def migrate_mariadb(self, ci=False): # Backup all database WOMysql.backupAll(self, fulldump=True) # Remove previous MariaDB repository wo_mysql_old_repo = ("deb [arch=amd64,ppc64el] " "http://mariadb.mirrors.ovh.net/MariaDB/repo/" "10.3/{distro} {codename} main".format( distro=WOVar.wo_distro, codename=WOVar.wo_platform_codename)) if WOFileUtils.grepcheck(self, '/etc/apt/sources.list.d/wo-repo.list', wo_mysql_old_repo): WORepo.remove(self, repo_url=wo_mysql_old_repo) # Add MariaDB repo pre_pref(self, WOVar.wo_mysql) # Install MariaDB Log.wait(self, "Updating apt-cache ") WOAptGet.update(self) Log.valide(self, "Updating apt-cache ") Log.wait(self, "Upgrading MariaDB ") WOAptGet.remove(self, ["mariadb-server"]) WOAptGet.auto_remove(self) WOAptGet.install(self, WOVar.wo_mysql) if not ci: WOAptGet.dist_upgrade(self) WOAptGet.auto_remove(self) Log.valide(self, "Upgrading MariaDB ") WOFileUtils.mvfile(self, '/etc/mysql/my.cnf', '/etc/mysql/my.cnf.old') WOFileUtils.create_symlink( self, ['/etc/mysql/mariadb.cnf', '/etc/mysql/my.cnf']) WOShellExec.cmd_exec(self, 'systemctl daemon-reload') WOShellExec.cmd_exec(self, 'systemctl enable mariadb') post_pref(self, WOVar.wo_mysql, [])
def archivedcertificatehandle(self, domain, acme_domains): Log.warn( self, "You already have an existing certificate " "for the domain requested.\n" "(ref: {0}/" "{1}_ecc/{1}.conf)".format(WOVar.wo_ssl_archive, domain) + "\nPlease select an option from below?" "\n\t1: Reinstall existing certificate" "\n\t2: Issue a new certificate to replace " "the current one (limit ~5 per 7 days)" "") check_prompt = input( "\nType the appropriate number [1-2] or any other key to cancel: ") if not os.path.isfile("{0}/{1}/fullchain.pem".format( WOVar.wo_ssl_live, domain)): Log.debug( self, "{0}/{1}/fullchain.pem file is missing.".format( WOVar.wo_ssl_live, domain)) check_prompt = "2" if check_prompt == "1": Log.info(self, "Reinstalling SSL cert with acme.sh") ssl = WOAcme.deploycert(self, domain) if ssl: SSL.httpsredirect(self, domain, acme_domains) elif (check_prompt == "2"): Log.info(self, "Issuing new SSL cert with acme.sh") ssl = WOShellExec.cmd_exec( self, "/etc/letsencrypt/acme.sh " "--config-home '/etc/letsencrypt/config' " "--renew -d {0} --ecc --force".format(domain)) if ssl: WOAcme.deploycert(self, domain) else: Log.error(self, "Operation cancelled by user.") if os.path.isfile("{0}/conf/nginx/ssl.conf".format(domain)): Log.info(self, "Existing ssl.conf . Backing it up ..") WOFileUtils.mvfile( self, "/var/www/{0}/conf/nginx/ssl.conf".format(domain), '/var/www/{0}/conf/nginx/ssl.conf.bak'.format(domain)) return ssl
def selfsignedcert(self, proftpd=False, backend=False): """issue a self-signed certificate""" selfs_tmp = '/var/lib/wo/tmp/selfssl' # create self-signed tmp directory if not os.path.isdir(selfs_tmp): WOFileUtils.mkdir(self, selfs_tmp) try: WOShellExec.cmd_exec( self, "openssl genrsa -out " "{0}/ssl.key 2048".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl req -new -batch " "-subj /commonName=localhost/ " "-key {0}/ssl.key -out {0}/ssl.csr".format(selfs_tmp)) WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "{0}/ssl.key.org".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl rsa -in " "{0}/ssl.key.org -out " "{0}/ssl.key".format(selfs_tmp)) WOShellExec.cmd_exec( self, "openssl x509 -req -days " "3652 -in {0}/ssl.csr -signkey {0}" "/ssl.key -out {0}/ssl.crt".format(selfs_tmp)) except Exception as e: Log.debug(self, "{0}".format(e)) Log.error(self, "Failed to generate HTTPS " "certificate for 22222", False) if backend: WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "/var/www/22222/cert/22222.key") WOFileUtils.mvfile(self, "{0}/ssl.crt".format(selfs_tmp), "/var/www/22222/cert/22222.crt") if proftpd: WOFileUtils.mvfile(self, "{0}/ssl.key".format(selfs_tmp), "/etc/proftpd/ssl/proftpd.key") WOFileUtils.mvfile(self, "{0}/ssl.crt".format(selfs_tmp), "/etc/proftpd/ssl/proftpd.crt") # remove self-signed tmp directory WOFileUtils.rm(self, selfs_tmp)
def doupdatesite(self, pargs): pargs = self.app.pargs letsencrypt = False php73 = False php74 = False php72 = False data = dict() try: stype, cache = detSitePar(vars(pargs)) except RuntimeError as e: Log.debug(self, str(e)) Log.error(self, "Please provide valid options combination for" " site update") if stype is None and pargs.proxy: stype, cache = 'proxy', '' proxyinfo = pargs.proxy[0].strip() if not proxyinfo: Log.error(self, "Please provide proxy server host information") proxyinfo = proxyinfo.split(':') host = proxyinfo[0].strip() port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip() elif stype is None and not (pargs.proxy or pargs.letsencrypt): stype, cache = 'html', 'basic' elif stype and pargs.proxy: Log.error(self, "--proxy can not be used with other site types") if not pargs.site_name: try: while not pargs.site_name: pargs.site_name = (input('Enter site name : ').strip()) except IOError: Log.error(self, 'Unable to input site name, Please try again!') pargs.site_name = pargs.site_name.strip() wo_domain = WODomain.validate(self, pargs.site_name) wo_www_domain = "www.{0}".format(wo_domain) (wo_domain_type, wo_root_domain) = WODomain.getlevel( self, wo_domain) wo_site_webroot = WOVar.wo_webroot + wo_domain check_site = getSiteInfo(self, wo_domain) if check_site is None: Log.error(self, " Site {0} does not exist.".format(wo_domain)) else: oldsitetype = check_site.site_type oldcachetype = check_site.cache_type check_ssl = check_site.is_ssl check_php_version = check_site.php_version old_php72 = bool(check_php_version == "7.2") old_php73 = bool(check_php_version == "7.3") old_php74 = bool(check_php_version == "7.4") if ((pargs.password or pargs.hsts or pargs.ngxblocker or pargs.letsencrypt == 'renew') and not ( pargs.html or pargs.php or pargs.php72 or pargs.php73 or pargs.php74 or pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or pargs.wprocket or pargs.wpce or pargs.wpsubdir or pargs.wpsubdomain)): # update wordpress password if (pargs.password): try: updatewpuserpassword(self, wo_domain, wo_site_webroot) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nPassword Unchanged.") return 0 # setup hsts if (pargs.hsts): if pargs.hsts == "on": SSL.setuphsts(self, wo_domain, enable=True) elif pargs.hsts == "off": SSL.setuphsts(self, wo_domain, enable=False) # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error( self, "service nginx reload failed. " "check issues with `nginx -t` command") return 0 # setup ngxblocker if (pargs.ngxblocker): if pargs.ngxblocker == "on": if os.path.isdir('/etc/nginx/bots.d'): try: setupngxblocker(self, wo_domain) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nngxblocker not enabled.") else: Log.error(self, 'ngxblocker stack is not installed') elif pargs.ngxblocker == "off": try: setupngxblocker(self, wo_domain, False) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nngxblocker not enabled.") # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") return 0 # letsencryot rebew if (pargs.letsencrypt == 'renew'): if WOAcme.cert_check(self, wo_domain): if not pargs.force: if (SSL.getexpirationdays(self, wo_domain) > 30): Log.error( self, "Your cert will expire in more " "than 30 days ( " + str(SSL.getexpirationdays(self, wo_domain)) + " days).\nAdd \'--force\' to force to renew") Log.wait(self, "Renewing SSL certificate") if WOAcme.renew(self, wo_domain): Log.valide(self, "Renewing SSL certificate") else: Log.error(self, "Certificate doesn't exist") return 0 if (((stype == 'php' and oldsitetype not in ['html', 'proxy', 'php', 'php72', 'php73', 'php74']) or (stype == 'mysql' and oldsitetype not in [ 'html', 'php', 'php72', 'php73', 'php74', 'proxy']) or (stype == 'wp' and oldsitetype not in [ 'html', 'php', 'php72', 'php73', 'php74', 'mysql', 'proxy', 'wp']) or (stype == 'wpsubdir' and oldsitetype in ['wpsubdomain']) or (stype == 'wpsubdomain' and oldsitetype in ['wpsubdir']) or (stype == oldsitetype and cache == oldcachetype)) and not (pargs.php72 or pargs.php73 or pargs.php74)): Log.info(self, Log.FAIL + "can not update {0} {1} to {2} {3}". format(oldsitetype, oldcachetype, stype, cache)) return 1 if stype == 'proxy': data['site_name'] = wo_domain data['www_domain'] = wo_www_domain data['proxy'] = True data['host'] = host data['port'] = port data['webroot'] = wo_site_webroot data['currsitetype'] = oldsitetype data['currcachetype'] = oldcachetype if stype == 'php': data = dict( site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, php72=False, php73=False, php74=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot, currsitetype=oldsitetype, currcachetype=oldcachetype) elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']: data = dict( site_name=wo_domain, www_domain=wo_www_domain, static=False, basic=True, wp=False, wpfc=False, wpsc=False, wpredis=False, wprocket=False, wpce=False, multisite=False, wpsubdir=False, webroot=wo_site_webroot, wo_db_name='', wo_db_user='', wo_db_pass='', wo_db_host='', currsitetype=oldsitetype, currcachetype=oldcachetype) if stype in ['wp', 'wpsubdir', 'wpsubdomain']: data['wp'] = True data['basic'] = False data[cache] = True if stype in ['wpsubdir', 'wpsubdomain']: data['multisite'] = True if stype == 'wpsubdir': data['wpsubdir'] = True if ((pargs.php72 or pargs.php73 or pargs.php74) and (not data)): Log.debug( self, "pargs php72, or php73, or php74 enabled") data = dict( site_name=wo_domain, www_domain=wo_www_domain, currsitetype=oldsitetype, currcachetype=oldcachetype, webroot=wo_site_webroot) stype = oldsitetype cache = oldcachetype if oldsitetype == 'html' or oldsitetype == 'proxy': data['static'] = False data['wp'] = False data['multisite'] = False data['wpsubdir'] = False elif (oldsitetype == 'php' or oldsitetype == 'mysql' or oldsitetype == 'php73'or oldsitetype == 'php74'): data['static'] = False data['wp'] = False data['multisite'] = False data['wpsubdir'] = False elif oldsitetype == 'wp': data['static'] = False data['wp'] = True data['multisite'] = False data['wpsubdir'] = False elif oldsitetype == 'wpsubdir': data['static'] = False data['wp'] = True data['multisite'] = True data['wpsubdir'] = True elif oldsitetype == 'wpsubdomain': data['static'] = False data['wp'] = True data['multisite'] = True data['wpsubdir'] = False if oldcachetype == 'basic': data['basic'] = True data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpfc': data['basic'] = False data['wpfc'] = True data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpsc': data['basic'] = False data['wpfc'] = False data['wpsc'] = True data['wpredis'] = False data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wpredis': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = True data['wprocket'] = False data['wpce'] = False elif oldcachetype == 'wprocket': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = True data['wpce'] = False elif oldcachetype == 'wpce': data['basic'] = False data['wpfc'] = False data['wpsc'] = False data['wpredis'] = False data['wprocket'] = False data['wpce'] = True if pargs.php72: Log.debug(self, "pargs.php72 detected") data['php72'] = True php72 = True elif pargs.php73: Log.debug(self, "pargs.php73 detected") data['php73'] = True php73 = True elif pargs.php74: Log.debug(self, "pargs.php74 detected") data['php74'] = True php74 = True if pargs.php72: if php72 is old_php72: Log.info(self, "PHP 7.2 is already enabled for given " "site") pargs.php72 = False if pargs.php73: if php73 is old_php73: Log.info(self, "PHP 7.3 is already enabled for given " "site") pargs.php73 = False if pargs.php74: if php74 is old_php74: Log.info(self, "PHP 7.4 is already enabled for given " "site") pargs.php74 = False if (data and (not pargs.php73) and (not pargs.php74) and (not pargs.php72)): data['php72'] = bool(old_php72 is True) Log.debug(self, "data php72 = {0}".format(data['php72'])) php72 = bool(old_php72 is True) data['php73'] = bool(old_php73 is True) Log.debug(self, "data php73 = {0}".format(data['php73'])) php73 = bool(old_php73 is True) data['php74'] = bool(old_php74 is True) Log.debug(self, "data php74 = {0}".format(data['php74'])) php74 = bool(old_php74 is True) if pargs.letsencrypt: acme_domains = [] acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf', dnsalias=False, acme_alias='', keylength='') acmedata['keylength'] = self.app.config.get('letsencrypt', 'keylength') if pargs.letsencrypt == 'on': data['letsencrypt'] = True letsencrypt = True acme_subdomain = bool(wo_domain_type == 'subdomain') acme_wildcard = False elif pargs.letsencrypt == 'subdomain': data['letsencrypt'] = True letsencrypt = True acme_subdomain = True acme_wildcard = False elif pargs.letsencrypt == 'wildcard': data['letsencrypt'] = True letsencrypt = True acme_wildcard = True acme_subdomain = False acmedata['dns'] = True elif pargs.letsencrypt == 'off': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False elif pargs.letsencrypt == 'clean': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False elif pargs.letsencrypt == 'purge': data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False else: data['letsencrypt'] = False letsencrypt = False acme_subdomain = False acme_wildcard = False if not (acme_subdomain is True): if letsencrypt is check_ssl: if letsencrypt is False: Log.error(self, "SSL is not configured for given " "site") elif letsencrypt is True: Log.error(self, "SSL is already configured for given " "site") pargs.letsencrypt = False if pargs.all and pargs.letsencrypt == "off": if letsencrypt is check_ssl: if letsencrypt is False: Log.error(self, "HTTPS is not configured for given " "site", False) return 0 if pargs.wpredis and data['currcachetype'] != 'wpredis': data['wpredis'] = True data['basic'] = False cache = 'wpredis' if pargs.wprocket and data['currcachetype'] != 'wprocket': data['wprocket'] = True data['basic'] = False cache = 'wprocket' if pargs.wpce and data['currcachetype'] != 'wpce': data['wpce'] = True data['basic'] = False cache = 'wpce' if ((php73 is old_php73) and (php72 is old_php72) and (php74 is old_php74) and (stype == oldsitetype and cache == oldcachetype)): Log.debug(self, "Nothing to update") return 1 if php73 is True: data['wo_php'] = 'php73' check_php_version = '7.3' elif php74 is True: data['wo_php'] = 'php74' check_php_version = '7.4' elif php72 is True: data['wo_php'] = 'php72' check_php_version = '7.2' else: data['wo_php'] = 'php72' check_php_version = '7.2' if pargs.hsts: data['hsts'] = bool(pargs.hsts == "on") if pargs.ngxblocker: ngxblocker = bool(pargs.ngxblocker == 'on') if not data: Log.error(self, "Cannot update {0}, Invalid Options" .format(wo_domain)) wo_auth = site_package_check(self, stype) data['wo_db_name'] = check_site.db_name data['wo_db_user'] = check_site.db_user data['wo_db_pass'] = check_site.db_password data['wo_db_host'] = check_site.db_host if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker): try: pre_run_checks(self) except SiteError as e: Log.debug(self, str(e)) Log.error(self, "NGINX configuration check failed.") try: sitebackup(self, data) except Exception as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # setup NGINX configuration, and webroot try: setupdomain(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" "`tail /var/log/wo/wordops.log` and please try again") return 1 if 'proxy' in data.keys() and data['proxy']: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=(bool(check_site.is_ssl))) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 if pargs.letsencrypt: if data['letsencrypt'] is True: # DNS API configuration if pargs.dns: Log.debug(self, "DNS validation enabled") acmedata['dns'] = True if not pargs.dns == 'dns_cf': Log.debug(self, "DNS API : {0}".format(pargs.dns)) acmedata['acme_dns'] = pargs.dns if pargs.dnsalias: Log.debug(self, "DNS Alias enabled") acmedata['dnsalias'] = True acmedata['acme_alias'] = pargs.dnsalias # Set list of domains to secure if acme_subdomain is True: Log.info(self, "Certificate type : subdomain") acme_domains = acme_domains + [ '{0}'.format(wo_domain)] elif acme_wildcard is True: Log.info(self, "Certificate type : wildcard") acme_domains = acme_domains + [ '{0}'.format(wo_domain), '*.{0}'.format(wo_domain)] else: Log.info(self, "Certificate type : domain") acme_domains = acme_domains + [ '{0}'.format(wo_domain), 'www.{0}'.format(wo_domain)] if WOAcme.cert_check(self, wo_domain): SSL.archivedcertificatehandle( self, wo_domain, acme_domains) else: if acme_subdomain: Log.debug(self, "checkWildcardExist on *.{0}" .format(wo_root_domain)) if SSL.checkwildcardexist(self, wo_root_domain): Log.info( self, "Using existing Wildcard SSL " "certificate from {0} to secure {1}" .format(wo_root_domain, wo_domain)) Log.debug( self, "symlink wildcard " "cert between {0} & {1}" .format(wo_domain, wo_root_domain)) # copy the cert from the root domain copyWildcardCert(self, wo_domain, wo_root_domain) else: # check DNS records before issuing cert if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error( self, "Aborting SSL certificate " "issuance") Log.debug( self, "Setup Cert with acme.sh for {0}" .format(wo_domain)) if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error( self, "Unable to issue certificate") else: # check DNS records before issuing cert if not acmedata['dns'] is True: if not pargs.force: if not WOAcme.check_dns(self, acme_domains): Log.error( self, "Aborting SSL " "certificate issuance") if WOAcme.setupletsencrypt( self, acme_domains, acmedata): WOAcme.deploycert(self, wo_domain) else: Log.error(self, "Unable to issue certificate") SSL.httpsredirect( self, wo_domain, acme_domains, redirect=True) SSL.siteurlhttps(self, wo_domain) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") Log.info(self, "Congratulations! Successfully " "Configured SSL on https://{0}".format(wo_domain)) if (SSL.getexpirationdays(self, wo_domain) > 0): Log.info(self, "Your cert will expire within " + str(SSL.getexpirationdays(self, wo_domain)) + " days.") else: Log.warn( self, "Your cert already EXPIRED ! " ".PLEASE renew soon . ") elif data['letsencrypt'] is False: if pargs.letsencrypt == "off": if os.path.islink("{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)): WOFileUtils.remove_symlink(self, "{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)) elif os.path.isfile("{0}/conf/nginx/ssl.conf" .format(wo_site_webroot)): Log.info(self, 'Setting Nginx configuration') WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf" .format(wo_site_webroot), '{0}/conf/nginx/ssl.conf.disabled' .format(wo_site_webroot)) SSL.httpsredirect( self, wo_domain, acmedata, redirect=False) if os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" .format(wo_site_webroot), '{0}/conf/nginx/' 'hsts.conf.disabled' .format(wo_site_webroot)) # find all broken symlinks sympath = "/var/www" WOFileUtils.findBrokenSymlink(self, sympath) elif (pargs.letsencrypt == "clean" or pargs.letsencrypt == "purge"): WOAcme.removeconf(self, wo_domain) # find all broken symlinks sympath = "/var/www" WOFileUtils.findBrokenSymlink(self, sympath) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") # Log.info(self,"Removing Cron Job set for cert # auto-renewal") WOCron.remove_cron(self,'wo site # update {0} --le=renew --min_expiry_limit 30 # 2> \/dev\/null'.format(wo_domain)) Log.info(self, "Successfully Disabled SSl for Site " " http://{0}".format(wo_domain)) # Add nginx conf folder into GIT WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)], msg="Adding letsencrypts config of site: {0}" .format(wo_domain)) updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 if pargs.hsts: if data['hsts'] is True: if os.path.isfile(("{0}/conf/nginx/ssl.conf") .format(wo_site_webroot)): if not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): SSL.setuphsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " "site") if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, "HTTPS is not configured for given " "site") elif data['hsts'] is False: if os.path.isfile(("{0}/conf/nginx/hsts.conf") .format(wo_site_webroot)): WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf" .format(wo_site_webroot), '{0}/conf/nginx/hsts.conf.disabled' .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") else: Log.error(self, "HSTS is not configured for given " "site") if pargs.ngxblocker: if ngxblocker is True: setupngxblocker(self, wo_domain) elif ngxblocker is False: if os.path.isfile("{0}/conf/nginx/ngxblocker.conf" .format(wo_site_webroot)): WOFileUtils.mvfile( self, "{0}/conf/nginx/ngxblocker.conf" .format(wo_site_webroot), "{0}/conf/nginx/ngxblocker.conf.disabled" .format(wo_site_webroot)) # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") if stype == oldsitetype and cache == oldcachetype: # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=(bool(check_site.is_ssl)), php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0 # if data['wo_db_name'] and not data['wp']: if 'wo_db_name' in data.keys() and not data['wp']: try: data = setupdatabase(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" "`tail /var/log/wo/wordops.log` and please try again") return 1 try: wodbconfig = open("{0}/wo-config.php".format(wo_site_webroot), encoding='utf-8', mode='w') wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');" "\ndefine('DB_USER', '{1}'); " "\ndefine('DB_PASSWORD', '{2}');" "\ndefine('DB_HOST', '{3}');\n?>" .format(data['wo_db_name'], data['wo_db_user'], data['wo_db_pass'], data['wo_db_host'])) wodbconfig.close() except IOError as e: Log.debug(self, str(e)) Log.debug(self, "creating wo-config.php failed.") Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Setup WordPress if old sites are html/php/mysql sites if data['wp'] and oldsitetype in ['html', 'proxy', 'php', 'php72', 'mysql', 'php73', 'php74']: try: wo_wp_creds = setupwordpress(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Uninstall unnecessary plugins if oldsitetype in ['wp', 'wpsubdir', 'wpsubdomain']: # Setup WordPress Network if update option is multisite # and oldsite is WordPress single site if data['multisite'] and oldsitetype == 'wp': try: setupwordpressnetwork(self, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpredis', 'wprocket', 'wpce'] and (data['wpfc'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpfc'])): try: plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 1, "enable_map": "0", "enable_log": 0, "enable_stamp": 1, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_fastcgi", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 elif ((oldcachetype in ['wpsc', 'basic', 'wpfc', 'wprocket', 'wpce'] and (data['wpredis'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpredis'])): try: plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 1, "enable_map": "0", "enable_log": 0, "enable_stamp": 1, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_redis", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 else: try: # disable nginx-helper plugin_data_object = { "log_level": "INFO", "log_filesize": 5, "enable_purge": 0, "enable_map": 0, "enable_log": 0, "enable_stamp": 0, "purge_homepage_on_new": 1, "purge_homepage_on_edit": 1, "purge_homepage_on_del": 1, "purge_archive_on_new": 1, "purge_archive_on_edit": 0, "purge_archive_on_del": 0, "purge_archive_on_new_comment": 0, "purge_archive_on_deleted_comment": 0, "purge_page_on_mod": 1, "purge_page_on_new_comment": 1, "purge_page_on_deleted_comment": 1, "cache_method": "enable_redis", "purge_method": "get_request", "redis_hostname": "127.0.0.1", "redis_port": "6379", "redis_prefix": "nginx-cache:"} plugin_data = json.dumps(plugin_data_object) setupwp_plugin( self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update nginx-helper " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if ((oldcachetype in ['wpsc', 'basic', 'wpfc', 'wprocket', 'wpredis'] and (data['wpce'])) or (oldsitetype == 'wp' and data['multisite'] and data['wpce'])): try: installwp_plugin(self, 'cache-enabler', data) # setup cache-enabler plugin_data_object = { "expires": 24, "new_post": 1, "new_comment": 0, "webp": 0, "clear_on_upgrade": 1, "compress": 0, "excl_ids": "", "excl_regexp": "", "excl_cookies": "", "incl_attributes": "", "minify_html": 1} plugin_data = json.dumps(plugin_data_object) setupwp_plugin(self, 'cache-enabler', 'cache-enabler', plugin_data, data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update cache-enabler " "settings failed. " "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype == 'wpsc' and not data['wpsc']: try: uninstallwp_plugin(self, 'wp-super-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype == 'wpredis' and not data['wpredis']: try: uninstallwp_plugin(self, 'redis-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details:" " `tail /var/log/wo/wordops.log` " "and please try again") return 1 if oldcachetype != 'wpsc' and data['wpsc']: try: installwp_plugin(self, 'wp-super-cache', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if oldcachetype == 'wprocket' and not data['wprocket']: try: uninstallwp_plugin(self, 'wp-rocket', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if oldcachetype == 'wpce' and not data['wpce']: try: uninstallwp_plugin(self, 'cache-enabler', data) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 # Service Nginx Reload if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " "check issues with `nginx -t` command") WOGit.add(self, ["/etc/nginx"], msg="{0} updated with {1} {2}" .format(wo_www_domain, stype, cache)) # Setup Permissions for webroot try: setwebrootpermissions(self, data['webroot']) except SiteError as e: Log.debug(self, str(e)) Log.info(self, Log.FAIL + "Update site failed." "Check the log for details: " "`tail /var/log/wo/wordops.log` and please try again") return 1 if wo_auth and len(wo_auth): for msg in wo_auth: Log.info(self, Log.ENDC + msg) display_cache_settings(self, data) if data['wp'] and oldsitetype in ['html', 'php', 'mysql']: Log.info(self, "\n\n" + Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user'])) Log.info(self, Log.ENDC + "WordPress admin password : {0}" .format(wo_wp_creds['wp_pass']) + "\n\n") if oldsitetype in ['html', 'php'] and stype != 'php': updateSiteInfo(self, wo_domain, stype=stype, cache=cache, db_name=data['wo_db_name'], db_user=data['wo_db_user'], db_password=data['wo_db_pass'], db_host=data['wo_db_host'], ssl=bool(check_site.is_ssl), php_version=check_php_version) else: updateSiteInfo(self, wo_domain, stype=stype, cache=cache, ssl=bool(check_site.is_ssl), php_version=check_php_version) Log.info(self, "Successfully updated site" " http://{0}".format(wo_domain)) return 0
def purge(self): """Start purging of packages""" apt_packages = [] packages = [] pargs = self.app.pargs # Default action for stack purge if ((not pargs.web) and (not pargs.admin) and (not pargs.nginx) and (not pargs.php) and (not pargs.mysql) and (not pargs.wpcli) and (not pargs.phpmyadmin) and (not pargs.composer) and (not pargs.netdata) and (not pargs.dashboard) and (not pargs.fail2ban) and (not pargs.security) and (not pargs.mysqlclient) and (not pargs.mysqltuner) and (not pargs.adminer) and (not pargs.utils) and (not pargs.redis) and (not pargs.proftpd) and (not pargs.extplorer) and (not pargs.clamav) and (not pargs.cheat) and (not pargs.nanorc) and (not pargs.ufw) and (not pargs.ngxblocker) and (not pargs.phpredisadmin) and (not pargs.sendmail) and (not pargs.php73)): self.app.args.print_help() if pargs.all: pargs.web = True pargs.admin = True pargs.php73 = True pargs.fail2ban = True pargs.proftpd = True pargs.utils = True pargs.redis = True packages = packages + ['/var/www/22222/htdocs'] if pargs.web: pargs.nginx = True pargs.php = True pargs.mysql = True pargs.wpcli = True pargs.sendmail = True if pargs.admin: pargs.utils = True pargs.composer = True pargs.netdata = True pargs.mysqltuner = True pargs.cheat = True if pargs.security: pargs.fail2ban = True pargs.clamav = True pargs.ufw = True pargs.ngxblocker = True # NGINX if pargs.nginx: if WOAptGet.is_installed(self, 'nginx-custom'): Log.debug(self, "Add Nginx to apt_packages list") apt_packages = apt_packages + WOVar.wo_nginx else: Log.info(self, "Nginx is not installed") # PHP if pargs.php: Log.debug(self, "Add PHP to apt_packages list") if WOAptGet.is_installed(self, 'php7.2-fpm'): if not (WOAptGet.is_installed(self, 'php7.3-fpm')): apt_packages = apt_packages + WOVar.wo_php + \ WOVar.wo_php_extra else: apt_packages = apt_packages + WOVar.wo_php # PHP 7.3 if pargs.php73: Log.debug(self, "Removing apt_packages variable of PHP 7.3") if WOAptGet.is_installed(self, 'php7.3-fpm'): if not (WOAptGet.is_installed(self, 'php7.2-fpm')): apt_packages = apt_packages + WOVar.wo_php73 + \ WOVar.wo_php_extra else: apt_packages = apt_packages + WOVar.wo_php73 # REDIS if pargs.redis: if WOAptGet.is_installed(self, 'redis-server'): Log.debug(self, "Remove apt_packages variable of Redis") apt_packages = apt_packages + ["redis-server"] else: Log.info(self, "Redis is not installed") # MariaDB if pargs.mysql: if WOAptGet.is_installed(self, 'mariadb-server'): Log.debug(self, "Add MySQL to apt_packages list") apt_packages = apt_packages + [ 'mariadb-server', 'mysql-common', 'mariadb-client' ] packages = packages + ['/etc/mysql', '/var/lib/mysql'] else: Log.info(self, "MariaDB is not installed") # mysqlclient if pargs.mysqlclient: if WOShellExec.cmd_exec(self, "mysqladmin ping"): Log.debug(self, "Add MySQL client to apt_packages list") apt_packages = apt_packages + WOVar.wo_mysql_client # fail2ban if pargs.fail2ban: if WOAptGet.is_installed(self, 'fail2ban'): Log.debug(self, "Add Fail2ban to apt_packages list") apt_packages = apt_packages + WOVar.wo_fail2ban # ClamAV if pargs.clamav: if WOAptGet.is_installed(self, 'clamav'): Log.debug(self, "Add ClamAV to apt_packages list") apt_packages = apt_packages + WOVar.wo_clamav # UFW if pargs.ufw: if WOAptGet.is_installed(self, 'ufw'): Log.debug(self, "Add UFW to apt_packages list") WOShellExec.cmd_exec(self, 'ufw disable && ufw --force reset') # sendmail if pargs.sendmail: if WOAptGet.is_installed(self, 'sendmail'): Log.debug(self, "Add sendmail to apt_packages list") apt_packages = apt_packages + ["sendmail"] # proftpd if pargs.proftpd: if WOAptGet.is_installed(self, 'proftpd-basic'): Log.debug(self, "Add Proftpd to apt_packages list") apt_packages = apt_packages + ["proftpd-basic"] # nanorc if pargs.nanorc: if os.path.exists('/usr/share/nano-syntax-highlighting'): Log.debug(self, "Add nano to apt_packages list") packages = packages + \ ["/usr/share/nano-syntax-highlighting"] # WP-CLI if pargs.wpcli: if os.path.isfile('/usr/local/bin/wp'): Log.debug(self, "Purge package variable WPCLI") packages = packages + ['/usr/local/bin/wp'] # PHPMYADMIN if pargs.phpmyadmin: if os.path.isdir('{0}22222/htdocs/db/pma'.format( WOVar.wo_webroot)): Log.debug(self, "Removing package of phpMyAdmin ") packages = packages + [ '{0}22222/htdocs/db/pma'.format(WOVar.wo_webroot) ] # Composer if pargs.composer: if os.path.isfile('/usr/local/bin/composer'): Log.debug(self, "Removing package variable of Composer ") packages = packages + ['/usr/local/bin/composer'] # MySQLTuner if pargs.mysqltuner: if os.path.isfile('/usr/bin/mysqltuner'): Log.debug(self, "Removing packages for MySQLTuner ") packages = packages + ['/usr/bin/mysqltuner'] # cheat.sh if pargs.cheat: if os.path.isfile('/usr/local/bin/cht.sh'): Log.debug(self, "Removing packages for cheat.sh ") packages = packages + [ '/usr/local/bin/cht.sh', '/usr/local/bin/cheat', '/etc/bash_completion.d/cht.sh' ] # PHPREDISADMIN if pargs.phpredisadmin: Log.debug(self, "Removing package variable of phpRedisAdmin ") if os.path.isdir('{0}22222/htdocs/cache/redis'.format( WOVar.wo_webroot)): packages = packages + [ '{0}22222/htdocs/' 'cache/redis'.format(WOVar.wo_webroot) ] # ADMINER if pargs.adminer: if os.path.isdir('{0}22222/htdocs/db/adminer'.format( WOVar.wo_webroot)): Log.debug(self, "Removing package variable of Adminer ") packages = packages + [ '{0}22222/htdocs/db/adminer'.format(WOVar.wo_webroot) ] # utils if pargs.utils: Log.debug(self, "Purge package variable utils") packages = packages + [ '{0}22222/htdocs/php/webgrind/'.format( WOVar.wo_webroot), '{0}22222/htdocs/cache/opcache'.format( WOVar.wo_webroot), '{0}22222/htdocs/cache/nginx/' 'clean.php'.format( WOVar.wo_webroot), '/usr/bin/pt-query-advisor', '{0}22222/htdocs/db/anemometer'.format(WOVar.wo_webroot) ] if pargs.netdata: Log.debug(self, "Removing Netdata") if os.path.isfile('/opt/netdata/usr/' 'libexec/netdata/netdata-uninstaller.sh'): packages = packages + ['/var/lib/wo/tmp/kickstart.sh'] # wordops dashboard if pargs.dashboard: Log.debug(self, "Removing Wo-Dashboard") packages = packages + [ '{0}22222/htdocs/assets/'.format(WOVar.wo_webroot), '{0}22222/htdocs/index.php'.format(WOVar.wo_webroot) ] # ngxblocker if pargs.ngxblocker: if os.path.isfile('/usr/local/sbin/setup-ngxblocker'): packages = packages + [ '/usr/local/sbin/setup-ngxblocker', '/usr/local/sbin/install-ngxblocker', '/usr/local/sbin/update-ngxblocker', '/etc/nginx/conf.d/globalblacklist.conf', '/etc/nginx/conf.d/botblocker-nginx-settings.conf', '/etc/nginx/bots.d' ] if (packages) or (apt_packages): if (not pargs.force): start_purge = input('Are you sure you to want to' ' purge stacks from this server ?' '\nPackage configuration and data ' 'will not remain' ' on this server after this operation.\n' 'Purge stacks [y/N]') if start_purge != "Y" and start_purge != "y": Log.error(self, "Not starting stack purge") if (set(["nginx-custom"]).issubset(set(apt_packages))): WOService.stop_service(self, 'nginx') if (set(["fail2ban"]).issubset(set(apt_packages))): WOService.stop_service(self, 'fail2ban') if (set(["mariadb-server"]).issubset(set(apt_packages))): if (os.path.isfile('/usr/bin/mysql') and os.path.isdir('/var/lib/mysql')): WOMysql.backupAll(self) WOService.stop_service(self, 'mysql') # Netdata uninstaller if (set(['/var/lib/wo/tmp/' 'kickstart.sh']).issubset(set(packages))): if WOVar.wo_distro == 'Raspbian': WOShellExec.cmd_exec(self, "bash /usr/" "libexec/netdata/netdata-" "uninstaller.sh -y -f", errormsg='', log=False) else: WOShellExec.cmd_exec( self, "bash /opt/netdata/usr/" "libexec/netdata/netdata-" "uninstaller.sh -y -f") if (apt_packages): Log.wait(self, "Purging APT Packages ") WOAptGet.remove(self, apt_packages, purge=True) WOAptGet.auto_remove(self) Log.valide(self, "Purging APT Packages ") if (packages): Log.wait(self, "Purging Packages ") WOFileUtils.remove(self, packages) Log.valide(self, "Purging Packages ") if '/usr/share/nano-syntax-highlighting' in packages: # removing include line from nanorc WOShellExec.cmd_exec( self, 'grep -v "nano-syntax-highlighting" ' '/etc/nanorc > /etc/nanorc.new') WOFileUtils.rm(self, '/etc/nanorc') WOFileUtils.mvfile(self, '/etc/nanorc.new', '/etc/nanorc') Log.info(self, "Successfully purged packages")