0ct0pu5/webinoly
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
webinoly/lib/webin
Cristhian Martínez Ochoa 194017faf4 revision 
Some minor fixes after full revision.
2022-08-19 15:21:54 -06:00

1085 lines
49 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
source /opt/webinoly/lib/install
system_info() {
[[ $ram == 0 ]] && local ramv="${ramb}Mb" || ramv="${ram}Gb"
[[ $swap == 0 ]] && local swapv="${swapm}Mb" || swapv="${swap}Gb"
echo ""
echo "${blu}${bol}[Operating System]${end}"
echo "${blu}OS Info:${end}${dim} $(sudo cat /proc/version) ${end}"
echo "${blu}Description:${end}${dim} $(sudo lsb_release -d | cut -d':' -f 2- -s) ${end}"
echo "${blu}Codename:${end}${dim} $(sudo lsb_release -c | cut -d':' -f 2- -s) ${end}"
echo "${blu}RAM:${end}${dim} $ramv ${end}"
echo "${blu}SWAP:${end}${dim} $swapv ${end}"
echo ""
echo "${blu}CPU Model:${end}${dim} $(lscpu | grep "Model name:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}"
echo "${blu}Architecture:${end}${dim} $(lscpu | grep "Vendor ID:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ($(lscpu | grep "Architecture:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//')) ${end}"
echo "${blu}Cores:${end}${dim} $cores ${end}"
echo "${blu}Threads per core:${end}${dim} $(lscpu | grep "Thread(s) per core:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}"
echo ""
echo "${blu}Hostname:${end}${dim} $(sudo hostname) ${end}"
echo "${blu}File descriptors (OS):${end}${dim} $(sudo cat /proc/sys/fs/file-max) ${end}"
echo "${blu}File descriptors (root):${end}${dim} $(ulimit -Hn) ${end}"
[[ $(conf_read nginx) == "true" ]] && echo "${blu}File descriptors (nginx/per process):${end}${dim} $(grep 'Max open files' /proc/$(cat /run/nginx.pid)/limits | cut -f 15 -d ' ') ${end}"
echo ""
echo "${blu}${bol}[Disk Usage]${end}${dim}"
sudo df -Th /
echo "${end}"
echo "${blu}${bol}[NGINX]${end}"
if [[ $(conf_read nginx) == "true" ]]; then
echo "${blu}Branch:${end}${dim} $(conf_read nginx-ppa) ${end}"
echo "${blu}Version:${end}${dim} $(sudo nginx -v 2>&1 | cut -d'/' -f 2- -s) ${end}"
echo "${blu}worker_processes:${end}${dim} $(grep worker_processes /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}worker_connections:${end}${dim} $(grep worker_connections /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}worker_rlimit_nofile:${end}${dim} $(grep worker_rlimit_nofile /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}client_max_body_size:${end}${dim} $(grep client_max_body_size /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo ""
echo "${blu}${bol}[NGINX Cache Settings]${end}"
echo "${blu}FastCGI 200:${end}${dim} $( grep -F "fastcgi_cache_valid 200" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';') ${end}"
echo "${blu}FastCGI 3xx/4xx:${end}${dim} $( grep -F "fastcgi_cache_valid 301 " /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';' ) ${end}"
echo "${blu}FastCGI inactive:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | cut -d'=' -f 2 | tr -d ';') ${end}"
echo "${blu}FastCGI max-size:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 2 | rev | cut -f 2 -d '=' ) ${end}"
echo "${blu}open_file_cache_valid:${end}${dim} $(grep open_file_cache_valid /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}open_file_cache max:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 2 -d ' ' | cut -f 2 -d '=') ${end}"
echo "${blu}open_file_cache inactive:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 3 -d ' ' | cut -f 2 -d '=' | tr -d ';') ${end}"
echo ""
else
echo "${red}${dim} NGINX is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[PHP]${end}"
if [[ $(conf_read php) == "true" ]]; then
echo "${blu}Info:${end}${dim} $(php -v | grep -m1 "") ${end}"
echo "${blu}memory_limit:${end}${dim} $(grep memory_limit /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}post_max_size:${end}${dim} $(grep post_max_size /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}upload_max_filesize:${end}${dim} $(grep upload_max_filesize /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}max_file_uploads:${end}${dim} $(grep max_file_uploads /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}max_execution_time:${end}${dim} $(grep max_execution_time /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo ""
echo "${blu}Process Manager:${end}${dim} $(grep -E "^pm.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.max_children:${end}${dim} $(grep -E "^pm.max_children.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.start_servers:${end}${dim} $(grep -E "^pm.start_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.min_spare_servers:${end}${dim} $(grep -E "^pm.min_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.max_spare_servers:${end}${dim} $(grep -E "^pm.max_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo ""
else
echo "${red}${dim} PHP is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[MYSQL]${end}"
if [[ $(conf_read mysql) == "true" ]]; then
# Check if file exist because in legacy it doesn't!
if [[ $(conf_read mysql-tool-pma) == "true" && -f /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Version.php ]]; then
local pmaver=$(grep -E "public const VERSION = '[0-9\.]+'.*;" /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Version.php | cut -f 2 -d "'")
# Legacy support: before v5.1.0 (Feb 23, 2021) version is found here:
elif [[ $(conf_read mysql-tool-pma) == "true" ]]; then
local pmaver=$(grep -e "\$this->set('PMA_VERSION',.*'[0-9\.]*');" /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Config.php | cut -f 4 -d "'")
elif [[ $(conf_read mysql-tool-pma) != "true" ]]; then
local pmaver="Not installed!"
fi
echo "${blu}Info:${end}${dim} $(sudo mysql --version) ${end}"
echo "${blu}phpMyAdmin:${end}${dim} $pmaver ${end}"
echo ""
else
echo "${red}${dim} MySQL is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[Webinoly]${end}"
[[ -n $(conf_read default-site) ]] && local ds=$(conf_read default-site) || local ds="default"
[[ -n $(conf_read tools-site) ]] && local ts=$(conf_read tools-site) || local ts="default"
[[ -n $(conf_read timezone) ]] && local tz=$(conf_read timezone) || local tz="Undefined"
echo "${blu}Default site:${end}${dim} $ds ${end}"
echo "${blu}Tools site:${end}${dim} $ts ${end}"
echo "${blu}Tools port:${end}${dim} $(conf_read tools-port) ${end}"
echo "${blu}Timezone:${end}${dim} $tz ${end}"
if [[ $(conf_read smtp) == "true" ]]; then
echo "${blu}SMTP Host:${end}${dim} $(grep -E "^relayhost.?=.?*+" /etc/postfix/main.cf | cut -f 2 -d '=' -s) ${end}"
echo "${blu}SMTP Mainsite:${end}${dim} $(sudo cat /etc/mailname | head -n 1) ${end}"
else
echo "${blu}SMTP:${end}${dim} None ${end}"
fi
echo ""
echo "${blu}${bol}[Internal]${end}"
if [[ -f /opt/webinoly/webinoly.conf ]]; then
sudo sed -nr "s/^([a-z\-]+)\:(.*)$/${blu}\1\:${end}${dim}\2${end}/p" /opt/webinoly/webinoly.conf
else
echo "${red} [ERROR] Configuration File not found! ${end}"
fi
echo ""
}
smtp_setup() {
if [[ $smtp == true ]]; then
local hostname=$(grep -E "^myhostname[ ]?=[ ]?.*$" /etc/postfix/main.cf | cut -d "=" -f 2 -s | sed "s/ //")
[[ -n $hostname && -f /etc/nginx/sites-available/$hostname ]] && local default_host=" [$hostname]"
echo "${gre}"
echo "**********************************"
echo "********** SMTP Setup **********"
echo "**********************************"
echo ""
echo " * We only support TLS and Port 587."
echo ""
read -p "${blu} + SMTP Host: ${end}" host
read -p "${blu} + User: ${end}" user
read -p "${blu} + Password: ${end}" pass
read -p "${blu} + Main Hostname/Domain${default_host}: ${end}" mainhost
[[ -z $mainhost && -n $default_host ]] && mainhost=$hostname
echo ""
elif [[ $(echo "${smtp}" | cut -c-1) == "[" && $(echo "${smtp}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${smtp:1:-1}
host=$(echo "${userdata}" | cut -d',' -f 1 -s)
user=$(echo "${userdata}" | cut -d',' -f 2 -s)
pass=$(echo "${userdata}" | cut -d',' -f 3 -s)
mainhost=$(echo "${userdata}" | cut -d',' -f 4 -s)
else
echo "${red}[ERROR] Invalid SMTP data!${end}"
exit 1
fi
if [[ -z $user || -z $pass || -z $host || -z $mainhost ]]; then
echo "${red}[ERROR] Invalid SMTP data!${end}"
exit 1
elif [[ ! -f /etc/nginx/sites-available/$mainhost ]]; then
echo "${red}[ERROR] Main Host site not found in your server!${end}"
exit 1
elif [[ $(is_url $host) != "true" ]]; then
if [[ $(is_url $host) =~ ^(http|https)$ ]]; then
echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS can not be used in conjunction with SMTP protocol)${end}"
else
echo "${red}[ERROR] Invalid SMTP host!${end}"
fi
exit 1
else
is_url $host -split
if [[ -n $url_port ]]; then
echo "${red}[ERROR] Invalid SMTP host! (Custom port is not supported)${end}"
exit 1
fi
fi
[[ ! -f /opt/webinoly/templates/source/main.cf ]] && sudo cp -p /etc/postfix/main.cf /opt/webinoly/templates/source/
sudo touch /etc/mailname
echo "$mainhost" > /etc/mailname
sudo chown root:root /etc/mailname
sudo chmod 0644 /etc/mailname
sudo sed -i '/myorigin =/c \myorigin = /etc/mailname' /etc/postfix/main.cf
sudo sed -i "/myhostname =/c\myhostname = $mainhost" /etc/postfix/main.cf
sudo sed -i "/relayhost/c\relayhost = $host:587" /etc/postfix/main.cf
sudo sed -i '/mydestination =/c \mydestination = localhost' /etc/postfix/main.cf
# Ensure we have no duplicate parameters
sudo sed -i '/^smtp_tls_security_level/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_tls_note_starttls_offer/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_use_tls/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_password_maps/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_security_options/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_auth_enable/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_tls_security_level = encrypt' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_tls_note_starttls_offer = yes' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_use_tls = yes' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_security_options = noanonymous' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_auth_enable = yes' /etc/postfix/main.cf
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
echo "$host:587 $user:$pass" > /etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 0600 /etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd.db
conf_write smtp true
sudo systemctl restart postfix
echo "${gre}SMTP was successfully enabled!${end}"
}
mysql_change_password() {
if ! sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "quit" 2>/dev/null; then
echo "${red}[ERROR] MySQL Connection to localhost failed! ${dim}(admin)${end}"
exit 1
fi
if [[ $mysql_password == true ]]; then
echo ""
read -p "${blu}MySQL User: ${end}" user
read -p "${blu}New Password: ${end}" pass
echo ""
elif [[ $(echo "${mysql_password}" | cut -c-1) == "[" && $(echo "${mysql_password}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${mysql_password:1:-1}
user=$(echo "${userdata}" | cut -d',' -f 1 -s)
pass=$(echo "${userdata}" | cut -d',' -f 2 -s)
else
echo "${red}[ERROR] Please enter a valid value for username and password!${end}"
exit 1
fi
if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then
echo "${red}[ERROR] Please, enter a valid username and password!"
echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}"
exit 1
elif [[ -z $(sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then
echo "${red}[ERROR] User ${blu}$user ${red}doesn't exists!${end}"
exit 1
fi
# First get the User host: 'localhost' or '%'
local userhost=$(sudo mysql -ss --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT Host FROM mysql.user WHERE User='${user}' LIMIT 1;")
sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;"
if [[ $? == 0 ]]; then
[[ $user =~ ^(root|admin)$ ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
echo "${gre}MySQL Password successfully changed! ${dim}('${user}'@'${userhost}')${end}"
else
echo "${red}[ERROR] Unexpected error!${end}"
exit 1
fi
}
mysql_public_access() {
if ! [[ $mysql_public_access =~ ^(on|off)$ ]]; then
echo "${red}[ERROR] Please, enter a valid value! ${dim}(on/off)${end}"
exit 1
fi
check_for_mysql -ask
if [[ $mysql_public_access == "on" ]]; then
cnf_write skip-networking 0
cnf_write skip-bind-address
echo ""
echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL is open for public access you should at least set your firewall to prevent against any unwanted request.${end}"
echo ""
[[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL User with public access!${end}"
echo "${gre}MySQL public access successfully enabled!${end}"
elif [[ $mysql_public_access == "off" ]]; then
cnf_delete skip-networking
cnf_delete skip-bind-address
echo "${gre}MySQL public access successfully disabled!${end}"
fi
sudo systemctl restart mysql
if [[ -n $create_master_user ]]; then
if [[ $create_master_user != true && $(echo "${create_master_user}" | cut -c-1) == "[" && $(echo "${create_master_user}" | rev | cut -c-1) == "]" ]]; then
local user=$(echo ${create_master_user:1:-1} | cut -d',' -f 1 -s)
local pass=$(echo ${create_master_user:1:-1} | cut -d',' -f 2 -s)
fi
if [[ -z $user || -z $pass ]]; then
read -p "${blu}Master User Name: ${end}" user
read -p "${blu}Master User Password: ${end}" pass
fi
[[ ${pass,,} == "random" ]] && local pass=`pwgen -s -1 16`
if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then
echo "${red}[ERROR] Please, enter a valid username and password!"
echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}"
exit 1
elif [[ $user != $(dbword_check $user user) ]]; then
echo "${red}[ERROR] The DB Name can not be a reserved word or should only contain allowed characters!${blu}"
exit 1
elif [[ -n $(sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then
echo "${red}[ERROR] User ${blu}$user ${red}already exists!${end}"
exit 1
else
[[ -n $replication_slave ]] && local priv="replication slave" || local priv="ALL PRIVILEGES"
[[ -n $replication_slave ]] && local grant="" || local grant="WITH GRANT OPTION"
sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS <<_EOF_
CREATE USER '${user}'@'%' IDENTIFIED BY '${pass}';
GRANT ${priv} ON *.* TO '${user}'@'%' ${grant};
FLUSH PRIVILEGES;
_EOF_
[[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}with password ${blu}${pass}${gre} successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}"
fi
fi
}
remove_domain_default_site() {
# In case we have a domain as default before.
if ! [[ $(conf_read default-site) =~ ^(default|blackhole)$ || -z $(conf_read default-site) ]]; then
[[ ! -L /etc/nginx/sites-enabled/default && -f /etc/nginx/sites-available/default ]] && sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
remove_nginx_default_server $(conf_read default-site)
fi
}
create_blackhole_cert() {
if [[ ! -f /etc/ssl/certs/webinoly-blackhole.crt.pem ]]; then
# REMOVE: Temporal fix affecting openssl 1.1.1 - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1603717.html
sudo touch /root/.rnd
sudo openssl req -new -newkey rsa:2048 -days 36500 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=blackhole" -keyout /etc/ssl/private/webinoly-blackhole.key.pem -out /etc/ssl/certs/webinoly-blackhole.crt.pem > /dev/null 2>&1
fi
}
webinoly_update() {
# Update: sudo webinoly -update
# Update from branch: sudo webinoly -update=beta
# Downgrade: sudo webinoly -update=1.14.0
if [[ $(conf_read branch) =~ ^(alpha|beta)$ ]] && ! [[ $update =~ ^(alpha|beta)$ ]]; then
echo "${red}[ERROR] Beta/alpha versions can not be updated to stable versions!${end}"
exit 1
fi
local currentver=$(conf_read app-version)
if [[ -n $update && $update != true ]]; then
local branch="-ver=${update}"
else
local checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
if [[ -z $checkver || -z $currentver ]] || ! [[ $checkver =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "${red}[ERROR] Version check service unavailable!${dim} (Webinoly API)${end}"
exit 1
elif [[ ${currentver//.} -ge ${checkver//.} ]]; then
echo "${gre}You currently have the latest version!${dim} (v${checkver})${end}"
exit 0
else
echo "${dim}Updating...${end}"
echo "${blu}${dim}Your current version 'v${currentver}' will be updated to the newest 'v${checkver}' ${end}"
fi
fi
sudo wget --timeout=15 -t 1 --referer="https://update.webinoly.com/?ver=${app_version}" -qrO weby https://qrok.es/wyupd && sudo bash weby upd $branch
if [[ $? == 0 ]]; then
echo "${gre}Webinoly App has been updated successfully!${dim} (Updated to: v$(conf_read app-version))${end}"
else
sudo rm weby
echo "${red}[ERROR] Update process has failed!${end}"
exit 1
fi
api-events_update wy1s
}
fix_permissions() {
# https://github.com/QROkes/webinoly/issues/49
sudo find /var/www ! -path "/var/www/\.*" -type d -print0 | sudo xargs -r -0 chmod 755
sudo find /var/www ! -path "/var/www/\.*" -type f -print0 | sudo xargs -r -0 chmod 644
if [[ -d /var/www/.ssh ]]; then
sudo find /var/www/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find /var/www/.ssh ! -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find /var/www/.ssh -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
fi
if [[ -d $CURRENT_HOME/.ssh ]]; then
sudo find $CURRENT_HOME/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find $CURRENT_HOME/.ssh ! -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh
fi
sudo chown -R www-data:www-data /var/www
[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
}
server_reset() {
# Regenerate NGINX conf files
if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then
# Backup files will be restored in nginx_optim function
[[ -f /etc/nginx/conf.d/blockips.conf ]] && sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup
[[ -f /etc/nginx/conf.d/webinoly.conf ]] && sudo cp -p /etc/nginx/conf.d/webinoly.conf /tmp/webinoly_backup
linux_purge
sudo sed -i '/WebinolyCustom/,/WebinolyCustomEnd/{/.*/d}' /etc/nginx/fastcgi_params
sudo rm -rf /etc/nginx/common
sudo rm -rf /etc/nginx/conf.d/*
nginx_optim
echo "${gre}Nginx settings has been updated successfully!${end}"
fix_permissions
echo "${gre}Permissions fixed successfully!${end}"
elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then
echo "${red}[ERROR] Nginx settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Regenerate PHP conf files
if [[ $(conf_read php-optim) == "true" && $server_reset =~ ^(php|all)$ ]]; then
if [[ -f /opt/webinoly/templates/source/php.ini && -f /opt/webinoly/templates/source/www.conf ]]; then
sudo cat /opt/webinoly/templates/source/php.ini > /etc/php/$(conf_read php-ver)/fpm/php.ini
sudo cat /opt/webinoly/templates/source/www.conf > /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf
# Added in v1.11.0, will fail if stack was built before:
[[ -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cat /opt/webinoly/templates/source/php-fpm.conf > /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf
sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf
php_optim
echo "${gre}PHP settings has been updated successfully!${end}"
else
echo "${red}[ERROR] PHP could not been updated, source files not found!${end}"
err_cont=true
fi
elif [[ $(conf_read php-optim) != "true" && $server_reset == "php" ]]; then
echo "${red}[ERROR] PHP settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Check MySQL Conf
if [[ $(conf_read mysql-optim) == "true" && $server_reset =~ ^(mysql|all)$ ]]; then
mysql_optim
echo "${gre}MySQL settings has been updated successfully!${end}"
elif [[ $(conf_read mysql-optim) != "true" && $server_reset == "mysql" ]]; then
echo "${red}[ERROR] MySQL settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Permissions
if [[ $(conf_read nginx) == "true" && $server_reset == "permissions" ]]; then
fix_permissions
echo "${gre}Permissions fixed successfully!${end}"
nginx_not="true" # Nginx-Reload not-needed.
elif [[ $(conf_read nginx) != "true" && $server_reset == "permissions" ]]; then
echo "${red}[ERROR] Nginx not found, seems like is not installed in your server!${end}"
err_cont=true
fi
# Display message just to show we are alive.
if [[ $server_reset == "all" && $(conf_read php-optim) != "true" && $(conf_read nginx-optim) != "true" ]]; then
echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL are not installed yet)${end}"
fi
}
show_db_data() {
if [[ -n $(conf_read external-dbu) && -n $(conf_read external-dbp) ]]; then
local extu=$(conf_read external-dbu)
local extp=$(conf_read external-dbp)
if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbx) ]]; then
local exth="$(conf_read external-dbh):$(conf_read external-dbx)"
elif [[ -n $(conf_read external-dbh) ]]; then
local exth=$(conf_read external-dbh)
fi
fi
if [[ -n $(conf_read mysql-root) || -n $(conf_read mysql-admin) ]]; then
local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
echo ""
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
echo ""
else
echo "${blu}"
echo "Localhost credentials not found!"
echo "${end}"
fi
if [[ -n $extu ]]; then
echo ""
[[ $dbpass == "raw" || -n $raw ]] || echo "${gre}External DB Credentials${end}"
[[ ( $dbpass == "raw" || -n $raw ) && -n $exth ]] && echo "Host:$exth"
[[ ( $dbpass != "raw" && -z $raw ) && -n $exth ]] && echo "${blu}${bol} Host:${end}${blu}${dim} $exth ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "User:$extu" || echo "${blu}${bol} User:${end}${blu}${dim} $extu ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "Password:$extp" || echo "${blu}${bol} Password:${end}${blu}${dim} $extp ${end}"
echo ""
fi
if [[ -z $rpass && -z $extu ]]; then
echo "${red}"
echo "[ERROR] DB Credentials not found!"
echo "${end}"
exit 1
fi
}
change_tools_port() {
local oldport=$(conf_read tools-port)
if [[ $tools_port == true ]]; then
[[ -z $oldport ]] && local oldport=$tools_port_default
read -p "${blu}Tools Port [Current: $oldport]: " port
else
port=$tools_port
fi
if [[ -z $port || ( -n $oldport && $port == $oldport ) ]]; then
echo "${gre}Tools-Port not changed! ${end}"
elif [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then
if [[ -f /etc/nginx/sites-available/$port ]]; then
echo "${red}[ERROR] Conflict naming found $tools_port sitename is already in use!${end}"
exit 1
fi
if [[ $(conf_read nginx) == "true" && -d /var/www/$oldport ]]; then
# MV in some edge cases fails to rename, specially when so much files are within the directories.
sudo mkdir -p /var/www/$port
sudo cp -rp /var/www/$oldport/* /var/www/$port
sudo rm -rf /var/www/$oldport
sudo mv /etc/nginx/sites-available/$oldport /etc/nginx/sites-available/$port
sudo rm /etc/nginx/sites-enabled/$oldport
sudo ln -s /etc/nginx/sites-available/$port /etc/nginx/sites-enabled/$port
sudo sed -i "s/${oldport}/${port}/g" /etc/nginx/sites-available/$port
fi
conf_write tools-port $port
conf_write tools-port-set $port
echo "${gre}Port${blu} $port ${gre}has been enabled to access all your Tools! ${end}"
else
echo "${red}[ERROR] Please, enter a valid port number (1-65535)!${end}"
exit 1
fi
}
set_tools_site() {
if [[ $tools_site == true ]]; then
echo "${gre}Please, enter a valid domain to access the Tools Section! ${end}"
read -p "${blu}Domain: ${end}" tools_site
tools_site=${tools_site,,}
fi
if [[ -z $tools_site ]]; then
echo "${red}[ERROR] Please, enter a valid value!${end}"
exit 1
elif [[ -f /etc/nginx/sites-available/$tools_site && -f /etc/nginx/sites-available/$(conf_read tools-port) && $tools_site != "default" ]]; then
# Check for previous assigned domain and remove
if [[ -n $(conf_read tools-site) ]]; then
sudo sed -i '/server_name/d' /etc/nginx/sites-available/$(conf_read tools-port)
# In case SSL is enabled
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) default_server deferred;" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) default_server;" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i '/headers-https.conf/d' /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i '/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port)
fi
# Assign new domain/site
sername=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "server_name" | sed -e 's/^[ \t]*//')
sudo sed -i "/error_log/a \ ${sername}" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) deferred;" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port);" /etc/nginx/sites-available/$(conf_read tools-port)
# If SSL is enabled
if [[ $(is_ssl $tools_site) == "true" ]]; then
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) ssl http2 deferred;" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) ssl http2;" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$(conf_read tools-port)
local ssl_cer=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate " | tr -d '\t')
local ssl_key=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate_key " | tr -d '\t')
local ssl_tru=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_trusted_certificate " | tr -d '\t')
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate .*;#$ssl_cer#}" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate_key .*;#$ssl_key#}" /etc/nginx/sites-available/$(conf_read tools-port)
if [[ -z $ssl_tru ]]; then
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_stapling/d}' /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_trusted_certificate/d}' /etc/nginx/sites-available/$(conf_read tools-port)
else
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_trusted_certificate .*;#$ssl_tru#}" /etc/nginx/sites-available/$(conf_read tools-port)
fi
sudo sed -i '/locations.conf/a \ include common/headers-https.conf;' /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/WebinolySSLend/i \ error_page 497 https:\/\/\$host:\$server_port\$request_uri;" /etc/nginx/sites-available/$(conf_read tools-port)
create_blackhole_cert
fi
# Default blackhole for requests different from our assigned Tools-Site
sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-blackhole' /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/<port>/$(conf_read tools-port)/}" /etc/nginx/sites-available/$(conf_read tools-port)
if [[ $(is_ssl $tools_site) == "false" ]]; then
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/ssl_certificate/d}" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/error_page/d}" /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/ssl //}" /etc/nginx/sites-available/$(conf_read tools-port)
echo "${red}It's highly recommended having an SSL Cert enabled on this site. ${end}"
fi
conf_write tools-site $tools_site
echo "${gre}Domain${blu} ${tools_site}:$(conf_read tools-port) ${gre}was successfully assigned to access your server tools!${end}"
elif [[ $tools_site == "default" ]]; then
sudo rm -rf /etc/nginx/sites-available/$(conf_read tools-port)
sudo cp /opt/webinoly/templates/nginx/admin_tools.conf /etc/nginx/sites-available/$(conf_read tools-port)
sudo sed -i "s/<port>/$(conf_read tools-port)/g" /etc/nginx/sites-available/$(conf_read tools-port)
conf_write tools-site default
echo "${gre}Tools Site settings has been reset successfully!${end}"
elif [[ -f /etc/nginx/sites-available/$tools_site && ! -f /etc/nginx/sites-available/$(conf_read tools-port) ]]; then
echo "${red}[ERROR] Tools Site is not enabled! ${end}"
exit 1
else
echo "${red}[ERROR] Domain/site not found. ${end}"
exit 1
fi
# Warning Message
if [[ ( ! -s /etc/nginx/.htpasswd && $tools_site == "default" ) || ( ! -s /etc/nginx/.htpasswd && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ! -s /etc/nginx/apps.d/.htpasswd-$tools_site ) ]]; then
echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to access these tools!${end}"
fi
}
www_data_sftp_access() {
if [[ $login_www_data == "on" && $(conf_read login-www-data) == "true" ]]; then
echo "${gre}SFTP access for www-data user is already enabled! ${end}"
elif [[ $login_www_data == "off" && $(conf_read login-www-data) != "true" ]]; then
echo "${gre}SFTP access for www-data user is already disabled! ${end}"
elif [[ $login_www_data == "on" ]]; then
# Allow access for www-data user
if [[ -f $CURRENT_HOME/.ssh/authorized_keys ]]; then
echo "${blu}${dim}Copying your SSH keys from '${CURRENT_USER}' to www-data access!${end}"
sudo mkdir -p /var/www/.ssh
sudo chmod 700 /var/www/.ssh
sudo cat $CURRENT_HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
sudo chmod 600 /var/www/.ssh/*
fi
sudo chown -R www-data:www-data /var/www
# www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells
sudo usermod -s /usr/lib/openssh/sftp-server www-data
sudo addgroup --system sftponly > /dev/null 2>&1
sudo usermod -G sftponly www-data
sudo chown root:root /var/www
sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config
sudo echo '# WebinolySFTPstart
Match Group sftponly
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
# WebinolySFTPend' >> /etc/ssh/sshd_config
falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config )
[[ -n $falus ]] && sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config
conf_write login-www-data true
conf_write sftp-www-data true
sudo systemctl restart ssh
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
elif [[ $login_www_data == "off" ]]; then
sudo rm -rf /var/www/.ssh
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
sudo gpasswd -d www-data sftponly > /dev/null 2>&1
sudo delgroup sftponly > /dev/null 2>&1
sudo chown www-data:www-data /var/www
sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config
sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPend/{/.*/d}' /etc/ssh/sshd_config
falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config )
if [[ -n $falus ]]; then
suffix=" www-data"
foo=${falus%$suffix}
sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config
fi
conf_write login-www-data purged
conf_write sftp-www-data purged
sudo systemctl restart ssh
echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}"
else
echo "${red}[ERROR] Invalid value for login-www-data! ${end}"
exit 1
fi
}
webinoly_uninstall() {
echo "${red}"
echo "You are about to completely remove Webinoly App from your server!!"
echo "${blu}Are you sure [y/N]? "
while read -r -n 1 -s answer; do
answer=${answer:-n}
echo ""
[[ $answer = [YyNn] ]] && break
done
if [[ $answer == [Yy] ]]; then
[[ -z $no_recovery ]] && sudo tar -Pcf $HOME/.webinoly-conf-restore_dont-remove /opt/webinoly/webinoly.conf /opt/webinoly/templates/source
[[ -z $no_recovery ]] && echo "${gre}${dim}Configuration saved!${end}"
sudo rm -rf /opt/webinoly
sudo rm /usr/bin/webinoly
sudo rm /usr/bin/stack
sudo rm /usr/bin/site
sudo rm /usr/bin/httpauth
sudo rm /usr/bin/log
echo "${gre}Webinoly App has been removed successfully from your server!${end}"
exit 0 # Only allowed here because after this Webinoly does not exist in the server!
else
echo "${red}Action aborted!${end}"
exit 1
fi
}
external_sources_update() {
echo "${blu}- Downloading Public Suffix List!${end}"
sudo wget --timeout=15 -t 1 -qrO /tmp/temp-public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat
if [[ -s /tmp/temp-public_suffix_list.dat ]]; then
echo "${blu}- Processing file!${end}"
sudo sed -i '/^\/\// d' /tmp/temp-public_suffix_list.dat
sudo sed -i '/^$/d' /tmp/temp-public_suffix_list.dat
sudo sed -i 's/[!]\+//g' /tmp/temp-public_suffix_list.dat
sudo sed -i 's/^\*\.\+//g' /tmp/temp-public_suffix_list.dat
sudo mv /tmp/temp-public_suffix_list.dat /opt/webinoly/lib/public_suffix_list.dat
echo "${gre}Domain list has been successfully updated!${end}"
else
echo "${red}[ERROR] Domain list not updated!${end}"
err_cont=true
fi
echo ""
echo "${blu}- Downloading Timezone Database!${end}"
sudo wget --timeout=15 -t 1 -qrO /tmp/timezonedb.tgz https://pecl.php.net/get/timezonedb
if [[ -s /tmp/timezonedb.tgz ]]; then
echo "${blu}- Processing file!${end}"
sudo tar -xf /tmp/timezonedb.tgz -C /tmp/ --wildcards --no-anchored timezonedb-*/timezonedb.h --strip-components=1
sudo sed -i '/^\t{.*},$/!d' /tmp/timezonedb.h
sudo cut -d'"' -f2 /tmp/timezonedb.h > /opt/webinoly/lib/timezone.dat
sudo rm /tmp/timezonedb.*
echo "${gre}Timezone Database has been successfully updated!${end}"
else
echo "${red}[ERROR] Timezone Database not updated!${end}"
exit 1
fi
}
clear_caches() {
if [[ $clear_cache =~ ^(redis|all)$ ]]; then
if [[ $(conf_read php-tool-redis) == "true" && -f /etc/redis/redis.conf ]]; then
sudo redis-cli flushall
echo "${gre}- Redis Cache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(memcache|memcached|all)$ ]]; then
if [[ $(conf_read php-tool-memcached) == "true" && -f /etc/memcached.conf ]]; then
memhost=$(grep ^-l /etc/memcached.conf | cut -f 2 -d ' ')
memport=$(grep ^-p /etc/memcached.conf | cut -f 2 -d ' ')
echo flush_all > /dev/tcp/$memhost/$memport
echo "${gre}- Memcached has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(opcache|all)$ ]]; then
if [[ $(conf_read nginx) == "true" && $(conf_read php) == "true" ]]; then
port=$(conf_read tools-port)
if [[ ! -f /var/www/$port/htdocs/php/opcache/index.php ]]; then
sudo mkdir /var/www/$port/htdocs/php/opcache
sudo touch /var/www/$port/htdocs/php/opcache/index.php
echo '<?php opcache_reset(); echo "OK\n";' > /var/www/$port/htdocs/php/opcache/index.php
sudo chown -R www-data:www-data /var/www/$port/htdocs/php/opcache
sudo chmod 644 /var/www/$port/htdocs/php/opcache/index.php
fi
wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$port/php/opcache/ > /dev/null 2>&1 &
echo "${gre}- OpCache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(fastcgi|all)$ ]]; then
if [[ $(conf_read nginx) == "true" ]]; then
sudo rm -Rf /run/nginx-cache/*
echo "${gre}- FastCgi Cache has been successfully cleared!${end}"
else
echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}"
err_cont=true
fi
fi
if [[ -f /etc/nginx/sites-available/$clear_cache ]]; then
if [[ $(conf_read nginx) == "true" && $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
sudo rm -Rf /run/nginx-cache/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')$(echo $subfolder | sed "s/\//_/g")
echo "${gre}Custom Nginx Cache for${blu} ${clear_cache}${subfolder} ${gre}has been successfully cleared!${end}"
elif ! [[ $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
echo "${red}[ERROR] Custom Cache is not enabled for this site!${end}"
err_cont=true
elif [[ $(conf_read nginx) != "true" ]]; then
echo "${red}[ERROR] We can not clear Nginx Cache because NGINX is not installed!${end}"
err_cont=true
fi
fi
}
nginx_blockip() {
if [[ -z $purge ]]; then
if [[ -n $list ]]; then
echo ""
[[ $list == "raw" || -n $raw ]] && sign="" || sign="${blu}+ "
if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then
sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p'
else
[[ $list != "raw" && -z $raw ]] && echo "${blu}[Empty] No IP's were found!"
fi
[[ $list == "raw" || -n $raw ]] && echo "" || echo "${end}"
else
[[ $blockip == true ]] && read -p "${blu}IP address to block: ${end}" blockip
# Check for list of IP's
if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then
local c=1
while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]]
do
[[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s)
local c=$(($c+1))
done
exit 0
fi
if [[ $(is_ip $blockip) == "true" ]]; then
if [[ ! -f /etc/nginx/conf.d/blockips.conf ]]; then
sudo touch /etc/nginx/conf.d/blockips.conf
sudo chmod 644 /etc/nginx/conf.d/blockips.conf
sudo chown -R root:root /etc/nginx/conf.d/blockips.conf
fi
exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf )
if [[ -z $exist ]]; then
echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}"
else
echo "${gre}IP '$blockip' is already blocked!${end}"
fi
else
echo "${red}[ERROR] Please, enter a valid IP value!${end}"
exit 1
fi
fi
elif [[ -n $purge ]]; then
[[ $blockip == true ]] && read -p "${blu}IP address to unblock: ${end}" blockip
# Check for list of IP's
if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then
local c=1
while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]]
do
[[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) -purge
local c=$(($c+1))
done
exit 0
fi
if [[ $(is_ip $blockip) == "true" ]]; then
# https://stackoverflow.com/questions/1797906/delete-using-a-different-delimiter-with-sed
[[ -f /etc/nginx/conf.d/blockips.conf ]] && sed -i "\#^deny ${blockip};#d" /etc/nginx/conf.d/blockips.conf
# Remove site-auth-file if empty.
[[ -f /etc/nginx/conf.d/blockips.conf && ! -s /etc/nginx/conf.d/blockips.conf ]] && sudo rm /etc/nginx/conf.d/blockips.conf
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully unblocked!${end}"
else
echo "${red}[ERROR] Please, enter a valid IP value!${end}"
exit 1
fi
else
echo "${red}[ERROR] Nginx file not found!${end}"
exit 1
fi
}
set_default_nginx_response() {
if [[ $default_site == true ]]; then
echo "${gre}Please, enter a valid option to set the Default-Site server response! ${end}"
read -p "${blu}default/blackhole or any existing domain: ${end}" default_site
default_site=${default_site:-NeverMatchDotCom}
fi
if [[ $default_site == "default" ]]; then
if [[ -f /opt/webinoly/templates/source/default ]]; then
sudo cat /opt/webinoly/templates/source/default >| /etc/nginx/sites-available/default
remove_domain_default_site
conf_write default-site default
conf_write default-response default
echo "${gre}Default Nginx was successfully assigned as default site!${end}"
else
echo "${red}[ERROR] Nginx Default file backup not found! ${end}"
exit 1
fi
elif [[ $default_site == "blackhole" ]]; then
sudo cat /opt/webinoly/templates/general/nginx-blackhole >| /etc/nginx/sites-available/default
remove_domain_default_site
create_blackhole_cert
conf_write default-site blackhole
conf_write default-response blackhole
echo "${gre}Blackhole Nginx site was successfully assigned as default site!${end}"
else
# Domain option
if [[ -L /etc/nginx/sites-enabled/$default_site ]]; then
remove_domain_default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site
# If default site is Non-SSL, we need add a blackhole for port 443.
if [[ $(is_ssl $default_site) == "false" ]]; then
create_blackhole_cert
sudo sed -i '1r /opt/webinoly/templates/general/nginx-blackhole' /etc/nginx/sites-available/$default_site
sudo sed -i '/NonSSL/,/NonSSLend/{/.*/d}' /etc/nginx/sites-available/$default_site
else
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site
fi
sudo rm -rf /etc/nginx/sites-enabled/default
conf_write default-site $default_site
conf_write default-response $default_site
echo "${gre}Site${blu} ${default_site} ${gre}was successfully assigned as default site!${end}"
else
[[ -f /etc/nginx/sites-available/$default_site ]] && echo "${red}Site found but is disabled.${end}"
echo "${red}[ERROR] Please, enter a valid option (default, blackhole or domain.com). ${end}"
exit 1
fi
fi
}
aws_s3_credentials() {
if [[ $aws_s3_credentials == true ]]; then
echo ""
read -p "${blu}Access Key ID: ${end}" user
read -p "${blu}Secret Access Key: ${end}" pass
echo ""
elif [[ $(echo "${aws_s3_credentials}" | cut -c-1) == "[" && $(echo "${aws_s3_credentials}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
cred=${aws_s3_credentials:1:-1}
user=$(echo "${cred}" | cut -d',' -f 1 -s)
pass=$(echo "${cred}" | cut -d',' -f 2 -s)
elif [[ $aws_s3_credentials == "awsiamrole" ]]; then
conf_write awsiamrole true
sudo rm -rf $HOME/.aws
else
echo "${red}[ERROR] Invalid AWS S3 Credentials!${end}"
exit 1
fi
if [[ $aws_s3_credentials != "awsiamrole" ]]; then
if [[ -z $user || -z $pass ]]; then
echo "${red}[ERROR] Please, enter a valid AWS S3 Access and Secret Key!${end}"
exit 1
fi
sudo rm -rf $HOME/.aws/credentials
sudo mkdir -p $HOME/.aws
sudo touch $HOME/.aws/credentials
sudo echo "[default]
aws_access_key_id = $user
aws_secret_access_key = $pass" >> $HOME/.aws/credentials
[[ -n $(conf_read awsiamrole) ]] && conf_write awsiamrole purged
fi
echo "${gre}AWS S3 Credentials successfully added!${end}"
}
database_import() {
[[ -z $file ]] && read -p "${blu}SQL file path to import: ${end}" file
if [[ -z $file || ! -f $file ]]; then
echo "${red}[ERROR] Please, enter a valid file path!${end}"
exit 1
fi
check_external_db_saved
if [[ -n $external_db ]]; then
external_db_parse
if [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ]]; then
echo "${red}[ERROR] Cannot connect with your External Database!${end}"
exit 1
fi
echo "${dim}Wait while we import your db... ${end}"
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" < $file
sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
elif [[ -z $external_db && $(check_mysql_connection localhost) == "true" ]]; then
check_for_mysql -ask
sudo mysql -u admin -p$ADMIN_PASS < $file
sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
else
echo "${red}[ERROR] A connection can not be established with MySQL localhost!${end}"
exit 1
fi
}
http_header_custom() {
if ! [[ $custom_headers =~ ^(reload|remove)$ ]]; then
echo "${red}[ERROR] Please, enter a valid option Custom Headers!${end}"
exit 1
fi
if [[ $(conf_read nginx) == "true" ]]; then
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-http.conf
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-https.conf
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-html.conf
fi
if [[ $custom_headers == "reload" && $(conf_read nginx) == "true" ]]; then
if [[ -s /opt/webinoly/templates/source/custom_header_http_webinoly.data ]]; then
local http="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_http_webinoly.data)"
if [[ -n $http ]]; then
echo "# WebinolyCustomHeaders
$http
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-http.conf
fi
fi
if [[ -s /opt/webinoly/templates/source/custom_header_https_webinoly.data ]]; then
local https="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_https_webinoly.data)"
if [[ -n $https ]]; then
echo "# WebinolyCustomHeaders
$https
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-https.conf
fi
fi
if [[ -s /opt/webinoly/templates/source/custom_header_html_webinoly.data ]]; then
local html="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_html_webinoly.data)"
if [[ -n $html ]]; then
echo "# WebinolyCustomHeaders
$html
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-html.conf
fi
fi
conf_write header-custom true
echo "${gre}Custom Headers successfully configured!${end}"
elif [[ $custom_headers == "reload" ]]; then
conf_write header-custom true
echo "${gre}Custom Headers successfully configured and it will be used next time NGINX is installed!${end}"
else
conf_write header-custom false
echo "${gre}Custom Headers successfully removed!${end}"
fi
}
Reference in a new issue View git blame Copy permalink