def secure_port(self): """This function Secures port""" WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git") pargs = self.app.pargs if pargs.user_input: while ((not pargs.user_input.isdigit()) and (not pargs.user_input < 65536)): Log.info(self, "Please enter a valid port number ") pargs.user_input = input("WordOps " "admin port [22222]:") else: port = input("WordOps admin port [22222]:") if port == "": port = 22222 while ((not port.isdigit()) and (not port != "") and (not port < 65536)): Log.info(self, "Please Enter valid port number :") port = input("WordOps admin port [22222]:") pargs.user_input = port WOShellExec.cmd_exec( self, "sed -i \"s/listen.*/listen " "{port} default_server ssl http2;/\" " "/etc/nginx/sites-available/22222".format(port=pargs.user_input)) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure port into Git") if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info( self, "Successfully port changed {port}".format(port=pargs.user_input))
def secure_ip(self): """IP whitelisting""" WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git") pargs = self.app.pargs if not pargs.user_input: ip = input("Enter the comma separated IP addresses " "to white list [127.0.0.1]:") pargs.user_input = ip try: user_ip = pargs.user_input.split(',') except Exception as e: Log.debug(self, "{0}".format(e)) user_ip = ['127.0.0.1'] for ip_addr in user_ip: if not ("exist_ip_address " + ip_addr in open('/etc/nginx/common/' 'acl.conf').read()): WOShellExec.cmd_exec( self, "sed -i " "\"/deny/i allow {whitelist_address}\;\"" " /etc/nginx/common/acl.conf".format( whitelist_address=ip_addr)) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure ip into Git") Log.info(self, "Successfully added IP address in acl.conf file")
def secure_auth(self): """This function secures authentication""" WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git") pargs = self.app.pargs passwd = RANDOM.long(self) if not pargs.user_input: username = input("Provide HTTP authentication user " "name [{0}] :".format(WOVar.wo_user)) pargs.user_input = username if username == "": pargs.user_input = WOVar.wo_user if not pargs.user_pass: password = getpass.getpass("Provide HTTP authentication " "password [{0}] :".format(passwd)) pargs.user_pass = password if password == "": pargs.user_pass = passwd Log.debug( self, "printf username:"******"$(openssl passwd -crypt " "password 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null") WOShellExec.cmd_exec(self, "printf \"{username}:" "$(openssl passwd -crypt " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null".format( username=pargs.user_input, password=pargs.user_pass), log=False) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure auth into Git")
def secure_auth(self): """This function secures authentication""" passwd = ''.join([ random.choice(string.ascii_letters + string.digits) for n in range(16) ]) if not self.app.pargs.user_input: username = input("Provide HTTP authentication user " "name [{0}] :".format(WOVariables.wo_user)) self.app.pargs.user_input = username if username == "": self.app.pargs.user_input = WOVariables.wo_user if not self.app.pargs.user_pass: password = getpass.getpass("Provide HTTP authentication " "password [{0}] :".format(passwd)) self.app.pargs.user_pass = password if password == "": self.app.pargs.user_pass = passwd Log.debug( self, "printf username:"******"$(openssl passwd -crypt " "password 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null") WOShellExec.cmd_exec(self, "printf \"{username}:" "$(openssl passwd -crypt " "{password} 2> /dev/null)\n\"" "> /etc/nginx/htpasswd-wo 2>/dev/null".format( username=self.app.pargs.user_input, password=self.app.pargs.user_pass), log=False) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure auth into Git")
def enable(self): pargs = self.app.pargs if not pargs.site_name: try: while not pargs.site_name: pargs.site_name = (input('Enter site name : ').strip()) except IOError as e: Log.debug(self, str(e)) Log.error(self, 'could not input site name') pargs.site_name = pargs.site_name.strip() # validate domain name wo_domain = WODomain.validate(self, pargs.site_name) # check if site exists if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)): Log.info(self, "Enable domain {0:10} \t".format(wo_domain), end='') WOFileUtils.create_symlink(self, [ '/etc/nginx/sites-available/{0}'.format(wo_domain), '/etc/nginx/sites-enabled/{0}'.format(wo_domain) ]) WOGit.add(self, ["/etc/nginx"], msg="Enabled {0} ".format(wo_domain)) updateSiteInfo(self, wo_domain, enabled=True) Log.info(self, "[" + Log.ENDC + "OK" + Log.OKBLUE + "]") if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, 'nginx configuration file does not exist')
def secure_port(self): """This function Secures port""" WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git") pargs = self.app.pargs if pargs.user_input: while ((not pargs.user_input.isdigit()) and (not pargs.user_input < 65536)): Log.info(self, "Please enter a valid port number ") pargs.user_input = input("WordOps " "admin port [22222]:") else: port = input("WordOps admin port [22222]:") if port == "": port = 22222 while ((not port.isdigit()) and (not port != "") and (not port < 65536)): Log.info(self, "Please Enter valid port number :") port = input("WordOps admin port [22222]:") pargs.user_input = port data = dict(release=WOVar.wo_version, port=pargs.user_input, webroot='/var/www/') WOTemplate.deploy(self, '/etc/nginx/sites-available/22222', '22222.mustache', data) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure port into Git") if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info( self, "Successfully port changed {port}".format(port=pargs.user_input))
def default(self): pargs = self.app.pargs if not pargs.site_name: try: while not pargs.site_name: pargs.site_name = (input('Enter site name : ').strip()) except IOError as e: Log.debug(self, str(e)) Log.error(self, 'Unable to read input, Please try again') pargs.site_name = pargs.site_name.strip() wo_domain = WODomain.validate(self, pargs.site_name) if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)): try: WOShellExec.invoke_editor( self, '/etc/nginx/sites-availa' 'ble/{0}'.format(wo_domain)) except CommandExecutionError as e: Log.debug(self, str(e)) Log.error(self, "Failed invoke editor") if (WOGit.checkfilestatus( self, "/etc/nginx", '/etc/nginx/sites-available/{0}'.format(wo_domain))): WOGit.add(self, ["/etc/nginx"], msg="Edit website: {0}".format(wo_domain)) # Reload NGINX if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, "nginx configuration file does not exists")
def deploycert(self, wo_domain_name): """Deploy Let's Encrypt certificates with acme.sh""" if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'. format(wo_domain_name)): Log.error(self, 'Certificate not found. Deployment canceled') Log.debug(self, "Cert deployment for domain: {0}".format(wo_domain_name)) try: Log.wait(self, "Deploying SSL cert") if WOShellExec.cmd_exec( self, "mkdir -p {0}/{1} && {2} --install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem --key-file {0}/{1}/key.pem " "--fullchain-file {0}/{1}/fullchain.pem " "--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && " "service nginx restart\" ".format(WOVar.wo_ssl_live, wo_domain_name, WOAcme.wo_acme_exec)): Log.valide(self, "Deploying SSL cert") else: Log.failed(self, "Deploying SSL cert") Log.error(self, "Unable to deploy certificate") if os.path.isdir('/var/www/{0}/conf/nginx'.format(wo_domain_name)): sslconf = open( "/var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name), encoding='utf-8', mode='w') sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" "ssl_trusted_certificate {0}/{1}/ca.pem;\n" "ssl_stapling_verify on;\n".format( WOVar.wo_ssl_live, wo_domain_name)) sslconf.close() if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf', '/etc/letsencrypt'): Log.info(self, "Securing WordOps backend with current cert") sslconf = open("/var/www/22222/conf/nginx/ssl.conf", encoding='utf-8', mode='w') sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" "ssl_trusted_certificate {0}/{1}/ca.pem;\n" "ssl_stapling_verify on;\n".format( WOVar.wo_ssl_live, wo_domain_name)) sslconf.close() WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Error occured while generating " "ssl.conf") return 0
def check_acme(self): """ Check if acme.sh is properly installed, and install it if required """ if not os.path.exists('/etc/letsencrypt/acme.sh'): if os.path.exists('/opt/acme.sh'): WOFileUtils.rm(self, '/opt/acme.sh') WOGit.clone( self, 'https://github.com/Neilpang/acme.sh.git', '/opt/acme.sh', branch='master') WOFileUtils.mkdir(self, '/etc/letsencrypt/config') WOFileUtils.mkdir(self, '/etc/letsencrypt/renewal') WOFileUtils.mkdir(self, '/etc/letsencrypt/live') try: WOFileUtils.chdir(self, '/opt/acme.sh') WOShellExec.cmd_exec( self, './acme.sh --install --home /etc/letsencrypt' '--config-home /etc/letsencrypt/config' '--cert-home /etc/letsencrypt/renewal' ) WOShellExec.cmd_exec( self, "{0} --upgrade --auto-upgrade" .format(WOAcme.wo_acme_exec) ) except CommandExecutionError as e: Log.debug(self, str(e)) Log.error(self, "acme.sh installation failed") if not os.path.exists('/etc/letsencrypt/acme.sh'): Log.error(self, 'acme.sh ')
def secure_ssh_port(self): """Change SSH port""" WOGit.add(self, ["/etc/ssh"], msg="Adding changed SSH port into Git") pargs = self.app.pargs if pargs.user_input: while ((not pargs.user_input.isdigit()) and (not pargs.user_input < 65536)): Log.info(self, "Please enter a valid port number ") pargs.user_input = input("Server " "SSH port [22]:") if not pargs.user_input: port = input("Server SSH port [22]:") if port == "": port = 22 while (not port.isdigit()) and (port != "") and (not port < 65536): Log.info(self, "Please Enter valid port number :") port = input("Server SSH port [22]:") pargs.user_input = port if WOFileUtils.grepcheck(self, '/etc/ssh/sshd_config', '#Port'): WOShellExec.cmd_exec(self, "sed -i \"s/#Port.*/Port " "{port}/\" /etc/ssh/sshd_config" .format(port=pargs.user_input)) else: WOShellExec.cmd_exec(self, "sed -i \"s/Port.*/Port " "{port}/\" /etc/ssh/sshd_config" .format(port=pargs.user_input)) # allow new ssh port if ufw is enabled if os.path.isfile('/etc/ufw/ufw.conf'): # add rule for proftpd with UFW if WOFileUtils.grepcheck( self, '/etc/ufw/ufw.conf', 'ENABLED=yes'): try: WOShellExec.cmd_exec( self, 'ufw limit {0}'.format(pargs.user_input)) WOShellExec.cmd_exec( self, 'ufw reload') except Exception as e: Log.debug(self, "{0}".format(e)) Log.error(self, "Unable to add UFW rule") # add ssh into git WOGit.add(self, ["/etc/ssh"], msg="Adding changed SSH port into Git") # restart ssh service if not WOService.restart_service(self, 'ssh'): Log.error(self, "service SSH restart failed.") Log.info(self, "Successfully changed SSH port to {port}" .format(port=pargs.user_input))
def secure_ssh(self): """Harden ssh security""" pargs = self.app.pargs if not pargs.force and not pargs.allowpassword: start_secure = input('Are you sure you to want to' ' harden SSH security ?' '\nSSH login with password will not ' 'be possible anymore. Please make sure ' 'you are already using SSH Keys.\n' 'Harden SSH security [y/N]') if start_secure != "Y" and start_secure != "y": Log.error(self, "Not hardening SSH security") if os.path.exists('/etc/ssh'): WOGit.add(self, ["/etc/ssh"], msg="Adding SSH into Git") Log.debug(self, "check if /etc/ssh/sshd_config exist") if os.path.isfile('/etc/ssh/sshd_config'): Log.debug(self, "looking for the current ssh port") for line in open('/etc/ssh/sshd_config', encoding='utf-8'): if 'Port' in line: ssh_line = line.strip() break port = (ssh_line).split(' ') current_ssh_port = (port[1]).strip() if os.getenv('SUDO_USER'): sudo_user = os.getenv('SUDO_USER') else: sudo_user = '' if pargs.allowpassword: wo_allowpassword = '******' else: wo_allowpassword = '******' data = dict(sshport=current_ssh_port, allowpass=wo_allowpassword, user=sudo_user) WOTemplate.deploy(self, '/etc/ssh/sshd_config', 'sshd.mustache', data) WOGit.add(self, ["/etc/ssh"], msg="Adding changed SSH port into Git") if not WOService.restart_service(self, 'ssh'): Log.error(self, "service SSH restart failed.") Log.info(self, "Successfully harden SSH security") else: Log.error(self, "SSH config file not found")
def secure_port(self): """This function Secures port""" if self.app.pargs.user_input: while not self.app.pargs.user_input.isdigit(): Log.info(self, "Please enter a valid port number ") self.app.pargs.user_input = input("WordOps " "admin port [22222]:") if not self.app.pargs.user_input: port = input("WordOps admin port [22222]:") if port == "": self.app.pargs.user_input = 22222 while not port.isdigit() and port != "": Log.info(self, "Please Enter valid port number :") port = input("WordOps admin port [22222]:") self.app.pargs.user_input = port if WOVariables.wo_platform_distro == 'ubuntu': WOShellExec.cmd_exec( self, "sed -i \"s/listen.*/listen " "{port} default_server ssl http2;/\" " "/etc/nginx/sites-available/22222".format( port=self.app.pargs.user_input)) if WOVariables.wo_platform_distro == 'debian': WOShellExec.cmd_exec( self, "sed -i \"s/listen.*/listen " "{port} default_server ssl http2;/\" " "/etc/nginx/sites-available/22222".format( port=self.app.pargs.user_input)) WOGit.add(self, ["/etc/nginx"], msg="Adding changed secure port into Git") if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info( self, "Successfully port changed {port}".format( port=self.app.pargs.user_input))
def default(self): pargs = self.app.pargs # self.app.render((data), 'default.mustache') # Check domain name validation data = dict() host, port = None, None try: stype, cache = detSitePar(vars(pargs)) except RuntimeError as e: Log.debug(self, str(e)) Log.error(self, "Please provide valid options to creating site") if stype is None and pargs.proxy: stype, cache = 'proxy', '' proxyinfo = pargs.proxy[0].strip() if not proxyinfo: Log.error(self, "Please provide proxy server host information") proxyinfo = proxyinfo.split(':') host = proxyinfo[0].strip() port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip() elif stype is None and not pargs.proxy: stype, cache = 'html', 'basic' elif stype and pargs.proxy: Log.error(self, "proxy should not be used with other site types") if not pargs.site_name: try: while not pargs.site_name: # preprocessing before finalize site name pargs.site_name = (input('Enter site name : ').strip()) except IOError as e: Log.debug(self, str(e)) Log.error(self, "Unable to input site name, Please try again!") pargs.site_name = pargs.site_name.strip() wo_domain = WODomain.validate(self, pargs.site_name) wo_www_domain = "www.{0}".format(wo_domain) (wo_domain_type, wo_root_domain) = WODomain.getlevel(self, wo_domain) if not wo_domain.strip(): Log.error(self, "Invalid domain name, " "Provide valid domain name") wo_site_webroot = WOVar.wo_webroot + wo_domain if check_domain_exists(self, wo_domain): Log.error(self, "site {0} already exists".format(wo_domain)) elif os.path.isfile( '/etc/nginx/sites-available/{0}'.format(wo_domain)): Log.error( self, "Nginx configuration /etc/nginx/sites-available/" "{0} already exists".format(wo_domain)) if stype == 'proxy': data = dict(site_name=wo_domain, www_domain=wo_www_domain, static=True, basic=False, wp=False, wpfc=False, wpsc=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot) data['proxy'] = True data['host'] = host data['port'] = port data['basic'] = True if pargs.php72 or pargs.php73 or pargs.php74: data = dict(site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=False, wp=False, wpfc=False, wpsc=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot) data['basic'] = True if stype in ['html', 'php']: data = dict(site_name=wo_domain, www_domain=wo_www_domain, static=True, basic=False, wp=False, wpfc=False, wpsc=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot) if stype == 'php': data['static'] = False data['basic'] = True elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: data = dict(site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot, wo_db_name='', wo_db_user='', wo_db_pass='', wo_db_host='') if stype in ['wp', 'wpsubdir', 'wpsubdomain']: data['wp'] = True data['basic'] = False data[cache] = True data['wp-user'] = pargs.user data['wp-email'] = pargs.email data['wp-pass'] = pargs.wppass if stype in ['wpsubdir', 'wpsubdomain']: data['multisite'] = True if stype == 'wpsubdir': data['wpsubdir'] = True else: pass if data and pargs.php73: data['php73'] = True data['php74'] = False data['php72'] = False data['wo_php'] = 'php73' elif data and pargs.php74: data['php72'] = False data['php74'] = True data['php73'] = False data['wo_php'] = 'php74' else: data['php74'] = False data['php72'] = True data['php73'] = False data['wo_php'] = 'php72' if ((not pargs.wpfc) and (not pargs.wpsc) and (not pargs.wprocket) and (not pargs.wpce) and (not pargs.wpredis)): data['basic'] = True if (cache == 'wpredis'): cache = 'wpredis' data['wpredis'] = True data['basic'] = False pargs.wpredis = True # Check rerequired packages are installed or not wo_auth = site_package_check(self, stype) try: pre_run_checks(self) except SiteError as e: Log.debug(self, str(e)) Log.error(self, "NGINX configuration check failed.") try: try: # setup NGINX configuration, and webroot setupdomain(self, data) # Fix Nginx Hashbucket size error hashbucket(self) except SiteError as e: # call cleanup actions on failure Log.info(self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot']) Log.debug(self, str(e)) Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") if 'proxy' in data.keys() and data['proxy']: addNewSite(self, wo_domain, stype, cache, wo_site_webroot) # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.info( self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain) deleteSiteInfo(self, wo_domain) Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg, log=False) Log.info( self, "Successfully created site" " http://{0}".format(wo_domain)) return if data['php73']: php_version = "7.3" elif data['php74']: php_version = "7.4" else: php_version = "7.2" addNewSite(self, wo_domain, stype, cache, wo_site_webroot, php_version=php_version) # Setup database for MySQL site if 'wo_db_name' in data.keys() and not data['wp']: try: data = setupdatabase(self, data) # Add database information for site into database updateSiteInfo(self, wo_domain, db_name=data['wo_db_name'], db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host']) except SiteError as e: # call cleanup actions on failure Log.debug(self, str(e)) Log.info( self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot'], dbname=data['wo_db_name'], dbuser=data['wo_db_user'], dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") try: wodbconfig = open( "{0}/wo-config.php".format(wo_site_webroot), encoding='utf-8', mode='w') wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');" "\ndefine('DB_USER', '{1}'); " "\ndefine('DB_PASSWORD', '{2}');" "\ndefine('DB_HOST', '{3}');\n?>".format( data['wo_db_name'], data['wo_db_user'], data['wo_db_pass'], data['wo_db_host'])) wodbconfig.close() stype = 'mysql' except IOError as e: Log.debug(self, str(e)) Log.debug( self, "Error occured while generating " "wo-config.php") Log.info( self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot'], dbname=data['wo_db_name'], dbuser=data['wo_db_user'], dbhost=data['wo_db_host']) deleteSiteInfo(self, wo_domain) Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") # Setup WordPress if Wordpress site if data['wp']: vhostonly = bool(pargs.vhostonly) try: wo_wp_creds = setupwordpress(self, data, vhostonly) # Add database information for site into database updateSiteInfo(self, wo_domain, db_name=data['wo_db_name'], db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host']) except SiteError as e: # call cleanup actions on failure Log.debug(self, str(e)) Log.info( self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot'], dbname=data['wo_db_name'], dbuser=data['wo_db_user'], dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") # Service Nginx Reload call cleanup if failed to reload nginx if not WOService.reload_service(self, 'nginx'): Log.info(self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot']) if 'wo_db_name' in data.keys(): doCleanupAction(self, domain=wo_domain, dbname=data['wo_db_name'], dbuser=data['wo_db_user'], dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.info( self, Log.FAIL + "service nginx reload failed." " check issues with `nginx -t` command.") Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` " "and please try again") WOGit.add(self, ["/etc/nginx"], msg="{0} created with {1} {2}".format( wo_www_domain, stype, cache)) # Setup Permissions for webroot try: setwebrootpermissions(self, data['webroot']) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "There was a serious error encountered...") Log.info(self, Log.FAIL + "Cleaning up afterwards...") doCleanupAction(self, domain=wo_domain, webroot=data['webroot']) if 'wo_db_name' in data.keys(): print("Inside db cleanup") doCleanupAction(self, domain=wo_domain, dbname=data['wo_db_name'], dbuser=data['wo_db_user'], dbhost=data['wo_mysql_grant_host']) deleteSiteInfo(self, wo_domain) Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` and " "please try again") if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg, log=False) if data['wp'] and (not pargs.vhostonly): Log.info(self, Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user']), log=False) Log.info(self, Log.ENDC + "WordPress admin password : {0}".format( wo_wp_creds['wp_pass']), log=False) display_cache_settings(self, data) Log.info( self, "Successfully created site" " http://{0}".format(wo_domain)) except SiteError: Log.error( self, "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") if pargs.letsencrypt: acme_domains = [] data['letsencrypt'] = True letsencrypt = True Log.debug(self, "Going to issue Let's Encrypt certificate") acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf', dnsalias=False, acme_alias='', keylength='') if self.app.config.has_section('letsencrypt'): acmedata['keylength'] = self.app.config.get( 'letsencrypt', 'keylength') else: acmedata['keylength'] = 'ec-384' if pargs.dns: Log.debug(self, "DNS validation enabled") acmedata['dns'] = True if not pargs.dns == 'dns_cf': Log.debug(self, "DNS API : {0}".format(pargs.dns)) acmedata['acme_dns'] = pargs.dns if pargs.dnsalias: Log.debug(self, "DNS Alias enabled") acmedata['dnsalias'] = True acmedata['acme_alias'] = pargs.dnsalias # detect subdomain and set subdomain variable if pargs.letsencrypt == "subdomain": Log.warn( self, 'Flag --letsencrypt=subdomain is ' 'deprecated and not required anymore.') acme_subdomain = True acme_wildcard = False elif pargs.letsencrypt == "wildcard": acme_wildcard = True acme_subdomain = False acmedata['dns'] = True else: if ((wo_domain_type == 'subdomain')): Log.debug(self, "Domain type = {0}".format(wo_domain_type)) acme_subdomain = True else: acme_subdomain = False acme_wildcard = False if acme_subdomain is True: Log.info(self, "Certificate type : subdomain") acme_domains = acme_domains + ['{0}'.format(wo_domain)] elif acme_wildcard is True: Log.info(self, "Certificate type : wildcard") acme_domains = acme_domains + [ '{0}'.format(wo_domain), '*.{0}'.format(wo_domain) ] else: Log.info(self, "Certificate type : domain") acme_domains = acme_domains + [ '{0}'.format(wo_domain), 'www.{0}'.format(wo_domain) ] if WOAcme.cert_check(self, wo_domain): SSL.archivedcertificatehandle(self, wo_domain, acme_domains) else: if acme_subdomain is True: # check if a wildcard cert for the root domain exist Log.debug( self, "checkWildcardExist on *.{0}".format(wo_root_domain)) if SSL.checkwildcardexist(self, wo_root_domain): Log.info( self, "Using existing Wildcard SSL " "certificate from {0} to secure {1}".format( wo_root_domain, wo_domain)) Log.debug( self, "symlink wildcard " "cert between {0} & {1}".format( wo_domain, wo_root_domain)) # copy the cert from the root domain copyWildcardCert(self, wo_domain, wo_root_domain) else: # check DNS records before issuing cert if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error( self, "Aborting SSL " "certificate issuance") Log.debug( self, "Setup Cert with acme.sh for {0}".format( wo_domain)) if WOAcme.setupletsencrypt(self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error(self, "Aborting SSL certificate issuance") if WOAcme.setupletsencrypt(self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) if pargs.hsts: SSL.setuphsts(self, wo_domain) SSL.httpsredirect(self, wo_domain, acme_domains, True) SSL.siteurlhttps(self, wo_domain) if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info( self, "Congratulations! Successfully Configured " "SSL on https://{0}".format(wo_domain)) # Add nginx conf folder into GIT WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)], msg="Adding letsencrypts config of site: {0}".format( wo_domain)) updateSiteInfo(self, wo_domain, ssl=letsencrypt)
def doupdatesite(self, pargs): pargs = self.app.pargs letsencrypt = False php73 = False php74 = False php72 = False data = dict() try: stype, cache = detSitePar(vars(pargs)) except RuntimeError as e: Log.debug(self, str(e)) Log.error(self, "Please provide valid options combination for" " site update") if stype is None and pargs.proxy: stype, cache = 'proxy', '' proxyinfo = pargs.proxy[0].strip() if not proxyinfo: Log.error(self, "Please provide proxy server host information") proxyinfo = proxyinfo.split(':') host = proxyinfo[0].strip() port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip() elif stype is None and not (pargs.proxy or pargs.letsencrypt): stype, cache = 'html', 'basic' elif stype and pargs.proxy: Log.error(self, "--proxy can not be used with other site types") if not pargs.site_name: try: while not pargs.site_name: pargs.site_name = (input('Enter site name : ').strip()) except IOError: Log.error(self, 'Unable to input site name, Please try again!') pargs.site_name = pargs.site_name.strip() wo_domain = WODomain.validate(self, pargs.site_name) wo_www_domain = "www.{0}".format(wo_domain) (wo_domain_type, wo_root_domain) = WODomain.getlevel( self, wo_domain) wo_site_webroot = WOVar.wo_webroot + wo_domain check_site = getSiteInfo(self, wo_domain) if check_site is None: Log.error(self, " Site {0} does not exist.".format(wo_domain)) else: oldsitetype = check_site.site_type oldcachetype = check_site.cache_type check_ssl = check_site.is_ssl check_php_version = check_site.php_version old_php72 = bool(check_php_version == "7.2") old_php73 = bool(check_php_version == "7.3") old_php74 = bool(check_php_version == "7.4") if ((pargs.password or pargs.hsts or pargs.ngxblocker or pargs.letsencrypt == 'renew') and not ( pargs.html or pargs.php or pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or pargs.wprocket or pargs.wpce or pargs.wpsubdir or pargs.wpsubdomain)): # update wordpress password if (pargs.password): try: updatewpuserpassword(self, wo_domain, wo_site_webroot) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nPassword Unchanged.") return 0 # setup hsts if (pargs.hsts): if pargs.hsts == "on": SSL.setuphsts(self, wo_domain, enable=True) elif pargs.hsts == "off": SSL.setuphsts(self, wo_domain, enable=False) # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") return 0 # setup ngxblocker if (pargs.ngxblocker): if pargs.ngxblocker == "on": if os.path.isdir('/etc/nginx/bots.d'): try: setupngxblocker(self, wo_domain) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nngxblocker not enabled.") else: Log.error(self, 'ngxblocker stack is not installed') elif pargs.ngxblocker == "off": try: setupngxblocker(self, wo_domain, False) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nngxblocker not enabled.") # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") return 0 # letsencryot rebew if (pargs.letsencrypt == 'renew'): if WOAcme.cert_check(self, wo_domain): if not pargs.force: if (SSL.getexpirationdays(self, wo_domain) > 30): Log.error( self, "Your cert will expire in more " "than 30 days ( " + str(SSL.getexpirationdays(self, wo_domain)) + " days).\nAdd \'--force\' to force to renew") Log.wait(self, "Renewing SSL certificate") if WOAcme.renew(self, wo_domain): Log.valide(self, "Renewing SSL certificate") else: Log.error(self, "Certificate doesn't exist") return 0 if (((stype == 'php' and oldsitetype not in ['html', 'proxy', 'php', 'php72', 'php73', 'php74']) or (stype == 'mysql' and oldsitetype not in [ 'html', 'php', 'php72', 'php73', 'php74', 'proxy']) or (stype == 'wp' and oldsitetype not in [ 'html', 'php', 'php72', 'php73', 'php74', 'mysql', 'proxy', 'wp']) or (stype == 'wpsubdir' and oldsitetype in ['wpsubdomain']) or (stype == 'wpsubdomain' and oldsitetype in ['wpsubdir']) or (stype == oldsitetype and cache == oldcachetype)) and not (pargs.php72 or pargs.php73 or pargs.php74)): Log.info(self, Log.FAIL + "can not update {0} {1} to {2} {3}". format(oldsitetype, oldcachetype, stype, cache)) return 1 if stype == 'proxy': data['site_name'] = wo_domain data['www_domain'] = wo_www_domain data['proxy'] = True data['host'] = host data['port'] = port data['webroot'] = wo_site_webroot data['currsitetype'] = oldsitetype data['currcachetype'] = oldcachetype if stype == 'php': data = dict( site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, php72=False, php73=False, php74=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot, currsitetype=oldsitetype, currcachetype=oldcachetype) elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: data = dict( site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot, wo_db_name='', wo_db_user='', wo_db_pass='', wo_db_host='', currsitetype=oldsitetype, currcachetype=oldcachetype) if stype in ['wp', 'wpsubdir', 'wpsubdomain']: data['wp'] = True data['basic'] = False data[cache] = True if stype in ['wpsubdir', 'wpsubdomain']: data['multisite'] = True if stype == 'wpsubdir': data['wpsubdir'] = True if ((pargs.php72 or pargs.php73 or pargs.php74) and (not data)): Log.debug( self, "pargs php72, or php73, or php74 enabled") data = dict( site_name=wo_domain, www_domain=wo_www_domain, currsitetype=oldsitetype, currcachetype=oldcachetype, webroot=wo_site_webroot) stype = oldsitetype cache = oldcachetype if oldsitetype == 'html' or oldsitetype == 'proxy': data['static'] = False data['wp'] = False data['multisite'] = False data['wpsubdir'] = False elif (oldsitetype == 'php' or oldsitetype == 'mysql' or oldsitetype == 'php73'or oldsitetype == 'php74'): data['static'] = False data['wp'] = False data['multisite'] = False data['wpsubdir'] = False elif oldsitetype == 'wp': data['static'] = False data['wp'] = True data['multisite'] = False data['wpsubdir'] = False elif oldsitetype == 'wpsubdir': data['static'] = False data['wp'] = True data['multisite'] = True data['wpsubdir'] = True elif oldsitetype == 'wpsubdomain': data['static'] = False data['wp'] = True data['multisite'] = True data['wpsubdir'] = False if oldcachetype == 'basic': data['basic'] = True data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpfc': data['basic'] = False data['wpfc'] = True data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpsc': data['basic'] = False data['wpfc'] = False data['wpsc'] = True data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpredis': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = True data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wprocket': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = True data['wpce'] = False elif oldcachetype == 'wpce': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = True if pargs.php72: Log.debug(self, "pargs.php72 detected") data['php72'] = True php72 = True elif pargs.php73: Log.debug(self, "pargs.php73 detected") data['php73'] = True php73 = True elif pargs.php74: Log.debug(self, "pargs.php74 detected") data['php74'] = True php74 = True if pargs.php72: if php72 is old_php72: Log.info(self, "PHP 7.2 is already enabled for given " "site") pargs.php72 = False if pargs.php73: if php73 is old_php73: Log.info(self, "PHP 7.3 is already enabled for given " "site") pargs.php73 = False if pargs.php74: if php74 is old_php74: Log.info(self, "PHP 7.4 is already enabled for given " "site") pargs.php74 = False if (data and (not pargs.php73) and (not pargs.php74) and (not pargs.php72)): data['php72'] = bool(old_php72 is True) Log.debug(self, "data php72 = {0}".format(data['php72'])) php72 = bool(old_php72 is True) data['php73'] = bool(old_php73 is True) Log.debug(self, "data php73 = {0}".format(data['php73'])) php73 = bool(old_php73 is True) data['php74'] = bool(old_php74 is True) Log.debug(self, "data php74 = {0}".format(data['php74'])) php74 = bool(old_php74 is True) if pargs.letsencrypt: acme_domains = [] acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf', dnsalias=False, acme_alias='', keylength='') acmedata['keylength'] = self.app.config.get('letsencrypt', 'keylength') if pargs.letsencrypt == 'on': data['letsencrypt'] = True letsencrypt = True acme_subdomain = bool(wo_domain_type == 'subdomain') acme_wildcard = False elif pargs.letsencrypt == 'subdomain': data['letsencrypt'] = True letsencrypt = True acme_subdomain = True acme_wildcard = False elif pargs.letsencrypt == 'wildcard': data['letsencrypt'] = True letsencrypt = True acme_wildcard = True acme_subdomain = False acmedata['dns'] = True elif pargs.letsencrypt == 'off': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False elif pargs.letsencrypt == 'clean': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False elif pargs.letsencrypt == 'purge': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False else: data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False if not (acme_subdomain is True): if letsencrypt is check_ssl: if letsencrypt is False: Log.error(self, "SSL is not configured for given " "site") elif letsencrypt is True: Log.error(self, "SSL is already configured for given " "site") pargs.letsencrypt = False if pargs.all and pargs.letsencrypt == "off": if letsencrypt is check_ssl: if letsencrypt is False: Log.error(self, "HTTPS is not configured for given " "site", False) return 0 if pargs.wpredis and data['currcachetype'] != 'wpredis': data['wpredis'] = True data['basic'] = False cache = 'wpredis' if pargs.wprocket and data['currcachetype'] != 'wprocket': data['wprocket'] = True data['basic'] = False cache = 'wprocket' if pargs.wpce and data['currcachetype'] != 'wpce': data['wpce'] = True data['basic'] = False cache = 'wpce' if ((php73 is old_php73) and (php72 is old_php72) and (php74 is old_php74) and (stype == oldsitetype and cache == oldcachetype)): Log.debug(self, "Nothing to update") return 1 if php73 is True: data['wo_php'] = 'php73' check_php_version = '7.3' elif php74 is True: data['wo_php'] = 'php74' check_php_version = '7.4' elif php72 is True: data['wo_php'] = 'php72' check_php_version = '7.2' else: data['wo_php'] = 'php72' check_php_version = '7.2' if pargs.hsts: data['hsts'] = bool(pargs.hsts == "on") if pargs.ngxblocker: ngxblocker = bool(pargs.ngxblocker == 'on') if not data: Log.error(self, "Cannot update {0}, Invalid Options" .format(wo_domain)) wo_auth = site_package_check(self, stype) data['wo_db_name'] = check_site.db_name data['wo_db_user'] = check_site.db_user data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker): try: pre_run_checks(self) except SiteError as e: Log.debug(self, str(e)) Log.error(self, "NGINX configuration check failed.") try: sitebackup(self, data) except Exception as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # setup NGINX configuration, and webroot try: setupdomain(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" "`tail /var/log/wo/wordops.log` and please try again") return 1 if 'proxy' in data.keys() and data['proxy']: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=(bool(check_site.is_ssl))) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 if pargs.letsencrypt: if data['letsencrypt'] is True: # DNS API configuration if pargs.dns: Log.debug(self, "DNS validation enabled") acmedata['dns'] = True if not pargs.dns == 'dns_cf': Log.debug(self, "DNS API : {0}".format(pargs.dns)) acmedata['acme_dns'] = pargs.dns if pargs.dnsalias: Log.debug(self, "DNS Alias enabled") acmedata['dnsalias'] = True acmedata['acme_alias'] = pargs.dnsalias # Set list of domains to secure if acme_subdomain is True: Log.info(self, "Certificate type : subdomain") acme_domains = acme_domains + [ '{0}'.format(wo_domain)] elif acme_wildcard is True: Log.info(self, "Certificate type : wildcard") acme_domains = acme_domains + [ '{0}'.format(wo_domain), '*.{0}'.format(wo_domain)] else: Log.info(self, "Certificate type : domain") acme_domains = acme_domains + [ '{0}'.format(wo_domain), 'www.{0}'.format(wo_domain)] if WOAcme.cert_check(self, wo_domain): SSL.archivedcertificatehandle( self, wo_domain, acme_domains) else: if acme_subdomain: Log.debug(self, "checkWildcardExist on *.{0}" .format(wo_root_domain)) if SSL.checkwildcardexist(self, wo_root_domain): Log.info( self, "Using existing Wildcard SSL " "certificate from {0} to secure {1}" .format(wo_root_domain, wo_domain)) Log.debug( self, "symlink wildcard " "cert between {0} & {1}" .format(wo_domain, wo_root_domain)) # copy the cert from the root domain copyWildcardCert(self, wo_domain, wo_root_domain) else: # check DNS records before issuing cert if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error( self, "Aborting SSL certificate " "issuance") Log.debug( self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error( self, "Unable to issue certificate") else: # check DNS records before issuing cert if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error( self, "Aborting SSL " "certificate issuance") if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error(self, "Unable to issue certificate") SSL.httpsredirect( self, wo_domain, acme_domains, redirect=True) SSL.siteurlhttps(self, wo_domain) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info(self, "Congratulations! Successfully " "Configured SSL on https://{0}".format(wo_domain)) if (SSL.getexpirationdays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + str(SSL.getexpirationdays(self, wo_domain)) + " days.") else: Log.warn( self, "Your cert already EXPIRED ! " ".PLEASE renew soon . ") elif data['letsencrypt'] is False: if pargs.letsencrypt == "off": if os.path.islink("{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)): WOFileUtils.remove_symlink(self, "{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)) elif os.path.isfile("{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)): Log.info(self, 'Setting Nginx configuration') WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf" .format(wo_site_webroot), '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) SSL.httpsredirect( self, wo_domain, acmedata, redirect=False) if os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" .format(wo_site_webroot), '{0}/conf/nginx/' 'hsts.conf.disabled' .format(wo_site_webroot)) # find all broken symlinks sympath = "/var/www" WOFileUtils.findBrokenSymlink(self, sympath) elif (pargs.letsencrypt == "clean" or pargs.letsencrypt == "purge"): WOAcme.removeconf(self, wo_domain) # find all broken symlinks sympath = "/var/www" WOFileUtils.findBrokenSymlink(self, sympath) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") # Log.info(self,"Removing Cron Job set for cert # auto-renewal") WOCron.remove_cron(self,'wo site # update {0} --le=renew --min_expiry_limit 30 # 2> \/dev\/null'.format(wo_domain)) Log.info(self, "Successfully Disabled SSl for Site " " http://{0}".format(wo_domain)) # Add nginx conf folder into GIT WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)], msg="Adding letsencrypts config of site: {0}" .format(wo_domain)) updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 if pargs.hsts: if data['hsts'] is True: if os.path.isfile(("{0}/conf/nginx/ssl.conf") .format(wo_site_webroot)): if not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): SSL.setuphsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " "site") if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, "HTTPS is not configured for given " "site") elif data['hsts'] is False: if os.path.isfile(("{0}/conf/nginx/hsts.conf") .format(wo_site_webroot)): WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" .format(wo_site_webroot), '{0}/conf/nginx/hsts.conf.disabled' .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, "HSTS is not configured for given " "site") if pargs.ngxblocker: if ngxblocker is True: setupngxblocker(self, wo_domain) elif ngxblocker is False: if os.path.isfile("{0}/conf/nginx/ngxblocker.conf" .format(wo_site_webroot)): WOFileUtils.mvfile( self, "{0}/conf/nginx/ngxblocker.conf" .format(wo_site_webroot), "{0}/conf/nginx/ngxblocker.conf.disabled" .format(wo_site_webroot)) # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") if stype == oldsitetype and cache == oldcachetype: # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=(bool(check_site.is_ssl)), php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 # if data['wo_db_name'] and not data['wp']: if 'wo_db_name' in data.keys() and not data['wp']: try: data = setupdatabase(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" "`tail /var/log/wo/wordops.log` and please try again") return 1 try: wodbconfig = open("{0}/wo-config.php".format(wo_site_webroot), encoding='utf-8', mode='w') wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');" "\ndefine('DB_USER', '{1}'); " "\ndefine('DB_PASSWORD', '{2}');" "\ndefine('DB_HOST', '{3}');\n?>" .format(data['wo_db_name'], data['wo_db_user'], data['wo_db_pass'], data['wo_db_host'])) wodbconfig.close() except IOError as e: Log.debug(self, str(e)) Log.debug(self, "creating wo-config.php failed.") Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Setup WordPress if old sites are html/php/mysql sites if data['wp'] and oldsitetype in ['html', 'proxy', 'php', 'php72', 'mysql', 'php73', 'php74']: try: wo_wp_creds = setupwordpress(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Uninstall unnecessary plugins if oldsitetype in ['wp', 'wpsubdir', 'wpsubdomain']: # Setup WordPress Network if update option is multisite # and oldsite is WordPress single site if data['multisite'] and oldsitetype == 'wp': try: setupwordpressnetwork(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis', 'wprocket', 'wpce'] and (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): try: plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 1, "enable_map": "0", "enable_log": 0, "enable_stamp": 1, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_fastcgi", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 elif ((oldcachetype in ['wpsc', 'basic', 'wpfc', 'wprocket', 'wpce'] and (data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): try: plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 1, "enable_map": "0", "enable_log": 0, "enable_stamp": 1, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_redis", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 else: try: # disable nginx-helper plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 0, "enable_map": 0, "enable_log": 0, "enable_stamp": 0, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_redis", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin( self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpfc', 'wprocket', 'wpredis'] and (data['wpce'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpce'])): try: installwp_plugin(self, 'cache-enabler', data) # setup cache-enabler plugin_data_object = { "expires": 24, "new_post": 1, "new_comment": 0, "webp": 0, "clear_on_upgrade": 1, "compress": 0, "excl_ids": "", "excl_regexp": "", "excl_cookies": "", "incl_attributes": "", "minify_html": 1} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'cache-enabler', 'cache-enabler', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update cache-enabler " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype == 'wpsc' and not data['wpsc']: try: uninstallwp_plugin(self, 'wp-super-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype == 'wpredis' and not data['wpredis']: try: uninstallwp_plugin(self, 'redis-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype != 'wpsc' and data['wpsc']: try: installwp_plugin(self, 'wp-super-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if oldcachetype == 'wprocket' and not data['wprocket']: try: uninstallwp_plugin(self, 'wp-rocket', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if oldcachetype == 'wpce' and not data['wpce']: try: uninstallwp_plugin(self, 'cache-enabler', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") WOGit.add(self, ["/etc/nginx"], msg="{0} updated with {1} {2}" .format(wo_www_domain, stype, cache)) # Setup Permissions for webroot try: setwebrootpermissions(self, data['webroot']) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg) display_cache_settings(self, data) if data['wp'] and oldsitetype in ['html', 'php', 'mysql']: Log.info(self, "\n\n" + Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user'])) Log.info(self, Log.ENDC + "WordPress admin password : {0}" .format(wo_wp_creds['wp_pass']) + "\n\n") if oldsitetype in ['html', 'php'] and stype != 'php': updateSiteInfo(self, wo_domain, stype=stype, cache=cache, db_name=data['wo_db_name'], db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host'], ssl=bool(check_site.is_ssl), php_version=check_php_version) else: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=bool(check_site.is_ssl), php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0