-and-tricks/#ssh-config)
+* Refer - [SSH Configuration](https://miteshshah.github.io/linux/ssh/ssh-tips-and-tricks/#ssh-config)
 
 #### Run the AnsiPress Playbook
 
@@ -58,12 +84,12 @@ $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=w3t
 $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=wpfc.com website_type=wpfc"
 ```
 
-#### Track Development
+### Track Development
 
-[Milestone] (https://github.com/AnsiPress/AnsiPress/milestones)
+[Milestone](https://github.com/AnsiPress/AnsiPress/milestones)
 
-#### Donation
-[![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)]  (https://paypal.me/AnsiPress)
+### Donation
+[![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)](https://paypal.me/AnsiPress)
 
 Yes you can! Just click on the image above ;)
 

group_vars/all

@@ -3,11 +3,10 @@
 remote_user: root
 ansible_python_interpreter: /usr/bin/python3
 
-
-# AnsiPress Server TimeZone
-# Why you need UTC TimeZone -
-# http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html
-timezone: Etc/UTC
+# Fail2ban Bantime 24 hours.
+bantime: 86400
+# Fail2ban ignore ip address separated by space
+ignoreip: 127.0.0.1/8
 
 # Create New User Account
 # We can also pass username variable value using following command
@@ -24,8 +23,11 @@ packages:
   - git
   - htop
   - coreutils
+  - libssl-dev
+  - lsb-release
   - python3-dev
   - python3-pip
-  - python3-passlib
+  - ca-certificates
+  - apt-transport-https
   - python-software-properties
   - software-properties-common

hosts

@@ -1,2 +1,3 @@
 [AnsiPress]
-AnsiPress.local
+AnsiPress.ubuntu
+AnsiPress.debian

roles/bootstrap/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: service ntp restart
+  service: name=ntp state=restarted

roles/bootstrap/tasks/main.yml

@@ -2,6 +2,8 @@
 - include: roles/libs/tasks/ping.yml
 - include: roles/libs/tasks/hostname.yml
 - include: roles/libs/tasks/timezone.yml
+- include: roles/libs/tasks/umask.yml
 - include: roles/libs/tasks/apt/update.yml
 - include: roles/libs/tasks/apt/dist_upgrade.yml
 - include: roles/libs/tasks/apt/install.yml
+- include: roles/libs/tasks/apt/ntp.yml

roles/libs/tasks/apt/install.yml

@@ -3,3 +3,6 @@
 - name: Installing required software, Hold on...
   apt: name={{ item }} state=present
   with_items: "{{ packages }}"
+
+- name: Installing passlib software, Hold on...
+  pip: name=passlib state=present

roles/libs/tasks/apt/ntp.yml

@@ -0,0 +1,5 @@
+---
+# Install NTP
+- name: Installing NTP Service, Hold on...
+  apt: name=ntp state=present
+  notify: service ntp restart

roles/libs/tasks/timezone.yml

@@ -1,4 +1,9 @@
 ---
 # Setup TimeZone
+# AnsiPress Server TimeZone
+# Why you need UTC TimeZone -
+# http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html
+
+# Dont Forget to Update TimeZone in PHP (UTC)
 - name: Setup Timezone to UTC, Hold on...
-  timezone: name={{ timezone }}
+  timezone: name=Etc/UTC

roles/libs/tasks/umask.yml

@@ -0,0 +1,9 @@
+---
+# Setup UMASK for Better Security
+- name: Setup UMASK, Hold on...
+  lineinfile:
+    dest: "/etc/profile"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: '^umask', line: 'umask 0027' }

roles/print/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# Print Userful Information
+
+- name: AnsiPress HTTP Auth Details, Hold on...
+  debug:
+    msg: "{{ item }}"
+  with_items:
+    - HTTP AUTH Username = AnsiPress
+    - HTTP AUTH Password = {{ http_auth_pass }}
+  when: setup_http_auth.stat.islnk is not defined
+
+- name: Getting WordPress Setup Information, Hold on...
+  debug:
+    msg: "{{ item }}"
+  with_items:
+    - WordPress Username = {{ username | lower }}
+    - WordPress Password = {{ random_password.stdout }}

roles/security/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# We had include service restart module
+# Also we have to passs service_name variable which trigger
+# service {{ service_name }} restart
+- name: service fail2ban restart
+  service: name=fail2ban state=restarted

roles/security/tasks/fail2ban.yml

@@ -0,0 +1,17 @@
+---
+- name: Installing Fail2ban, Hold on...
+  apt: name={{ item }} state=present
+  with_items:
+    - fail2ban
+  register: package_install
+  # The notify will call the ../handlers/main.yml
+  notify: service fail2ban restart
+
+- name: Copying Fail2ban Configuration File, Hold on...
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - { src: "../templates/fail2ban/jail.local", dest: "/etc/fail2ban/jail.local" }
+    - { src: "../templates/fail2ban/nginx-req-limit.conf", dest: "/etc/fail2ban/filter.d/nginx-req-limit.conf" }
+  when: package_install.changed == True

roles/security/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: roles/security/tasks/fail2ban.yml

roles/security/templates/fail2ban/jail.local

@@ -0,0 +1,33 @@
+[DEFAULT]
+
+bantime = {{ bantime }}
+ignoreip = {{ ignoreip }}
+
+# Override /etc/fail2ban/jail.d/00-firewalld.conf:
+banaction = iptables-multiport
+
+[sshd]
+enabled = true
+
+[sshd-ddos]
+enabled = true
+
+[php-url-fopen]
+enabled = true
+
+[nginx-http-auth]
+enabled = true
+logpath = /var/log/nginx/*error.log
+
+[nginx-botsearch]
+enabled = true
+logpath = /var/log/nginx/*error.log
+
+[nginx-req-limit]
+enabled = true
+filter = nginx-req-limit
+action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
+logpath = /var/log/nginx/*error.log
+findtime = 600
+bantime = 7200
+maxretry = 10

roles/security/templates/fail2ban/nginx-req-limit.conf

@@ -0,0 +1,13 @@
+# Fail2Ban configuration file
+#
+# supports: ngx_http_limit_req_module module
+
+[Definition]
+
+failregex = limiting requests, excess:.* by zone.*client: <HOST>
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =

roles/stack/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: service memcached restart
+  service: name=memcached state=restarted
+
+- name: service nginx restart
+  service: name=nginx state=restarted
+
+- name: service php7.1-fpm restart
+  service: name=php7.1-fpm state=restarted
+
+- name: service mysql restart
+  service: name=mysql state=restarted

roles/stack/tasks/debian/mysql_repo.yml

@@ -0,0 +1,13 @@
+---
+# Setup MySQL Repository
+
+- name: Adding MariaDB Repository Key, Hold on...
+  apt_key: keyserver=keyserver.ubuntu.com id=0xcbcb082a1bb943db
+  register: apt_key
+
+- name: Adding MariaDB Repository, Hold on...
+  apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb
+  register: repository
+
+- include: roles/libs/tasks/apt/update.yml
+  when: repository.changed == True or apt_key.changed == True

roles/stack/tasks/debian/nginx_repo.yml

@@ -0,0 +1,17 @@
+---
+# Setup NGINX Repository
+
+- name: Adding NGINX Repository Key, Hold on...
+  apt_key:
+    id: B9C9F7DE
+    url: http://download.opensuse.org/repositories/home:AnsiPress/{{ ansible_distribution }}_8.0/Release.key
+  register: apt_key
+  when: ansible_distribution == 'Debian'
+
+- name: Adding NGINX Repository, Hold on...
+  apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/{{ ansible_distribution }}_8.0/ /' state=present filename=nginx
+  register: repository
+  when: ansible_distribution == 'Debian'
+
+- include: roles/libs/tasks/apt/update.yml
+  when: repository.changed == True or apt_key.changed == True

roles/stack/tasks/debian/php_repo.yml

@@ -0,0 +1,16 @@
+---
+# Setup PHP Repository
+
+- name: Adding PHP Repository Key, Hold on...
+  apt_key:
+    url: https://packages.sury.org/php/apt.gpg
+  register: apt_key
+  when: ansible_distribution == 'Debian'
+
+- name: Adding PHP Repository, Hold on...
+  apt_repository: repo='deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' state=present filename=php
+  register: repository
+  when: ansible_distribution == 'Debian'
+
+- include: roles/libs/tasks/apt/update.yml
+  when: repository.changed == True or apt_key.changed == True

roles/stack/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- include: roles/stack/tasks/memcached.yml
+
+- name: Checking NGINX Stack Required, Hold on...
+  set_fact: stack="nginx"
+  when: website_type == "html"
+
+- name: Checking PHP Stack Required, Hold on...
+  set_fact: stack="php"
+  when: website_type == "php"
+
+- name: Checking MySQL Stack Required, Hold on...
+  set_fact: stack="mysql"
+  when: website_type == "mysql" or website_type == "wp" or website_type == "w3tc" or website_type == "wpfc"
+
+- include: roles/stack/tasks/{{ stack }}.yml

roles/stack/tasks/memcached.yml

@@ -0,0 +1,5 @@
+---
+# Install Memcached
+- name: Installing Memcached, Hold on...
+  apt: name=memcached state=present
+  notify: service memcached restart