From f7babc01f6a370979907f4f547f9560fcd239ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristhian=20Mart=C3=ADnez=20Ochoa?= Date: Sun, 8 Sep 2019 12:27:56 -0600 Subject: [PATCH] fixes and improvements - Fixed SSL for parked sites. - Fixed tools-port failong in some rare cases. - SH command removed. - blockip list standarized. - Smart httpauth command for nginx reloading. --- lib/general | 2 +- plugins/httpauth | 15 ++++++++++++--- plugins/site | 2 +- plugins/webinoly | 13 +++++++++---- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/lib/general b/lib/general index 4f5293b..b3467e7 100644 --- a/lib/general +++ b/lib/general @@ -1,6 +1,6 @@ #!/bin/bash -readonly app_version="1.9.0" +readonly app_version="1.9.1" readonly svr_version="1.4" readonly os_ubuntu_supported=(xenial bionic) readonly php_supported=(7.1 7.2 7.3) diff --git a/plugins/httpauth b/plugins/httpauth index db0a454..23b0663 100644 --- a/plugins/httpauth +++ b/plugins/httpauth @@ -63,7 +63,7 @@ if [[ -n $add ]]; then exist=$( grep -E "^${user}:" /etc/nginx/$authfile ) if [[ -z $exist ]]; then - sudo sh -c "echo -n '$user:$(openssl passwd -1 $pass)\n' >> /etc/nginx/$authfile" + echo "$user:$(openssl passwd -1 $pass)" >> /etc/nginx/$authfile echo "${gre}User '$user' has been added successfully!${end}" else echo "${red}[ERROR] Can not create '$user' user because already exist!${end}" @@ -112,6 +112,7 @@ elif [[ -n $wp_admin ]]; then echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been enabled! ${end}" else echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already enabled! ${end}" + nginx_not="true" # Nginx-Reload not-needed. fi elif [[ $wp_admin == "off" && -n $domain ]]; then @@ -125,13 +126,16 @@ elif [[ -n $wp_admin ]]; then echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been disabled! ${end}" else echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already disabled! ${end}" + nginx_not="true" # Nginx-Reload not-needed. fi elif [[ $wp_admin == "on" ]]; then conf_write wp-admin-auth true echo "${gre}WordPress Admin HTTP Authentication has been enabled! (global)${end}" + nginx_not="true" # Nginx-Reload not-needed. elif [[ $wp_admin == "off" ]]; then conf_write wp-admin-auth purged echo "${gre}WordPress Admin HTTP Authentication has been disabled! (global)${end}" + nginx_not="true" # Nginx-Reload not-needed. else echo "${red}[ERROR] Invalid value for wp-admin! ${end}" exit 1 @@ -161,10 +165,11 @@ elif [[ -n $whitelist ]]; then fi exist=$( grep -E "^allow $whitelist;$" /etc/nginx/apps.d/whitelist-acl.conf ) if [[ -z $exist ]]; then - sh -c "echo -n 'allow ${whitelist};\n' >> /etc/nginx/apps.d/whitelist-acl.conf" + echo "allow ${whitelist};" >> /etc/nginx/apps.d/whitelist-acl.conf echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully whitelisted!${end}" else echo "${gre}IP '$whitelist' is already whitelisted!${end}" + nginx_not="true" # Nginx-Reload not-needed. fi else echo "${red}[ERROR] Please, enter a valid IP value!${end}" @@ -205,6 +210,7 @@ elif [[ -n $path && -n $domain ]]; then echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}" else echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}" + nginx_not="true" # Nginx-Reload not-needed. fi elif [[ $(is_proxy $domain) == "true" ]]; then echo "${red}[ERROR] HTTP Authentication is not allowed in subfolders (only root '/' is allowed) for Reverse Proxy sites!${end}" @@ -243,6 +249,7 @@ location $sign$path { echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}" else echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}" + nginx_not="true" # Nginx-Reload not-needed. fi else echo "${red}[ERROR] Please, enter a valid URL path!${end}" @@ -290,6 +297,7 @@ elif [[ $list == "protected" && -n $domain ]]; then echo "[Empty] No protected paths were found!" fi [[ -n $raw ]] && echo "" || echo "${end}" + nginx_not="true" # Nginx-Reload not-needed. elif [[ -n $list ]]; then @@ -307,6 +315,7 @@ elif [[ -n $list ]]; then fi [[ ! -s /etc/nginx/$authfile && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}" echo "" + nginx_not="true" # Nginx-Reload not-needed. else @@ -314,5 +323,5 @@ else exit 1 fi -[[ $(conf_read nginx) == "true" ]] && sudo service nginx reload +[[ $(conf_read nginx) == "true" && -z $nginx_not ]] && sudo service nginx reload api-events_update hae diff --git a/plugins/site b/plugins/site index e3d998c..36f656b 100644 --- a/plugins/site +++ b/plugins/site @@ -376,7 +376,7 @@ elif [[ -n $parked && -n $domain ]]; then sudo cat /etc/nginx/sites-available/$mapto > /etc/nginx/sites-available/$domain # Prevent if SSL is enabled in main site and ssl data is copied to parked site causing an error. - sudo site $domain -ssl-off=force > /dev/null 2>&1 & + sudo site $domain -ssl=off -revoke=off > /dev/null 2>&1 & sudo sed -i "/server_name/c \ $sername" /etc/nginx/sites-available/$domain sudo sed -i "s/$mapto/$domain/g" /etc/nginx/sites-available/$domain diff --git a/plugins/webinoly b/plugins/webinoly index 960f8eb..3f539a8 100644 --- a/plugins/webinoly +++ b/plugins/webinoly @@ -94,7 +94,11 @@ elif [[ -n $tools_port ]]; then [[ $tools_port != true ]] && tools_port $tools_port || tools_port newport="$(conf_read tools-port)" if [[ $oldport != $newport && $(conf_read nginx-tool) == "true" && $(conf_read nginx) == "true" ]]; then - sudo mv /var/www/$oldport /var/www/$newport + # MV in some edge cases fails to rename, specially when so much files are within the directories. + sudo mkdir -p /var/www/$newport + sudo cp -rp /var/www/$oldport/* /var/www/$newport + sudo rm -rf /var/www/$oldport + sudo mv /etc/nginx/sites-available/$oldport /etc/nginx/sites-available/$newport sudo rm /etc/nginx/sites-enabled/$oldport sudo ln -s /etc/nginx/sites-available/$newport /etc/nginx/sites-enabled/$newport @@ -440,9 +444,10 @@ elif [[ -n $blockip ]]; then check_for_nginx -ask if [[ -z $purge ]]; then if [[ -n $list ]]; then - [[ $list == "raw" || -n $raw ]] && echo "" || echo "${blu}" + echo "" + [[ -n $raw ]] && sign="" || sign="${blu}+ " if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then - sudo sed -n 's/^deny //p;' /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p' + sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p' else echo "[Empty] No IP's were found!" fi @@ -457,7 +462,7 @@ elif [[ -n $blockip ]]; then fi exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf ) if [[ -z $exist ]]; then - sh -c "echo -n 'deny $blockip;\n' >> /etc/nginx/conf.d/blockips.conf" + echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}" else echo "${gre}IP '$blockip' is already blocked!${end}"