From 0c187f0f8aa676cd4ddc0e29f45eb1bcdcb50f3c Mon Sep 17 00:00:00 2001 From: Gabriel Cossette Date: Fri, 9 Jul 2021 14:24:19 +0000 Subject: [PATCH] update --- conf/fastcgi.conf | 123 +++++++ .../includes/settings-page.css | 31 ++ .../includes/settings-page.php | 41 +++ .../languages/nginx-cache.pot | 95 ++++++ conf/nginx-cache-custom/nginx-cache.php | 316 ++++++++++++++++++ conf/nginx-cache-custom/readme.txt | 66 ++++ conf/nginx-cache.conf | 312 +++++++++++++++++ conf/nginx-standard.conf | 268 +++++++++++++++ conf/nginx.conf | 37 -- manifest.json | 19 +- scripts/install | 64 +++- scripts/remove | 93 ++---- 12 files changed, 1354 insertions(+), 111 deletions(-) create mode 100644 conf/fastcgi.conf create mode 100644 conf/nginx-cache-custom/includes/settings-page.css create mode 100644 conf/nginx-cache-custom/includes/settings-page.php create mode 100644 conf/nginx-cache-custom/languages/nginx-cache.pot create mode 100644 conf/nginx-cache-custom/nginx-cache.php create mode 100644 conf/nginx-cache-custom/readme.txt create mode 100644 conf/nginx-cache.conf create mode 100644 conf/nginx-standard.conf delete mode 100644 conf/nginx.conf diff --git a/conf/fastcgi.conf b/conf/fastcgi.conf new file mode 100644 index 0000000..aaceb93 --- /dev/null +++ b/conf/fastcgi.conf @@ -0,0 +1,123 @@ +fastcgi_cache_key "$scheme$request_method$host$request_uri"; +fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; +fastcgi_cache_lock on; +fastcgi_cache_lock_age 5s; +fastcgi_cache_lock_timeout 5s; +fastcgi_cache_methods GET HEAD; +fastcgi_cache_background_update on; +fastcgi_cache_valid 200 24h; +fastcgi_cache_valid 301 302 30m; +fastcgi_cache_valid 499 502 503 1m; +fastcgi_cache_valid 404 1h; +fastcgi_cache_valid any 1h; +fastcgi_buffers 16 16k; +fastcgi_buffer_size 32k; +fastcgi_param SERVER_NAME $http_host; +fastcgi_ignore_headers Cache-Control Expires Set-Cookie; +fastcgi_keep_conn on; + +# do not cache xhtml request +map $http_x_requested_with $http_request_no_cache { + default 0; + XMLHttpRequest 1; +} + +# do not cache requests on cookies +map $http_cookie $cookie_no_cache { + default 0; + "~*wordpress_[a-f0-9]+" 1; + "~*wp-postpass" 1; + "~*wordpress_logged_in" 1; + "~*wordpress_no_cache" 1; + "~*comment_author" 1; + "~*woocommerce_items_in_cart" 1; + "~*edd_items_in_cart" 1; + "~*woocommerce_cart_hash" 1; + "~*wptouch_switch_toogle" 1; + "~*comment_author_email_" 1; + "~*wptouch_switch_toggle" 1; + "~*edd" 1; +} + +# do not cache the following uri +map $request_uri $uri_no_cache { + default 0; + "~*/wp-admin/" 1; + "~*/wp-[a-zA-Z0-9-]+.php" 1; + "~*/feed/" 1; + "~*/index.php" 1; + "~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1; + "~*/sitemap(_index)?.xml" 1; + "~*/wp-comments-popup.php" 1; + "~*/wp-links-opml.php" 1; + "~*/xmlrpc.php" 1; + "~*/edd-sl/*" 1; + "~*/add_to_cart/" 1; + "~*/cart/" 1; + "~*/account/" 1; + "~*/my-account/" 1; + "~*/checkout/" 1; + "~*/addons/" 1; + "~*/wc-api/*" 1; + "~*/logout/" 1; + "~*/lost-password/" 1; + "~*/panier/" 1; + "~*/mon-compte/" 1; + "~*/embed" 1; + "~*/commande/" 1; + "~*/resetpass/" 1; +} + +# do not cache requests with query strings +map $is_args $query_no_cache { + default 1; + "" 0; +} + +# if all previous check are passed, $skip_cache = 0 +map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache { + default 1; + 0000 0; +} + +map $http_accept $webp_suffix_valid { + default 1; + "~*webp" 0; +} + +map $realip_remote_addr $webp_suffix_cf { + default 0; + 103.21.244.0/22 1; + 103.22.200.0/22 1; + 103.31.4.0/22 1; + 104.16.0.0/12 1; + 108.162.192.0/18 1; + 131.0.72.0/22 1; + 141.101.64.0/18 1; + 162.158.0.0/15 1; + 172.64.0.0/13 1; + 173.245.48.0/20 1; + 188.114.96.0/20 1; + 190.93.240.0/20 1; + 197.234.240.0/22 1; + 198.41.128.0/17 1; + 199.27.128.0/21 1; + 2400:cb00::/32 1; + 2405:8100::/32 1; + 2405:b500::/32 1; + 2606:4700::/32 1; + 2803:f800::/32 1; + 2a06:98c0::/29 1; + 2c0f:f248::/32 1; + +} + +map $webp_suffix_cf$webp_suffix_valid $webp_suffix { + default ""; + 00 ".webp"; +} + +# Limit Request +limit_req_status 403; +limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; +limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s; \ No newline at end of file diff --git a/conf/nginx-cache-custom/includes/settings-page.css b/conf/nginx-cache-custom/includes/settings-page.css new file mode 100644 index 0000000..7513181 --- /dev/null +++ b/conf/nginx-cache-custom/includes/settings-page.css @@ -0,0 +1,31 @@ + +.wrap .button.delete { + background: #d54e21; + border-color: #a83d1a; + color: white; + -webkit-box-shadow: inset 0 1px 0 #e68260, 0 1px 0 rgba(0, 0, 0, 0.15); + box-shadow: inset 0 1px 0 #e68260, 0 1px 0 rgba(0, 0, 0, 0.15); +} + +.wrap .button.delete:hover, +.wrap .button.delete:focus { + background: #be461d; + border-color: #923517; + color: white; + box-shadow: inset 0 1px 0 #e3704a; +} + +.wrap .button.delete:focus { + box-shadow: inset 0 1px 0 #e3704a, + 0 0 0 1px #d54e21, + 0 0 2px 1px rgba( 30, 140, 190, .8 ); +} + +.wrap .button.delete:active { + background: #a83d1a; + border-color: #923517; + color: white; + box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 ), + 0 0 0 1px #d54e21, + 0 0 2px 1px rgba( 30, 140, 190, .8 ); +} diff --git a/conf/nginx-cache-custom/includes/settings-page.php b/conf/nginx-cache-custom/includes/settings-page.php new file mode 100644 index 0000000..cb96bbc --- /dev/null +++ b/conf/nginx-cache-custom/includes/settings-page.php @@ -0,0 +1,41 @@ + + + +
+ +

+ + + +
+ + + + + + + + + + + + +
+ +

fastcgi_cache_path or proxy_cache_path directive.', 'nginx-cache' ); ?>

+
+ +
+ +

+ +   + +

+ +
+ +
diff --git a/conf/nginx-cache-custom/languages/nginx-cache.pot b/conf/nginx-cache-custom/languages/nginx-cache.pot new file mode 100644 index 0000000..c3f096d --- /dev/null +++ b/conf/nginx-cache-custom/languages/nginx-cache.pot @@ -0,0 +1,95 @@ +# Copyright (C) 2020 Till Krüss +# This file is distributed under the GPLv3. +msgid "" +msgstr "" +"Project-Id-Version: Nginx Cache 1.0.5\n" +"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/trunk\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"POT-Creation-Date: 2020-11-21T22:49:14+00:00\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"X-Generator: WP-CLI 2.4.0\n" +"X-Domain: nginx-cache\n" + +#. Plugin Name of the plugin +#: nginx-cache.php:138 +#: nginx-cache.php:139 +msgid "Nginx Cache" +msgstr "" + +#. Plugin URI of the plugin +msgid "http://wordpress.org/plugins/nginx-cache/" +msgstr "" + +#. Description of the plugin +msgid "Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress." +msgstr "" + +#. Author of the plugin +msgid "Till Krüss" +msgstr "" + +#. Author URI of the plugin +msgid "http://till.im/" +msgstr "" + +#: includes/settings-page.php:16 +msgid "Cache Zone Path" +msgstr "" + +#: includes/settings-page.php:19 +msgid "The absolute path to the location of the cache zone, specified in the Nginx fastcgi_cache_path or proxy_cache_path directive." +msgstr "" + +#: includes/settings-page.php:23 +#: includes/settings-page.php:36 +#: nginx-cache.php:128 +msgid "Purge Cache" +msgstr "" + +#: includes/settings-page.php:27 +msgid "Automatically flush the cache when content changes" +msgstr "" + +#: nginx-cache.php:80 +msgid "Cache purged." +msgstr "" + +#: nginx-cache.php:85 +msgid "Cache could not be purged. %s" +msgstr "" + +#: nginx-cache.php:120 +msgid "Nginx" +msgstr "" + +#: nginx-cache.php:155 +msgid "Settings" +msgstr "" + +#: nginx-cache.php:177 +msgid "\"Cache Zone Path\" is not set." +msgstr "" + +#: nginx-cache.php:183 +msgid "\"Cache Zone Path\" does not exist." +msgstr "" + +#: nginx-cache.php:187 +msgid "\"Cache Zone Path\" is not a directory." +msgstr "" + +#: nginx-cache.php:193 +msgid "\"Cache Zone Path\" does not appear to be a Nginx cache zone directory." +msgstr "" + +#: nginx-cache.php:197 +msgid "\"Cache Zone Path\" is not writable." +msgstr "" + +#: nginx-cache.php:204 +msgid "Filesystem API could not be initialized." +msgstr "" diff --git a/conf/nginx-cache-custom/nginx-cache.php b/conf/nginx-cache-custom/nginx-cache.php new file mode 100644 index 0000000..89fee6c --- /dev/null +++ b/conf/nginx-cache-custom/nginx-cache.php @@ -0,0 +1,316 @@ +screen, array( $this, 'do_admin_actions' ) ); + add_action( 'load-' . $this->screen, array( $this, 'add_settings_notices' ) ); + } + + public function register_purge_actions() { + + // use `nginx_cache_purge_actions` filter to alter default purge actions + $purge_actions = (array) apply_filters( + 'nginx_cache_purge_actions', + array( + 'publish_phone', 'save_post', 'edit_post', 'delete_post', 'wp_trash_post', 'clean_post_cache', + 'trackback_post', 'pingback_post', 'comment_post', 'edit_comment', 'delete_comment', 'wp_set_comment_status', + 'switch_theme', 'wp_update_nav_menu', 'edit_user_profile_update' + ) + ); + + foreach ( $purge_actions as $action ) { + if ( did_action( $action ) ) { + $this->purge_zone_once(); + } else { + add_action( $action, array( $this, 'purge_zone_once' ) ); + } + } + + } + + public function register_settings() { + + register_setting( 'nginx-cache', 'nginx_cache_path', 'sanitize_text_field' ); + register_setting( 'nginx-cache', 'nginx_auto_purge', 'absint' ); + + } + + public function add_settings_notices() { + +// $path_error = $this->is_valid_path(); + + if ( isset( $_GET[ 'message' ] ) && ! isset( $_GET[ 'settings-updated' ] ) ) { + + // show cache purge success message + if ( $_GET[ 'message' ] === 'cache-purged' ) { + add_settings_error( '', 'nginx_cache_path', __( 'Cache purged.', 'nginx-cache' ), 'updated' ); + } + + // show cache purge failure message + if ( $_GET[ 'message' ] === 'purge-cache-failed' ) { + add_settings_error( '', 'nginx_cache_path', sprintf( __( 'Cache could not be purged. %s', 'nginx-cache' ), wptexturize( $path_error->get_error_message() ) ) ); + } + + } elseif ( is_wp_error( $path_error ) && $path_error->get_error_code() === 'fs' ) { + + // show cache path problem message + add_settings_error( '', 'nginx_cache_path', wptexturize( $path_error->get_error_message( 'fs' ) ) ); + + } + + } + + public function do_admin_actions() { + + // purge cache + if ( isset( $_GET[ 'action' ] ) && $_GET[ 'action' ] === 'purge-cache' && wp_verify_nonce( $_GET[ '_wpnonce' ], 'purge-cache' ) ) { + + $result = $this->purge_zone(); + wp_safe_redirect( admin_url( add_query_arg( 'message', is_wp_error( $result ) ? 'purge-cache-failed' : 'cache-purged', $this->admin_page ) ) ); + exit; + + } + + } + + public function add_admin_bar_node( $wp_admin_bar ) { + + // verify user capability + if ( ! current_user_can( $this->capability ) ) { + return; + } + + // add "Nginx" node to admin-bar + $wp_admin_bar->add_node( array( + 'id' => 'nginx-cache', + 'title' => __( 'Nginx', 'nginx-cache' ), + 'href' => admin_url( $this->admin_page ) + ) ); + + // add "Purge Cache" to "Nginx" node + $wp_admin_bar->add_node( array( + 'parent' => 'nginx-cache', + 'id' => 'purge-cache', + 'title' => __( 'Purge Cache', 'nginx-cache' ), + 'href' => wp_nonce_url( admin_url( add_query_arg( 'action', 'purge-cache', $this->admin_page ) ), 'purge-cache' ) + ) ); + + } + + public function add_admin_menu_page() { + + // add "Tools" sub-page + add_management_page( + __( 'Nginx Cache', 'nginx-cache' ), + __( 'Nginx Cache', 'nginx-cache' ), + $this->capability, + 'nginx-cache', + array( $this, 'show_settings_page' ) + ); + + } + + public function show_settings_page() { + require_once plugin_dir_path( __FILE__ ) . '/includes/settings-page.php'; + } + + public function add_plugin_actions_links( $links ) { + + // add settings link to plugin actions + return array_merge( + array( '' . __( 'Settings', 'nginx-cache' ) . '' ), + $links + ); + + } + + public function enqueue_admin_styles( $hook_suffix ) { + + if ( $hook_suffix === $this->screen ) { + $plugin = get_plugin_data( __FILE__ ); + wp_enqueue_style( 'nginx-cache', plugin_dir_url( __FILE__ ) . 'includes/settings-page.css', null, $plugin[ 'Version' ] ); + } + + } + + private function is_valid_path() { + + global $wp_filesystem; + + $path = get_option( 'nginx_cache_path' ); + + if ( empty( $path ) ) { + return new WP_Error( 'empty', __( '"Cache Zone Path" is not set.', 'nginx-cache' ) ); + } + + if ( $this->initialize_filesystem() ) { + + if ( ! $wp_filesystem->exists( $path ) ) { + return new WP_Error( 'fs', __( '"Cache Zone Path" does not exist.', 'nginx-cache' ) ); + } + + if ( ! $wp_filesystem->is_dir( $path ) ) { + return new WP_Error( 'fs', __( '"Cache Zone Path" is not a directory.', 'nginx-cache' ) ); + } + + $list = $wp_filesystem->dirlist( $path, true, true ); + + if ( is_array( $list ) && ! $this->validate_dirlist( $list ) ) { + return new WP_Error( 'fs', __( '"Cache Zone Path" does not appear to be a Nginx cache zone directory.', 'nginx-cache' ) ); + } + + if ( ! $wp_filesystem->is_writable( $path ) ) { + return new WP_Error( 'fs', __( '"Cache Zone Path" is not writable.', 'nginx-cache' ) ); + } + + return true; + + } + + return new WP_Error( 'fs', __( 'Filesystem API could not be initialized.', 'nginx-cache' ) ); + + } + + private function validate_dirlist( $list ) { + + foreach ( $list as $item ) { + + // abort if file is not a MD5 hash + if ( $item[ 'type' ] === 'f' && ( strlen( $item[ 'name' ] ) !== 32 || ! ctype_xdigit( $item[ 'name' ] ) ) ) { + return false; + } + + // validate subdirectories recursively + if ( $item[ 'type' ] === 'd' && ! $this->validate_dirlist( $item[ 'files' ] ) ) { + return false; + } + + } + + return true; + + } + + public function purge_zone_once() { + + static $completed = false; + + if ( ! $completed ) { + $this->purge_zone(); + $completed = true; + } + + } + + private function purge_zone() { + + global $wp_filesystem; + + if ( ! $this->should_purge() ) { + return false; + } + +// $path = get_option( 'nginx_cache_path' ); +// $path_error = $this->is_valid_path(); + + // abort if cache zone path is not valid +// if ( is_wp_error( $path_error ) ) { +// return $path_error; +// } + + // delete cache directory (recursively) +// $wp_filesystem->rmdir( $path, true ); + + // recreate empty cache directory +// $wp_filesystem->mkdir( $path ); + + system('sudo /bin/rm -r /var/run/nginx-cache/APP_NAME/*'); + + do_action( 'nginx_cache_zone_purged', $path ); + + return true; + + } + + private function should_purge() { + + $post_type = get_post_type(); + + if ( ! $post_type ) { + return true; + } + + if ( ! in_array( $post_type, (array) apply_filters( 'nginx_cache_excluded_post_types', array() ) ) ) { + return true; + } + + return false; + } + + private function initialize_filesystem() { + + $path = get_option( 'nginx_cache_path' ); + + // if the cache directory doesn't exist, try to create it + if ( ! file_exists( $path ) ) { + mkdir( $path ); + } + + // load WordPress file API? + if ( ! function_exists( 'request_filesystem_credentials' ) ) { + require_once ABSPATH . 'wp-admin/includes/file.php'; + } + + ob_start(); + $credentials = request_filesystem_credentials( '', '', false, $path, null, true ); + ob_end_clean(); + + if ( $credentials === false ) { + return false; + } + + if ( ! WP_Filesystem( $credentials, $path, true ) ) { + return false; + } + + return true; + + } + +} + +new NginxCache; diff --git a/conf/nginx-cache-custom/readme.txt b/conf/nginx-cache-custom/readme.txt new file mode 100644 index 0000000..b6bb44a --- /dev/null +++ b/conf/nginx-cache-custom/readme.txt @@ -0,0 +1,66 @@ +=== Nginx Cache === +Contributors: tillkruess +Donate link: https://github.com/sponsors/tillkruss +Tags: nginx, nginx cache, cache, caching, purge, purge cache, flush, flush cache, server, performance, optimize, speed, load, fastcgi, fastcgi purge, proxy, proxy purge, reverse proxy +Requires at least: 3.1 +Tested up to: 5.6 +Stable tag: 1.0.5 +License: GPLv3 +License URI: http://www.gnu.org/licenses/gpl-3.0.html + +Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress. + + +== Description == + +Purge the [Nginx](http://nginx.org) cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress. + +Requirements: + + * The [Filesystem API](http://codex.wordpress.org/Filesystem_API) needs to function without asking for credentials. + * Nginx and PHP need to run under the same user, or PHP's user needs write access to Nginx's cache path. + + +== Installation == + +For detailed installation instructions, please read the [standard installation procedure for WordPress plugins](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins). + +1. Install and activate plugin. +2. Enter "Cache Zone Path" under _Tools -> Nginx_. +3. Done. + + +== Screenshots == + +1. Plugin settings page. + + +== Changelog == + += 1.0.5 = + + * Added `nginx_cache_zone_purged` action + += 1.0.4 = + + * Improved translatable strings + * Fixed auto-purge bug + * Fixed bug when validating directory + += 1.0.3 = + + * Create cache directory if it doesn't exists + * Re-create cache directory after cache purge + * Allow post types to be excluded from triggering a cache purge + += 1.0.2 = + + * Fixed 4.6 issue with file-system credentials + += 1.0.1 = + + * Improved testing of file-system credentials + += 1.0 = + + * Initial release diff --git a/conf/nginx-cache.conf b/conf/nginx-cache.conf new file mode 100644 index 0000000..bdc0279 --- /dev/null +++ b/conf/nginx-cache.conf @@ -0,0 +1,312 @@ +#--MULTISITE--if (!-e $request_filename) { + #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent; + #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last; + #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last; +#--MULTISITE--} + +# fallback for robots.txt with default wordpress rules +location @robots { + return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n"; +} + +location @empty_gif { + empty_gif; +} + +add_header X-fastcgi-cache $upstream_cache_status; + +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source + alias __FINALPATH__/; + + index index.php; + if (!-e $request_filename) + { + rewrite ^(.+)$ __PATH__/index.php?q=$1 last; + } + + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + client_max_body_size 1G; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache __NAME__; + fastcgi_cache_valid 60m; + } + + ##### CACHE CONFIGURATION ##### + + set $skip_cache 0; + + # POST requests and urls with a query string should always go to PHP + if ($request_method = POST) { + set $skip_cache 1; + } + if ($query_string != "") { + set $skip_cache 1; + } + + # Don't cache uris containing the following segments + if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") { + set $skip_cache 1; + } + + # Don't use the cache for logged in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { + set $skip_cache 1; + } + + location ~ /purge(/.*) { + fastcgi_cache_purge __NAME__ "$scheme$request_method$host$1"; + } + + location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + access_log off; log_not_found off; expires max; + } + + location ~ /\. { deny all; access_log off; log_not_found off; } + + ##### SECURITY CONFIGURATION ##### + + location = /wp-login.php { + limit_req zone=one burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache __NAME__; + fastcgi_cache_valid 60m; + } + # Prevent DoS attacks on wp-cron + location = /wp-cron.php { + limit_req zone=two burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache __NAME__; + fastcgi_cache_valid 60m; + } + # Prevent DoS attacks with xmlrpc.php + location = /xmlrpc.php { + limit_req zone=two burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + fastcgi_cache_bypass $skip_cache; + fastcgi_no_cache $skip_cache; + fastcgi_cache __NAME__; + fastcgi_cache_valid 60m; + } + # Disable wp-config.txt + location = /wp-config.txt { + deny all; + access_log off; + log_not_found off; + } + location = /robots.txt { + # Some WordPress plugin gererate robots.txt file + # Refer #340 issue + try_files $uri $uri/ /index.php?$args @robots; + access_log off; + log_not_found off; + } + # webp rewrite rules for jpg and png images + # try to load alternative image.png.webp before image.png + location /wp-content/uploads { + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + try_files $uri$webp_suffix $uri =404; + } + location ~* \.(php|gz|log|zip|tar|rar|xz)$ { + #Prevent Direct Access Of PHP Files & Backups from Web Browsers + deny all; + } + } + # webp rewrite rules for EWWW testing image + location /wp-content/plugins/ewww-image-optimizer/images { + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + try_files $uri$webp_suffix $uri =404; + } + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } + } + # enable gzip on static assets - php files are forbidden + location /wp-content/cache { + # Cache css & js files + location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + access_log off; + log_not_found off; + expires 30d; + } + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } + } + # Deny access to any files with a .php extension in the uploads directory + # Works in sub-directory installs and also in multisite network + # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) + location ~* /(?:uploads|files)/.*\.php$ { + deny all; + } + # mitigate DoS attack CVE with WordPress script concatenation + # add the following line to wp-config.php + # define( 'CONCATENATE_SCRIPTS', false ); + location ~ \/wp-admin\/load-(scripts|styles).php { + deny all; + } + # Protect Easy Digital Download files from being accessed directly. + location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ { + rewrite / permanent; + } + + ##### ADDITIONAL LOCATIONS ##### + + # Basic locations files + location = /favicon.ico { + try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif; + access_log off; + log_not_found off; + expires max; + } + + # Cache static files + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + } + # Cache css & js files + location ~* \.(?:css(\.map)?|js(\.map)?)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires 30d; + } + # Security settings for better privacy + # Deny hidden files + location ~ /\.(?!well-known\/) { + deny all; + } + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + allow all; + auth_basic off; + } + # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files + location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { + deny all; + } + # Deny backup extensions & log files and return 403 forbidden + location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" { + deny all; + } + location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { + deny all; + } + + # block base64_encoded content + location ~* "(base64_encode)(.*)(\()" { + deny all; + } + + # block javascript eval() + location ~* "(eval\()" { + deny all; + } + + # Additional security settings + + location ~* "(127\.0\.0\.1)" { + deny all; + } + location ~* "([a-z0-9]{2000})" { + deny all; + } + location ~* "(javascript\:)(.*)(\;)" { + deny all; + } + location ~* "(GLOBALS|REQUEST)(=|\[|%)" { + deny all; + } + location ~* "(<|%3C).*script.*(>|%3)" { + deny all; + } + location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { + deny all; + } + location ~* "(boot\.ini|etc/passwd|self/environ)" { + deny all; + } + location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { + deny all; + } + location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { + deny all; + } + location ~* "(https?|ftp|php):/" { + deny all; + } + location ~* "(=\\\'|=\\%27|/\\\'/?)\." { + deny all; + } + location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { + deny all; + } + location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { + deny all; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} \ No newline at end of file diff --git a/conf/nginx-standard.conf b/conf/nginx-standard.conf new file mode 100644 index 0000000..c962095 --- /dev/null +++ b/conf/nginx-standard.conf @@ -0,0 +1,268 @@ +#--MULTISITE--if (!-e $request_filename) { + #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent; + #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last; + #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last; +#--MULTISITE--} + +# fallback for robots.txt with default wordpress rules +location @robots { + return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n"; +} + +location @empty_gif { + empty_gif; +} + +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source + alias __FINALPATH__/; + + index index.php; + if (!-e $request_filename) + { + rewrite ^(.+)$ __PATH__/index.php?q=$1 last; + } + + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + client_max_body_size 1G; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + } + + location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { + access_log off; log_not_found off; expires max; + } + + location ~ /\. { deny all; access_log off; log_not_found off; } + + ##### SECURITY CONFIGURATION ##### + + location = /wp-login.php { + limit_req zone=one burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + } + # Prevent DoS attacks on wp-cron + location = /wp-cron.php { + limit_req zone=two burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + } + # Prevent DoS attacks with xmlrpc.php + location = /xmlrpc.php { + limit_req zone=two burst=1 nodelay; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + try_files $uri =404; + } + # Disable wp-config.txt + location = /wp-config.txt { + deny all; + access_log off; + log_not_found off; + } + location = /robots.txt { + # Some WordPress plugin gererate robots.txt file + # Refer #340 issue + try_files $uri $uri/ /index.php?$args @robots; + access_log off; + log_not_found off; + } + # webp rewrite rules for jpg and png images + # try to load alternative image.png.webp before image.png + location /wp-content/uploads { + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + try_files $uri$webp_suffix $uri =404; + } + location ~* \.(php|gz|log|zip|tar|rar|xz)$ { + #Prevent Direct Access Of PHP Files & Backups from Web Browsers + deny all; + } + } + # webp rewrite rules for EWWW testing image + location /wp-content/plugins/ewww-image-optimizer/images { + location ~ \.(png|jpe?g)$ { + add_header Vary "Accept-Encoding"; + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + try_files $uri$webp_suffix $uri =404; + } + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } + } + # enable gzip on static assets - php files are forbidden + location /wp-content/cache { + # Cache css & js files + location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + access_log off; + log_not_found off; + expires 30d; + } + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } + } + # Deny access to any files with a .php extension in the uploads directory + # Works in sub-directory installs and also in multisite network + # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) + location ~* /(?:uploads|files)/.*\.php$ { + deny all; + } + # mitigate DoS attack CVE with WordPress script concatenation + # add the following line to wp-config.php + # define( 'CONCATENATE_SCRIPTS', false ); + location ~ \/wp-admin\/load-(scripts|styles).php { + deny all; + } + # Protect Easy Digital Download files from being accessed directly. + location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ { + rewrite / permanent; + } + + ##### ADDITIONAL LOCATIONS ##### + + # Basic locations files + location = /favicon.ico { + try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif; + access_log off; + log_not_found off; + expires max; + } + + # Cache static files + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires max; + } + # Cache css & js files + location ~* \.(?:css(\.map)?|js(\.map)?)$ { + more_set_headers 'Access-Control-Allow-Origin : *'; + more_set_headers "Cache-Control : public, no-transform"; + access_log off; + log_not_found off; + expires 30d; + } + # Security settings for better privacy + # Deny hidden files + location ~ /\.(?!well-known\/) { + deny all; + } + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/html/.well-known/acme-challenge/; + allow all; + auth_basic off; + } + # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files + location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { + deny all; + } + # Deny backup extensions & log files and return 403 forbidden + location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" { + deny all; + } + location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { + deny all; + } + + # block base64_encoded content + location ~* "(base64_encode)(.*)(\()" { + deny all; + } + + # block javascript eval() + location ~* "(eval\()" { + deny all; + } + + # Additional security settings + + location ~* "(127\.0\.0\.1)" { + deny all; + } + location ~* "([a-z0-9]{2000})" { + deny all; + } + location ~* "(javascript\:)(.*)(\;)" { + deny all; + } + location ~* "(GLOBALS|REQUEST)(=|\[|%)" { + deny all; + } + location ~* "(<|%3C).*script.*(>|%3)" { + deny all; + } + location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { + deny all; + } + location ~* "(boot\.ini|etc/passwd|self/environ)" { + deny all; + } + location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { + deny all; + } + location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { + deny all; + } + location ~* "(https?|ftp|php):/" { + deny all; + } + location ~* "(=\\\'|=\\%27|/\\\'/?)\." { + deny all; + } + location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { + deny all; + } + location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { + deny all; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf deleted file mode 100644 index 2b5cf35..0000000 --- a/conf/nginx.conf +++ /dev/null @@ -1,37 +0,0 @@ -#--MULTISITE--if (!-e $request_filename) { - #--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent; - #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last; - #--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last; -#--MULTISITE--} - -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; -location __PATH__/ { - - # Path to source - alias __FINALPATH__/; - - index index.php; - if (!-e $request_filename) - { - rewrite ^(.+)$ __PATH__/index.php?q=$1 last; - } - - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - client_max_body_size 30m; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} diff --git a/manifest.json b/manifest.json index 19028b4..e98b6f7 100644 --- a/manifest.json +++ b/manifest.json @@ -36,7 +36,7 @@ "fr": "Choisissez un domaine pour WordPress" }, "example": "domain.org", - "default": "site.yntest.weblibre.ca" + "default": "s8.yntest.weblibre.ca" }, { "name": "domain_dev", @@ -119,13 +119,13 @@ "optional": true }, { - "name": "switch", + "name": "cache", "type": "boolean", "ask": { - "en": "Do not enter anything", - "fr": "Ne rien entrer ici" + "en": "Enable cache for main website?", + "fr": "Activer la cache pour le site principal?" }, - "default": false + "default": true }, { "name": "phpversion", @@ -136,6 +136,15 @@ }, "choices": ["7.0" , "7.1", "7.2", "7.3", "7.4"], "default": "7.3" + }, + { + "name": "switch", + "type": "boolean", + "ask": { + "en": "Do not enter anything", + "fr": "Ne rien entrer ici" + }, + "default": true } ] } diff --git a/scripts/install b/scripts/install index 527575b..e0b2283 100644 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,7 @@ language=$YNH_APP_ARG_LANGUAGE multisite=$YNH_APP_ARG_MULTISITE is_public=$YNH_APP_ARG_IS_PUBLIC repo=$YNH_APP_ARG_REPO +cache=$YNH_APP_ARG_CACHE switch=$YNH_APP_ARG_SWITCH app=$YNH_APP_INSTANCE_NAME @@ -71,6 +72,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=multisite --value=$multisite ynh_app_setting_set --app=$app --key=repo --value=$repo +ynh_app_setting_set --app=$app --key=cache --value=$cache ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1 ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1 @@ -110,14 +112,6 @@ then ynh_setup_source --dest_dir="$final_path" fi -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=3 - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # CREATE DEDICATED USER #================================================= @@ -126,6 +120,41 @@ ynh_script_progression --message="Configuring system user..." --weight=3 # Create a dedicated system user ynh_system_user_create --username=$app +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=3 + +if [ ! -f /etc/nginx/conf.d/fastcgi.conf ]; +then + cp ../conf/fastcgi.conf /etc/nginx/conf.d/fastcgi.conf +fi + +if [ $cache -eq 1 ] +then + #================================================= + # Add fastcgi_cache settings + #================================================= + + mkdir -p /var/run/nginx-cache/$app + chmod 750 /var/run/nginx-cache/$app + chgrp $app /var/run/nginx-cache/$app + + echo "fastcgi_cache_path /var/run/nginx-cache/$app levels=1:2 keys_zone=$app:50m inactive=6h max_size=256M;" > /tmp/newfile + cat /etc/nginx/conf.d/$domain.conf >> /tmp/newfile + cp /tmp/newfile /etc/nginx/conf.d/$domain.conf + rm /tmp/newfile + + cp ../conf/nginx-cache.conf ../conf/nginx.conf +else + cp ../conf/nginx-standard.conf ../conf/nginx.conf +fi + +systemctl reload nginx + +# Create a dedicated NGINX config +ynh_add_nginx_config + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -208,6 +237,15 @@ $wpcli_alias plugin install http-authentication $wpcli_alias plugin install companion-auto-update $wpcli_alias plugin install wp-fail2ban-redux +if [ $cache -eq 1 ] +then + cp -r ../conf/nginx-cache-custom $final_path/wp-content/plugins/nginx-cache-custom + + ynh_replace_string --match_string="APP_NAME" --replace_string="$app" --target_file=/$final_path/wp-content/plugins/nginx-cache-custom/nginx-cache.php + + echo "$app ALL=(root) NOPASSWD: /bin/rm -r /var/run/nginx-cache/$app/*" >> /etc/sudoers +fi + #================================================= # SET LANGUAGE #================================================= @@ -261,6 +299,12 @@ $wpcli_alias plugin activate authldap $plugin_network $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network + +if [ $cache -eq 1 ] +then + $wpcli_alias plugin activate nginx-cache-custom $plugin_network +fi + #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= @@ -349,7 +393,7 @@ ynh_script_progression --message="Installation of $app completed" --last if [ $switch -eq 1 ] then - yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_dev&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&switch=0" + yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_dev&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&cache=0&switch=0" - yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_staging&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&switch=0" + yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_staging&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&cache=0&switch=0" fi \ No newline at end of file diff --git a/scripts/remove b/scripts/remove index 47b57cc..028d224 100755 --- a/scripts/remove +++ b/scripts/remove @@ -15,21 +15,13 @@ source /usr/share/yunohost/helpers ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME -app_dev=$app-dev -app_staging=$app-staging -app_initial=$app domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - domain_dev=$(ynh_app_setting_get --app=$app --key=domain_dev) -db_name_dev=$(ynh_app_setting_get --app=$app --key=db_name_dev) -final_path_dev=$(ynh_app_setting_get --app=$app --key=final_path_dev) - domain_staging=$(ynh_app_setting_get --app=$app --key=domain_staging) -db_name_staging=$(ynh_app_setting_get --app=$app --key=db_name_staging) -final_path_staging=$(ynh_app_setting_get --app=$app --key=final_path_staging) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +cache=$(ynh_app_setting_get --app=$app --key=cache) #================================================= # STANDARD REMOVE @@ -41,12 +33,6 @@ ynh_script_progression --message="Removing the MySQL database..." --weight=2 # Remove a database if it exists, along with the associated user ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_name_dev --db_name=$db_name_dev - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_name_staging --db_name=$db_name_staging - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -55,30 +41,20 @@ ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" -# Remove the app directory securely -ynh_secure_remove --file="$final_path_dev" - -# Remove the app directory securely -ynh_secure_remove --file="$final_path_staging" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated NGINX config -ynh_remove_nginx_config - -app=$app_dev -# Remove the dedicated NGINX config -ynh_remove_nginx_config +if [ $cache -eq 1 ] +then + sed -i "/fastcgi_cache_path/d" /etc/nginx/conf.d/$domain.conf + rm -r /var/run/nginx-cache/$app +fi -app=$app_staging # Remove the dedicated NGINX config ynh_remove_nginx_config -app=$app_initial - #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= @@ -87,15 +63,11 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config -app=$app_dev -# Remove the dedicated PHP-FPM config -ynh_remove_fpm_config - -app=$app_staging -# Remove the dedicated PHP-FPM config -ynh_remove_fpm_config +#================================================= +# REMOVE PLUGIN CONFIGURATION +#================================================= -app=$app_initial +sed -i "/$app ALL=(root)/d" /etc/sudoers #================================================= # REMOVE FAIL2BAN CONFIGURATION @@ -105,23 +77,11 @@ ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8 # Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config -app=$app_dev -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - -app=$app_staging -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - -app=$app_initial - #================================================= # REMOVE THE CRON #================================================= ynh_secure_remove /etc/cron.d/$app -ynh_secure_remove /etc/cron.d/$app_dev -ynh_secure_remove /etc/cron.d/$app_staging #================================================= # GENERIC FINALISATION @@ -133,14 +93,29 @@ ynh_script_progression --message="Removing the dedicated system user..." --weigh # Delete dedicated system user ynh_system_user_delete --username=$app -# Delete dedicated system user -ynh_system_user_delete --username=$app_dev - -# Delete dedicated system user -ynh_system_user_delete --username=$app_staging - #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +app_dev=$(yunohost app map -r | grep -A2 $domain_dev | grep id: | sed "s/.*id: //") +if [ ! -z "$app_dev" ]; then + if [ -d /var/www/$app_dev ]; then + yunohost app remove $app_dev + fi +fi + +app_staging=$(yunohost app map -r | grep -A2 $domain_staging | grep id: | sed "s/.*id: //") +if [ ! -z "$app_staging" ]; then + if [ -d /var/www/$app_staging ]; then + yunohost app remove $app_staging + fi +fi + +# TODO +rm /etc/nginx/conf.d/fastcgi.conf +systemctl reload nginx +#if [[ ! $(ls -A /etc/nginx/conf.d/fastcgi.conf-*) ]]; then +#rm /etc/nginx/conf.d/fastcgi.conf +#fi + +ynh_script_progression --message="Removal of $app completed" --last \ No newline at end of file