standard syntax
Commands converted to acept the standard syntax: - site -ssl - site -cache - webinoly -login-www-data - httpauth -wp-admin
This commit is contained in:
Cristhian Martínez Ochoa
parent
5acdf2b258
commit
338a1ef89f
5 changed files with 106 additions and 87 deletions
|
|
@ -128,7 +128,7 @@ site_ssl_off() {
|
|||
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$domain
|
||||
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{/.*/d}' /etc/nginx/sites-available/$domain
|
||||
|
||||
if [[ -n $value && $value == "force" ]]; then
|
||||
if [[ -n $value && ( $value == "force" || $value == "off-force" ) ]]; then
|
||||
answer=="N"
|
||||
else
|
||||
echo "${blu}Select 'Y' to revoke and delete all the certificate files."
|
||||
|
|
|
|||
10
lib/sites
10
lib/sites
|
|
@ -534,7 +534,7 @@ createsite() {
|
|||
fi
|
||||
|
||||
# Activate FastCgi cache
|
||||
if [[ "$cache" == "-cache" && "$wp" == [123] ]]; then
|
||||
if [[ (( $cache == "-cache" && -z $cacheflag ) || ( $cache == "-cache" && $cacheflag == 1 )) && $wp == [123] ]]; then
|
||||
sudo sed -i '/php.conf/c \ include common/wpfc.conf;' /etc/nginx/sites-available/$domain
|
||||
wp_cache_plugins
|
||||
fi
|
||||
|
|
@ -608,3 +608,11 @@ force_redirect() {
|
|||
|
||||
}
|
||||
|
||||
cache_enabled() {
|
||||
if [[ ( $cache == "-cache" || $type == "-cache" ) && $value =~ ^(on|off)$ ]]; then
|
||||
[[ $value == "on" ]] && cacheflag="1" || cacheflag="0"
|
||||
elif [[ ( $cache == "-cache" || $type == "-cache" ) && -n $value ]]; then
|
||||
echo "${red}[ERROR] Invalid value for cache option! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ if [[ ! $(conf_read nginx) == "true" ]]; then
|
|||
fi
|
||||
|
||||
# Extract value if exist
|
||||
if [[ $opt == "-add="* || $opt == "-delete="* ]]; then
|
||||
if [[ $opt == "-add="* || $opt == "-delete="* || $opt == "-wp-admin="* ]]; then
|
||||
value=$(echo "${opt}" | cut -d'=' -f 2 -s)
|
||||
opt=$(echo "${opt}" | cut -d'=' -f 1 -s)
|
||||
fi
|
||||
|
|
@ -63,22 +63,29 @@ elif [[ $opt == "-list" ]]; then
|
|||
echo "- $line" | cut -f 1 -d ':'
|
||||
done
|
||||
echo "${end}"
|
||||
elif [[ $opt == "-wp-admin-on" ]]; then
|
||||
iswpadon=$( grep -F "acl.conf;" /etc/nginx/common/wpcommon.conf )
|
||||
if [[ -z $iswpadon ]]; then
|
||||
sudo sed -i "/zone=one/a \ include common/acl.conf;" /etc/nginx/common/wpcommon.conf
|
||||
elif [[ $opt == "-wp-admin-on" || $opt == "-wp-admin-off" || $opt == "-wp-admin" ]]; then
|
||||
|
||||
if [[ $opt == "-wp-admin-on" || ( $opt == "-wp-admin" && $value == "on" ) ]]; then
|
||||
iswpadon=$( grep -F "acl.conf;" /etc/nginx/common/wpcommon.conf )
|
||||
if [[ -z $iswpadon ]]; then
|
||||
sudo sed -i "/zone=one/a \ include common/acl.conf;" /etc/nginx/common/wpcommon.conf
|
||||
sudo service nginx reload
|
||||
conf_write wp-admin-auth true
|
||||
echo "${gre}WordPress admin authentication has been enabled! ${end}"
|
||||
else
|
||||
echo "${gre}HTTP Authentication for WP Admin pages is already enabled! ${end}"
|
||||
fi
|
||||
|
||||
elif [[ $opt == "-wp-admin-off" || ( $opt == "-wp-admin" && $value == "off" ) ]]; then
|
||||
sudo sed -i "/acl.conf/d" /etc/nginx/common/wpcommon.conf
|
||||
sudo service nginx reload
|
||||
conf_write wp-admin-auth true
|
||||
echo "${gre} WordPress admin authentication has been enabled! ${end}"
|
||||
conf_write wp-admin-auth purged
|
||||
echo "${gre}WordPress admin authentication has been disabled! ${end}"
|
||||
else
|
||||
echo "${gre} HTTP Authentication for WP Admin pages is already enabled! ${end}"
|
||||
echo "${red}[ERROR] Invalid option! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
elif [[ $opt == "-wp-admin-off" ]]; then
|
||||
sudo sed -i "/acl.conf/d" /etc/nginx/common/wpcommon.conf
|
||||
sudo service nginx reload
|
||||
conf_write wp-admin-auth purged
|
||||
echo "${gre} WordPress admin authentication has been disabled! ${end}"
|
||||
else
|
||||
echo "${red}Please enter a valid option!${end}"
|
||||
fi
|
||||
|
|
|
|||
40
plugins/site
40
plugins/site
|
|
@ -30,17 +30,19 @@ if [[ -n $cache && $type =~ ^(-cache|-root|-root-path|-subdomain|-ignore-ssl|-wi
|
|||
fi
|
||||
|
||||
# Extract value if exist
|
||||
if [[ $cache == "-root="* || $cache == "-subdomain="* || $cache == "-root-path="* || $cache == "-cache="* ]]; then
|
||||
value=$(echo "${cache}" | cut -d'=' -f 2 -s)
|
||||
cache=$(echo "${cache}" | cut -d'=' -f 1 -s)
|
||||
cache_enabled
|
||||
fi
|
||||
if [[ $domain == "-mysql="* ]]; then
|
||||
value=$(echo "${domain}" | cut -d'=' -f 2 -s)
|
||||
domain=$(echo "${domain}" | cut -d'=' -f 1 -s)
|
||||
fi
|
||||
if [[ $type == "-parked="* || $type == "-proxy="* || $type == "-wp="* || $type == "-wpsubdir="* || $type == "-wpsubdom="* || $type == "-ssl-off="* || $type == "-mysql="* || $type == "-delete="* || $type == "-force-redirect="* ]]; then
|
||||
if [[ $type == "-parked="* || $type == "-proxy="* || $type == "-wp="* || $type == "-wpsubdir="* || $type == "-wpsubdom="* || $type == "-ssl-off="* || $type == "-mysql="* || $type == "-delete="* || $type == "-force-redirect="* || $type == "-cache="* || $type == "-ssl="* ]]; then
|
||||
value=$(echo "${type}" | cut -d'=' -f 2 -s)
|
||||
type=$(echo "${type}" | cut -d'=' -f 1 -s)
|
||||
fi
|
||||
if [[ $cache == "-root="* || $cache == "-subdomain="* || $cache == "-root-path="* ]]; then
|
||||
value=$(echo "${cache}" | cut -d'=' -f 2 -s)
|
||||
cache=$(echo "${cache}" | cut -d'=' -f 1 -s)
|
||||
[[ $type == "-cache" ]] && cache_enabled
|
||||
fi
|
||||
|
||||
|
||||
|
|
@ -311,21 +313,21 @@ elif [[ "$type" == "-delete" && -a /etc/nginx/sites-available/$domain ]]; then
|
|||
deletesite
|
||||
echo "${gre}Site${blu} $domain ${gre}has been successfully deleted!${end}"
|
||||
|
||||
|
||||
# SSL enabled (Letsencrypt)
|
||||
elif [[ "$type" == "-ssl-on" && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
isssl=$( grep -F "ssl_certificate_key" /etc/nginx/sites-available/$domain )
|
||||
[[ -z $isssl ]] && site_ssl_on || echo "${red}SSL is already enabled for your site -${blu} $domain ${end}"
|
||||
|
||||
|
||||
# SSL disabled (Letsencrypt)
|
||||
elif [[ "$type" == "-ssl-off" && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
# SSL (Letsencrypt)
|
||||
elif [[ ( $type == "-ssl-on" || $type == "-ssl-off" || $type == "-ssl" ) && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
isssl=$( grep -F "ssl_certificate_key" /etc/nginx/sites-available/$domain )
|
||||
[[ -n $isssl ]] && site_ssl_off || echo "${red}SSL is already disabled for your site -${blu} $domain ${end}"
|
||||
|
||||
if [[ ( $type == "-ssl-on" && -z $value ) || ( $type == "-ssl" && $value == "on" ) ]]; then
|
||||
[[ -z $isssl ]] && site_ssl_on || echo "${red}SSL is already enabled for your site -${blu} $domain ${end}"
|
||||
elif [[ ( $type == "-ssl-off" || ( $type == "-ssl" && ( $value == "off" || $value == "off-force" ))) ]]; then
|
||||
[[ -n $isssl ]] && site_ssl_off || echo "${red}SSL is already disabled for your site -${blu} $domain ${end}"
|
||||
else
|
||||
echo "${red}[ERROR] Invalid option for SSL command! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# FastCGI Cache disabled
|
||||
elif [[ "$type" == "-nocache" && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
elif [[ ( $type == "-nocache" || ( $type == "-cache" && $cacheflag == 0 )) && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
isfc=$( grep -F "wpfc.conf" /etc/nginx/sites-available/$domain )
|
||||
if [[ -n $isfc ]]; then
|
||||
sudo sed -i '/wpfc.conf/c \ include common/php.conf;' /etc/nginx/sites-available/$domain
|
||||
|
|
@ -336,7 +338,7 @@ elif [[ "$type" == "-nocache" && -a /etc/nginx/sites-available/$domain ]]; then
|
|||
|
||||
|
||||
# FastCGI Cache enabled
|
||||
elif [[ "$type" == "-cache" && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
elif [[ (( $type == "-cache" && -z $value ) || ( $type == "-cache" && $cacheflag == 1 )) && -a /etc/nginx/sites-available/$domain ]]; then
|
||||
isphp=$( grep -F "php.conf" /etc/nginx/sites-available/$domain )
|
||||
iswp=$( grep -F "wpcommon.conf" /etc/nginx/sites-available/$domain )
|
||||
if [[ -n $isphp && -n $iswp ]]; then
|
||||
|
|
@ -367,11 +369,11 @@ elif [[ "$type" == "-force-redirect" && -a /etc/nginx/sites-available/$domain ]]
|
|||
|
||||
|
||||
# Catch ERROR
|
||||
elif [[ ! -a /etc/nginx/sites-available/$domain && $type =~ ^(-nocache|-cache|-delete|-off|-on|-ssl-on|-ssl-off|-force-redirect)$ ]]; then
|
||||
elif [[ ! -a /etc/nginx/sites-available/$domain && $type =~ ^(-nocache|-cache|-delete|-off|-on|-ssl|-ssl-on|-ssl-off|-force-redirect)$ ]]; then
|
||||
echo "${red}Site${blu} $domain ${red}doesn't exists!${end}"
|
||||
else
|
||||
[[ -z $type ]] && type=$domain
|
||||
echo "${red} Argument '${type}' is not a valid option! ${end}"
|
||||
echo "${red}Argument '${type}' is not a valid option! ${end}"
|
||||
fi
|
||||
|
||||
shopt -u extglob
|
||||
|
|
|
|||
108
plugins/webinoly
108
plugins/webinoly
|
|
@ -8,7 +8,7 @@ opt=$1
|
|||
source /opt/webinoly/lib/webin
|
||||
|
||||
# Extract value if exist
|
||||
if [[ $opt == "-tools-port="* || $opt == "-config-cache="* || $opt == "-clear-cache="* || $opt == "-server-update="* || $opt == "-server-reset="* || $opt == "-timezone="* || $opt == "-update="* || $opt == "-blockip="* || $opt == "-unblockip="* || $opt == "-conf-value_"* || $opt == "-yoast-sitemap="* ]]; then
|
||||
if [[ $opt == "-tools-port="* || $opt == "-config-cache="* || $opt == "-clear-cache="* || $opt == "-server-update="* || $opt == "-server-reset="* || $opt == "-timezone="* || $opt == "-update="* || $opt == "-blockip="* || $opt == "-unblockip="* || $opt == "-conf-value_"* || $opt == "-yoast-sitemap="* || $opt == "-login-www-data="* ]]; then
|
||||
value=$(echo "${opt}" | cut -d'=' -f 2 -s)
|
||||
opt=$(echo "${opt}" | cut -d'=' -f 1 -s)
|
||||
# Prevent cases like -conf-value where is valid enter a value without = causing empty opt.
|
||||
|
|
@ -96,30 +96,36 @@ elif [[ $opt == "-tools-port" ]]; then
|
|||
fi
|
||||
|
||||
|
||||
elif [[ $opt == "-login-www-data" ]]; then
|
||||
elif [[ $opt == "-login-www-data" || $opt == "-nologin-www-data" ]]; then
|
||||
if [[ $(conf_read nginx) != "true" ]]; then
|
||||
echo "${red} Nginx not found! ${end}"
|
||||
echo "${red}Nginx not found! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
if [[ $(conf_read login-www-data) == "true" ]]; then
|
||||
echo "${red} User www-data already have SFTP access! ${end}"
|
||||
if [[ -n $value && ! $value =~ ^(on|off)$ ]]; then
|
||||
echo "${red}[ERROR] Invalid option! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Allow access for www-data user
|
||||
sudo mkdir -p /var/www/.ssh
|
||||
sudo chmod 700 /var/www/.ssh
|
||||
sudo cat $HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
|
||||
sudo chmod 600 /var/www/.ssh/*
|
||||
sudo chown -R www-data:www-data /var/www
|
||||
if [[ ( $opt == "-login-www-data" && -z $value ) || ( $opt == "-login-www-data" && $value == "on" ) ]]; then
|
||||
if [[ $(conf_read login-www-data) == "true" ]]; then
|
||||
echo "${red}User www-data already have SFTP access! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Allow access for www-data user
|
||||
sudo mkdir -p /var/www/.ssh
|
||||
sudo chmod 700 /var/www/.ssh
|
||||
sudo cat $HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
|
||||
sudo chmod 600 /var/www/.ssh/*
|
||||
sudo chown -R www-data:www-data /var/www
|
||||
|
||||
# www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells
|
||||
sudo usermod -s /usr/lib/openssh/sftp-server www-data
|
||||
sudo addgroup --system sftponly
|
||||
sudo usermod -G sftponly www-data
|
||||
sudo chown root:root /var/www
|
||||
sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config
|
||||
sudo echo '# WebinolySFTPstart
|
||||
# www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells
|
||||
sudo usermod -s /usr/lib/openssh/sftp-server www-data
|
||||
sudo addgroup --system sftponly
|
||||
sudo usermod -G sftponly www-data
|
||||
sudo chown root:root /var/www
|
||||
sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config
|
||||
sudo echo '# WebinolySFTPstart
|
||||
Match Group sftponly
|
||||
ChrootDirectory /var/www
|
||||
X11Forwarding no
|
||||
|
|
@ -127,44 +133,40 @@ AllowTcpForwarding no
|
|||
ForceCommand internal-sftp
|
||||
# WebinolySFTPend' >> /etc/ssh/sshd_config
|
||||
|
||||
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
||||
if [[ -n $falus ]]; then
|
||||
sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config
|
||||
fi
|
||||
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
||||
if [[ -n $falus ]]; then
|
||||
sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
conf_write login-www-data true
|
||||
sudo service ssh restart
|
||||
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
|
||||
conf_write login-www-data true
|
||||
sudo service ssh restart
|
||||
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
|
||||
|
||||
elif [[ $opt == "-nologin-www-data" || ( $opt == "-login-www-data" && $value == "off" ) ]]; then
|
||||
if [[ $(conf_read login-www-data) != "true" ]]; then
|
||||
echo "${red}User www-data already have no SFTP access! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo rm -rf /var/www/.ssh
|
||||
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
|
||||
sudo gpasswd -d www-data sftponly
|
||||
sudo delgroup sftponly
|
||||
sudo chown www-data:www-data /var/www
|
||||
sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config
|
||||
sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPstart/{/.*/d}' /etc/ssh/sshd_config
|
||||
|
||||
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
||||
if [[ -n $falus ]]; then
|
||||
suffix="www-data"
|
||||
foo=${falus%$suffix}
|
||||
sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
|
||||
elif [[ $opt == "-nologin-www-data" ]]; then
|
||||
if [[ $(conf_read nginx) != "true" ]]; then
|
||||
echo "${red} Nginx not found! ${end}"
|
||||
exit 1
|
||||
conf_write login-www-data purged
|
||||
sudo service ssh restart
|
||||
echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}"
|
||||
fi
|
||||
if [[ $(conf_read login-www-data) != "true" ]]; then
|
||||
echo "${red} User www-data already have no SFTP access! ${end}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo rm -rf /var/www/.ssh
|
||||
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
|
||||
sudo gpasswd -d www-data sftponly
|
||||
sudo delgroup sftponly
|
||||
sudo chown www-data:www-data /var/www
|
||||
sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config
|
||||
sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPstart/{/.*/d}' /etc/ssh/sshd_config
|
||||
|
||||
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
||||
if [[ -n $falus ]]; then
|
||||
suffix="www-data"
|
||||
foo=${falus%$suffix}
|
||||
sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
conf_write login-www-data purged
|
||||
sudo service ssh restart
|
||||
echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}"
|
||||
|
||||
|
||||
elif [[ $opt == "-config-cache" ]]; then
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue