438 lines
16 KiB
Bash
438 lines
16 KiB
Bash
#!/bin/bash
|
|
|
|
# Webinoly Server Manager Plugin
|
|
# Syntax: webinoly <option>
|
|
# Options: -update, -server-update or -server-reset, -verify, -dbpass, -tools-port, -login-www-data, -nologin-www-data, -config-cache, -uninstall, -info, -external-sources-update, -clear-cache, -version, -blockip, -unblockip, -conf-value_, -yoast-sitemap
|
|
|
|
opt=$1
|
|
source /opt/webinoly/lib/webin
|
|
|
|
# Extract value if exist
|
|
if [[ $opt == "-tools-port="* || $opt == "-config-cache="* || $opt == "-clear-cache="* || $opt == "-server-update="* || $opt == "-server-reset="* || $opt == "-timezone="* || $opt == "-update="* || $opt == "-blockip="* || $opt == "-unblockip="* || $opt == "-conf-value_"* || $opt == "-yoast-sitemap="* ]]; then
|
|
value=$(echo "${opt}" | cut -d'=' -f 2 -s)
|
|
opt=$(echo "${opt}" | cut -d'=' -f 1 -s)
|
|
# Prevent cases like -conf-value where is valid enter a value without = causing empty opt.
|
|
[[ -z $opt ]] && opt=$1
|
|
fi
|
|
|
|
|
|
|
|
if [[ $opt == "-update" ]]; then
|
|
echo ""
|
|
[[ -n $value ]] && branch="-ver=${value}" || branch=""
|
|
sudo wget --timeout=15 -t 1 --referer="https://update.webinoly.com/?ver=$(app_version)" -qrO weby https://qrok.es/wyupd && sudo bash weby upd $branch
|
|
echo "${gre}Webinoly App has been updated successfully!${end}"
|
|
|
|
|
|
elif [[ $opt == "-server-update" || $opt == "-server-reset" ]]; then
|
|
if [[ -z $value ]]; then
|
|
value="all"
|
|
elif [[ -n $value && $value != "all" && $value != "nginx" && $value != "php" ]]; then
|
|
echo "${red}Please, enter a valid option to update your server configuration!${end}"
|
|
exit 1
|
|
fi
|
|
|
|
# Regenerate NGINX conf files
|
|
if [[ $(conf_read nginx-optim) == "true" && ( $value == "nginx" || $value = "all" ) ]]; then
|
|
sudo rm -rf /etc/nginx/common
|
|
sudo rm -rf /etc/nginx/conf.d/*
|
|
linux_purge
|
|
nginx_optim
|
|
sleep 1
|
|
echo "${gre}Nginx settings has been updated successfully!${end}"
|
|
elif [[ $(conf_read nginx-optim) != "true" && ( $value == "nginx" || $value = "all" ) ]]; then
|
|
echo "${red}Nginx settings couldn't been updated, seems like is not installed in your server!${end}"
|
|
fi
|
|
|
|
# Regenerate PHP conf files
|
|
if [[ $(conf_read php-optim) == "true" && ( $value == "php" || $value = "all" ) ]]; then
|
|
if [[ -a /opt/webinoly/templates/source/php.ini && -a /opt/webinoly/templates/source/www.conf ]]; then
|
|
sudo cat /opt/webinoly/templates/source/php.ini > /etc/php/$(conf_read php-ver)/fpm/php.ini
|
|
sudo cat /opt/webinoly/templates/source/www.conf > /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf
|
|
sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf
|
|
php_optim
|
|
echo "${gre}PHP settings has been updated successfully!${end}"
|
|
else
|
|
echo "${red}[ERROR] PHP could not been updated, source files not found!${end}"
|
|
fi
|
|
elif [[ $(conf_read php-optim) != "true" && ( $value == "php" || $value = "all" ) ]]; then
|
|
echo "${red}PHP settings couldn't been updated, seems like is not installed in your server!${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-verify" ]]; then
|
|
webinoly_verify
|
|
|
|
|
|
elif [[ $opt == "-dbpass" ]]; then
|
|
if [[ -n $(conf_read mysql-root) || -n $(conf_read mysql-admin) ]]; then
|
|
echo "${gre}"
|
|
echo " root: $( echo $(conf_read mysql-root) | openssl enc -d -a -salt )"
|
|
echo " admin: $( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )"
|
|
echo "${end}"
|
|
else
|
|
echo "${red}"
|
|
echo "DB Passwords not found!"
|
|
echo "${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-tools-port" ]]; then
|
|
oldport="$(conf_read tools-port)"
|
|
[[ -n $value ]] && tools_port $value || tools_port
|
|
newport="$(conf_read tools-port)"
|
|
if [[ $oldport != $newport && $(conf_read nginx-tool) == "true" && $(conf_read nginx) == "true" ]]; then
|
|
sudo mv /var/www/$oldport /var/www/$newport
|
|
sudo mv /etc/nginx/sites-available/$oldport /etc/nginx/sites-available/$newport
|
|
sudo rm /etc/nginx/sites-enabled/$oldport
|
|
sudo ln -s /etc/nginx/sites-available/$newport /etc/nginx/sites-enabled/$newport
|
|
sudo sed -i "s/${oldport}/${newport}/g" /etc/nginx/sites-available/$newport
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-login-www-data" ]]; then
|
|
if [[ $(conf_read nginx) != "true" ]]; then
|
|
echo "${red} Nginx not found! ${end}"
|
|
exit 1
|
|
fi
|
|
if [[ $(conf_read login-www-data) == "true" ]]; then
|
|
echo "${red} User www-data already have SFTP access! ${end}"
|
|
exit 1
|
|
fi
|
|
|
|
# Allow access for www-data user
|
|
sudo mkdir -p /var/www/.ssh
|
|
sudo chmod 700 /var/www/.ssh
|
|
sudo cat $HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
|
|
sudo chmod 600 /var/www/.ssh/*
|
|
sudo chown -R www-data:www-data /var/www
|
|
|
|
# www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells
|
|
sudo usermod -s /usr/lib/openssh/sftp-server www-data
|
|
sudo addgroup --system sftponly
|
|
sudo usermod -G sftponly www-data
|
|
sudo chown root:root /var/www
|
|
sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config
|
|
sudo echo '# WebinolySFTPstart
|
|
Match Group sftponly
|
|
ChrootDirectory /var/www
|
|
X11Forwarding no
|
|
AllowTcpForwarding no
|
|
ForceCommand internal-sftp
|
|
# WebinolySFTPend' >> /etc/ssh/sshd_config
|
|
|
|
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
|
if [[ -n $falus ]]; then
|
|
sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config
|
|
fi
|
|
|
|
conf_write login-www-data true
|
|
sudo service ssh restart
|
|
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
|
|
|
|
|
|
elif [[ $opt == "-nologin-www-data" ]]; then
|
|
if [[ $(conf_read nginx) != "true" ]]; then
|
|
echo "${red} Nginx not found! ${end}"
|
|
exit 1
|
|
fi
|
|
if [[ $(conf_read login-www-data) != "true" ]]; then
|
|
echo "${red} User www-data already have no SFTP access! ${end}"
|
|
exit 1
|
|
fi
|
|
|
|
sudo rm -rf /var/www/.ssh
|
|
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
|
|
sudo gpasswd -d www-data sftponly
|
|
sudo delgroup sftponly
|
|
sudo chown www-data:www-data /var/www
|
|
sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config
|
|
sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPstart/{/.*/d}' /etc/ssh/sshd_config
|
|
|
|
falus=$( grep -F "AllowUsers" /etc/ssh/sshd_config )
|
|
if [[ -n $falus ]]; then
|
|
suffix="www-data"
|
|
foo=${falus%$suffix}
|
|
sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config
|
|
fi
|
|
|
|
conf_write login-www-data purged
|
|
sudo service ssh restart
|
|
echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}"
|
|
|
|
|
|
elif [[ $opt == "-config-cache" ]]; then
|
|
if [[ $(conf_read nginx) != "true" ]]; then
|
|
echo "${red} Nginx not found! ${end}"
|
|
exit 1
|
|
fi
|
|
|
|
hitline=$( grep -F "fastcgi_cache_valid 200" /etc/nginx/conf.d/fastcgi.conf )
|
|
hitval=$(echo "${hitline//;}" | rev | cut -d' ' -f 1 | rev)
|
|
inaline=$( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf )
|
|
inactive=$(echo "${inaline//;}" | rev | cut -d' ' -f 1 | rev)
|
|
inaval=$(echo "${inactive}" | cut -d'=' -f 2)
|
|
maxsize=$(echo "${inaline}" | rev | cut -d' ' -f 2 | rev)
|
|
othline=$( grep -F "fastcgi_cache_valid 301 302 307 404" /etc/nginx/conf.d/fastcgi.conf )
|
|
othval=$(echo "${othline//;}" | rev | cut -d' ' -f 1 | rev)
|
|
|
|
if [[ -z $value ]]; then
|
|
echo "${gre}"
|
|
echo "**********************************************************************"
|
|
echo "************* Set FastCGI Cache new time values **************"
|
|
echo "***** Example: 30d = 30days | 3h = 3hours | 5m = 5minutes ******"
|
|
echo "**********************************************************************"
|
|
echo "${blu}"
|
|
echo "FastCGI Cache Valid for Pages (HttpCode: 200) actual value is: $hitval"
|
|
read -p " Set new value: " hit
|
|
hit=${hit:-$hitval}
|
|
echo ""
|
|
echo "Purge Cache for inactive pages actual value is: $inaval"
|
|
read -p " Set new value: " ina
|
|
ina=${ina:-$inaval}
|
|
echo ""
|
|
echo "FastCGI Cache Valid for Errors and Redirections (HttpCode: 301, 302, 307, 404) actual value is: $othval"
|
|
read -p " Set new value: " oth
|
|
oth=${oth:-$othval}
|
|
else
|
|
custombegin=$(echo "${value}" | cut -c-1)
|
|
customlast=$(echo "${value}" | rev | cut -c-1)
|
|
cachedata=${value:1:-1}
|
|
|
|
hit=$(echo "${cachedata}" | cut -d',' -f 1 )
|
|
ina=$(echo "${cachedata}" | cut -d',' -f 2 )
|
|
oth=$(echo "${cachedata}" | cut -d',' -f 3 )
|
|
fi
|
|
|
|
if [[ "$hit" =~ ^[0-9]+[smhdwMy]$ && "$ina" =~ ^[0-9]+[smhdwMy]$ && "$oth" =~ ^[0-9]+[smhdwMy]$ ]]; then
|
|
sudo sed -i "/fastcgi_cache_valid 200/c \fastcgi_cache_valid 200 ${hit};" /etc/nginx/conf.d/fastcgi.conf
|
|
sudo sed -i "/fastcgi_cache_valid 301 302 307 404/c \fastcgi_cache_valid 301 302 307 404 ${oth};" /etc/nginx/conf.d/fastcgi.conf
|
|
sudo sed -i "/fastcgi_cache_path/c \fastcgi_cache_path \/var\/run\/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m ${maxsize} inactive=${ina};" /etc/nginx/conf.d/fastcgi.conf
|
|
conf_write fastcgi-conf ${hit},${ina},${oth}
|
|
echo "${gre}"
|
|
echo "******** FastCGI Cache values has been successfully updated! ********"
|
|
echo "${end}"
|
|
else
|
|
echo "${red}"
|
|
echo " [ERROR] Invalid values!"
|
|
echo "${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-uninstall" ]]; then
|
|
echo "${red}"
|
|
echo " You are about to remove completely Webinoly App from your server!!"
|
|
echo "${blu} Are you sure [y/N]? "
|
|
while read -r -n 1 -s answer; do
|
|
answer=${answer:-n}
|
|
echo ""
|
|
if [[ $answer = [YyNn] ]]; then
|
|
if [[ $answer == [Yy] ]]; then
|
|
if [[ $(conf_read linux-optim) == "purged" ]]; then
|
|
swap_delete
|
|
fi
|
|
if [[ $(conf_read pre-packs) == true ]]; then
|
|
sudo apt-get -y -qq purge pwgen unzip zip > /dev/null
|
|
sudo apt-get -y -qq autoremove > /dev/null
|
|
conf_write pre-packs purged
|
|
fi
|
|
sudo mv /opt/webinoly/webinoly.conf $HOME/.webinoly-conf-restore_dont-remove
|
|
sudo rm -rf /opt/webinoly
|
|
sudo rm /usr/bin/webinoly
|
|
sudo rm /usr/bin/stack
|
|
sudo rm /usr/bin/site
|
|
sudo rm /usr/bin/httpauth
|
|
sudo rm /usr/bin/log
|
|
echo "${gre} Webinoly App has been removed successfully from your server!"
|
|
echo "${end}"
|
|
exit 1;
|
|
else
|
|
echo "${gre} Action aborted!"
|
|
echo "${end}"
|
|
fi
|
|
break
|
|
fi
|
|
done
|
|
|
|
|
|
elif [[ $opt == "-info" ]]; then
|
|
system_info
|
|
|
|
|
|
elif [[ $opt == "-external-sources-update" ]]; then
|
|
echo "${blu}- Downloading Public Suffix List!${end}"
|
|
sudo wget --timeout=15 -t 1 -qrO /tmp/temp-public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat
|
|
if [[ -s /tmp/temp-public_suffix_list.dat ]]; then
|
|
echo "${blu}- Processing file!${end}"
|
|
sudo sed -i '/^\/\// d' /tmp/temp-public_suffix_list.dat
|
|
sudo sed -i '/^$/d' /tmp/temp-public_suffix_list.dat
|
|
sudo sed -i 's/[!]\+//g' /tmp/temp-public_suffix_list.dat
|
|
sudo sed -i 's/^\*\.\+//g' /tmp/temp-public_suffix_list.dat
|
|
sudo mv /tmp/temp-public_suffix_list.dat /opt/webinoly/lib/public_suffix_list.dat
|
|
echo "${gre}Domain list has been successfully updated!${end}"
|
|
else
|
|
echo "${red}[ERROR] Domain list not updated!${end}"
|
|
fi
|
|
|
|
echo ""
|
|
echo "${blu}- Downloading Timezone Database!${end}"
|
|
sudo wget --timeout=15 -t 1 -qrO /tmp/temp-timezonedb.zip https://timezonedb.com/files/timezonedb.csv.zip
|
|
if [[ -s /tmp/temp-timezonedb.zip ]]; then
|
|
echo "${blu}- Processing file!${end}"
|
|
sudo unzip -qq /tmp/temp-timezonedb.zip -d /tmp/tz/
|
|
sudo cut -d',' -f3 /tmp/tz/zone.csv >> timezone.dat
|
|
sudo sed -i 's/"//g' timezone.dat
|
|
sudo mv timezone.dat /opt/webinoly/lib/
|
|
sudo rm -rf /tmp/tz
|
|
sudo rm /tmp/temp-timezonedb.zip
|
|
echo "${gre}Timezone Database has been successfully updated!${end}"
|
|
else
|
|
echo "${red}[ERROR] Timezone Database not updated!${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-clear-cache" ]]; then
|
|
[[ -z $value ]] && value="all"
|
|
if ! [[ $value =~ ^(redis|memcache|memcached|opcache|fastcgi|all)$ ]]; then
|
|
echo "${red}[ERROR] $value is not a valid option!${end}"
|
|
exit 1
|
|
fi
|
|
if [[ $value == "redis" || $value == "all" ]]; then
|
|
if [[ $(conf_read php-tool) == "true" && -a /etc/redis/redis.conf ]]; then
|
|
sudo redis-cli flushall
|
|
echo "${gre}- Redis Cache has been successfully cleared!${end}"
|
|
else
|
|
echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}"
|
|
fi
|
|
fi
|
|
if [[ $value == "memcache" || $value == "memcached" || $value == "all" ]]; then
|
|
if [[ $(conf_read php-tool) == "true" && -a /etc/memcached.conf ]]; then
|
|
memhost=$(grep ^-l /etc/memcached.conf | cut -f 2 -d ' ')
|
|
memport=$(grep ^-p /etc/memcached.conf | cut -f 2 -d ' ')
|
|
echo flush_all > /dev/tcp/$memhost/$memport
|
|
echo "${gre}- Memcached has been successfully cleared!${end}"
|
|
else
|
|
echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}"
|
|
fi
|
|
fi
|
|
if [[ $value == "opcache" || $value == "all" ]]; then
|
|
if [[ $(conf_read nginx-tool) == "true" && $(conf_read php-tool) == "true" ]]; then
|
|
port=$(conf_read tools-port)
|
|
if [[ ! -a /var/www/$port/htdocs/php/opcache/index.php ]]; then
|
|
sudo mkdir /var/www/$port/htdocs/php/opcache
|
|
sudo touch /var/www/$port/htdocs/php/opcache/index.php
|
|
echo '<?php opcache_reset(); echo "OK\n";' > /var/www/$port/htdocs/php/opcache/index.php
|
|
sudo chown -R www-data:www-data /var/www/$port/htdocs/php/opcache
|
|
sudo chmod 644 /var/www/$port/htdocs/php/opcache/index.php
|
|
fi
|
|
wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$port/php/opcache/ > /dev/null 2>&1 &
|
|
echo "${gre}- OpCache has been successfully cleared!${end}"
|
|
else
|
|
echo "${red}[ERROR] We can not clear OpCache because PHP and NGINX are not installed!${end}"
|
|
fi
|
|
fi
|
|
if [[ $value == "fastcgi" || $value == "all" ]]; then
|
|
if [[ $(conf_read nginx) == "true" ]]; then
|
|
sudo rm -Rf /var/run/nginx-cache/*
|
|
echo "${gre}- FastCgi Cache has been successfully cleared!${end}"
|
|
else
|
|
echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}"
|
|
fi
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-timezone" ]]; then
|
|
if [[ -z $value ]]; then
|
|
echo "${gre}"
|
|
echo "Please, enter a valid Timezone for Ubuntu and PHP."
|
|
echo "http://php.net/manual/en/timezones.php"
|
|
echo ""
|
|
read -p "${blu} Timezone: ${end}" value
|
|
echo ""
|
|
fi
|
|
conf_write timezone $value
|
|
set_timezone
|
|
|
|
|
|
elif [[ $opt == "-version" || $opt == "-v" || $opt == "-V" ]]; then
|
|
[[ -z $(conf_read server-version) ]] && sver="Not installed!" || sver=$(conf_read server-version)
|
|
|
|
echo "${blu}"
|
|
echo "Webinoly version: $(app_version)"
|
|
echo "Current stack version: $sver"
|
|
[[ $sver != $(svr_version) ]] && echo "Available stack version: $(svr_version)"
|
|
echo "${end}"
|
|
|
|
|
|
elif [[ $opt == "-blockip" ]]; then
|
|
if [[ -a /etc/nginx/conf.d/blockips.conf ]]; then
|
|
[[ -z $value ]] && read -p "${blu}IP address to block: ${end}" value
|
|
if [[ -n $value && $value =~ ^[\.0-9A-Za-z\/]+$ ]]; then
|
|
sh -c "echo -n 'deny $value;\n' >> /etc/nginx/conf.d/blockips.conf"
|
|
echo "${gre}The IP address ${blu}'$value'${gre} was successfully blocked!${end}"
|
|
else
|
|
echo "${red}Please, enter a valid value!${end}"
|
|
fi
|
|
else
|
|
echo "${red}[ERROR] Nginx file not found!${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-unblockip" ]]; then
|
|
if [[ -a /etc/nginx/conf.d/blockips.conf ]]; then
|
|
[[ -z $value ]] && read -p "${blu}IP address to unblock: ${end}" value
|
|
if [[ -n $value && $value =~ ^[\.0-9A-Za-z\/]+$ ]]; then
|
|
# https://stackoverflow.com/questions/1797906/delete-using-a-different-delimiter-with-sed
|
|
sed -i "\#^deny ${value};#d" /etc/nginx/conf.d/blockips.conf
|
|
echo "${gre}The IP address ${blu}'$value'${gre} was successfully unblocked!${end}"
|
|
else
|
|
echo "${red}Please, enter a valid value!${end}"
|
|
fi
|
|
else
|
|
echo "${red}[ERROR] Nginx file not found!${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-conf-value_"* ]]; then
|
|
var=$(echo "${opt}" | cut -d'_' -f 2 -s)
|
|
if [[ -n $var && $var =~ ^[A-Za-z\-]+$ ]]; then
|
|
[[ -z $value ]] && read -p "${blu}Enter a value for '${var}': ${end}" value
|
|
if [[ -n $value ]]; then
|
|
conf_write $var $value
|
|
echo "${gre}Configuration successfully updated!${end}"
|
|
else
|
|
echo "${red}Please, enter a valid value!${end}"
|
|
fi
|
|
else
|
|
echo "${red}Please, enter a valid variable name!${end}"
|
|
fi
|
|
|
|
|
|
elif [[ $opt == "-yoast-sitemap"* ]]; then
|
|
ystmap=$( grep -F "# YoastSitemapStart - Yoast SEO Plugin" /etc/nginx/common/wpcommon.conf )
|
|
if [[ $value == "on" ]]; then
|
|
if [[ -z $ystmap ]]; then
|
|
sudo cat /opt/webinoly/templates/template-yoast-sitemap >> /etc/nginx/common/wpcommon.conf
|
|
echo "${gre}Yoast Sitemap Support was successfully enabled!${end}"
|
|
else
|
|
echo "${red}Yoast Sitemap Support is already enabled!${end}"
|
|
fi
|
|
elif [[ $value == "off" ]]; then
|
|
if [[ -n $ystmap ]]; then
|
|
sudo sed -i '/YoastSitemapStart/,/YoastSitemapEnd/{/.*/d}' /etc/nginx/common/wpcommon.conf
|
|
echo "${gre}Yoast Sitemap Support was successfully disabled!${end}"
|
|
else
|
|
echo "${red}Yoast Sitemap Support is already disabled!${end}"
|
|
fi
|
|
else
|
|
echo "${red}Please, enter a valid option to enable/disable Yoast Sitemap Support!${end}"
|
|
fi
|
|
|
|
|
|
else
|
|
echo "${red}Please enter a valid option!${end}"
|
|
fi
|
|
|
|
|
|
[[ $(conf_read nginx) == "true" ]] && sudo service nginx reload
|