fixes after testing

Issue when reinstall mysql after purge with keep-data option.
Multisite convertion issues.
HTTP Auth Nginx "if is evil" issue.
Messages improved.
Issues with subfolder WP creation.
Blockips backup after server-reset.

lib/install

@@ -225,12 +225,18 @@ mysql_install() {
 	sudo apt -y install debconf-utils
 
 	# Generate mysql user passwords
-	local AUTOGENPASS_ROOT=`pwgen -s -1 16`
-	local AUTOGENPASS_ADMIN=`pwgen -s -1 16`
-	local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt )
-	local enc_pass_admin=$( echo $AUTOGENPASS_ADMIN | openssl enc -a -salt )
-	conf_write mysql-root $enc_pass_root
-	conf_write mysql-admin $enc_pass_admin
+	if [[ -z $(conf_read mysql-root) && -z $(conf_read mysql-admin) ]]; then
+		local AUTOGENPASS_ROOT=`pwgen -s -1 16`
+		local AUTOGENPASS_ADMIN=`pwgen -s -1 16`
+		local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt )
+		local enc_pass_admin=$( echo $AUTOGENPASS_ADMIN | openssl enc -a -salt )
+		conf_write mysql-root $enc_pass_root
+		conf_write mysql-admin $enc_pass_admin
+	else
+		# In case of re-installation after purge with keep-data option.
+		local AUTOGENPASS_ROOT=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
+		local AUTOGENPASS_ADMIN=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
+	fi
 
 	# MariaDB Installation
 	echo "mariadb-server-10.4 mysql-server/root_password password $AUTOGENPASS_ROOT" | debconf-set-selections

lib/sites

@@ -426,7 +426,7 @@ _EOF_
 
 		# Redis Conf
 		sudo sed -i "/stop editing/i \define('WP_REDIS_SELECTIVE_FLUSH', true);" $wpcon
-		sudo sed -i "/stop editing/i \define('WP_CACHE_KEY_SALT', 'redis_object_cache_for_wp_$domain');" $wpcon
+		sudo sed -i "/stop editing/i \define('WP_CACHE_KEY_SALT', 'redis_object_cache_for_wp_$domain$(echo $subfolder | sed "s/\//_/g")');" $wpcon
 	fi
 
 }

lib/update

@@ -71,6 +71,7 @@ onethree_to_onefour() {
 		sudo cp /etc/nginx/common/acl.conf /opt/webinoly/templates/source/acl.conf.old
 		grep "^allow [^127.0.0.1]" /opt/webinoly/templates/source/acl.conf.old > /etc/nginx/apps.d/whitelist-acl.conf
 		[[ ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
+		[[ -a /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i "/acl.conf;/i \	include common\/auth.conf;" /etc/nginx/sites-available/$(conf_read tools-port)
 
 		for site in "/etc/nginx/sites-available"/*
 		do
@@ -86,6 +87,8 @@ onethree_to_onefour() {
 				sudo sed -i "/$pat/a \	# WebinolyCustomEnd" /etc/nginx/sites-available/$domi
 				sudo sed -i "/$pat/a \	# WebinolyCustom" /etc/nginx/sites-available/$domi
 				sudo sed -i "/$pat/a \	" /etc/nginx/sites-available/$domi
+				sudo sed -i "/$pat/a \	include common\/auth.conf;" /etc/nginx/sites-available/$domi
+				sudo sed -i "/$pat/a \	" /etc/nginx/sites-available/$domi
 
 				if [[ $(is_wp $domi) == "true" ]]; then
 					[[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domi -wp-admin=off

plugins/httpauth

@@ -109,10 +109,9 @@ elif [[ -n $wp_admin ]]; then
 				sudo sed -i "/wpcommon-noauth.conf/c \	include apps.d/$domain$subname-wpcommon.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf
 				sudo sed -i "/wpcommon-noauth.conf/c \	include apps.d/$domain$subname-wpcommon.conf;" /etc/nginx/apps.d/$domain$subname-php.conf
 			fi
-			sudo service nginx reload
-			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} has been enabled! ${end}"
+			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been enabled! ${end}"
 		else
-			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} is already enabled! ${end}"
+			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already enabled! ${end}"
 		fi
 
 	elif [[ $wp_admin == "off" && -n $domain ]]; then
@@ -123,10 +122,9 @@ elif [[ -n $wp_admin ]]; then
 				sudo sed -i "/wpcommon.conf/c \	include apps.d/$domain$subname-wpcommon-noauth.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf
 				sudo sed -i "/wpcommon.conf/c \	include apps.d/$domain$subname-wpcommon-noauth.conf;" /etc/nginx/apps.d/$domain$subname-php.conf
 			fi
-			sudo service nginx reload
-			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} has been disabled! ${end}"
+			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been disabled! ${end}"
 		else
-			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} is already disabled! ${end}"
+			echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already disabled! ${end}"
 		fi
 	elif [[ $wp_admin == "on" ]]; then
 		conf_write wp-admin-auth true
@@ -164,11 +162,9 @@ elif [[ -n $whitelist ]]; then
 				exist=$( grep -E "^allow $whitelist;$" /etc/nginx/apps.d/whitelist-acl.conf )
 				if [[ -z $exist ]]; then
 					sh -c "echo -n 'allow ${whitelist};\n' >> /etc/nginx/apps.d/whitelist-acl.conf"
-					sudo service nginx reload
 					echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully whitelisted!${end}"
 				else
 					echo "${gre}IP '$whitelist' is already whitelisted!${end}"
-					exit 0
 				fi
 			else	
 				echo "${red}[ERROR] Please, enter a valid IP value!${end}"
@@ -184,7 +180,6 @@ elif [[ -n $whitelist ]]; then
 			# Remove site-auth-file if empty.
 			[[ ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
 
-			sudo service nginx reload
 			echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully removed from whitelist!${end}"
 		else
 			echo "${red}[ERROR] Please, enter a valid IP value!${end}"
@@ -207,7 +202,6 @@ elif [[ -n $path && -n $domain ]]; then
 			exist=$( grep -F "acl.conf;" /etc/nginx/sites-available/$domain )
 			if [[ -z $exist ]]; then
 				sudo sed -i "/# WebinolyCustom$/a \	include common/acl.conf;" /etc/nginx/sites-available/$domain
-				sudo service nginx reload
 				echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}"
 			else
 				echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}"
@@ -246,7 +240,6 @@ location $sign$path {
 
 				vconf=$( grep -E "include apps.d/$domain-nginx.conf;" /etc/nginx/sites-available/$domain )
 				[[ -z $vconf ]] && sudo sed -i "/# WebinolyCustom$/a \	include apps.d/$domain-nginx.conf;" /etc/nginx/sites-available/$domain
-				sudo service nginx reload
 				echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}"
 			else
 				echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}"
@@ -260,13 +253,11 @@ location $sign$path {
 		[[ $path == true ]] && read -p "${blu}Path to remove protection: ${end}" path
 		if [[ $path == "/" ]]; then
 			sudo sed -i "/acl.conf;/d" /etc/nginx/sites-available/$domain
-			sudo service nginx reload
 			echo "${gre}HTTP Authentication successfully removed from ${blu}'$path'${gre}!${end}"
 		elif [[ $path == "all" ]]; then
 			sudo sed -i "/acl.conf;/d" /etc/nginx/sites-available/$domain
 			sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain
 			sudo rm -rf /etc/nginx/apps.d/$domain-nginx.conf
-			sudo service nginx reload
 			echo "${gre}HTTP Authentication successfully removed from all your custom paths!${gre}${end}"
 		elif [[ $path =~ ^\/([A-Za-z0-9_\/\.\-]+)?$ ]]; then
 			if [[ -a /etc/nginx/apps.d/$domain-nginx.conf ]]; then
@@ -276,7 +267,6 @@ location $sign$path {
 					sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain
 				fi
 			fi
-			sudo service nginx reload
 			echo "${gre}HTTP Authentication successfully removed from ${blu}'$path'${gre}!${end}"
 		else
 			echo "${red}[ERROR] Please, enter a valid URL path!${end}"
@@ -315,7 +305,7 @@ elif [[ -n $list ]]; then
 		done
 		}
 	fi
-	[[ -z $nonemptylist && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}"
+	[[ ! -s /etc/nginx/$authfile && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}"
 	echo ""
 
 
@@ -324,4 +314,5 @@ else
 	exit 1
 fi
 
+[[ $(conf_read nginx) == "true" ]] && sudo service nginx reload
 api-events_update hae

plugins/site

@@ -111,7 +111,7 @@ if [[ -n $subfolder && ! ( $subfolder =~ ^\/([A-Za-z0-9_\/\-]+)?[^\/]$ ) ]]; the
 	echo "${red}[ERROR] Please, enter a valid value for subfolder!${end}"
 	exit 1
 fi
-if [[ -n $subfolder && $type != [123] && -z $delete && -z $cache && -z $yoast_sitemap ]]; then
+if [[ -n $subfolder && $type != [123] && -z $delete && -z $cache && -z $yoast_sitemap && -z $multisite_convert ]]; then
 	echo "${red}[ERROR] Subfolder option is only supported for WordPress sites!${end}"
 	exit 1
 else
@@ -229,7 +229,6 @@ elif [[ -n $wp && -n $domain ]]; then
 			exit 1
 		elif [[ -a /etc/nginx/sites-available/$domain && -n $subfolder && $type == [123] && ! -d /var/www/$domain/htdocs$subfolder ]]; then
 			wpinstall
-			echo "${gre}WordPress has been successfully installed in${blu} $domain$subfolder ${gre}subfolder!${end}"
 		else
 			createsite
 		fi
@@ -262,7 +261,18 @@ elif [[ -n $wp && -n $domain ]]; then
 		sudo sed -i "s#subfolder#$subfolder#g" /etc/nginx/apps.d/$domain$subname-wpcommon.conf
 		sudo sed -i "s#subfolder#$subfolder#g" /etc/nginx/apps.d/$domain$subname-wpcommon-noauth.conf
 
+		[[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domain -wp-admin=off -subfolder=$subfolder > /dev/null 2>&1
 		[[ $(conf_read yoast-sitemap) != "purged" ]] && sudo site $domain -yoast-sitemap=on -subfolder=$subfolder > /dev/null 2>&1
+
+		# Activate FastCgi cache
+		if [[ $cache == "on" ]]; then
+			sudo sed -i "/$domain$subname-php.conf;/c \	include apps.d/$domain$subname-wpfc.conf;" /etc/nginx/sites-available/$domain
+			wp_cache_plugins
+		fi
+
+		sudo chown -R www-data:www-data /var/www
+		[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
+		echo "${gre}WordPress has been successfully installed in${blu} $domain$subfolder ${gre}subfolder!${end}"
 	fi
 
 
@@ -314,7 +324,7 @@ elif [[ -n $multisite_convert && -a /etc/nginx/sites-available/$domain ]]; then
 		# Multisite wp-config
 		sudo sed -i "/stop editing/i \define('MULTISITE', true);" $wpcon
 		sudo sed -i "/stop editing/i \define('DOMAIN_CURRENT_SITE', '$domain');" $wpcon
-		sudo sed -i "/stop editing/i \define('PATH_CURRENT_SITE', '/');" $wpcon
+		sudo sed -i "/stop editing/i \define('PATH_CURRENT_SITE', '$subfolder/');" $wpcon
 		sudo sed -i "/stop editing/i \define('SITE_ID_CURRENT_SITE', 1);" $wpcon
 		sudo sed -i "/stop editing/i \define('BLOG_ID_CURRENT_SITE', 1);" $wpcon
 
@@ -326,7 +336,17 @@ elif [[ -n $multisite_convert && -a /etc/nginx/sites-available/$domain ]]; then
 			echo "${gre}Subdomain Multisite configuration has been successfully completed!${end}"
 		elif [[ $passed == "subdirectory" ]]; then
 			sudo sed -i "/stop editing/i \define('SUBDOMAIN_INSTALL', false);" $wpcon			
-			sudo sed -i '/locations.conf/i \	include common/wpsubdir.conf;' /etc/nginx/sites-available/$domain
+
+			if [[ -z $subfolder ]]; then
+				sudo sed -i '/locations.conf/i \	include common/wpsubdir.conf;' /etc/nginx/sites-available/$domain
+			else
+				sudo cp /etc/nginx/common/wpsubdir.conf /etc/nginx/apps.d/$domain$subname-wpsubdir.conf
+				sudo sed -i "/DO NOT MODIFY/a \include apps.d\/$domain$subname-wpsubdir.conf;" /etc/nginx/apps.d/$domain$subname-php.conf
+				sudo sed -i "/DO NOT MODIFY/a \include apps.d\/$domain$subname-wpsubdir.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf
+				sed -i "s#\^(#\^$subfolder\(#" /etc/nginx/apps.d/$domain$subname-wpsubdir.conf
+				sed -i "s#\$2#$subfolder\$2#" /etc/nginx/apps.d/$domain$subname-wpsubdir.conf
+			fi
+
 			echo "${gre}Subdirectory Multisite configuration has been successfully completed!${end}"
 		fi
 	else

plugins/stack

@@ -181,12 +181,9 @@ elif [[ -n $purge && -n $mysql ]]; then
 		fi
 
 		# Determine MySQL version according to stack version.
-		mysqlver="10.4"
-		stackver=$(conf_read server-version)
-		[[ -n $stackver && ${stackver//.} -lt 14 ]] && mysqlver="10.3"
-		[[ -n $stackver && ${stackver//.} -lt 13 ]] && mysqlver="10.2"
-
+		mysqlver=$(sudo mysql -V | cut -f 6 -d " " -s | cut -f -2 -d "." -s)
 		sudo service mysql stop
+
 		if [[ $mysql == "keep-data" ]]; then
 			echo "mariadb-server-${mysqlver}	mariadb-server-${mysqlver}/postrm_remove_databases	boolean false" | debconf-set-selections
 		else
@@ -213,11 +210,12 @@ elif [[ -n $purge && -n $mysql ]]; then
 		if [[ $mysql != "keep-data" ]]; then
 			sudo rm -rf /etc/mysql
 			sudo rm -rf /var/lib/mysql
+			conf_delete mysql-root
+			conf_delete mysql-admin
 		else
 			echo "${blu}MySQL data was not removed.${end}"
 		fi
-		conf_delete mysql-root
-		conf_delete mysql-admin
+
 		conf_write mysql-client purged
 		conf_write mysql purged
 		echo ""

plugins/webinoly

@@ -36,12 +36,12 @@ elif [[ -n $server_reset ]]; then
 
 	# Regenerate NGINX conf files
 	if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then
-		sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup
+		[[ -a /etc/nginx/conf.d/blockips.conf ]] && sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup
 		sudo rm -rf /etc/nginx/common
 		sudo rm -rf /etc/nginx/conf.d/*
 		linux_purge
 		nginx_optim
-		sudo mv /tmp/webinoly_blockips_backup /etc/nginx/conf.d/blockips.conf
+		[[ -a /tmp/webinoly_blockips_backup ]] && sudo mv /tmp/webinoly_blockips_backup /etc/nginx/conf.d/blockips.conf
 		echo "${gre}Nginx settings has been updated successfully!${end}"
 		nginx_not="true" # Nginx-Reload not-needed.
 	elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then

templates/nginx/22222

@@ -16,6 +16,7 @@ server {
 	autoindex on;
 
 	# HTTP Authentication on port 22222
+	include common/auth.conf;
 	include common/acl.conf;
 
 	# PHP Support

templates/nginx/common/acl.conf

@@ -1,9 +1,6 @@
 # Webinoly protect locations
 # HTTP authentication || IP address
 satisfy any;
-set $authfile ".htpasswd";
-if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";}
-
 auth_basic "Restricted Area";
 auth_basic_user_file $authfile;
 

templates/nginx/common/auth.conf

@@ -0,0 +1,2 @@
+set $authfile ".htpasswd";
+if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";}

templates/nginx/common/wpcommon-noauth.conf

@@ -10,7 +10,7 @@ location /wp-admin {
 		fastcgi_pass php;
 	}
 	location ~* /wp-admin/.*\.php$ {
-		limit_req zone=wp burst=8 nodelay;
+		limit_req zone=wp burst=15 nodelay;
 		include fastcgi_params;
 		fastcgi_pass php;
 	}

templates/nginx/common/wpcommon.conf

@@ -10,7 +10,7 @@ location /wp-admin {
 		fastcgi_pass php;
 	}
 	location ~* /wp-admin/.*\.php$ {
-		limit_req zone=wp burst=8 nodelay;
+		limit_req zone=wp burst=15 nodelay;
 		include common/acl.conf;
 		include fastcgi_params;
 		fastcgi_pass php;

templates/nginx/nginx.conf

@@ -37,7 +37,7 @@ http {
 
 	limit_req_status 403;
 	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
-	limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s;
+	limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s;
 
 	include /etc/nginx/mime.types;
 	include common/headers-http.conf;

templates/template-site-php

@@ -5,14 +5,16 @@ server {
 	listen [::]:80;
 
 	server_name domain.com www.domain.com;
-
+	
 	access_log /var/log/nginx/domain.com.access.log we_log; 
 	error_log /var/log/nginx/domain.com.error.log;
-
+	
 	root /var/www/domain.com/htdocs;
 
 	index  index.php index.html index.htm;
 
+	include common/auth.conf;
+
 	# WebinolyCustom
 	# WebinolyCustomEnd