From 2c17867b40ca3952b3d57a4882b73086bcd165a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristhian=20Mart=C3=ADnez=20Ochoa?= Date: Fri, 23 Aug 2019 17:53:22 -0600 Subject: [PATCH] fixes after testing Issue when reinstall mysql after purge with keep-data option. Multisite convertion issues. HTTP Auth Nginx "if is evil" issue. Messages improved. Issues with subfolder WP creation. Blockips backup after server-reset. --- lib/install | 18 ++++++++----- lib/sites | 2 +- lib/update | 3 +++ plugins/httpauth | 21 +++++----------- plugins/site | 28 ++++++++++++++++++--- plugins/stack | 12 ++++----- plugins/webinoly | 4 +-- templates/nginx/22222 | 1 + templates/nginx/common/acl.conf | 3 --- templates/nginx/common/auth.conf | 2 ++ templates/nginx/common/wpcommon-noauth.conf | 2 +- templates/nginx/common/wpcommon.conf | 2 +- templates/nginx/nginx.conf | 2 +- templates/template-site-php | 6 +++-- 14 files changed, 63 insertions(+), 43 deletions(-) create mode 100644 templates/nginx/common/auth.conf diff --git a/lib/install b/lib/install index fb93c2a..3aa8959 100644 --- a/lib/install +++ b/lib/install @@ -225,12 +225,18 @@ mysql_install() { sudo apt -y install debconf-utils # Generate mysql user passwords - local AUTOGENPASS_ROOT=`pwgen -s -1 16` - local AUTOGENPASS_ADMIN=`pwgen -s -1 16` - local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt ) - local enc_pass_admin=$( echo $AUTOGENPASS_ADMIN | openssl enc -a -salt ) - conf_write mysql-root $enc_pass_root - conf_write mysql-admin $enc_pass_admin + if [[ -z $(conf_read mysql-root) && -z $(conf_read mysql-admin) ]]; then + local AUTOGENPASS_ROOT=`pwgen -s -1 16` + local AUTOGENPASS_ADMIN=`pwgen -s -1 16` + local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt ) + local enc_pass_admin=$( echo $AUTOGENPASS_ADMIN | openssl enc -a -salt ) + conf_write mysql-root $enc_pass_root + conf_write mysql-admin $enc_pass_admin + else + # In case of re-installation after purge with keep-data option. + local AUTOGENPASS_ROOT=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) + local AUTOGENPASS_ADMIN=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) + fi # MariaDB Installation echo "mariadb-server-10.4 mysql-server/root_password password $AUTOGENPASS_ROOT" | debconf-set-selections diff --git a/lib/sites b/lib/sites index 0f20321..8ec4621 100644 --- a/lib/sites +++ b/lib/sites @@ -426,7 +426,7 @@ _EOF_ # Redis Conf sudo sed -i "/stop editing/i \define('WP_REDIS_SELECTIVE_FLUSH', true);" $wpcon - sudo sed -i "/stop editing/i \define('WP_CACHE_KEY_SALT', 'redis_object_cache_for_wp_$domain');" $wpcon + sudo sed -i "/stop editing/i \define('WP_CACHE_KEY_SALT', 'redis_object_cache_for_wp_$domain$(echo $subfolder | sed "s/\//_/g")');" $wpcon fi } diff --git a/lib/update b/lib/update index 86f7b4a..e709e0a 100644 --- a/lib/update +++ b/lib/update @@ -71,6 +71,7 @@ onethree_to_onefour() { sudo cp /etc/nginx/common/acl.conf /opt/webinoly/templates/source/acl.conf.old grep "^allow [^127.0.0.1]" /opt/webinoly/templates/source/acl.conf.old > /etc/nginx/apps.d/whitelist-acl.conf [[ ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf + [[ -a /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i "/acl.conf;/i \ include common\/auth.conf;" /etc/nginx/sites-available/$(conf_read tools-port) for site in "/etc/nginx/sites-available"/* do @@ -86,6 +87,8 @@ onethree_to_onefour() { sudo sed -i "/$pat/a \ # WebinolyCustomEnd" /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ # WebinolyCustom" /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi + sudo sed -i "/$pat/a \ include common\/auth.conf;" /etc/nginx/sites-available/$domi + sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi if [[ $(is_wp $domi) == "true" ]]; then [[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domi -wp-admin=off diff --git a/plugins/httpauth b/plugins/httpauth index c4548b3..db0a454 100644 --- a/plugins/httpauth +++ b/plugins/httpauth @@ -109,10 +109,9 @@ elif [[ -n $wp_admin ]]; then sudo sed -i "/wpcommon-noauth.conf/c \ include apps.d/$domain$subname-wpcommon.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf sudo sed -i "/wpcommon-noauth.conf/c \ include apps.d/$domain$subname-wpcommon.conf;" /etc/nginx/apps.d/$domain$subname-php.conf fi - sudo service nginx reload - echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} has been enabled! ${end}" + echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been enabled! ${end}" else - echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} is already enabled! ${end}" + echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already enabled! ${end}" fi elif [[ $wp_admin == "off" && -n $domain ]]; then @@ -123,10 +122,9 @@ elif [[ -n $wp_admin ]]; then sudo sed -i "/wpcommon.conf/c \ include apps.d/$domain$subname-wpcommon-noauth.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf sudo sed -i "/wpcommon.conf/c \ include apps.d/$domain$subname-wpcommon-noauth.conf;" /etc/nginx/apps.d/$domain$subname-php.conf fi - sudo service nginx reload - echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} has been disabled! ${end}" + echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been disabled! ${end}" else - echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain -${gre} is already disabled! ${end}" + echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already disabled! ${end}" fi elif [[ $wp_admin == "on" ]]; then conf_write wp-admin-auth true @@ -164,11 +162,9 @@ elif [[ -n $whitelist ]]; then exist=$( grep -E "^allow $whitelist;$" /etc/nginx/apps.d/whitelist-acl.conf ) if [[ -z $exist ]]; then sh -c "echo -n 'allow ${whitelist};\n' >> /etc/nginx/apps.d/whitelist-acl.conf" - sudo service nginx reload echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully whitelisted!${end}" else echo "${gre}IP '$whitelist' is already whitelisted!${end}" - exit 0 fi else echo "${red}[ERROR] Please, enter a valid IP value!${end}" @@ -184,7 +180,6 @@ elif [[ -n $whitelist ]]; then # Remove site-auth-file if empty. [[ ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf - sudo service nginx reload echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully removed from whitelist!${end}" else echo "${red}[ERROR] Please, enter a valid IP value!${end}" @@ -207,7 +202,6 @@ elif [[ -n $path && -n $domain ]]; then exist=$( grep -F "acl.conf;" /etc/nginx/sites-available/$domain ) if [[ -z $exist ]]; then sudo sed -i "/# WebinolyCustom$/a \ include common/acl.conf;" /etc/nginx/sites-available/$domain - sudo service nginx reload echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}" else echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}" @@ -246,7 +240,6 @@ location $sign$path { vconf=$( grep -E "include apps.d/$domain-nginx.conf;" /etc/nginx/sites-available/$domain ) [[ -z $vconf ]] && sudo sed -i "/# WebinolyCustom$/a \ include apps.d/$domain-nginx.conf;" /etc/nginx/sites-available/$domain - sudo service nginx reload echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}" else echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}" @@ -260,13 +253,11 @@ location $sign$path { [[ $path == true ]] && read -p "${blu}Path to remove protection: ${end}" path if [[ $path == "/" ]]; then sudo sed -i "/acl.conf;/d" /etc/nginx/sites-available/$domain - sudo service nginx reload echo "${gre}HTTP Authentication successfully removed from ${blu}'$path'${gre}!${end}" elif [[ $path == "all" ]]; then sudo sed -i "/acl.conf;/d" /etc/nginx/sites-available/$domain sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain sudo rm -rf /etc/nginx/apps.d/$domain-nginx.conf - sudo service nginx reload echo "${gre}HTTP Authentication successfully removed from all your custom paths!${gre}${end}" elif [[ $path =~ ^\/([A-Za-z0-9_\/\.\-]+)?$ ]]; then if [[ -a /etc/nginx/apps.d/$domain-nginx.conf ]]; then @@ -276,7 +267,6 @@ location $sign$path { sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain fi fi - sudo service nginx reload echo "${gre}HTTP Authentication successfully removed from ${blu}'$path'${gre}!${end}" else echo "${red}[ERROR] Please, enter a valid URL path!${end}" @@ -315,7 +305,7 @@ elif [[ -n $list ]]; then done } fi - [[ -z $nonemptylist && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}" + [[ ! -s /etc/nginx/$authfile && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}" echo "" @@ -324,4 +314,5 @@ else exit 1 fi +[[ $(conf_read nginx) == "true" ]] && sudo service nginx reload api-events_update hae diff --git a/plugins/site b/plugins/site index a444af2..e3d998c 100644 --- a/plugins/site +++ b/plugins/site @@ -111,7 +111,7 @@ if [[ -n $subfolder && ! ( $subfolder =~ ^\/([A-Za-z0-9_\/\-]+)?[^\/]$ ) ]]; the echo "${red}[ERROR] Please, enter a valid value for subfolder!${end}" exit 1 fi -if [[ -n $subfolder && $type != [123] && -z $delete && -z $cache && -z $yoast_sitemap ]]; then +if [[ -n $subfolder && $type != [123] && -z $delete && -z $cache && -z $yoast_sitemap && -z $multisite_convert ]]; then echo "${red}[ERROR] Subfolder option is only supported for WordPress sites!${end}" exit 1 else @@ -229,7 +229,6 @@ elif [[ -n $wp && -n $domain ]]; then exit 1 elif [[ -a /etc/nginx/sites-available/$domain && -n $subfolder && $type == [123] && ! -d /var/www/$domain/htdocs$subfolder ]]; then wpinstall - echo "${gre}WordPress has been successfully installed in${blu} $domain$subfolder ${gre}subfolder!${end}" else createsite fi @@ -262,7 +261,18 @@ elif [[ -n $wp && -n $domain ]]; then sudo sed -i "s#subfolder#$subfolder#g" /etc/nginx/apps.d/$domain$subname-wpcommon.conf sudo sed -i "s#subfolder#$subfolder#g" /etc/nginx/apps.d/$domain$subname-wpcommon-noauth.conf + [[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domain -wp-admin=off -subfolder=$subfolder > /dev/null 2>&1 [[ $(conf_read yoast-sitemap) != "purged" ]] && sudo site $domain -yoast-sitemap=on -subfolder=$subfolder > /dev/null 2>&1 + + # Activate FastCgi cache + if [[ $cache == "on" ]]; then + sudo sed -i "/$domain$subname-php.conf;/c \ include apps.d/$domain$subname-wpfc.conf;" /etc/nginx/sites-available/$domain + wp_cache_plugins + fi + + sudo chown -R www-data:www-data /var/www + [[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www + echo "${gre}WordPress has been successfully installed in${blu} $domain$subfolder ${gre}subfolder!${end}" fi @@ -314,7 +324,7 @@ elif [[ -n $multisite_convert && -a /etc/nginx/sites-available/$domain ]]; then # Multisite wp-config sudo sed -i "/stop editing/i \define('MULTISITE', true);" $wpcon sudo sed -i "/stop editing/i \define('DOMAIN_CURRENT_SITE', '$domain');" $wpcon - sudo sed -i "/stop editing/i \define('PATH_CURRENT_SITE', '/');" $wpcon + sudo sed -i "/stop editing/i \define('PATH_CURRENT_SITE', '$subfolder/');" $wpcon sudo sed -i "/stop editing/i \define('SITE_ID_CURRENT_SITE', 1);" $wpcon sudo sed -i "/stop editing/i \define('BLOG_ID_CURRENT_SITE', 1);" $wpcon @@ -326,7 +336,17 @@ elif [[ -n $multisite_convert && -a /etc/nginx/sites-available/$domain ]]; then echo "${gre}Subdomain Multisite configuration has been successfully completed!${end}" elif [[ $passed == "subdirectory" ]]; then sudo sed -i "/stop editing/i \define('SUBDOMAIN_INSTALL', false);" $wpcon - sudo sed -i '/locations.conf/i \ include common/wpsubdir.conf;' /etc/nginx/sites-available/$domain + + if [[ -z $subfolder ]]; then + sudo sed -i '/locations.conf/i \ include common/wpsubdir.conf;' /etc/nginx/sites-available/$domain + else + sudo cp /etc/nginx/common/wpsubdir.conf /etc/nginx/apps.d/$domain$subname-wpsubdir.conf + sudo sed -i "/DO NOT MODIFY/a \include apps.d\/$domain$subname-wpsubdir.conf;" /etc/nginx/apps.d/$domain$subname-php.conf + sudo sed -i "/DO NOT MODIFY/a \include apps.d\/$domain$subname-wpsubdir.conf;" /etc/nginx/apps.d/$domain$subname-wpfc.conf + sed -i "s#\^(#\^$subfolder\(#" /etc/nginx/apps.d/$domain$subname-wpsubdir.conf + sed -i "s#\$2#$subfolder\$2#" /etc/nginx/apps.d/$domain$subname-wpsubdir.conf + fi + echo "${gre}Subdirectory Multisite configuration has been successfully completed!${end}" fi else diff --git a/plugins/stack b/plugins/stack index 193eba9..1778d83 100644 --- a/plugins/stack +++ b/plugins/stack @@ -181,12 +181,9 @@ elif [[ -n $purge && -n $mysql ]]; then fi # Determine MySQL version according to stack version. - mysqlver="10.4" - stackver=$(conf_read server-version) - [[ -n $stackver && ${stackver//.} -lt 14 ]] && mysqlver="10.3" - [[ -n $stackver && ${stackver//.} -lt 13 ]] && mysqlver="10.2" - + mysqlver=$(sudo mysql -V | cut -f 6 -d " " -s | cut -f -2 -d "." -s) sudo service mysql stop + if [[ $mysql == "keep-data" ]]; then echo "mariadb-server-${mysqlver} mariadb-server-${mysqlver}/postrm_remove_databases boolean false" | debconf-set-selections else @@ -213,11 +210,12 @@ elif [[ -n $purge && -n $mysql ]]; then if [[ $mysql != "keep-data" ]]; then sudo rm -rf /etc/mysql sudo rm -rf /var/lib/mysql + conf_delete mysql-root + conf_delete mysql-admin else echo "${blu}MySQL data was not removed.${end}" fi - conf_delete mysql-root - conf_delete mysql-admin + conf_write mysql-client purged conf_write mysql purged echo "" diff --git a/plugins/webinoly b/plugins/webinoly index 08f175b..960f8eb 100644 --- a/plugins/webinoly +++ b/plugins/webinoly @@ -36,12 +36,12 @@ elif [[ -n $server_reset ]]; then # Regenerate NGINX conf files if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then - sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup + [[ -a /etc/nginx/conf.d/blockips.conf ]] && sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup sudo rm -rf /etc/nginx/common sudo rm -rf /etc/nginx/conf.d/* linux_purge nginx_optim - sudo mv /tmp/webinoly_blockips_backup /etc/nginx/conf.d/blockips.conf + [[ -a /tmp/webinoly_blockips_backup ]] && sudo mv /tmp/webinoly_blockips_backup /etc/nginx/conf.d/blockips.conf echo "${gre}Nginx settings has been updated successfully!${end}" nginx_not="true" # Nginx-Reload not-needed. elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then diff --git a/templates/nginx/22222 b/templates/nginx/22222 index 885a66c..924a49e 100644 --- a/templates/nginx/22222 +++ b/templates/nginx/22222 @@ -16,6 +16,7 @@ server { autoindex on; # HTTP Authentication on port 22222 + include common/auth.conf; include common/acl.conf; # PHP Support diff --git a/templates/nginx/common/acl.conf b/templates/nginx/common/acl.conf index 65a53a0..53da8e4 100644 --- a/templates/nginx/common/acl.conf +++ b/templates/nginx/common/acl.conf @@ -1,9 +1,6 @@ # Webinoly protect locations # HTTP authentication || IP address satisfy any; -set $authfile ".htpasswd"; -if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";} - auth_basic "Restricted Area"; auth_basic_user_file $authfile; diff --git a/templates/nginx/common/auth.conf b/templates/nginx/common/auth.conf new file mode 100644 index 0000000..a257a9e --- /dev/null +++ b/templates/nginx/common/auth.conf @@ -0,0 +1,2 @@ +set $authfile ".htpasswd"; +if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";} \ No newline at end of file diff --git a/templates/nginx/common/wpcommon-noauth.conf b/templates/nginx/common/wpcommon-noauth.conf index 6699bd4..b198044 100644 --- a/templates/nginx/common/wpcommon-noauth.conf +++ b/templates/nginx/common/wpcommon-noauth.conf @@ -10,7 +10,7 @@ location /wp-admin { fastcgi_pass php; } location ~* /wp-admin/.*\.php$ { - limit_req zone=wp burst=8 nodelay; + limit_req zone=wp burst=15 nodelay; include fastcgi_params; fastcgi_pass php; } diff --git a/templates/nginx/common/wpcommon.conf b/templates/nginx/common/wpcommon.conf index 763e36c..5cda7ac 100644 --- a/templates/nginx/common/wpcommon.conf +++ b/templates/nginx/common/wpcommon.conf @@ -10,7 +10,7 @@ location /wp-admin { fastcgi_pass php; } location ~* /wp-admin/.*\.php$ { - limit_req zone=wp burst=8 nodelay; + limit_req zone=wp burst=15 nodelay; include common/acl.conf; include fastcgi_params; fastcgi_pass php; diff --git a/templates/nginx/nginx.conf b/templates/nginx/nginx.conf index 78ce259..e4d0aef 100644 --- a/templates/nginx/nginx.conf +++ b/templates/nginx/nginx.conf @@ -37,7 +37,7 @@ http { limit_req_status 403; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; - limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s; + limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s; include /etc/nginx/mime.types; include common/headers-http.conf; diff --git a/templates/template-site-php b/templates/template-site-php index 6b5f7d2..1f9ed7c 100644 --- a/templates/template-site-php +++ b/templates/template-site-php @@ -5,14 +5,16 @@ server { listen [::]:80; server_name domain.com www.domain.com; - + access_log /var/log/nginx/domain.com.access.log we_log; error_log /var/log/nginx/domain.com.error.log; - + root /var/www/domain.com/htdocs; index index.php index.html index.htm; + include common/auth.conf; + # WebinolyCustom # WebinolyCustomEnd