356 lines
15 KiB
Bash
356 lines
15 KiB
Bash
#!/bin/bash
|
|
|
|
echo "${red}"
|
|
echo "[WARNING] Your server configuration will be updated and all changes you manually did will be lost!!"
|
|
echo "${blu}Current server version 'v$oldver' will be upgraded to the newest 'v$newver'."
|
|
echo "${bol}"
|
|
read -n 1 -s -r -p "Press any key to continue..."
|
|
echo ""
|
|
echo "${end}${dim}This is going to take a little bit of time...${end}"
|
|
conf_write stack-update running
|
|
api-events_update wysus
|
|
sleep 1
|
|
|
|
|
|
# v1.5.0
|
|
onezero_to_oneone() {
|
|
|
|
if [[ $(conf_read mysql-tool-pma) == "true" ]]; then
|
|
# Remove old phpMyAdmin
|
|
echo "phpmyadmin phpmyadmin/dbconfig-remove boolean true" | debconf-set-selections
|
|
echo "phpmyadmin phpmyadmin/purge boolean true" | debconf-set-selections
|
|
sudo apt-get -y purge phpmyadmin
|
|
sudo apt-get -y autoremove
|
|
sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/pma
|
|
conf_write mysql-tool purged
|
|
|
|
# Install new phpMyAdmin
|
|
sudo stack -pma
|
|
fi
|
|
|
|
if [[ $(conf_read nginx-tool) == "true" ]]; then
|
|
# Install LetsEncrypt
|
|
echo | sudo add-apt-repository ppa:certbot/certbot
|
|
sudo apt -qq update
|
|
sudo apt-get -y install certbot
|
|
|
|
cronrene=$( sudo grep -F "letsencrypt renew" /var/spool/cron/crontabs/root )
|
|
[[ -n $cronrene ]] && sudo sed -i '/letsencrypt renew/c\15 3 * * 7 certbot renew --post-hook "service nginx restart"' /var/spool/cron/crontabs/root
|
|
|
|
sudo echo "
|
|
staple-ocsp = True
|
|
must-staple = True" | tee -a /etc/letsencrypt/cli.ini
|
|
|
|
for site in "/etc/nginx/sites-available"/*
|
|
do
|
|
domi=$(echo $site | cut -f 5 -d "/")
|
|
[[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) && $domi != *".dpkg-"* ]] && sudo sed -i "/#include \/var\/www\//c\ include /var/www/$domi/*-nginx.conf;" /etc/nginx/sites-available/$domi
|
|
done
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
# v1.6.0
|
|
oneone_to_onetwo() {
|
|
# Forgot doing it in 1.1 update
|
|
sudo apt-get -y install zip
|
|
}
|
|
|
|
|
|
# v1.7.0
|
|
onetwo_to_onethree() {
|
|
# Nginx "ssl on" directive is now deprecated - remove it!
|
|
for site in "/etc/nginx/sites-available"/*
|
|
do
|
|
domi=$(echo $site | cut -f 5 -d "/")
|
|
[[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]] && sudo sed -i "/ssl on;/c\ #ssl on;" /etc/nginx/sites-available/$domi
|
|
done
|
|
|
|
# swappines is now included by default in linux optimization.
|
|
sudo sed -i '/vm.swappiness/d' /etc/sysctl.conf
|
|
|
|
# Now we need a backup of default Nginx file for "default-site" command.
|
|
[[ -a /etc/nginx/sites-available/default ]] && sudo cp -p /etc/nginx/sites-available/default /opt/webinoly/templates/source/
|
|
}
|
|
|
|
|
|
# v1.9.0
|
|
onethree_to_onefour() {
|
|
sudo rm /opt/webinoly/templates/nginx/conf.d/blockips.conf
|
|
if [[ $(conf_read nginx) == "true" ]]; then
|
|
sudo mkdir -p /etc/nginx/apps.d
|
|
sudo cp /etc/nginx/common/acl.conf /opt/webinoly/templates/source/acl.conf.old
|
|
grep "^allow [^127.0.0.1]" /opt/webinoly/templates/source/acl.conf.old > /etc/nginx/apps.d/whitelist-acl.conf
|
|
[[ -f /etc/nginx/apps.d/whitelist-acl.conf && ( ! -s /etc/nginx/apps.d/whitelist-acl.conf || -z $(cat -v /etc/nginx/apps.d/whitelist-acl.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/apps.d/whitelist-acl.conf
|
|
[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i "/acl.conf;/i \ include common\/auth.conf;" /etc/nginx/sites-available/$(conf_read tools-port)
|
|
|
|
for site in "/etc/nginx/sites-available"/*
|
|
do
|
|
domi=$(echo $site | cut -f 5 -d "/")
|
|
if [[ -f /etc/nginx/sites-available/$domi && $domi != "html" && $domi != $(conf_read tools-port) ]]; then
|
|
if [[ $(is_proxy $domi) == "true" ]]; then
|
|
pat="\t}"
|
|
elif [[ $(is_wp $domi) == "true" || $(is_php $domi) == "true" ]]; then
|
|
pat="index"
|
|
else
|
|
pat="\tlocation \/ { try"
|
|
fi
|
|
sudo sed -i "/$pat/a \ # WebinolyCustomEnd" /etc/nginx/sites-available/$domi
|
|
sudo sed -i "/$pat/a \ # WebinolyCustom" /etc/nginx/sites-available/$domi
|
|
sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi
|
|
sudo sed -i "/$pat/a \ include common\/auth.conf;" /etc/nginx/sites-available/$domi
|
|
sudo sed -i "/$pat/a \ " /etc/nginx/sites-available/$domi
|
|
|
|
if [[ $(is_wp $domi) == "true" ]]; then
|
|
[[ $(conf_read wp-admin-auth) == "purged" ]] && sudo httpauth $domi -wp-admin=off
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
|
|
# v1.12.0
|
|
onefour_to_onefive() {
|
|
sudo sed -i '/ HTTP_PROXY /d' /etc/nginx/fastcgi_params
|
|
sudo sed -i '/ SCRIPT_FILENAME /d' /etc/nginx/fastcgi_params
|
|
sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf
|
|
sudo rm -rf /var/log/php$(conf_read php-ver)-slog.log
|
|
|
|
sudo touch /var/www/$(conf_read tools-port)/htdocs/ping
|
|
sudo touch /var/www/$(conf_read tools-port)/htdocs/status
|
|
sudo touch /var/www/$(conf_read tools-port)/htdocs/nginx_status
|
|
sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/fpm
|
|
|
|
if [[ $(conf_read nginx-ppa) == "mainline" ]]; then
|
|
echo | sudo add-apt-repository --remove 'ppa:nginx/development'
|
|
echo | sudo add-apt-repository ppa:ondrej/nginx-mainline
|
|
else
|
|
echo | sudo add-apt-repository --remove 'ppa:nginx/stable'
|
|
echo | sudo add-apt-repository ppa:ondrej/nginx
|
|
fi
|
|
}
|
|
|
|
|
|
# v1.14.0
|
|
onefive_to_onesix() {
|
|
sudo apt-key adv --fetch-keys 'https://nginx.org/keys/nginx_signing.key'
|
|
if [[ $(conf_read nginx-ppa) == "mainline" ]]; then
|
|
echo | sudo add-apt-repository --remove 'ppa:ondrej/nginx-mainline'
|
|
sudo add-apt-repository "deb https://nginx.org/packages/mainline/ubuntu/ $(check_osname) nginx"
|
|
else
|
|
echo | sudo add-apt-repository --remove 'ppa:ondrej/nginx'
|
|
sudo add-apt-repository "deb https://nginx.org/packages/ubuntu/ $(check_osname) nginx"
|
|
fi
|
|
|
|
#Fix new Nginx repo
|
|
sudo apt update
|
|
sudo apt-get install -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' nginx
|
|
[[ $(conf_read php) != "true" ]] && sudo apt-key del E5267A6C # ondrej
|
|
|
|
# Just to be sure in case of added with new nginx package
|
|
[[ -f /etc/nginx/conf.d/default.conf ]] && sudo rm /etc/nginx/conf.d/default.conf
|
|
|
|
sudo nginx -t && sudo systemctl start nginx
|
|
sudo systemctl enable nginx
|
|
|
|
[[ $(conf_read php) == "true" ]] && sudo apt -y install ghostscript
|
|
|
|
sudo apt -y remove certbot
|
|
echo | sudo add-apt-repository --remove 'ppa:certbot/certbot'
|
|
local certb=0
|
|
while [[ $certb -le 3 ]]
|
|
do
|
|
sudo snap install core
|
|
sudo snap refresh core
|
|
sudo snap install --classic certbot
|
|
|
|
# SNAP Repo fails a lot, so we need to be sure and retry!!!
|
|
if [[ ! -f /snap/bin/certbot ]]; then
|
|
local certb=$(($certb+1))
|
|
[[ $certb -le 3 ]] && echo "${red}[ERROR] Certbot installation failed!${dim} We will retry in a moment...($(($certb*30))s)${end}"
|
|
[[ $certb -gt 3 ]] && echo "${red}[ERROR] Fatal Error: Certbot cannot be installed after 3 retries!${end}" || sleep $(($certb*20))
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
[[ ! -L /usr/bin/certbot ]] && sudo ln -s /snap/bin/certbot /usr/bin/certbot
|
|
}
|
|
|
|
|
|
# v1.16.0
|
|
onesix_to_oneseven() {
|
|
[[ $(conf_read php-tool) == "true" && -f /etc/postfix/main.cf ]] && sudo sed -i '/smtpd_banner =/c \smtpd_banner = $myhostname ESMTP' /etc/postfix/main.cf
|
|
[[ $(conf_read mysql-client) == "true" && -z $(conf_read mysql-ver) ]] && conf_write mysql-ver $(sudo mysql -V | cut -f 6 -d " " -s | cut -f -2 -d "." -s)
|
|
|
|
[[ $(conf_read mysql) == "true" ]] && conf_write mysql-optim true
|
|
[[ $(conf_read mysql-tool) == "true" ]] && conf_write mysql-tool-pma true && conf_delete mysql-tool
|
|
[[ $(conf_read nginx-tool) == "true" ]] && conf_write nginx-tool-ssl true && conf_write nginx-tool-bkp true && conf_delete nginx-tool
|
|
[[ $(conf_read php-tool) == "true" ]] && conf_write php-tool-postfix true && conf_write php-tool-redis true && conf_write php-tool-memcached true && conf_delete php-tool
|
|
|
|
|
|
if [[ -s /opt/webinoly/templates/source/csp_webinoly.data ]]; then
|
|
conf_write header-csp "$(sed -n '1p' /opt/webinoly/templates/source/csp_webinoly.data)"
|
|
sudo mv /opt/webinoly/templates/source/csp_webinoly.data /opt/webinoly/templates/source/csp_webinoly.data.old
|
|
fi
|
|
if [[ -s /opt/webinoly/templates/source/pph_webinoly.data ]]; then
|
|
conf_write header-permissions "$(sed -n '1p' /opt/webinoly/templates/source/pph_webinoly.data)"
|
|
sudo mv /opt/webinoly/templates/source/pph_webinoly.data /opt/webinoly/templates/source/pph_webinoly.data.old
|
|
fi
|
|
if [[ -s /opt/webinoly/templates/source/cch_webinoly.data ]]; then
|
|
conf_write header-cache-control "$(sed -n '1p' /opt/webinoly/templates/source/cch_webinoly.data)"
|
|
sudo mv /opt/webinoly/templates/source/cch_webinoly.data /opt/webinoly/templates/source/cch_webinoly.data.old
|
|
fi
|
|
if [[ -s /opt/webinoly/templates/source/rob_webinoly.data ]]; then
|
|
conf_write header-robots "$(sed -n '1p' /opt/webinoly/templates/source/rob_webinoly.data)"
|
|
sudo mv /opt/webinoly/templates/source/rob_webinoly.data /opt/webinoly/templates/source/rob_webinoly.data.old
|
|
fi
|
|
|
|
|
|
for site in "/etc/nginx/sites-available"/*
|
|
do
|
|
local domi=$(echo $site | cut -f 5 -d "/")
|
|
if [[ $domi != "html" && $domi != $(conf_read tools-port) && -f /etc/nginx/sites-available/$domi ]]; then
|
|
sudo sed -i '/headers-html.conf;/d' /etc/nginx/sites-available/$domi
|
|
sudo sed -i '/headers-https.conf;/d' /etc/nginx/sites-available/$domi
|
|
if [[ $(is_ssl $domi) == "true" ]]; then
|
|
sudo sed -i '/headers-http.conf;/c \ include common/headers.conf;' /etc/nginx/sites-available/$domi
|
|
else
|
|
sudo sed -i '/headers-http.conf;/c \ include common/header.conf;' /etc/nginx/sites-available/$domi
|
|
|
|
for pxy in "/etc/nginx/apps.d/${domi}"*-proxy.conf
|
|
do
|
|
[[ -f $pxy ]] && sudo sed -i '/CacheStaticFiles/,/expires max;/{/headers-https.conf;/d}' $pxy
|
|
done
|
|
fi
|
|
|
|
if [[ $(is_parked $domi) == "true" ]]; then
|
|
local main=$(grep -G "root .*;" /etc/nginx/sites-available/$domi | cut -d'/' -f 4)
|
|
if [[ -f /etc/nginx/sites-available/$main ]]; then
|
|
sed -i "/include \/var\/www\/$main/a \ include \/var\/www\/${main}/*-$(echo $domi | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$domi
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
|
|
if [[ -f /opt/webinoly/webinoly.conf ]]; then
|
|
mv /opt/webinoly/webinoly.conf /opt/webinoly/webinoly.conf.old
|
|
IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this.
|
|
for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf.old)
|
|
do
|
|
conf_write $(echo $i | cut -d':' -f 1 -s) $(echo $i | cut -d':' -f 2- -s)
|
|
done
|
|
fi
|
|
|
|
[[ $(conf_read php) != "true" && $(conf_read nginx) == "true" ]] && nginx_tool_site
|
|
#[[ $(conf_read php) == "true" ]] && sudo apt -y install php$(conf_read php-ver)-intl
|
|
|
|
if [[ $(conf_read nginx-tool-bkp) == "true" ]]; then
|
|
sudo apt -y purge duplicity duply python-boto
|
|
conf_write nginx-tool-bkp purged
|
|
[[ $(check_osname) == "bionic" ]] && sudo apt -y install python3-boto # Not break the old profiles
|
|
local reinstall_bkp="true"
|
|
fi
|
|
if [[ $(conf_read php-tool-redis) == "true" ]]; then
|
|
sudo apt -y purge redis-server
|
|
echo | sudo add-apt-repository --remove 'ppa:chris-lea/redis-server'
|
|
sudo apt-key del C7917B12
|
|
conf_write php-tool-redis purged
|
|
local reinstall_redis="true"
|
|
fi
|
|
|
|
# All of these is here separated to prevent errors when verify runs inside the stack command
|
|
sudo webinoly -server-reset=nginx
|
|
[[ -n $reinstall_bkp ]] && stack -backups
|
|
[[ -n $reinstall_redis ]] && stack -redis
|
|
|
|
sudo apt -yqq autoremove
|
|
}
|
|
|
|
|
|
# v1.17.0
|
|
oneseven_to_oneight() {
|
|
# We are doing here, not before, just because is now mandatory, WP health is giving messages!!
|
|
if [[ $(conf_read php) == "true" ]]; then
|
|
sudo apt update
|
|
sudo apt -y install php$(conf_read php-ver)-intl
|
|
fi
|
|
|
|
# Regenerate conf file
|
|
if [[ -f /opt/webinoly/webinoly.conf ]]; then
|
|
mv /opt/webinoly/webinoly.conf /opt/webinoly/webinoly.conf.old
|
|
IFS=$'\n' # FOR loop takes whitespace as a delimiter, so IFS overwrite this.
|
|
for i in $(grep -E "^([a-z\-]+)\:.*$" /opt/webinoly/webinoly.conf.old)
|
|
do
|
|
conf_write $(echo $i | cut -d':' -f 1 -s) $(echo $i | cut -d':' -f 2- -s)
|
|
done
|
|
fi
|
|
|
|
# Duplicity: remove snap, instal from pip
|
|
if [[ $(conf_read nginx-tool-bkp) == "true" && -z $(conf_read bkp-source-tmp) ]]; then
|
|
sudo snap remove duplicity
|
|
conf_write nginx-tool-bkp purged
|
|
stack -backups
|
|
else
|
|
conf_delete bkp-source-tmp
|
|
fi
|
|
|
|
# Loop All Sites
|
|
for site in "/etc/nginx/sites-available"/*
|
|
do
|
|
local domi=$(echo $site | cut -f 5 -d "/")
|
|
if [[ $domi != "html" && $domi != $(conf_read tools-port) && -f /etc/nginx/sites-available/$domi ]]; then
|
|
# All sites
|
|
sed -i "/include \/var\/www\/$domi\/\*-nginx.conf;/a \ include \/etc\/nginx\/conf.d\/\*.conf.srv;" /etc/nginx/sites-available/$domi
|
|
|
|
# Parked: Shared Nginx conf for main site
|
|
if [[ $(is_parked $domi) == "true" ]]; then
|
|
local main=$(grep -G "root .*;" /etc/nginx/sites-available/$domi | cut -d'/' -f 4)
|
|
if [[ -f /etc/nginx/sites-available/$main ]]; then
|
|
sed -i "/include \/var\/www\/$main\/\*-nginx.conf;/a \ include \/etc\/nginx\/conf.d\/\*.conf.srv;" /etc/nginx/sites-available/$domi
|
|
sed -i "/include \/var\/www\/${main}\/\*-$(echo $main | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;/d" /etc/nginx/sites-available/$main
|
|
sed -i "/include \/var\/www\/$main\/\*-nginx.conf;/a \ include \/var\/www\/${main}\/\*-$(echo $main | sed "s/[^0-9A-Za-z]/_/g")_parked.conf;" /etc/nginx/sites-available/$main
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# Remove the old kernel method
|
|
sudo sed -i '/WebinolyStart/,/WebinolyEnd/{/.*/d}' /etc/sysctl.conf
|
|
|
|
# New Admin Tools site!
|
|
if [[ -n $(conf_read tools-port) && -d /var/www/$(conf_read tools-port) && -f /etc/nginx/sites-available/$(conf_read tools-port) ]]; then
|
|
sudo mkdir -p /var/www/$ADMIN_TOOLS_SITE
|
|
sudo cp -rp /var/www/$(conf_read tools-port)/* /var/www/$ADMIN_TOOLS_SITE
|
|
sudo rm -rf /var/www/$(conf_read tools-port)
|
|
sudo mv /etc/nginx/sites-available/$(conf_read tools-port) /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
|
|
sudo rm -rf /etc/nginx/sites-enabled/$(conf_read tools-port)
|
|
sudo ln -s /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE
|
|
sudo sed -i "s#www/$(conf_read tools-port)/htdocs#www/$ADMIN_TOOLS_SITE/htdocs#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
|
|
sudo sed -i "s#$(conf_read tools-port).access.log#${ADMIN_TOOLS_SITE}.access.log#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
|
|
sudo sed -i "s#$(conf_read tools-port).error.log#${ADMIN_TOOLS_SITE}.error.log#g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
|
|
# Fix permissions not needed - it will be done in server-reset later!
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Version numbers without point
|
|
[[ ${oldver//.} -lt 11 ]] && onezero_to_oneone
|
|
[[ ${oldver//.} -lt 12 ]] && oneone_to_onetwo
|
|
[[ ${oldver//.} -lt 13 ]] && onetwo_to_onethree
|
|
[[ ${oldver//.} -lt 14 ]] && onethree_to_onefour
|
|
[[ ${oldver//.} -lt 15 ]] && onefour_to_onefive
|
|
[[ ${oldver//.} -lt 16 ]] && onefive_to_onesix
|
|
[[ ${oldver//.} -lt 17 ]] && onesix_to_oneseven
|
|
[[ ${oldver//.} -lt 18 ]] && oneseven_to_oneight
|
|
|
|
# Update PIP packages!
|
|
sudo pip3 install --upgrade duplicity 2>&1 | grep -v "pip as the 'root' user"
|
|
|
|
api-events_update wysue
|
|
conf_delete stack-update
|
|
sudo webinoly -server-reset
|
|
echo "${gre}Your server-configuration has been successfully updated!${end}"
|