#!/bin/bash echo "${red}" echo "[WARNING] Your server configuration will be updated and all changes you manually did will be lost!!" echo "${blu}Current server version 'v$oldver' will be upgraded to the newest 'v$newver'." echo "${bol}" read -n 1 -s -r -p "Press any key to continue..." echo "" echo "${end}${dim}This is going to take a little bit of time...${end}" conf_write stack-update running api-events_update wysus sleep 1 # v1.5.0 onezero_to_oneone() { if [[ $(conf_read mysql-tool-pma) == "true" ]]; then # Remove old phpMyAdmin echo "phpmyadmin phpmyadmin/dbconfig-remove boolean true" | debconf-set-selections echo "phpmyadmin phpmyadmin/purge boolean true" | debconf-set-selections sudo apt-get -y purge phpmyadmin sudo apt-get -y autoremove sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/pma conf_write mysql-tool purged # Install new phpMyAdmin sudo stack -pma fi if [[ $(conf_read nginx-tool) == "true" ]]; then # Install LetsEncrypt echo | sudo add-apt-repository ppa:certbot/certbot sudo apt -qq update sudo apt-get -y install certbot cronrene=$( sudo grep -F "letsencrypt renew" /var/spool/cron/crontabs/root ) [[ -n $cronrene ]] && sudo sed -i '/letsencrypt renew/c\15 3 * * 7 certbot renew --post-hook "service nginx restart"' /var/spool/cron/crontabs/root sudo echo " staple-ocsp = True must-staple = True" | tee -a /etc/letsencrypt/cli.ini for site in "/etc/nginx/sites-available"/* do domi=$(echo $site | cut -f 5 -d "/") [[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) && $domi != *".dpkg-"* ]] && sudo sed -i "/#include \/var\/www\//c\ include /var/www/$domi/*-nginx.conf;" /etc/nginx/sites-available/$domi done fi } # v1.6.0 oneone_to_onetwo() { # Forgot doing it in 1.1 update sudo apt-get -y install zip } # v1.7.0 onetwo_to_onethree() { # Nginx "ssl on" directive is now deprecated - remove it! for site in "/etc/nginx/sites-available"/* do domi=$(echo $site | cut -f 5 -d "/") [[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]] && sudo sed -i "/ssl on;/c\ #ssl on;" /etc/nginx/sites-available/$domi done # swappines is now included by default in linux optimization. sudo sed -i '/vm.swappiness/d' /etc/sysctl.conf # Now we need a backup of default Nginx file for "default-site" command. [[ -a /etc/nginx/sites-available/default ]] && sudo cp -p /etc/nginx/sites-available/default /opt/webinoly/templates/source/ } # v1.9.0 onethree_to_onefour() { sudo rm /opt/webinoly/templates/nginx/conf.d/blockips.conf if [[ $(conf_read nginx) == "true" ]]; then sudo mkdir -p /etc/nginx/apps.d sudo cp /etc/nginx/common/acl.conf /opt/webinoly/templates/source/acl.conf.old grep "^allow [^127.0.0.1]" /opt/webinoly/templates/source/acl.conf.old > /etc/nginx/apps.d/whitelist-acl.conf [[ -f /etc/nginx/apps.d/whitelist-acl.conf && ( ! -s /etc/nginx/apps.d/whitelist-acl.conf || -z $(cat -v /etc/nginx/apps.d/whitelist-acl.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf [[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i "/acl.conf;/i \ include common\/auth.conf;" /etc/nginx/sites-available/$(conf_read tools-port) for site in "/etc/nginx/sites-available"/* do domi=$(echo $site | cut -f 5 -d "/") if [[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]]; then if [[ $(is_proxy $domi) == "true" ]]; then pat="\t}" elif [[ $(is_wp $domi) == "true" || $(is_php $domi) == "true" ]]; then pat="index" else pat="\tlocation \/ { try" fi sudo sed -i "/$pat/a \ # WebinolyCustomEnd" /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ # WebinolyCustom" /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ include common\/auth.conf;" /etc/nginx/sites-available/$domi sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi if [[ $(is_wp $domi) == "true" ]]; then [[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domi -wp-admin=off fi fi done fi } # v1.12.0 onefour_to_onefive() { sudo sed -i '/ HTTP_PROXY /d' /etc/nginx/fastcgi_params sudo sed -i '/ SCRIPT_FILENAME /d' /etc/nginx/fastcgi_params sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo rm -rf /var/log/php$(conf_read php-ver)-slog.log sudo touch /var/www/$(conf_read tools-port)/htdocs/ping sudo touch /var/www/$(conf_read tools-port)/htdocs/status sudo touch /var/www/$(conf_read tools-port)/htdocs/nginx_status sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/fpm if [[ $(conf_read nginx-ppa) == "mainline" ]]; then echo | sudo add-apt-repository --remove 'ppa:nginx/development' echo | sudo add-apt-repository ppa:ondrej/nginx-mainline else echo | sudo add-apt-repository --remove 'ppa:nginx/stable' echo | sudo add-apt-repository ppa:ondrej/nginx fi } # v1.14.0 onefive_to_onesix() { sudo apt-key adv --fetch-keys 'https://nginx.org/keys/nginx_signing.key' if [[ $(conf_read nginx-ppa) == "mainline" ]]; then echo | sudo add-apt-repository --remove 'ppa:ondrej/nginx-mainline' sudo add-apt-repository "deb https://nginx.org/packages/mainline/ubuntu/ $(check_osname) nginx" else echo | sudo add-apt-repository --remove 'ppa:ondrej/nginx' sudo add-apt-repository "deb https://nginx.org/packages/ubuntu/ $(check_osname) nginx" fi #Fix new Nginx repo sudo apt update sudo apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' nginx [[ $(conf_read php) != "true" ]] && sudo apt-key del E5267A6C # ondrej # Just to be sure in case of added with new nginx package [[ -f /etc/nginx/conf.d/default.conf ]] && sudo rm /etc/nginx/conf.d/default.conf sudo nginx -t && sudo systemctl start nginx sudo systemctl enable nginx [[ $(conf_read php) == "true" ]] && sudo apt -y install ghostscript sudo apt -y remove certbot echo | sudo add-apt-repository --remove 'ppa:certbot/certbot' local certb=0 while [[ $certb -le 3 ]] do sudo snap install core sudo snap refresh core sudo snap install --classic certbot # SNAP Repo fails a lot, so we need to be sure and retry!!! if [[ ! -f /snap/bin/certbot ]]; then local certb=$(($certb+1)) [[ $certb -le 3 ]] && echo "${red}[ERROR] Certbot installation failed!${dim} We will retry in a moment...($(($certb*30))s)${end}" [[ $certb -gt 3 ]] && echo "${red}[ERROR] Fatal Error: Certbot cannot be installed after 3 retries!${end}" || sleep $(($certb*20)) else break fi done [[ ! -L /usr/bin/certbot ]] && sudo ln -s /snap/bin/certbot /usr/bin/certbot } # v1.16.0 onesix_to_oneseven() { [[ $(conf_read php-tool) == "true" && -f /etc/postfix/main.cf ]] && sudo sed -i '/smtpd_banner =/c \smtpd_banner = $myhostname ESMTP' /etc/postfix/main.cf [[ $(conf_read mysql-client) == "true" && -z $(conf_read mysql-ver) ]] && conf_write mysql-ver $(sudo mysql -V | cut -f 6 -d " " -s | cut -f -2 -d "." -s) [[ $(conf_read mysql) == "true" ]] && conf_write mysql-optim true [[ $(conf_read mysql-tool) == "true" ]] && conf_write mysql-tool-pma true && conf_delete mysql-tool [[ $(conf_read nginx-tool) == "true" ]] && conf_write nginx-tool-ssl true && conf_write nginx-tool-bkp true && conf_delete nginx-tool [[ $(conf_read php-tool) == "true" ]] && conf_write php-tool-postfix true && conf_write php-tool-redis true && conf_write php-tool-memcached true && conf_delete php-tool if [[ -s /opt/webinoly/templates/source/csp_webinoly.data ]]; then conf_write header-csp "$(sed -n '1p' /opt/webinoly/templates/source/csp_webinoly.data)" sudo mv /opt/webinoly/templates/source/csp_webinoly.data /opt/webinoly/templates/source/csp_webinoly.data.old fi if [[ -s /opt/webinoly/templates/source/pph_webinoly.data ]]; then conf_write header-permissions "$(sed -n '1p' /opt/webinoly/templates/source/pph_webinoly.data)" sudo mv /opt/webinoly/templates/source/pph_webinoly.data /opt/webinoly/templates/source/pph_webinoly.data.old fi if [[ -s /opt/webinoly/templates/source/cch_webinoly.data ]]; then conf_write header-cache-control "$(sed -n '1p' /opt/webinoly/templates/source/cch_webinoly.data)" sudo mv /opt/webinoly/templates/source/cch_webinoly.data /opt/webinoly/templates/source/cch_webinoly.data.old fi if [[ -s /opt/webinoly/templates/source/rob_webinoly.data ]]; then conf_write header-robots "$(sed -n '1p' /opt/webinoly/templates/source/rob_webinoly.data)" sudo mv /opt/webinoly/templates/source/rob_webinoly.data /opt/webinoly/templates/source/rob_webinoly.data.old fi for site in "/etc/nginx/sites-available"/* do local domi=$(echo $site | cut -f 5 -d "/") if [[ $domi != "html" && $domi != $(conf_read tools-port) && -f /etc/nginx/sites-available/$domi ]]; then sudo sed -i '/headers-html.conf;/d' /etc/nginx/sites-available/$domi sudo sed -i '/headers-https.conf;/d' /etc/nginx/sites-available/$domi if [[ $(is_ssl $domi) == "true" ]]; then sudo sed -i '/headers-http.conf;/c \ include common/headers.conf;' /etc/nginx/sites-available/$domi else sudo sed -i '/headers-http.conf;/c \ include common/header.conf;' /etc/nginx/sites-available/$domi for pxy in "/etc/nginx/apps.d/${domi}"*-proxy.conf do [[ -f $pxy ]] && sudo sed -i '/CacheStaticFiles/,/expires max;/{/headers-https.conf;/d}' $pxy done fi if [[ $(is_parked $domi) == "true" ]]; then local main=$(grep -G "root .*;" /etc/nginx/sites-available/$domi | cut -d'/' -f 4) if [[ -f /etc/nginx/sites-available/$main ]]; then sed -i "/include \/var\/www\/$main/a \ include \/var\/www\/${main}/*-$(echo $domi | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$domi fi fi fi done if [[ -f /opt/webinoly/webinoly.conf ]]; then mv /opt/webinoly/webinoly.conf /opt/webinoly/webinoly.conf.old IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this. for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf.old) do conf_write $(echo $i | cut -d':' -f 1 -s) $(echo $i | cut -d':' -f 2- -s) done fi [[ $(conf_read php) != "true" && $(conf_read nginx) == "true" ]] && nginx_tool_site #[[ $(conf_read php) == "true" ]] && sudo apt -y install php$(conf_read php-ver)-intl if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then sudo apt -y purge duplicity duply python-boto conf_write nginx-tool-bkp purged [[ $(check_osname) == "bionic" ]] && sudo apt -y install python3-boto # Not break the old profiles local reinstall_bkp="true" fi if [[ $(conf_read php-tool-redis) == "true" ]]; then sudo apt -y purge redis-server echo | sudo add-apt-repository --remove 'ppa:chris-lea/redis-server' sudo apt-key del C7917B12 conf_write php-tool-redis purged local reinstall_redis="true" fi # All of these is here separated to prevent errors when verify runs inside the stack command sudo webinoly -server-reset=nginx [[ -n $reinstall_bkp ]] && stack -backups [[ -n $reinstall_redis ]] && stack -redis sudo apt -yqq autoremove } # v1.17.0 oneseven_to_oneight() { # We are doing here, not before, just because is now mandatory, WP health is giving messages!! if [[ $(conf_read php) == "true" ]]; then sudo apt update sudo apt -y install php$(conf_read php-ver)-intl fi # Regenerate conf file if [[ -f /opt/webinoly/webinoly.conf ]]; then mv /opt/webinoly/webinoly.conf /opt/webinoly/webinoly.conf.old IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this. for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf.old) do conf_write $(echo $i | cut -d':' -f 1 -s) $(echo $i | cut -d':' -f 2- -s) done fi # Duplicity: remove snap, instal from pip if [[ $(conf_read nginx-tool-bkp) == "true" && -z $(conf_read bkp-source-tmp) ]]; then sudo snap remove duplicity conf_write nginx-tool-bkp purged stack -backups else conf_delete bkp-source-tmp fi # Loop All Sites for site in "/etc/nginx/sites-available"/* do local domi=$(echo $site | cut -f 5 -d "/") if [[ $domi != "html" && $domi != $(conf_read tools-port) && -f /etc/nginx/sites-available/$domi ]]; then # All sites sed -i "/include \/var\/www\/$domi\/\*-nginx.conf;/a \ include \/etc\/nginx\/conf.d\/\*.conf.srv;" /etc/nginx/sites-available/$domi # Parked: Shared Nginx conf for main site if [[ $(is_parked $domi) == "true" ]]; then local main=$(grep -G "root .*;" /etc/nginx/sites-available/$domi | cut -d'/' -f 4) if [[ -f /etc/nginx/sites-available/$main ]]; then sed -i "/include \/var\/www\/$main\/\*-nginx.conf;/a \ include \/etc\/nginx\/conf.d\/\*.conf.srv;" /etc/nginx/sites-available/$domi sed -i "/include \/var\/www\/${main}\/\*-$(echo $main | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;/d" /etc/nginx/sites-available/$main sed -i "/include \/var\/www\/$main\/\*-nginx.conf;/a \ include \/var\/www\/${main}\/\*-$(echo $main | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$main fi fi fi done # Remove the old kernel method sudo sed -i '/WebinolyStart/,/WebinolyEnd/{/.*/d}' /etc/sysctl.conf # New Admin Tools site! if [[ -n $(conf_read tools-port) && -d /var/www/$(conf_read tools-port) && -f /etc/nginx/sites-available/$(conf_read tools-port) ]]; then sudo mkdir -p /var/www/$ADMIN_TOOLS_SITE sudo cp -rp /var/www/$(conf_read tools-port)/* /var/www/$ADMIN_TOOLS_SITE sudo rm -rf /var/www/$(conf_read tools-port) sudo mv /etc/nginx/sites-available/$(conf_read tools-port) /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo rm -rf /etc/nginx/sites-enabled/$(conf_read tools-port) sudo ln -s /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE sudo sed -i "s#www/$(conf_read tools-port)/htdocs#www/$ADMIN_TOOLS_SITE/htdocs#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "s#$(conf_read tools-port).access.log#${ADMIN_TOOLS_SITE}.access.log#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "s#$(conf_read tools-port).error.log#${ADMIN_TOOLS_SITE}.error.log#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE # Fix permissions not needed - it will be done in server-reset later! fi } # Version numbers without point [[ ${oldver//.} -lt 11 ]] && onezero_to_oneone [[ ${oldver//.} -lt 12 ]] && oneone_to_onetwo [[ ${oldver//.} -lt 13 ]] && onetwo_to_onethree [[ ${oldver//.} -lt 14 ]] && onethree_to_onefour [[ ${oldver//.} -lt 15 ]] && onefour_to_onefive [[ ${oldver//.} -lt 16 ]] && onefive_to_onesix [[ ${oldver//.} -lt 17 ]] && onesix_to_oneseven [[ ${oldver//.} -lt 18 ]] && oneseven_to_oneight # Update PIP packages! sudo pip3 install --upgrade duplicity 2>&1 | grep -v "pip as the 'root' user" api-events_update wysue conf_delete stack-update sudo webinoly -server-reset echo "${gre}Your server-configuration has been successfully updated!${end}"