0ct0pu5/webinoly
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: 0ct0pu5:v1.17.0
Branches Tags
0ct0pu5:master
0ct0pu5:v1.17.9
0ct0pu5:v1.17.8
0ct0pu5:v1.17.7
0ct0pu5:v1.17.6
0ct0pu5:v1.17.5
0ct0pu5:v1.17.4
0ct0pu5:v1.17.3
0ct0pu5:v1.17.2
0ct0pu5:v1.17.1
0ct0pu5:v1.17.0
0ct0pu5:v1.16.7
0ct0pu5:v1.16.6
0ct0pu5:v1.16.5
0ct0pu5:v1.16.4
0ct0pu5:v1.16.3
0ct0pu5:v1.16.2
0ct0pu5:v1.16.1
0ct0pu5:v1.16.0
0ct0pu5:1.15.1
0ct0pu5:v1.15.0
0ct0pu5:v1.14.3
0ct0pu5:v1.14.2
0ct0pu5:v1.14.1
0ct0pu5:v1.14.0
0ct0pu5:v1.13.2
0ct0pu5:v1.13.1
0ct0pu5:v1.13.0
0ct0pu5:v1.12.1
0ct0pu5:v1.12.0
0ct0pu5:v1.11.3
0ct0pu5:v1.11.2
0ct0pu5:v1.11.1
0ct0pu5:v1.11.0
0ct0pu5:v1.10.3
0ct0pu5:v1.10.2
0ct0pu5:v1.10.1
0ct0pu5:v1.10.0
0ct0pu5:v1.9.2
0ct0pu5:v1.9.1
0ct0pu5:v1.9.0
0ct0pu5:v1.8.3
0ct0pu5:v1.8.2
0ct0pu5:v1.8.1
0ct0pu5:v1.8.0
0ct0pu5:v1.7.4
0ct0pu5:v1.7.3
0ct0pu5:v1.7.2
0ct0pu5:v1.7.1
0ct0pu5:v1.7.0
0ct0pu5:v1.6.2
0ct0pu5:v1.6.1
0ct0pu5:v1.6.0
0ct0pu5:v1.5.1
0ct0pu5:v1.5.0
0ct0pu5:v1.4.3
0ct0pu5:v1.4.2
0ct0pu5:v1.4.1
0ct0pu5:v1.4.0
0ct0pu5:v1.3.1
0ct0pu5:v1.3.0
0ct0pu5:v1.2.3
0ct0pu5:v1.2.2
0ct0pu5:v1.2.1
0ct0pu5:v1.2.0
0ct0pu5:v1.1.0
0ct0pu5:v1.0.2
0ct0pu5:v1.0.1
0ct0pu5:1.0.0
...
compare: 0ct0pu5:master
Branches Tags
0ct0pu5:master
0ct0pu5:v1.17.9
0ct0pu5:v1.17.8
0ct0pu5:v1.17.7
0ct0pu5:v1.17.6
0ct0pu5:v1.17.5
0ct0pu5:v1.17.4
0ct0pu5:v1.17.3
0ct0pu5:v1.17.2
0ct0pu5:v1.17.1
0ct0pu5:v1.17.0
0ct0pu5:v1.16.7
0ct0pu5:v1.16.6
0ct0pu5:v1.16.5
0ct0pu5:v1.16.4
0ct0pu5:v1.16.3
0ct0pu5:v1.16.2
0ct0pu5:v1.16.1
0ct0pu5:v1.16.0
0ct0pu5:1.15.1
0ct0pu5:v1.15.0
0ct0pu5:v1.14.3
0ct0pu5:v1.14.2
0ct0pu5:v1.14.1
0ct0pu5:v1.14.0
0ct0pu5:v1.13.2
0ct0pu5:v1.13.1
0ct0pu5:v1.13.0
0ct0pu5:v1.12.1
0ct0pu5:v1.12.0
0ct0pu5:v1.11.3
0ct0pu5:v1.11.2
0ct0pu5:v1.11.1
0ct0pu5:v1.11.0
0ct0pu5:v1.10.3
0ct0pu5:v1.10.2
0ct0pu5:v1.10.1
0ct0pu5:v1.10.0
0ct0pu5:v1.9.2
0ct0pu5:v1.9.1
0ct0pu5:v1.9.0
0ct0pu5:v1.8.3
0ct0pu5:v1.8.2
0ct0pu5:v1.8.1
0ct0pu5:v1.8.0
0ct0pu5:v1.7.4
0ct0pu5:v1.7.3
0ct0pu5:v1.7.2
0ct0pu5:v1.7.1
0ct0pu5:v1.7.0
0ct0pu5:v1.6.2
0ct0pu5:v1.6.1
0ct0pu5:v1.6.0
0ct0pu5:v1.5.1
0ct0pu5:v1.5.0
0ct0pu5:v1.4.3
0ct0pu5:v1.4.2
0ct0pu5:v1.4.1
0ct0pu5:v1.4.0
0ct0pu5:v1.3.1
0ct0pu5:v1.3.0
0ct0pu5:v1.2.3
0ct0pu5:v1.2.2
0ct0pu5:v1.2.1
0ct0pu5:v1.2.0
0ct0pu5:v1.1.0
0ct0pu5:v1.0.2
0ct0pu5:v1.0.1
0ct0pu5:1.0.0

60 commits
v1.17.0 ... master

Author SHA1 Message Date
Cristhian Martínez Ochoa
1e9eda764a messages 
More messages improved.
 2024-02-26 19:23:31 -07:00
Cristhian Martínez Ochoa
88e7581511 messages 
Messages improved for a better experience.
 2024-02-24 10:53:49 -07:00
Cristhian Martínez Ochoa
af49aaf3ae import db 
Fixed successfull message even when error.
Also, missing mysql package check.
 2024-02-23 11:44:05 -07:00
Cristhian Martínez Ochoa
8fb402d039 www-data ssh 
better check for ssh keys in www-data login access.
 2024-02-21 20:14:10 -07:00
Cristhian Martínez Ochoa
81c315e829 ssl messages 
Improved messages for SSL.
 2024-02-20 16:47:20 -07:00
Cristhian Martínez Ochoa
72de42e9b6 info 
Fixed - nginx branch empty.
 2024-02-19 17:37:12 -07:00
Cristhian Martínez Ochoa
ded051a70d slash 
Better support for root domain options.
 2023-11-30 12:48:31 -07:00
Cristhian Martínez Ochoa
ec95bb3c7d subfolder 
subfolder support improved.
 2023-11-28 13:05:25 -07:00
Cristhian Martínez Ochoa
f5dc8020ea loops 
Double check for loops.
Datadog fixed.
 2023-11-27 20:52:03 -07:00
Cristhian Martínez Ochoa
fd00a8b182 backups 
Minor refactored code.
 2023-11-27 16:22:05 -07:00
Cristhian Martínez Ochoa
3870484a72 php 
8.3 support added.
 2023-11-26 16:48:36 -07:00
Cristhian Martínez Ochoa
380f3a8dad fixes 
Clear cache now check if package is installed to not show an error.
Symlink not removed when http auth is using per domain users.
 2023-11-02 16:32:54 -07:00
Cristhian Martínez Ochoa
6debbfc634 hotfix 
Error detecting empty files.
 2023-10-19 18:05:33 -07:00
Cristhian Martínez Ochoa
22bd82213a hotfix 
AWS IAM Roles failing with backups.
Installer fixed for wrng errors displayed.
 2023-10-06 16:35:14 -07:00
Cristhian Martínez Ochoa
8a06fb6485 test 
Small fix
 2023-09-29 20:56:09 -07:00
Cristhian Martínez Ochoa
0bd87a4969 blank 
Now we are sure every file is removed when empty.
 2023-09-29 15:20:27 -07:00
Cristhian Martínez Ochoa
438bf832bb permissions 
Always check root when logname user is different!
 2023-09-27 16:42:18 -07:00
Cristhian Martínez Ochoa
5f9ebaecc1 subfolders 
Improved experience for subfolders.
 2023-09-26 16:28:40 -07:00
Cristhian Martínez Ochoa
7306dcdc95 php info 
PHP Info support for custom cases, prevent failing.
 2023-09-21 13:51:03 -07:00
Cristhian Martínez Ochoa
7de09c3460 subfolders 
Now we can create a new site conf in /one when is empty, even when /one/two exists.
 2023-09-20 17:20:04 -07:00
Cristhian Martínez Ochoa
5cb6de8df6 proxy 
Reverse proxy now allows add a site directly in an empty site domain. For example, after a subfolder has been deleted.
 2023-09-18 16:47:09 -07:00
Cristhian Martínez Ochoa
a9d36d7a67 installation messages 
Now we verify installation messages before displayed.
 2023-09-17 17:06:32 -07:00
Cristhian Martínez Ochoa
6bd295d8fb repeated package 
Repeated packaged removed.
 2023-09-14 16:09:58 -07:00
Cristhian Martínez Ochoa
e378f4e494 php 
PHP 8.2 is now default!
 2023-06-22 10:57:13 -07:00
Cristhian Martínez Ochoa
2baf0a9e9d sites 
Fixed - Parked sites nginx error when main site has the force redirect option enabled.
Fixed - Create WP site with subfolder failing when cache parameter is passed in the same line and main site exists.
Fixed - Reset custom cache not working in proxy sites.
Improved - Reset custom cache now works even when cache is already disabled.
 2023-06-22 07:43:02 -07:00
Cristhian Martínez Ochoa
d0891dc095 updates 
Check for OS updates when Webinoly is updated.
Fixed the check for updates function failing in verify.
 2023-06-16 10:30:16 -07:00
Cristhian Martínez Ochoa
eb5f32a3f8 fixes 
Fixed: Multisite not working!
Fixed: Parked failing with some subdomains.
 2023-06-14 13:49:06 -07:00
Cristhian Martínez Ochoa
7270636513 versions 
PHP and MariaDB default versions raised.
 2023-06-11 08:54:56 -07:00
Cristhian Martínez Ochoa
4a1eb9ae98 internal api 
Better documented.
 2023-06-11 08:53:56 -07:00
Cristhian Martínez Ochoa
ac8a76e2b5 ads fix 
Ads should not be displayed when running via cron.
 2023-06-10 10:52:30 -07:00
Cristhian Martínez Ochoa
2695a76164 mysql upgrade 
Fixed some small errors displayed when upgrading mysql.
 2023-06-05 11:07:20 -07:00
Cristhian Martínez Ochoa
ce9279ab47 verify 
Verify process improved and updated.
 2023-06-02 12:39:56 -07:00
Cristhian Martínez Ochoa
059456ee19 fixes 
Small fixes after testing.
 2023-05-30 16:15:21 -07:00
Cristhian Martínez Ochoa
2709ad9f6d template 
Better message in some internal templates.
 2023-05-28 16:40:30 -07:00
Cristhian Martínez Ochoa
1042833c3d stack 
- Fixed - PHP install asking for Nginx when PHP is already installed.
- Fixed - When mysql-client alone an error is displayed when check connection for external db.
 2023-05-28 11:49:31 -07:00
Cristhian Martínez Ochoa
58b048bc28 webinoly 
- FIX timezone dynvar overwriting with wrong or empty values.
- FIX Custom cache file not removed when empty.
 2023-05-26 11:22:14 -07:00
Cristhian Martínez Ochoa
8521ff0e74 log 
Subfolder parameter is ignored, except for wp.
 2023-05-25 16:51:18 -07:00
Cristhian Martínez Ochoa
cc17ed8c2a ads 
Donation reminder once a day.
 2023-05-25 15:09:19 -07:00
Cristhian Martínez Ochoa
84a1c29c87 internal api 
Internal API and events, codes updated.
 2023-05-23 15:18:06 -07:00
Cristhian Martínez Ochoa
8cf1b6e716 blackhole 
FIX - nginx warn protocol options redefined for...
 2023-05-21 11:20:37 -07:00
Cristhian Martínez Ochoa
7e4e0c0443 backups 
FIX - Multiple site backups failing with external DB.
 2023-03-21 15:00:20 -07:00
Cristhian Martínez Ochoa
df269f8b9a backups 
- FIX export/import not including conf.d folder.
- FIX export/import not including upstreams for reverse proxy sites.
- FIX case when dynvars for passwords empty.
- FIX export including databases twice, or subfolder from wrong levels.
 2023-03-20 19:55:06 -07:00
Cristhian Martínez Ochoa
98d11fbae0 retrieve 
WP retrieve data not needed anymore before, just use it where its needed.
 2023-03-20 11:11:41 -07:00
Cristhian Martínez Ochoa
b1b157bf3d php verify 
Recommend at least 8.1
 2023-03-19 20:25:01 -07:00
Cristhian Martínez Ochoa
62861c62e2 escaped 
Escaped string now standarized.
 2023-03-19 20:02:03 -07:00
Cristhian Martínez Ochoa
f79d9ef856 root 
FIX - MariaDB not setting root password required for secure installation.
 2023-03-19 13:33:02 -07:00
Cristhian Martínez Ochoa
23d1a260a7 passwords 
Hidden passwords!
 2023-03-14 13:09:17 -07:00
Cristhian Martínez Ochoa
3ae731de17 mariadb 
MariaDB 10.11 support added (removed 10.4 and 10.5).
Better check for dbnames and dbusers.
 2023-03-14 10:16:06 -07:00
Cristhian Martínez Ochoa
bc8c3478df installer 
Better control for custom versions.
 2023-03-10 17:17:22 -07:00
Cristhian Martínez Ochoa
a018c82b0e xml 
FIX, xml files like sitemaps failing when dynamically generated (not static), like in WP.
 2023-02-26 10:05:40 -07:00
Cristhian Martínez Ochoa
72d3ac2080 testing 
Some minor improvements.
 2023-01-24 16:17:31 -07:00
Cristhian Martínez Ochoa
d4d07db02f mysql external 
- No passwords are passed in command line now for better security.
- Better check for master admin users.
- No need to ask for external credentials when not really needed.
 2023-01-23 20:43:03 -07:00
Cristhian Martínez Ochoa
2c4f686d4e mysql passwords 
MySQL now depends less of the saved passwords, so now they can be removed safely for better security.
 2023-01-17 14:02:54 -07:00
Cristhian Martínez Ochoa
82a082e111 mysql fixes 
- fix - upgrade process deprecated in MySQL.
- fix - change admin password failing for admin user.
- fix - binary logs disabled after update webinoly.
 2023-01-13 17:47:21 -07:00
Cristhian Martínez Ochoa
983d4be599 messages 
MySQL messages updated.
 2023-01-11 12:56:49 -07:00
Cristhian Martínez Ochoa
ab8fd8ec24 readme 
Sponsor removed :(
 2023-01-10 07:20:22 -07:00
Cristhian Martínez Ochoa
25b3dfc4c0 wp host 
WP host now has support for Unix sockets and localhost with custom port.
 2023-01-03 18:12:56 -07:00
Cristhian Martínez Ochoa
2c4cda5392 url check 
Check URL function refactored and improved.
 2022-12-30 16:03:50 -07:00
Cristhian Martínez Ochoa
10bb7b7977 parameter 
Check for parameters improved to accept values containing equal signs.
 2022-12-26 12:31:39 -07:00
Cristhian Martínez Ochoa
b1f0594c0f minor 
FIXED clear cache failing with opcache.
Php 7.4 is now obsolete.
 2022-12-18 12:04:16 -07:00
23 changed files with 1431 additions and 754 deletions
Show stats Expand all files Collapse all files

6
README.md
View file

@ -19,7 +19,7 @@ Webinoly provides a set of tools and commands that facilitate web server adminis
- Unique commands to create, delete, disable sites.
- Free SSL certificates for your sites with Lets Encrypt and automatic server configuration.
- HTTP/2 dramatically increases the speed of serving your content.
- PHP v8.1 and support for earlier versions if needed (8.0 and 7.4) or the newest 8.2.
- PHP v8.2 and support for earlier versions if needed (8.1, 8.0 and 7.4).
- FastCGI Cache and Redis Object Cache for your WordPress sites.
- Install WP in any subfolder and support for external databases, multisite and domain mapping.
- Reverse Proxy for any app (Java, React, Node, Angular, Vue, etc) or to use your own domain with any external file repo like S3.
@ -58,10 +58,6 @@ Please open an issue first to discuss what you would like to change.
You don't need developer skills to help, visit our site to know [How to Contribute to Webinoly](https://webinoly.com/en/contribute/).
### Sponsors
<p><a href="https://www.eltris.com/" target="_blank" rel="sponsored nofollow noopener"><img width="250px" src="https://cdn.qrokes.com/wp-content/uploads/sites/4/2022/11/Sponsor_Eltris-European-Hosting_Logo.jpg" /></a></p>
### Donations
[![PayPal Donations](https://cdn.qrokes.com/media/paypal-webinoly-donate.png)](https://www.paypal.me/qrokes)

21
lib/api-events_sample
View file

@ -1,12 +1,25 @@
#!/bin/bash
# Internal API or Events
# Docs: https://webinoly.com/en/internal-api-events/
# Internal API/Events
# Docs: https://webinoly.com/internal-api-events/
# Description: Execute actions at certain points or events, for example at the end of the "stack" command each time is executed
# or after Nginx is installed. Just rename this file to "api-events" and check for the complete list of status codes in the documentation.
# Description: Execute actions at certain points or events, for example at the end of the "stack" command (each time is executed), or after Nginx is installed, etc.
# - Just rename this file to "api-events".
# - Check for the complete list of status codes in the docs.
# - Status codes can be read in this variable $1
# Just put all your code inside this function:
api-events_catch_status() {
# Example: Status codes will be "echoed" or visible each time a Webinoly command is excecuted.
# You can use this to see where exactly your code will be excecuted.
# This line can be safely removed! (it's for illustrative purposes only)
echo "${blu}API Status: $1 ${end}"
# Example: Install my own package after Nginx is installed!
#if [[ $1 == "in2" ]]; then
# sudo apt install -y my-own-package
#fi
}

199
lib/bkp
View file

@ -67,8 +67,13 @@ bkp_local_db() {
if [[ -z $master_multi_bkp_db && $dbname != "all" ]]; then
if [[ ( -z $wp || $wp == "true") && ( -z $dbname || $dbname == "true" ) ]]; then
read -p "${gre}WordPress site (domain) or Database name: ${end}" dbq
if [[ -n $dbq && -f /etc/nginx/sites-available/$dbq ]]; then
wp=$dbq
is_url $dbq -split
# We check if is_wp here to give it a second chance as dbname in case it fails.
if [[ -n $url_host && -f /etc/nginx/sites-available/$url_host && $(is_wp $url_host $url_path) == "true" ]]; then
wp=$url_host
[[ -n $url_path ]] && subfolder=$url_path
elif [[ -n $dbq ]]; then
dbname=$dbq
wp=""
@ -83,23 +88,23 @@ bkp_local_db() {
echo "${red}[ERROR] Site not found! ${dim}($wp)${end}"
exit 1
elif [[ $(is_wp $wp $subfolder) != "true" ]]; then
echo "${red}[ERROR] Please, enter a valid WP site! ${dim}($wp)${end}"
echo "${red}[ERROR] Please, enter a valid WP site! ${dim}(${wp}${subfolder})${end}"
exit 1
else
wp_conf_retrieve $wp true true $subfolder
[[ $wp_dbhost == "localhost" ]] && check_for_mysql
[[ $wp_dbhost_host == "localhost" ]] && check_for_mysql
[[ -n $subfolder ]] && local subname=$(echo $subfolder | sed "s/\//_/g")
fi
if [[ $wp_dbhost != "localhost" && ( -z $extdb_user || -z $extdb_pass || -z $extdb_url || -z $extdb_port ) ]]; then
if [[ $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port ) ]]; then
echo "${red}[ERROR] Invalid data for External Database!${end}"
exit 1
# Duplicate check: we need this only to prevent error in the next is_wp_installed
elif [[ $wp_dbhost != "localhost" && $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ]]; then
elif [[ $wp_dbhost_host != "localhost" && $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) != "true" ]]; then
echo "${red}[ERROR] External DB Connection failed!${end}"
exit 1
elif [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) != "true" ]]; then
elif [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) != "true" ]]; then
echo "${red}[ERROR] Localhost DB Connection failed!${end}"
exit 1
@ -125,11 +130,11 @@ bkp_local_db() {
local checkdbname=$(sudo mysqlshow --user=admin | grep -ow $dbname)
else
external_db_parse
if [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ]]; then
if [[ $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) != "true" ]]; then
echo "${red}[ERROR] Cannot connect with your External Database!${end}"
exit 1
fi
local checkdbname=$(sudo mysqlshow -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" | grep -ow $dbname)
local checkdbname=$(sudo mysqlshow --defaults-group-suffix=_${extdb_url}:${extdb_port}_default -h "$extdb_url" -P "$extdb_port" | grep -ow $dbname)
fi
if [[ $checkdbname != $dbname ]]; then
@ -145,9 +150,16 @@ bkp_local_db() {
local fn="multiple"
local db_name_list=$(conf_read multi-bkp-db)
conf_delete multi-bkp-db
if [[ -n $(conf_read multi-bkp-dbh) ]]; then
local extdb_url=$(echo $(conf_read multi-bkp-dbh) | cut -d':' -f 1 -s )
local extdb_port=$(echo $(conf_read multi-bkp-dbh) | cut -d':' -f 2 -s )
conf_delete multi-bkp-dbh
fi
elif [[ -n $child_multi_bkp_db ]]; then
[[ -n $(conf_read multi-bkp-db) ]] && conf_write multi-bkp-db "$(conf_read multi-bkp-db) $dbname" || conf_write multi-bkp-db $dbname
echo "${blu}${dim}Added: $dbname ${end}"
[[ -z $(conf_read multi-bkp-dbh) && -n $extdb_url && -n $extdb_port ]] && conf_write multi-bkp-dbh "${extdb_url}:${extdb_port}"
[[ -n $(conf_read multi-bkp-dbh) && $(conf_read multi-bkp-dbh) != "${extdb_url}:${extdb_port}" ]] && conf_write multi-bkp-dbh "error:error"
# When is a child process we need to exit here, backup is made by master process, not child.
return
else
@ -158,7 +170,11 @@ bkp_local_db() {
# ALL Databases
[[ $dbname == "all" ]] && local db_name_list="--all-databases" || local db_name_list="--databases $db_name_list"
if [[ $dbname == "all" ]]; then
local db_name_list="--all-databases"
elif [[ -n $db_name_list ]]; then
local db_name_list="--databases $db_name_list"
fi
# Set destination folder and filename
@ -176,10 +192,16 @@ bkp_local_db() {
[[ -z $filename ]] && local filename="webinoly-backup-db_${fn}_$(date +%F)-$(date +%T).sql"
if [[ ( $wp_dbhost == "localhost" || -z $external_db ) && $(check_mysql_connection localhost) == "true" ]]; then
if [[ ( $wp_dbhost_host == "localhost" || ( -z $extdb_url && -z $extdb_port )) && -n $db_name_list && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
sudo mysqldump --user=admin --single-transaction --lock-tables --quick $db_name_list > $destination/$filename
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
sudo mysqldump -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" --single-transaction --lock-tables --quick $db_name_list > $destination/$filename
elif [[ -n $extdb_url && $extdb_url != "error" && -n $db_name_list && $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) == "true" ]]; then
sudo mysqldump --defaults-group-suffix=_${extdb_url}:${extdb_port}_default -h "$extdb_url" -P "$extdb_port" --single-transaction --lock-tables --quick $db_name_list > $destination/$filename
elif [[ $extdb_url == "error" ]]; then
echo "${red}[ERROR] Multiple DB hosts not allowed!${end}"
exit 1
elif [[ -z $db_name_list ]]; then
echo "${red}[ERROR] Database backup failed! ${dim}(Empty DB list)${end}"
exit 1
else
echo "${red}[ERROR] DB Connection failed!${end}"
exit 1
@ -197,16 +219,8 @@ bkp_local_db() {
}
check_duply_profile() {
if [[ ! -d $HOME/.duply/$profile ]]; then
echo "${red}[ERROR] Backup profile not found!${end}"
exit 1
fi
}
bkp_s3_profile() {
if [[ ! -s $HOME/.aws/credentials && $(conf_read awsiamrole) != true ]]; then
if [[ ( ! -f $HOME/.aws/credentials || ( -f $HOME/.aws/credentials && ( ! -s $HOME/.aws/credentials || -z $(cat -v $HOME/.aws/credentials | grep -m 1 '[^[:space:]]')))) && $(conf_read awsiamrole) != true ]]; then
echo "${red}[ERROR] AWS S3 Credentials not found!${end}"
exit 1
fi
@ -221,14 +235,19 @@ bkp_s3_profile() {
fi
fi
# These options needs a valid profile!
if [[ -n $profile && $profile != "true" && ! -d $HOME/.duply/$profile && ( -n $run || -n $info || -n $delete || -n $restore || -n $add_db_pre ) ]]; then
echo "${red}[ERROR] Backup profile not found!${end}"
exit 1
#else
# Create a new profile!
fi
if [[ -n $run ]]; then
check_duply_profile
sudo duply $profile backup_verify_purge --force --allow-source-mismatch
elif [[ -n $info ]]; then
check_duply_profile
local tar=$(grep -E "^TARGET[ ]?=" $HOME/.duply/$profile/conf | cut -f 2 -d "'" )
local sou=$(grep -E "^SOURCE[ ]?=" $HOME/.duply/$profile/conf | cut -f 2 -d "'" )
local age=$(grep -E "^MAX_AGE[ ]?=" $HOME/.duply/$profile/conf | cut -f 2 -d "=" )
@ -248,14 +267,10 @@ bkp_s3_profile() {
echo ""
elif [[ -n $delete ]]; then
check_duply_profile
sudo rm -rf $HOME/.duply/$profile
echo "${gre}Backup profile ${blu}'$profile'${gre} was successfully deleted!${end}"
elif [[ -n $restore ]]; then
check_duply_profile
# Temporary check!!!! Should be removed soon!!!
if [[ $restore != "true" && -z $destination ]]; then
echo "${red}[ERROR] Backup Restore syntax has changed, destination paramater is needed!${end}"
@ -277,8 +292,6 @@ bkp_s3_profile() {
elif [[ -n $add_db_pre && -n $list ]]; then
check_duply_profile
if [[ -s $HOME/.duply/$profile/pre ]]; then
if [[ -z $raw ]]; then
echo ""
@ -293,22 +306,27 @@ bkp_s3_profile() {
elif [[ -n $add_db_pre && -n $purge ]]; then
check_duply_profile
sudo rm -rf $HOME/.duply/$profile/pre
echo "${gre}PRE Database backups for${blu} '$profile' ${gre}has been successfully removed!${end}"
elif [[ -n $add_db_pre ]]; then
check_duply_profile
if [[ $add_db_pre == "true" ]]; then
read -p "${gre}WordPress site (domain): ${end}" add_db_pre
is_url $add_db_pre -split
if [[ -n $url_host && -n $url_path ]]; then
add_db_pre=$url_host
subfolder=$url_path
fi
fi
[[ $add_db_pre == "true" ]] && read -p "${gre}WordPress site: ${end}" add_db_pre
# we dont check is_wp_installed because at this point we are still not doing a backup, just setting it.
if [[ -z $add_db_pre || $(is_wp $add_db_pre $subfolder) != "true" ]]; then
echo "${red}[ERROR] Please, enter a valid WP site!${end}"
exit 1
fi
if [[ $(wp_config_read $add_db_pre DB_HOST $subfolder) != "localhost" && -z $(conf_read external-dbu) && -z $(conf_read external-dbp) ]]; then
elif [[ $(wp_config_read $add_db_pre DB_HOST $subfolder) != "localhost" && -z $(conf_read external-dbu) && -z $(conf_read external-dbp) ]]; then
echo "${red}[ERROR] Database host is not localhost!${dim} (External databases are supported only when credentials are saved in Webinoly Configuration file)${end}"
exit 1
fi
@ -386,7 +404,7 @@ bkp_s3_list() {
s3_send() {
if [[ ! -s $HOME/.aws/credentials && $(conf_read awsiamrole) != true ]]; then
if [[ ( ! -f $HOME/.aws/credentials || ( -f $HOME/.aws/credentials && ( ! -s $HOME/.aws/credentials || -z $(cat -v $HOME/.aws/credentials | grep -m 1 '[^[:space:]]')))) && $(conf_read awsiamrole) != true ]]; then
echo "${red}[ERROR] AWS S3 Credentials not found!${end}"
exit 1
fi
@ -584,6 +602,9 @@ check_exported_conf() {
tar -C / -xf $file $HOME/.aws/credentials --absolute-names
fi
if [[ $(conf_read mysql) == "true" ]]; then
if tar -tvf $file --absolute-names | grep -oq "$MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf"; then
tar -C / -xf $file $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf --absolute-names
fi
if tar -tvf $file --absolute-names | grep -oq "$MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf"; then
tar -C / -xf $file $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf --absolute-names
sudo systemctl restart mysql
@ -628,21 +649,17 @@ export_server() {
[[ -f /opt/webinoly/webinoly.conf.exported ]] && local include="/opt/webinoly/webinoly.conf.exported" || local include=""
[[ -d /etc/nginx/apps.d ]] && local include="$include /etc/nginx/apps.d"
[[ -f /etc/nginx/conf.d/blockips.conf ]] && local include="$include /etc/nginx/conf.d/blockips.conf"
[[ -f /etc/nginx/conf.d/webinoly.conf ]] && local include="$include /etc/nginx/conf.d/webinoly.conf"
[[ -d /etc/nginx/conf.d ]] && local include="$include /etc/nginx/conf.d"
[[ -d /etc/nginx/sites-available ]] && local include="$include /etc/nginx/sites-available"
[[ -d /etc/nginx/sites-enabled ]] && local include="$include /etc/nginx/sites-enabled"
[[ -d /var/www ]] && local include="$include /var/www"
[[ -d /etc/letsencrypt ]] && local include="$include /etc/letsencrypt"
[[ -f /etc/nginx/.htpasswd ]] && local include="$include /etc/nginx/.htpasswd"
[[ -f $HOME/.aws/credentials ]] && local include="$include $HOME/.aws/credentials"
[[ -f /opt/webinoly/templates/source/csp_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/csp_webinoly.data"
[[ -f /opt/webinoly/templates/source/pph_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/pph_webinoly.data"
[[ -f /opt/webinoly/templates/source/cch_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/cch_webinoly.data"
[[ -f /opt/webinoly/templates/source/rob_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/rob_webinoly.data"
[[ -f /opt/webinoly/templates/source/custom_header_http_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/custom_header_http_webinoly.data"
[[ -f /opt/webinoly/templates/source/custom_header_https_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/custom_header_https_webinoly.data"
[[ -f /opt/webinoly/templates/source/custom_header_html_webinoly.data ]] && local include="$include /opt/webinoly/templates/source/custom_header_html_webinoly.data"
[[ -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf ]] && local include="$include $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf"
[[ -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]] && local include="$include $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf"
[[ -d /etc/nginx/certs ]] && local include="$include /etc/nginx/certs"
@ -719,6 +736,8 @@ export_site() {
[[ -z $subfolder && -d /var/www/$siteto ]] && local include="$include /var/www/$siteto"
[[ -n $subfolder && -d /var/www/$siteto/htdocs$subfolder ]] && local include="$include /var/www/$siteto/htdocs$subfolder"
[[ $(is_proxy $siteto $subfolder) == "true" ]] && local rp_upstream="true" # Include upstreams for reverse proxy
for app in /etc/nginx/apps.d/${siteto}${subn}*.conf
do
[[ -s $app ]] && local include="$include $app"
@ -739,35 +758,41 @@ export_site() {
# Include database backup for this site!
if [[ -z $skip_db ]]; then
if [[ $(conf_read mysql) == "true" && $(is_wp $siteto $subfolder) == "true" && $( wp_config_read $siteto DB_HOST $subfolder ) == "localhost" && $(is_wp_installed $siteto $subfolder) == "true" ]]; then
# We use dbnames instead of domains because is easier to include subfolders
if [[ -z $export_db_list ]]; then
local export_db_list="$( wp_config_read $siteto DB_NAME $subfolder )"
else
local export_db_list="$export_db_list,$( wp_config_read $siteto DB_NAME $subfolder )"
if [[ $(is_wp $siteto $subfolder) == "true" ]]; then
wp_conf_retrieve $siteto false false $subfolder
if [[ $(conf_read mysql) == "true" && $wp_dbhost_host == "localhost" && $(is_wp_installed $siteto $subfolder) == "true" && -n $wp_dbname ]]; then
# We use dbnames instead of domains because is easier to include subfolders
if [[ -z $export_db_list ]]; then
local export_db_list="$wp_dbname"
else
local export_db_list="$export_db_list,$wp_dbname"
fi
echo "${blu}${dim}Database included: ${siteto}${subfolder} ${end}"
elif [[ $wp_dbhost_host == "localhost" ]]; then
echo "${red}${dim}Database not found or empty: ${siteto}${subfolder} ${end}"
elif [[ -n $wp_dbhost_host && $wp_dbhost_host != "localhost" ]]; then
echo "${red}${dim}External database not included: ${siteto}${subfolder} ${end}"
fi
echo "${blu}${dim}Database included: ${siteto}${subfolder} ${end}"
elif [[ $(is_wp $siteto $subfolder) == "true" && $( wp_config_read $siteto DB_HOST $subfolder ) == "localhost" ]]; then
echo "${red}${dim}Database not found or empty: ${siteto}${subfolder} ${end}"
elif [[ $(is_wp $siteto $subfolder) == "true" && $( wp_config_read $siteto DB_HOST $subfolder ) != "localhost" ]]; then
echo "${red}${dim}External database not included: ${siteto}${subfolder} ${end}"
fi
# Check if site contains WP in subfolders
for sit in "/etc/nginx/apps.d/${siteto}_"*-wpcommon.conf
for sit in "/etc/nginx/apps.d/${siteto}$(echo $subfolder | sed "s/\//_/g")_"*-wpcommon.conf
do
local suby="/$(echo $sit | cut -f 2- -d "_" -s | cut -f -1 -d "-" -s | sed "s/_/\//g")"
if [[ -n $suby && $(conf_read mysql) == "true" && -f /var/www/$siteto/htdocs$suby/wp-config.php && $( wp_config_read $siteto DB_HOST $suby ) == "localhost" && $(is_wp_installed $siteto $suby) == "true" ]]; then
if [[ -z $export_db_list ]]; then
local export_db_list="$( wp_config_read $siteto DB_NAME $suby )"
else
local export_db_list="$export_db_list,$( wp_config_read $siteto DB_NAME $suby )"
if [[ -n $suby && $(is_wp $siteto $suby) == "true" ]]; then
wp_conf_retrieve $siteto false false $suby
if [[ -n $suby && $(conf_read mysql) == "true" && $wp_dbhost_host == "localhost" && $(is_wp_installed $siteto $suby) == "true" && -n $wp_dbname ]]; then
if [[ -z $export_db_list ]]; then
local export_db_list="$wp_dbname"
else
local export_db_list="$export_db_list,$wp_dbname"
fi
echo "${blu}${dim}Database included: ${siteto}${suby} ${end}"
elif [[ -n $suby && $wp_dbhost_host == "localhost" ]]; then
echo "${red}${dim}Database not found or empty: ${siteto}${suby} ${end}"
elif [[ -n $suby && -n $wp_dbhost_host && $wp_dbhost_host != "localhost" ]]; then
echo "${red}${dim}External database not included: ${siteto}${suby} ${end}"
fi
echo "${blu}${dim}Database included: ${siteto}${suby} ${end}"
elif [[ -n $suby && -f /var/www/$siteto/htdocs$suby/wp-config.php && $( wp_config_read $siteto DB_HOST $suby ) == "localhost" ]]; then
echo "${red}${dim}Database not found or empty: ${siteto}${suby} ${end}"
elif [[ -n $suby && -f /var/www/$siteto/htdocs$suby/wp-config.php && $( wp_config_read $siteto DB_HOST $suby ) != "localhost" ]]; then
echo "${red}${dim}External database not included: ${siteto}${suby} ${end}"
fi
local suby=""
done
@ -783,6 +808,7 @@ export_site() {
[[ -f /var/www/webinoly_backup_db ]] && local include="$include /var/www/webinoly_backup_db"
fi
[[ -f /var/www/webinoly.conf_temp ]] && local include="$include /var/www/webinoly.conf_temp"
[[ $rp_upstream == "true" && -f /etc/nginx/conf.d/upstream_proxy.conf ]] && local include="$include /etc/nginx/conf.d/upstream_proxy.conf"
[[ -n $include ]] && sudo tar -Pcf $destination/$filename $include
@ -846,7 +872,7 @@ import_site() {
sudo rm -rf /var/www/webinoly_backup_db
local db_create_users="true"
elif [[ -f /var/www/webinoly_backup_db && ( $(conf_read mysql) != "true" || $(check_mysql_connection localhost) != "true" ) && -z $skip_db ]]; then
echo "${red}[ERROR] Database backup found but can not be restored because MySQL is not installed!${end}"
echo "${red}[ERROR] Database backup found but can not be restored because MySQL/MariaDB is not installed!${end}"
# REMOVE: Just for legacy support, folder with domain is not used anymore!
elif [[ -f /var/www/$domain/webinoly_backup_db && -z $skip_db ]]; then
@ -881,19 +907,18 @@ import_site() {
# Database recovery - create users because they are not imported
if [[ -n $db_create_users && $overwrite != "on" && $(is_wp $domain) == "true" ]]; then
wp_conf_retrieve $domain true false
if [[ $wp_dbhost == "localhost" && -n $wp_dbname && -n $wp_dbuser && -n $wp_dbpass && -n $(sudo mysqlshow --user=admin | grep -ow $wp_dbname) ]]; then
wp_conf_retrieve $domain false false
if [[ $wp_dbhost_host == "localhost" && -n $wp_dbname && -n $wp_dbuser && -n $wp_dbpass && -n $(sudo mysqlshow --user=admin "${mysql_params[@]}" | grep -ow $wp_dbname) ]]; then
echo "${blu}${dim}Restoring database for${end}${dim} $domain ${blu}${dim}site!${end}"
# Check if user exists
if [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $wp_dbuser) ]]; then
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
if [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" "${mysql_params[@]}" | grep -ow $wp_dbuser) ]]; then
sudo mysql --connect-timeout=10 --user=admin "${mysql_params[@]}" <<_EOF_
CREATE USER '${wp_dbuser}'@'localhost' IDENTIFIED BY '${wp_dbpass}';
GRANT $(db_user_role) on ${wp_dbname}.* to '${wp_dbuser}'@'localhost';
FLUSH PRIVILEGES;
_EOF_
elif [[ $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname) != "true" ]]; then
elif [[ $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ]]; then
echo "${red}${dim}[ERROR] Database cannot be restored, seems like a user with the same name already exists.${end}"
else
echo "${blu}${dim}DB user already exists and a successful connection can be established, so we will use it.${end}"
@ -907,19 +932,18 @@ _EOF_
do
local suby="/$(echo $sit | cut -f 2- -d "_" -s | cut -f -1 -d "-" -s | sed "s/_/\//g")"
if [[ -n $suby && -f /var/www/$domain/htdocs$suby/wp-config.php ]]; then
wp_conf_retrieve $domain true false $suby
if [[ $wp_dbhost == "localhost" && -n $wp_dbname && -n $wp_dbuser && -n $wp_dbpass && -n $(sudo mysqlshow --user=admin | grep -ow $wp_dbname) ]]; then
wp_conf_retrieve $domain false false $suby
if [[ $wp_dbhost_host == "localhost" && -n $wp_dbname && -n $wp_dbuser && -n $wp_dbpass && -n $(sudo mysqlshow --user=admin "${mysql_params[@]}" | grep -ow $wp_dbname) ]]; then
echo "${blu}${dim}Restoring database for${end}${dim} ${domain}${suby} ${blu}${dim}site!${end}"
# Check if user exists
if [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $wp_dbuser) ]]; then
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
if [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" "${mysql_params[@]}" | grep -ow $wp_dbuser) ]]; then
sudo mysql --connect-timeout=10 --user=admin "${mysql_params[@]}" <<_EOF_
CREATE USER '${wp_dbuser}'@'localhost' IDENTIFIED BY '${wp_dbpass}';
GRANT $(db_user_role) on ${wp_dbname}.* to '${wp_dbuser}'@'localhost';
FLUSH PRIVILEGES;
_EOF_
elif [[ $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname) != "true" ]]; then
elif [[ $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ]]; then
echo "${red}${dim}[ERROR] Database cannot be restored, seems like a user with the same name already exists.${end}"
else
echo "${blu}${dim}DB user already exists and a successful connection can be established, so we will use it.${end}"
@ -937,7 +961,7 @@ _EOF_
import_server() {
[[ -z $file || $file == "true" ]] && read -p "${blu}Path file to import: ${end}" file
if [[ ! -s $file ]]; then
if [[ ! -f $file || ( -f $file && ( ! -s $file || -z $(cat -v $file | grep -m 1 '[^[:space:]]'))) ]]; then
echo "${red}[ERROR] File not found or empty!${end}"
exit 1
elif ! [[ $import =~ ^(true|sites|stack|full)$ ]]; then
@ -993,12 +1017,12 @@ import_server() {
if [[ -s /var/www/webinoly_backup_dball && $(conf_read mysql) == "true" && -z $skip_db ]]; then
sudo webinoly -db-import -file=/var/www/webinoly_backup_dball
[[ -n $(conf_read_exported mysql-root) ]] && conf_write mysql-root $(conf_read_exported mysql-root)
[[ -n $(conf_read_exported mysql-admin) ]] && conf_write mysql-admin $(conf_read_exported mysql-admin)
[[ -n $(conf_read_exported mysql-root) ]] && conf_write mysql-root $(conf_read_exported mysql-root) || conf_delete mysql-root -commented
[[ -n $(conf_read_exported mysql-admin) ]] && conf_write mysql-admin $(conf_read_exported mysql-admin) || conf_delete mysql-admin -commented
sudo rm -rf /var/www/webinoly_backup_dball
sudo webinoly -server-reset=mysql
elif [[ -s /var/www/webinoly_backup_dball && $(conf_read mysql) != "true" && -z $skip_db ]]; then
echo "${red}[ERROR] Database backup found but can not be restored because MySQL is not installed!${end}"
echo "${red}[ERROR] Database backup found but can not be restored because MySQL/MariaDB is not installed!${end}"
fi
[[ $import != "sites" ]] && echo "${gre}Webinoly Full Server Backup imported successfully!${end}" || echo "${gre}Webinoly Backup imported successfully!${end}"
@ -1063,8 +1087,13 @@ bkp_wizard() {
elif [[ $wzd == 8 ]]; then
bkp_s3_list
elif [[ $wzd == 9 ]]; then
read -p "${blu}Site to export: ${end}" site
sudo webinoly -backup=local -export=$site
read -p "${blu}Site to export (domain): ${end}" site
is_url $site -split
if [[ -n $url_host && -n $url_path ]]; then
sudo webinoly -backup=local -export=$url_host -subfolder=$url_path
else # if not a URL, let it fail in the export function!
sudo webinoly -backup=local -export=$site
fi
elif [[ $wzd == 10 ]]; then
export_server
elif [[ $wzd == 11 ]]; then

22
lib/datadog
View file

@ -32,9 +32,9 @@ dd_fpm_purge() {
dd_mysql_purge() {
if [[ -f /etc/datadog-agent/conf.d/mysql.d/conf.yaml ]]; then
sudo rm -rf /etc/datadog-agent/conf.d/mysql.d/conf.yaml
echo "${gre}Datadog MySQL integration has been successfully removed!${end}"
echo "${gre}Datadog MySQL (MariaDB) integration has been successfully removed!${end}"
else
echo "${gre}Datadog MySQL integration is not installed, so not removed!${end}"
echo "${gre}Datadog MySQL (MariaDB) integration is not installed, so not removed!${end}"
fi
}
@ -76,7 +76,7 @@ logrotate_perm() {
local path="/etc/logrotate.d/php$(conf_read php-ver)-fpm"
local owner="root root"
elif [[ $1 == "mysql" ]]; then
local path="/etc/logrotate.d/mysql-server"
[[ -f /etc/logrotate.d/mariadb ]] && local path="/etc/logrotate.d/mariadb" || local path="/etc/logrotate.d/mysql-server"
local owner="mysql adm"
elif [[ $1 == "redis" ]]; then
local path="/etc/logrotate.d/redis-server"
@ -86,7 +86,7 @@ logrotate_perm() {
local owner=""
fi
if [[ -n $path && -n $owner ]]; then
if [[ -n $path && -n $owner && -f $path ]]; then
sudo sed -i "/create [0-9]/d" $path
sudo sed -i "/missingok/i \ create 0644 $owner" $path
fi
@ -207,7 +207,7 @@ logs:
dd_mysql_logs() {
if [[ $(is_dd_log mysql) == "true" ]]; then
echo "${gre}Datadog MySQL Log is already enabled!${end}"
echo "${gre}Datadog MySQL (MariaDB) Log is already enabled!${end}"
elif [[ -f /etc/datadog-agent/conf.d/mysql.d/conf.yaml ]]; then
mysql_default_cnf # REMOVE: In case the stack was built with an old configuration
@ -225,10 +225,10 @@ logs:
#WebinolyDatadogLogsEnd" >> /etc/datadog-agent/conf.d/mysql.d/conf.yaml
dd_logs_enable
echo "${gre}Datadog MySQL Logs has been successfully enabled!${end}"
echo "${gre}Datadog MySQL (MariaDB) Logs has been successfully enabled!${end}"
else
echo "${red}[ERROR] Datadog MySQL integration is not enabled!${end}"
echo "${red}[ERROR] Datadog MySQL (MariaDB) integration is not enabled!${end}"
exit 1
fi
}
@ -357,7 +357,7 @@ instances:
" >> /etc/datadog-agent/conf.d/mysql.d/conf.yaml
[[ $logs != "off" ]] && dd_mysql_logs
echo "${gre}Datadog MySQL integration has been successfully configured!${end}"
echo "${gre}Datadog MySQL (MariaDB) integration has been successfully configured!${end}"
elif [[ $logs == "on" ]]; then
dd_mysql_logs
@ -365,12 +365,12 @@ instances:
if [[ $(is_dd_log mysql) == "true" ]]; then
sudo sed -i '/WebinolyDatadogLogsStart/,/WebinolyDatadogLogsEnd/{/.*/d}' /etc/datadog-agent/conf.d/mysql.d/conf.yaml
dd_logs_disable
echo "${gre}Datadog MySQL Logs has been successfully disabled!${end}"
echo "${gre}Datadog MySQL (MariaDB) Logs has been successfully disabled!${end}"
else
echo "${gre}Datadog MySQL Log is already disabled!${end}"
echo "${gre}Datadog MySQL (MariaDB) Log is already disabled!${end}"
fi
else
echo "${gre}Datadog MySQL integration is already enabled!${end}"
echo "${gre}Datadog MySQL (MariaDB) integration is already enabled!${end}"
fi
}

557
lib/general
View file

@ -4,25 +4,27 @@
# Prevent 'tput' errors when running from Cron
[[ -z $TERM || $TERM == "unknown" || $TERM == "dumb" ]] && export TERM=dumb
readonly app_version="1.17.0"
readonly app_version="1.17.9"
readonly svr_version="1.8"
readonly os_ubuntu_supported=(bionic focal jammy) # https://ubuntu.com/about/release-cycle
readonly php_supported=(7.4 8.0 8.1 8.2) # https://www.php.net/supported-versions.php
readonly php_default="8.1"
readonly mariadb_supported=(10.4 10.5 10.6) # https://mariadb.com/kb/en/mariadb-server-release-dates/
readonly mariadb_default="10.6"
readonly php_supported=(7.4 8.0 8.1 8.2 8.3) # https://www.php.net/supported-versions.php
readonly php_default="8.2"
readonly mariadb_supported=(10.6 10.11) # https://mariadb.com/kb/en/mariadb-server-release-dates/
readonly mariadb_default="10.11"
readonly mysql_supported=(8.0)
readonly mysql_default="8.0"
readonly datadog_agent_ver="7"
readonly tools_port_default="22222"
# echo colors
readonly red=`tput setaf 1`
readonly gre=`tput setaf 2`
readonly blu=`tput setaf 6`
readonly end=`tput sgr0`
readonly bol=`tput bold`
readonly dim=`tput dim`
readonly red=$(tput setaf 1)
readonly gre=$(tput setaf 2)
readonly blu=$(tput setaf 6)
readonly end=$(tput sgr0)
readonly bol=$(tput bold)
readonly dim=$(tput dim)
readonly hid=$(tput setaf 6)$(tput setab 6)
readonly hidend=$(tput sgr0)$(tput el)
# ***********************************************
@ -30,8 +32,8 @@ readonly dim=`tput dim`
# ***********************************************
conf_read() {
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then
echo "${red}[ERROR] Config file not found!${end}"
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then # Double check!
echo "${red}[ERROR] Webinoly Configuration file not found!${end}"
exit 1
fi
@ -39,8 +41,8 @@ conf_read() {
}
conf_delete() {
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then
echo "${red}[ERROR] Config file not found!${end}"
if [[ ! -f /opt/webinoly/webinoly.conf ]]; then # Double check!
echo "${red}[ERROR] Webinoly Configuration file not found!${end}"
exit 1
fi
@ -76,7 +78,7 @@ conf_write() {
if [[ $(whoami) != "root" ]]; then
echo "${red}Please run this script as root or using sudo.${end}"
exit 1
fi
fi
# Check for BASH Shell
# This is a very "shity" method, but checking if file exists is very reliable
@ -296,7 +298,7 @@ check_for_php_tool_redis() {
check_for_mysql() {
if [[ $(conf_read mysql) != "true" && $1 == "-ask" ]]; then
echo "${red}"
echo "+ MySQL Not Found!"
echo "+ MySQL/MariaDB Not Found!"
echo "${blu}Do you want to install it now? [y/N]? ${end}"
while read -r -n 1 -s answer; do
answer=${answer:-n}
@ -308,61 +310,138 @@ check_for_mysql() {
fi
if [[ $(conf_read mysql) != "true" ]]; then
echo "${red}[ERROR] MySQL is required and not found! ${end}"
echo "${red}[ERROR] MySQL/MariaDB is required and not found! ${end}"
exit 1
fi
}
check_for_mysql_client() {
if [[ $(conf_read mysql-client) != "true" ]]; then
echo "${gre}${dim}MySQL Client is not installed and we need it to stablish a connection with your external server.${end}" >&2
echo "${dim}Wait while we install MySQL Client...${end}" >&2
echo "${gre}${dim}MySQL/MariaDB Client is not installed and we need it to stablish a connection with your external server.${end}" >&2
echo "${dim}Wait while we install MySQL/MariaDB Client...${end}" >&2
sudo stack -mysql=client > /dev/null 2>&1 &
wait $!
echo "${gre}MySQL Client has been successfully installed!${end}" >&2
echo "${gre}MySQL/MariaDB Client has been successfully installed!${end}" >&2
fi
}
check_mysql_connection() {
# Examples for admin connection:
# Localhost: $(check_mysql_connection localhost)
# Unix socket: $(check_mysql_connection localhost /var/run/mysqld/mysqld.sock)
# Custom port: $(check_mysql_connection localhost 3307)
# External DB: $(check_mysql_connection $dburl $dbport $dburoot $dbproot)
# External DB if login group exist: $(check_mysql_connection $dburl $dbport $dburoot -login-file)
# External DB if login group exist and is master-admin: $(check_mysql_connection $dburl $dbport any -login-file -master-admin)
# External DB check and save it as master-admin: $(check_mysql_connection $dburl $dbport $dburoot $dbproot -master-admin)
# Examples for especific User connection:
# Localhost: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass)
# Unix socket: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass /var/run/mysqld/mysqld.sock)
# Custom port: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass 3307)
# External DB: $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser $wp_dbpass)
# External DB if login group exist: $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser -login-file)
# External DB if login group exist and is master-admin: $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin)
# External DB check and save it as master-admin: $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser $wp_dbpass -master-admin)
# Examples for especific DBname/User connection:
# Note: Error message is not displayed!
# Localhost: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname)
# Unix socket: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname /var/run/mysqld/mysqld.sock)
# Custom port: $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname 3307)
# External DB: $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser $wp_dbpass $wp_dbname)
# External DB if login group exist: $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser -login-file $wp_dbname)
# Master-admin not needed here for specific dbs.
# Note: You can always use the dynvar 'quiet' set to 'true' to not display messages.
# In this especific case ONLY, there is a third value: false, true and truebutnotmaster (External DB connection successfull but not enough privileges for master-admin)
local query="quit"
if [[ -n $1 && ${1,,} != "localhost" && -n $2 && -n $3 && -n $4 ]]; then
local error_display="true"
if [[ -n $1 && ${1,,} != "localhost" && $(is_url $1) =~ ^(http|https|true|http\+ip|https\+ip|ip)$ && -n $2 && -n $3 && -n $4 ]]; then
check_for_mysql_client
[[ -n $5 ]] && local query="use $5"
sudo mysql --connect-timeout=10 -h "$1" -P "$2" -u"$3" -p"$4" -e "$query"
if [[ $? != "0" ]]; then
echo "${red}============================================" >&2
echo " [Error] Database conection failed." >&2
echo "============================================${end}" >&2
echo "" >&2
echo "false"
else
echo "true"
local suffix_group_name="${1}:${2}_${3}"
local user_param="-u${3}"
if [[ -n $5 && $5 == "-master-admin" ]]; then
# 'default' is a reserved word, real usernames should never use it, it's possible, but not practical!
local suffix_group_name="${1}:${2}_default"
elif [[ -n $5 ]]; then
local query="use $5"
local error_display="false"
fi
elif [[ ${1,,} == "localhost" && $(conf_read mysql) == "true" ]]; then
# In case of custom DB user
if [[ -n $2 && -n $3 ]]; then
[[ -n $4 ]] && local query="use $4"
sudo mysql --connect-timeout=10 --user=$2 -p$3 -e "$query" 2>/dev/null
[[ $? != "0" ]] && echo "false" || echo "true"
# Create or update the login file
if [[ $4 != "-login-file" ]]; then
mysql_login_cnf
sudo sed -i "/\[client_${suffix_group_name}\]/,/# ClientEnd/{/.*/d}" $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "[client_${suffix_group_name}]
host = $1
port = $2
user = $3
password = $4
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
else
sudo mysql --connect-timeout=10 --user=admin -e "$query"
if [[ $? != "0" ]]; then
echo "${red}============================================" >&2
echo " [Error] Database conection failed." >&2
echo "============================================${end}" >&2
echo "" >&2
echo "false"
else
echo "true"
[[ $5 == "-master-admin" ]] && unset user_param # take the user from the login group!
local error_display="false"
fi
# Just for the record: We don't use the 'mysql_conf_editor' just because it can not be unattended :(
# --defaults-group-suffix should always be at the beginning, otherwise it fails.
sudo mysql --defaults-group-suffix=_${suffix_group_name} --connect-timeout=10 -h "$1" -P "$2" $user_param -e "$query" 2>/dev/null
if [[ $? != "0" ]]; then
local out="false"
[[ -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf ]] && sudo sed -i "/\[client_${suffix_group_name}\]/,/# ClientEnd/{/.*/d}" $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
else
# Display a warning message when not enough privileges!
if [[ $5 == "-master-admin" ]]; then
local priv=$(sudo mysql --defaults-group-suffix=_${suffix_group_name} --connect-timeout=10 -h "$1" -P "$2" -e "SHOW GRANTS FOR CURRENT_USER();")
if ! [[ -n $(echo $priv | grep -Fo "WITH GRANT OPTION") && ( -n $(echo $priv | grep -Fo "GRANT ALL PRIVILEGES") || ( -n $(echo $priv | grep -Fo "CREATE USER") && -n $(echo $priv | grep -Fo "ALTER"))) ]]; then
if [[ $(conf_read quiet) != "true" ]]; then
echo "${red}${dim}[WARNING] Seems like '$(echo $priv | grep -oP -m 1 'Grants for \K\w+')' is not a Master user!${end}" >&2
else
local master_priv="false"
fi
fi
fi
fi
elif [[ ${1,,} == "localhost" && $(conf_read mysql) == "true" ]]; then
if [[ -n $2 && -n $3 ]]; then
if [[ -S $4 ]]; then
local mysql_params="-S${4}"
elif [[ $4 =~ ^[0-9]+$ && $4 -ge 0 && $4 -le 65535 ]]; then
local mysql_params=(-P${4} --protocol=TCP)
elif [[ -n $4 ]]; then
local query="use $4"
[[ -S $5 ]] && local mysql_params="-S${5}"
[[ $5 =~ ^[0-9]+$ && $5 -ge 0 && $5 -le 65535 ]] && local mysql_params=(-P${5} --protocol=TCP)
fi
# We need the protocol socket fixed to prevent warnings when custom port is used.
sudo mysql --connect-timeout=10 --user=$2 -p$3 -e "$query" "${mysql_params[@]}" 2>/dev/null
[[ $? != "0" ]] && local out="false"
local error_display="false"
else
# In case of Unix socket or localhost with custom port
[[ -S $2 ]] && local mysql_params="-S${2}"
[[ $2 =~ ^[0-9]+$ && $2 -ge 0 && $2 -le 65535 ]] && local mysql_params=(-P${2} --protocol=TCP)
sudo mysql --connect-timeout=10 --user=admin -e "$query" "${mysql_params[@]}" 2>/dev/null
[[ $? != "0" ]] && local out="false"
fi
else
echo "${red}============================================" >&2
echo " [Error] Database conection failed." >&2
echo "============================================${end}" >&2
local out="false"
fi
if [[ $out == "false" && $error_display != "false" && $(conf_read quiet) != "true" ]]; then
echo "${red}===================================================" >&2
echo " [Error] Database conection failed! (${1})" >&2
echo "===================================================${end}" >&2
echo "" >&2
echo "false"
elif [[ $out == "false" ]]; then
echo "false"
else
[[ $master_priv == "false" ]] && echo "truebutnotmaster" || echo "true"
fi
}
@ -370,7 +449,7 @@ check_mysql_connection() {
check_external_db_saved() {
if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbu) && -n $(conf_read external-dbp) && -n $(conf_read external-dbx) ]]; then
external_db="[$(conf_read external-dbu),$(conf_read external-dbp),$(conf_read external-dbh):$(conf_read external-dbx)]"
[[ $(conf_read quiet) != "true" ]] && echo "${blu}${dim}External DB credentials found!${end}" >&2
[[ $(conf_read quiet) != "true" ]] && echo "${blu}${dim}External DB credentials found in your saved configuration! ($(conf_read external-dbh):$(conf_read external-dbx))${end}" >&2
fi
}
@ -399,7 +478,7 @@ external_db_parse() {
return
fi
if [[ $(check_mysql_connection $url $port $user $pass) != "true" ]]; then
if [[ $(check_mysql_connection $url $port $user $pass -master-admin) != "true" ]]; then
echo "${red}[ERROR] Cannot connect with your External Database!${end}"
return
else
@ -483,10 +562,26 @@ wp_conf_retrieve() {
# wp_conf_retrieve example.com
# wp_conf_retrieve example.com false false /subfolder
# $1 is domain
# $2 set to false if you want to skip external_db questions.
# $2 set to false if you want to skip external_db questions. ONLY NEEDED (true) when you need master-admin privileges for your DB queries!
# $3 set to false if you want to disable WP Domain Mapping check (wp_pref will be for the main site when disabled, wp_ instead of wp_3_).
# $4 is subfolder
# Prevent unwanted values when called multiple times
unset wp_config
unset wp_dbname
unset wp_dbuser
unset wp_dbhost
unset wp_dbpass
unset wp_dbpref
unset wp_dbhost_host
unset wp_dbhost_port
unset wp_dbhost_socket
unset wp_dbpref_main
unset wp_blogid
unset mysql_params
unset mysql_param
wp_config=$(wp_config_path $1 $4)
# Just in case: We should always check is_wp before calling this function
# The best error message is the one that never shows up! :)
@ -500,42 +595,89 @@ wp_conf_retrieve() {
wp_dbhost=$( wp_config_read $1 DB_HOST $4 )
wp_dbpass=$( wp_config_read $1 DB_PASSWORD $4 )
wp_dbpref=$( grep -F "table_prefix" $wp_config | cut -f 2 -d "'" -s)
wp_extdb_url=$(echo "$wp_dbhost" | cut -f 1 -d ':')
wp_extdb_port=$(echo "$wp_dbhost" | cut -f 2 -d ':' -s)
# wp_dbhost - Always contains the complete string
# wp_dbhost_host - Only the host part
# wp_dbhost_port - Only the port part (default: 3306)
# wp_dbhost_socket - Only the socket path if exist (default: empty)
# Example: localhost:3307 (host: localhost, port:3307)
# Example: localhost:/var/run/mysqld/mysqld.sock (host: localhost, socket:/var/run/mysqld/mysqld.sock)
# Example: mysql.example.com:3306 (host: mysql.example.com, port:3307)
wp_dbhost_host=$(echo "$wp_dbhost" | cut -f 1 -d ':')
local host_pars=$(echo "$wp_dbhost" | cut -f 2 -d ':' -s)
if [[ $host_pars =~ ^[0-9]+$ && $host_pars -ge 0 && $host_pars -le 65535 ]]; then
wp_dbhost_port=$host_pars
mysql_params=(-P${wp_dbhost_port} --protocol=TCP) # Array because it fails to split the args in MySQL http://mywiki.wooledge.org/BashFAQ/050
mysql_param="$wp_dbhost_port"
elif [[ -S $host_pars ]]; then
wp_dbhost_socket=$host_pars
mysql_params="-S${wp_dbhost_socket}"
mysql_param="$wp_dbhost_socket"
else
wp_dbhost_host=$wp_dbhost
fi
wp_dbpref_main=${wp_dbpref} # In case of domain mapping this variable always remains with the main site info
[[ ${wp_dbhost,,} == "localhost" ]] && wp_dbhost=${wp_dbhost,,}
[[ -z $wp_extdb_port ]] && wp_extdb_port="3306"
#[[ -z $wp_dbhost_port ]] && wp_dbhost_port="3306"
if [[ $2 != "false" ]]; then
if [[ -z $external_db && -n $wp_dbhost && $wp_dbhost != "localhost" && $wp_dbhost == "$(conf_read external-dbh):$(conf_read external-dbx)" ]]; then
check_external_db_saved
elif [[ -z $external_db && -n $wp_dbhost && $wp_dbhost != "localhost" && -n $(conf_read external-dbh) && $wp_dbhost != "$(conf_read external-dbh):$(conf_read external-dbx)" ]]; then
echo "${dim}[INFO] External Database saved credentials found, but we cannot use it because not the same host!${end}" >&2
fi
if [[ -n $external_db ]]; then
external_db_parse
if [[ $wp_dbhost != $extdb_host ]]; then
unset external_db
unset extdb_user
unset extdb_pass
unset extdb_host
unset extdb_url
unset extdb_port
# Only used when External DB and Master-Admin privileges are required!
# Example: Cloning site because its needed to create new dbs and users.
# Example: Delete site because its required to drop users.
if [[ $2 != "false" && $wp_dbhost_host != "localhost" && -z $wp_dbhost_socket && $(is_url $wp_dbhost) =~ ^(http|https|true|http\+ip|https\+ip|ip)$ ]]; then
# Don't needed if already exist a login-file with master-admin privileges!
# -external-db have priority, mainly to rewrite or update old/wrong credentials.
if [[ -n $external_db || $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port any -login-file -master-admin) != "true" ]]; then
if [[ -z $external_db && -n $(conf_read external-dbh) && -n $(conf_read external-dbx) && $wp_dbhost == "$(conf_read external-dbh):$(conf_read external-dbx)" ]]; then
check_external_db_saved
elif [[ -z $external_db && -n $(conf_read external-dbh) ]]; then
echo "${dim}[INFO] External Database saved credentials found, but we cannot use it because not the same host!${end}" >&2
fi
fi
if [[ -z $external_db && -n $wp_dbhost && $wp_dbhost != "localhost" ]]; then
echo "" >&2
echo "${gre}External DB${blu} '${wp_dbhost}' ${gre}found in:${blu}${dim} ${1}${4} ${end}" >&2
read -p "${blu}External DB username: ${end}" extdb_user
read -p "${blu}External DB password: ${end}" extdb_pass
if [[ -n $external_db ]]; then
external_db_parse
if [[ $wp_dbhost != $extdb_host ]]; then
unset external_db
unset extdb_user
unset extdb_pass
unset extdb_host
unset extdb_url
unset extdb_port
echo "${red}${dim}[ERROR] External DB credentials cannot be used! (host mismatch)${end}"
fi
fi
if [[ -z $external_db ]]; then
local done="0"
while [[ $done -lt "3" ]]
do
echo "" >&2
echo "${gre}External DB${blu} '${wp_dbhost}' ${gre}found in:${blu}${dim} ${1}${4} ${end}" >&2
read -p "${blu}External DB Master Username: ${end}" extdb_user
read -p "${blu}External DB password: ${hid}" extdb_pass
echo "${hidend}"
if [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $extdb_user $extdb_pass -master-admin) == "true" ]]; then
extdb_host=$wp_dbhost
extdb_url=$wp_dbhost_host
extdb_port=$wp_dbhost_port
external_db="[${extdb_user},${extdb_pass},${extdb_host}]"
break
fi
local done=$(($done+1))
done
fi
else
# We always need these variables for non-WP sites!
unset external_db
unset extdb_user
unset extdb_pass
extdb_host=$wp_dbhost
extdb_url=$wp_extdb_url
extdb_port=$wp_extdb_port
external_db="[${extdb_user},${extdb_pass},${extdb_host}]"
extdb_url=$wp_dbhost_host
extdb_port=$wp_dbhost_port
echo "${blu}${dim}External DB Credentials found! (${wp_dbhost})${end}" >&2
fi
fi
@ -550,13 +692,14 @@ wp_conf_retrieve() {
local maindom=$1
fi
# Parked site don't have support for subfolders, but we send it here as double check.
# If we send only the domain and the original request contains the subfolder, we can get a wrong value in return.
if [[ $(is_wp_multisite $maindom $4) =~ ^(subdomain|subdirectory)$ ]]; then
local dbq="USE $wp_dbname; SELECT blog_id FROM ${wp_dbpref}blogs WHERE domain='$1' OR domain='www.$1';"
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
local bid=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbq")
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
local bid=$(sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbq")
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
local bid=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbq" "${mysql_params[@]}")
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
local bid=$(sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$dbq")
fi
wp_blogid=$(echo $bid | cut -f 2 -d " " -s)
@ -639,7 +782,7 @@ check_for_parameters() {
local check=$(echo "${arg}" | cut -c-1)
local arg=${arg:1}
local par=$(echo "${arg}" | cut -d'=' -f 1 -s)
local val=$(echo "${arg}" | cut -d'=' -f 2 -s)
local val=$(echo "${arg}" | cut -d'=' -f 2- -s)
[[ -z $par ]] && par=$arg
[[ -z $val ]] && val=true
@ -698,6 +841,7 @@ is_domain() {
is_url_path() {
# Should start with / and after that all should be valid characters.
# https://stackoverflow.com/questions/4669692/valid-characters-for-directory-part-of-a-url-for-short-links
if [[ -n $1 && $1 =~ ^\/([\]A-Za-z0-9_\/\.:\!\*\'\[\(\)\;@\&\=\+\$\,\?#\~\%\-]+)?$ ]]; then
echo "true"
else
@ -707,70 +851,114 @@ is_url_path() {
is_url() {
# Output: http,https,ip,unix,true,false Example: $(is_url $domain)
# Global variables when -split is set: url_scheme, url_host, url_path, url_port Example: is_url $domain -split
# Output: http,https,true,http+ip,https+ip,ip,http+unix,https+unix,unix,false - Example: $(is_url $domain)
# Global variables when -split is set: url_type, url_scheme, url_host, url_path, url_port - Example: is_url $domain -split
# Examples:
# example.com -> true
# http://example.com -> http
# https://example.com -> https
# 1.1.1.1 -> ip
# http://1.1.1.1 -> http+ip
# https://1.1.1.1 -> https+ip
# unix:/tmp/backend.socket:/uri/ -> unix
# http://unix:/tmp/backend.socket:/uri/ -> http+unix
# https://unix:/tmp/backend.socket:/uri/ -> https+unix
# Unix sockets are mainly used in upstream and proxy_pass
# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
# Important, because they can have a previous value when runs multiple times.
unset url_scheme
unset url_host
unset url_path
unset url_port
unset url_type
# Here we are assuming URL with scheme
local scheme=$(echo "${1,,}" | cut -d':' -f 1 -s)
local host=$(echo "${1,,}" | cut -d':' -f 2 -s | cut -d'/' -f 3 -s)
local path=$(echo "${1,,}" | cut -d':' -f 2- -s | cut -d'/' -f 4- -s)
local port=$(echo "${1,,}" | cut -d':' -f 3 -s | cut -d'/' -f 1 )
local host=$(echo "${1,,}" | cut -d'/' -f 3 -s)
[[ $(echo $host | cut -d':' -f 2 -s) =~ ^[0-9]+$ ]] && local host=$(echo $host | cut -d':' -f 1) # We need this 2dn step to prevent http://example.com:/tmp (empty port)
local path=$(echo "${1,,}" | cut -d'/' -f 4- -s)
local port=$(echo "${1,,}" | cut -d'/' -f 3 -s | cut -d':' -f 2 -s)
local out="false"
# In case of no-scheme format
# In case of URL with no-scheme
local hosted=$(echo "${1,,}" | cut -d'/' -f 1)
# In case of no-scheme have port included
[[ $(echo $hosted | cut -d':' -f 2 -s) =~ ^[0-9]+$ ]] && hosted=$(echo $hosted | cut -d':' -f 1)
if [[ $1 =~ ^((http|https)+\:\/\/)?unix:(.+):(\/.*)?$ ]]; then
out="unix"
if [[ $1 =~ ^((http|https)+\:\/\/)?unix:\/[^\:]+(:\/.*)?$ ]]; then
unset port
if [[ $scheme == "unix" ]]; then
local host="$(echo "${1,,}" | cut -d':' -f 1-2 -s):"
local host="$(echo "${1,,}" | cut -d':' -f 1-2 -s)"
local path=$(echo "${1,,}" | cut -d':' -f 3- -s)
local out="unix"
unset scheme
else
local host="$(echo "${1,,}" | cut -d':' -f 2-3 -s):"
local host="$(echo "${1,,}" | cut -d':' -f 2-3 -s)"
local host=${host:2}
local path=$(echo "${1,,}" | cut -d':' -f 4- -s)
local out="${scheme}+unix"
fi
local path=$(echo "${1,,}" | rev | cut -d':' -f 1 -s | rev | cut -d '/' -f 2- -s)
local port=""
elif [[ $scheme =~ ^(http|https)$ ]]; then
if [[ $(is_domain $host) != "true" && $(is_ip $host) != "true" ]]; then
out="false"
local out="false"
elif [[ -n $path && $(is_url_path /$path) != "true" ]]; then
out="false"
local out="false"
elif [[ -n $port ]] && ! [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then
out="false"
local out="false"
elif [[ $(is_ip $host) == "true" ]]; then
local out="${scheme}+ip"
else
out=$scheme
local out="${scheme}"
fi
elif [[ $(is_domain $hosted) == "true" || $(is_ip $hosted) == "true" ]]; then
scheme=""
host=$hosted
path=$(echo "${1,,}" | cut -d'/' -f 2- -s)
port=$(echo "${1,,}" | cut -d'/' -f 1 | cut -d':' -f 2 -s)
local scheme=""
local host=$hosted
local path=$(echo "${1,,}" | cut -d'/' -f 2- -s)
local port=$(echo "${1,,}" | cut -d'/' -f 1 | cut -d':' -f 2 -s)
if [[ -n $path && $(is_url_path /$path) != "true" ]]; then
out="false"
local out="false"
elif [[ -n $port ]] && ! [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then
out="false"
local out="false"
elif [[ $(is_ip $hosted) == "true" ]]; then
out="ip"
local out="ip"
else
out="true"
local out="true"
fi
else
out="false"
local out="false"
fi
# If path doesn't begin with /, then add it!
# If there is no path, but the url ends with /, then / is a valid path, so show it as path!
[[ ( -n $path && $(echo "$path" | cut -c-1) != "/" ) || ( -z $path && $(echo "${1}" | rev | cut -c-1) == "/" ) ]] && local path="/$path"
[[ -n $path && $out =~ ^(unix|http\+unix|https\+unix)$ ]] && local path=":${path}"
# Final validation, just because we need to be really sure! (double check!!)
if [[ -n $scheme && -n $host && -n $port ]]; then
local url_final="${scheme}://${host}:${port}${path}"
elif [[ -z $scheme && -n $host && -n $port ]]; then
local url_final="${host}:${port}${path}"
elif [[ -n $scheme && -n $host && -z $port ]]; then
local url_final="${scheme}://${host}${path}"
elif [[ -z $scheme && -n $host && -z $port ]]; then
local url_final="${host}${path}"
fi
[[ $url_final != ${1,,} ]] && out="false" # SHORT CIRCUIT!!!
# Final output!
if [[ $2 == "-split" && $out != "false" ]]; then
url_scheme=$scheme
url_host=$host
[[ -n $path || $(echo "${1}" | rev | cut -c-1) == "/" ]] && url_path="/$path" # Check if / is alone, it's also a valid path!
url_port=$port
[[ -n $scheme ]] && url_scheme=$scheme
[[ -n $path ]] && url_path=$path
[[ -n $port ]] && url_port=$port
url_host=$host # We are very sure these two vars are never empty! ;)
url_type=$out # empty/unset when false
elif [[ $2 != "-split" ]]; then
echo $out
fi
@ -889,17 +1077,17 @@ is_cache() {
is_wp_multisite() {
if [[ $(is_wp $1 $2) == "true" ]]; then
wp_conf_retrieve $1 true false $2 # 3th parameter should always be 'false' to prevent an infinite loop!
if [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref ]]; then
wp_conf_retrieve $1 false false $2 # 3th parameter should always be 'false' to prevent an infinite loop!
if [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref ]]; then
local dbsetup="SELECT * FROM information_schema.tables WHERE table_schema = '$wp_dbname' AND table_name = '${wp_dbpref}sitemeta' LIMIT 1;"
local dbsetuc="USE $wp_dbname; SELECT meta_value FROM ${wp_dbpref}sitemeta where meta_key='subdomain_install';"
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
wpmu=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup")
[[ -n $wpmu ]] && mutype=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetuc")
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
wpmu=$(sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbsetup")
[[ -n $wpmu ]] && mutype=$(sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbsetuc")
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
wpmu=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup" "${mysql_params[@]}")
[[ -n $wpmu ]] && mutype=$(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetuc" "${mysql_params[@]}")
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
wpmu=$(sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$dbsetup")
[[ -n $wpmu ]] && mutype=$(sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$dbsetuc")
fi
if [[ $(echo $mutype | cut -f 2 -d " " -s) == "1" ]]; then
@ -923,20 +1111,20 @@ is_wp_installed() {
# When you create a WP site, DB is created only after the initial WP installation wizard is completed.
if [[ $(is_wp $1 $2) == "true" ]]; then
wp_conf_retrieve $1 true false $2
wp_conf_retrieve $1 false false $2
# It makes no sense checking for mapped domains, that's why is set to false.
# is_wp_installed will return true even if domain is not mapped, only a domain parked pointing to a WP site.
# if we want to check for mapped domains: wp_conf_retrieve $1 true false $2 > /dev/null (silenced echoed messages because affects this function)
# but that makes no-sense because even if it's not mapped, it will return the main site data
# Until now, we don't need a "is_domain_mapped" function, maybe we can change "is_wp_installed" to only be true for main domain sites, not parked (if it's not mapped). This can change in the future!!!
if [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref ]]; then
local dbsetup="SELECT * FROM information_schema.tables WHERE table_schema = '$wp_dbname' AND table_name = '${wp_dbpref}options' LIMIT 1;"
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
[[ -n $(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup") ]] && echo "true" || echo "false"
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
[[ -n $(sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbsetup") ]] && echo "true" || echo "false"
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
[[ -n $(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup" "${mysql_params[@]}") ]] && echo "true" || echo "false"
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
[[ -n $(sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$dbsetup") ]] && echo "true" || echo "false"
else
echo "false"
fi
@ -987,7 +1175,9 @@ is_subfolder() {
echo "proxy"
elif [[ $(is_html $1 $2) == "true" ]]; then
echo "html"
elif [[ -d /var/www/$1/htdocs/$2 ]]; then
elif [[ -d /var/www/${1}/htdocs${2} && -z $(find /var/www/${1}/htdocs${2} -maxdepth 1 -type f | head -n 1) ]]; then
echo "empty"
elif [[ -d /var/www/${1}/htdocs${2} ]]; then
echo "true"
else
echo "false"
@ -1041,13 +1231,8 @@ is_log() {
escaped_string() {
if [[ $2 == "-grep" ]]; then
# Escaped characters: Put a backslash before $.*/[\]^()+
echo $(echo $1 | sed "s#/#\\\/#g" | sed "s/\./\\\./g" | sed "s/\\$/\\\\$/g" | sed "s/\*/\\\*/g" | sed "s/\\\/\\\\/g" | sed "s/\[/\\\[/g" | sed "s/\]/\\\]/g" | sed "s/\^/\\\^/g")
else
# Escaped characters: Put a backslash before $.*/[\]^
echo $(echo $1 | sed "s#/#\\\/#g" | sed "s/\./\\\./g" | sed "s/\\$/\\\\$/g" | sed "s/\*/\\\*/g" | sed "s/\\\/\\\\/g" | sed "s/\[/\\\[/g" | sed "s/\]/\\\]/g" | sed "s/\^/\\\^/g" | sed -E "s/\(/\\\(/g" | sed -E "s/\)/\\\)/g" | sed "s/\+/\\\+/g")
fi
# Escaped characters: Put a backslash before $.*/[\]^()+
echo $(echo $1 | sed "s#/#\\\/#g" | sed "s/\./\\\./g" | sed "s/\\$/\\\\$/g" | sed "s/\*/\\\*/g" | sed "s/\\\/\\\\/g" | sed "s/\[/\\\[/g" | sed "s/\]/\\\]/g" | sed "s/\^/\\\^/g" | sed -E "s/\(/\\\(/g" | sed -E "s/\)/\\\)/g" | sed "s/\+/\\\+/g")
}
@ -1116,7 +1301,7 @@ edit_wp_db_url_multisite() {
# $3 - WP BlogID to force (optional)
if [[ -n $1 && -n $2 && $(is_wp_multisite $1) =~ ^(subdomain|subdirectory)$ ]]; then
wp_conf_retrieve $1 true true $subfolder
wp_conf_retrieve $1 false true $subfolder
# Force WP blogID
if [[ -n $3 && $3 =~ ^[0-9]+$ ]]; then
@ -1124,9 +1309,9 @@ edit_wp_db_url_multisite() {
local wp_blogid=$3
local dbsetup="SELECT * FROM information_schema.tables WHERE table_schema = '$wp_dbname' AND table_name = '${wp_dbpref}options' LIMIT 1;"
if [[ $wp_dbhost == "localhost" && -n $(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup") ]]; then
if [[ $wp_dbhost_host == "localhost" && -n $(sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup" "${mysql_params[@]}") ]]; then
echo "${blu}${dim}WordPress blog ID (${wp_dbpref}) found and validated in a WP Multisite Network!${end}" >&2
elif [[ $wp_dbhost != "localhost" && -n $(sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbsetup") ]]; then
elif [[ $wp_dbhost_host != "localhost" && -n $(sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$dbsetup") ]]; then
echo "${blu}${dim}WordPress blog ID (${wp_dbpref}) found and validated in a WP Multisite Network!${end}" >&2
else
echo "${red}${dim}[ERROR] WordPress blog ID (${wp_dbpref}) not found!${end}" >&2
@ -1135,20 +1320,18 @@ edit_wp_db_url_multisite() {
fi
fi
if [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref_main && -n $wp_blogid ]]; then
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
if [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref_main && -n $wp_blogid ]]; then
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin "${mysql_params[@]}" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref_main}blogs SET domain='$2' WHERE blog_id='${wp_blogid}';
UPDATE ${wp_dbpref_main}blogs SET path='/' WHERE blog_id='${wp_blogid}';
FLUSH PRIVILEGES;
_EOF_
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" <<_EOF_
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref_main}blogs SET domain='$2' WHERE blog_id='${wp_blogid}';
UPDATE ${wp_dbpref_main}blogs SET path='/' WHERE blog_id='${wp_blogid}';
FLUSH PRIVILEGES;
_EOF_
else
echo "${red}${dim}[ERROR] WordPress Multisite database cannot be updated!${end}" >&2
@ -1168,23 +1351,22 @@ edit_wp_db_url() {
#IMPORTANT NOTE: Always be sure to take "www" Force-Redirect into consideration before updating WP Url in database.
if [[ -n $1 && -n $2 && $(is_wp_installed $1 $3) == "true" ]]; then
wp_conf_retrieve $1 true true $3
if [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
wp_conf_retrieve $1 false true $3
if [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin "${mysql_params[@]}" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref}options SET option_value='$2' WHERE option_name='home';
UPDATE ${wp_dbpref}options SET option_value='$2' WHERE option_name='siteurl';
FLUSH PRIVILEGES;
_EOF_
echo "${gre}${dim}WordPress site${blu} ${1}${3} ${gre}database URL updated! ${blu}(${2})${end}"
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" <<_EOF_
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref}options SET option_value='$2' WHERE option_name='home';
UPDATE ${wp_dbpref}options SET option_value='$2' WHERE option_name='siteurl';
FLUSH PRIVILEGES;
_EOF_
echo "${gre}${dim}WordPress site${blu} ${1}${3} ${gre}database URL updated! ${blu}(${2})${end}"
@ -1254,19 +1436,22 @@ dbword_check() {
local win="$1"
local RANDOM_NAME="Webinoly_$(pwgen -s -1)"
# Reserved words - https://mariadb.com/kb/en/library/reserved-words/ https://dev.mysql.com/doc/mysqld-version-reference/en/keywords-8-0.html
# https://mariadb.com/kb/en/library/identifier-names/
# We have both MySQL and MariaDB reserved words.
# We have information_schema.keywords, but we prefer do this check manually because mariadb doesn't have a way to know which keywords are reserved.
# Trim start/end spaces and quotes
win=$(echo ${win//\'})
win=$(echo ${win//\"} | xargs)
# Check Lenght
[[ ( ${#win} -gt 80 && $2 == "user" ) || ( ${#win} -gt 64 && $2 != "user" ) ]] && win=$RANDOM_NAME
# MySQL user names are up to 32 characters long.
# MariaDB - Usernames can be up to 80 characters long before 10.6 and starting from 10.6 it can be 128 characters long.
# DB name is 64 for both!
[[ ( ${#win} -gt 64 && $2 != "user" ) ]] && win=$RANDOM_NAME
[[ ( ${#win} -gt 32 && $2 == "user" ) && $(conf_read db-engine) == "mysql" ]] && win=$RANDOM_NAME
[[ ( ${#win} -gt 80 && $2 == "user" ) && $(conf_read db-engine) != "mysql" ]] && win=$RANDOM_NAME
# Reserved words
# Reserved words - https://mariadb.com/kb/en/library/reserved-words/ https://dev.mysql.com/doc/mysqld-version-reference/en/keywords-8-0.html
# https://mariadb.com/kb/en/library/identifier-names/
# We have both MySQL and MariaDB reserved words.
# We have information_schema.keywords, but we prefer do this check manually because mariadb doesn't have a way to know which keywords are reserved.
if [[ ${win^^} =~ ^(ACCESSIBLE|ADD|ALL|ALTER|ANALYZE|AND|AS|ASC|ASENSITIVE|BEFORE|BETWEEN|BIGINT|BINARY|BLOB|BOTH|BY|CALL|CASCADE|CASE|CHANGE|CHAR|CHARACTER|CHECK|COLLATE|COLUMN|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CUBE|CUME_DIST|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DEC|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DENSE_RANK|DESC|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DIV|DOUBLE|DROP|DUAL|EACH|ELSE|ELSEIF|EMPTY|ENCLOSED|ESCAPED|EXCEPT|EXISTS|EXIT|EXPLAIN|FALSE|FETCH|FIRST_VALUE|FLOAT|FLOAT4|FLOAT8|FOR|FORCE|FOREIGN|FROM|FULLTEXT|FUNCTION|GENERATED|GET|GRANT|GROUP|GROUPING|GROUPS|HAVING|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|IF|IGNORE|IN|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INT|INT1|INT2|INT3|INT4|INT8|INTEGER|INTERSECT|INTERVAL|INTO|IO_AFTER_GTIDS|IO_BEFORE_GTIDS|IS|ITERATE|JOIN|JSON_TABLE|KEY|KEYS|KILL|LAG|LAST_VALUE|LATERAL|LEAD|LEADING|LEAVE|LEFT|LIKE|LIMIT|LINEAR|LINES|LOAD|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|MASTER_BIND|MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MOD|MODIFIES|NATURAL|NOT|NO_WRITE_TO_BINLOG|NTH_VALUE|NTILE|NULL|NUMERIC|OF|ON|OPTIMIZE|OPTIMIZER_COSTS|OPTION|OPTIONALLY|OR|ORDER|OUT|OUTER|OUTFILE|OVER|PARTITION|PERCENT_RANK|PRECISION|PRIMARY|PROCEDURE|PURGE|RANGE|RANK|READ|READS|READ_WRITE|REAL|RECURSIVE|REFERENCES|REGEXP|RELEASE|RENAME|REPEAT|REPLACE|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RIGHT|RLIKE|ROW|ROWS|ROW_NUMBER|SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SET|SHOW|SIGNAL|SMALLINT|SPATIAL|SPECIFIC|SQL|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|SSL|STARTING|STORED|STRAIGHT_JOIN|SYSTEM|TABLE|TERMINATED|THEN|TINYBLOB|TINYINT|TINYTEXT|TO|TRAILING|TRIGGER|TRUE|UNDO|UNION|UNIQUE|UNLOCK|UNSIGNED|UPDATE|USAGE|USE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|VIRTUAL|WHEN|WHERE|WHILE|WINDOW|WITH|WRITE|XOR|YEAR_MONTH|ZEROFILL|CURRENT_ROLE|DELETE_DOMAIN_ID|DO_DOMAIN_IDS|GENERAL|IGNORE_DOMAIN_IDS|IGNORE_SERVER_IDS|MASTER_HEARTBEAT_PERIOD|OFFSET|PAGE_CHECKSUM|PARSE_VCOL_EXPR|POSITION|REF_SYSTEM_ID|RETURNING|SLOW|STATS_AUTO_RECALC|STATS_PERSISTENT|STATS_SAMPLE_PAGES)$ ]]; then
win=$RANDOM_NAME
fi
@ -1274,6 +1459,9 @@ dbword_check() {
# Only numerals 0-9, basic Latin letters, both lowercase and uppercase, dollar sign, underscore.
[[ $win =~ ^[0-9A-Za-z\$_]+$ ]] || win=$RANDOM_NAME
# Dollar sign at the beggining not allowed.
[[ $(echo "${win}" | cut -c-1) == "$" ]] && win=$RANDOM_NAME
# Can not contain only numbers
[[ $win =~ ^[0-9]+$ ]] && win=$RANDOM_NAME
@ -1291,12 +1479,13 @@ cnf_delete() {
cnf_write() {
#Example: cnf_write error_log /var/log/mysql/error.log
cnf_delete $1
mysql_default_cnf
[[ -n $2 ]] && local value="= $2"
echo "$1 $value" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf
}
cnf_read() {
#Example: cnf_read error_log
echo $( grep -P "^$1 = " $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf | cut -f 2 -d "=" -s | sed 's/ //g' )
[[ -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]] && echo $( grep -P "^$1 = " $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf | cut -f 2 -d "=" -s | sed 's/ //g' )
}
mysql_default_cnf() {
# Creates the default Webinoly Configuration File (.cnf) for mysql if not exists.
@ -1305,7 +1494,11 @@ mysql_default_cnf() {
sudo chmod 644 $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf
sudo chown -R root:root $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf
echo "# Webinoly MySQL Configuration File
echo "# Webinoly MySQL/MariaDB Configuration File
######################################################################
# Webinoly (This configuration file is only for internal use) #
# Please, DO NOT MODIFY this file, it can cause unexpected behavior. #
######################################################################
[mysqld]
log_error = /var/log/mysql/error.log" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf
fi
@ -1317,8 +1510,12 @@ mysql_login_cnf() {
sudo chmod 644 $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
sudo chown -R root:root $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "# Webinoly MySQL Login Configuration File
# You can use the 'mysql-config-editor' and then remove this file.
echo "# Webinoly MySQL/MariaDB Login Configuration File
######################################################################
# Webinoly (This configuration file is only for internal use) #
# Please, DO NOT MODIFY this file, it can cause unexpected behavior. #
######################################################################
" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
fi
}
@ -1604,7 +1801,7 @@ custom_cache_global() {
[[ -n $skip_cache ]] && local value=$skip_cache
sudo sed -Ei "/^# Value: $(escaped_string $value)( .*)?$/,/^# CacheRuleEnd/{/.*/d}" $confile
[[ ! -s $confile ]] && sudo rm $confile
[[ -f $confile && ( ! -s $confile || -z $(cat -v $confile | grep -m 1 '[^[:space:]]')) ]] && sudo rm $confile # Better because also check for files containing only empty-spaces!
fi
echo "${gre}Cache rule successfully removed!${end}"
else
@ -1750,3 +1947,23 @@ help_message() {
echo "${dim}Link: https://webinoly.com/documentation/ ${end}"
echo ""
}
ads_donate() {
# Donations message displayed once a day!
# Note: Don't run when stdout is redirected to /dev/null: https://unix.stackexchange.com/questions/484228/how-to-check-if-stdin-is-dev-null-from-the-shell
if [[ -z $(conf_read cron-ads) && -n $EPOCHSECONDS ]]; then
conf_write cron-ads $EPOCHSECONDS
elif ! [[ $(conf_read cron-ads) =~ ^[0-9]+$ ]] || [[ $(conf_read cron-ads) -gt $EPOCHSECONDS ]]; then # Autofix! (Just in case!)
conf_write cron-ads $EPOCHSECONDS
elif [[ $TERM != "dumb" && -n $EPOCHSECONDS && -n $(conf_read cron-ads) && $(($EPOCHSECONDS-$(conf_read cron-ads))) -gt 86400 ]] && ! [[ /dev/stdout -ef /dev/null ]]; then
echo "${blu}"
echo "****************************************************************************"
echo "******************** ${bol}Are you enjoying Webinoly?${end}${blu} ********************"
echo "*** ${dim}With just \$1 you can make a difference to keep this project alive!${end}${blu} ***"
echo "*********** ${bol}Donate Now!${end}${blu}${dim} https://github.com/sponsors/QROkes${end}${blu} ***********"
echo "****************************************************************************"
echo "${end}"
conf_write cron-ads $EPOCHSECONDS
fi
}

2
lib/headers
View file

@ -73,7 +73,7 @@ http_header_xfo() {
fi
if [[ $header_data == "ALLOW-FROM" ]]; then
if [[ -z $(conf_read header-xfo-url) ]] || ! [[ $(is_url $(conf_read header-xfo-url)) =~ ^(http|https|ip|true)$ ]]; then
if [[ -z $(conf_read header-xfo-url) ]] || ! [[ $(is_url $(conf_read header-xfo-url)) =~ ^(http|https|true|http\+ip|https\+ip|ip)$ ]]; then
echo "${red}[ERROR] Invalid URL for X-Frame-Options header!${end}"
return 1
fi

292
lib/install
View file

@ -22,13 +22,13 @@ fi
linux_optim() {
api-events_update in4
api-events_update ic1
[[ $(conf_read linux-optim) == "true" ]] && return
# Kernel Optimization
if [[ $(conf_read kernel-optim) != "false" ]]; then
echo "${gre}Wait while Webinoly optimize your Ubuntu Operating System...${end}"
api-events_update in5
api-events_update ic2
[[ -f /etc/sysctl.d/90-webinoly.conf ]] && sudo rm -rf /etc/sysctl.d/90-webinoly.conf
sudo cp /opt/webinoly/templates/general/sysctl /etc/sysctl.d/90-webinoly.conf
sudo modprobe tcp_bbr
@ -82,7 +82,7 @@ linux_optim() {
# Also: 'sudo service procps force-reload' but we prefer this method to better display errors (just in case)
sudo sysctl -p -q /etc/sysctl.d/90-webinoly.conf
api-events_update in6
api-events_update ic3
fi
# File directors per process
@ -101,7 +101,7 @@ linux_optim() {
# File directors for Nginx
[[ ! -d /etc/systemd/system/nginx.service.d ]] && sudo mkdir /etc/systemd/system/nginx.service.d
[[ ! -f /etc/systemd/system/nginx.service.d/nofile_limit.conf ]] && sudo touch /etc/systemd/system/nginx.service.d/nofile_limit.conf
[[ ! -s /etc/systemd/system/nginx.service.d/nofile_limit.conf ]] && sudo echo "[Service]
[[ ! -s /etc/systemd/system/nginx.service.d/nofile_limit.conf || -z $(cat -v /etc/systemd/system/nginx.service.d/nofile_limit.conf | grep -m 1 '[^[:space:]]') ]] && sudo echo "[Service]
LimitNOFILE=$fd_per_process" >> /etc/systemd/system/nginx.service.d/nofile_limit.conf
# Disable Transparent Huge Pages
@ -133,7 +133,7 @@ WantedBy=multi-user.target" >> /etc/systemd/system/webinoly-disable-thp.service
sudo systemctl daemon-reload
[[ $(conf_read nginx) == "true" ]] && sudo systemctl restart nginx # We need to kill the process, don't use reload
conf_write linux-optim true
api-events_update in9
api-events_update ic6
}
@ -188,7 +188,14 @@ nginx_install() {
sudo nginx -t && sudo systemctl start nginx
sudo systemctl enable nginx
conf_write nginx true
echo "${gre}Nginx has been installed successfully! ${end}"
if [[ -d /etc/nginx ]] && systemctl is-active --quiet nginx; then
echo "${gre}Nginx has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during Nginx installation!${end}"
fi
api-events_update in2
}
@ -203,23 +210,30 @@ php_install() {
fi
local ver=$(conf_read php-ver)
sudo apt -y install php${ver}-common php${ver}-cli php${ver}-fpm php${ver}-curl php${ver}-gd php${ver}-imap php${ver}-readline php${ver}-mysql php${ver}-mbstring php${ver}-bcmath php${ver}-mysql php${ver}-opcache php${ver}-zip php${ver}-xml php${ver}-soap php${ver}-imagick php${ver}-msgpack php${ver}-igbinary php${ver}-intl php-pear graphviz ghostscript
sudo apt -y install php${ver}-common php${ver}-cli php${ver}-fpm php${ver}-curl php${ver}-gd php${ver}-imap php${ver}-readline php${ver}-mysql php${ver}-mbstring php${ver}-bcmath php${ver}-opcache php${ver}-zip php${ver}-xml php${ver}-soap php${ver}-imagick php${ver}-msgpack php${ver}-igbinary php${ver}-intl php-pear graphviz ghostscript
conf_write php true
if [[ -d /etc/php/${ver}/fpm ]] && systemctl is-active --quiet php${ver}-fpm; then
echo "${gre}PHP has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during PHP installation!${end}"
fi
api-events_update ip2
echo "${gre}PHP has been installed successfully! ${end}"
}
mysql_install() {
api-events_update im1
api-events_update im3
echo "${gre}MySQL/MariaDB version '$(conf_read mysql-ver)' is set as default.${end}"
# debconf-utils for unattended scripts
# debconf-get-selections | grep phpmyadmin <<-- list conf variables
# Generate mysql user passwords
if [[ -z $(conf_read mysql-root) && -z $(conf_read mysql-admin) ]]; then
if [[ -z $(conf_read mysql-root) || -z $(conf_read mysql-admin) ]]; then
local AUTOGENPASS_ROOT=`pwgen -s -1 16`
local AUTOGENPASS_ADMIN=`pwgen -s -1 16`
local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt )
@ -230,39 +244,35 @@ mysql_install() {
# In case of re-installation after purge with keep-data option.
local AUTOGENPASS_ROOT=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
local AUTOGENPASS_ADMIN=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
local reinstall="true"
conf_write mysql-reinstall true
fi
# MySQL Installation
# MySQL/MariaDB Installation
if [[ $(conf_read db-engine) == "mysql" ]]; then
echo "mysql-community-server mysql-community-server/root-pass password $AUTOGENPASS_ROOT" | debconf-set-selections
echo "mysql-community-server mysql-community-server/re-root-pass password $AUTOGENPASS_ROOT" | debconf-set-selections
# We set the root password in the next step after installation.
echo "mysql-community-server mysql-community-server/root-pass password " | debconf-set-selections
#echo "mysql-community-server mysql-community-server/re-root-pass password $AUTOGENPASS_ROOT" | debconf-set-selections
echo "mysql-community-server mysql-server/default-auth-override select Use Strong Password Encryption (RECOMMENDED)" | debconf-set-selections
sudo apt -y install mysql-server
else
local ver=$(conf_read mysql-ver)
echo "mariadb-server-${ver} mysql-server/root_password password $AUTOGENPASS_ROOT" | debconf-set-selections
echo "mariadb-server-${ver} mysql-server/root_password_again password $AUTOGENPASS_ROOT" | debconf-set-selections
# This option is no longer available in recent MariaDB versions, so we set the root password in the next step after installation.
#local ver=$(conf_read mysql-ver)
#echo "mariadb-server-${ver} mysql-server/root_password password $AUTOGENPASS_ROOT" | debconf-set-selections
#echo "mariadb-server-${ver} mysql-server/root_password_again password $AUTOGENPASS_ROOT" | debconf-set-selections
sudo apt -y install apt-transport-https dirmngr mariadb-server
fi
conf_write mysql true
# MySQL login data (tmp)
mysql_login_cnf
echo "[client]
user = root
password = $AUTOGENPASS_ROOT
host = localhost" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
# https://mariadb.com/kb/en/mysql_upgrade/
if [[ $reinstall == "true" ]]; then
echo "${blu}${dim}Seems like you are reinstalling MySQL... Upgrading your old tables!${end}"
sudo mysql_upgrade --user=root --force --silent
fi
#Instead of mysql_secure_installation we do this: (same but manually, because not acept unattended)
sudo mysql --user=root <<_EOF_
# - Set a password for root accounts
# - Remove the root accounts accessible from outside the localhost.
# - Remove anonymous-user accounts.
# - Delete the test database, accessible by anonymous users.
# - Reload the user privileges tables.
if [[ $(conf_read mysql-reinstall) != "true" ]]; then # Just for new and fresh installations! (not needed when reinstalling)
echo "${blu}${dim}MySQL/MariaDB Secure Installation! ${end}"
sudo mysql --user=root <<_EOF_
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
@ -271,24 +281,49 @@ CREATE USER IF NOT EXISTS 'admin'@'localhost' IDENTIFIED BY '${AUTOGENPASS_ADMIN
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
_EOF_
if [[ $(conf_read db-engine) == "mysql" ]]; then
sudo mysql --user=root -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '${AUTOGENPASS_ROOT}';FLUSH PRIVILEGES;"
else
sudo mysql --user=root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${AUTOGENPASS_ROOT}';FLUSH PRIVILEGES;"
fi
fi
sudo rm -rf $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
if [[ -d /etc/mysql ]] && systemctl is-active --quiet mysql; then
echo "${gre}MySQL/MariaDB has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during MySQL/MariaDB installation!${end}"
fi
api-events_update im4
echo "${gre}MySQL has been installed successfully! ${end}"
}
mysql_client_install() {
api-events_update im2
api-events_update im1
[[ $(conf_read db-engine) != "mysql" ]] && sudo apt -y install mariadb-client || sudo apt -y install mysql-client
conf_write mysql-client true
api-events_update im3
echo "${gre}MySQL Client has been successfully installed!${end}"
if [[ -d /etc/mysql ]] && which mysql >/dev/null ; then
echo "${gre}MySQL/MariaDB Client has been successfully installed!${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during MySQL/MariaDB installation!${end}"
fi
api-events_update im2
}
#NGINX OPTIM
nginx_optim() {
api-events_update in3
if [[ ! -d /etc/nginx ]]; then
echo "${red}[ERROR] Nginx Optimization process aborted!${end}"
return
fi
# Check if exists in case of server-reset
[[ ! -f /opt/webinoly/templates/source/default ]] && sudo cp -p /etc/nginx/sites-available/default /opt/webinoly/templates/source/
@ -401,8 +436,8 @@ location = /xmlrpc.php {
conf_write server-version $svr_version
conf_write nginx-optim true
sudo systemctl reload nginx
api-events_update in10
echo "${gre}Nginx has been successfully Optimized by Webinoly! ${end}"
api-events_update in4
}
@ -410,9 +445,13 @@ location = /xmlrpc.php {
# PHP OPTIM
php_optim() {
api-events_update ip3
local ver=$(conf_read php-ver)
if [[ ! -d /etc/php/${ver}/fpm ]]; then
echo "${red}[ERROR] PHP Optimization process aborted!${end}"
return
fi
# Check if exist in case of server-reset
local ver=$(conf_read php-ver)
[[ ! -f /opt/webinoly/templates/source/php.ini ]] && sudo cp -p /etc/php/${ver}/fpm/php.ini /opt/webinoly/templates/source/
[[ ! -f /opt/webinoly/templates/source/www.conf ]] && sudo cp -p /etc/php/${ver}/fpm/pool.d/www.conf /opt/webinoly/templates/source/
[[ ! -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cp -p /etc/php/${ver}/fpm/php-fpm.conf /opt/webinoly/templates/source/
@ -462,28 +501,36 @@ php_optim() {
[[ $(conf_read php-tool-redis) == "true" && -n $(conf_read redis-max-mem) ]] && redis_optim
conf_write php-optim true
sudo systemctl restart php${ver}-fpm
api-events_update ip4
echo "${gre}PHP has been successfully Optimized by Webinoly! ${end}"
api-events_update ip4
}
# MySQL OPTIM
# MySQL/MariaDB OPTIM
mysql_optim() {
api-events_update im5
if [[ ! -d /etc/mysql ]]; then
echo "${red}[ERROR] MySQL/MariaDB Optimization process aborted!${end}"
return
fi
# MySQL login data
mysql_login_cnf
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "[client]
mysql_default_cnf
# MySQL/MariaDB login data
mysql_login_cnf
if [[ -n $(conf_read mysql-admin) ]]; then
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "[client]
user = admin
password = $( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
host = localhost
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
fi
# Disabled by default!
[[ $(conf_read mysql-log-binary) != "true" ]] && sudo log -mysql=binary -disable || sudo log -mysql=binary -enable
# If value is empty we will do nothing, to prevent undesired things (before 1.17.1 these dynvars were not used via command only conf file, now are both).
[[ $(conf_read mysql-log-binary) == "true" ]] && sudo log -mysql=binary -enable
[[ $(conf_read mysql-log-binary) == "false" ]] && sudo log -mysql=binary -disable
# If value is empty we will respect any other previous action done via commmand.
[[ $(conf_read mysql-log-general) == "true" ]] && sudo log -mysql=general -enable
[[ $(conf_read mysql-log-general) == "false" ]] && sudo log -mysql=general -disable
@ -494,9 +541,19 @@ host = localhost
[[ $(conf_read mysql-public-access) == "true" ]] && sudo webinoly -mysql-public-access=on
[[ $(conf_read mysql-public-access) == "false" ]] && sudo webinoly -mysql-public-access=off
# https://mariadb.com/kb/en/mysql_upgrade/
# The mysql_upgrade client is deprecated in MySQL 8. (This process is done automatically)
# Should do it using admin user, root has password and it may be removed in conf file.
# Should be here in optim, because when reinstalling admin login CNF is removed.
if [[ $(conf_read mysql-reinstall) == "true" && $(conf_read db-engine) != "mysql" ]]; then
echo "${blu}${dim}Seems like you are reinstalling MySQL/MariaDB... Upgrading your old tables!${end}"
sudo mysql_upgrade --user=admin --force --silent
conf_delete mysql-reinstall
fi
conf_write mysql-optim true
api-events_update im6
echo "${gre}MySQL/MariaDB has been successfully Optimized by Webinoly! ${end}"
api-events_update im6
}
nginx_tool_site() {
@ -551,7 +608,7 @@ php_tool_site() {
nginx_tool_ssl() {
api-events_update in11
api-events_update in5
# Install LetsEncrypt
local certb=0
@ -571,13 +628,20 @@ nginx_tool_ssl() {
[[ ! -L /usr/bin/certbot ]] && sudo ln -s /snap/bin/certbot /usr/bin/certbot
conf_write nginx-tool-ssl true
api-events_update in12
echo "${gre}Let's Encrypt (certbot) has been installed successfully! ${end}"
if which certbot >/dev/null ; then
echo "${gre}Let's Encrypt (certbot) has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during Let's Encrypt (certbot) installation!${end}"
fi
api-events_update in6
}
nginx_tool_bkp() {
api-events_update in13
api-events_update in7
# Instalar Duply & Duplicity with S3 support
# Now there is an Official PPA: https://launchpad.net/~duplicity-team/+archive/ubuntu/duplicity-release-git
@ -604,8 +668,15 @@ nginx_tool_bkp() {
sudo chmod 755 /usr/bin/duply
conf_write nginx-tool-bkp true
api-events_update in14
echo "${gre}BackUp packages has been installed successfully! ${end}"
if which duply >/dev/null && which duplicity >/dev/null ; then
echo "${gre}BackUp packages has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during BackUp packages installation!${end}"
fi
api-events_update in8
}
@ -622,12 +693,24 @@ php_tool_postfix() {
sudo systemctl reload postfix
conf_write php-tool-postfix true
if [[ -d /etc/postfix ]] && systemctl is-active --quiet postfix; then
echo "${gre}Postfix has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during Postfix installation!${end}"
fi
api-events_update ip6
echo "${gre}Postfix has been installed successfully! ${end}"
}
redis_optim() {
if [[ ! -d /etc/redis ]]; then
echo "${red}[ERROR] Redis Optimization process aborted!${end}"
return
fi
local maxmem=$((($(grep MemTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k')*$(check_var redis-max-mem))/100000))
sudo sed -i "/# maxmemory <bytes>/c\maxmemory ${maxmem}mb" /etc/redis/redis.conf
sudo sed -i "/^maxmemory /c\maxmemory ${maxmem}mb" /etc/redis/redis.conf
@ -644,8 +727,15 @@ php_tool_redis() {
sudo systemctl enable redis-server
conf_write php-tool-redis true
if [[ -d /etc/redis ]] && systemctl is-active --quiet redis-server; then
echo "${gre}Redis has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during Redis installation!${end}"
fi
api-events_update ip8
echo "${gre}Redis has been installed successfully! ${end}"
}
@ -657,8 +747,15 @@ php_tool_memcached() {
sudo apt -y install php${ver}-memcached php${ver}-memcache memcached
conf_write php-tool-memcached true
if systemctl is-active --quiet memcached; then
echo "${gre}Memcached has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during Memcached installation!${end}"
fi
api-events_update ip10
echo "${gre}Memcached has been installed successfully! ${end}"
}
@ -684,7 +781,13 @@ mysql_tool_pma() {
sudo find /var/www/$ADMIN_TOOLS_SITE/htdocs/pma -type d -print0 | sudo xargs -r -0 chmod 755
conf_write mysql-tool-pma true
echo "${gre}phpMyAdmin has been installed successfully! ${end}"
if [[ -s /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/config.inc.php ]]; then
echo "${gre}phpMyAdmin has been installed successfully! ${end}"
else
# Don't need a flag or anything else, because it will be also detected during verify process!
echo "${red}[ERROR] Unexpected error during phpMyAdmin installation!${end}"
fi
else
echo "${red}[ERROR] Downloading phpMyAdmin failed!${end}"
fi
@ -732,7 +835,7 @@ swap_create() {
# https://help.ubuntu.com/community/SwapFaq
if [[ -z $sw || $sw == "0" ]]; then
api-events_update in7
api-events_update ic4
if [[ -n $(conf_read swap-mem) && $(conf_read swap-mem) =~ ^[0-9]+$ ]]; then
local newswap=$(conf_read swap-mem)
elif [[ $ram -le 2 ]]; then
@ -795,7 +898,7 @@ swap_create() {
conf_write swap-owner webinoly
echo "${gre}A new SWAP file (${newswap}Gb) has been created! ${end}"
fi
api-events_update in8
api-events_update ic5
elif [[ -n $sw && $sw =~ ^[0-9]+$ ]]; then
[[ $(conf_read swap-owner) != "webinoly" ]] && conf_write swap-owner system
echo "${gre}SWAP file (${sw}Gb) detected!${end}"
@ -805,23 +908,8 @@ swap_create() {
}
messagend_install() {
local ROOT_PW=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
local ADMIN_PW=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
echo ""
echo "${gre}"
echo "****************************************************************************"
echo "******${bol} INSTALLATION HAS FINISHED SUCCESSFULLY ${end}${gre}******"
echo "****************************************************************************"
echo "******** Save your DB access password in a secure place: ********"
echo "******${dim} root: ${ROOT_PW} admin: ${ADMIN_PW} ${end}${gre}******"
echo "****************************************************************************"
echo "${blu}Never change these passwords! Read:${end}${dim} https://webinoly.com/documentation/webinolys/#dbpass"
echo "${end}"
}
message_welcome() {
# Only displayed once, when pre-pack is installed!
echo "${blu}"
echo "***************************************************************"
echo "***************** ${bol}Welcome to Webinoly ${end}${blu}*********************"
@ -831,7 +919,7 @@ message_welcome() {
if [[ $1 =~ ^(full|basic|light|partial)$ ]]; then
echo "${dim} - - - - - - - - - - - - ${end}${blu}"
echo ""
[[ $1 == "full" ]] && echo "Build Profile: ${dim}Full Stack (Nginx, PHP, MySQL and ALL the additional tools)"
[[ $1 == "full" ]] && echo "Build Profile: ${dim}Full Stack (Nginx, PHP, MySQL/MariaDB and ALL the additional tools)"
[[ $1 == "basic" ]] && echo "Build Profile: ${dim}Basic Stack (Only the most essential tools)"
[[ $1 == "light" ]] && echo "Build Profile: ${dim}Light Stack (Only core packages, NO additional tools will be installed)"
[[ $1 == "partial" ]] && echo "Build Profile: ${dim}Partial Stack"
@ -862,10 +950,10 @@ stack_builder() {
# Set Welcome Message
[[ -n $4 ]] && local mess=$4 || local mess="partial" # We trust in build variable validation
[[ -n $lemp && -z $4 ]] && local mess="full"
message_welcome $mess
message_welcome $mess # Only displayed once, when pre-pack is installed!
# Any action run after the meesage is displayed!
api-events_update i1
api-events_update ics
sudo apt -qq update
# Usually comes by default with Ubuntu. Ensure we have it always! (software-properties-common debconf-utils zip)
@ -879,10 +967,11 @@ stack_builder() {
linux_optim
conf_write pre-packs true
api-events_update i2
api-events_update ice
fi
# PPA's
api-events_update iks
if [[ $1 == "nginx" && $(conf_read nginx) != "true" ]]; then
[[ $nginx =~ ^(stable|mainline)$ ]] && conf_write nginx-ppa $nginx
[[ $lemp =~ ^(stable|mainline)$ ]] && conf_write nginx-ppa $lemp
@ -895,7 +984,7 @@ stack_builder() {
echo | sudo add-apt-repository "deb https://nginx.org/packages/ubuntu/ $(check_osname) nginx"
fi
else
[[ ! -s /usr/share/keyrings/nginx-archive-keyring.gpg ]] && sudo rm -rf /usr/share/keyrings/nginx-archive-keyring.gpg # Prevent issues!
[[ -f /usr/share/keyrings/nginx-archive-keyring.gpg && ( ! -s /usr/share/keyrings/nginx-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/nginx-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/nginx-archive-keyring.gpg # Prevent issues!
[[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg ]] && wget -nv -O- https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
if [[ $(conf_read nginx-ppa) == "mainline" ]]; then
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
@ -903,7 +992,9 @@ stack_builder() {
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
fi
fi
local code="run"
api-events_update ikn
elif [[ $1 == "nginx" ]]; then
echo "${dim}Nginx is already installed!${end}"
local code=0
@ -915,11 +1006,12 @@ stack_builder() {
#sudo apt install -y language-pack-en-base
sudo LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
else
[[ ! -s /usr/share/keyrings/php-archive-keyring.gpg ]] && sudo rm -rf /usr/share/keyrings/php-archive-keyring.gpg # Prevent issues!
[[ -f /usr/share/keyrings/php-archive-keyring.gpg && ( ! -s /usr/share/keyrings/php-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/php-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/php-archive-keyring.gpg # Prevent issues!
[[ ! -f /usr/share/keyrings/php-archive-keyring.gpg ]] && wget -nv -O- 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x14aa40ec0831756756d7f66c4f4ea0aae5267a6c' | sudo gpg --dearmor -o /usr/share/keyrings/php-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/php-archive-keyring.gpg] https://ppa.launchpadcontent.net/ondrej/php/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/php.list
fi
api-events_update ikp
local code="run"
elif [[ $2 == "php" ]]; then
echo "${dim}PHP is already installed!${end}"
@ -931,11 +1023,12 @@ stack_builder() {
# Snap is available but it has no support for ARM architecture: https://snapcraft.io/redis
echo | sudo add-apt-repository ppa:redislabs/redis
else
[[ ! -s /usr/share/keyrings/redis-archive-keyring.gpg ]] && sudo rm -rf /usr/share/keyrings/redis-archive-keyring.gpg # Prevent issues!
[[ -f /usr/share/keyrings/redis-archive-keyring.gpg && ( ! -s /usr/share/keyrings/redis-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/redis-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/redis-archive-keyring.gpg # Prevent issues!
[[ ! -f /usr/share/keyrings/redis-archive-keyring.gpg ]] && wget -nv -O- https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
fi
api-events_update ikr
local code="run"
fi
@ -947,14 +1040,8 @@ stack_builder() {
[[ $(conf_read db-engine) == "mysql" ]] && conf_write mysql-ver $mysql_default || conf_write mysql-ver $mariadb_default
fi
# REMOVE: when a new LTS is released and jammy supports more than one version.
if [[ $(conf_read db-engine) != "mysql" && $(conf_read mysql-ver) != "10.6" && $(lsb_release -c | cut -d':' -f 2 | xargs) == "jammy" ]]; then
conf_write mysql-ver 10.6
echo "${gre}Force MariaDB 10.6 because is the only LTS version supported in Ubuntu 22.04!${end}"
fi
if [[ $(conf_read db-engine) == "mysql" ]]; then
[[ ! -s /usr/share/keyrings/mysql-archive-keyring.gpg ]] && sudo rm -rf /usr/share/keyrings/mysql-archive-keyring.gpg # Prevent issues!
[[ -f /usr/share/keyrings/mysql-archive-keyring.gpg && ( ! -s /usr/share/keyrings/mysql-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mysql-archive-keyring.gpg | grep -m 1 '[^[:space:]]')) ]] && sudo rm -rf /usr/share/keyrings/mysql-archive-keyring.gpg # Prevent issues!
[[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg ]] && wget -nv -O- 'https://repo.mysql.com/RPM-GPG-KEY-mysql-2022' | sudo gpg --dearmor -o /usr/share/keyrings/mysql-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/mysql-archive-keyring.gpg] http://repo.mysql.com/apt/ubuntu $(lsb_release -cs) mysql-8.0" | sudo tee /etc/apt/sources.list.d/mysql.list
@ -963,21 +1050,24 @@ stack_builder() {
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
echo | sudo add-apt-repository "deb [arch=amd64,arm64,ppc64el] http://mirrors.syringanetworks.net/mariadb/repo/$(conf_read mysql-ver)/ubuntu $(check_osname) main"
else
[[ ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg ]] && sudo rm -rf /usr/share/keyrings/mariadb-archive-keyring.gpg # Prevent issues!
[[ -f /usr/share/keyrings/mariadb-archive-keyring.gpg && ( ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mariadb-archive-keyring.gpg | grep -m 1 '[^[:space:]]' )) ]] && sudo rm -rf /usr/share/keyrings/mariadb-archive-keyring.gpg # Prevent issues!
[[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg ]] && wget -nv -O- 'https://mariadb.org/mariadb_release_signing_key.asc' | sudo gpg --dearmor -o /usr/share/keyrings/mariadb-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/mariadb-archive-keyring.gpg] http://mirrors.syringanetworks.net/mariadb/repo/$(conf_read mysql-ver)/ubuntu $(check_osname) main" | sudo tee /etc/apt/sources.list.d/mariadb.list
fi
api-events_update ikm
local code="run"
elif [[ $3 == "mysql-client" && $(conf_read mysql-client) == "true" ]]; then
echo "${dim}MySQL Client is already installed!${end}"
echo "${dim}MySQL/MariaDB Client is already installed!${end}"
[[ $code != "run" ]] && local code=0
elif [[ $3 == "mysql" && $(conf_read mysql) == "true" ]]; then
echo "${dim}MySQL is already installed!${end}"
echo "${dim}MySQL/MariaDB is already installed!${end}"
[[ $code != "run" ]] && local code=0
elif [[ $3 == "mysql" && $(conf_read mysql-client) == "true" ]]; then
echo "${dim}MySQL Client is already installed!${end}"
echo "${dim}MySQL/MariaDB Client is already installed!${end}"
local code="run"
fi
api-events_update ike
# Exit before update!
# Don't run the "update" if nothing will be installed!
@ -1012,7 +1102,21 @@ stack_builder() {
[[ $3 == "mysql-client" && $(conf_read mysql-client) != "true" ]] && mysql_client_install
[[ $3 == "mysql" && $(conf_read mysql) != "true" ]] && mysql_client_install && mysql_install && local mysql_pass_display="true" && mysql_optim
[[ ( $3 == "mysql" || $4 == "pma" ) && $(conf_read mysql) == "true" && $(conf_read mysql-tool-pma) != "true" ]] && ! [[ $4 =~ ^(light|basic)$ ]] && mysql_tool_pma
[[ $mysql_pass_display == "true" && -z $block_password_display ]] && messagend_install
# This message is now only for legacy support!
# People expects the passwords displayed, so we keep this message to prevent people asking!
if [[ $mysql_pass_display == "true" && -z $block_password_display ]]; then
echo ""
echo "${gre}"
echo "****************************************************************************"
echo "******${bol} INSTALLATION HAS FINISHED SUCCESSFULLY ${end}${gre}******"
echo "****************************************************************************"
echo "******** MySQL/MariaDB properly configured and secured! ********"
echo "************${dim} Passwords no longer displayed here. ${end}${gre}************"
echo "****************************************************************************"
echo "${blu}For passwords, read:${end}${dim} https://webinoly.com/documentation/webinolys/#dbdata"
echo "${end}"
fi
fi
[[ $code != 0 || -n $(conf_read stack-build-error-flag) ]] && sudo webinoly -verify=critical || return 0 # Never end a function with negative open!

5
lib/site-ssl
View file

@ -98,6 +98,8 @@ site_ssl_on() {
elif [[ ! -f /etc/letsencrypt/live/$domain/fullchain.pem && $ssl == "force-renewal" ]]; then
echo "${red}[ERROR] Cert you're trying to renew not found!${end}"
exit 1
elif [[ -n $test_cert ]]; then
echo "${dim}[INFO] This is TEST Cert request! (Don't use it on a real/final site)${end}"
fi
@ -147,13 +149,14 @@ site_ssl_on() {
elif [[ ! -f /etc/letsencrypt/live/$domain/fullchain.pem || $ssl == "force-renewal" ]]; then
if [[ -n $manual ]]; then
sudo certbot certonly --manual --preferred-challenges=$manual $domset $param
echo "${dim}[INFO] Be aware that manual Certs are NOT automatically renewed! (Read the docs for manual renewing process)${end}"
else
sudo certbot certonly --webroot -w /var/www/$path/htdocs/ $domset $param
fi
# Existing cert
elif [[ -f /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
echo "${blu}Certificate for${end} $domain ${blu}already exist and found, wait while we configure your server to use it!${end}"
echo "${dim}[INFO] Cert NOT requested because already exist!${end}"
[[ -z $test_cert && $(is_ssl_staging $domain) == "true" ]] && echo "${red}[WARNING] Cert found is a staging cert for testing.${end}"
[[ -n $test_cert && $(is_ssl_staging $domain) != "true" ]] && echo "${red}[WARNING] Test-Cert was requested and cert found is a real/normal cert.${end}"
fi

266
lib/sites
View file

@ -11,7 +11,7 @@ warning_messages() {
if [[ $type == [123] && $dbhost != "localhost" && $(conf_read dbrole) =~ ^(all|grant)$ ]]; then
echo "${dim}[WARNING] You have set '$(conf_read dbrole)' as default privileges, some external DB services may not support it!${end}"
fi
if [[ $type == [123] && $(conf_read wp-admin-auth) != "purged" && ! -s /etc/nginx/.htpasswd && ! -s /etc/nginx/apps.d/.htpasswd-$domain ]]; then
if [[ $type == [123] && $(conf_read wp-admin-auth) != "purged" && ( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && ( ! -s /etc/nginx/apps.d/.htpasswd-$domain || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$domain | grep -m 1 '[^[:space:]]')) ]]; then
echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to complete the WordPress installation process!!${end}"
fi
if [[ $(conf_read login-www-data) != "true" && (( -z $forward && -z $proxy && -z $parked && -z $mysql ) || ( -n $mysql && -n $domain )) ]]; then
@ -34,7 +34,7 @@ wp_cache_plugins() {
echo "${gre} Nginx Helper Plugin has been installed!"
echo " Please, activate this plugin for a better experience with FastCgi Cache."
echo "${blu} ** IMPORTANT - Plugin Settings **"
echo "- The “Caching Method” should be set to “Nginx FastCgi Cache”."
echo "- Go to “Menu > Settings > Nginx Helper” The “Caching Method” should be set to “Nginx FastCgi Cache”."
echo "- Support for purge/url method is a premium feature only included in NGINX Plus (not-free) and we recommend not to trust in solutions or tools that use third-party NGINX modules to offer this feature."
echo "- The Purge Method should be set to “Delete local server cache file”."
echo "${end}"
@ -105,7 +105,7 @@ wpinstall() {
echo "${blu}"
if [[ $type == 1 ]]; then
echo "Do you need to setup new MySQL database? [Y/n]"
echo "Do you need to setup new MySQL/MariaDB database? [Y/n]"
while read -r -n 1 -s setupmysql; do
setupmysql=${setupmysql:-y}
[[ $setupmysql = [YyNn] ]] && break
@ -161,12 +161,19 @@ wpinstall() {
if [[ $dbhost != "localhost" ]]; then
# DB host validation
is_url $dbhost -split
# Prevent example.com/ cause an error that is really easy to fix, just remove the /
if [[ $url_path == "/" ]]; then
dbhost=${dbhost:0:-1}
is_url $dbhost -split # Reset in case data has changed!
fi
if [[ -n $url_path ]]; then
echo "${red}[ERROR] Invalid database host/port!${dim} (Folders in DB host are not supported: ${dbhost}) ${end}"
url_path=""
done="0"
[[ $type == [2345] ]] && exit 1 || continue 1
elif [[ $(is_url $dbhost) =~ ^(http|https|ip|true)$ ]]; then
elif [[ $url_type =~ ^(http|https|true|http\+ip|https\+ip|ip)$ ]]; then
local dburl=$url_host
local dbport=$url_port
else
@ -188,16 +195,23 @@ wpinstall() {
echo "${blu}"
if [[ $dbhost != "localhost" && ( $type == [135] && ( -z $dburoot || -z $dbproot )) ]]; then
read -p "External DB username: " dburoot
read -p "External DB password: " dbproot
echo ""
# Don't ask for password if already in file!
if [[ $(check_mysql_connection $dburl $dbport any -login-file -master-admin) != "true" ]]; then
read -p "${blu}External DB Master Username: ${end}" dburoot
read -p "${blu}External DB password: ${hid}" dbproot
echo "${hidend}"
else
local ext_login="true"
fi
fi
if [[ -n $retry && $retry -ge 3 ]]; then
if [[ $ext_login == "true" ]]; then
echo "${blu}${dim}External DB Credentials found! (${dburl}:${dbport})${end}"
elif [[ -n $retry && $retry -ge 3 ]]; then
setupmysql="N"
local db_error_flag="true"
echo "${red}[ERROR] Database creation failed after 3 retries! ${blu}"
elif [[ ( $dbhost == "localhost" && $(check_mysql_connection localhost) != "true" ) || ( $dbhost != "localhost" && $(check_mysql_connection $dburl $dbport $dburoot $dbproot) != "true" ) ]]; then
elif [[ ( $dbhost == "localhost" && $(check_mysql_connection localhost) != "true" ) || ( $dbhost != "localhost" && $(check_mysql_connection $dburl $dbport $dburoot $dbproot -master-admin) != "true" ) ]]; then
# Reset variables
local dburl=""
local dbport=""
@ -229,7 +243,7 @@ wpinstall() {
# https://stackoverflow.com/questions/7364709/bash-script-check-if-mysql-database-exists-perform-action-based-on-result
local newdbname=$(sudo mysqlshow --user=admin | grep -ow $dbname)
else
local newdbname=$(sudo mysqlshow -h "$dburl" -P "$dbport" -u"$dburoot" -p"$dbproot" | grep -ow $dbname)
local newdbname=$(sudo mysqlshow --defaults-group-suffix=_${dburl}:${dbport}_default -h "$dburl" -P "$dbport" | grep -ow $dbname)
fi
if [[ $newdbname == $dbname || $dbname != $(dbword_check $dbname) ]]; then
@ -278,7 +292,7 @@ wpinstall() {
# https://stackoverflow.com/questions/7364709/bash-script-check-if-mysql-database-exists-perform-action-based-on-result
[[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $dbuser) ]] && newdbuser=""
else
[[ -z $(sudo mysql --connect-timeout=10 -h "$dburl" -P "$dbport" -u"$dburoot" -p"$dbproot" -e "SELECT User FROM mysql.user;" | grep -ow $dbuser) ]] && newdbuser=""
[[ -z $(sudo mysql --defaults-group-suffix=_${dburl}:${dbport}_default --connect-timeout=10 -h "$dburl" -P "$dbport" -e "SELECT User FROM mysql.user;" | grep -ow $dbuser) ]] && newdbuser=""
fi
if [[ $newdbuser == $dbuser || $dbuser != $(dbword_check $dbuser user) ]]; then
@ -317,14 +331,16 @@ wpinstall() {
if [[ $type != [2345] || $dbreuse == [yY] || $dbureuse == [yY] ]]; then
if [[ $dbureuse == [yY] ]]; then
read -p "${blu}Current Password:" dbpass
read -p "${blu}Current Password: ${hid}" dbpass
echo "${hidend}${blu}"
if [[ -z $dbpass ]]; then
done="0"
continue 1
fi
else
read -p "${blu}Create Password [$AUTOGENPASS_WPDB]:" dbpass
read -p "${blu}Create Password [$AUTOGENPASS_WPDB]: ${hid}" dbpass
dbpass=${dbpass:-$AUTOGENPASS_WPDB}
echo "${hidend}${blu}"
fi
# Not ask for wp_prefix when type=0 (mysql only site)
@ -368,7 +384,7 @@ _EOF_
elif [[ -z $dbreassign ]]; then
# We can not use GRAN ALL PRIVILIGES with AWS RDS, that's why are all separate.
sudo mysql --connect-timeout=10 -h "$dburl" -P "$dbport" -u"$dburoot" -p"$dbproot" <<_EOF_
sudo mysql --defaults-group-suffix=_${dburl}:${dbport}_default --connect-timeout=10 -h "$dburl" -P "$dbport" <<_EOF_
CREATE DATABASE ${dbname};
CREATE USER '${dbuser}'@'%' IDENTIFIED BY '${dbpass}';
GRANT $(db_user_role) on ${dbname}.* to '${dbuser}'@'%';
@ -387,7 +403,7 @@ _EOF_
elif [[ $dbreassign == "db" ]]; then
# We can not use GRAN ALL PRIVILIGES with AWS RDS, that's why are all separate.
sudo mysql --connect-timeout=10 -h "$dburl" -P "$dbport" -u"$dburoot" -p"$dbproot" <<_EOF_
sudo mysql --defaults-group-suffix=_${dburl}:${dbport}_default --connect-timeout=10 -h "$dburl" -P "$dbport" <<_EOF_
CREATE USER '${dbuser}'@'%' IDENTIFIED BY '${dbpass}';
GRANT $(db_user_role) on ${dbname}.* to '${dbuser}'@'%';
FLUSH PRIVILEGES;
@ -405,7 +421,7 @@ _EOF_
elif [[ $dbreassign == "dbuser" ]]; then
# We can not use GRAN ALL PRIVILIGES with AWS RDS, that's why are all separate.
sudo mysql --connect-timeout=10 -h "$dburl" -P "$dbport" -u"$dburoot" -p"$dbproot" <<_EOF_
sudo mysql --defaults-group-suffix=_${dburl}:${dbport}_default --connect-timeout=10 -h "$dburl" -P "$dbport" <<_EOF_
CREATE DATABASE ${dbname};
GRANT $(db_user_role) on ${dbname}.* to '${dbuser}'@'%';
FLUSH PRIVILEGES;
@ -490,23 +506,25 @@ db_delete() {
wp_conf_retrieve $1 true false $2
[[ -z $wp_config ]] && return
if [[ -z $wp_dbhost || -z $wp_dbname || -z $wp_dbuser ]]; then
if [[ -z $wp_dbhost_host || -z $wp_dbname || -z $wp_dbuser ]]; then
echo "${red}[ERROR] Database${blu} ${1}${2} ${red}cannot be deleted! ${dim}(WP configuration corrupted)${end}"
return
elif [[ ( $wp_dbhost == "localhost" && ( $(conf_read mysql) != "true" || $(check_mysql_connection localhost) != "true" )) || ( $wp_dbhost != "localhost" && $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ) ]]; then
elif [[ ( $wp_dbhost_host == "localhost" && ( $(conf_read mysql) != "true" || $(check_mysql_connection localhost $mysql_param) != "true" )) || ( $wp_dbhost_host != "localhost" && $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port any -login-file -master-admin) != "true" ) ]]; then
echo "${red}[ERROR] Database${blu} ${1}${2} ${red}cannot be deleted! ${dim}(DB Connection failed)${end}"
return
fi
# We use this instead of 'DROP USER' because we have both 'user'@'%' and 'user'@'localhost' (we changed to localhost in recent versions)
# DROP USER use '%' when empty, and wildcard does not match 'localhost' (I don't know why).
dbsetup="DELETE FROM mysql.user WHERE User='$wp_dbuser';DROP DATABASE IF EXISTS $wp_dbname;DELETE FROM mysql.db WHERE Db='$wp_dbname' OR Db='$wp_dbname\\_%';FLUSH PRIVILEGES;"
if [[ $wp_dbhost == "localhost" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup"
if [[ $wp_dbhost_host == "localhost" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "$dbsetup" "${mysql_params[@]}"
echo "${gre}${dim}Database of your site ${blu}${1}${2}${gre} has been successfully deleted! ${end}"
else
if [[ $extdb_user == "root" && -z $extdb_pass ]]; then
echo "${red}Action aborted, database not deleted!${end}"
echo "${red}Action aborted, database not deleted! ${dim}(root user without password not allowed!)${end}"
else
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$dbsetup"
sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_default --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -e "$dbsetup"
echo "${gre}${dim}Database of your site ${blu}${1}${2}${gre} has been successfully deleted! ${end}"
fi
fi
@ -584,6 +602,7 @@ deletesite() {
# Delete site files
sudo rm -rf /etc/nginx/apps.d/$domain*.conf
sudo rm -rf /etc/nginx/apps.d/.htpasswd-$domain
sudo rm -rf /etc/nginx/apps.d/.htpasswd-www.$domain
sudo rm -rf /etc/nginx/sites-available/$domain
sudo rm -rf /etc/nginx/sites-enabled/$domain
sudo rm -rf /var/www/$domain
@ -591,14 +610,14 @@ deletesite() {
# In case of custom cache
if [[ -f /etc/nginx/conf.d/webinoly.conf ]]; then
sudo sed -i "/^fastcgi_cache_path \/run\/nginx-cache\/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g').*/d" /etc/nginx/conf.d/webinoly.conf
[[ ! -s /etc/nginx/conf.d/webinoly.conf ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
[[ -f /etc/nginx/conf.d/webinoly.conf && ( ! -s /etc/nginx/conf.d/webinoly.conf || -z $(cat -v /etc/nginx/conf.d/webinoly.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
fi
# Check for Reverse Proxy upstreams
if [[ -f /etc/nginx/conf.d/upstream_proxy.conf ]]; then
local domvar=$(echo "$domain" | sed "s/[^0-9A-Za-z]/_/g")
sudo sed -i "/upstream ${domvar}/,/} #End/{/.*/d}" /etc/nginx/conf.d/upstream_proxy.conf
[[ ! -s /etc/nginx/conf.d/upstream_proxy.conf ]] && sudo rm /etc/nginx/conf.d/upstream_proxy.conf
[[ -f /etc/nginx/conf.d/upstream_proxy.conf && ( ! -s /etc/nginx/conf.d/upstream_proxy.conf || -z $(cat -v /etc/nginx/conf.d/upstream_proxy.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/upstream_proxy.conf
fi
echo "${gre}Site${blu} $domain ${gre}has been successfully deleted!${end}"
@ -643,7 +662,7 @@ deletesite_subfolder() {
# In case of custom cache
if [[ -f /etc/nginx/conf.d/webinoly.conf ]]; then
sudo sed -i "/^fastcgi_cache_path \/run\/nginx-cache\/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')${subname} .*/d" /etc/nginx/conf.d/webinoly.conf
[[ ! -s /etc/nginx/conf.d/webinoly.conf ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
[[ -f /etc/nginx/conf.d/webinoly.conf && ( ! -s /etc/nginx/conf.d/webinoly.conf || -z $(cat -v /etc/nginx/conf.d/webinoly.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
fi
echo "${gre}${dim}Subfolder${blu} $subfolder ${gre}from${blu} $domain ${gre}has been successfully deleted!${end}"
@ -657,7 +676,7 @@ deletesite_subfolder() {
if [[ -f /etc/nginx/conf.d/upstream_proxy.conf ]]; then
local domvar=$(echo "$domain$subfolder" | sed "s/[^0-9A-Za-z]/_/g")
sudo sed -i "/upstream ${domvar}/,/} #End/{/.*/d}" /etc/nginx/conf.d/upstream_proxy.conf
[[ ! -s /etc/nginx/conf.d/upstream_proxy.conf ]] && sudo rm /etc/nginx/conf.d/upstream_proxy.conf
[[ -f /etc/nginx/conf.d/upstream_proxy.conf && ( ! -s /etc/nginx/conf.d/upstream_proxy.conf || -z $(cat -v /etc/nginx/conf.d/upstream_proxy.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/upstream_proxy.conf
fi
sudo rm -rf /var/www/$domain/htdocs$subfolder
@ -689,7 +708,7 @@ delete_all_sites() {
do
[[ ${delete_all,,} == "keep-db" ]] && delete="keep-db" || delete="force"
domain=$(echo $site | cut -f 5 -d "/")
[[ $domain != "default" && $domain != $ADMIN_TOOLS_SITE && $domi != *".dpkg-"* ]] && deletesite
[[ -f /etc/nginx/sites-available/$domain && $domain != "default" && $domain != $ADMIN_TOOLS_SITE && $domain != *".dpkg-"* ]] && deletesite
done
# Delete all files - double check!
@ -796,7 +815,7 @@ createsite() {
# Activate FastCgi cache
if [[ $cache == "on" && $type == [123] ]]; then
sudo sed -i '/php.conf/c \ include common/wpfc.conf;' /etc/nginx/sites-available/$domain
sudo sed -i '/php[x]*\.conf/c \ include common/wpfc.conf;' /etc/nginx/sites-available/$domain
[[ -z $wp_cache_plugins || $wp_cache_plugins == "on" ]] && wp_cache_plugins
echo "${gre}WordPress Cache successfully enabled!${end}"
fi
@ -924,7 +943,7 @@ redirection_manager() {
if [[ -f /etc/nginx/apps.d/$domain-nginx.conf ]]; then
sudo sed -Ei '/^# RedirectFrom: '$(escaped_string $from)'( .*)?$/,/^# RedirectEnd/{/.*/d}' /etc/nginx/apps.d/$domain-nginx.conf
if [[ ! -s /etc/nginx/apps.d/$domain-nginx.conf ]]; then
if [[ -f /etc/nginx/apps.d/$domain-nginx.conf && ( ! -s /etc/nginx/apps.d/$domain-nginx.conf || -z $(cat -v /etc/nginx/apps.d/$domain-nginx.conf | grep -m 1 '[^[:space:]]')) ]]; then
sudo rm /etc/nginx/apps.d/$domain-nginx.conf
sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain
fi
@ -952,8 +971,12 @@ redirection_manager() {
echo "${red}[ERROR] Please, enter a valid from/to redirection path!${end}"
exit 1
elif [[ $from == "/" ]]; then
echo "${red}[ERROR] Root folder redirection is not allowed, use the 'domain forwarding' feature if want to redirect a complete domain!${end}"
exit 1
if [[ -z $exact ]]; then
echo "${red}[ERROR] Root folder redirection is not allowed, use the 'domain forwarding' feature if want to redirect a complete domain, or use the '-exact' parameter to redirect only the main page and not the complete domain.${end}"
exit 1
else
echo "${dim}[INFO] Use the 'domain forwarding' feature if want to redirect a complete domain!${end}"
fi
elif ! [[ $http_code =~ ^(301|302|303|307|308|403|410|444|451)$ ]]; then
echo "${red}[ERROR] Invalid redirection HTTP Code!${end}"
exit 1
@ -978,9 +1001,9 @@ redirection_manager() {
sudo chown -R root:root /etc/nginx/apps.d/$domain-nginx.conf
fi
local exisa=$( grep -G "^# RedirectFrom: $(escaped_string $from -grep)$" /etc/nginx/apps.d/$domain-nginx.conf )
local exisb=$( grep -G "^# RedirectFrom: $(escaped_string $from -grep) (Regex)$" /etc/nginx/apps.d/$domain-nginx.conf )
local exisc=$( grep -G "^# RedirectFrom: $(escaped_string $from -grep) (Exact)$" /etc/nginx/apps.d/$domain-nginx.conf )
local exisa=$( grep -G "^# RedirectFrom: $(escaped_string $from)$" /etc/nginx/apps.d/$domain-nginx.conf )
local exisb=$( grep -G "^# RedirectFrom: $(escaped_string $from) (Regex)$" /etc/nginx/apps.d/$domain-nginx.conf )
local exisc=$( grep -G "^# RedirectFrom: $(escaped_string $from) (Exact)$" /etc/nginx/apps.d/$domain-nginx.conf )
# Can have both at the same time, one exact and another.
if [[ ( -z $exisc && $exact == "true" ) || ( -z $exisa && -z $exisb && -z $exact ) ]]; then
@ -1179,6 +1202,9 @@ parked_domain() {
sudo truncate -s 0 /etc/nginx/sites-available/$domain
sudo cat /etc/nginx/sites-available/$parked > /etc/nginx/sites-available/$domain
# Just in case: Remove Force-Redirect if enabled!
sudo sed -i '/WebinolyWWWredirectStart/,/WebinolyWWWredirectEnd/{/.*/d}' /etc/nginx/sites-available/$domain
# Prevent if SSL is enabled in main site and ssl data is copied to parked site causing an error.
[[ $(is_ssl $parked) == "true" ]] && sudo site $domain -ssl=off -revoke=off -no-db-update > /dev/null 2>&1
@ -1187,8 +1213,8 @@ parked_domain() {
sudo sed -i "/include apps.d\/$parked-nginx.conf/d" /etc/nginx/sites-available/$domain
sudo sed -i "/include \/var\/www\/${parked}\/\*-$(echo $parked | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;/d" /etc/nginx/sites-available/$domain
sudo sed -i "/server_name/c \ $sername" /etc/nginx/sites-available/$domain
sudo sed -i "s/$(escaped_string $parked)/$domain/g" /etc/nginx/sites-available/$domain
sudo sed -i "/server_name/c \ $sername" /etc/nginx/sites-available/$domain
sudo sed -i "/include apps.d\/.*-proxy.conf;/{s/$domain/$parked/g}" /etc/nginx/sites-available/$domain
sudo sed -i "/root/c \ root /var/www/$parked/htdocs;" /etc/nginx/sites-available/$domain
@ -1209,9 +1235,6 @@ parked_domain() {
sed -i "/include \/var\/www\/$parked\/\*-nginx.conf;/a \ include \/var\/www\/${parked}\/\*-$(echo $parked | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$parked
sed -i "/include \/var\/www\/$parked\/\*-nginx.conf;/a \ include \/var\/www\/${parked}/*-$(echo $domain | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$domain
# Prevent asking multiple times in case of external DB.
[[ -n $domain_mapping_wp_id && $domain_mapping_wp_id =~ ^[0-9]+$ && $(is_wp $parked) == "true" ]] && wp_conf_retrieve $parked true false $subfolder
# WordPress Domain Mapping
if [[ $domain_mapping_wp_id == 1 ]]; then
echo "${red}${dim}[ERROR] Domain Mapping failed because WP blog ID cannot be 1 (main site)! ${end}"
@ -1238,12 +1261,14 @@ parked_domain() {
forward_domain() {
[[ -z $forward || $forward == "true" ]] && read -p "${gre}Destination domain: ${end}" forward
if ! [[ $(is_url $forward) =~ ^(http|https|true)$ ]]; then
[[ -n $forward ]] && is_url $forward -split
if ! [[ $url_type =~ ^(http|https|true)$ ]]; then
echo "${red}[ERROR] Invalid destination domain!${end}"
exit 1
elif [[ $(is_url $forward) == "true" ]]; then
elif [[ $url_type == "true" ]]; then
forward="http://${forward}"
fi
fi
createsite
sudo rm -rf /var/www/$domain
@ -1276,7 +1301,17 @@ reverse_proxy() {
read -p "${blu}URL address: ${end}" proxydata
fi
if ! [[ -n $proxydata && $(is_url $proxydata) =~ ^(http|https|ip|unix|true)$ ]]; then
if [[ -n $proxydata ]]; then
is_url $proxydata -split
[[ -z $url_scheme ]] && local proxydata="http://${proxydata}"
# Force / at the end of the url for subfolders
[[ $dedicated_reverse_proxy == "simple" && -n $url_path && $url_path != "/" && $(echo "${proxydata}" | rev | cut -c-1) != "/" ]] && local proxydata="${proxydata}/"
# Fix slash at the end when is alone, no real URI path!
[[ $dedicated_reverse_proxy != "simple" && $url_path == "/" ]] && local proxydata=${proxydata:0:-1}
is_url $proxydata -split # Reset in case data has changed!
fi
if ! [[ $url_type =~ ^(http|https|true|http\+ip|https\+ip|ip|http\+unix|https\+unix|unix)$ ]]; then
echo "${red}[ERROR] Please, enter a valid host and port!${end}"
exit 1
elif [[ -f /etc/nginx/sites-available/$domain && -z $subfolder && (($(is_empty_root_site $domain) == "full" && $(is_proxy $domain) != "false") || $(is_empty_root_site $domain) == "false") ]]; then
@ -1288,35 +1323,15 @@ reverse_proxy() {
elif [[ -f /etc/nginx/sites-available/$domain && -n $dedicated_reverse_proxy && $(is_empty_root_site $domain) != "full" && $(is_dedicated_proxy_domain $domain) != "true" ]]; then
echo "${red}[ERROR] Main site is not a Dedicated Reverse Proxy site!${end}"
exit 1
elif [[ $(is_empty_root_site $domain) == "full" && $(is_dedicated_proxy_domain $domain) == "false" ]]; then
echo "${red}[ERROR] This domain is currently set as Empty (blank), to create a site you need to add your own NGINX configuration. ${dim}(/var/www/example.com/*-nginx.conf)!${end}"
exit 1
fi
is_url $proxydata -split
# URL Scheme correction... Just in case of empty scheme, http is default!
if [[ -z $url_scheme || ${url_scheme,,} == "unix" ]]; then
local proxydata="http://${proxydata}"
url_scheme="http"
fi
# After create-site this global variable is empty, because running multiple times
local local_url_scheme=$url_scheme
local local_url_host=$url_host
local local_url_port=$url_port
local local_url_path=$url_path
# Fix slash at the end when is alone, no real URI path!
if [[ $dedicated_reverse_proxy != "simple" && $url_path == "/" ]]; then
local proxydata=${proxydata:0:-1}
unset url_path
fi
# URI part (subfolders) are not allowed because the proxy configuration we are using includes the static files location, this location block is using regex which is not allowed!
# Dedicated reverse proxy are also affected (don't have static file location block), but subfolders are not allowed in upstream servers.
if [[ $dedicated_reverse_proxy != "simple" && -n $url_path ]]; then
elif [[ $dedicated_reverse_proxy != "simple" && -n $url_path ]]; then
# URI part (subfolders) are not allowed because the proxy configuration we are using includes the static files location, this location block is using regex which is not allowed!
# Dedicated reverse proxy are also affected (don't have static file location block), but subfolders are not allowed in upstream servers.
echo "${red}[ERROR] Subfolder in your endpoint or upstream server is not supported!${dim} (URI: $url_path)${end}"
exit 1
elif [[ $(is_empty_root_site $domain) == "full" && $(is_dedicated_proxy_domain $domain) == "false" ]]; then
# In case you have intentionally created an empty site with custom conf, it can interfere.
# We allow it because it should be common having a subfolder and remove it, leaving an empty site that can fully support a new dedicated site.
echo "${red}${dim}[WARNING] This domain already exists and it's currently set as Empty (blank), please be sure not to have had any other custom Nginx configuration added by you that can interfere with this site.${end}"
fi
if [[ ( -z $subfolder || ( -n $subfolder && ! -f /etc/nginx/sites-available/$domain )) && $(is_empty_root_site $domain) == "false" ]]; then
@ -1340,12 +1355,12 @@ reverse_proxy() {
sudo sed -i "/^location \/ {/c location $subfolder/ {" /etc/nginx/apps.d/$domain$subname-proxy.conf
fi
is_url $proxydata -split # Run again! (after create-site these global variables are empty, because running multiple times)
if [[ $dedicated_reverse_proxy == "simple" ]]; then
# Force / at the end of the url for subfolders
[[ -n $local_url_path && $local_url_path != "/" && $(echo "${proxydata}" | rev | cut -c-1) != "/" ]] && proxydata="${proxydata}/"
sudo sed -i "s#<upstream_name>#${proxydata}#g" /etc/nginx/apps.d/$domain$subname-proxy.conf
else
[[ -n $local_url_scheme ]] && sudo sed -i "s#proxy_pass <upstream_name>#proxy_pass ${local_url_scheme,,}://<upstream_name>#g" /etc/nginx/apps.d/$domain$subname-proxy.conf
[[ -n $url_scheme ]] && sudo sed -i "s#proxy_pass <upstream_name>#proxy_pass ${url_scheme,,}://<upstream_name>#g" /etc/nginx/apps.d/$domain$subname-proxy.conf
sudo sed -i "s#<upstream_name>#$(echo "$domain$subfolder" | sed "s/[^0-9A-Za-z]/_/g")#g" /etc/nginx/apps.d/$domain$subname-proxy.conf
# Create the upstream
@ -1356,9 +1371,9 @@ reverse_proxy() {
fi
# Upstream server needs port, if empty, default is 80, so we need to fix it in case of https.
[[ -z $local_url_port && ${local_url_scheme,,} == "https" ]] && local fixport=":443"
[[ -z $url_port && $url_type =~ ^(https|https\+ip)$ ]] && local fixport=":443"
local upsvr="$(echo "${proxydata}${fixport}" | sed "s#${local_url_scheme}://##g")"
local upsvr="$(echo "${proxydata}${fixport}" | sed "s#${url_scheme}://##g")"
echo "upstream $(echo "$domain$subfolder" | sed "s/[^0-9A-Za-z]/_/g") {
zone upstreams;
@ -1378,7 +1393,7 @@ reverse_proxy() {
# Set Host header for external sources, except when IP or Unix socket is used!
# Simple dedicated is also excluded because proxy_pass seems to not need it.
if [[ -n $upsvr && -n $proxydata && $local_url_host != "localhost" && $(is_url $local_url_host) != "ip" && $(is_url $local_url_host) != "unix" ]]; then
if [[ -n $upsvr && $url_host != "localhost" && $url_type =~ ^(http|https|true)$ ]]; then
sudo sed -i "/#proxy_set_header Host /c\ proxy_set_header Host '${upsvr}';" /etc/nginx/apps.d/$domain$subname-proxy.conf
fi
@ -1476,6 +1491,8 @@ wp_cache() {
elif [[ $(is_cache $domain $subfolder) == "proxy" ]]; then
sudo sed -i "/proxy_cache .*;/c \ proxy_cache off;" /etc/nginx/apps.d/$domain$subname-proxy.conf
echo "${gre}Proxy Cache in${blu} $domain$subfolder ${gre}has been disabled!${end}"
[[ -n $reset && -n $subfolder ]] && site $domain -cache=custom -reset -subfolder=$subfolder
[[ -n $reset && -z $subfolder ]] && site $domain -cache=custom -reset
elif [[ -n $subfolder && $(is_cache $domain $subfolder) == "wp" ]]; then
sudo sed -i "/apps.d\/$domain$subname-wpfc.conf;/c \ include apps.d/$domain$subname-php.conf;" /etc/nginx/sites-available/$domain
echo "${gre}FastCGI Cache in${blu} $domain$subfolder ${gre}has been disabled!${end}"
@ -1484,11 +1501,15 @@ wp_cache() {
echo "${gre}FastCGI Cache in${blu} $domain ${gre}has been disabled!${end}"
else
echo "${gre}Nginx Cache is already disabled on your site${blu} $domain${end}"
# Needed to support the reset option even when already off
[[ -n $reset && -n $subfolder ]] && site $domain -cache=custom -reset -subfolder=$subfolder
[[ -n $reset && -z $subfolder ]] && site $domain -cache=custom -reset
fi
elif [[ $cache == "on" ]]; then
api-events_update si8
if [[ $(is_wp $domain $subfolder) == "true" && $(is_cache $domain $subfolder) == "false" ]]; then
[[ -z $subfolder ]] && sudo sed -i '/ common\/php.conf/c \ include common/wpfc.conf;' /etc/nginx/sites-available/$domain
[[ -z $subfolder ]] && sudo sed -i '/ common\/php[x]*\.conf/c \ include common/wpfc.conf;' /etc/nginx/sites-available/$domain
[[ -n $subfolder ]] && sudo sed -i "/ apps.d\/$domain$subname-php.conf;/c \ include apps.d/$domain$subname-wpfc.conf;" /etc/nginx/sites-available/$domain
if [[ $(is_parked $domain) == "false" && ( ! -d /var/www/$domain/htdocs$subfolder/wp-content/plugins/nginx-helper || ! -d /var/www/$domain/htdocs$subfolder/wp-content/plugins/redis-cache ) ]]; then
if [[ -z $wp_cache_plugins ]]; then
@ -1540,6 +1561,7 @@ wp_cache() {
elif [[ $(is_proxy $domain $subfolder) == "true" && -n $(grep -F "# WebinolyProxyCacheStart" /etc/nginx/apps.d/$domain$subname-proxy.conf) ]]; then
sudo sed -i '/WebinolyProxyCacheStart/,/WebinolyProxyCacheEnd/{/.*/d}' /etc/nginx/apps.d/$domain$subname-proxy.conf
sudo sed -i "/^proxy_cache_path \/run\/nginx-cache\/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')${subname} .*/d" /etc/nginx/conf.d/webinoly.conf
[[ -f /etc/nginx/apps.d/${domain}${subname}-site_custom_cache.conf ]] && sudo rm /etc/nginx/apps.d/${domain}${subname}-site_custom_cache.conf
echo "${gre}Custom Proxy Cache configuration has been successfully removed! ${end}"
elif [[ -f /etc/nginx/apps.d/$domain$subname-${fn}.conf ]]; then
sudo rm /etc/nginx/apps.d/$domain$subname-${fn}.conf
@ -1548,7 +1570,7 @@ wp_cache() {
else
echo "${gre}Custom Nginx Cache configuration not found! ${end}"
fi
[[ -f /etc/nginx/conf.d/webinoly.conf && ! -s /etc/nginx/conf.d/webinoly.conf ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
[[ -f /etc/nginx/conf.d/webinoly.conf && ( ! -s /etc/nginx/conf.d/webinoly.conf || -z $(cat -v /etc/nginx/conf.d/webinoly.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/webinoly.conf
elif [[ -n $query_string_never_cache || $query_string_cache || $skip_cache || -n $skip_cookie_cache ]]; then
custom_cache_global -site
elif [[ -n $query_string_cache_default ]]; then
@ -1579,10 +1601,8 @@ wp_cache() {
echo "${gre}Custom Proxy Cache in${blu} $domain$subfolder ${gre}has been successfully enabled! ${end}"
elif [[ $(is_cache $domain $subfolder) == "false" ]]; then
[[ -z $subfolder ]] && sudo sed -i "/ common\/php.conf/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
[[ -z $subfolder ]] && sudo sed -i "/ common\/phpx.conf/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
[[ -n $subfolder ]] && sudo sed -i "/ apps.d\/$domain$subname-php.conf;/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
[[ -n $subfolder ]] && sudo sed -i "/ apps.d\/$domain$subname-phpx.conf;/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
[[ -z $subfolder ]] && sudo sed -i "/ common\/php[x]*\.conf/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
[[ -n $subfolder ]] && sudo sed -i "/ apps.d\/$domain$subname-php[x]*\.conf;/c \ include apps.d/$domain$subname-${fn}.conf;" /etc/nginx/sites-available/$domain
# Creates the custom Webinoly Cache File (.cnf) only if not exists.
if [[ ! -f /etc/nginx/apps.d/$domain$subname-${fn}.conf ]]; then
@ -1663,18 +1683,13 @@ cloning_site() {
local custom_wp_dbpref=$( grep -F "table_prefix" $(wp_config_path $domain $subfolder) | cut -f 2 -d "'" -s)
fi
if [[ $( wp_config_read $domain DB_HOST $subfolder ) == "localhost" ]]; then
if [[ $(echo "$(wp_config_read $domain DB_HOST $subfolder)" | cut -f 1 -d ':' ) == "localhost" ]]; then
[[ -z $subfolder ]] && sudo site $domain -delete=force > /dev/null 2>&1 || sudo site $domain -subfolder=$subfolder -delete=force > /dev/null 2>&1
else
if [[ -n $extdb_user && -n $extdb_pass && -n $extdb_host ]]; then
if [[ -z $subfolder ]]; then
sudo site $domain -delete=force -external_db=[${extdb_user},${extdb_pass},${extdb_host}] > /dev/null 2>&1
else
sudo site $domain -subfolder=$subfolder -delete=force -external_db=[${extdb_user},${extdb_pass},${extdb_host}] > /dev/null 2>&1
fi
if [[ -z $subfolder ]]; then
sudo site $domain -delete=force > /dev/null 2>&1
else
echo "${red}[ERROR] External DB data corrupted!${end}"
exit 1
sudo site $domain -subfolder=$subfolder -delete=force > /dev/null 2>&1
fi
fi
else
@ -1791,15 +1806,15 @@ cloning_site() {
wp_config_write $domain DB_PASSWORD \'$AUTOGENPASS_WPDB\' $subfolder
wp_config_write $domain WP_CACHE_KEY_SALT \'wp_$domain$(echo $subfolder | sed "s/\//_/g")\' $subfolder
if [[ $wp_dbhost == "localhost" ]]; then
if [[ $wp_dbhost_host == "localhost" ]]; then
site -mysql=[localhost,$dom,$usr,$AUTOGENPASS_WPDB] > /dev/null 2>&1
mysqldump -u admin $wp_dbname | mysql -u admin $dom
mysqldump -u admin "${mysql_params[@]}" $wp_dbname | mysql -u admin "${mysql_params[@]}" $dom
# No need of force-redirect check because this is a new and different site.
edit_wp_db_url $domain "http://${domain}${subfolder}" $subfolder
else
site -mysql=[$wp_dbhost,$dom,$usr,$AUTOGENPASS_WPDB,$extdb_user,$extdb_pass] > /dev/null 2>&1
mysqldump -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" $wp_dbname | mysql -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" $dom
mysqldump --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_default -h "$wp_dbhost_host" -P "$wp_dbhost_port" $wp_dbname | mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_default -h "$wp_dbhost_host" -P "$wp_dbhost_port" $dom
# No need of force-redirect check because this is a new and different site.
edit_wp_db_url $domain "http://${domain}${subfolder}" $subfolder
@ -1851,17 +1866,23 @@ wp_replace_content() {
exit 1
fi
if [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ ( $wp_dbhost == "localhost" && $(check_mysql_connection localhost) != "true" ) || ( $wp_dbhost != "localhost" && $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ) ]]; then
wp_conf_retrieve $domain false true $subfolder
if [[ $(is_wp_installed $domain $subfolder) != "true" ]]; then
echo "${red}[ERROR] WordPress is empty and still not configured in ${domain}${subfolder} site!${end}"
exit 1
fi
if [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ ( $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) != "true" ) || ( $wp_dbhost_host != "localhost" && $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) != "true" ) ]]; then
exit 1
fi
query="USE $wp_dbname; UPDATE ${wp_dbpref}posts SET post_content = REPLACE (post_content,'$search','$replace'); FLUSH PRIVILEGES;"
query="USE $wp_dbname; UPDATE ${wp_dbpref}posts SET post_content = REPLACE (post_content,'$search','$replace');"
if [[ $wp_dbhost == "localhost" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "$query"
if [[ $wp_dbhost_host == "localhost" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "$query" "${mysql_params[@]}"
else
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "$query"
sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" -e "$query"
fi
echo "${gre}Content successfully replaced in your WP site!${end}"
else
@ -1874,7 +1895,7 @@ wp_replace_content() {
list_sites() {
echo ""
if ! [[ ${list,,} =~ ^(true|disabled|main|parked|wordpress|php|html|proxy|forward|tools|default|ssl|nossl|sslstaging|accesslog|noaccesslog|cache|nocache|adminauth|noadminauth|debug|nodebug|wpenv)$ ]]; then
if ! [[ ${list,,} =~ ^(true|disabled|main|parked|wordpress|php|html|proxy|forward|tools|default|ssl|nossl|sslstaging|accesslog|noaccesslog|cache|nocache|adminauth|noadminauth|debug|nodebug|wpenv)$ ]]; then
echo "${red}[ERROR] Invalid value for list filter! ${end}"
exit 1
fi
@ -1882,7 +1903,7 @@ list_sites() {
for site in "/etc/nginx/sites-available"/*
do
local domi=$(echo $site | cut -f 5 -d "/")
[[ $domi == "default" || $domi == $ADMIN_TOOLS_SITE || $domi == *".dpkg-"* ]] && continue
[[ ! -f /etc/nginx/sites-available/$domi || $domi == "default" || $domi == $ADMIN_TOOLS_SITE || $domi == *".dpkg-"* ]] && continue
if [[ $list != "true" ]]; then
[[ ${list,,} == "disabled" && -L /etc/nginx/sites-enabled/$domi ]] && continue
@ -1983,14 +2004,8 @@ site_info_subfolder() {
fi
if [[ $typesite == "wp" ]]; then
local wph=$(wp_config_read $domain DB_HOST $subfolder)
if [[ ${wph,,} == "localhost" || -n $external_db || $wph == "$(conf_read external-dbh):$(conf_read external-dbx)" ]]; then
local wpmu=$(is_wp_multisite $domain $subfolder)
wp_conf_retrieve $domain true true $subfolder
else
local wpmu="${dim}Not Available${end}"
wp_conf_retrieve $domain false false $subfolder
fi
wp_conf_retrieve $domain false false $subfolder
local wpmu=$(is_wp_multisite $domain $subfolder)
echo ""
echo "${blu}Cache:${end} $cache"
@ -2001,7 +2016,7 @@ site_info_subfolder() {
[[ -n $(wp_config_read $domain WP_ENVIRONMENT_TYPE $subfolder) ]] && echo "${blu}Environment:${end} $(wp_config_read $domain WP_ENVIRONMENT_TYPE $subfolder)"
echo ""
echo "${blu}Database:${end} $wph"
echo "${blu}Database:${end} $wp_dbhost"
echo "${blu}DB Name:${end} $wp_dbname"
echo "${blu}DB User:${end} $wp_dbuser"
echo "${blu}DB Prefix:${end} $wp_dbpref"
@ -2060,14 +2075,8 @@ site_info() {
fi
if [[ $typesite == "WordPress" || ( $typesite == "Parked" && $(is_wp $domain) == "true" ) ]]; then
local wph=$(wp_config_read $domain DB_HOST)
if [[ ${wph,,} == "localhost" || -n $external_db || $wph == "$(conf_read external-dbh):$(conf_read external-dbx)" ]]; then
local wpmu=$(is_wp_multisite $domain)
wp_conf_retrieve $domain true true
else
local wpmu="${dim}Not Available${end}"
wp_conf_retrieve $domain false false
fi
wp_conf_retrieve $domain false false
local wpmu=$(is_wp_multisite $domain)
echo ""
echo "${blu}Cache:${end} $cache"
@ -2078,7 +2087,7 @@ site_info() {
[[ -n $(wp_config_read $domain WP_ENVIRONMENT_TYPE $subfolder) ]] && echo "${blu}Environment:${end} $(wp_config_read $domain WP_ENVIRONMENT_TYPE $subfolder)"
echo ""
echo "${blu}Database:${end} $wph"
echo "${blu}Database:${end} $wp_dbhost"
echo "${blu}DB Name:${end} $wp_dbname"
echo "${blu}DB User:${end} $wp_dbuser"
echo "${blu}DB Prefix:${end} $wp_dbpref"
@ -2129,24 +2138,21 @@ wp_env_type() {
fi
# WordPress Reading Settings: Discourage Search Engines
wp_conf_retrieve $domain true true $subfolder
if [[ -n $wp_dbhost && $wp_dbhost != "localhost" && ( -z $extdb_url || -z $extdb_port || -z $extdb_user || -z $extdb_pass ) ]]; then
wp_conf_retrieve $domain false true $subfolder
if [[ -n $wp_dbhost_host && $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port || -z $wp_dbuser || -z $wp_dbpass ) ]]; then
echo "${red}${dim}[ERROR] Discourage Search Engines WP option not updated! (External DB data not available)${end}"
elif [[ -n $wp_dbhost && -n $wp_dbname && -n $wp_dbpref ]]; then
elif [[ -n $wp_dbhost_host && -n $wp_dbname && -n $wp_dbpref ]]; then
if [[ $(is_wp_installed $domain $subfolder) == "true" ]]; then
if [[ $wp_dbhost == "localhost" && $(check_mysql_connection localhost) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
if [[ $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) == "true" ]]; then
sudo mysql --connect-timeout=10 --user=admin "${mysql_params[@]}" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref}options SET option_value='$index' WHERE option_name='blog_public';
FLUSH PRIVILEGES;
_EOF_
elif [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) == "true" ]]; then
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" <<_EOF_
elif [[ $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass) == "true" ]]; then
sudo mysql --defaults-group-suffix=_${wp_dbhost_host}:${wp_dbhost_port}_${wp_dbuser} --connect-timeout=10 -h "$wp_dbhost_host" -P "$wp_dbhost_port" -u"$wp_dbuser" <<_EOF_
USE $wp_dbname;
UPDATE ${wp_dbpref}options SET option_value='$index' WHERE option_name='blog_public';
FLUSH PRIVILEGES;
_EOF_
else
@ -2162,6 +2168,6 @@ _EOF_
echo "${red}${dim}[ERROR] Discourage Search Engines WP option not updated! (WP Configuration corrupted)${end}"
fi
echo "${gre}WordPress Environment Type has been set successfully!${end}"
echo "${gre}WordPress Environment Type has been set successfully! ${dim}(${env})${end}"
}

8
lib/update
View file

@ -44,7 +44,7 @@ must-staple = True" | tee -a /etc/letsencrypt/cli.ini
for site in "/etc/nginx/sites-available"/*
do
domi=$(echo $site | cut -f 5 -d "/")
[[ $domi != "html" && $domi != $(conf_read tools-port) && $domi != *".dpkg-"* ]] && sudo sed -i "/#include \/var\/www\//c\ include /var/www/$domi/*-nginx.conf;" /etc/nginx/sites-available/$domi
[[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) && $domi != *".dpkg-"* ]] && sudo sed -i "/#include \/var\/www\//c\ include /var/www/$domi/*-nginx.conf;" /etc/nginx/sites-available/$domi
done
fi
@ -64,7 +64,7 @@ onetwo_to_onethree() {
for site in "/etc/nginx/sites-available"/*
do
domi=$(echo $site | cut -f 5 -d "/")
[[ $domi != "html" && $domi != $(conf_read tools-port) ]] && sudo sed -i "/ssl on;/c\ #ssl on;" /etc/nginx/sites-available/$domi
[[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]] && sudo sed -i "/ssl on;/c\ #ssl on;" /etc/nginx/sites-available/$domi
done
# swappines is now included by default in linux optimization.
@ -82,13 +82,13 @@ onethree_to_onefour() {
sudo mkdir -p /etc/nginx/apps.d
sudo cp /etc/nginx/common/acl.conf /opt/webinoly/templates/source/acl.conf.old
grep "^allow [^127.0.0.1]" /opt/webinoly/templates/source/acl.conf.old > /etc/nginx/apps.d/whitelist-acl.conf
[[ -f /etc/nginx/apps.d/whitelist-acl.conf && ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
[[ -f /etc/nginx/apps.d/whitelist-acl.conf && ( ! -s /etc/nginx/apps.d/whitelist-acl.conf || -z $(cat -v /etc/nginx/apps.d/whitelist-acl.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i "/acl.conf;/i \ include common\/auth.conf;" /etc/nginx/sites-available/$(conf_read tools-port)
for site in "/etc/nginx/sites-available"/*
do
domi=$(echo $site | cut -f 5 -d "/")
if [[ $domi != "html" && $domi != $(conf_read tools-port) ]]; then
if [[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]]; then
if [[ $(is_proxy $domi) == "true" ]]; then
pat="\t}"
elif [[ $(is_wp $domi) == "true" || $(is_php $domi) == "true" ]]; then

338
lib/verify
View file

@ -1,4 +1,7 @@
#!/bin/bash
# Example: sudo webinoly -verify
# Example: sudo webinoly -verify=critical
# Example: sudo webinoly -verify -check-for-updates
webinoly_verify() {
@ -177,6 +180,10 @@ if [[ ! -f /opt/webinoly/templates/general/admin_tools.conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/admin_tools.conf not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/certbot-deploy-hook ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/certbot-deploy-hook not found!"
local ver_one_err="1"
fi
if [[ ! -f /opt/webinoly/templates/general/conf ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/general/conf not found!"
local ver_one_err="1"
@ -227,6 +234,11 @@ if [[ ! -f /usr/bin/stack ]]; then
local ver_one_err="1"
fi
if [[ -n $(conf_read init-error-flag) ]]; then
echo "- [ERROR] This copy of Webinoly is not genuine!"
local ver_one_err="1"
fi
if [[ -z $critical_mode ]]; then
# Check if Webinoly is updated
@ -254,6 +266,45 @@ if [[ -z $critical_mode ]]; then
done
fi
# Temp dynvar in conf file
if [[ -n $(conf_read force-flag) ]]; then
echo "${dim}- [WARNING] Temporal variable (force-flag) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read delautopma) ]]; then
echo "${dim}- [WARNING] Temporal variable (delautopma) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read temp-path) ]]; then
echo "${dim}- [WARNING] Temporal variable (temp-path) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read nginx-reload) ]]; then
echo "${dim}- [WARNING] Temporal variable (nginx-reload) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read quiet) ]]; then
echo "${dim}- [WARNING] Temporal variable (quiet) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read multi-bkp-db) ]]; then
echo "${dim}- [WARNING] Temporal variable (multi-bkp-db) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read multi-bkp-dbh) ]]; then
echo "${dim}- [WARNING] Temporal variable (multi-bkp-dbh) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read stack-update) ]]; then
echo "${dim}- [WARNING] Temporal variable (stack-update) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ -n $(conf_read mysql-reinstall) ]]; then
echo "${dim}- [WARNING] Temporal variable (mysql-reinstall) has been found in the Webinoly Configuration File! ${end}${red}"
local ver_one_war="1"
fi
if [[ $ver_one_err == "1" ]]; then
echo "(1) Webinoly Integrity Test has failed!"
elif [[ $ver_one_war == "1" ]]; then
@ -274,6 +325,12 @@ local ver_two_err="0"
local ver_two_war="0"
if [[ $(conf_read nginx) == "true" ]]; then
# Check if NGINX command is installed
if ! which nginx >/dev/null ; then
echo "- [ERROR] Seems like NGIN command is not installed!"
local ver_two_err="1"
fi
if [[ ! -f /etc/nginx/nginx.conf ]]; then
echo "- [ERROR] File: /etc/nginx/nginx.conf not found!"
local ver_two_err="1"
@ -289,11 +346,11 @@ if [[ $(conf_read nginx) == "true" ]]; then
local ver_two_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg || ! -s /usr/share/keyrings/nginx-archive-keyring.gpg ]]; then
if [[ ! -f /usr/share/keyrings/nginx-archive-keyring.gpg || ! -s /usr/share/keyrings/nginx-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/nginx-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] Nginx Apt Key not found!"
local ver_two_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/nginx.list || ! -s /etc/apt/sources.list.d/nginx.list ]]; then
if [[ ! -f /etc/apt/sources.list.d/nginx.list || ! -s /etc/apt/sources.list.d/nginx.list || -z $(cat -v /etc/apt/sources.list.d/nginx.list | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] Nginx PPA not found in sources list!"
local ver_two_err="1"
fi
@ -380,6 +437,15 @@ if [[ $(conf_read nginx-optim) == "true" ]]; then
echo "- [ERROR] File: /opt/webinoly/templates/source/nginx.conf not found!"
local ver_two_err="1"
fi
if [[ -f /etc/nginx/common/wpfc.conf && ( -n $(grep -F "<wpcache-exclude-url>" /etc/nginx/common/wpfc.conf) || -n $(grep -F "<wpcache-exclude-cookie>" /etc/nginx/common/wpfc.conf) ) ]]; then
echo "- [ERROR] File: /etc/nginx/common/wpfc.conf is corrupted!"
local ver_two_err="1"
fi
if [[ -f /etc/nginx/common/locations.conf && ( -n $(grep -F "<locations-deny-extensions>" /etc/nginx/common/locations.conf) || -n $(grep -F "<locations-deny-files>" /etc/nginx/common/locations.conf) ) ]]; then
echo "- [ERROR] File: /etc/nginx/common/locations.conf is corrupted!"
local ver_two_err="1"
fi
fi
# NGINX tools site
@ -449,11 +515,30 @@ if [[ -z $critical_mode ]]; then
if [[ $(conf_read nginx-optim) == "true" && ! ( -s /etc/nginx/.htpasswd || ( -n $(conf_read tools-site) && -s /etc/nginx/apps.d/.htpasswd-$(conf_read tools-site) )) ]]; then
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found to access the server tools on port $(conf_read tools-port).${end}${red}"
fi
# HTTP Headers
if [[ $(conf_read nginx-optim) == "true" && -z $(conf_read header-csp) ]]; then
echo "${blu}${dim}- [INFO] Setting a Content-Security-Policy Header is highly recommended!${end}${red}"
fi
if [[ $(conf_read nginx-optim) == "true" && $(conf_read header-xssp) == "true" ]]; then
echo "${blu}${dim}- [INFO] X-XSS Header is no longer recommended, use a strong CSP instead!${end}${red}"
fi
# Webinoly Stack version
if [[ $(conf_read nginx) == "true" && $(conf_read server-version) != $svr_version ]]; then
echo "${dim}- [WARNING] Webinoly Stack version check is corrupted! (Installed: $svr_version != Conf: $(conf_read server-version)) ${end}${red}"
local ver_two_war="1"
if [[ $(conf_read nginx) == "true" ]]; then
# Webinoly Stack version
if [[ $(conf_read server-version) != $svr_version ]]; then
echo "${dim}- [WARNING] Webinoly Stack version check is corrupted! (Installed: $svr_version != Conf: $(conf_read server-version)) ${end}${red}"
local ver_two_war="1"
fi
# Check Nginx Branch in Configuration File
if [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 1 && $(conf_read nginx-ppa) != "mainline" ]]; then
echo "- [ERROR] Nginx Branch in Configuration File is corrupted!"
local ver_two_err="1"
elif [[ $(($(sudo nginx -v 2>&1 | cut -d'.' -f 2 -s)%2)) == 0 && $(conf_read nginx-ppa) != "stable" && -n $(conf_read nginx-ppa) ]]; then
echo "- [ERROR] Nginx Branch in Configuration File is corrupted!"
local ver_two_err="1"
fi
fi
if [[ $ver_two_err == "1" ]]; then
@ -476,26 +561,32 @@ local ver_three_err="0"
local ver_three_war="0"
if [[ $(conf_read php) == "true" ]]; then
# Check if PHP command is installed
if ! which php >/dev/null ; then
echo "- [ERROR] Seems like PHP command is not installed!"
local ver_three_err="1"
fi
if [[ ! -f /etc/php/$(conf_read php-ver)/fpm/php.ini ]]; then
echo "- [ERROR] File: /etc/php/$(conf_read php-ver)/fpm/php.ini not found!"
local ver_three_err="1"
fi
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) =~ ^(bionic|focal)$ ]]; then
if [[ ! -f /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || ! -s /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg ]]; then
if [[ ! -f /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || ! -s /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] PHP Apt Key not found!"
local ver_three_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || ! -s /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list ]]; then
if [[ ! -f /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || ! -s /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list || -z $(cat -v /etc/apt/sources.list.d/ondrej-ubuntu-php-$(check_osname).list | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] PHP PPA not found in sources list!"
local ver_three_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/php-archive-keyring.gpg || ! -s /usr/share/keyrings/php-archive-keyring.gpg ]]; then
if [[ ! -f /usr/share/keyrings/php-archive-keyring.gpg || ! -s /usr/share/keyrings/php-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/php-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] PHP Apt Key not found!"
local ver_three_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/php.list || ! -s /etc/apt/sources.list.d/php.list ]]; then
if [[ ! -f /etc/apt/sources.list.d/php.list || ! -s /etc/apt/sources.list.d/php.list || -z $(cat -v /etc/apt/sources.list.d/php.list | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] PHP PPA not found in sources list!"
local ver_three_err="1"
fi
@ -574,14 +665,14 @@ if [[ -z $critical_mode ]]; then
local ver_three_war="1"
fi
if ! [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0|8.1|8.2)$ ]]; then
if ! [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0|8.1|8.2|8.3)$ ]]; then
echo "${dim}- [WARNING] Unknown PHP version!${end}${red}"
local ver_three_war="1"
elif [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3)$ ]]; then
echo "${dim}- [WARNING] You have an obsolete PHP version (${ver_php_ver}) installed that not even receive security updates!${end}${red}"
elif [[ $ver_php_ver =~ ^(5.6|7.0|7.1|7.2|7.3|7.4|8.0)$ ]]; then
echo "${dim}- [WARNING] You have an obsolete PHP version installed (${ver_php_ver}) that not even receive security updates!${end}${red}"
local ver_three_war="1"
elif [[ $ver_php_ver == "7.4" ]]; then
echo "${blu}${dim}- [INFO] PHP v8.0 or later is recommended to get an optimal perfomance! (Current: ${ver_php_ver}) ${end}${red}"
#elif [[ $ver_php_ver == "8.1" ]]; then
# echo "${blu}${dim}- [INFO] PHP v8.2 or later is recommended to get an optimal perfomance! (Current: ${ver_php_ver}) ${end}${red}"
fi
fi
@ -598,33 +689,58 @@ fi
################################
##### MySQL Verification #####
################################
########################################
##### MySQL/MariaDB Verification #####
########################################
local ver_four_err="0"
local ver_four_war="0"
# MySQL
if [[ $(conf_read mysql) == "true" ]]; then
if [[ $(conf_read db-engine) == "mysql" ]]; then
local ver_mysql_ver=$(sudo mysql --version | grep -Eo "Ver [0-9\.]+" | cut -f 2 -d' ' | cut -f 1-2 -d'.')
else
# To check supported versions: https://mariadb.com/kb/en/mariadb-server/
local ver_mysql_ver=$(sudo mysql --version | sed 's/.*Distrib \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
# MySQL/MariaDB
if [[ $(conf_read mysql) == "true" || $(conf_read mysql-client) == "true" ]]; then
# Check if MYSQL command is installed
if ! which mysql >/dev/null ; then
echo "- [ERROR] Seems like MYSQL command is not installed!"
local ver_four_err="1"
fi
if [[ ! -d /etc/mysql ]]; then
echo "- [ERROR] Folder: /etc/mysql not found!"
local ver_four_err="1"
fi
fi
if [[ $(conf_read mysql) == "true" ]]; then
if [[ $(conf_read db-engine) == "mysql" ]]; then
if [[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg || ! -s /usr/share/keyrings/mysql-archive-keyring.gpg ]]; then
local ver_mysql_ver=$(sudo mysql --version | grep -Eo "Ver [0-9\.]+" | cut -f 2 -d' ' | cut -f 1-2 -d'.')
if [[ -n $(sudo mysql --version | grep -Fio "MariaDb") ]]; then
echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!"
local ver_four_err="1"
fi
else
# To check supported versions: https://mariadb.com/kb/en/mariadb-server/
local ver_mysql_ver=$(sudo mysql --version | sed 's/.*Distrib \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
if [[ -z $(sudo mysql --version | grep -Fio "MariaDb") || ( -n $(conf_read db-engine) && $(conf_read db-engine) != "mariadb" ) ]]; then
echo "- [ERROR] MySQL DB Engine in Configuration File is corrupted!"
local ver_four_err="1"
fi
fi
if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf ]]; then
echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf not found!"
local ver_four_err="1"
fi
if [[ ! -f $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf ]]; then
echo "- [ERROR] File: $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly.cnf not found!"
local ver_four_err="1"
fi
# PPA & Keys
if [[ $(conf_read db-engine) == "mysql" ]]; then
if [[ ! -f /usr/share/keyrings/mysql-archive-keyring.gpg || ! -s /usr/share/keyrings/mysql-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mysql-archive-keyring.gpg | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] MySQL Apt Key not found!"
local ver_four_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/mysql.list || ! -s /etc/apt/sources.list.d/mysql.list ]]; then
if [[ ! -f /etc/apt/sources.list.d/mysql.list || ! -s /etc/apt/sources.list.d/mysql.list || -z $(cat -v /etc/apt/sources.list.d/mysql.list | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] MySQL PPA not found in sources list!"
local ver_four_err="1"
fi
@ -638,28 +754,28 @@ if [[ $(conf_read mysql) == "true" ]]; then
local ver_four_err="1"
fi
else
if [[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg || ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg ]]; then
if [[ ! -f /usr/share/keyrings/mariadb-archive-keyring.gpg || ! -s /usr/share/keyrings/mariadb-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/mariadb-archive-keyring.gpg | grep '[^[:space:]]') ]]; then
echo "- [ERROR] MariaDB Apt Key not found!"
local ver_four_err="1"
fi
if [[ ! -f /etc/apt/sources.list.d/mariadb.list || ! -s /etc/apt/sources.list.d/mariadb.list ]]; then
if [[ ! -f /etc/apt/sources.list.d/mariadb.list || ! -s /etc/apt/sources.list.d/mariadb.list || -z $(cat -v /etc/apt/sources.list.d/mariadb.list | grep -m 1 '[^[:space:]]') ]]; then
echo "- [ERROR] MariaDB PPA not found in sources list!"
local ver_four_err="1"
fi
fi
fi
# MySQL Connection
if [[ $(conf_read mysql) == "true" ]]; then
local ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then
echo "- [ERROR] MySQL Connection to localhost failed! (root)"
local ver_four_err="1"
# MySQL/MariaDB Connection
if [[ -n $(conf_read mysql-root) ]]; then # Dynvar can be removed safely!
local ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (root)"
local ver_four_err="1"
fi
fi
if ! sudo mysql --connect-timeout=10 --user=admin -e "quit" 2>/dev/null; then
echo "- [ERROR] MySQL Connection to localhost failed! (admin)"
echo "- [ERROR] MySQL/MariaDB Connection to localhost failed! (admin)"
local ver_four_err="1"
fi
fi
@ -679,14 +795,14 @@ if [[ -z $critical_mode ]]; then
fi
# MySQL and MariaDB can be mixed, don't worry!
if ! [[ $ver_mysql_ver =~ ^(8.0|10.0|10.1|10.2|10.3|10.4|10.5|10.6)$ ]]; then
if ! [[ $ver_mysql_ver =~ ^(8.0|10.0|10.1|10.2|10.3|10.4|10.5|10.6|10.11)$ ]]; then
echo "${dim}- [WARNING] Unknown MySQL/MariaDB version!${end}${red}"
local ver_four_war="1"
elif [[ $ver_mysql_ver =~ ^(10.0|10.1)$ ]]; then
elif [[ $ver_mysql_ver =~ ^(10.0|10.1|10.2|10.3)$ ]]; then
echo "${dim}- [WARNING] You have an obsolete MariaDB version (${ver_mysql_ver}) installed that not even receive security updates!${end}${red}"
local ver_four_war="1"
elif [[ $ver_mysql_ver =~ ^(10.2|10.3)$ ]]; then
echo "${blu}${dim}- [INFO] MariaDB v10.4 or later is recommended to get an optimal perfomance! (Current: ${ver_mysql_ver}) ${end}${red}"
elif [[ $ver_mysql_ver =~ ^(10.4)$ ]]; then
echo "${blu}${dim}- [INFO] MariaDB v10.6 or later is recommended to get an optimal perfomance! (Current: ${ver_mysql_ver}) ${end}${red}"
fi
fi
@ -701,12 +817,12 @@ if [[ -z $critical_mode ]]; then
fi
if [[ ( -d /var/www/$ADMIN_TOOLS_SITE/htdocs/pma || -d /usr/share/phpmyadmin ) && $(conf_read mysql-tool-pma) != "true" ]]; then
echo "${dim}- [WARNING] Seems like MySQL Tools (PhpMyAdmin) are enabled but Webinoly can not detect it!${end}${red}"
echo "${dim}- [WARNING] Seems like phpMyAdmin is installed but Webinoly can not detect it!${end}${red}"
local ver_four_war="1"
fi
# DB Role - Check Privileges!
if [[ $(conf_read mysql-client) == "true" ]]; then
# DB Role - Check Privileges!
local dbrolecheck=$(conf_read dbrole)
local dbrolecheck=${dbrolecheck,,}
if [[ $dbrolecheck == "all" ]]; then
@ -716,15 +832,29 @@ if [[ -z $critical_mode ]]; then
elif [[ $dbrolecheck == "basic" ]]; then
echo "${blu}${dim}- [INFO] DB Default Privileges are set to BASIC, some sites may not work properly with basic privileges! ${end}${red}"
fi
# Saved DB Credentials
conf_write quiet true
if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbu) && -n $(conf_read external-dbp) && -n $(conf_read external-dbx) ]]; then
local svdb=$(check_mysql_connection $(conf_read external-dbh) $(conf_read external-dbx) $(conf_read external-dbu) $(conf_read external-dbp) -master-admin)
if [[ $svdb == "false" ]]; then
echo "- [ERROR] External DB Connection failed! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx))"
local ver_four_err="1"
elif [[ $svdb == "truebutnotmaster" ]]; then
echo "${dim}- [WARNING] External DB Connection seems like not have Master user privileges! (Saved credentials for: $(conf_read external-dbh):$(conf_read external-dbx)) ${end}${red}"
local ver_four_war="1"
fi
fi
conf_delete quiet
fi
if [[ $ver_four_err == "1" ]]; then
echo "(4) MySQL Verification Test has failed!"
echo "(4) MySQL/MariaDB Verification Test has failed!"
elif [[ $ver_four_war == "1" ]]; then
echo "${dim}(4) MySQL Verification Test has some warning messages you should attend!${end}${red}"
echo "${dim}(4) MySQL/MariaDB Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(4) MySQL Verification Test successful!${end}${red}"
echo "${gre}${dim}(4) MySQL/MariaDB Verification Test successful!${end}${red}"
fi
fi
@ -738,32 +868,32 @@ fi
local ver_five_err="0"
local ver_five_war="0"
if ! systemctl is-active --quiet nginx && [[ $(conf_read nginx) == "true" ]]; then
if [[ $(conf_read nginx) == "true" ]] && ! systemctl is-active --quiet nginx; then
echo "- [ERROR] Nginx service not running!"
local ver_five_err="1"
fi
if ! systemctl is-active --quiet php$(conf_read php-ver)-fpm && [[ $(conf_read php) == "true" ]]; then
if [[ $(conf_read php) == "true" ]] && ! systemctl is-active --quiet php$(conf_read php-ver)-fpm; then
echo "- [ERROR] PHP service not running!"
local ver_five_err="1"
fi
if ! systemctl is-active --quiet mysql && [[ $(conf_read mysql) == "true" ]]; then
echo "- [ERROR] MySQL service not running!"
if [[ $(conf_read mysql) == "true" ]] && ! systemctl is-active --quiet mysql; then
echo "- [ERROR] MySQL/MariaDB service not running!"
local ver_five_err="1"
fi
if ! systemctl is-active --quiet redis-server && [[ $(conf_read php-tool-redis) == "true" ]]; then
if [[ $(conf_read php-tool-redis) == "true" ]] && ! systemctl is-active --quiet redis-server; then
echo "- [ERROR] Redis service not running!"
local ver_five_err="1"
fi
if ! systemctl is-active --quiet memcached && [[ $(conf_read php-tool-memcached) == "true" ]]; then
if [[ $(conf_read php-tool-memcached) == "true" ]] && ! systemctl is-active --quiet memcached; then
echo "- [ERROR] Memcached service not running!"
local ver_five_err="1"
fi
if ! systemctl is-active --quiet postfix && [[ $(conf_read php-tool-postfix) == "true" ]]; then
if [[ $(conf_read php-tool-postfix) == "true" ]] && ! systemctl is-active --quiet postfix; then
echo "- [ERROR] Postfix service not running!"
local ver_five_err="1"
fi
if ! sudo nginx -t 2>/dev/null && [[ $(conf_read nginx) == "true" ]]; then
if [[ $(conf_read nginx) == "true" ]] && ! sudo nginx -t 2>/dev/null; then
echo "- [ERROR] Nginx Configuration check failed!"
local ver_five_err="1"
fi
@ -817,6 +947,24 @@ if [[ $ver_disk =~ ^[0-9]+$ && $ver_disk -gt 75 ]]; then
local ver_six_war="1"
fi
# Check if WGET is installed
if ! which wget >/dev/null ; then
echo "- [ERROR] Seems like WGET package is not installed!"
local ver_six_err="1"
fi
# Check for OS Updates
# Run in non-critical mode and when updating Webinoly to remember that is important to keep the OS updated, not only Webinoly.
# For example, we can implement new Nginx directives and it will fails if Nginx package is not updated.
if [[ -z $critical_mode || -n $check_for_updates ]]; then
if [[ -f /usr/lib/update-notifier/apt-check ]]; then
local ver_os_updates=$(echo $(/usr/lib/update-notifier/apt-check --human-readable) | grep -Eo "[0-9]+ " | head -1 | sed "s/ //")
if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
local ver_six_war="1"
fi
fi
fi
if [[ -z $critical_mode ]]; then
# Check for BASH Shell
# This is a very "shity" method, but checking if file exists is very reliable
@ -836,15 +984,6 @@ if [[ -z $critical_mode ]]; then
fi
fi
# Check for updates
if [[ -a /usr/lib/update-notifier/apt-check ]]; then
local ver_os_updates=$(echo $(/usr/lib/update-notifier/apt-check --human-readable) | grep -Eo "^[0-9]+ " | head -1 | sed "s/ //")
if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
local ver_six_war="1"
fi
fi
# Check if timezone is set
if [[ -z $(conf_read timezone) ]] || ! grep -Fxq $(conf_read timezone) /opt/webinoly/lib/timezone.dat; then
echo "${dim}- [WARNING] Timezone is not set or not valid!${end}${red}"
@ -873,6 +1012,11 @@ local ver_seven_war="0"
# Web Tools
if [[ $(conf_read php-tool-redis) == "true" ]]; then
# Check if REDIS command is installed
if ! which redis-cli >/dev/null ; then
echo "- [ERROR] Seems like Redis command is not installed!"
local ver_seven_err="1"
fi
if [[ ! -d /etc/redis ]]; then
echo "- [ERROR] Folder: /etc/redis not found!"
local ver_seven_err="1"
@ -880,14 +1024,14 @@ if [[ $(conf_read php-tool-redis) == "true" ]]; then
# 18.04 - /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg
# 20.04 - /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg
# 22.04 - /usr/share/keyrings/redis-archive-keyring.gpg
if [[ ( ! -f /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg ) && ( ! -f /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg ) && ( ! -f /usr/share/keyrings/redis-archive-keyring.gpg || ! -s /usr/share/keyrings/redis-archive-keyring.gpg ) ]]; then
if [[ ( ! -f /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs_ubuntu_redis.gpg | grep '[^[:space:]]') ) && ( ! -f /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || ! -s /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg || -z $(cat -v /etc/apt/trusted.gpg.d/redislabs-ubuntu-redis.gpg | grep '[^[:space:]]') ) && ( ! -f /usr/share/keyrings/redis-archive-keyring.gpg || ! -s /usr/share/keyrings/redis-archive-keyring.gpg || -z $(cat -v /usr/share/keyrings/redis-archive-keyring.gpg | grep '[^[:space:]]') ) ]]; then
echo "- [ERROR] Redis Apt Key not found!"
local ver_seven_err="1"
fi
# 18.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
# 20.04 - /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list
# 22.04 - /etc/apt/sources.list.d/redis.list
if [[ ( ! -f /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || ! -s /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list ) && ( ! -f /etc/apt/sources.list.d/redis.list || ! -s /etc/apt/sources.list.d/redis.list ) ]]; then
if [[ ( ! -f /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || ! -s /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list || -z $(cat -v /etc/apt/sources.list.d/redislabs-ubuntu-redis-$(check_osname).list | grep -m 1 '[^[:space:]]')) && ( ! -f /etc/apt/sources.list.d/redis.list || ! -s /etc/apt/sources.list.d/redis.list || -z $(cat -v /etc/apt/sources.list.d/redis.list | grep -m 1 '[^[:space:]]')) ]]; then
echo "- [ERROR] Redis PPA not found in sources list!"
local ver_seven_err="1"
fi
@ -897,9 +1041,12 @@ if [[ $(conf_read mysql-tool-pma) == "true" && ! -d /var/www/$ADMIN_TOOLS_SITE/h
echo "- [ERROR] Folder: /var/www/$ADMIN_TOOLS_SITE/htdocs/pma not found!"
local ver_seven_err="1"
fi
if [[ $(conf_read php-tool-memcached) == "true" && ! -f /usr/bin/memcached ]]; then
echo "- [ERROR] File: /usr/bin/memcached not found!"
local ver_seven_err="1"
if [[ $(conf_read php-tool-memcached) == "true" ]]; then
# Check if MEMCACHED command is installed
if ! which memcached >/dev/null ; then
echo "- [ERROR] Seems like Memcached command is not installed!"
local ver_seven_err="1"
fi
fi
if [[ $(conf_read php-tool-postfix) == "true" && ! -d /etc/postfix ]]; then
echo "- [ERROR] Folder: /etc/postfix not found!"
@ -910,19 +1057,21 @@ if [[ $(conf_read php-tool-postfix) == "true" && ! -f /opt/webinoly/templates/so
local ver_seven_err="1"
fi
if [[ $(conf_read nginx-tool-ssl) == "true" ]]; then
if [[ ! -L /snap/bin/certbot ]]; then
echo "- [ERROR] File: /snap/bin/certbot not found!"
# Check if CERTBOT command is installed
if ! which certbot >/dev/null ; then
echo "- [ERROR] Seems like Certbot command is not installed!"
local ver_seven_err="1"
fi
fi
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
if [[ ! -f /usr/bin/duply ]]; then
echo "- [ERROR] File: /usr/bin/duply not found!"
# Check if DUPLY command is installed
if ! which duply >/dev/null ; then
echo "- [ERROR] Seems like Duply command is not installed!"
local ver_seven_err="1"
fi
# Remove the snap path!
if [[ ! -L /snap/bin/duplicity && ! -f /usr/local/bin/duplicity ]]; then
echo "- [ERROR] File: /usr/local/bin/duplicity not found!"
# Check if DUPLICITY command is installed
if ! which duplicity >/dev/null ; then
echo "- [ERROR] Seems like Duplicity command is not installed!"
local ver_seven_err="1"
fi
fi
@ -932,7 +1081,7 @@ if [[ -z $critical_mode ]]; then
for cert in "/etc/letsencrypt/live"/*
do
domain=$(echo $cert | cut -f 5 -d "/")
if [[ -d $cert && ! -f /etc/nginx/sites-available/$domain ]]; then
if [[ -d $cert && ! -f /etc/nginx/sites-available/$domain && -n $domain ]]; then
echo "${blu}${dim}- [INFO] SSL Orphan-Cert found ($domain)!${end}${red}"
fi
done
@ -956,7 +1105,7 @@ if [[ -z $critical_mode ]]; then
if [[ $ver_seven_err == "1" ]]; then
echo "(7) Additional Tools Verification Test has failed!"
elif [[ $ver_seven_war == "1" ]]; then
echo "${dim}(4) Additional Tools Verification Test has some warning messages you should attend!${end}${red}"
echo "${dim}(7) Additional Tools Verification Test has some warning messages you should attend!${end}${red}"
else
echo "${gre}${dim}(7) Additional Tools Verification Test successful!${end}${red}"
fi
@ -1011,6 +1160,11 @@ if [[ -z $critical_mode ]]; then
local ver_check_dir="/var/www"
local ver_check_user="www-data"
local ver_count_ssh=2
# Always check root when logname user is different!
elif [[ $ver_count_ssh == 2 && $CURRENT_HOME != "/root" ]]; then
local ver_check_dir="/root"
local ver_check_user="root"
local ver_count_ssh=3
else
break
fi
@ -1065,20 +1219,32 @@ if [[ -z $critical_mode ]]; then
for ver_site in "/etc/nginx/sites-available"/*
do
local ver_domi=$(echo $ver_site | cut -f 5 -d "/")
[[ ! -f /etc/nginx/sites-available/$ver_domi ]] && continue # Double check!
if [[ $ver_domi != "html" && $ver_domi != $ADMIN_TOOLS_SITE ]]; then
# If WordPress, then check connection!
if [[ $(is_wp $ver_domi) == "true" ]]; then
if [[ ! -s /etc/nginx/.htpasswd && ! -s /etc/nginx/apps.d/.htpasswd-$ver_domi && $(is_wp_auth $ver_domi) == "true" ]]; then
if [[ ( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && ( ! -s /etc/nginx/apps.d/.htpasswd-$ver_domi || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$ver_domi | grep -m 1 '[^[:space:]]')) && $(is_wp_auth $ver_domi) == "true" ]]; then
echo "${blu}${dim}- [INFO] HTTP Authentication Credentials not found for $ver_domi${end}${red}"
fi
wp_conf_retrieve $ver_domi false > /dev/null
if [[ $wp_dbhost == "localhost" && -n $wp_dbuser && -n $wp_dbpass && -n $wp_dbname && $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname) != "true" ]]; then
echo "${dim}- [WARNING] Database connection failed for your WP site $ver_domi (localhost) ${end}${red}"
wp_conf_retrieve $ver_domi false false
if [[ $wp_dbhost_host == "localhost" && ( -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection localhost $wp_dbuser $wp_dbpass $wp_dbname $mysql_param) != "true" ) ]]; then
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
local ver_nine_war="1"
elif [[ -n $wp_dbhost && $wp_dbhost != "localhost" && -n $extdb_url && -n $extdb_port && -n $wp_dbuser && -n $wp_dbpass && -n $wp_dbname && $(check_mysql_connection $extdb_url $extdb_port $wp_dbuser $wp_dbpass $wp_dbname 2>/dev/null) != "true" ]]; then
echo "${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
elif [[ $wp_dbhost_host == "localhost" && -n $wp_dbhost_port ]]; then
echo "${blu}${dim}- [INFO] Localhost with custom port could have a negative impact in performance (Site: $ver_domi | Host: ${wp_dbhost}).${end}${red}"
elif [[ $wp_dbhost_host != "localhost" && ( -z $wp_dbhost_host || -z $wp_dbhost_port || -z $wp_dbuser || -z $wp_dbpass || -z $wp_dbname || $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port $wp_dbuser $wp_dbpass $wp_dbname) != "true" ) ]]; then
echo "${red}${dim}- [WARNING] Database connection failed for your WP site $ver_domi (${wp_dbhost}) ${end}${red}"
local ver_nine_war="1"
fi
# If not WP but WP files are found then alert! (people manually installing WP)
elif [[ -f /var/www/$ver_domi/wp-config.php || -f /var/www/$ver_domi/htdocs/wp-config.php ]]; then
echo "${red}${dim}- [WARNING] Seems like $ver_domi is a WordPress site but configured for a different type! ${end}${red}"
local ver_nine_war="1"
fi
fi
done

158
lib/webin
View file

@ -30,7 +30,8 @@ system_info() {
echo "${blu}${bol}[NGINX]${end}"
if [[ $(conf_read nginx) == "true" ]]; then
echo "${blu}Branch:${end}${dim} $(conf_read nginx-ppa) ${end}"
[[ -z $(conf_read nginx-ppa) ]] && local nginxbranch="stable" || local nginxbranch=$(conf_read nginx-ppa)
echo "${blu}Branch:${end}${dim} ${nginxbranch} ${end}"
echo "${blu}Version:${end}${dim} $(sudo nginx -v 2>&1 | cut -d'/' -f 2- -s) ${end}"
echo "${blu}worker_processes:${end}${dim} $(grep worker_processes /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}worker_connections:${end}${dim} $(grep worker_connections /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
@ -90,7 +91,7 @@ system_info() {
echo "${blu}phpMyAdmin:${end}${dim} $pmaver ${end}"
echo ""
else
echo "${red}${dim} MySQL is not installed! ${end}"
echo "${red}${dim} MySQL/MariaDB is not installed! ${end}"
echo ""
fi
@ -136,7 +137,8 @@ smtp_setup() {
echo ""
read -p "${blu} + SMTP Host: ${end}" host
read -p "${blu} + User: ${end}" user
read -p "${blu} + Password: ${end}" pass
read -p "${blu} + Password: ${hid}" pass
echo "${hidend}"
read -p "${blu} + Main Hostname/Domain${default_host}: ${end}" mainhost
[[ -z $mainhost && -n $default_host ]] && mainhost=$hostname
echo ""
@ -158,15 +160,17 @@ smtp_setup() {
elif [[ ! -f /etc/nginx/sites-available/$mainhost ]]; then
echo "${red}[ERROR] Main Host site not found in your server!${end}"
exit 1
elif [[ $(is_url $host) != "true" ]]; then
if [[ $(is_url $host) =~ ^(http|https)$ ]]; then
echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS can not be used in conjunction with SMTP protocol)${end}"
fi
is_url $host -split
if [[ $url_type != "true" ]]; then
if [[ $url_type =~ ^(http|https)$ ]]; then
echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS scheme can not be used in conjunction with SMTP protocol)${end}"
else
echo "${red}[ERROR] Invalid SMTP host!${end}"
fi
exit 1
else
is_url $host -split
if [[ -n $url_port ]]; then
echo "${red}[ERROR] Invalid SMTP host! (Custom port is not supported)${end}"
exit 1
@ -218,9 +222,9 @@ smtp_setup() {
mysql_change_password() {
if [[ $mysql_password == true ]]; then
echo ""
read -p "${blu}MySQL User: ${end}" user
read -p "${blu}New Password: ${end}" pass
echo ""
read -p "${blu}MySQL/MariaDB User: ${end}" user
read -p "${blu}New Password: ${hid}" pass
echo "${hidend}"
elif [[ $(echo "${mysql_password}" | cut -c-1) == "[" && $(echo "${mysql_password}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${mysql_password:1:-1}
@ -245,8 +249,21 @@ mysql_change_password() {
sudo mysql --connect-timeout=10 --user=admin -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;"
if [[ $? == 0 ]]; then
[[ $user =~ ^(root|admin)$ ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
echo "${gre}MySQL Password successfully changed! ${dim}('${user}'@'${userhost}')${end}"
# Check if dynvar exist, because user can remove it for security, and it's valid!
[[ $user =~ ^(root|admin)$ && -n $(conf_read mysql-${user}) ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
if [[ $user == "admin" ]]; then
# MySQL/MariaDB login data
mysql_login_cnf
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "[client]
user = admin
password = $pass
host = localhost
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "${blu}${dim}Internal Webinoly login data updated!${end}"
fi
echo "${gre}MySQL/MariaDB Password successfully changed! ${dim}('${user}'@'${userhost}')${end}"
else
echo "${red}[ERROR] Unexpected error!${end}"
exit 1
@ -266,14 +283,16 @@ mysql_public_access() {
cnf_write skip-networking 0
cnf_write skip-bind-address
echo ""
echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL is open for public access you should at least set your firewall to prevent against any unwanted request.${end}"
echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL/MariaDB is open for public access you should at least set your firewall to prevent against any unwanted request.${end}"
echo ""
[[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL User with public access!${end}"
echo "${gre}MySQL public access successfully enabled!${end}"
[[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL/MariaDB User with public access!${end}"
conf_write mysql-public-access true
echo "${gre}MySQL/MariaDB public access successfully enabled!${end}"
elif [[ $mysql_public_access == "off" ]]; then
cnf_delete skip-networking
cnf_delete skip-bind-address
echo "${gre}MySQL public access successfully disabled!${end}"
conf_write mysql-public-access false
echo "${gre}MySQL/MariaDB public access successfully disabled!${end}"
fi
sudo systemctl restart mysql
@ -286,7 +305,8 @@ mysql_public_access() {
if [[ -z $user || -z $pass ]]; then
read -p "${blu}Master User Name: ${end}" user
read -p "${blu}Master User Password: ${end}" pass
read -p "${blu}Master User Password: ${hid}" pass
echo "${hidend}"
fi
[[ ${pass,,} == "random" ]] && local pass=`pwgen -s -1 16`
@ -310,7 +330,7 @@ GRANT ${priv} ON *.* TO '${user}'@'%' ${grant};
FLUSH PRIVILEGES;
_EOF_
[[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}with password ${blu}${pass}${gre} successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}"
[[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}"
fi
fi
@ -395,6 +415,13 @@ fix_permissions() {
sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh
fi
# Always check root when logname user is different!
if [[ $CURRENT_HOME != "/root" && -d /root/.ssh ]]; then
sudo find /root/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find /root/.ssh ! -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find /root/.ssh -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
sudo chown -R root:root /root/.ssh
fi
sudo chown -R www-data:www-data /var/www
[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
@ -446,13 +473,13 @@ server_reset() {
err_cont=true
fi
# Check MySQL Conf
# Check MySQL/MariaDB Conf
# Here we don't check for optim variable because in very old installations don't exist and it breaks the update process!
if [[ $(conf_read mysql) == "true" && $server_reset =~ ^(mysql|all)$ ]]; then
mysql_optim
echo "${gre}MySQL settings has been updated successfully!${end}"
echo "${gre}MySQL/MariaDB settings has been updated successfully!${end}"
elif [[ $(conf_read mysql) != "true" && $server_reset == "mysql" ]]; then
echo "${red}[ERROR] MySQL settings couldn't been updated, seems like is not installed in your server!${end}"
echo "${red}[ERROR] MySQL/MariaDB settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
@ -468,7 +495,7 @@ server_reset() {
# Display message just to show we are alive.
if [[ $server_reset == "all" && $(conf_read php-optim) != "true" && $(conf_read nginx-optim) != "true" ]]; then
echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL are not installed yet)${end}"
echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL/MariaDB are not installed yet)${end}"
fi
}
@ -485,19 +512,14 @@ show_db_data() {
fi
fi
if [[ -n $(conf_read mysql-root) || -n $(conf_read mysql-admin) ]]; then
local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
echo ""
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
echo ""
else
echo "${blu}"
echo "Localhost credentials not found!"
echo "${end}"
fi
[[ -n $(conf_read mysql-root) ]] && local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) || local rpass="Not-Available!"
[[ -n $(conf_read mysql-admin) ]] && local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) || local apass="Not-Available!"
echo ""
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
echo ""
if [[ -n $extu ]]; then
echo ""
@ -674,7 +696,7 @@ set_tools_site() {
fi
# Warning Message
if [[ ( ! -s /etc/nginx/.htpasswd && $tools_site == "default" ) || ( ! -s /etc/nginx/.htpasswd && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ! -s /etc/nginx/apps.d/.htpasswd-$tools_site ) ]]; then
if [[ (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site == "default" ) || (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ( ! -s /etc/nginx/apps.d/.htpasswd-$tools_site || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$tools_site | grep -m 1 '[^[:space:]]'))) ]]; then
echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to access these tools!${end}"
fi
}
@ -686,13 +708,22 @@ www_data_sftp_access() {
elif [[ $login_www_data == "off" && $(conf_read login-www-data) != "true" ]]; then
echo "${gre}SFTP access for www-data user is already disabled! ${end}"
elif [[ $login_www_data == "on" ]]; then
# Remove if empty! (prevent empty files with spaces taken as valid)
if [[ -f /var/www/.ssh/authorized_keys && ( ! -s /var/www/.ssh/authorized_keys || -z $(cat -v /var/www/.ssh/authorized_keys | grep -m 1 '[^[:space:]]')) ]]; then
sudo rm -rf /var/www/.ssh/authorized_keys
fi
# Allow access for www-data user
if [[ -f $CURRENT_HOME/.ssh/authorized_keys ]]; then
if [[ -f /var/www/.ssh/authorized_keys ]]; then
echo "${blu}${dim}SSH keys already exists in www-data folder!${end}"
elif [[ ! -f /var/www/.ssh/authorized_keys && -f $CURRENT_HOME/.ssh/authorized_keys ]]; then
echo "${blu}${dim}Copying your SSH keys from '${CURRENT_USER}' to www-data access!${end}"
sudo mkdir -p /var/www/.ssh
sudo chmod 700 /var/www/.ssh
sudo cat $CURRENT_HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
sudo chmod 600 /var/www/.ssh/*
else
echo "${red}${dim}[WARNING] SSH keys not found!${end}"
fi
sudo chown -R www-data:www-data /var/www
@ -719,7 +750,6 @@ Match Group sftponly
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
elif [[ $login_www_data == "off" ]]; then
sudo rm -rf /var/www/.ssh
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
sudo gpasswd -d www-data sftponly > /dev/null 2>&1
sudo delgroup sftponly > /dev/null 2>&1
@ -812,7 +842,7 @@ clear_caches() {
sudo redis-cli flushall
echo "${gre}- Redis Cache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}"
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}"
err_cont=true
fi
fi
@ -823,24 +853,23 @@ clear_caches() {
echo flush_all > /dev/tcp/$memhost/$memport
echo "${gre}- Memcached has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}"
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(opcache|all)$ ]]; then
if [[ $(conf_read nginx) == "true" && $(conf_read php) == "true" ]]; then
port=$(conf_read tools-port)
if [[ ! -f /var/www/$port/htdocs/php/opcache/index.php ]]; then
sudo mkdir /var/www/$port/htdocs/php/opcache
sudo touch /var/www/$port/htdocs/php/opcache/index.php
echo '<?php opcache_reset(); echo "OK\n";' > /var/www/$port/htdocs/php/opcache/index.php
sudo chown -R www-data:www-data /var/www/$port/htdocs/php/opcache
sudo chmod 644 /var/www/$port/htdocs/php/opcache/index.php
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php ]]; then
sudo mkdir /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache
sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
echo '<?php opcache_reset(); echo "OK\n";' > /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache
sudo chmod 644 /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
fi
wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$port/php/opcache/ > /dev/null 2>&1 &
wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$(conf_read tools-port)/php/opcache/ > /dev/null 2>&1 &
echo "${gre}- OpCache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}"
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}"
err_cont=true
fi
fi
@ -849,7 +878,7 @@ clear_caches() {
sudo rm -Rf /run/nginx-cache/*
echo "${gre}- FastCgi Cache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}"
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}"
err_cont=true
fi
fi
@ -857,6 +886,9 @@ clear_caches() {
if [[ $(conf_read nginx) == "true" && $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
sudo rm -Rf /run/nginx-cache/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')$(echo $subfolder | sed "s/\//_/g")
echo "${gre}Custom Nginx Cache for${blu} ${clear_cache}${subfolder} ${gre}has been successfully cleared!${end}"
elif [[ $(is_subfolder $clear_cache $subfolder) == "false" ]]; then
echo "${red}[ERROR] Please, enter a valid site! ${dim}(${clear_cache}${subfolder})${end}"
err_cont=true
elif ! [[ $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
echo "${red}[ERROR] Custom Cache is not enabled for this site!${end}"
err_cont=true
@ -930,7 +962,7 @@ nginx_blockip() {
[[ -f /etc/nginx/conf.d/blockips.conf ]] && sed -i "\#^deny ${blockip};#d" /etc/nginx/conf.d/blockips.conf
# Remove site-auth-file if empty.
[[ -f /etc/nginx/conf.d/blockips.conf && ! -s /etc/nginx/conf.d/blockips.conf ]] && sudo rm /etc/nginx/conf.d/blockips.conf
[[ -f /etc/nginx/conf.d/blockips.conf && ( ! -s /etc/nginx/conf.d/blockips.conf || -z $(cat -v /etc/nginx/conf.d/blockips.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/blockips.conf
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully unblocked!${end}"
else
@ -1049,25 +1081,33 @@ database_import() {
fi
check_external_db_saved
echo "${dim}Wait while we import your db... ${end}"
if [[ -n $external_db ]]; then
external_db_parse
if [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ]]; then
if [[ $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) != "true" ]]; then
echo "${red}[ERROR] Cannot connect with your External Database!${end}"
exit 1
fi
echo "${dim}Wait while we import your db... ${end}"
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" < $file
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" < $file
if [[ $? == "0" ]]; then
sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
else
echo "${red}[ERROR] An error occurred while we tried to import your database!${end}"
fi
elif [[ -z $external_db && $(check_mysql_connection localhost) == "true" ]]; then
check_for_mysql -ask
sudo mysql -u admin < $file
sudo mysql --connect-timeout=10 --user=admin -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
if [[ $? == "0" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
else
echo "${red}[ERROR] An error occurred while we tried to import your database!${end}"
fi
else
echo "${red}[ERROR] A connection can not be established with MySQL localhost!${end}"
echo "${red}[ERROR] A connection can not be established with MySQL/MariaDB localhost!${end}"
exit 1
fi
}

8
templates/general/conf
View file

@ -108,6 +108,7 @@
# Nginx Access Logs Disabled
# Values: boolean (true/false)
# Default: true
# Note: This setting will be applied to new sites, or for existing sites 'access log' needs to be reenabled (same for global).
# Same as: sudo log -only-error=on
###########################
#global-access-log-off:true
@ -250,12 +251,12 @@
# HTTP Header: Permissions Policy
# Values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
# Values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
# Default: <empty>
# Note: Use 'floc' value to automatically include the policy to forbid Topics API calculation.
# Note: https://developer.chrome.com/docs/privacy-sandbox/topics/#site-opt-out
###########################
#header-permissions:microphone 'none'; geolocation 'none'
#header-permissions:accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),usb=(),web-share=(),xr-spatial-tracking=()
# HTTP Header: Referrer Policy
@ -277,6 +278,8 @@
# HTTP Header: X-Frame-Options
# Values: deny | sameorigin | allow-from | off
# Default: sameorigin
# Note: This header is no longer recommended and support will be removed very soon from Webinoly.
# Note: The Content-Security-Policy HTTP header has a frame-ancestors directive which obsoletes this header for supporting browsers.
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
###########################
#header-xfo:sameorigin
@ -296,6 +299,7 @@
# Values: boolean (true/false)
# Default: false
# Note: This header is no longer recommended and support will be removed very soon from Webinoly.
# Note: These protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy.
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Note: When true is set: (X-XSS-Protection: 1; mode=block)
###########################

4
templates/general/nginx-blackhole
View file

@ -1,7 +1,7 @@
# WebinolyStartBlackhole
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/webinoly-blackhole.crt.pem;
ssl_certificate_key /etc/ssl/private/webinoly-blackhole.key.pem;

6
templates/nginx/common/header.conf
View file

@ -13,7 +13,7 @@ include common/headers-html.conf;
##################################
# CORS only needed for:
# - Invocations of the XMLHttpRequest or Fetch APIs, as discussed above. (preflight mode may be needed, not included here)
# - Invocations of the XMLHttpRequest or Fetch APIs. (preflight mode may be needed, not included here)
# - Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by web sites that are permitted to do so.
# - WebGL textures.
# - Images/video frames drawn to a canvas using drawImage().
@ -25,7 +25,9 @@ include common/headers-html.conf;
# NOTE: We have this location here (not in locations.conf) to add the HSTS header when needed in static files.
# Add the Strict-Transport-Security header to all HTTPS responses. https://hstspreload.org/#deployment-recommendations
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xml|xpi|xspf|z|zip)$ {
# NOTE: The XML extension is not included in the static file list because it breaks the dynamically generated sitemaps (WordPress, for instance).
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xpi|xspf|z|zip)$ {
include common/headers-http.conf;
add_header "Access-Control-Allow-Origin" "*";
access_log off;

6
templates/nginx/common/headers.conf
View file

@ -14,7 +14,7 @@ include common/headers-https.conf;
##################################
# CORS only needed for:
# - Invocations of the XMLHttpRequest or Fetch APIs, as discussed above. (preflight mode may be needed, not included here)
# - Invocations of the XMLHttpRequest or Fetch APIs. (preflight mode may be needed, not included here)
# - Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by web sites that are permitted to do so.
# - WebGL textures.
# - Images/video frames drawn to a canvas using drawImage().
@ -26,7 +26,9 @@ include common/headers-https.conf;
# NOTE: We have this location here (not in locations.conf) to add the HSTS header when needed in static files.
# Add the Strict-Transport-Security header to all HTTPS responses. https://hstspreload.org/#deployment-recommendations
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xml|xpi|xspf|z|zip)$ {
# NOTE: The XML extension is not included in the static file list because it breaks the dynamically generated sitemaps (WordPress, for instance).
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xpi|xspf|z|zip)$ {
include common/headers-http.conf;
include common/headers-https.conf;
add_header "Access-Control-Allow-Origin" "*";

3
templates/template-site-proxy
View file

@ -31,7 +31,8 @@ location / {
proxy_pass <upstream_name>;
# CacheStaticFiles
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xml|xpi|xspf|z|zip)$ {
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xpi|xspf|z|zip)$ {
# More info about this location, read the notes included here: /opt/webinoly/templates/nginx/common/headers.conf
include common/headers-http.conf;
include common/headers-https.conf;
add_header "Access-Control-Allow-Origin" "*";

24
usr/httpauth
View file

@ -9,8 +9,17 @@ source /opt/webinoly/lib/general
check_for_parameters $@
api-events_update has
# Only these commands are supported with subfolders
if [[ -n $subfolder && -z $wp_admin && -z $path ]]; then
echo "${red}[ERROR] Subfolder option not supported!${end}"
exit 1
fi
[[ -z $empty_param && -z $h && -z $H && -z $help ]] && ! [[ -n $wp_admin && -z $domain ]] && check_for_nginx -ask
# Check for domain.
if [[ -n $domain && -f /etc/nginx/sites-available/$domain ]]; then
authfile="apps.d/.htpasswd-$domain"
@ -38,8 +47,8 @@ if [[ -n $add ]]; then
if [[ $add == true ]]; then
echo ""
read -p "${blu}HTTP-Auth User: ${end}" user
read -p "${blu}HTTP-Auth Password: ${end}" pass
echo ""
read -p "${blu}HTTP-Auth Password: ${hid}" pass
echo "${hidend}"
elif [[ $(echo "${add}" | cut -c-1) == "[" && $(echo "${add}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${add:1:-1}
@ -87,7 +96,7 @@ elif [[ -n $delete ]]; then
sudo sed -i "/^$userpurge:/d" /etc/nginx/$authfile
# Remove site-auth-file if empty.
if [[ -n $domain && -f /etc/nginx/$authfile && ! -s /etc/nginx/$authfile ]]; then
if [[ -n $domain && -f /etc/nginx/$authfile && ( ! -s /etc/nginx/$authfile || -z $(cat -v $authfile | grep -m 1 '[^[:space:]]')) ]]; then
sudo rm /etc/nginx/$authfile
sudo rm -rf /etc/nginx/apps.d/.htpasswd-www.$domain
fi
@ -203,7 +212,7 @@ elif [[ -n $whitelist ]]; then
[[ -f /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo sed -i "\#^allow ${whitelist};#d" /etc/nginx/apps.d/whitelist-acl.conf
# Remove site-auth-file if empty.
[[ -f /etc/nginx/apps.d/whitelist-acl.conf && ! -s /etc/nginx/apps.d/whitelist-acl.conf ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
[[ -f /etc/nginx/apps.d/whitelist-acl.conf && ( ! -s /etc/nginx/apps.d/whitelist-acl.conf || -z $(cat -v /etc/nginx/apps.d/whitelist-acl.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully removed from whitelist!${end}"
else
@ -233,7 +242,7 @@ elif [[ -n $path && -n $domain ]]; then
x="1"
while [[ -n $(echo $path | rev | cut -d'/' -f ${x}- -s | rev) ]]
do
if ! [[ $(is_subfolder $domain $(echo $path | rev | cut -d'/' -f ${x}- -s | rev)) =~ ^(true|false)$ ]]; then
if ! [[ $(is_subfolder $domain $(echo $path | rev | cut -d'/' -f ${x}- -s | rev)) =~ ^(true|false|empty)$ ]]; then
echo "${red}[ERROR] Subfolder parameter not found!${end}"
exit 1
fi
@ -318,7 +327,7 @@ location $sign$path {
elif [[ $path =~ ^\/([A-Za-z0-9_\/\.\-]+)?$ ]]; then
if [[ -f /etc/nginx/apps.d/$domain-nginx.conf ]]; then
sudo sed -i "/^# Path: $(echo $path | sed "s#/#\\\/#g")/,/^# PathEnd/{/.*/d}" /etc/nginx/apps.d/$domain-nginx.conf
if [[ ! -s /etc/nginx/apps.d/$domain-nginx.conf ]]; then
if [[ -f /etc/nginx/apps.d/$domain-nginx.conf && ( ! -s /etc/nginx/apps.d/$domain-nginx.conf || -z $(cat -v /etc/nginx/apps.d/$domain-nginx.conf | grep -m 1 '[^[:space:]]')) ]]; then
sudo rm /etc/nginx/apps.d/$domain-nginx.conf
sudo sed -i "/$domain-nginx.conf;/d" /etc/nginx/sites-available/$domain
fi
@ -367,7 +376,7 @@ elif [[ -n $list ]]; then
done
}
fi
[[ ! -s /etc/nginx/$authfile && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}"
[[ ( ! -s /etc/nginx/$authfile || -z $(cat -v /etc/nginx/$authfile | grep -m 1 '[^[:space:]]')) && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}"
echo ""
nginx_not="true" # Nginx-Reload not-needed.
@ -380,4 +389,5 @@ else
fi
[[ $(conf_read nginx) == "true" && -z $nginx_not ]] && sudo systemctl reload nginx
ads_donate
api-events_update hae

50
usr/log
View file

@ -19,6 +19,13 @@ waiting_for_log() {
}
# Only these commands are supported with subfolders
if [[ -n $subfolder && -z $wp ]]; then
echo "${red}[ERROR] Subfolder option not supported!${end}"
exit 1
fi
# Check for custom "lines" value
[[ -n $(conf_read log-lines) && $(conf_read log-lines) =~ ^[0-9]+$ && $(conf_read log-lines) -gt 0 ]] && clines=$(conf_read log-lines) || clines=10
[[ -n $lines && $lines =~ ^[0-9]+$ && $lines -gt 0 ]] && clines=$lines
@ -103,27 +110,29 @@ elif [[ -n $ssh ]]; then
# MySQL Logs
elif [[ -n $mysql ]]; then
check_for_mysql && mysql_default_cnf
check_for_mysql
# General Log
if [[ $mysql == "general" ]]; then
if [[ -n $enable ]]; then
cnf_write general_log 1
cnf_write general_log_file /var/log/mysql/mysql.log
conf_write mysql-log-general true
sudo systemctl restart mysql
echo "${gre}MariaDB General log was successfully enabled!${end}"
echo "${gre}MySQL/MariaDB General log was successfully enabled!${end}"
elif [[ -n $disable ]]; then
cnf_write general_log 0
conf_write mysql-log-general false
sudo systemctl restart mysql
echo "${gre}MariaDB General log was successfully disabled!${end}"
echo "${gre}MySQL/MariaDB General log was successfully disabled!${end}"
elif [[ -f /var/log/mysql/mysql.log && $(cnf_read general_log) == 1 ]]; then
[[ ! -s /var/log/mysql/mysql.log ]] && waiting_for_log
sudo tail -f --lines=$clines /var/log/mysql/mysql.log
elif [[ $(cnf_read general_log) != 1 ]]; then
echo "${red}[ERROR] MariaDB General log is not enabled!${end}"
echo "${red}[ERROR] MySQL/MariaDB General log is not enabled!${end}"
exit 1
else
echo "${red}[ERROR] MariaDB General log file not found or still empty!${end}"
echo "${red}[ERROR] MySQL/MariaDB General log file not found or still empty!${end}"
exit 1
fi
@ -133,28 +142,30 @@ elif [[ -n $mysql ]]; then
# https://mariadb.com/kb/en/slow-query-log-overview/
if [[ -n $long_query_time && $long_query_time =~ ^[0-9]+$ && $long_query_time -gt 1 ]]; then
cnf_write long_query_time $long_query_time
echo "${gre}${dim}MySQL long query time set to ${long_query_time}s ${end}"
echo "${gre}${dim}MySQL/MariaDB long query time set to ${long_query_time}s ${end}"
elif [[ -n $long_query_time ]]; then
echo "${red}[ERROR] Invalid value for long query time! ${dim}(Should be a number greater than zero)${end}"
exit 1
fi
cnf_write slow_query_log 1
conf_write mysql-log-slow true
sudo systemctl restart mysql
echo "${gre}MariaDB Slow Query log was successfully enabled!${end}"
echo "${gre}MySQL/MariaDB Slow Query log was successfully enabled!${end}"
elif [[ -n $disable ]]; then
# Don't remove long_query_time variable to preserve the value
cnf_write slow_query_log 0
conf_write mysql-log-slow false
sudo systemctl restart mysql
echo "${gre}MariaDB Slow Query log was successfully disabled!${end}"
echo "${gre}MySQL/MariaDB Slow Query log was successfully disabled!${end}"
elif [[ -f /var/log/mysql/mariadb-slow.log && $(cnf_read slow_query_log) == 1 ]]; then
[[ ! -s /var/log/mysql/mariadb-slow.log ]] && waiting_for_log
sudo tail -f --lines=$clines /var/log/mysql/mariadb-slow.log
elif [[ $(cnf_read slow_query_log) != 1 ]]; then
echo "${red}[ERROR] MariaDB Slow Query log is not enabled!${end}"
echo "${red}[ERROR] MySQL/MariaDB Slow Query log is not enabled!${end}"
exit 1
else
echo "${red}[ERROR] MariaDB Slow Query log file not found or still empty!${end}"
echo "${red}[ERROR] MySQL/MariaDB Slow Query log file not found or still empty!${end}"
exit 1
fi
@ -164,22 +175,24 @@ elif [[ -n $mysql ]]; then
cnf_delete skip-log-bin
cnf_write log_bin /var/log/mysql/mariadb-bin
cnf_write log_bin_index /var/log/mysql/mariadb-bin.index
conf_write mysql-log-binary true
sudo systemctl restart mysql
echo "${gre}MariaDB Binary log was successfully enabled!${end}"
echo "${gre}MySQL/MariaDB Binary log was successfully enabled!${end}"
elif [[ -n $disable ]]; then
cnf_delete log_bin
cnf_delete log_bin_index
cnf_write skip-log-bin
conf_write mysql-log-binary false
sudo systemctl restart mysql
echo "${gre}MariaDB Binary log was successfully disabled!${end}"
echo "${gre}MySQL/MariaDB Binary log was successfully disabled!${end}"
elif [[ -f /var/log/mysql/mariadb-bin && -n $(cnf_read log_bin) ]]; then
[[ ! -s /var/log/mysql/mariadb-bin ]] && waiting_for_log
sudo tail -f --lines=$clines /var/log/mysql/mariadb-bin
elif [[ -z $(cnf_read log_bin) ]]; then
echo "${red}[ERROR] MariaDB Binary log is not enabled!${end}"
echo "${red}[ERROR] MySQL/MariaDB Binary log is not enabled!${end}"
exit 1
else
echo "${red}[ERROR] MariaDB Binary log file not found or still empty!${end}"
echo "${red}[ERROR] MySQL/MariaDB Binary log file not found or still empty!${end}"
exit 1
fi
@ -189,12 +202,12 @@ elif [[ -n $mysql ]]; then
[[ ! -s /var/log/mysql/error.log ]] && waiting_for_log
sudo tail -f --lines=$clines /var/log/mysql/error.log
else
echo "${red}[ERROR] MariaDB Error log file not found or still empty! ${dim}(Older versions sent MySQL error log to syslog, check it!)${end}"
echo "${red}[ERROR] MySQL/MariaDB Error log file not found or still empty! ${dim}(Older versions sent the error log to syslog, check it!)${end}"
exit 1
fi
else
echo "${red}[ERROR] Invalid value for MySQL Log!${end}"
echo "${red}[ERROR] Invalid value for MySQL/MariaDB Log!${end}"
exit 1
fi
@ -205,7 +218,7 @@ elif [[ -n $syslog ]]; then
[[ ! -s /var/log/syslog ]] && waiting_for_log
sudo tail -f --lines=$clines /var/log/syslog
else
echo "${red}[ERROR] MariaDB Error log (syslog) file not found or still empty!${end}"
echo "${red}[ERROR] MySQL/MariaDB Error log (syslog) file not found or still empty!${end}"
exit 1
fi
@ -316,7 +329,7 @@ elif [[ -n $domain && -f /etc/nginx/sites-available/$domain ]]; then
fi
elif [[ -n $wp ]]; then
echo "${red}[ERROR] WordPress configuration file not found!${end}"
echo "${red}[ERROR] Please, enter a valid WP site! ${dim}(${domain}${subfolder})${end}"
exit 1
# Access and error logs
@ -361,4 +374,5 @@ else
exit 1
fi
ads_donate
api-events_update lge

48
usr/site
View file

@ -36,7 +36,7 @@ if [[ -n $wp || -n $mysql ]]; then
[[ $wp == "true" ]] && wp="[true,true,${exth},${dona},${dona},random,wp_,$(conf_read external-dbu),$(conf_read external-dbp)]"
[[ $mysql == "true" ]] && mysql="[${exth},${dona},${dona},random,$(conf_read external-dbu),$(conf_read external-dbp)]"
echo "${blu}${dim}External DB credentials found!${end}"
echo "${blu}${dim}External DB credentials found! (${exth})${end}"
fi
if [[ ( -n $wp && $wp != true ) || ( -n $mysql && $mysql != true ) ]]; then
@ -100,11 +100,12 @@ fi
if [[ -n $subfolder && ! ( $subfolder =~ ^\/([A-Za-z0-9_\/\-]+)?[^\/]$ ) ]]; then
echo "${red}[ERROR] Please, enter a valid value for subfolder!${end}"
exit 1
# Only these commands are supported with subfolders (Parked is not supported, for instance)
elif [[ -n $subfolder && -z $delete && -z $cache && -z $multisite_convert && -z $clone_from && -z $replace_content && -z $wp && -z $html && -z $php && -z $mysql && -z $proxy && -z $env && -z $info ]]; then
echo "${red}[ERROR] Subfolder option not supported!${end}"
exit 1
# Clone-from empty is here to allow -cache=on when cloning a site
elif [[ -n $subfolder && ( $cache == "on" || -n $multisite_convert || -n $replace_content ) && $(is_subfolder $domain $subfolder) != "wp" && -z $clone_from ]]; then
elif [[ -n $subfolder && -z $wp && ( $cache == "on" || -n $multisite_convert || -n $replace_content || -n $env ) && $(is_subfolder $domain $subfolder) != "wp" && -z $clone_from ]]; then
echo "${red}[ERROR] Subfolder not found or is not a WP site!${end}"
exit 1
else
@ -126,10 +127,11 @@ if [[ -n $delete_all ]]; then
elif [[ -n $mysql || ( -n $php && -n $domain ) ]]; then
if [[ -n $domain ]]; then
full_empty_not_allowed
if [[ -f /etc/nginx/sites-available/$domain && -n $subfolder && $(is_subfolder $domain $subfolder) != "false" ]]; then
if [[ -f /etc/nginx/sites-available/$domain && -n $subfolder && $(is_subfolder $domain $subfolder) != "false" && $(is_subfolder $domain $subfolder) != "empty" ]]; then
echo "${red}[ERROR] Subfolder${blu} $subfolder ${red}already exists!${end}"
exit 1
elif [[ -n $subfolder ]]; then
elif [[ -n $subfolder ]]; then
[[ $(is_subfolder $domain $subfolder) == "empty" ]] && echo "${dim}[INFO] Subfolder already exists, but it's empty!${end}"
[[ ! -f /etc/nginx/sites-available/$domain ]] && create_empty_site
php_subfolder
sudo mkdir -p /var/www/$domain/htdocs$subfolder
@ -153,7 +155,7 @@ elif [[ -n $mysql || ( -n $php && -n $domain ) ]]; then
# Create EMPTY site
elif [[ -n $empty && -n $domain ]]; then
full_empty_not_allowed
echo "${blu}You've created an EMPTY site, which means that you need to add your own NGINX configuration. ${dim}(/var/www/example.com/*-nginx.conf)${end}"
echo "${blu}You've created an EMPTY site, which means that you need to add your own NGINX configuration. ${dim}(/var/www/${domain}/*-nginx.conf)${end}"
[[ $empty == "blank" ]] && create_empty_site -full || create_empty_site
@ -161,7 +163,7 @@ elif [[ -n $empty && -n $domain ]]; then
elif [[ -n $html && -n $domain ]]; then
full_empty_not_allowed
if [[ -f /etc/nginx/sites-available/$domain && -n $subfolder && $(is_subfolder $domain $subfolder) != "false" ]]; then
echo "${red}[ERROR] Subfolder${blu} $subfolder ${red}already exists!${end}"
echo "${red}[ERROR] Subfolder${blu} $subfolder ${red}already exists! ${dim}(Just put the HTML files in it, a separate conf is not needed)${end}"
exit 1
fi
@ -197,8 +199,15 @@ elif [[ -n $wp && -n $domain ]]; then
[[ -n $env ]] && sudo site $domain -env=$env
else
if [[ -f /etc/nginx/sites-available/$domain && -n $subfolder && $type == [123] && $(is_subfolder $domain $subfolder) != "false" ]]; then
echo "${red}[ERROR] Subfolder${blu} $subfolder ${red}already exists!${end}"
exit 1
# Check if subfolder is empty!
if [[ $(is_subfolder $domain $subfolder) == "empty" ]]; then
# Install WP in an empty folder!
echo "${dim}[INFO] Subfolder already exists, but it's empty!${end}"
wpinstall
else
echo "${red}[ERROR] Subfolder${blu} $subfolder ${red}already exists and it's not empty!${end}"
exit 1
fi
elif [[ -f /etc/nginx/sites-available/$domain && -n $subfolder && $type == [123] ]]; then
wpinstall
else
@ -217,9 +226,7 @@ elif [[ -n $multisite_convert && -f /etc/nginx/sites-available/$domain ]]; then
exit 1
fi
# We need to call this function in the parent shell to preserve variables and avoid asking two or more times for the same values in case of external db.
wp_conf_retrieve $domain true false $subfolder
wp_conf_retrieve $domain false false $subfolder
if [[ $(is_wp_installed $domain $subfolder) != "true" ]]; then
echo "${red}[ERROR] WordPress site${blu} $domain$subfolder ${red}is empty and still not configured!${end}"
exit 1
@ -371,14 +378,14 @@ elif [[ -n $clone_from ]]; then
fi
if [[ $(is_wp $clone_from $subfolder) == "true" ]]; then
#We need to call this function in the parent shell to preserve variables and avoid asking two times for the same values in case of external db.
wp_conf_retrieve $clone_from true false $subfolder
wp_conf_retrieve $clone_from true false $subfolder
iswpclone="true"
if [[ -z $wp_dbhost || -z $wp_dbname || -z $wp_dbpref ]]; then
if [[ -z $wp_dbhost ||-z $wp_dbhost_host || -z $wp_dbname || -z $wp_dbpref ]]; then
echo "${red}[ERROR] Can not retrieve WP data ${dim}(WP Configuration corrupted)!${end}"
exit 1
elif [[ ( $wp_dbhost == "localhost" && $(check_mysql_connection localhost) != "true" ) || ( $wp_dbhost != "localhost" && $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ) ]]; then
elif [[ ( $wp_dbhost_host == "localhost" && $(check_mysql_connection localhost $mysql_param) != "true" ) || ( $wp_dbhost_host != "localhost" && $(check_mysql_connection $wp_dbhost_host $wp_dbhost_port any -login-file -master-admin) != "true" ) ]]; then
echo "${red}[ERROR] Database connection failed! ${dim}($wp_dbhost)${end}"
exit 1
elif [[ $(is_wp_multisite $clone_from $subfolder) != "false" ]]; then
echo "${red}[ERROR] WordPress Multisite can not be cloned!${end}"
@ -401,15 +408,7 @@ elif [[ -n $replace_content && -f /etc/nginx/sites-available/$domain ]]; then
exit 1
fi
#We need to call this function in the parent shell to preserve variables and avoid asking two times for the same values in case of external db.
wp_conf_retrieve $domain true true $subfolder
if [[ $(is_wp_installed $domain $subfolder) != "true" ]]; then
echo "${red}[ERROR] WordPress is empty and still not configured in ${domain}${subfolder} site!${end}"
exit 1
else
wp_replace_content
fi
wp_replace_content
# WordPress Environment Type (should be here after cloning site for precedence)
@ -462,4 +461,5 @@ fi
shopt -u extglob
[[ $(conf_read nginx) == "true" && -z $nginx_not && $(conf_read nginx-reload) != "false" ]] && sudo systemctl reload nginx
ads_donate
api-events_update sie

33
usr/stack
View file

@ -228,15 +228,15 @@ elif [[ -n $purge && -n $mysql ]]; then
api-events_update pm1
if [[ $(conf_read mysql) != "true" && $(conf_read mysql-client) == "true" ]]; then
purge_mysql_client
echo "${dim}MySQL is not installed, hence can not be deleted! ${end}"
echo "${gre}MySQL-Client has been deleted successfully! ${end}"
echo "${dim}MySQL/MariaDB is not installed, hence can not be deleted! ${end}"
echo "${gre}MySQL/MariaDB Client has been deleted successfully! ${end}"
elif [[ $(conf_read mysql) != "true" ]]; then
echo "${dim}MySQL is not installed, hence can not be deleted! ${end}"
echo "${dim}MySQL/MariaDB is not installed, hence can not be deleted! ${end}"
else
if [[ $(conf_read force-flag) != "true" ]]; then
echo ""
echo "${red}¡ C A U T I O N ! You are about to remove MySQL from your server! ${end}"
echo "${red}¡ C A U T I O N ! You are about to remove MySQL/MariaDB from your server! ${end}"
[[ $mysql == "keep-data" ]] && echo "${blu}${bol}The keep-data option is enabled, it is recommended to make a backup of all the databases before removing and reinstalling MySQL (MariaDB).${end}"
echo ""
@ -249,7 +249,6 @@ elif [[ -n $purge && -n $mysql ]]; then
if [[ $answer == [Yy] || $(conf_read force-flag) == "true" ]]; then
[[ $(conf_read mysql-tool-pma) == "true" ]] && stack -pma -purge=force
mysqlver=$(conf_read mysql-ver)
sudo systemctl stop mysql
sudo rm -rf /etc/mysql/*.conf.d/* # Prevent warnings when purging packages
@ -264,10 +263,14 @@ elif [[ -n $purge && -n $mysql ]]; then
sudo rm -rf /usr/share/keyrings/mysql-archive-keyring.gpg
sudo rm -rf /etc/apt/sources.list.d/mysql.list
else
mysqlver=$(conf_read mysql-ver)
# In 10.11 debconf variables changed!
[[ ${mysqlver//.} -lt 1011 ]] && mariadebconf="mariadb-server-${mysqlver}" || mariadebconf="mariadb-server"
if [[ $mysql == "keep-data" ]]; then
echo "mariadb-server-${mysqlver} mariadb-server-${mysqlver}/postrm_remove_databases boolean false" | debconf-set-selections
echo "$mariadebconf $mariadebconf/postrm_remove_databases boolean false" | debconf-set-selections
else
echo "mariadb-server-${mysqlver} mariadb-server-${mysqlver}/postrm_remove_databases boolean true" | debconf-set-selections
echo "$mariadebconf $mariadebconf/postrm_remove_databases boolean true" | debconf-set-selections
fi
sudo apt -y purge mariadb-server mariadb-common mysql-common
sudo rm -rf /usr/share/keyrings/mariadb-archive-keyring.gpg
@ -284,12 +287,12 @@ elif [[ -n $purge && -n $mysql ]]; then
conf_delete mysql-root
conf_delete mysql-admin
else
echo "${blu}MySQL data was not removed.${end}"
echo "${blu}MySQL/MariaDB data was not removed.${end}"
fi
conf_write mysql purged
echo ""
echo "${gre}MySQL has been deleted successfully! ${end}"
echo "${gre}MySQL/MariaDB has been deleted successfully! ${end}"
echo ""
else
echo ""
@ -562,7 +565,7 @@ elif [[ -n $purge_server_all ]]; then
api-events_update st2
echo ""
echo "${red}¡ C A U T I O N ! You are about to remove Webinoly Stack completely from your server!"
echo "This action will remove Nginx, PHP, MySQL and all the additional tools."
echo "This action will remove Nginx, PHP, MySQL/MariaDB and all the additional tools."
echo "${end}"
if [[ $(conf_read force-flag) != "true" && $force != 1 ]]; then
echo " ${blu}Are you sure [y/N]? ${end}"
@ -626,7 +629,7 @@ elif [[ -n $html || -n $nginx ]]; then
stack_builder nginx false false $build
elif [[ -n $php ]]; then
if [[ $(conf_read nginx) != "true" && $(conf_read force-flag) != "true" && $php != "nginx" ]]; then
if [[ $(conf_read php) != "true" && $(conf_read nginx) != "true" && $(conf_read force-flag) != "true" && $php != "nginx" ]]; then
echo ""
echo "${blu}Nginx is not installed, do you want to install it too [y/N]?${end} "
while read -r -n 1 -s answer; do
@ -712,12 +715,6 @@ elif [[ -n $php_ver ]]; then
elif [[ -n $mysql_ver ]]; then
api-events_update st4
# REMOVE: when a new LTS is released and jammy supports more than one version.
if [[ $(lsb_release -c | cut -d':' -f 2 | xargs) == "jammy" ]]; then
echo "${red}[Disabled] MariaDB 10.6 is the only LTS version supported in Ubuntu 22.04!${end}"
exit 1
fi
if [[ $mysql_ver != true && $(check_mysql_version $mysql_ver) == "true" ]]; then
echo "${blu}New MySQL (MariaDB) version: '$mysql_ver' ${end}"
if [[ $(conf_read mysql) == "true" && $(conf_read mysql-ver) == $mysql_ver ]]; then
@ -726,7 +723,7 @@ elif [[ -n $mysql_ver ]]; then
# Downgrades are not allowed - https://mariadb.com/kb/en/downgrading-between-major-versions-of-mariadb/
current_mysql_ver="$(conf_read mysql-ver)"
if [[ -n $current_mysql_ver && ${current_mysql_ver//.} -gt ${mysql_ver//.} ]]; then
echo "${red}[ERROR] Downgrading MariaDB is not supported!${end}"
echo "${red}[ERROR] Downgrading MySQL/MariaDB is not supported!${end}"
exit 1
fi

27
usr/webinoly
View file

@ -13,10 +13,18 @@ check_for_parameters $@
api-events_update wys
# Only these commands are supported with subfolders
if [[ -n $subfolder && -z $clear_cache && -z $backup ]]; then
echo "${red}[ERROR] Subfolder option not supported!${end}"
exit 1
fi
if [[ -n $update ]]; then
api-events_update wy1
webinoly_update
nginx_not="true" # Nginx-Reload not-needed.
ads_block="true" # Don't show ads
elif [[ -n $server_reset ]]; then
@ -35,6 +43,7 @@ elif [[ -n $verify ]]; then
webinoly_verify
[[ $? != 0 ]] && exit 1
nginx_not="true" # Nginx-Reload not-needed.
[[ $verify == "critical" ]] && ads_block="true" # Don't show ads
elif [[ -n $dbpass ]]; then
@ -65,7 +74,8 @@ elif [[ -n $uninstall ]]; then
api-events_update wy4
webinoly_uninstall
nginx_not="true" # Nginx-Reload not-needed.
ads_block="true" # Don't show ads
elif [[ -n $external_sources_update ]]; then
external_sources_update
@ -92,8 +102,15 @@ elif [[ -n $timezone ]]; then
read -p "${blu}Timezone: ${end}" timezone
echo ""
fi
conf_write timezone $timezone
set_timezone
# Check first here to not overwrite a valid good value with a wrong value.
if [[ -n $timezone ]] && grep -Fxq $timezone /opt/webinoly/lib/timezone.dat; then
conf_write timezone $timezone
set_timezone
else
echo "${red}Timezone not found or not valid!${end}"
exit 1
fi
nginx_not="true" # Nginx-Reload not-needed.
@ -137,7 +154,7 @@ elif [[ -n $default_site ]]; then
elif [[ -n $mysql_password ]]; then
if [[ $(conf_read mysql) != "true" ]]; then
echo "${red}[ERROR] Seems like MySQL is not installed!${end}"
echo "${red}[ERROR] Seems like MySQL/MariaDB is not installed!${end}"
exit 1
elif [[ $(check_mysql_connection localhost) != "true" ]]; then
exit 1
@ -247,6 +264,7 @@ elif [[ -n $datadog ]]; then
elif [[ -n $db_import ]]; then
check_for_mysql
database_import
nginx_not="true" # Nginx-Reload not-needed.
@ -289,4 +307,5 @@ fi
[[ $(conf_read nginx) == "true" && -z $nginx_not ]] && sudo systemctl reload nginx
[[ -n $err_cont ]] && exit 1
[[ -z $ads_block ]] && ads_donate
api-events_update wye

102
weby
View file

@ -4,13 +4,55 @@
# Check OS support
distr=`echo $(lsb_release -i | cut -d':' -f 2)`
osver=`echo $(lsb_release -c | cut -d':' -f 2)`
# Supported: 22.04 and 20.04 (18.04 just for updates, no new installations)
if [[ $distr != "Ubuntu" ]] || ! [[ $osver =~ ^(bionic|focal|jammy)$ ]] || [[ $osver == "bionic" && $1 != "upd" ]]; then
# Check for custom version
if [[ $2 == "-ver="* ]]; then
ver=$(echo "$2" | cut -d'=' -f 2 -s)
# Skip stadistics counters for dev and testing (custom version stats).
if [[ $(echo $ver | rev | cut -c-1) == "*" || $ver == "alpha" ]]; then
ver=${ver//'*'}
statskip="true"
fi
fi
# Supported: 22.04 Jammy and 20.04 Focal
if [[ $distr != "Ubuntu" ]] || ! [[ $osver =~ ^(bionic|focal|jammy)$ ]]; then
echo "$(tput setaf 1)"
echo "[ERROR] This OS is not supported by Webinoly and could not work properly. $(tput dim)(${distr} '${osver}')"
echo "$(tput sgr0)"
sudo rm weby
exit 1
# 18.04 Bionic can be installed before 1.17.0
elif [[ $osver == "bionic" && $1 != "upd" && -n $ver && $(echo ${ver//'*'} | sed 's/\.//g') =~ ^[0-9]+$ && $(echo ${ver//'*'} | sed 's/\.//g') -ge 1170 ]]; then
echo "$(tput setaf 1)"
echo "[ERROR] Ubuntu 18.04 is not supported on this version of Webinoly!"
echo "$(tput sgr0)"
sudo rm weby
exit 1
elif [[ $osver == "bionic" && $1 != "upd" && -n $ver && $(echo ${ver//'*'} | sed 's/\.//g') =~ ^[0-9]+$ && $(echo ${ver//'*'} | sed 's/\.//g') -lt 1170 ]]; then
echo "$(tput setaf 1)"
echo "[WARNING] You should consider a newer Ubuntu version! $(tput dim)(20.04 or 22.04 are recommended instead)"
echo "$(tput sgr0)"
# 18.04 Bionic just for updates, no new installations after 1.17.0
elif [[ $osver == "bionic" && $1 != "upd" ]]; then
echo "$(tput setaf 1)"
echo "[ERROR] Ubuntu 18.04 is not supported for new installations! $(tput dim)(20.04 or 22.04 are recommended instead)"
echo "$(tput sgr0)"
sudo rm weby
exit 1
# 22.04 Jammy is supported only after 1.16.6
elif [[ $osver == "jammy" && -n $ver && $(echo ${ver//'*'} | sed 's/\.//g') =~ ^[0-9]+$ && $(echo ${ver//'*'} | sed 's/\.//g') -lt 1166 ]]; then
#jammy - 1.16.6
#focal - 1.12.0
#bionic - 1.4.2
echo "$(tput setaf 1)"
echo "[ERROR] Ubuntu 22.04 (Jammy) is not supported by this version!"
echo "$(tput sgr0)"
sudo rm weby
exit 1
fi
# Check for sudo/root privileges
@ -63,14 +105,7 @@ fi
# Download and install Webinoly
if [[ $2 == "-ver="* ]]; then
ver=$(echo "$2" | cut -d'=' -f 2 -s)
# Skip stadistics counters for dev and testing (custom version stats).
if [[ $(echo $ver | rev | cut -c-1) == "*" || $ver == "alpha" ]]; then
ver=${ver//'*'}
statskip="true"
fi
if [[ -n $ver ]]; then
# Be sure we have a valid server response for the requested version
code=$(wget --server-response --spider https://qrok.es/webinoly?version=$ver 2>&1 | awk '/^ HTTP/{print $2}')
code="${code##*$'\n'}" # Get the last code (redirections)
@ -78,6 +113,7 @@ if [[ $2 == "-ver="* ]]; then
if [[ $code == 200 ]]; then
sudo wget --timeout=15 -t 1 -qrO $HOME/webinoly.tar https://qrok.es/webinoly?version=$ver
[[ $ver == "beta" ]] && echo "$(tput setaf 1)[WARNING] You are installing a BETA version of Webinoly and it's not recommended for production enviroments.$(tput sgr0)"
type="Custom"
else
echo "$(tput setaf 1)[ERROR] Version not found or not available! ($code) $(tput sgr0)"
sudo rm weby
@ -102,12 +138,8 @@ sudo mkdir -p /opt/webinoly/templates/source
sudo find /opt/webinoly -type d -exec chmod 755 {} \;
sudo find /opt/webinoly -type f -exec chmod 644 {} \;
sudo chmod -f 744 /opt/webinoly/lib/ex-*
# REMOVE when unsupported! (Only to maintain compatibility with versions before 1.16.0)
[[ ! -d /opt/webinoly/usr ]] && usrw="/opt/webinoly/plugins" || usrw="/opt/webinoly/usr"
sudo chmod 755 ${usrw}/*
sudo mv ${usrw}/* /usr/bin/
sudo chmod 755 /opt/webinoly/usr/*
sudo mv /opt/webinoly/usr/* /usr/bin/
source /opt/webinoly/lib/general
@ -126,6 +158,19 @@ if [[ -f /opt/webinoly/webinoly.conf ]]; then
oldver=$(conf_read server-version)
newver=$svr_version
echo "${gre}${dim}Webinoly Configuration file was found, so we will use it!${end}"
# Reinstall after uninstalled! (Can be considered new)
if [[ -z $update ]] && ! [[ $ver =~ ^(alpha|beta)$ ]]; then
new_install="true"
echo "${blu}${dim}It seems like you're reinstalling Webinoly! (Upgrading from: ${oldapp})${end} ${blu}${bol}Welcome back!!!${end}"
# Downgrade!
elif [[ -n $update && $type == "Custom" ]]; then
echo "${blu}Updating to the latest version is always recommended! ${dim}(Downgrade to: ${ver})${end}"
fi
elif [[ $type == "Custom" ]]; then
echo "${blu}Custom version installed: ${ver}${end}"
else
new_install="true"
fi
@ -134,7 +179,10 @@ fi
# Write app version
webyversion=$app_version
conf_write app-version $webyversion
[[ $ver =~ ^(alpha|beta)$ ]] && conf_write branch $ver
if [[ $ver =~ ^(alpha|beta)$ ]]; then
conf_write branch $ver
echo "${blu}${bol}This is a testing version, please don't use it in production!${end}"
fi
# Ping to Webinoly Stats
@ -146,19 +194,19 @@ if [[ $statskip != "true" ]]; then
type="New"
elif [[ $ver == "beta" ]]; then
type="Beta"
elif [[ -n $update && $ver =~ ^[0-9]{1}\.[0-9]{1,2}\.[0-9]{1,2}$ ]]; then
elif [[ -n $update && $type == "Custom" ]]; then
type="Downgrade"
webyversion=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
opt=$ver
elif [[ -n $setup && $ver =~ ^[0-9]{1}\.[0-9]{1,2}\.[0-9]{1,2}$ ]]; then
type="Custom"
webyversion=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
opt=$ver
elif [[ -n $update && -n $oldapp ]]; then
type="Updates"
opt=$oldapp
elif [[ $type == "Custom" ]]; then
webyversion=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
opt=$ver
else
type="Error"
conf_write init-error-flag true
echo "${red}[ERROR] Installation method not recognized!${end}"
fi
@ -174,10 +222,16 @@ fi
[[ $setup == 1 ]] && stack -nginx
[[ $setup == 2 ]] && stack -php=nginx
[[ $setup == 3 ]] && stack -lemp
[[ $setup != [123] ]] && sudo webinoly -verify=critical
# Verify installation!
if [[ $setup != [123] && -n $update && -n $oldapp ]]; then
sudo webinoly -verify=critical -check-for-updates
elif [[ $setup != [123] ]]; then
sudo webinoly -verify=critical
fi
# Message Center
if [[ -z $(conf_read stack-build-error-flag) ]]; then
if [[ -z $(conf_read stack-build-error-flag) && $type != "Error" ]]; then # We use $type instead of dynvar to not make it persistant!
if [[ $new_install == "true" && $setup == 0 ]]; then
echo "${blu}You have chosen the option '0', it means that you have to manually build your own stack."
echo "But, don't worry! With Webinoly this is an easy task, just use the stack command, i.e. 'sudo stack -lemp' ${end}"