def secure_port(self):
"""This function Secures port"""
WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
pargs = self.app.pargs
if pargs.user_input:
while ((not pargs.user_input.isdigit())
and (not pargs.user_input < 65536)):
Log.info(self, "Please enter a valid port number ")
pargs.user_input = input("WordOps " "admin port [22222]:")
else:
port = input("WordOps admin port [22222]:")
if port == "":
port = 22222
while ((not port.isdigit()) and (not port != "")
and (not port < 65536)):
Log.info(self, "Please Enter valid port number :")
port = input("WordOps admin port [22222]:")
pargs.user_input = port
WOShellExec.cmd_exec(
self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl http2;/\" "
"/etc/nginx/sites-available/22222".format(port=pargs.user_input))
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure port into Git")
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(
self,
"Successfully port changed {port}".format(port=pargs.user_input))
def secure_ip(self):
"""IP whitelisting"""
WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
pargs = self.app.pargs
if not pargs.user_input:
ip = input("Enter the comma separated IP addresses "
"to white list [127.0.0.1]:")
pargs.user_input = ip
try:
user_ip = pargs.user_input.split(',')
except Exception as e:
Log.debug(self, "{0}".format(e))
user_ip = ['127.0.0.1']
for ip_addr in user_ip:
if not ("exist_ip_address " + ip_addr in open('/etc/nginx/common/'
'acl.conf').read()):
WOShellExec.cmd_exec(
self, "sed -i "
"\"/deny/i allow {whitelist_address}\;\""
" /etc/nginx/common/acl.conf".format(
whitelist_address=ip_addr))
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure ip into Git")
Log.info(self, "Successfully added IP address in acl.conf file")
def secure_auth(self):
"""This function secures authentication"""
WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
pargs = self.app.pargs
passwd = RANDOM.long(self)
if not pargs.user_input:
username = input("Provide HTTP authentication user "
"name [{0}] :".format(WOVar.wo_user))
pargs.user_input = username
if username == "":
pargs.user_input = WOVar.wo_user
if not pargs.user_pass:
password = getpass.getpass("Provide HTTP authentication "
"password [{0}] :".format(passwd))
pargs.user_pass = password
if password == "":
pargs.user_pass = passwd
Log.debug(
self, "printf username:"******"$(openssl passwd -crypt "
"password 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null")
WOShellExec.cmd_exec(self,
"printf \"{username}:"
"$(openssl passwd -crypt "
"{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null".format(
username=pargs.user_input,
password=pargs.user_pass),
log=False)
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure auth into Git")
def secure_auth(self):
"""This function secures authentication"""
passwd = ''.join([
random.choice(string.ascii_letters + string.digits)
for n in range(16)
])
if not self.app.pargs.user_input:
username = input("Provide HTTP authentication user "
"name [{0}] :".format(WOVariables.wo_user))
self.app.pargs.user_input = username
if username == "":
self.app.pargs.user_input = WOVariables.wo_user
if not self.app.pargs.user_pass:
password = getpass.getpass("Provide HTTP authentication "
"password [{0}] :".format(passwd))
self.app.pargs.user_pass = password
if password == "":
self.app.pargs.user_pass = passwd
Log.debug(
self, "printf username:"******"$(openssl passwd -crypt "
"password 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null")
WOShellExec.cmd_exec(self,
"printf \"{username}:"
"$(openssl passwd -crypt "
"{password} 2> /dev/null)\n\""
"> /etc/nginx/htpasswd-wo 2>/dev/null".format(
username=self.app.pargs.user_input,
password=self.app.pargs.user_pass),
log=False)
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure auth into Git")
def enable(self):
pargs = self.app.pargs
if not pargs.site_name:
try:
while not pargs.site_name:
pargs.site_name = (input('Enter site name : ').strip())
except IOError as e:
Log.debug(self, str(e))
Log.error(self, 'could not input site name')
pargs.site_name = pargs.site_name.strip()
# validate domain name
wo_domain = WODomain.validate(self, pargs.site_name)
# check if site exists
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)):
Log.info(self, "Enable domain {0:10} \t".format(wo_domain), end='')
WOFileUtils.create_symlink(self, [
'/etc/nginx/sites-available/{0}'.format(wo_domain),
'/etc/nginx/sites-enabled/{0}'.format(wo_domain)
])
WOGit.add(self, ["/etc/nginx"],
msg="Enabled {0} ".format(wo_domain))
updateSiteInfo(self, wo_domain, enabled=True)
Log.info(self, "[" + Log.ENDC + "OK" + Log.OKBLUE + "]")
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
else:
Log.error(self, 'nginx configuration file does not exist')
def secure_port(self):
"""This function Secures port"""
WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
pargs = self.app.pargs
if pargs.user_input:
while ((not pargs.user_input.isdigit())
and (not pargs.user_input < 65536)):
Log.info(self, "Please enter a valid port number ")
pargs.user_input = input("WordOps " "admin port [22222]:")
else:
port = input("WordOps admin port [22222]:")
if port == "":
port = 22222
while ((not port.isdigit()) and (not port != "")
and (not port < 65536)):
Log.info(self, "Please Enter valid port number :")
port = input("WordOps admin port [22222]:")
pargs.user_input = port
data = dict(release=WOVar.wo_version,
port=pargs.user_input,
webroot='/var/www/')
WOTemplate.deploy(self, '/etc/nginx/sites-available/22222',
'22222.mustache', data)
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure port into Git")
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(
self,
"Successfully port changed {port}".format(port=pargs.user_input))
def default(self):
pargs = self.app.pargs
if not pargs.site_name:
try:
while not pargs.site_name:
pargs.site_name = (input('Enter site name : ').strip())
except IOError as e:
Log.debug(self, str(e))
Log.error(self, 'Unable to read input, Please try again')
pargs.site_name = pargs.site_name.strip()
wo_domain = WODomain.validate(self, pargs.site_name)
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)):
try:
WOShellExec.invoke_editor(
self, '/etc/nginx/sites-availa'
'ble/{0}'.format(wo_domain))
except CommandExecutionError as e:
Log.debug(self, str(e))
Log.error(self, "Failed invoke editor")
if (WOGit.checkfilestatus(
self, "/etc/nginx",
'/etc/nginx/sites-available/{0}'.format(wo_domain))):
WOGit.add(self, ["/etc/nginx"],
msg="Edit website: {0}".format(wo_domain))
# Reload NGINX
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
else:
Log.error(self, "nginx configuration file does not exists")
def deploycert(self, wo_domain_name):
"""Deploy Let's Encrypt certificates with acme.sh"""
if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'.
format(wo_domain_name)):
Log.error(self, 'Certificate not found. Deployment canceled')
Log.debug(self,
"Cert deployment for domain: {0}".format(wo_domain_name))
try:
Log.wait(self, "Deploying SSL cert")
if WOShellExec.cmd_exec(
self,
"mkdir -p {0}/{1} && {2} --install-cert -d {1} --ecc "
"--cert-file {0}/{1}/cert.pem --key-file {0}/{1}/key.pem "
"--fullchain-file {0}/{1}/fullchain.pem "
"--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && "
"service nginx restart\" ".format(WOVar.wo_ssl_live,
wo_domain_name,
WOAcme.wo_acme_exec)):
Log.valide(self, "Deploying SSL cert")
else:
Log.failed(self, "Deploying SSL cert")
Log.error(self, "Unable to deploy certificate")
if os.path.isdir('/var/www/{0}/conf/nginx'.format(wo_domain_name)):
sslconf = open(
"/var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name),
encoding='utf-8',
mode='w')
sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n".format(
WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with current cert")
sslconf = open("/var/www/22222/conf/nginx/ssl.conf",
encoding='utf-8',
mode='w')
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n".format(
WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "Error occured while generating " "ssl.conf")
return 0
def check_acme(self):
"""
Check if acme.sh is properly installed,
and install it if required
"""
if not os.path.exists('/etc/letsencrypt/acme.sh'):
if os.path.exists('/opt/acme.sh'):
WOFileUtils.rm(self, '/opt/acme.sh')
WOGit.clone(
self, 'https://github.com/Neilpang/acme.sh.git',
'/opt/acme.sh', branch='master')
WOFileUtils.mkdir(self, '/etc/letsencrypt/config')
WOFileUtils.mkdir(self, '/etc/letsencrypt/renewal')
WOFileUtils.mkdir(self, '/etc/letsencrypt/live')
try:
WOFileUtils.chdir(self, '/opt/acme.sh')
WOShellExec.cmd_exec(
self, './acme.sh --install --home /etc/letsencrypt'
'--config-home /etc/letsencrypt/config'
'--cert-home /etc/letsencrypt/renewal'
)
WOShellExec.cmd_exec(
self, "{0} --upgrade --auto-upgrade"
.format(WOAcme.wo_acme_exec)
)
except CommandExecutionError as e:
Log.debug(self, str(e))
Log.error(self, "acme.sh installation failed")
if not os.path.exists('/etc/letsencrypt/acme.sh'):
Log.error(self, 'acme.sh ')
def secure_ssh_port(self):
"""Change SSH port"""
WOGit.add(self, ["/etc/ssh"],
msg="Adding changed SSH port into Git")
pargs = self.app.pargs
if pargs.user_input:
while ((not pargs.user_input.isdigit()) and
(not pargs.user_input < 65536)):
Log.info(self, "Please enter a valid port number ")
pargs.user_input = input("Server "
"SSH port [22]:")
if not pargs.user_input:
port = input("Server SSH port [22]:")
if port == "":
port = 22
while (not port.isdigit()) and (port != "") and (not port < 65536):
Log.info(self, "Please Enter valid port number :")
port = input("Server SSH port [22]:")
pargs.user_input = port
if WOFileUtils.grepcheck(self, '/etc/ssh/sshd_config', '#Port'):
WOShellExec.cmd_exec(self, "sed -i \"s/#Port.*/Port "
"{port}/\" /etc/ssh/sshd_config"
.format(port=pargs.user_input))
else:
WOShellExec.cmd_exec(self, "sed -i \"s/Port.*/Port "
"{port}/\" /etc/ssh/sshd_config"
.format(port=pargs.user_input))
# allow new ssh port if ufw is enabled
if os.path.isfile('/etc/ufw/ufw.conf'):
# add rule for proftpd with UFW
if WOFileUtils.grepcheck(
self, '/etc/ufw/ufw.conf', 'ENABLED=yes'):
try:
WOShellExec.cmd_exec(
self, 'ufw limit {0}'.format(pargs.user_input))
WOShellExec.cmd_exec(
self, 'ufw reload')
except Exception as e:
Log.debug(self, "{0}".format(e))
Log.error(self, "Unable to add UFW rule")
# add ssh into git
WOGit.add(self, ["/etc/ssh"],
msg="Adding changed SSH port into Git")
# restart ssh service
if not WOService.restart_service(self, 'ssh'):
Log.error(self, "service SSH restart failed.")
Log.info(self, "Successfully changed SSH port to {port}"
.format(port=pargs.user_input))
def secure_ssh(self):
"""Harden ssh security"""
pargs = self.app.pargs
if not pargs.force and not pargs.allowpassword:
start_secure = input('Are you sure you to want to'
' harden SSH security ?'
'\nSSH login with password will not '
'be possible anymore. Please make sure '
'you are already using SSH Keys.\n'
'Harden SSH security [y/N]')
if start_secure != "Y" and start_secure != "y":
Log.error(self, "Not hardening SSH security")
if os.path.exists('/etc/ssh'):
WOGit.add(self, ["/etc/ssh"], msg="Adding SSH into Git")
Log.debug(self, "check if /etc/ssh/sshd_config exist")
if os.path.isfile('/etc/ssh/sshd_config'):
Log.debug(self, "looking for the current ssh port")
for line in open('/etc/ssh/sshd_config', encoding='utf-8'):
if 'Port' in line:
ssh_line = line.strip()
break
port = (ssh_line).split(' ')
current_ssh_port = (port[1]).strip()
if os.getenv('SUDO_USER'):
sudo_user = os.getenv('SUDO_USER')
else:
sudo_user = ''
if pargs.allowpassword:
wo_allowpassword = '******'
else:
wo_allowpassword = '******'
data = dict(sshport=current_ssh_port,
allowpass=wo_allowpassword,
user=sudo_user)
WOTemplate.deploy(self, '/etc/ssh/sshd_config', 'sshd.mustache',
data)
WOGit.add(self, ["/etc/ssh"],
msg="Adding changed SSH port into Git")
if not WOService.restart_service(self, 'ssh'):
Log.error(self, "service SSH restart failed.")
Log.info(self, "Successfully harden SSH security")
else:
Log.error(self, "SSH config file not found")
def secure_port(self):
"""This function Secures port"""
if self.app.pargs.user_input:
while not self.app.pargs.user_input.isdigit():
Log.info(self, "Please enter a valid port number ")
self.app.pargs.user_input = input("WordOps "
"admin port [22222]:")
if not self.app.pargs.user_input:
port = input("WordOps admin port [22222]:")
if port == "":
self.app.pargs.user_input = 22222
while not port.isdigit() and port != "":
Log.info(self, "Please Enter valid port number :")
port = input("WordOps admin port [22222]:")
self.app.pargs.user_input = port
if WOVariables.wo_platform_distro == 'ubuntu':
WOShellExec.cmd_exec(
self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl http2;/\" "
"/etc/nginx/sites-available/22222".format(
port=self.app.pargs.user_input))
if WOVariables.wo_platform_distro == 'debian':
WOShellExec.cmd_exec(
self, "sed -i \"s/listen.*/listen "
"{port} default_server ssl http2;/\" "
"/etc/nginx/sites-available/22222".format(
port=self.app.pargs.user_input))
WOGit.add(self, ["/etc/nginx"],
msg="Adding changed secure port into Git")
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(
self, "Successfully port changed {port}".format(
port=self.app.pargs.user_input))
def default(self):
pargs = self.app.pargs
# self.app.render((data), 'default.mustache')
# Check domain name validation
data = dict()
host, port = None, None
try:
stype, cache = detSitePar(vars(pargs))
except RuntimeError as e:
Log.debug(self, str(e))
Log.error(self, "Please provide valid options to creating site")
if stype is None and pargs.proxy:
stype, cache = 'proxy', ''
proxyinfo = pargs.proxy[0].strip()
if not proxyinfo:
Log.error(self, "Please provide proxy server host information")
proxyinfo = proxyinfo.split(':')
host = proxyinfo[0].strip()
port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip()
elif stype is None and not pargs.proxy:
stype, cache = 'html', 'basic'
elif stype and pargs.proxy:
Log.error(self, "proxy should not be used with other site types")
if not pargs.site_name:
try:
while not pargs.site_name:
# preprocessing before finalize site name
pargs.site_name = (input('Enter site name : ').strip())
except IOError as e:
Log.debug(self, str(e))
Log.error(self, "Unable to input site name, Please try again!")
pargs.site_name = pargs.site_name.strip()
wo_domain = WODomain.validate(self, pargs.site_name)
wo_www_domain = "www.{0}".format(wo_domain)
(wo_domain_type, wo_root_domain) = WODomain.getlevel(self, wo_domain)
if not wo_domain.strip():
Log.error(self, "Invalid domain name, "
"Provide valid domain name")
wo_site_webroot = WOVar.wo_webroot + wo_domain
if check_domain_exists(self, wo_domain):
Log.error(self, "site {0} already exists".format(wo_domain))
elif os.path.isfile(
'/etc/nginx/sites-available/{0}'.format(wo_domain)):
Log.error(
self, "Nginx configuration /etc/nginx/sites-available/"
"{0} already exists".format(wo_domain))
if stype == 'proxy':
data = dict(site_name=wo_domain,
www_domain=wo_www_domain,
static=True,
basic=False,
wp=False,
wpfc=False,
wpsc=False,
wprocket=False,
wpce=False,
multisite=False,
wpsubdir=False,
webroot=wo_site_webroot)
data['proxy'] = True
data['host'] = host
data['port'] = port
data['basic'] = True
if pargs.php72 or pargs.php73 or pargs.php74:
data = dict(site_name=wo_domain,
www_domain=wo_www_domain,
static=False,
basic=False,
wp=False,
wpfc=False,
wpsc=False,
wprocket=False,
wpce=False,
multisite=False,
wpsubdir=False,
webroot=wo_site_webroot)
data['basic'] = True
if stype in ['html', 'php']:
data = dict(site_name=wo_domain,
www_domain=wo_www_domain,
static=True,
basic=False,
wp=False,
wpfc=False,
wpsc=False,
wprocket=False,
wpce=False,
multisite=False,
wpsubdir=False,
webroot=wo_site_webroot)
if stype == 'php':
data['static'] = False
data['basic'] = True
elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
data = dict(site_name=wo_domain,
www_domain=wo_www_domain,
static=False,
basic=True,
wp=False,
wpfc=False,
wpsc=False,
wpredis=False,
wprocket=False,
wpce=False,
multisite=False,
wpsubdir=False,
webroot=wo_site_webroot,
wo_db_name='',
wo_db_user='',
wo_db_pass='',
wo_db_host='')
if stype in ['wp', 'wpsubdir', 'wpsubdomain']:
data['wp'] = True
data['basic'] = False
data[cache] = True
data['wp-user'] = pargs.user
data['wp-email'] = pargs.email
data['wp-pass'] = pargs.wppass
if stype in ['wpsubdir', 'wpsubdomain']:
data['multisite'] = True
if stype == 'wpsubdir':
data['wpsubdir'] = True
else:
pass
if data and pargs.php73:
data['php73'] = True
data['php74'] = False
data['php72'] = False
data['wo_php'] = 'php73'
elif data and pargs.php74:
data['php72'] = False
data['php74'] = True
data['php73'] = False
data['wo_php'] = 'php74'
else:
data['php74'] = False
data['php72'] = True
data['php73'] = False
data['wo_php'] = 'php72'
if ((not pargs.wpfc) and (not pargs.wpsc) and (not pargs.wprocket)
and (not pargs.wpce) and (not pargs.wpredis)):
data['basic'] = True
if (cache == 'wpredis'):
cache = 'wpredis'
data['wpredis'] = True
data['basic'] = False
pargs.wpredis = True
# Check rerequired packages are installed or not
wo_auth = site_package_check(self, stype)
try:
pre_run_checks(self)
except SiteError as e:
Log.debug(self, str(e))
Log.error(self, "NGINX configuration check failed.")
try:
try:
# setup NGINX configuration, and webroot
setupdomain(self, data)
# Fix Nginx Hashbucket size error
hashbucket(self)
except SiteError as e:
# call cleanup actions on failure
Log.info(self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'])
Log.debug(self, str(e))
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
if 'proxy' in data.keys() and data['proxy']:
addNewSite(self, wo_domain, stype, cache, wo_site_webroot)
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.info(
self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self, domain=wo_domain)
deleteSiteInfo(self, wo_domain)
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
if wo_auth and len(wo_auth):
for msg in wo_auth:
Log.info(self, Log.ENDC + msg, log=False)
Log.info(
self, "Successfully created site"
" http://{0}".format(wo_domain))
return
if data['php73']:
php_version = "7.3"
elif data['php74']:
php_version = "7.4"
else:
php_version = "7.2"
addNewSite(self,
wo_domain,
stype,
cache,
wo_site_webroot,
php_version=php_version)
# Setup database for MySQL site
if 'wo_db_name' in data.keys() and not data['wp']:
try:
data = setupdatabase(self, data)
# Add database information for site into database
updateSiteInfo(self,
wo_domain,
db_name=data['wo_db_name'],
db_user=data['wo_db_user'],
db_password=data['wo_db_pass'],
db_host=data['wo_db_host'])
except SiteError as e:
# call cleanup actions on failure
Log.debug(self, str(e))
Log.info(
self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'],
dbname=data['wo_db_name'],
dbuser=data['wo_db_user'],
dbhost=data['wo_db_host'])
deleteSiteInfo(self, wo_domain)
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
try:
wodbconfig = open(
"{0}/wo-config.php".format(wo_site_webroot),
encoding='utf-8',
mode='w')
wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');"
"\ndefine('DB_USER', '{1}'); "
"\ndefine('DB_PASSWORD', '{2}');"
"\ndefine('DB_HOST', '{3}');\n?>".format(
data['wo_db_name'],
data['wo_db_user'],
data['wo_db_pass'],
data['wo_db_host']))
wodbconfig.close()
stype = 'mysql'
except IOError as e:
Log.debug(self, str(e))
Log.debug(
self, "Error occured while generating "
"wo-config.php")
Log.info(
self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'],
dbname=data['wo_db_name'],
dbuser=data['wo_db_user'],
dbhost=data['wo_db_host'])
deleteSiteInfo(self, wo_domain)
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
# Setup WordPress if Wordpress site
if data['wp']:
vhostonly = bool(pargs.vhostonly)
try:
wo_wp_creds = setupwordpress(self, data, vhostonly)
# Add database information for site into database
updateSiteInfo(self,
wo_domain,
db_name=data['wo_db_name'],
db_user=data['wo_db_user'],
db_password=data['wo_db_pass'],
db_host=data['wo_db_host'])
except SiteError as e:
# call cleanup actions on failure
Log.debug(self, str(e))
Log.info(
self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'],
dbname=data['wo_db_name'],
dbuser=data['wo_db_user'],
dbhost=data['wo_mysql_grant_host'])
deleteSiteInfo(self, wo_domain)
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
# Service Nginx Reload call cleanup if failed to reload nginx
if not WOService.reload_service(self, 'nginx'):
Log.info(self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'])
if 'wo_db_name' in data.keys():
doCleanupAction(self,
domain=wo_domain,
dbname=data['wo_db_name'],
dbuser=data['wo_db_user'],
dbhost=data['wo_mysql_grant_host'])
deleteSiteInfo(self, wo_domain)
Log.info(
self, Log.FAIL + "service nginx reload failed."
" check issues with `nginx -t` command.")
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` "
"and please try again")
WOGit.add(self, ["/etc/nginx"],
msg="{0} created with {1} {2}".format(
wo_www_domain, stype, cache))
# Setup Permissions for webroot
try:
setwebrootpermissions(self, data['webroot'])
except SiteError as e:
Log.debug(self, str(e))
Log.info(self,
Log.FAIL + "There was a serious error encountered...")
Log.info(self, Log.FAIL + "Cleaning up afterwards...")
doCleanupAction(self,
domain=wo_domain,
webroot=data['webroot'])
if 'wo_db_name' in data.keys():
print("Inside db cleanup")
doCleanupAction(self,
domain=wo_domain,
dbname=data['wo_db_name'],
dbuser=data['wo_db_user'],
dbhost=data['wo_mysql_grant_host'])
deleteSiteInfo(self, wo_domain)
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` and "
"please try again")
if wo_auth and len(wo_auth):
for msg in wo_auth:
Log.info(self, Log.ENDC + msg, log=False)
if data['wp'] and (not pargs.vhostonly):
Log.info(self,
Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user']),
log=False)
Log.info(self,
Log.ENDC + "WordPress admin password : {0}".format(
wo_wp_creds['wp_pass']),
log=False)
display_cache_settings(self, data)
Log.info(
self, "Successfully created site"
" http://{0}".format(wo_domain))
except SiteError:
Log.error(
self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
if pargs.letsencrypt:
acme_domains = []
data['letsencrypt'] = True
letsencrypt = True
Log.debug(self, "Going to issue Let's Encrypt certificate")
acmedata = dict(acme_domains,
dns=False,
acme_dns='dns_cf',
dnsalias=False,
acme_alias='',
keylength='')
if self.app.config.has_section('letsencrypt'):
acmedata['keylength'] = self.app.config.get(
'letsencrypt', 'keylength')
else:
acmedata['keylength'] = 'ec-384'
if pargs.dns:
Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
if pargs.dnsalias:
Log.debug(self, "DNS Alias enabled")
acmedata['dnsalias'] = True
acmedata['acme_alias'] = pargs.dnsalias
# detect subdomain and set subdomain variable
if pargs.letsencrypt == "subdomain":
Log.warn(
self, 'Flag --letsencrypt=subdomain is '
'deprecated and not required anymore.')
acme_subdomain = True
acme_wildcard = False
elif pargs.letsencrypt == "wildcard":
acme_wildcard = True
acme_subdomain = False
acmedata['dns'] = True
else:
if ((wo_domain_type == 'subdomain')):
Log.debug(self, "Domain type = {0}".format(wo_domain_type))
acme_subdomain = True
else:
acme_subdomain = False
acme_wildcard = False
if acme_subdomain is True:
Log.info(self, "Certificate type : subdomain")
acme_domains = acme_domains + ['{0}'.format(wo_domain)]
elif acme_wildcard is True:
Log.info(self, "Certificate type : wildcard")
acme_domains = acme_domains + [
'{0}'.format(wo_domain), '*.{0}'.format(wo_domain)
]
else:
Log.info(self, "Certificate type : domain")
acme_domains = acme_domains + [
'{0}'.format(wo_domain), 'www.{0}'.format(wo_domain)
]
if WOAcme.cert_check(self, wo_domain):
SSL.archivedcertificatehandle(self, wo_domain, acme_domains)
else:
if acme_subdomain is True:
# check if a wildcard cert for the root domain exist
Log.debug(
self,
"checkWildcardExist on *.{0}".format(wo_root_domain))
if SSL.checkwildcardexist(self, wo_root_domain):
Log.info(
self, "Using existing Wildcard SSL "
"certificate from {0} to secure {1}".format(
wo_root_domain, wo_domain))
Log.debug(
self, "symlink wildcard "
"cert between {0} & {1}".format(
wo_domain, wo_root_domain))
# copy the cert from the root domain
copyWildcardCert(self, wo_domain, wo_root_domain)
else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not pargs.force:
if not WOAcme.check_dns(self, acme_domains):
Log.error(
self, "Aborting SSL "
"certificate issuance")
Log.debug(
self, "Setup Cert with acme.sh for {0}".format(
wo_domain))
if WOAcme.setupletsencrypt(self, acme_domains,
acmedata):
WOAcme.deploycert(self, wo_domain)
else:
if not acmedata['dns'] is True:
if not pargs.force:
if not WOAcme.check_dns(self, acme_domains):
Log.error(self,
"Aborting SSL certificate issuance")
if WOAcme.setupletsencrypt(self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
if pargs.hsts:
SSL.setuphsts(self, wo_domain)
SSL.httpsredirect(self, wo_domain, acme_domains, True)
SSL.siteurlhttps(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(
self, "Congratulations! Successfully Configured "
"SSL on https://{0}".format(wo_domain))
# Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
msg="Adding letsencrypts config of site: {0}".format(
wo_domain))
updateSiteInfo(self, wo_domain, ssl=letsencrypt)
def doupdatesite(self, pargs):
pargs = self.app.pargs
letsencrypt = False
php73 = False
php74 = False
php72 = False
data = dict()
try:
stype, cache = detSitePar(vars(pargs))
except RuntimeError as e:
Log.debug(self, str(e))
Log.error(self, "Please provide valid options combination for"
" site update")
if stype is None and pargs.proxy:
stype, cache = 'proxy', ''
proxyinfo = pargs.proxy[0].strip()
if not proxyinfo:
Log.error(self, "Please provide proxy server host information")
proxyinfo = proxyinfo.split(':')
host = proxyinfo[0].strip()
port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip()
elif stype is None and not (pargs.proxy or pargs.letsencrypt):
stype, cache = 'html', 'basic'
elif stype and pargs.proxy:
Log.error(self, "--proxy can not be used with other site types")
if not pargs.site_name:
try:
while not pargs.site_name:
pargs.site_name = (input('Enter site name : ').strip())
except IOError:
Log.error(self, 'Unable to input site name, Please try again!')
pargs.site_name = pargs.site_name.strip()
wo_domain = WODomain.validate(self, pargs.site_name)
wo_www_domain = "www.{0}".format(wo_domain)
(wo_domain_type, wo_root_domain) = WODomain.getlevel(
self, wo_domain)
wo_site_webroot = WOVar.wo_webroot + wo_domain
check_site = getSiteInfo(self, wo_domain)
if check_site is None:
Log.error(self, " Site {0} does not exist.".format(wo_domain))
else:
oldsitetype = check_site.site_type
oldcachetype = check_site.cache_type
check_ssl = check_site.is_ssl
check_php_version = check_site.php_version
old_php72 = bool(check_php_version == "7.2")
old_php73 = bool(check_php_version == "7.3")
old_php74 = bool(check_php_version == "7.4")
if ((pargs.password or pargs.hsts or
pargs.ngxblocker or pargs.letsencrypt == 'renew') and not (
pargs.html or pargs.php or pargs.php72 or pargs.php73 or
pargs.php74 or
pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or
pargs.wprocket or pargs.wpce or
pargs.wpsubdir or pargs.wpsubdomain)):
# update wordpress password
if (pargs.password):
try:
updatewpuserpassword(self, wo_domain, wo_site_webroot)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, "\nPassword Unchanged.")
return 0
# setup hsts
if (pargs.hsts):
if pargs.hsts == "on":
SSL.setuphsts(self, wo_domain, enable=True)
elif pargs.hsts == "off":
SSL.setuphsts(self, wo_domain, enable=False)
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.error(
self, "service nginx reload failed. "
"check issues with `nginx -t` command")
return 0
# setup ngxblocker
if (pargs.ngxblocker):
if pargs.ngxblocker == "on":
if os.path.isdir('/etc/nginx/bots.d'):
try:
setupngxblocker(self, wo_domain)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, "\nngxblocker not enabled.")
else:
Log.error(self, 'ngxblocker stack is not installed')
elif pargs.ngxblocker == "off":
try:
setupngxblocker(self, wo_domain, False)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, "\nngxblocker not enabled.")
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
return 0
# letsencryot rebew
if (pargs.letsencrypt == 'renew'):
if WOAcme.cert_check(self, wo_domain):
if not pargs.force:
if (SSL.getexpirationdays(self, wo_domain) > 30):
Log.error(
self, "Your cert will expire in more "
"than 30 days ( " +
str(SSL.getexpirationdays(self, wo_domain)) +
" days).\nAdd \'--force\' to force to renew")
Log.wait(self, "Renewing SSL certificate")
if WOAcme.renew(self, wo_domain):
Log.valide(self, "Renewing SSL certificate")
else:
Log.error(self, "Certificate doesn't exist")
return 0
if (((stype == 'php' and
oldsitetype not in ['html', 'proxy', 'php', 'php72',
'php73', 'php74']) or
(stype == 'mysql' and oldsitetype not in [
'html', 'php', 'php72', 'php73', 'php74', 'proxy']) or
(stype == 'wp' and oldsitetype not in [
'html', 'php', 'php72', 'php73', 'php74', 'mysql',
'proxy', 'wp']) or
(stype == 'wpsubdir' and oldsitetype in ['wpsubdomain']) or
(stype == 'wpsubdomain' and oldsitetype in ['wpsubdir']) or
(stype == oldsitetype and cache == oldcachetype)) and
not (pargs.php72 or pargs.php73 or pargs.php74)):
Log.info(self, Log.FAIL + "can not update {0} {1} to {2} {3}".
format(oldsitetype, oldcachetype, stype, cache))
return 1
if stype == 'proxy':
data['site_name'] = wo_domain
data['www_domain'] = wo_www_domain
data['proxy'] = True
data['host'] = host
data['port'] = port
data['webroot'] = wo_site_webroot
data['currsitetype'] = oldsitetype
data['currcachetype'] = oldcachetype
if stype == 'php':
data = dict(
site_name=wo_domain, www_domain=wo_www_domain,
static=False, basic=True, wp=False, wpfc=False,
php72=False, php73=False, php74=False,
wpsc=False, wpredis=False, wprocket=False, wpce=False,
multisite=False, wpsubdir=False, webroot=wo_site_webroot,
currsitetype=oldsitetype, currcachetype=oldcachetype)
elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
data = dict(
site_name=wo_domain, www_domain=wo_www_domain,
static=False, basic=True, wp=False, wpfc=False,
wpsc=False, wpredis=False, wprocket=False, wpce=False,
multisite=False, wpsubdir=False, webroot=wo_site_webroot,
wo_db_name='', wo_db_user='', wo_db_pass='',
wo_db_host='',
currsitetype=oldsitetype, currcachetype=oldcachetype)
if stype in ['wp', 'wpsubdir', 'wpsubdomain']:
data['wp'] = True
data['basic'] = False
data[cache] = True
if stype in ['wpsubdir', 'wpsubdomain']:
data['multisite'] = True
if stype == 'wpsubdir':
data['wpsubdir'] = True
if ((pargs.php72 or pargs.php73 or
pargs.php74) and (not data)):
Log.debug(
self, "pargs php72, or php73, or php74 enabled")
data = dict(
site_name=wo_domain,
www_domain=wo_www_domain,
currsitetype=oldsitetype,
currcachetype=oldcachetype,
webroot=wo_site_webroot)
stype = oldsitetype
cache = oldcachetype
if oldsitetype == 'html' or oldsitetype == 'proxy':
data['static'] = False
data['wp'] = False
data['multisite'] = False
data['wpsubdir'] = False
elif (oldsitetype == 'php' or oldsitetype == 'mysql' or
oldsitetype == 'php73'or oldsitetype == 'php74'):
data['static'] = False
data['wp'] = False
data['multisite'] = False
data['wpsubdir'] = False
elif oldsitetype == 'wp':
data['static'] = False
data['wp'] = True
data['multisite'] = False
data['wpsubdir'] = False
elif oldsitetype == 'wpsubdir':
data['static'] = False
data['wp'] = True
data['multisite'] = True
data['wpsubdir'] = True
elif oldsitetype == 'wpsubdomain':
data['static'] = False
data['wp'] = True
data['multisite'] = True
data['wpsubdir'] = False
if oldcachetype == 'basic':
data['basic'] = True
data['wpfc'] = False
data['wpsc'] = False
data['wpredis'] = False
data['wprocket'] = False
data['wpce'] = False
elif oldcachetype == 'wpfc':
data['basic'] = False
data['wpfc'] = True
data['wpsc'] = False
data['wpredis'] = False
data['wprocket'] = False
data['wpce'] = False
elif oldcachetype == 'wpsc':
data['basic'] = False
data['wpfc'] = False
data['wpsc'] = True
data['wpredis'] = False
data['wprocket'] = False
data['wpce'] = False
elif oldcachetype == 'wpredis':
data['basic'] = False
data['wpfc'] = False
data['wpsc'] = False
data['wpredis'] = True
data['wprocket'] = False
data['wpce'] = False
elif oldcachetype == 'wprocket':
data['basic'] = False
data['wpfc'] = False
data['wpsc'] = False
data['wpredis'] = False
data['wprocket'] = True
data['wpce'] = False
elif oldcachetype == 'wpce':
data['basic'] = False
data['wpfc'] = False
data['wpsc'] = False
data['wpredis'] = False
data['wprocket'] = False
data['wpce'] = True
if pargs.php72:
Log.debug(self, "pargs.php72 detected")
data['php72'] = True
php72 = True
elif pargs.php73:
Log.debug(self, "pargs.php73 detected")
data['php73'] = True
php73 = True
elif pargs.php74:
Log.debug(self, "pargs.php74 detected")
data['php74'] = True
php74 = True
if pargs.php72:
if php72 is old_php72:
Log.info(self, "PHP 7.2 is already enabled for given "
"site")
pargs.php72 = False
if pargs.php73:
if php73 is old_php73:
Log.info(self, "PHP 7.3 is already enabled for given "
"site")
pargs.php73 = False
if pargs.php74:
if php74 is old_php74:
Log.info(self, "PHP 7.4 is already enabled for given "
"site")
pargs.php74 = False
if (data and (not pargs.php73) and
(not pargs.php74) and (not pargs.php72)):
data['php72'] = bool(old_php72 is True)
Log.debug(self, "data php72 = {0}".format(data['php72']))
php72 = bool(old_php72 is True)
data['php73'] = bool(old_php73 is True)
Log.debug(self, "data php73 = {0}".format(data['php73']))
php73 = bool(old_php73 is True)
data['php74'] = bool(old_php74 is True)
Log.debug(self, "data php74 = {0}".format(data['php74']))
php74 = bool(old_php74 is True)
if pargs.letsencrypt:
acme_domains = []
acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf',
dnsalias=False, acme_alias='', keylength='')
acmedata['keylength'] = self.app.config.get('letsencrypt',
'keylength')
if pargs.letsencrypt == 'on':
data['letsencrypt'] = True
letsencrypt = True
acme_subdomain = bool(wo_domain_type == 'subdomain')
acme_wildcard = False
elif pargs.letsencrypt == 'subdomain':
data['letsencrypt'] = True
letsencrypt = True
acme_subdomain = True
acme_wildcard = False
elif pargs.letsencrypt == 'wildcard':
data['letsencrypt'] = True
letsencrypt = True
acme_wildcard = True
acme_subdomain = False
acmedata['dns'] = True
elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False
letsencrypt = False
acme_subdomain = False
acme_wildcard = False
elif pargs.letsencrypt == 'clean':
data['letsencrypt'] = False
letsencrypt = False
acme_subdomain = False
acme_wildcard = False
elif pargs.letsencrypt == 'purge':
data['letsencrypt'] = False
letsencrypt = False
acme_subdomain = False
acme_wildcard = False
else:
data['letsencrypt'] = False
letsencrypt = False
acme_subdomain = False
acme_wildcard = False
if not (acme_subdomain is True):
if letsencrypt is check_ssl:
if letsencrypt is False:
Log.error(self, "SSL is not configured for given "
"site")
elif letsencrypt is True:
Log.error(self, "SSL is already configured for given "
"site")
pargs.letsencrypt = False
if pargs.all and pargs.letsencrypt == "off":
if letsencrypt is check_ssl:
if letsencrypt is False:
Log.error(self, "HTTPS is not configured for given "
"site", False)
return 0
if pargs.wpredis and data['currcachetype'] != 'wpredis':
data['wpredis'] = True
data['basic'] = False
cache = 'wpredis'
if pargs.wprocket and data['currcachetype'] != 'wprocket':
data['wprocket'] = True
data['basic'] = False
cache = 'wprocket'
if pargs.wpce and data['currcachetype'] != 'wpce':
data['wpce'] = True
data['basic'] = False
cache = 'wpce'
if ((php73 is old_php73) and (php72 is old_php72) and
(php74 is old_php74) and (stype == oldsitetype and
cache == oldcachetype)):
Log.debug(self, "Nothing to update")
return 1
if php73 is True:
data['wo_php'] = 'php73'
check_php_version = '7.3'
elif php74 is True:
data['wo_php'] = 'php74'
check_php_version = '7.4'
elif php72 is True:
data['wo_php'] = 'php72'
check_php_version = '7.2'
else:
data['wo_php'] = 'php72'
check_php_version = '7.2'
if pargs.hsts:
data['hsts'] = bool(pargs.hsts == "on")
if pargs.ngxblocker:
ngxblocker = bool(pargs.ngxblocker == 'on')
if not data:
Log.error(self, "Cannot update {0}, Invalid Options"
.format(wo_domain))
wo_auth = site_package_check(self, stype)
data['wo_db_name'] = check_site.db_name
data['wo_db_user'] = check_site.db_user
data['wo_db_pass'] = check_site.db_password
data['wo_db_host'] = check_site.db_host
if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker):
try:
pre_run_checks(self)
except SiteError as e:
Log.debug(self, str(e))
Log.error(self, "NGINX configuration check failed.")
try:
sitebackup(self, data)
except Exception as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
# setup NGINX configuration, and webroot
try:
setupdomain(self, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
"`tail /var/log/wo/wordops.log` and please try again")
return 1
if 'proxy' in data.keys() and data['proxy']:
updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
ssl=(bool(check_site.is_ssl)))
Log.info(self, "Successfully updated site"
" http://{0}".format(wo_domain))
return 0
if pargs.letsencrypt:
if data['letsencrypt'] is True:
# DNS API configuration
if pargs.dns:
Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
if pargs.dnsalias:
Log.debug(self, "DNS Alias enabled")
acmedata['dnsalias'] = True
acmedata['acme_alias'] = pargs.dnsalias
# Set list of domains to secure
if acme_subdomain is True:
Log.info(self, "Certificate type : subdomain")
acme_domains = acme_domains + [
'{0}'.format(wo_domain)]
elif acme_wildcard is True:
Log.info(self, "Certificate type : wildcard")
acme_domains = acme_domains + [
'{0}'.format(wo_domain),
'*.{0}'.format(wo_domain)]
else:
Log.info(self, "Certificate type : domain")
acme_domains = acme_domains + [
'{0}'.format(wo_domain),
'www.{0}'.format(wo_domain)]
if WOAcme.cert_check(self, wo_domain):
SSL.archivedcertificatehandle(
self, wo_domain, acme_domains)
else:
if acme_subdomain:
Log.debug(self, "checkWildcardExist on *.{0}"
.format(wo_root_domain))
if SSL.checkwildcardexist(self, wo_root_domain):
Log.info(
self, "Using existing Wildcard SSL "
"certificate from {0} to secure {1}"
.format(wo_root_domain, wo_domain))
Log.debug(
self, "symlink wildcard "
"cert between {0} & {1}"
.format(wo_domain, wo_root_domain))
# copy the cert from the root domain
copyWildcardCert(self, wo_domain,
wo_root_domain)
else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not pargs.force:
if not WOAcme.check_dns(self,
acme_domains):
Log.error(
self,
"Aborting SSL certificate "
"issuance")
Log.debug(
self, "Setup Cert with acme.sh for {0}"
.format(wo_domain))
if WOAcme.setupletsencrypt(
self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
else:
Log.error(
self, "Unable to issue certificate")
else:
# check DNS records before issuing cert
if not acmedata['dns'] is True:
if not pargs.force:
if not WOAcme.check_dns(self,
acme_domains):
Log.error(
self,
"Aborting SSL "
"certificate issuance")
if WOAcme.setupletsencrypt(
self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
else:
Log.error(self, "Unable to issue certificate")
SSL.httpsredirect(
self, wo_domain, acme_domains, redirect=True)
SSL.siteurlhttps(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully "
"Configured SSL on https://{0}".format(wo_domain))
if (SSL.getexpirationdays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getexpirationdays(self, wo_domain)) +
" days.")
else:
Log.warn(
self, "Your cert already EXPIRED ! "
".PLEASE renew soon . ")
elif data['letsencrypt'] is False:
if pargs.letsencrypt == "off":
if os.path.islink("{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot)):
WOFileUtils.remove_symlink(self,
"{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot))
elif os.path.isfile("{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot)):
Log.info(self, 'Setting Nginx configuration')
WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/ssl.conf.disabled'
.format(wo_site_webroot))
SSL.httpsredirect(
self, wo_domain, acmedata, redirect=False)
if os.path.isfile("{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/'
'hsts.conf.disabled'
.format(wo_site_webroot))
# find all broken symlinks
sympath = "/var/www"
WOFileUtils.findBrokenSymlink(self, sympath)
elif (pargs.letsencrypt == "clean" or
pargs.letsencrypt == "purge"):
WOAcme.removeconf(self, wo_domain)
# find all broken symlinks
sympath = "/var/www"
WOFileUtils.findBrokenSymlink(self, sympath)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
# Log.info(self,"Removing Cron Job set for cert
# auto-renewal") WOCron.remove_cron(self,'wo site
# update {0} --le=renew --min_expiry_limit 30
# 2> \/dev\/null'.format(wo_domain))
Log.info(self, "Successfully Disabled SSl for Site "
" http://{0}".format(wo_domain))
# Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
msg="Adding letsencrypts config of site: {0}"
.format(wo_domain))
updateSiteInfo(self, wo_domain, ssl=letsencrypt)
return 0
if pargs.hsts:
if data['hsts'] is True:
if os.path.isfile(("{0}/conf/nginx/ssl.conf")
.format(wo_site_webroot)):
if not os.path.isfile("{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot)):
SSL.setuphsts(self, wo_domain)
else:
Log.error(self, "HSTS is already configured for given "
"site")
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
else:
Log.error(self, "HTTPS is not configured for given "
"site")
elif data['hsts'] is False:
if os.path.isfile(("{0}/conf/nginx/hsts.conf")
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
else:
Log.error(self, "HSTS is not configured for given "
"site")
if pargs.ngxblocker:
if ngxblocker is True:
setupngxblocker(self, wo_domain)
elif ngxblocker is False:
if os.path.isfile("{0}/conf/nginx/ngxblocker.conf"
.format(wo_site_webroot)):
WOFileUtils.mvfile(
self,
"{0}/conf/nginx/ngxblocker.conf"
.format(wo_site_webroot),
"{0}/conf/nginx/ngxblocker.conf.disabled"
.format(wo_site_webroot))
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
if stype == oldsitetype and cache == oldcachetype:
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
ssl=(bool(check_site.is_ssl)),
php_version=check_php_version)
Log.info(self, "Successfully updated site"
" http://{0}".format(wo_domain))
return 0
# if data['wo_db_name'] and not data['wp']:
if 'wo_db_name' in data.keys() and not data['wp']:
try:
data = setupdatabase(self, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
"`tail /var/log/wo/wordops.log` and please try again")
return 1
try:
wodbconfig = open("{0}/wo-config.php".format(wo_site_webroot),
encoding='utf-8', mode='w')
wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');"
"\ndefine('DB_USER', '{1}'); "
"\ndefine('DB_PASSWORD', '{2}');"
"\ndefine('DB_HOST', '{3}');\n?>"
.format(data['wo_db_name'],
data['wo_db_user'],
data['wo_db_pass'],
data['wo_db_host']))
wodbconfig.close()
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "creating wo-config.php failed.")
Log.info(self, Log.FAIL + "Update site failed. "
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
# Setup WordPress if old sites are html/php/mysql sites
if data['wp'] and oldsitetype in ['html', 'proxy', 'php', 'php72',
'mysql', 'php73', 'php74']:
try:
wo_wp_creds = setupwordpress(self, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
# Uninstall unnecessary plugins
if oldsitetype in ['wp', 'wpsubdir', 'wpsubdomain']:
# Setup WordPress Network if update option is multisite
# and oldsite is WordPress single site
if data['multisite'] and oldsitetype == 'wp':
try:
setupwordpressnetwork(self, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if ((oldcachetype in ['wpsc', 'basic', 'wpredis', 'wprocket',
'wpce'] and
(data['wpfc'])) or (oldsitetype == 'wp' and
data['multisite'] and data['wpfc'])):
try:
plugin_data_object = {
"log_level": "INFO",
"log_filesize": 5,
"enable_purge": 1,
"enable_map": "0",
"enable_log": 0,
"enable_stamp": 1,
"purge_homepage_on_new": 1,
"purge_homepage_on_edit": 1,
"purge_homepage_on_del": 1,
"purge_archive_on_new": 1,
"purge_archive_on_edit": 0,
"purge_archive_on_del": 0,
"purge_archive_on_new_comment": 0,
"purge_archive_on_deleted_comment": 0,
"purge_page_on_mod": 1,
"purge_page_on_new_comment": 1,
"purge_page_on_deleted_comment": 1,
"cache_method": "enable_fastcgi",
"purge_method": "get_request",
"redis_hostname": "127.0.0.1",
"redis_port": "6379",
"redis_prefix": "nginx-cache:"}
plugin_data = json.dumps(plugin_data_object)
setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options',
plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
elif ((oldcachetype in ['wpsc', 'basic', 'wpfc',
'wprocket', 'wpce'] and
(data['wpredis'])) or (oldsitetype == 'wp' and
data['multisite'] and
data['wpredis'])):
try:
plugin_data_object = {
"log_level": "INFO",
"log_filesize": 5,
"enable_purge": 1,
"enable_map": "0",
"enable_log": 0,
"enable_stamp": 1,
"purge_homepage_on_new": 1,
"purge_homepage_on_edit": 1,
"purge_homepage_on_del": 1,
"purge_archive_on_new": 1,
"purge_archive_on_edit": 0,
"purge_archive_on_del": 0,
"purge_archive_on_new_comment": 0,
"purge_archive_on_deleted_comment": 0,
"purge_page_on_mod": 1,
"purge_page_on_new_comment": 1,
"purge_page_on_deleted_comment": 1,
"cache_method": "enable_redis",
"purge_method": "get_request",
"redis_hostname": "127.0.0.1",
"redis_port": "6379",
"redis_prefix": "nginx-cache:"}
plugin_data = json.dumps(plugin_data_object)
setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options',
plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
else:
try:
# disable nginx-helper
plugin_data_object = {
"log_level": "INFO",
"log_filesize": 5,
"enable_purge": 0,
"enable_map": 0,
"enable_log": 0,
"enable_stamp": 0,
"purge_homepage_on_new": 1,
"purge_homepage_on_edit": 1,
"purge_homepage_on_del": 1,
"purge_archive_on_new": 1,
"purge_archive_on_edit": 0,
"purge_archive_on_del": 0,
"purge_archive_on_new_comment": 0,
"purge_archive_on_deleted_comment": 0,
"purge_page_on_mod": 1,
"purge_page_on_new_comment": 1,
"purge_page_on_deleted_comment": 1,
"cache_method": "enable_redis",
"purge_method": "get_request",
"redis_hostname": "127.0.0.1",
"redis_port": "6379",
"redis_prefix": "nginx-cache:"}
plugin_data = json.dumps(plugin_data_object)
setupwp_plugin(
self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update nginx-helper "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if ((oldcachetype in ['wpsc', 'basic',
'wpfc', 'wprocket', 'wpredis'] and
(data['wpce'])) or (oldsitetype == 'wp' and
data['multisite'] and
data['wpce'])):
try:
installwp_plugin(self, 'cache-enabler', data)
# setup cache-enabler
plugin_data_object = {
"expires": 24,
"new_post": 1,
"new_comment": 0,
"webp": 0,
"clear_on_upgrade": 1,
"compress": 0,
"excl_ids": "",
"excl_regexp": "",
"excl_cookies": "",
"incl_attributes": "",
"minify_html": 1}
plugin_data = json.dumps(plugin_data_object)
setupwp_plugin(self, 'cache-enabler',
'cache-enabler', plugin_data, data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update cache-enabler "
"settings failed. "
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype == 'wpsc' and not data['wpsc']:
try:
uninstallwp_plugin(self, 'wp-super-cache', data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype == 'wpredis' and not data['wpredis']:
try:
uninstallwp_plugin(self, 'redis-cache', data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details:"
" `tail /var/log/wo/wordops.log` "
"and please try again")
return 1
if oldcachetype != 'wpsc' and data['wpsc']:
try:
installwp_plugin(self, 'wp-super-cache', data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
if oldcachetype == 'wprocket' and not data['wprocket']:
try:
uninstallwp_plugin(self, 'wp-rocket', data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
if oldcachetype == 'wpce' and not data['wpce']:
try:
uninstallwp_plugin(self, 'cache-enabler', data)
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
# Service Nginx Reload
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
WOGit.add(self, ["/etc/nginx"],
msg="{0} updated with {1} {2}"
.format(wo_www_domain, stype, cache))
# Setup Permissions for webroot
try:
setwebrootpermissions(self, data['webroot'])
except SiteError as e:
Log.debug(self, str(e))
Log.info(self, Log.FAIL + "Update site failed."
"Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
return 1
if wo_auth and len(wo_auth):
for msg in wo_auth:
Log.info(self, Log.ENDC + msg)
display_cache_settings(self, data)
if data['wp'] and oldsitetype in ['html', 'php', 'mysql']:
Log.info(self, "\n\n" + Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user']))
Log.info(self, Log.ENDC + "WordPress admin password : {0}"
.format(wo_wp_creds['wp_pass']) + "\n\n")
if oldsitetype in ['html', 'php'] and stype != 'php':
updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
db_name=data['wo_db_name'],
db_user=data['wo_db_user'],
db_password=data['wo_db_pass'],
db_host=data['wo_db_host'],
ssl=bool(check_site.is_ssl),
php_version=check_php_version)
else:
updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
ssl=bool(check_site.is_ssl),
php_version=check_php_version)
Log.info(self, "Successfully updated site"
" http://{0}".format(wo_domain))
return 0
