forked from WordOps/WordOps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall
722 lines (642 loc) · 32.2 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
#!/bin/bash
#########################################
### WordOps install and update script ###
#########################################
### CONTENTS
### ---
### 1. VARIABLES AND DECLARATIONS
### 2. PREPARE FOR INSTALLATION
### 3. INSTALLATION
### 4.
###
# 1 - Set the CLI output colors
###
function wo_lib_echo()
{
echo $(tput setaf 4)$@$(tput sgr0)
}
function wo_lib_echo_info()
{
echo $(tput setaf 7)$@$(tput sgr0)
}
function wo_lib_echo_fail()
{
echo $(tput setaf 1)$@$(tput sgr0)
}
###
# 1 - Check whether the installation is called with elevated rights
###
if [[ $EUID -ne 0 ]]; then
wo_lib_echo_fail "Sudo privilege required..."
wo_lib_echo_fail "Uses: wget -qO wo wordops.se/tup && sudo bash wo"
exit 100
fi
###
# 1 - Capture errors
###
function wo_lib_error()
{
echo "[ `date` ] $(tput setaf 1)$@$(tput sgr0)"
exit $2
}
###
# 1- Update the apt sewers with fresh info
###
wo_lib_echo "Updating apt-get repository info"
apt-get update &>> /dev/null
###
# 1- Check whether lsb_release is installed, and if not, install it
###
if [ ! -x /usr/bin/lsb_release ]; then
wo_lib_echo "Installing lsb-release, please wait..."
apt-get -y install lsb-release &>> /dev/null
fi
###
# 1 - Define variables for later use
###
wo_branch=$1
migration=0
readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.2.3"
readonly wo_log_dir=/var/log/wo/
readonly wo_install_log=/var/log/wo/install.log
readonly wo_linux_distro=$(lsb_release -i | awk '{print $3}')
readonly wo_distro_version=$(lsb_release -sc)
###
# 1 - Checking linux distro
###
if [ "$wo_linux_distro" != "Ubuntu" ] && [ "$wo_linux_distro" != "Debian" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu and Debian at the moment."
wo_lib_echo_fail "If you are feeling adventurous, you are free to fork WordOps to support"
wo_lib_echo_fail "other Linux distributions and perhaps even Unix deratives."
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 14.04/16.04/18.04, Debian 8.x and Debian 9.x"
exit 100
fi
###
# 1 - WordOps (wo) only supports Ubuntu/Debian versions that are eligible for support
###
lsb_release -d | egrep -e "14.04|16.04|18.04|jessie|stretch" &>> /dev/null
if [ "$?" -ne "0" ]; then
wo_lib_echo_fail "WordOps (wo) only supports Ubuntu 14.04/16.04/18.04, Debian 8.x and Debian 9.x"
exit 100
fi
###
# 1 - To prevent errors or unexpected behaviour, create the log and ACL it
###
if [ ! -d $wo_log_dir ]; then
wo_lib_echo "Creating WordOps log directory, just a second..."
mkdir -p $wo_log_dir || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
touch /var/log/wo/{wordops.log,install.log}
chmod -R 700 /var/log/wo || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $?
fi
###
# 2 - Setup the dependencies for installation
####
function wo_install_dep()
{
if [ "$wo_linux_distro" == "Ubuntu" ]; then
apt-get -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz || wo_lib_error "There was an error during dependency installation, exit status " 1
elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get -y install build-essential curl gzip dirmngr python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz || wo_lib_error "There was an error during dependency installation, exit status " 1
fi
locale-gen en &>> /dev/null
# Support PFS
if [ -f /etc/nginx/nginx.conf ]; then
# Replace the default ciphers
sed -i 's/HIGH:!aNULL:!MD5:!kEDH;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;/' /etc/nginx/nginx.conf
# Replace the EasyEngine ciphers
sed -i 's/ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;/' /etc/nginx/nginx.conf
# Change the TLS protocols
if [ "$wo_distro_version" == "bionic" ]; then
# Bionic supports TLSv1.3, so let's enable that
sed -i 's/TLSv1 TLSv1.1 TLSv1.2;/TLSv1.2 TLSv1.3;/g' /etc/nginx/nginx.conf
else
# If != Bionic then enable only TLSv1.2
sed -i 's/TLSv1 TLSv1.1 TLSv1.2;/TLSv1.2;/g' /etc/nginx/nginx.conf
fi
fi
if [ "$wo_linux_distro" == "Ubuntu" ]; then
add-apt-repository -y 'ppa:ondrej/php'
wo_lib_echo "Updating the PHP repository for some neat PHP 7.2 support"
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed. " 1
mkdir -p /var/log/php/7.2/
touch /var/log/php/7.2/slow.log /var/log/php/7.2/fpm.log
systemctl php7.2-fpm restart &>> /dev/null
elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get install apt-transport-https lsb-release ca-certificates locales locales-all -y
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed." 1
systemctl php7.2-fpm restart &>> /dev/null
fi
}
###
# 3 - Create/migrate the essentials
###
function wo_sync_db()
{
###
# Switching from EE -> WO
###
if [ -f /var/lib/ee/ee.db ]; then
# Create the WordOps folder
mkdir -p /var/lib/wo
# Backup the nginx directory
tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz
# Copy the EasyEngine database
cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db
# Set the migration variable for the closing text
migration=1
###
# Clean WO installation
###
elif [ ! -d /var/lib/wo ]; then
# Create the directory holding the WordOps database
mkdir -p /var/lib/wo
# Create an empty database for WordOps
echo "CREATE TABLE sites (
id INTEGER PRIMARY KEY AUTOINCREMENT,
sitename UNIQUE,
site_type CHAR,
cache_type CHAR,
site_path CHAR,
created_on TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_enabled INT,
is_ssl INT,
storage_fs CHAR,
storage_db CHAR,
db_name VARCHAR,
db_user VARCHAR,
db_password VARCHAR,
db_host VARCHAR,
is_hhvm INT INT DEFAULT '0',
php_version VARCHAR
);" | sqlite3 /var/lib/wo/dbase.db
if [ -f /var/lib/wo/dbase-ee.db]; then
# Copy the main EasyEngine database over since we are migrating
cp /var/lib/wo/dbase-ee.db /var/lib/wo/dbase.db
fi
# Check site is enable/live or disable
for site in $(ls /etc/nginx/sites-available/ | grep -v default);
do
if [ -f /etc/nginx/sites-enabled/$site ]; then
wo_site_status='1'
else
wo_site_status='0'
fi
# Acquire information about the current nginx configuration
wo_site_current_type=$(head -n1 /etc/nginx/sites-available/$site | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5)
# Sniff out the vhost type and cache configuration
if [ "$wo_site_current_type" = "HTML" ]; then
wo_site_current="html"
wo_site_current_cache="basic"
elif [ "$wo_site_current_type" = "PHP" ]; then
wo_site_current="php"
wo_site_current_cache="basic"
elif [ "$wo_site_current_type" = "MYSQL" ]; then
wo_site_current="mysql"
wo_site_current_cache="basic"
# Caching types on a single WordPress installation
elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then
wo_site_current="wp"
wo_site_current_cache="basic"
elif [ "$wo_site_current_type" = "WPSINGLE WP SUPER CACHE" ]; then
wo_site_current="wp"
wo_site_current_cache="wpsc"
elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then
wo_site_current="wp"
wo_site_current_cache="wpfc"
# Caching types on a single, subdirectory WordPress installation
elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then
wo_site_current="wpsubdir"
wo_site_current_cache="basic"
elif [ "$wo_site_current_type" = "WPSUBDIR WP SUPER CACHE" ]; then
wo_site_current="wpsubdir"
wo_site_current_cache="wpsc"
elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then
wo_site_current="wpsubdir"
wo_site_current_cache="wpfc"
# Caching types on a single, subdomain WordPress installation
elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then
wo_site_current="wpsubdomain"
wo_site_current_cache="basic"
elif [ "$wo_site_current_type" = "WPSUBDOMAIN WP SUPER CACHE" ]; then
wo_site_current="wpsubdomain"
wo_site_current_cache="wpsc"
elif [ "$wo_site_current_type" = "WPSUBDOMAIN FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDOMAIN FASTCGI" ]; then
wo_site_current="wpsubdomain"
wo_site_current_cache="wpfc"
fi
wo_webroot="/var/www/$site"
# Import the configuration into the WordOps SQLite database
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
done
else
wo_php_version="7.2"
wo_lib_echo "Updating WordOps Database"
echo "ALTER TABLE sites ADD COLUMN db_name varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_user varchar; " | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_password varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN db_host varchar;" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db
fi
###
# Copy the upstream config
###
if [ -f /etc/nginx/conf.d/upstream.conf ]; then
wo_lib_echo "Replace the PHP ports for PHP 7.2"
# Copy the previous upstream.conf
cp /etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.bak
# Replace the ports for PHP 7.2
sed -i 's/9000/9072/g' /etc/nginx/conf.d/upstream.conf &>> /dev/null
sed -i 's/9070/9072/g' /etc/nginx/conf.d/upstream.conf &>> /dev/null
# Replace the ports for debug PHP 7.2
sed -i 's/9001/9172/g' /etc/nginx/conf.d/upstream.conf &>> /dev/null
sed -i 's/9170/9172/g' /etc/nginx/conf.d/upstream.conf &>> /dev/null
fi
###
# Webp mapping
###
if [ ! -f /etc/nginx/conf.d/webp.conf ]; then
echo -e 'map $http_accept $webp_suffix {\n default "";\n "~*webp" ".webp";\n}\n' > /etc/nginx/conf.d/webp.conf
fi
echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.2');" | sqlite3 /var/lib/wo/dbase.db
###
# ee-acme-sh by VirtuBox, https://virtubox.net/
###
if [ ! -f ~/.acme.sh/acme.sh ]; then
wget -O - https://get.acme.sh | sh
BASHRC_EE_ACME_FIRST_RELEASE=$(grep "ee-acme" $HOME/.bashrc)
BASHRC_EE_ACME_LAST_RELEASE=$(grep "ee-acme.sh" $HOME/.bashrc)
if [ -f $HOME/.ee-acme/ee-acme ] && [ -z "$BASHRC_EE_ACME_LAST_RELEASE" ]; then
rm -rf $HOME/.ee-acme/*
echo 'alias ee-acme="/root/.ee-acme/ee-acme.sh"' >> $HOME/.ee-acme/ee-acme
wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x $HOME/.ee-acme/ee-acme.sh
elif [ -x $HOME/.ee-acme/ee-acme.sh ]; then
rm $HOME/.ee-acme/ee-acme.sh
wget -qO $HOME/.ee-acme/ee-acme.sh https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x $HOME/.ee-acme/ee-acme.sh
elif [ ! -d $HOME/.ee-acme ]; then
mkdir -p $HOME/.ee-acme
wget -qO /usr/local/bin/wo-acme https://raw.githubusercontent.com/WordOps/wo-acme-sh/master/script/ee-acme.sh
chmod +x /usr/local/bin/wo-acme
fi
fi
}
# Once again, set the proper ACL on the WordOps configuration directory
function secure_wo_db()
{
# The owner is root
chown -R root:root /var/lib/wo/
# Only allow access by root, block others
chmod -R 600 /var/lib/wo/
}
# Update the WP-CLI version
function wo_update_wp_cli()
{
wo_lib_echo "Updating WP-CLI version to resolve compatibility issue."
PHP_PATH=$(which php)
WP_CLI_PATH=$(which wp)
if [ "${WP_CLI_PATH}" != "" ]; then
# Obtain the current WP-CLI version
WP_CLI_VERSION=$(${PHP_PATH} ${WP_CLI_PATH} --allow-root cli version | awk '{ print $2 }')
dpkg --compare-versions ${WP_CLI_VERSION} lt 1.4.1
# Update WP-CLI to the most recent version
if [ "$?" == "0" ]; then
wget -qO ${WP_CLI_PATH} https://raw.githubusercontent.com/WordOps/wpcli-builds/gh-pages/phar/wp-cli.phar
chmod +x ${WP_CLI_PATH}
fi
fi
}
# Now, finally, let's install WordOps
function wo_install()
{
rm -rf /tmp/easyengine &>> /dev/null
rm -rf /tmp/wordops &>> /dev/null
wo_lib_echo "Downloading WordOps straight from GitHub - fresh and brewed with love. Hold your horses..."
if [ "$wo_branch" = "" ]; then
wo_branch=master
fi
git clone -b $wo_branch https://github.com/WordOps/WordOps.git /tmp/wordops --quiet > /dev/null \
|| wo_lib_error "An error was encountered during the download, exit status" $?
cd /tmp/wordops
wo_lib_echo "The moment you've all been waiting for, time to install WordOps!"
python3 setup.py install || wo_lib_error "An error was encountered during the installation, exit status " $?
}
function wo_update_latest()
{
if [ -f /etc/nginx/fastcgi_params ]
then
cat /etc/nginx/fastcgi_params| grep -q 'HTTP_PROXY'
if [[ $? -ne 0 ]]; then
echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi_params
echo "fastcgi_param HTTP_PROXY \"\";" >> /etc/nginx/fastcgi.conf
service nginx restart &>> /dev/null
fi
fi
if [ -f /etc/ImageMagick/policy.xml ]
then
if [ ! -f /etc/ImageMagick/patch.txt ]
then
echo -e "\t<policy domain="coder" rights="none" pattern="EPHEMERAL" />\n\t<policy domain="coder" rights="none" pattern="URL" />\n\t<policy domain="coder" rights="none" pattern="HTTPS" />\n\t<policy domain="coder" rights="none" pattern="MVG" />\n\t<policy domain="coder" rights="none" pattern="MSL" />" >> /etc/ImageMagick/patch.txt
sed -i '/<policymap>/r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
fi
fi
#Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]
then
#create conf.d folder if not exist
if [ ! -d /etc/mysql/conf.d ]; then
mkdir -p /etc/mysql/conf.d
chmod 755 /etc/mysql/conf.d
fi
if [ -d /etc/mysql/conf.d ]
then
if [ -f ~/.my.cnf ]
then
cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
else
if [ -f /root/.my.cnf ]
then
cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
else
wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..."
fi
fi
fi
fi
if [ -f /etc/nginx/nginx.conf ]; then
wo_lib_echo "Updating Nginx configuration, please wait..."
elif [ "$wo_distro_version" == "trusty" ]; then
grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /' /etc/apt/sources.list.d/ &>> /dev/null
if [[ $? -ne 0 ]]; then
if [ -f /etc/apt/sources.list.d/rtcamp-nginx-trusty.list ]; then
rm -rf /etc/apt/sources.list.d/rtcamp-nginx-trusty.list
fi
echo -e "\ndeb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_14.04/ /" >> /etc/apt/sources.list.d/wo-repo.list
gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/wo-nginx.conf.old &>> /dev/null
fi
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
apt-get update
service nginx stop &>> /dev/null
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom nginx-ee
service nginx restart &>> /dev/null
fi
dpkg --get-selections | grep -v deinstall | grep nginx-common
if [ $? -eq 0 ]; then
apt-get update
dpkg --get-selections | grep -v deinstall | grep nginx-mainline
if [ $? -eq 0 ]; then
apt-get remove -y nginx-mainline
fi
service nginx stop &>> /dev/null
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
service nginx restart &>> /dev/null
fi
elif [ "$wo_linux_distro" == "Debian" ]; then
grep -Hr 'http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /' /etc/apt/sources.list.d/ &>> /dev/null
if [[ $? -ne 0 ]]; then
echo -e "deb http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
gpg --keyserver "hkp://pgp.mit.edu" --recv-keys '3050AC3CD2AE6F03'
gpg -a --export --armor '3050AC3CD2AE6F03' | apt-key add -
if [ -f /etc/nginx/conf.d/ee-nginx.conf ]; then
mv /etc/nginx/conf.d/ee-nginx.conf /etc/nginx/conf.d/ee-nginx.conf.old &>> /dev/null
fi
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old &>> /dev/null
mv /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params.old &>> /dev/null
apt-get update
systemctl stop nginx &>> /dev/null
apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install nginx-custom
systemctl restart nginx &>> /dev/null
fi
dpkg --get-selections | grep -v deinstall | grep nginx-common
if [ $? -eq 0 ]; then
apt-get update
dpkg --get-selections | grep -v deinstall | grep nginx-mainline
if [ $? -eq 0 ]; then
apt-get remove -y nginx-mainline
fi
systemctl stop nginx &>> /dev/null
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y --allow-unauthenticated install nginx-ee nginx-custom
systemctl restart nginx &>> /dev/null
fi
fi
if [ -f /etc/nginx/nginx.conf ]; then
sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/nginx.conf &>> /dev/null
fi
if [ -f /etc/nginx/conf.d/wo-plus.conf ]; then
sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/conf.d/wo-plus.conf &>> /dev/null
fi
# Fix HHVM autostart on reboot
dpkg --get-selections | grep -v deinstall | grep hhvm &>> /dev/null
if [ $? -eq 0 ]; then
update-rc.d hhvm defaults &>> /dev/null
fi
# Fix WordPress example.html issue
# Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users
dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null
if [ $? -eq 0 ]; then
cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations.conf &>> /dev/null
fi
# Fix HHVM upstream issue that was preventing from using EasyEngine for site operations
if [ -f /etc/nginx/conf.d/upstream.conf ]; then
grep -Hr hhvm /etc/nginx/conf.d/upstream.conf &>> /dev/null
if [ $? -ne 0 ]; then
echo -e "upstream hhvm {\n# HHVM Pool\nserver 127.0.0.1:8000;\nserver 127.0.0.1:9000 backup;\n}\n" >> /etc/nginx/conf.d/upstream.conf
fi
fi
# Fix HHVM server IP
if [ -f /etc/hhvm/server.ini ]; then
grep -Hr "hhvm.server.ip" /etc/hhvm/server.ini &>> /dev/null
if [ $? -ne 0 ]; then
echo -e "hhvm.server.ip = 127.0.0.1\n" >> /etc/hhvm/server.ini
fi
fi
# Rename Redis Header
if [ -f /etc/nginx/common/redis-hhvm.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis-hhvm.conf &>> /dev/null
fi
if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
fi
if [ -f /etc/nginx/common/redis-hhvm.conf ]; then
# Update Timeout redis-hhvm.conf
grep -0 'redis2_query expire $key 6h' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
if [ $? -eq 0 ]; then
sed -i 's/redis2_query expire $key 6h/redis2_query expire $key 14400/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
fi
#Fix for 3.3.4 redis-hhvm issue
grep -0 'HTTP_ACCEPT_ENCODING' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
if [ $? -ne 0 ]; then
sed -i 's/fastcgi_params;/fastcgi_params;\n fastcgi_param HTTP_ACCEPT_ENCODING "";/g' /etc/nginx/common/redis-hhvm.conf &>> /dev/null
fi
fi
#Fix Redis-server security issue
#http://redis.io/topics/security
if [ -f /etc/redis/redis.conf ]; then
grep -0 -v "#" /etc/redis/redis.confse | grep 'bind' &>> /dev/null
if [ $? -ne 0 ]; then
sed -i '$ a bind 127.0.0.1' /etc/redis/redis.conf &>> /dev/null
service redis-server restart &>> /dev/null
fi
fi
# Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
mkdir -p /var/www/html/.well-known/acme-challenge
chown -R www-data:www-data /var/www/html/.well-known
fi
# Fix for 3.3.2 renamed nginx.conf
nginx -V 2>&1 &>>/dev/null
if [[ $? -eq 0 ]]; then
nginx -t 2>&1 | grep 'open() "/etc/nginx/nginx.conf" failed' &>>/dev/null
if [[ $? -eq 0 ]]; then
if [ -f /etc/nginx/nginx.conf.old ]; then
if [ ! -f /etc/nginx/nginx.conf ]; then
cp /etc/nginx/nginx.conf.old /etc/nginx/nginx.conf
fi
fi
fi
# Fix for 3.3.2 renamed fastcgi_param
nginx -t 2>&1 | grep 'open() "/etc/nginx/fastcgi_params" failed' &>>/dev/null
if [[ $? -eq 0 ]]; then
if [ -f /etc/nginx/fastcgi_params.old ]; then
if [ ! -f /etc/nginx/fastcgi_params ]; then
cp /etc/nginx/fastcgi_params.old /etc/nginx/fastcgi_params
fi
fi
fi
fi
# Support PFS
if [ -f /etc/nginx/nginx.conf ]; then
# Replace the default ciphers
sed -i 's/HIGH:!aNULL:!MD5:!kEDH;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;/' /etc/nginx/nginx.conf
# Replace the EasyEngine ciphers
sed -i 's/ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;/' /etc/nginx/nginx.conf
# Change the TLS protocols
if [ "$wo_distro_version" == "bionic" ]; then
# Bionic supports TLSv1.3, so let's enable that
sed -i 's/TLSv1 TLSv1.1 TLSv1.2;/TLSv1.2 TLSv1.3;/g' /etc/nginx/nginx.conf
else
# If != Bionic then enable only TLSv1.2
sed -i 's/TLSv1 TLSv1.1 TLSv1.2;/TLSv1.2;/g' /etc/nginx/nginx.conf
fi
fi
if [ "$wo_linux_distro" == "Ubuntu" ]; then
add-apt-repository -y 'ppa:ondrej/php'
wo_lib_echo "Updating the PHP repository for some neat PHP 7.2 support"
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed. " 1
mkdir -p /var/log/php/7.2/
touch /var/log/php/7.2/slow.log /var/log/php/7.2/fpm.log
systemctl php7.2-fpm restart &>> /dev/null
elif [ "$wo_linux_distro" == "Debian" ]; then
apt-get install apt-transport-https lsb-release ca-certificates locales locales-all -y
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt-get update &>> /dev/null
apt-get -y install php7.2-fpm php7.2-curl php7.2-gd php7.2-imap php-sodium php7.2-common php7.2-readline php7.2-redis php7.2-mysql php7.2-cli php7.2-memcache php7.2-imagick php7.2-mbstring php7.2-recode php7.2-bcmath php7.2-opcache php7.2-zip php7.2-xml php7.2-soap php7.2-msgpack memcached graphviz php-pear php7.2-xdebug || wo_lib_error "Not all PHP packages could be installed." 1
systemctl php7.2-fpm restart &>> /dev/null
fi
#Fix for SSL cert --all
crontab -l | grep -q '\-\-min_expiry_limit'
if [[ $? -eq 0 ]]; then
crontab -l > /var/spool/cron/cron-backup.txt #backup cron before editing
crontab -l | sed '/--min_expiry_limit/d' | crontab -
/bin/bash -c "crontab -l 2> /dev/null | { cat; echo -e \"\n0 0 * * 0 wo site update --le=renew --all 2> /dev/null # Renew all letsencrypt SSL cert. Set by WordOps\"; } | crontab -"
fi
}
# Do git intialisation
function wo_git_init()
{
# Nginx under git version control
if [ -d /etc/nginx ];then
cd /etc/nginx
if [ ! -d /etc/nginx/.git ]; then
git init &>> /dev/null
fi
git add -A .
git commit -am "Updated Nginx" > /dev/null
fi
# WordOps under git version control
cd /etc/wo
if [ ! -d /etc/wo/.git ]; then
git init > /dev/null
fi
git add -A .
git commit -am "Installed/Updated to WordOps" &>> /dev/null
#PHP under git version control
if [ -d /etc/php ];then
cd /etc/php
if [ ! -d /etc/php/.git ]; then
git init &>> /dev/null
fi
git add -A .
git commit -am "Updated PHP" > /dev/null
fi
}
if [ ! -f /usr/local/bin/wo ]; then
wo_lib_echo "Installing depedencies" | tee -ai $wo_install_log
wo_install_dep | tee -ai $wo_install_log
wo_lib_echo "Installing WordOps $wo_branch" | tee -ai $wo_install_log
wo_install | tee -ai $wo_install_log
wo_lib_echo "Running post-install steps" | tee -ai $wo_install_log
secure_wo_db | tee -ai $EE_INSTALL_LOG
wo_git_init | tee -ai $wo_install_log
else
ee -v 2>&1 | grep $wo_version_new &>> /dev/null
if [[ $? -ne 0 ]];then
read -p "Update WordOps to $wo_version_new (y/n): " wo_ans
if [ "$wo_ans" = "y" ] || [ "$wo_ans" = "Y" ]; then
wo_install_dep | tee -ai $wo_install_log
wo_sync_db 2&>>1 $EE_INSTALL_LOG
secure_wo_db | tee -ai $EE_INSTALL_LOG
wo_upgrade_php | tee -ai $wo_install_log
wo_install | tee -ai $wo_install_log
wo_update_latest | tee -ai $wo_install_log
wo_git_init | tee -ai $wo_install_log
service nginx reload &>> /dev/null
service php7.2-fpm restart &>> /dev/null
wo_update_wp_cli | tee -ai $wo_install_log
else
wo_lib_error "Not updating WordOps to $wo_version_new, exit status = " 1
fi
else
wo_lib_error "You already have WordOps $wo_version_new, exit status = " 1
fi
fi
wo sync | tee -ai $WO_INSTALL_LOG
if [ "$migration" -eq "1" ]; then
echo
wo_lib_echo "The migration from EasyEngine to WordOps was succesfull!"
wo_lib_echo "The EasyEngine backup files can be found in /var/lib/wo/ee-backup.tgz"
echo
wo_lib_echo_info "For autocompletion, run the following command:"
wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc"
echo
wo_lib_echo "WordOps (wo) help: https://wordops.org/docs"
else
echo
wo_lib_echo "For WordOps (wo) auto completion, run the following command"
echo
wo_lib_echo_info "source /etc/bash_completion.d/wo_auto.rc"
echo
wo_lib_echo "Yay! WordOps (wo) installed/updated successfully"
wo_lib_echo "WordOps (wo) help: https://wordops.org/docs"
fi