示例#1
0
 def secure_auth(self):
     """This function secures authentication"""
     WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
     pargs = self.app.pargs
     passwd = RANDOM.long(self)
     if not pargs.user_input:
         username = input("Provide HTTP authentication user "
                          "name [{0}] :".format(WOVar.wo_user))
         pargs.user_input = username
         if username == "":
             pargs.user_input = WOVar.wo_user
     if not pargs.user_pass:
         password = getpass.getpass("Provide HTTP authentication "
                                    "password [{0}] :".format(passwd))
         pargs.user_pass = password
         if password == "":
             pargs.user_pass = passwd
     Log.debug(
         self, "printf username:"******"$(openssl passwd -crypt "
         "password 2> /dev/null)\n\""
         "> /etc/nginx/htpasswd-wo 2>/dev/null")
     WOShellExec.cmd_exec(self,
                          "printf \"{username}:"
                          "$(openssl passwd -crypt "
                          "{password} 2> /dev/null)\n\""
                          "> /etc/nginx/htpasswd-wo 2>/dev/null".format(
                              username=pargs.user_input,
                              password=pargs.user_pass),
                          log=False)
     WOGit.add(self, ["/etc/nginx"],
               msg="Adding changed secure auth into Git")
示例#2
0
 def secure_port(self):
     """This function Secures port"""
     WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
     pargs = self.app.pargs
     if pargs.user_input:
         while ((not pargs.user_input.isdigit())
                and (not pargs.user_input < 65536)):
             Log.info(self, "Please enter a valid port number ")
             pargs.user_input = input("WordOps " "admin port [22222]:")
     else:
         port = input("WordOps admin port [22222]:")
         if port == "":
             port = 22222
         while ((not port.isdigit()) and (not port != "")
                and (not port < 65536)):
             Log.info(self, "Please Enter valid port number :")
             port = input("WordOps admin port [22222]:")
         pargs.user_input = port
     WOShellExec.cmd_exec(
         self, "sed -i \"s/listen.*/listen "
         "{port} default_server ssl http2;/\" "
         "/etc/nginx/sites-available/22222".format(port=pargs.user_input))
     WOGit.add(self, ["/etc/nginx"],
               msg="Adding changed secure port into Git")
     if not WOService.reload_service(self, 'nginx'):
         Log.error(
             self, "service nginx reload failed. "
             "check issues with `nginx -t` command")
     Log.info(
         self,
         "Successfully port changed {port}".format(port=pargs.user_input))
示例#3
0
 def secure_port(self):
     """This function Secures port"""
     WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
     pargs = self.app.pargs
     if pargs.user_input:
         while ((not pargs.user_input.isdigit())
                and (not pargs.user_input < 65536)):
             Log.info(self, "Please enter a valid port number ")
             pargs.user_input = input("WordOps " "admin port [22222]:")
     else:
         port = input("WordOps admin port [22222]:")
         if port == "":
             port = 22222
         while ((not port.isdigit()) and (not port != "")
                and (not port < 65536)):
             Log.info(self, "Please Enter valid port number :")
             port = input("WordOps admin port [22222]:")
         pargs.user_input = port
     data = dict(release=WOVar.wo_version,
                 port=pargs.user_input,
                 webroot='/var/www/')
     WOTemplate.deploy(self, '/etc/nginx/sites-available/22222',
                       '22222.mustache', data)
     WOGit.add(self, ["/etc/nginx"],
               msg="Adding changed secure port into Git")
     if not WOService.reload_service(self, 'nginx'):
         Log.error(
             self, "service nginx reload failed. "
             "check issues with `nginx -t` command")
     Log.info(
         self,
         "Successfully port changed {port}".format(port=pargs.user_input))
示例#4
0
    def secure_ip(self):
        """IP whitelisting"""
        WOGit.add(self, ["/etc/nginx"], msg="Add Nginx to into Git")
        pargs = self.app.pargs
        if not pargs.user_input:
            ip = input("Enter the comma separated IP addresses "
                       "to white list [127.0.0.1]:")
            pargs.user_input = ip
        try:
            user_ip = pargs.user_input.split(',')
        except Exception as e:
            Log.debug(self, "{0}".format(e))
            user_ip = ['127.0.0.1']
        for ip_addr in user_ip:
            if not ("exist_ip_address " + ip_addr in open('/etc/nginx/common/'
                                                          'acl.conf').read()):
                WOShellExec.cmd_exec(
                    self, "sed -i "
                    "\"/deny/i allow {whitelist_address}\;\""
                    " /etc/nginx/common/acl.conf".format(
                        whitelist_address=ip_addr))
        WOGit.add(self, ["/etc/nginx"],
                  msg="Adding changed secure ip into Git")

        Log.info(self, "Successfully added IP address in acl.conf file")
示例#5
0
 def secure_auth(self):
     """This function secures authentication"""
     passwd = ''.join([
         random.choice(string.ascii_letters + string.digits)
         for n in range(16)
     ])
     if not self.app.pargs.user_input:
         username = input("Provide HTTP authentication user "
                          "name [{0}] :".format(WOVariables.wo_user))
         self.app.pargs.user_input = username
         if username == "":
             self.app.pargs.user_input = WOVariables.wo_user
     if not self.app.pargs.user_pass:
         password = getpass.getpass("Provide HTTP authentication "
                                    "password [{0}] :".format(passwd))
         self.app.pargs.user_pass = password
         if password == "":
             self.app.pargs.user_pass = passwd
     Log.debug(
         self, "printf username:"******"$(openssl passwd -crypt "
         "password 2> /dev/null)\n\""
         "> /etc/nginx/htpasswd-wo 2>/dev/null")
     WOShellExec.cmd_exec(self,
                          "printf \"{username}:"
                          "$(openssl passwd -crypt "
                          "{password} 2> /dev/null)\n\""
                          "> /etc/nginx/htpasswd-wo 2>/dev/null".format(
                              username=self.app.pargs.user_input,
                              password=self.app.pargs.user_pass),
                          log=False)
     WOGit.add(self, ["/etc/nginx"],
               msg="Adding changed secure auth into Git")
示例#6
0
    def enable(self):
        pargs = self.app.pargs
        if not pargs.site_name:
            try:
                while not pargs.site_name:
                    pargs.site_name = (input('Enter site name : ').strip())
            except IOError as e:
                Log.debug(self, str(e))
                Log.error(self, 'could not input site name')

        pargs.site_name = pargs.site_name.strip()
        # validate domain name
        wo_domain = WODomain.validate(self, pargs.site_name)

        # check if site exists
        if not check_domain_exists(self, wo_domain):
            Log.error(self, "site {0} does not exist".format(wo_domain))
        if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)):
            Log.info(self, "Enable domain {0:10} \t".format(wo_domain), end='')
            WOFileUtils.create_symlink(self, [
                '/etc/nginx/sites-available/{0}'.format(wo_domain),
                '/etc/nginx/sites-enabled/{0}'.format(wo_domain)
            ])
            WOGit.add(self, ["/etc/nginx"],
                      msg="Enabled {0} ".format(wo_domain))
            updateSiteInfo(self, wo_domain, enabled=True)
            Log.info(self, "[" + Log.ENDC + "OK" + Log.OKBLUE + "]")
            if not WOService.reload_service(self, 'nginx'):
                Log.error(
                    self, "service nginx reload failed. "
                    "check issues with `nginx -t` command")
        else:
            Log.error(self, 'nginx configuration file does not exist')
示例#7
0
文件: site.py 项目: zeus911/WordOps
    def default(self):
        pargs = self.app.pargs
        if not pargs.site_name:
            try:
                while not pargs.site_name:
                    pargs.site_name = (input('Enter site name : ').strip())
            except IOError as e:
                Log.debug(self, str(e))
                Log.error(self, 'Unable to read input, Please try again')

        pargs.site_name = pargs.site_name.strip()
        wo_domain = WODomain.validate(self, pargs.site_name)
        if not check_domain_exists(self, wo_domain):
            Log.error(self, "site {0} does not exist".format(wo_domain))

        if os.path.isfile('/etc/nginx/sites-available/{0}'.format(wo_domain)):
            try:
                WOShellExec.invoke_editor(
                    self, '/etc/nginx/sites-availa'
                    'ble/{0}'.format(wo_domain))
            except CommandExecutionError as e:
                Log.debug(self, str(e))
                Log.error(self, "Failed invoke editor")
            if (WOGit.checkfilestatus(
                    self, "/etc/nginx",
                    '/etc/nginx/sites-available/{0}'.format(wo_domain))):
                WOGit.add(self, ["/etc/nginx"],
                          msg="Edit website: {0}".format(wo_domain))
                # Reload NGINX
                if not WOService.reload_service(self, 'nginx'):
                    Log.error(
                        self, "service nginx reload failed. "
                        "check issues with `nginx -t` command")
        else:
            Log.error(self, "nginx configuration file does not exists")
示例#8
0
    def deploycert(self, wo_domain_name):
        """Deploy Let's Encrypt certificates with acme.sh"""
        if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'.
                              format(wo_domain_name)):
            Log.error(self, 'Certificate not found. Deployment canceled')

        Log.debug(self,
                  "Cert deployment for domain: {0}".format(wo_domain_name))

        try:
            Log.wait(self, "Deploying SSL cert")
            if WOShellExec.cmd_exec(
                    self,
                    "mkdir -p {0}/{1} && {2} --install-cert -d {1} --ecc "
                    "--cert-file {0}/{1}/cert.pem --key-file {0}/{1}/key.pem "
                    "--fullchain-file {0}/{1}/fullchain.pem "
                    "--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && "
                    "service nginx restart\" ".format(WOVar.wo_ssl_live,
                                                      wo_domain_name,
                                                      WOAcme.wo_acme_exec)):
                Log.valide(self, "Deploying SSL cert")
            else:
                Log.failed(self, "Deploying SSL cert")
                Log.error(self, "Unable to deploy certificate")

            if os.path.isdir('/var/www/{0}/conf/nginx'.format(wo_domain_name)):

                sslconf = open(
                    "/var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name),
                    encoding='utf-8',
                    mode='w')
                sslconf.write("listen 443 ssl http2;\n"
                              "listen [::]:443 ssl http2;\n"
                              "ssl_certificate     {0}/{1}/fullchain.pem;\n"
                              "ssl_certificate_key     {0}/{1}/key.pem;\n"
                              "ssl_trusted_certificate {0}/{1}/ca.pem;\n"
                              "ssl_stapling_verify on;\n".format(
                                  WOVar.wo_ssl_live, wo_domain_name))
                sslconf.close()

            if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
                                    '/etc/letsencrypt'):
                Log.info(self, "Securing WordOps backend with current cert")
                sslconf = open("/var/www/22222/conf/nginx/ssl.conf",
                               encoding='utf-8',
                               mode='w')
                sslconf.write("ssl_certificate     {0}/{1}/fullchain.pem;\n"
                              "ssl_certificate_key     {0}/{1}/key.pem;\n"
                              "ssl_trusted_certificate {0}/{1}/ca.pem;\n"
                              "ssl_stapling_verify on;\n".format(
                                  WOVar.wo_ssl_live, wo_domain_name))
                sslconf.close()

            WOGit.add(self, ["/etc/letsencrypt"],
                      msg="Adding letsencrypt folder")

        except IOError as e:
            Log.debug(self, str(e))
            Log.debug(self, "Error occured while generating " "ssl.conf")
        return 0
示例#9
0
 def secure_ssh_port(self):
     """Change SSH port"""
     WOGit.add(self, ["/etc/ssh"],
               msg="Adding changed SSH port into Git")
     pargs = self.app.pargs
     if pargs.user_input:
         while ((not pargs.user_input.isdigit()) and
                (not pargs.user_input < 65536)):
             Log.info(self, "Please enter a valid port number ")
             pargs.user_input = input("Server "
                                      "SSH port [22]:")
     if not pargs.user_input:
         port = input("Server SSH port [22]:")
         if port == "":
             port = 22
         while (not port.isdigit()) and (port != "") and (not port < 65536):
             Log.info(self, "Please Enter valid port number :")
             port = input("Server SSH port [22]:")
         pargs.user_input = port
     if WOFileUtils.grepcheck(self, '/etc/ssh/sshd_config', '#Port'):
         WOShellExec.cmd_exec(self, "sed -i \"s/#Port.*/Port "
                              "{port}/\" /etc/ssh/sshd_config"
                              .format(port=pargs.user_input))
     else:
         WOShellExec.cmd_exec(self, "sed -i \"s/Port.*/Port "
                              "{port}/\" /etc/ssh/sshd_config"
                              .format(port=pargs.user_input))
     # allow new ssh port if ufw is enabled
     if os.path.isfile('/etc/ufw/ufw.conf'):
         # add rule for proftpd with UFW
         if WOFileUtils.grepcheck(
                 self, '/etc/ufw/ufw.conf', 'ENABLED=yes'):
             try:
                 WOShellExec.cmd_exec(
                     self, 'ufw limit {0}'.format(pargs.user_input))
                 WOShellExec.cmd_exec(
                     self, 'ufw reload')
             except Exception as e:
                 Log.debug(self, "{0}".format(e))
                 Log.error(self, "Unable to add UFW rule")
     # add ssh into git
     WOGit.add(self, ["/etc/ssh"],
               msg="Adding changed SSH port into Git")
     # restart ssh service
     if not WOService.restart_service(self, 'ssh'):
         Log.error(self, "service SSH restart failed.")
     Log.info(self, "Successfully changed SSH port to {port}"
              .format(port=pargs.user_input))
示例#10
0
 def secure_ssh(self):
     """Harden ssh security"""
     pargs = self.app.pargs
     if not pargs.force and not pargs.allowpassword:
         start_secure = input('Are you sure you to want to'
                              ' harden SSH security ?'
                              '\nSSH login with password will not '
                              'be possible anymore. Please make sure '
                              'you are already using SSH Keys.\n'
                              'Harden SSH security [y/N]')
         if start_secure != "Y" and start_secure != "y":
             Log.error(self, "Not hardening SSH security")
     if os.path.exists('/etc/ssh'):
         WOGit.add(self, ["/etc/ssh"], msg="Adding SSH into Git")
     Log.debug(self, "check if /etc/ssh/sshd_config exist")
     if os.path.isfile('/etc/ssh/sshd_config'):
         Log.debug(self, "looking for the current ssh port")
         for line in open('/etc/ssh/sshd_config', encoding='utf-8'):
             if 'Port' in line:
                 ssh_line = line.strip()
                 break
         port = (ssh_line).split(' ')
         current_ssh_port = (port[1]).strip()
         if os.getenv('SUDO_USER'):
             sudo_user = os.getenv('SUDO_USER')
         else:
             sudo_user = ''
         if pargs.allowpassword:
             wo_allowpassword = '******'
         else:
             wo_allowpassword = '******'
         data = dict(sshport=current_ssh_port,
                     allowpass=wo_allowpassword,
                     user=sudo_user)
         WOTemplate.deploy(self, '/etc/ssh/sshd_config', 'sshd.mustache',
                           data)
         WOGit.add(self, ["/etc/ssh"],
                   msg="Adding changed SSH port into Git")
         if not WOService.restart_service(self, 'ssh'):
             Log.error(self, "service SSH restart failed.")
             Log.info(self, "Successfully harden SSH security")
     else:
         Log.error(self, "SSH config file not found")
示例#11
0
 def secure_port(self):
     """This function Secures port"""
     if self.app.pargs.user_input:
         while not self.app.pargs.user_input.isdigit():
             Log.info(self, "Please enter a valid port number ")
             self.app.pargs.user_input = input("WordOps "
                                               "admin port [22222]:")
     if not self.app.pargs.user_input:
         port = input("WordOps admin port [22222]:")
         if port == "":
             self.app.pargs.user_input = 22222
         while not port.isdigit() and port != "":
             Log.info(self, "Please Enter valid port number :")
             port = input("WordOps admin port [22222]:")
         self.app.pargs.user_input = port
     if WOVariables.wo_platform_distro == 'ubuntu':
         WOShellExec.cmd_exec(
             self, "sed -i \"s/listen.*/listen "
             "{port} default_server ssl http2;/\" "
             "/etc/nginx/sites-available/22222".format(
                 port=self.app.pargs.user_input))
     if WOVariables.wo_platform_distro == 'debian':
         WOShellExec.cmd_exec(
             self, "sed -i \"s/listen.*/listen "
             "{port} default_server ssl http2;/\" "
             "/etc/nginx/sites-available/22222".format(
                 port=self.app.pargs.user_input))
     WOGit.add(self, ["/etc/nginx"],
               msg="Adding changed secure port into Git")
     if not WOService.reload_service(self, 'nginx'):
         Log.error(
             self, "service nginx reload failed. "
             "check issues with `nginx -t` command")
     Log.info(
         self, "Successfully port changed {port}".format(
             port=self.app.pargs.user_input))
示例#12
0
    def default(self):
        pargs = self.app.pargs
        # self.app.render((data), 'default.mustache')
        # Check domain name validation
        data = dict()
        host, port = None, None
        try:
            stype, cache = detSitePar(vars(pargs))
        except RuntimeError as e:
            Log.debug(self, str(e))
            Log.error(self, "Please provide valid options to creating site")

        if stype is None and pargs.proxy:
            stype, cache = 'proxy', ''
            proxyinfo = pargs.proxy[0].strip()
            if not proxyinfo:
                Log.error(self, "Please provide proxy server host information")
            proxyinfo = proxyinfo.split(':')
            host = proxyinfo[0].strip()
            port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip()
        elif stype is None and not pargs.proxy:
            stype, cache = 'html', 'basic'
        elif stype and pargs.proxy:
            Log.error(self, "proxy should not be used with other site types")

        if not pargs.site_name:
            try:
                while not pargs.site_name:
                    # preprocessing before finalize site name
                    pargs.site_name = (input('Enter site name : ').strip())
            except IOError as e:
                Log.debug(self, str(e))
                Log.error(self, "Unable to input site name, Please try again!")

        pargs.site_name = pargs.site_name.strip()
        wo_domain = WODomain.validate(self, pargs.site_name)
        wo_www_domain = "www.{0}".format(wo_domain)
        (wo_domain_type, wo_root_domain) = WODomain.getlevel(self, wo_domain)
        if not wo_domain.strip():
            Log.error(self, "Invalid domain name, "
                      "Provide valid domain name")

        wo_site_webroot = WOVar.wo_webroot + wo_domain

        if check_domain_exists(self, wo_domain):
            Log.error(self, "site {0} already exists".format(wo_domain))
        elif os.path.isfile(
                '/etc/nginx/sites-available/{0}'.format(wo_domain)):
            Log.error(
                self, "Nginx configuration /etc/nginx/sites-available/"
                "{0} already exists".format(wo_domain))

        if stype == 'proxy':
            data = dict(site_name=wo_domain,
                        www_domain=wo_www_domain,
                        static=True,
                        basic=False,
                        wp=False,
                        wpfc=False,
                        wpsc=False,
                        wprocket=False,
                        wpce=False,
                        multisite=False,
                        wpsubdir=False,
                        webroot=wo_site_webroot)
            data['proxy'] = True
            data['host'] = host
            data['port'] = port
            data['basic'] = True

        if pargs.php72 or pargs.php73 or pargs.php74:
            data = dict(site_name=wo_domain,
                        www_domain=wo_www_domain,
                        static=False,
                        basic=False,
                        wp=False,
                        wpfc=False,
                        wpsc=False,
                        wprocket=False,
                        wpce=False,
                        multisite=False,
                        wpsubdir=False,
                        webroot=wo_site_webroot)
            data['basic'] = True

        if stype in ['html', 'php']:
            data = dict(site_name=wo_domain,
                        www_domain=wo_www_domain,
                        static=True,
                        basic=False,
                        wp=False,
                        wpfc=False,
                        wpsc=False,
                        wprocket=False,
                        wpce=False,
                        multisite=False,
                        wpsubdir=False,
                        webroot=wo_site_webroot)

            if stype == 'php':
                data['static'] = False
                data['basic'] = True

        elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:

            data = dict(site_name=wo_domain,
                        www_domain=wo_www_domain,
                        static=False,
                        basic=True,
                        wp=False,
                        wpfc=False,
                        wpsc=False,
                        wpredis=False,
                        wprocket=False,
                        wpce=False,
                        multisite=False,
                        wpsubdir=False,
                        webroot=wo_site_webroot,
                        wo_db_name='',
                        wo_db_user='',
                        wo_db_pass='',
                        wo_db_host='')

            if stype in ['wp', 'wpsubdir', 'wpsubdomain']:
                data['wp'] = True
                data['basic'] = False
                data[cache] = True
                data['wp-user'] = pargs.user
                data['wp-email'] = pargs.email
                data['wp-pass'] = pargs.wppass
                if stype in ['wpsubdir', 'wpsubdomain']:
                    data['multisite'] = True
                    if stype == 'wpsubdir':
                        data['wpsubdir'] = True
        else:
            pass

        if data and pargs.php73:
            data['php73'] = True
            data['php74'] = False
            data['php72'] = False
            data['wo_php'] = 'php73'
        elif data and pargs.php74:
            data['php72'] = False
            data['php74'] = True
            data['php73'] = False
            data['wo_php'] = 'php74'
        else:
            data['php74'] = False
            data['php72'] = True
            data['php73'] = False
            data['wo_php'] = 'php72'

        if ((not pargs.wpfc) and (not pargs.wpsc) and (not pargs.wprocket)
                and (not pargs.wpce) and (not pargs.wpredis)):
            data['basic'] = True

        if (cache == 'wpredis'):
            cache = 'wpredis'
            data['wpredis'] = True
            data['basic'] = False
            pargs.wpredis = True

        # Check rerequired packages are installed or not
        wo_auth = site_package_check(self, stype)

        try:
            pre_run_checks(self)
        except SiteError as e:
            Log.debug(self, str(e))
            Log.error(self, "NGINX configuration check failed.")

        try:
            try:
                # setup NGINX configuration, and webroot
                setupdomain(self, data)

                # Fix Nginx Hashbucket size error
                hashbucket(self)
            except SiteError as e:
                # call cleanup actions on failure
                Log.info(self,
                         Log.FAIL + "There was a serious error encountered...")
                Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                doCleanupAction(self,
                                domain=wo_domain,
                                webroot=data['webroot'])
                Log.debug(self, str(e))
                Log.error(
                    self, "Check the log for details: "
                    "`tail /var/log/wo/wordops.log` "
                    "and please try again")

            if 'proxy' in data.keys() and data['proxy']:
                addNewSite(self, wo_domain, stype, cache, wo_site_webroot)
                # Service Nginx Reload
                if not WOService.reload_service(self, 'nginx'):
                    Log.info(
                        self,
                        Log.FAIL + "There was a serious error encountered...")
                    Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                    doCleanupAction(self, domain=wo_domain)
                    deleteSiteInfo(self, wo_domain)
                    Log.error(
                        self, "service nginx reload failed. "
                        "check issues with `nginx -t` command")
                    Log.error(
                        self, "Check the log for details: "
                        "`tail /var/log/wo/wordops.log` "
                        "and please try again")
                if wo_auth and len(wo_auth):
                    for msg in wo_auth:
                        Log.info(self, Log.ENDC + msg, log=False)
                Log.info(
                    self, "Successfully created site"
                    " http://{0}".format(wo_domain))
                return

            if data['php73']:
                php_version = "7.3"
            elif data['php74']:
                php_version = "7.4"
            else:
                php_version = "7.2"

            addNewSite(self,
                       wo_domain,
                       stype,
                       cache,
                       wo_site_webroot,
                       php_version=php_version)

            # Setup database for MySQL site
            if 'wo_db_name' in data.keys() and not data['wp']:
                try:
                    data = setupdatabase(self, data)
                    # Add database information for site into database
                    updateSiteInfo(self,
                                   wo_domain,
                                   db_name=data['wo_db_name'],
                                   db_user=data['wo_db_user'],
                                   db_password=data['wo_db_pass'],
                                   db_host=data['wo_db_host'])
                except SiteError as e:
                    # call cleanup actions on failure
                    Log.debug(self, str(e))
                    Log.info(
                        self,
                        Log.FAIL + "There was a serious error encountered...")
                    Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                    doCleanupAction(self,
                                    domain=wo_domain,
                                    webroot=data['webroot'],
                                    dbname=data['wo_db_name'],
                                    dbuser=data['wo_db_user'],
                                    dbhost=data['wo_db_host'])
                    deleteSiteInfo(self, wo_domain)
                    Log.error(
                        self, "Check the log for details: "
                        "`tail /var/log/wo/wordops.log` "
                        "and please try again")

                try:
                    wodbconfig = open(
                        "{0}/wo-config.php".format(wo_site_webroot),
                        encoding='utf-8',
                        mode='w')
                    wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');"
                                     "\ndefine('DB_USER', '{1}'); "
                                     "\ndefine('DB_PASSWORD', '{2}');"
                                     "\ndefine('DB_HOST', '{3}');\n?>".format(
                                         data['wo_db_name'],
                                         data['wo_db_user'],
                                         data['wo_db_pass'],
                                         data['wo_db_host']))
                    wodbconfig.close()
                    stype = 'mysql'
                except IOError as e:
                    Log.debug(self, str(e))
                    Log.debug(
                        self, "Error occured while generating "
                        "wo-config.php")
                    Log.info(
                        self,
                        Log.FAIL + "There was a serious error encountered...")
                    Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                    doCleanupAction(self,
                                    domain=wo_domain,
                                    webroot=data['webroot'],
                                    dbname=data['wo_db_name'],
                                    dbuser=data['wo_db_user'],
                                    dbhost=data['wo_db_host'])
                    deleteSiteInfo(self, wo_domain)
                    Log.error(
                        self, "Check the log for details: "
                        "`tail /var/log/wo/wordops.log` "
                        "and please try again")

            # Setup WordPress if Wordpress site
            if data['wp']:
                vhostonly = bool(pargs.vhostonly)
                try:
                    wo_wp_creds = setupwordpress(self, data, vhostonly)
                    # Add database information for site into database
                    updateSiteInfo(self,
                                   wo_domain,
                                   db_name=data['wo_db_name'],
                                   db_user=data['wo_db_user'],
                                   db_password=data['wo_db_pass'],
                                   db_host=data['wo_db_host'])
                except SiteError as e:
                    # call cleanup actions on failure
                    Log.debug(self, str(e))
                    Log.info(
                        self,
                        Log.FAIL + "There was a serious error encountered...")
                    Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                    doCleanupAction(self,
                                    domain=wo_domain,
                                    webroot=data['webroot'],
                                    dbname=data['wo_db_name'],
                                    dbuser=data['wo_db_user'],
                                    dbhost=data['wo_mysql_grant_host'])
                    deleteSiteInfo(self, wo_domain)
                    Log.error(
                        self, "Check the log for details: "
                        "`tail /var/log/wo/wordops.log` "
                        "and please try again")

            # Service Nginx Reload call cleanup if failed to reload nginx
            if not WOService.reload_service(self, 'nginx'):
                Log.info(self,
                         Log.FAIL + "There was a serious error encountered...")
                Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                doCleanupAction(self,
                                domain=wo_domain,
                                webroot=data['webroot'])
                if 'wo_db_name' in data.keys():
                    doCleanupAction(self,
                                    domain=wo_domain,
                                    dbname=data['wo_db_name'],
                                    dbuser=data['wo_db_user'],
                                    dbhost=data['wo_mysql_grant_host'])
                deleteSiteInfo(self, wo_domain)
                Log.info(
                    self, Log.FAIL + "service nginx reload failed."
                    " check issues with `nginx -t` command.")
                Log.error(
                    self, "Check the log for details: "
                    "`tail /var/log/wo/wordops.log` "
                    "and please try again")

            WOGit.add(self, ["/etc/nginx"],
                      msg="{0} created with {1} {2}".format(
                          wo_www_domain, stype, cache))
            # Setup Permissions for webroot
            try:
                setwebrootpermissions(self, data['webroot'])
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self,
                         Log.FAIL + "There was a serious error encountered...")
                Log.info(self, Log.FAIL + "Cleaning up afterwards...")
                doCleanupAction(self,
                                domain=wo_domain,
                                webroot=data['webroot'])
                if 'wo_db_name' in data.keys():
                    print("Inside db cleanup")
                    doCleanupAction(self,
                                    domain=wo_domain,
                                    dbname=data['wo_db_name'],
                                    dbuser=data['wo_db_user'],
                                    dbhost=data['wo_mysql_grant_host'])
                deleteSiteInfo(self, wo_domain)
                Log.error(
                    self, "Check the log for details: "
                    "`tail /var/log/wo/wordops.log` and "
                    "please try again")

            if wo_auth and len(wo_auth):
                for msg in wo_auth:
                    Log.info(self, Log.ENDC + msg, log=False)

            if data['wp'] and (not pargs.vhostonly):
                Log.info(self,
                         Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user']),
                         log=False)
                Log.info(self,
                         Log.ENDC + "WordPress admin password : {0}".format(
                             wo_wp_creds['wp_pass']),
                         log=False)

                display_cache_settings(self, data)

            Log.info(
                self, "Successfully created site"
                " http://{0}".format(wo_domain))
        except SiteError:
            Log.error(
                self, "Check the log for details: "
                "`tail /var/log/wo/wordops.log` and please try again")

        if pargs.letsencrypt:
            acme_domains = []
            data['letsencrypt'] = True
            letsencrypt = True
            Log.debug(self, "Going to issue Let's Encrypt certificate")
            acmedata = dict(acme_domains,
                            dns=False,
                            acme_dns='dns_cf',
                            dnsalias=False,
                            acme_alias='',
                            keylength='')
            if self.app.config.has_section('letsencrypt'):
                acmedata['keylength'] = self.app.config.get(
                    'letsencrypt', 'keylength')
            else:
                acmedata['keylength'] = 'ec-384'
            if pargs.dns:
                Log.debug(self, "DNS validation enabled")
                acmedata['dns'] = True
                if not pargs.dns == 'dns_cf':
                    Log.debug(self, "DNS API : {0}".format(pargs.dns))
                    acmedata['acme_dns'] = pargs.dns
            if pargs.dnsalias:
                Log.debug(self, "DNS Alias enabled")
                acmedata['dnsalias'] = True
                acmedata['acme_alias'] = pargs.dnsalias

            # detect subdomain and set subdomain variable
            if pargs.letsencrypt == "subdomain":
                Log.warn(
                    self, 'Flag --letsencrypt=subdomain is '
                    'deprecated and not required anymore.')
                acme_subdomain = True
                acme_wildcard = False
            elif pargs.letsencrypt == "wildcard":
                acme_wildcard = True
                acme_subdomain = False
                acmedata['dns'] = True
            else:
                if ((wo_domain_type == 'subdomain')):
                    Log.debug(self, "Domain type = {0}".format(wo_domain_type))
                    acme_subdomain = True
                else:
                    acme_subdomain = False
                    acme_wildcard = False

            if acme_subdomain is True:
                Log.info(self, "Certificate type : subdomain")
                acme_domains = acme_domains + ['{0}'.format(wo_domain)]
            elif acme_wildcard is True:
                Log.info(self, "Certificate type : wildcard")
                acme_domains = acme_domains + [
                    '{0}'.format(wo_domain), '*.{0}'.format(wo_domain)
                ]
            else:
                Log.info(self, "Certificate type : domain")
                acme_domains = acme_domains + [
                    '{0}'.format(wo_domain), 'www.{0}'.format(wo_domain)
                ]

            if WOAcme.cert_check(self, wo_domain):
                SSL.archivedcertificatehandle(self, wo_domain, acme_domains)
            else:
                if acme_subdomain is True:
                    # check if a wildcard cert for the root domain exist
                    Log.debug(
                        self,
                        "checkWildcardExist on *.{0}".format(wo_root_domain))
                    if SSL.checkwildcardexist(self, wo_root_domain):
                        Log.info(
                            self, "Using existing Wildcard SSL "
                            "certificate from {0} to secure {1}".format(
                                wo_root_domain, wo_domain))
                        Log.debug(
                            self, "symlink wildcard "
                            "cert between {0} & {1}".format(
                                wo_domain, wo_root_domain))
                        # copy the cert from the root domain
                        copyWildcardCert(self, wo_domain, wo_root_domain)
                    else:
                        # check DNS records before issuing cert
                        if not acmedata['dns'] is True:
                            if not pargs.force:
                                if not WOAcme.check_dns(self, acme_domains):
                                    Log.error(
                                        self, "Aborting SSL "
                                        "certificate issuance")
                        Log.debug(
                            self, "Setup Cert with acme.sh for {0}".format(
                                wo_domain))
                        if WOAcme.setupletsencrypt(self, acme_domains,
                                                   acmedata):
                            WOAcme.deploycert(self, wo_domain)
                else:
                    if not acmedata['dns'] is True:
                        if not pargs.force:
                            if not WOAcme.check_dns(self, acme_domains):
                                Log.error(self,
                                          "Aborting SSL certificate issuance")
                    if WOAcme.setupletsencrypt(self, acme_domains, acmedata):
                        WOAcme.deploycert(self, wo_domain)

                if pargs.hsts:
                    SSL.setuphsts(self, wo_domain)

                SSL.httpsredirect(self, wo_domain, acme_domains, True)
                SSL.siteurlhttps(self, wo_domain)
                if not WOService.reload_service(self, 'nginx'):
                    Log.error(
                        self, "service nginx reload failed. "
                        "check issues with `nginx -t` command")
                Log.info(
                    self, "Congratulations! Successfully Configured "
                    "SSL on https://{0}".format(wo_domain))

                # Add nginx conf folder into GIT
                WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
                          msg="Adding letsencrypts config of site: {0}".format(
                              wo_domain))
                updateSiteInfo(self, wo_domain, ssl=letsencrypt)
示例#13
0
    def doupdatesite(self, pargs):
        pargs = self.app.pargs
        letsencrypt = False
        php73 = False
        php74 = False
        php72 = False

        data = dict()
        try:
            stype, cache = detSitePar(vars(pargs))
        except RuntimeError as e:
            Log.debug(self, str(e))
            Log.error(self, "Please provide valid options combination for"
                      " site update")

        if stype is None and pargs.proxy:
            stype, cache = 'proxy', ''
            proxyinfo = pargs.proxy[0].strip()
            if not proxyinfo:
                Log.error(self, "Please provide proxy server host information")
            proxyinfo = proxyinfo.split(':')
            host = proxyinfo[0].strip()
            port = '80' if len(proxyinfo) < 2 else proxyinfo[1].strip()
        elif stype is None and not (pargs.proxy or pargs.letsencrypt):
            stype, cache = 'html', 'basic'
        elif stype and pargs.proxy:
            Log.error(self, "--proxy can not be used with other site types")

        if not pargs.site_name:
            try:
                while not pargs.site_name:
                    pargs.site_name = (input('Enter site name : ').strip())
            except IOError:
                Log.error(self, 'Unable to input site name, Please try again!')

        pargs.site_name = pargs.site_name.strip()
        wo_domain = WODomain.validate(self, pargs.site_name)
        wo_www_domain = "www.{0}".format(wo_domain)
        (wo_domain_type, wo_root_domain) = WODomain.getlevel(
            self, wo_domain)
        wo_site_webroot = WOVar.wo_webroot + wo_domain
        check_site = getSiteInfo(self, wo_domain)

        if check_site is None:
            Log.error(self, " Site {0} does not exist.".format(wo_domain))
        else:
            oldsitetype = check_site.site_type
            oldcachetype = check_site.cache_type
            check_ssl = check_site.is_ssl
            check_php_version = check_site.php_version

            old_php72 = bool(check_php_version == "7.2")
            old_php73 = bool(check_php_version == "7.3")
            old_php74 = bool(check_php_version == "7.4")

        if ((pargs.password or pargs.hsts or
             pargs.ngxblocker or pargs.letsencrypt == 'renew') and not (
            pargs.html or pargs.php or pargs.php72 or pargs.php73 or
            pargs.php74 or
            pargs.mysql or pargs.wp or pargs.wpfc or pargs.wpsc or
            pargs.wprocket or pargs.wpce or
                pargs.wpsubdir or pargs.wpsubdomain)):

            # update wordpress password
            if (pargs.password):
                try:
                    updatewpuserpassword(self, wo_domain, wo_site_webroot)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, "\nPassword Unchanged.")
                return 0

            # setup hsts
            if (pargs.hsts):
                if pargs.hsts == "on":
                    SSL.setuphsts(self, wo_domain, enable=True)
                elif pargs.hsts == "off":
                    SSL.setuphsts(self, wo_domain, enable=False)
                    # Service Nginx Reload
                if not WOService.reload_service(self, 'nginx'):
                    Log.error(
                        self, "service nginx reload failed. "
                        "check issues with `nginx -t` command")
                return 0

            # setup ngxblocker
            if (pargs.ngxblocker):
                if pargs.ngxblocker == "on":
                    if os.path.isdir('/etc/nginx/bots.d'):
                        try:
                            setupngxblocker(self, wo_domain)
                        except SiteError as e:
                            Log.debug(self, str(e))
                            Log.info(self, "\nngxblocker not enabled.")
                    else:
                        Log.error(self, 'ngxblocker stack is not installed')
                elif pargs.ngxblocker == "off":
                    try:
                        setupngxblocker(self, wo_domain, False)
                    except SiteError as e:
                        Log.debug(self, str(e))
                        Log.info(self, "\nngxblocker not enabled.")

                # Service Nginx Reload
                if not WOService.reload_service(self, 'nginx'):
                    Log.error(self, "service nginx reload failed. "
                              "check issues with `nginx -t` command")
                return 0

            # letsencryot rebew
            if (pargs.letsencrypt == 'renew'):
                if WOAcme.cert_check(self, wo_domain):
                    if not pargs.force:
                        if (SSL.getexpirationdays(self, wo_domain) > 30):
                            Log.error(
                                self, "Your cert will expire in more "
                                "than 30 days ( " +
                                str(SSL.getexpirationdays(self, wo_domain)) +
                                " days).\nAdd \'--force\' to force to renew")
                    Log.wait(self, "Renewing SSL certificate")
                    if WOAcme.renew(self, wo_domain):
                        Log.valide(self, "Renewing SSL certificate")
                else:
                    Log.error(self, "Certificate doesn't exist")
                return 0

        if (((stype == 'php' and
              oldsitetype not in ['html', 'proxy', 'php', 'php72',
                                  'php73', 'php74']) or
             (stype == 'mysql' and oldsitetype not in [
                 'html', 'php', 'php72', 'php73', 'php74', 'proxy']) or
             (stype == 'wp' and oldsitetype not in [
                 'html', 'php', 'php72', 'php73', 'php74', 'mysql',
                 'proxy', 'wp']) or
             (stype == 'wpsubdir' and oldsitetype in ['wpsubdomain']) or
             (stype == 'wpsubdomain' and oldsitetype in ['wpsubdir']) or
             (stype == oldsitetype and cache == oldcachetype)) and
                not (pargs.php72 or pargs.php73 or pargs.php74)):
            Log.info(self, Log.FAIL + "can not update {0} {1} to {2} {3}".
                     format(oldsitetype, oldcachetype, stype, cache))
            return 1

        if stype == 'proxy':
            data['site_name'] = wo_domain
            data['www_domain'] = wo_www_domain
            data['proxy'] = True
            data['host'] = host
            data['port'] = port
            data['webroot'] = wo_site_webroot
            data['currsitetype'] = oldsitetype
            data['currcachetype'] = oldcachetype

        if stype == 'php':
            data = dict(
                site_name=wo_domain, www_domain=wo_www_domain,
                static=False, basic=True, wp=False, wpfc=False,
                php72=False, php73=False, php74=False,
                wpsc=False, wpredis=False, wprocket=False, wpce=False,
                multisite=False, wpsubdir=False, webroot=wo_site_webroot,
                currsitetype=oldsitetype, currcachetype=oldcachetype)

        elif stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
            data = dict(
                site_name=wo_domain, www_domain=wo_www_domain,
                static=False, basic=True, wp=False, wpfc=False,
                wpsc=False, wpredis=False, wprocket=False, wpce=False,
                multisite=False, wpsubdir=False, webroot=wo_site_webroot,
                wo_db_name='', wo_db_user='', wo_db_pass='',
                wo_db_host='',
                currsitetype=oldsitetype, currcachetype=oldcachetype)

        if stype in ['wp', 'wpsubdir', 'wpsubdomain']:
            data['wp'] = True
            data['basic'] = False
            data[cache] = True
            if stype in ['wpsubdir', 'wpsubdomain']:
                data['multisite'] = True
                if stype == 'wpsubdir':
                    data['wpsubdir'] = True

        if ((pargs.php72 or pargs.php73 or
             pargs.php74) and (not data)):
            Log.debug(
                self, "pargs php72, or php73, or php74 enabled")
            data = dict(
                site_name=wo_domain,
                www_domain=wo_www_domain,
                currsitetype=oldsitetype,
                currcachetype=oldcachetype,
                webroot=wo_site_webroot)
            stype = oldsitetype
            cache = oldcachetype
            if oldsitetype == 'html' or oldsitetype == 'proxy':
                data['static'] = False
                data['wp'] = False
                data['multisite'] = False
                data['wpsubdir'] = False
            elif (oldsitetype == 'php' or oldsitetype == 'mysql' or
                  oldsitetype == 'php73'or oldsitetype == 'php74'):
                data['static'] = False
                data['wp'] = False
                data['multisite'] = False
                data['wpsubdir'] = False
            elif oldsitetype == 'wp':
                data['static'] = False
                data['wp'] = True
                data['multisite'] = False
                data['wpsubdir'] = False
            elif oldsitetype == 'wpsubdir':
                data['static'] = False
                data['wp'] = True
                data['multisite'] = True
                data['wpsubdir'] = True
            elif oldsitetype == 'wpsubdomain':
                data['static'] = False
                data['wp'] = True
                data['multisite'] = True
                data['wpsubdir'] = False

            if oldcachetype == 'basic':
                data['basic'] = True
                data['wpfc'] = False
                data['wpsc'] = False
                data['wpredis'] = False
                data['wprocket'] = False
                data['wpce'] = False
            elif oldcachetype == 'wpfc':
                data['basic'] = False
                data['wpfc'] = True
                data['wpsc'] = False
                data['wpredis'] = False
                data['wprocket'] = False
                data['wpce'] = False
            elif oldcachetype == 'wpsc':
                data['basic'] = False
                data['wpfc'] = False
                data['wpsc'] = True
                data['wpredis'] = False
                data['wprocket'] = False
                data['wpce'] = False
            elif oldcachetype == 'wpredis':
                data['basic'] = False
                data['wpfc'] = False
                data['wpsc'] = False
                data['wpredis'] = True
                data['wprocket'] = False
                data['wpce'] = False
            elif oldcachetype == 'wprocket':
                data['basic'] = False
                data['wpfc'] = False
                data['wpsc'] = False
                data['wpredis'] = False
                data['wprocket'] = True
                data['wpce'] = False
            elif oldcachetype == 'wpce':
                data['basic'] = False
                data['wpfc'] = False
                data['wpsc'] = False
                data['wpredis'] = False
                data['wprocket'] = False
                data['wpce'] = True

        if pargs.php72:
            Log.debug(self, "pargs.php72 detected")
            data['php72'] = True
            php72 = True
        elif pargs.php73:
            Log.debug(self, "pargs.php73 detected")
            data['php73'] = True
            php73 = True
        elif pargs.php74:
            Log.debug(self, "pargs.php74 detected")
            data['php74'] = True
            php74 = True

        if pargs.php72:
            if php72 is old_php72:
                Log.info(self, "PHP 7.2 is already enabled for given "
                         "site")
                pargs.php72 = False

        if pargs.php73:
            if php73 is old_php73:
                Log.info(self, "PHP 7.3 is already enabled for given "
                         "site")
                pargs.php73 = False

        if pargs.php74:
            if php74 is old_php74:
                Log.info(self, "PHP 7.4 is already enabled for given "
                         "site")
                pargs.php74 = False

        if (data and (not pargs.php73) and
                (not pargs.php74) and (not pargs.php72)):
            data['php72'] = bool(old_php72 is True)
            Log.debug(self, "data php72 = {0}".format(data['php72']))
            php72 = bool(old_php72 is True)
            data['php73'] = bool(old_php73 is True)
            Log.debug(self, "data php73 = {0}".format(data['php73']))
            php73 = bool(old_php73 is True)
            data['php74'] = bool(old_php74 is True)
            Log.debug(self, "data php74 = {0}".format(data['php74']))
            php74 = bool(old_php74 is True)

        if pargs.letsencrypt:
            acme_domains = []
            acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf',
                            dnsalias=False, acme_alias='', keylength='')
            acmedata['keylength'] = self.app.config.get('letsencrypt',
                                                        'keylength')
            if pargs.letsencrypt == 'on':
                data['letsencrypt'] = True
                letsencrypt = True
                acme_subdomain = bool(wo_domain_type == 'subdomain')
                acme_wildcard = False
            elif pargs.letsencrypt == 'subdomain':
                data['letsencrypt'] = True
                letsencrypt = True
                acme_subdomain = True
                acme_wildcard = False
            elif pargs.letsencrypt == 'wildcard':
                data['letsencrypt'] = True
                letsencrypt = True
                acme_wildcard = True
                acme_subdomain = False
                acmedata['dns'] = True
            elif pargs.letsencrypt == 'off':
                data['letsencrypt'] = False
                letsencrypt = False
                acme_subdomain = False
                acme_wildcard = False
            elif pargs.letsencrypt == 'clean':
                data['letsencrypt'] = False
                letsencrypt = False
                acme_subdomain = False
                acme_wildcard = False
            elif pargs.letsencrypt == 'purge':
                data['letsencrypt'] = False
                letsencrypt = False
                acme_subdomain = False
                acme_wildcard = False
            else:
                data['letsencrypt'] = False
                letsencrypt = False
                acme_subdomain = False
                acme_wildcard = False

            if not (acme_subdomain is True):
                if letsencrypt is check_ssl:
                    if letsencrypt is False:
                        Log.error(self, "SSL is not configured for given "
                                  "site")
                    elif letsencrypt is True:
                        Log.error(self, "SSL is already configured for given "
                                  "site")
                    pargs.letsencrypt = False

        if pargs.all and pargs.letsencrypt == "off":
            if letsencrypt is check_ssl:
                if letsencrypt is False:
                    Log.error(self, "HTTPS is not configured for given "
                              "site", False)
                    return 0

        if pargs.wpredis and data['currcachetype'] != 'wpredis':
            data['wpredis'] = True
            data['basic'] = False
            cache = 'wpredis'

        if pargs.wprocket and data['currcachetype'] != 'wprocket':
            data['wprocket'] = True
            data['basic'] = False
            cache = 'wprocket'

        if pargs.wpce and data['currcachetype'] != 'wpce':
            data['wpce'] = True
            data['basic'] = False
            cache = 'wpce'

        if ((php73 is old_php73) and (php72 is old_php72) and
            (php74 is old_php74) and (stype == oldsitetype and
                                      cache == oldcachetype)):
            Log.debug(self, "Nothing to update")
            return 1

        if php73 is True:
            data['wo_php'] = 'php73'
            check_php_version = '7.3'
        elif php74 is True:
            data['wo_php'] = 'php74'
            check_php_version = '7.4'
        elif php72 is True:
            data['wo_php'] = 'php72'
            check_php_version = '7.2'
        else:
            data['wo_php'] = 'php72'
            check_php_version = '7.2'

        if pargs.hsts:
            data['hsts'] = bool(pargs.hsts == "on")

        if pargs.ngxblocker:
            ngxblocker = bool(pargs.ngxblocker == 'on')

        if not data:
            Log.error(self, "Cannot update {0}, Invalid Options"
                      .format(wo_domain))

        wo_auth = site_package_check(self, stype)
        data['wo_db_name'] = check_site.db_name
        data['wo_db_user'] = check_site.db_user
        data['wo_db_pass'] = check_site.db_password
        data['wo_db_host'] = check_site.db_host

        if not (pargs.letsencrypt or pargs.hsts or pargs.ngxblocker):
            try:
                pre_run_checks(self)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.error(self, "NGINX configuration check failed.")

            try:
                sitebackup(self, data)
            except Exception as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

            # setup NGINX configuration, and webroot
            try:
                setupdomain(self, data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details:"
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        if 'proxy' in data.keys() and data['proxy']:
            updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
                           ssl=(bool(check_site.is_ssl)))
            Log.info(self, "Successfully updated site"
                     " http://{0}".format(wo_domain))
            return 0

        if pargs.letsencrypt:
            if data['letsencrypt'] is True:
                # DNS API configuration
                if pargs.dns:
                    Log.debug(self, "DNS validation enabled")
                    acmedata['dns'] = True
                    if not pargs.dns == 'dns_cf':
                        Log.debug(self, "DNS API : {0}".format(pargs.dns))
                        acmedata['acme_dns'] = pargs.dns
                if pargs.dnsalias:
                    Log.debug(self, "DNS Alias enabled")
                    acmedata['dnsalias'] = True
                    acmedata['acme_alias'] = pargs.dnsalias
                # Set list of domains to secure
                if acme_subdomain is True:
                    Log.info(self, "Certificate type : subdomain")
                    acme_domains = acme_domains + [
                        '{0}'.format(wo_domain)]
                elif acme_wildcard is True:
                    Log.info(self, "Certificate type : wildcard")
                    acme_domains = acme_domains + [
                        '{0}'.format(wo_domain),
                        '*.{0}'.format(wo_domain)]
                else:
                    Log.info(self, "Certificate type : domain")
                    acme_domains = acme_domains + [
                        '{0}'.format(wo_domain),
                        'www.{0}'.format(wo_domain)]

                if WOAcme.cert_check(self, wo_domain):
                    SSL.archivedcertificatehandle(
                        self, wo_domain, acme_domains)
                else:
                    if acme_subdomain:
                        Log.debug(self, "checkWildcardExist on *.{0}"
                                  .format(wo_root_domain))
                        if SSL.checkwildcardexist(self, wo_root_domain):
                            Log.info(
                                self, "Using existing Wildcard SSL "
                                "certificate from {0} to secure {1}"
                                .format(wo_root_domain, wo_domain))
                            Log.debug(
                                self, "symlink wildcard "
                                "cert between {0} & {1}"
                                .format(wo_domain, wo_root_domain))
                            # copy the cert from the root domain
                            copyWildcardCert(self, wo_domain,
                                             wo_root_domain)
                        else:
                            # check DNS records before issuing cert
                            if not acmedata['dns'] is True:
                                if not pargs.force:
                                    if not WOAcme.check_dns(self,
                                                            acme_domains):
                                        Log.error(
                                            self,
                                            "Aborting SSL certificate "
                                            "issuance")
                            Log.debug(
                                self, "Setup Cert with acme.sh for {0}"
                                .format(wo_domain))
                            if WOAcme.setupletsencrypt(
                                    self, acme_domains, acmedata):
                                WOAcme.deploycert(self, wo_domain)
                            else:
                                Log.error(
                                    self, "Unable to issue certificate")
                    else:
                        # check DNS records before issuing cert
                        if not acmedata['dns'] is True:
                            if not pargs.force:
                                if not WOAcme.check_dns(self,
                                                        acme_domains):
                                    Log.error(
                                        self,
                                        "Aborting SSL "
                                        "certificate issuance")
                        if WOAcme.setupletsencrypt(
                                self, acme_domains, acmedata):
                            WOAcme.deploycert(self, wo_domain)
                        else:
                            Log.error(self, "Unable to issue certificate")

                    SSL.httpsredirect(
                        self, wo_domain, acme_domains, redirect=True)
                    SSL.siteurlhttps(self, wo_domain)

                if not WOService.reload_service(self, 'nginx'):
                    Log.error(self, "service nginx reload failed. "
                              "check issues with `nginx -t` command")
                Log.info(self, "Congratulations! Successfully "
                         "Configured SSL on https://{0}".format(wo_domain))
                if (SSL.getexpirationdays(self, wo_domain) > 0):
                    Log.info(self, "Your cert will expire within " +
                             str(SSL.getexpirationdays(self, wo_domain)) +
                             " days.")
                else:
                    Log.warn(
                        self, "Your cert already EXPIRED ! "
                        ".PLEASE renew soon . ")

            elif data['letsencrypt'] is False:
                if pargs.letsencrypt == "off":
                    if os.path.islink("{0}/conf/nginx/ssl.conf"
                                      .format(wo_site_webroot)):
                        WOFileUtils.remove_symlink(self,
                                                   "{0}/conf/nginx/ssl.conf"
                                                   .format(wo_site_webroot))
                    elif os.path.isfile("{0}/conf/nginx/ssl.conf"
                                        .format(wo_site_webroot)):
                        Log.info(self, 'Setting Nginx configuration')
                        WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf"
                                           .format(wo_site_webroot),
                                           '{0}/conf/nginx/ssl.conf.disabled'
                                           .format(wo_site_webroot))
                        SSL.httpsredirect(
                            self, wo_domain, acmedata, redirect=False)
                        if os.path.isfile("{0}/conf/nginx/hsts.conf"
                                          .format(wo_site_webroot)):
                            WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
                                               .format(wo_site_webroot),
                                               '{0}/conf/nginx/'
                                               'hsts.conf.disabled'
                                               .format(wo_site_webroot))
                        # find all broken symlinks
                        sympath = "/var/www"
                        WOFileUtils.findBrokenSymlink(self, sympath)

                elif (pargs.letsencrypt == "clean" or
                      pargs.letsencrypt == "purge"):
                    WOAcme.removeconf(self, wo_domain)
                    # find all broken symlinks
                    sympath = "/var/www"
                    WOFileUtils.findBrokenSymlink(self, sympath)
                if not WOService.reload_service(self, 'nginx'):
                    Log.error(self, "service nginx reload failed. "
                              "check issues with `nginx -t` command")
                    # Log.info(self,"Removing Cron Job set for cert
                    # auto-renewal") WOCron.remove_cron(self,'wo site
                    # update {0} --le=renew --min_expiry_limit 30
                    # 2> \/dev\/null'.format(wo_domain))
                    Log.info(self, "Successfully Disabled SSl for Site "
                             " http://{0}".format(wo_domain))

            # Add nginx conf folder into GIT
            WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
                      msg="Adding letsencrypts config of site: {0}"
                      .format(wo_domain))
            updateSiteInfo(self, wo_domain, ssl=letsencrypt)
            return 0

        if pargs.hsts:
            if data['hsts'] is True:
                if os.path.isfile(("{0}/conf/nginx/ssl.conf")
                                  .format(wo_site_webroot)):
                    if not os.path.isfile("{0}/conf/nginx/hsts.conf"
                                          .format(wo_site_webroot)):
                        SSL.setuphsts(self, wo_domain)
                    else:
                        Log.error(self, "HSTS is already configured for given "
                                        "site")
                    if not WOService.reload_service(self, 'nginx'):
                        Log.error(self, "service nginx reload failed. "
                                  "check issues with `nginx -t` command")
                else:
                    Log.error(self, "HTTPS is not configured for given "
                              "site")

            elif data['hsts'] is False:
                if os.path.isfile(("{0}/conf/nginx/hsts.conf")
                                  .format(wo_site_webroot)):
                    WOFileUtils.mvfile(self, "{0}/conf/nginx/hsts.conf"
                                       .format(wo_site_webroot),
                                       '{0}/conf/nginx/hsts.conf.disabled'
                                       .format(wo_site_webroot))
                    if not WOService.reload_service(self, 'nginx'):
                        Log.error(self, "service nginx reload failed. "
                                  "check issues with `nginx -t` command")
                else:
                    Log.error(self, "HSTS is not configured for given "
                              "site")
        if pargs.ngxblocker:
            if ngxblocker is True:
                setupngxblocker(self, wo_domain)
            elif ngxblocker is False:
                if os.path.isfile("{0}/conf/nginx/ngxblocker.conf"
                                  .format(wo_site_webroot)):
                    WOFileUtils.mvfile(
                        self,
                        "{0}/conf/nginx/ngxblocker.conf"
                        .format(wo_site_webroot),
                        "{0}/conf/nginx/ngxblocker.conf.disabled"
                        .format(wo_site_webroot))
            # Service Nginx Reload
            if not WOService.reload_service(self, 'nginx'):
                Log.error(self, "service nginx reload failed. "
                          "check issues with `nginx -t` command")

        if stype == oldsitetype and cache == oldcachetype:

            # Service Nginx Reload
            if not WOService.reload_service(self, 'nginx'):
                Log.error(self, "service nginx reload failed. "
                          "check issues with `nginx -t` command")

            updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
                           ssl=(bool(check_site.is_ssl)),
                           php_version=check_php_version)

            Log.info(self, "Successfully updated site"
                     " http://{0}".format(wo_domain))
            return 0

        # if data['wo_db_name'] and not data['wp']:
        if 'wo_db_name' in data.keys() and not data['wp']:
            try:
                data = setupdatabase(self, data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details:"
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1
            try:
                wodbconfig = open("{0}/wo-config.php".format(wo_site_webroot),
                                  encoding='utf-8', mode='w')
                wodbconfig.write("<?php \ndefine('DB_NAME', '{0}');"
                                 "\ndefine('DB_USER', '{1}'); "
                                 "\ndefine('DB_PASSWORD', '{2}');"
                                 "\ndefine('DB_HOST', '{3}');\n?>"
                                 .format(data['wo_db_name'],
                                         data['wo_db_user'],
                                         data['wo_db_pass'],
                                         data['wo_db_host']))
                wodbconfig.close()
            except IOError as e:
                Log.debug(self, str(e))
                Log.debug(self, "creating wo-config.php failed.")
                Log.info(self, Log.FAIL + "Update site failed. "
                         "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        # Setup WordPress if old sites are html/php/mysql sites
        if data['wp'] and oldsitetype in ['html', 'proxy', 'php', 'php72',
                                          'mysql', 'php73', 'php74']:
            try:
                wo_wp_creds = setupwordpress(self, data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        # Uninstall unnecessary plugins
        if oldsitetype in ['wp', 'wpsubdir', 'wpsubdomain']:
            # Setup WordPress Network if update option is multisite
            # and oldsite is WordPress single site
            if data['multisite'] and oldsitetype == 'wp':
                try:
                    setupwordpressnetwork(self, data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update site failed. "
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

            if ((oldcachetype in ['wpsc', 'basic', 'wpredis', 'wprocket',
                                  'wpce'] and
                 (data['wpfc'])) or (oldsitetype == 'wp' and
                                     data['multisite'] and data['wpfc'])):
                try:
                    plugin_data_object = {
                        "log_level": "INFO",
                        "log_filesize": 5,
                        "enable_purge": 1,
                        "enable_map": "0",
                        "enable_log": 0,
                        "enable_stamp": 1,
                        "purge_homepage_on_new": 1,
                        "purge_homepage_on_edit": 1,
                        "purge_homepage_on_del": 1,
                        "purge_archive_on_new": 1,
                        "purge_archive_on_edit": 0,
                        "purge_archive_on_del": 0,
                        "purge_archive_on_new_comment": 0,
                        "purge_archive_on_deleted_comment": 0,
                        "purge_page_on_mod": 1,
                        "purge_page_on_new_comment": 1,
                        "purge_page_on_deleted_comment": 1,
                        "cache_method": "enable_fastcgi",
                        "purge_method": "get_request",
                        "redis_hostname": "127.0.0.1",
                                          "redis_port": "6379",
                                          "redis_prefix": "nginx-cache:"}
                    plugin_data = json.dumps(plugin_data_object)
                    setupwp_plugin(self, 'nginx-helper',
                                   'rt_wp_nginx_helper_options',
                                   plugin_data, data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update nginx-helper "
                             "settings failed. "
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

            elif ((oldcachetype in ['wpsc', 'basic', 'wpfc',
                                    'wprocket', 'wpce'] and
                   (data['wpredis'])) or (oldsitetype == 'wp' and
                                          data['multisite'] and
                                          data['wpredis'])):
                try:
                    plugin_data_object = {
                        "log_level": "INFO",
                        "log_filesize": 5,
                        "enable_purge": 1,
                        "enable_map": "0",
                        "enable_log": 0,
                        "enable_stamp": 1,
                        "purge_homepage_on_new": 1,
                        "purge_homepage_on_edit": 1,
                        "purge_homepage_on_del": 1,
                        "purge_archive_on_new": 1,
                        "purge_archive_on_edit": 0,
                        "purge_archive_on_del": 0,
                        "purge_archive_on_new_comment": 0,
                        "purge_archive_on_deleted_comment": 0,
                        "purge_page_on_mod": 1,
                        "purge_page_on_new_comment": 1,
                        "purge_page_on_deleted_comment": 1,
                        "cache_method": "enable_redis",
                        "purge_method": "get_request",
                        "redis_hostname": "127.0.0.1",
                                          "redis_port": "6379",
                                          "redis_prefix": "nginx-cache:"}
                    plugin_data = json.dumps(plugin_data_object)
                    setupwp_plugin(self, 'nginx-helper',
                                   'rt_wp_nginx_helper_options',
                                   plugin_data, data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update nginx-helper "
                             "settings failed. "
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1
            else:
                try:
                    # disable nginx-helper
                    plugin_data_object = {
                        "log_level": "INFO",
                        "log_filesize": 5,
                        "enable_purge": 0,
                        "enable_map": 0,
                        "enable_log": 0,
                        "enable_stamp": 0,
                        "purge_homepage_on_new": 1,
                        "purge_homepage_on_edit": 1,
                        "purge_homepage_on_del": 1,
                        "purge_archive_on_new": 1,
                        "purge_archive_on_edit": 0,
                        "purge_archive_on_del": 0,
                        "purge_archive_on_new_comment": 0,
                        "purge_archive_on_deleted_comment": 0,
                        "purge_page_on_mod": 1,
                        "purge_page_on_new_comment": 1,
                        "purge_page_on_deleted_comment": 1,
                        "cache_method": "enable_redis",
                        "purge_method": "get_request",
                        "redis_hostname": "127.0.0.1",
                                          "redis_port": "6379",
                                          "redis_prefix": "nginx-cache:"}
                    plugin_data = json.dumps(plugin_data_object)
                    setupwp_plugin(
                        self, 'nginx-helper',
                        'rt_wp_nginx_helper_options', plugin_data, data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update nginx-helper "
                             "settings failed. "
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

            if ((oldcachetype in ['wpsc', 'basic',
                                  'wpfc', 'wprocket', 'wpredis'] and
                 (data['wpce'])) or (oldsitetype == 'wp' and
                                     data['multisite'] and
                                     data['wpce'])):
                try:
                    installwp_plugin(self, 'cache-enabler', data)
                    # setup cache-enabler
                    plugin_data_object = {
                        "expires": 24,
                        "new_post": 1,
                        "new_comment": 0,
                        "webp": 0,
                        "clear_on_upgrade": 1,
                        "compress": 0,
                        "excl_ids": "",
                        "excl_regexp": "",
                        "excl_cookies": "",
                        "incl_attributes": "",
                        "minify_html": 1}
                    plugin_data = json.dumps(plugin_data_object)
                    setupwp_plugin(self, 'cache-enabler',
                                   'cache-enabler', plugin_data, data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update cache-enabler "
                             "settings failed. "
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

            if oldcachetype == 'wpsc' and not data['wpsc']:
                try:
                    uninstallwp_plugin(self, 'wp-super-cache', data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update site failed."
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

            if oldcachetype == 'wpredis' and not data['wpredis']:
                try:
                    uninstallwp_plugin(self, 'redis-cache', data)
                except SiteError as e:
                    Log.debug(self, str(e))
                    Log.info(self, Log.FAIL + "Update site failed."
                             "Check the log for details:"
                             " `tail /var/log/wo/wordops.log` "
                             "and please try again")
                    return 1

        if oldcachetype != 'wpsc' and data['wpsc']:
            try:
                installwp_plugin(self, 'wp-super-cache', data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        if oldcachetype == 'wprocket' and not data['wprocket']:
            try:
                uninstallwp_plugin(self, 'wp-rocket', data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        if oldcachetype == 'wpce' and not data['wpce']:
            try:
                uninstallwp_plugin(self, 'cache-enabler', data)
            except SiteError as e:
                Log.debug(self, str(e))
                Log.info(self, Log.FAIL + "Update site failed."
                         "Check the log for details: "
                         "`tail /var/log/wo/wordops.log` and please try again")
                return 1

        # Service Nginx Reload
        if not WOService.reload_service(self, 'nginx'):
            Log.error(self, "service nginx reload failed. "
                      "check issues with `nginx -t` command")

        WOGit.add(self, ["/etc/nginx"],
                  msg="{0} updated with {1} {2}"
                  .format(wo_www_domain, stype, cache))
        # Setup Permissions for webroot
        try:
            setwebrootpermissions(self, data['webroot'])
        except SiteError as e:
            Log.debug(self, str(e))
            Log.info(self, Log.FAIL + "Update site failed."
                     "Check the log for details: "
                     "`tail /var/log/wo/wordops.log` and please try again")
            return 1

        if wo_auth and len(wo_auth):
            for msg in wo_auth:
                Log.info(self, Log.ENDC + msg)

        display_cache_settings(self, data)
        if data['wp'] and oldsitetype in ['html', 'php', 'mysql']:
            Log.info(self, "\n\n" + Log.ENDC + "WordPress admin user :"******" {0}".format(wo_wp_creds['wp_user']))
            Log.info(self, Log.ENDC + "WordPress admin password : {0}"
                     .format(wo_wp_creds['wp_pass']) + "\n\n")
        if oldsitetype in ['html', 'php'] and stype != 'php':
            updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
                           db_name=data['wo_db_name'],
                           db_user=data['wo_db_user'],
                           db_password=data['wo_db_pass'],
                           db_host=data['wo_db_host'],
                           ssl=bool(check_site.is_ssl),
                           php_version=check_php_version)
        else:
            updateSiteInfo(self, wo_domain, stype=stype, cache=cache,
                           ssl=bool(check_site.is_ssl),
                           php_version=check_php_version)
        Log.info(self, "Successfully updated site"
                 " http://{0}".format(wo_domain))
        return 0