gabriel
/
wordpress_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

update

testing
Gabriel Cossette 5 years ago
parent
3c95a557d8
commit
0c187f0f8a
12 changed files with 1354 additions and 111 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 123
      conf/fastcgi.conf
  2. 31
      conf/nginx-cache-custom/includes/settings-page.css
  3. 41
      conf/nginx-cache-custom/includes/settings-page.php
  4. 95
      conf/nginx-cache-custom/languages/nginx-cache.pot
  5. 316
      conf/nginx-cache-custom/nginx-cache.php
  6. 66
      conf/nginx-cache-custom/readme.txt
  7. 312
      conf/nginx-cache.conf
  8. 268
      conf/nginx-standard.conf
  9. 37
      conf/nginx.conf
  10. 19
      manifest.json
  11. 60
      scripts/install
  12. 91
      scripts/remove

123
conf/fastcgi.conf
View File

@ -0,0 +1,123 @@
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
fastcgi_cache_lock on;
fastcgi_cache_lock_age 5s;
fastcgi_cache_lock_timeout 5s;
fastcgi_cache_methods GET HEAD;
fastcgi_cache_background_update on;
fastcgi_cache_valid 200 24h;
fastcgi_cache_valid 301 302 30m;
fastcgi_cache_valid 499 502 503 1m;
fastcgi_cache_valid 404 1h;
fastcgi_cache_valid any 1h;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_keep_conn on;
# do not cache xhtml request
map $http_x_requested_with $http_request_no_cache {
default 0;
XMLHttpRequest 1;
}
# do not cache requests on cookies
map $http_cookie $cookie_no_cache {
default 0;
"~*wordpress_[a-f0-9]+" 1;
"~*wp-postpass" 1;
"~*wordpress_logged_in" 1;
"~*wordpress_no_cache" 1;
"~*comment_author" 1;
"~*woocommerce_items_in_cart" 1;
"~*edd_items_in_cart" 1;
"~*woocommerce_cart_hash" 1;
"~*wptouch_switch_toogle" 1;
"~*comment_author_email_" 1;
"~*wptouch_switch_toggle" 1;
"~*edd" 1;
}
# do not cache the following uri
map $request_uri $uri_no_cache {
default 0;
"~*/wp-admin/" 1;
"~*/wp-[a-zA-Z0-9-]+.php" 1;
"~*/feed/" 1;
"~*/index.php" 1;
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
"~*/sitemap(_index)?.xml" 1;
"~*/wp-comments-popup.php" 1;
"~*/wp-links-opml.php" 1;
"~*/xmlrpc.php" 1;
"~*/edd-sl/*" 1;
"~*/add_to_cart/" 1;
"~*/cart/" 1;
"~*/account/" 1;
"~*/my-account/" 1;
"~*/checkout/" 1;
"~*/addons/" 1;
"~*/wc-api/*" 1;
"~*/logout/" 1;
"~*/lost-password/" 1;
"~*/panier/" 1;
"~*/mon-compte/" 1;
"~*/embed" 1;
"~*/commande/" 1;
"~*/resetpass/" 1;
}
# do not cache requests with query strings
map $is_args $query_no_cache {
default 1;
"" 0;
}
# if all previous check are passed, $skip_cache = 0
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
default 1;
0000 0;
}
map $http_accept $webp_suffix_valid {
default 1;
"~*webp" 0;
}
map $realip_remote_addr $webp_suffix_cf {
default 0;
103.21.244.0/22 1;
103.22.200.0/22 1;
103.31.4.0/22 1;
104.16.0.0/12 1;
108.162.192.0/18 1;
131.0.72.0/22 1;
141.101.64.0/18 1;
162.158.0.0/15 1;
172.64.0.0/13 1;
173.245.48.0/20 1;
188.114.96.0/20 1;
190.93.240.0/20 1;
197.234.240.0/22 1;
198.41.128.0/17 1;
199.27.128.0/21 1;
2400:cb00::/32 1;
2405:8100::/32 1;
2405:b500::/32 1;
2606:4700::/32 1;
2803:f800::/32 1;
2a06:98c0::/29 1;
2c0f:f248::/32 1;
}
map $webp_suffix_cf$webp_suffix_valid $webp_suffix {
default "";
00 ".webp";
}
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

31
conf/nginx-cache-custom/includes/settings-page.css
View File

@ -0,0 +1,31 @@
.wrap .button.delete {
background: #d54e21;
border-color: #a83d1a;
color: white;
-webkit-box-shadow: inset 0 1px 0 #e68260, 0 1px 0 rgba(0, 0, 0, 0.15);
box-shadow: inset 0 1px 0 #e68260, 0 1px 0 rgba(0, 0, 0, 0.15);
}
.wrap .button.delete:hover,
.wrap .button.delete:focus {
background: #be461d;
border-color: #923517;
color: white;
box-shadow: inset 0 1px 0 #e3704a;
}
.wrap .button.delete:focus {
box-shadow: inset 0 1px 0 #e3704a,
0 0 0 1px #d54e21,
0 0 2px 1px rgba( 30, 140, 190, .8 );
}
.wrap .button.delete:active {
background: #a83d1a;
border-color: #923517;
color: white;
box-shadow: inset 0 2px 5px -3px rgba( 0, 0, 0, 0.5 ),
0 0 0 1px #d54e21,
0 0 2px 1px rgba( 30, 140, 190, .8 );
}

41
conf/nginx-cache-custom/includes/settings-page.php
View File

@ -0,0 +1,41 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; ?>
<div class="wrap">
<h1><?php _e( 'Nginx Cache', 'nginx' ); ?></h1>
<?php settings_errors(); ?>
<form method="post" action="options.php">
<?php settings_fields( 'nginx-cache' ); ?>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e( 'Cache Zone Path', 'nginx-cache' ); ?></th>
<td>
<input type="text" class="regular-text code" name="nginx_cache_path" placeholder="/data/nginx/cache" value="<?php echo esc_attr( get_option( 'nginx_cache_path' ) ); ?>" />
<p class="description"><?php _e( 'The absolute path to the location of the cache zone, specified in the Nginx <code>fastcgi_cache_path</code> or <code>proxy_cache_path</code> directive.', 'nginx-cache' ); ?></p>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e( 'Purge Cache', 'nginx-cache' ); ?></th>
<td>
<label for="nginx_auto_purge">
<input name="nginx_auto_purge" type="checkbox" id="nginx_auto_purge" value="1" <?php checked( get_option( 'nginx_auto_purge' ), '1' ); ?> />
<?php _e( 'Automatically flush the cache when content changes', 'nginx-cache' ); ?>
</label>
</td>
</tr>
</table>
<p class="submit">
<?php echo get_submit_button( null, 'primary large', 'submit', false ); ?>
&nbsp;
<a href="<?php echo wp_nonce_url( admin_url( add_query_arg( 'action', 'purge-cache', $this->admin_page ) ), 'purge-cache' ); ?>" class="button button-secondary button-large delete<?php if ( is_wp_error( $this->is_valid_path() ) ) : ?> disabled<?php endif; ?>"><?php _e( 'Purge Cache', 'nginx-cache' ); ?></a>
</p>
</form>
</div>

95
conf/nginx-cache-custom/languages/nginx-cache.pot
View File

@ -0,0 +1,95 @@
# Copyright (C) 2020 Till Krüss
# This file is distributed under the GPLv3.
msgid ""
msgstr ""
"Project-Id-Version: Nginx Cache 1.0.5\n"
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/trunk\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"POT-Creation-Date: 2020-11-21T22:49:14+00:00\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"X-Generator: WP-CLI 2.4.0\n"
"X-Domain: nginx-cache\n"
#. Plugin Name of the plugin
#: nginx-cache.php:138
#: nginx-cache.php:139
msgid "Nginx Cache"
msgstr ""
#. Plugin URI of the plugin
msgid "http://wordpress.org/plugins/nginx-cache/"
msgstr ""
#. Description of the plugin
msgid "Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress."
msgstr ""
#. Author of the plugin
msgid "Till Krüss"
msgstr ""
#. Author URI of the plugin
msgid "http://till.im/"
msgstr ""
#: includes/settings-page.php:16
msgid "Cache Zone Path"
msgstr ""
#: includes/settings-page.php:19
msgid "The absolute path to the location of the cache zone, specified in the Nginx <code>fastcgi_cache_path</code> or <code>proxy_cache_path</code> directive."
msgstr ""
#: includes/settings-page.php:23
#: includes/settings-page.php:36
#: nginx-cache.php:128
msgid "Purge Cache"
msgstr ""
#: includes/settings-page.php:27
msgid "Automatically flush the cache when content changes"
msgstr ""
#: nginx-cache.php:80
msgid "Cache purged."
msgstr ""
#: nginx-cache.php:85
msgid "Cache could not be purged. %s"
msgstr ""
#: nginx-cache.php:120
msgid "Nginx"
msgstr ""
#: nginx-cache.php:155
msgid "Settings"
msgstr ""
#: nginx-cache.php:177
msgid "\"Cache Zone Path\" is not set."
msgstr ""
#: nginx-cache.php:183
msgid "\"Cache Zone Path\" does not exist."
msgstr ""
#: nginx-cache.php:187
msgid "\"Cache Zone Path\" is not a directory."
msgstr ""
#: nginx-cache.php:193
msgid "\"Cache Zone Path\" does not appear to be a Nginx cache zone directory."
msgstr ""
#: nginx-cache.php:197
msgid "\"Cache Zone Path\" is not writable."
msgstr ""
#: nginx-cache.php:204
msgid "Filesystem API could not be initialized."
msgstr ""

316
conf/nginx-cache-custom/nginx-cache.php
View File

@ -0,0 +1,316 @@
<?php
/*
Plugin Name: Nginx Cache Custom
Plugin URI: http://wordpress.org/plugins/nginx-cache/
Description: Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
Version: 1.0.4
Text Domain: nginx-cache
Domain Path: /languages
Author: Till Krüss
Author URI: http://till.im/
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/
if ( ! defined( 'ABSPATH' ) ) exit;
class NginxCache {
private $screen = 'tools_page_nginx-cache';
private $capability = 'manage_options';
private $admin_page = 'tools.php?page=nginx-cache';
public function __construct() {
load_plugin_textdomain( 'nginx-cache', false, 'nginx-cache/languages' );
add_filter( 'option_nginx_cache_path', 'sanitize_text_field' );
add_filter( 'option_nginx_auto_purge', 'absint' );
add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), array( $this, 'add_plugin_actions_links' ) );
// if ( get_option( 'nginx_auto_purge' ) ) {
add_action( 'init', array( $this, 'register_purge_actions' ), 20 );
// }
add_action( 'admin_init', array( $this, 'register_settings' ) );
add_action( 'admin_menu', array( $this, 'add_admin_menu_page' ) );
add_action( 'admin_bar_menu', array( $this, 'add_admin_bar_node' ), 100 );
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_styles' ) );
add_action( 'load-' . $this->screen, array( $this, 'do_admin_actions' ) );
add_action( 'load-' . $this->screen, array( $this, 'add_settings_notices' ) );
}
public function register_purge_actions() {
// use `nginx_cache_purge_actions` filter to alter default purge actions
$purge_actions = (array) apply_filters(
'nginx_cache_purge_actions',
array(
'publish_phone', 'save_post', 'edit_post', 'delete_post', 'wp_trash_post', 'clean_post_cache',
'trackback_post', 'pingback_post', 'comment_post', 'edit_comment', 'delete_comment', 'wp_set_comment_status',
'switch_theme', 'wp_update_nav_menu', 'edit_user_profile_update'
)
);
foreach ( $purge_actions as $action ) {
if ( did_action( $action ) ) {
$this->purge_zone_once();
} else {
add_action( $action, array( $this, 'purge_zone_once' ) );
}
}
}
public function register_settings() {
register_setting( 'nginx-cache', 'nginx_cache_path', 'sanitize_text_field' );
register_setting( 'nginx-cache', 'nginx_auto_purge', 'absint' );
}
public function add_settings_notices() {
// $path_error = $this->is_valid_path();
if ( isset( $_GET[ 'message' ] ) && ! isset( $_GET[ 'settings-updated' ] ) ) {
// show cache purge success message
if ( $_GET[ 'message' ] === 'cache-purged' ) {
add_settings_error( '', 'nginx_cache_path', __( 'Cache purged.', 'nginx-cache' ), 'updated' );
}
// show cache purge failure message
if ( $_GET[ 'message' ] === 'purge-cache-failed' ) {
add_settings_error( '', 'nginx_cache_path', sprintf( __( 'Cache could not be purged. %s', 'nginx-cache' ), wptexturize( $path_error->get_error_message() ) ) );
}
} elseif ( is_wp_error( $path_error ) && $path_error->get_error_code() === 'fs' ) {
// show cache path problem message
add_settings_error( '', 'nginx_cache_path', wptexturize( $path_error->get_error_message( 'fs' ) ) );
}
}
public function do_admin_actions() {
// purge cache
if ( isset( $_GET[ 'action' ] ) && $_GET[ 'action' ] === 'purge-cache' && wp_verify_nonce( $_GET[ '_wpnonce' ], 'purge-cache' ) ) {
$result = $this->purge_zone();
wp_safe_redirect( admin_url( add_query_arg( 'message', is_wp_error( $result ) ? 'purge-cache-failed' : 'cache-purged', $this->admin_page ) ) );
exit;
}
}
public function add_admin_bar_node( $wp_admin_bar ) {
// verify user capability
if ( ! current_user_can( $this->capability ) ) {
return;
}
// add "Nginx" node to admin-bar
$wp_admin_bar->add_node( array(
'id' => 'nginx-cache',
'title' => __( 'Nginx', 'nginx-cache' ),
'href' => admin_url( $this->admin_page )
) );
// add "Purge Cache" to "Nginx" node
$wp_admin_bar->add_node( array(
'parent' => 'nginx-cache',
'id' => 'purge-cache',
'title' => __( 'Purge Cache', 'nginx-cache' ),
'href' => wp_nonce_url( admin_url( add_query_arg( 'action', 'purge-cache', $this->admin_page ) ), 'purge-cache' )
) );
}
public function add_admin_menu_page() {
// add "Tools" sub-page
add_management_page(
__( 'Nginx Cache', 'nginx-cache' ),
__( 'Nginx Cache', 'nginx-cache' ),
$this->capability,
'nginx-cache',
array( $this, 'show_settings_page' )
);
}
public function show_settings_page() {
require_once plugin_dir_path( __FILE__ ) . '/includes/settings-page.php';
}
public function add_plugin_actions_links( $links ) {
// add settings link to plugin actions
return array_merge(
array( '<a href="' . admin_url( $this->admin_page ) . '">' . __( 'Settings', 'nginx-cache' ) . '</a>' ),
$links
);
}
public function enqueue_admin_styles( $hook_suffix ) {
if ( $hook_suffix === $this->screen ) {
$plugin = get_plugin_data( __FILE__ );
wp_enqueue_style( 'nginx-cache', plugin_dir_url( __FILE__ ) . 'includes/settings-page.css', null, $plugin[ 'Version' ] );
}
}
private function is_valid_path() {
global $wp_filesystem;
$path = get_option( 'nginx_cache_path' );
if ( empty( $path ) ) {
return new WP_Error( 'empty', __( '"Cache Zone Path" is not set.', 'nginx-cache' ) );
}
if ( $this->initialize_filesystem() ) {
if ( ! $wp_filesystem->exists( $path ) ) {
return new WP_Error( 'fs', __( '"Cache Zone Path" does not exist.', 'nginx-cache' ) );
}
if ( ! $wp_filesystem->is_dir( $path ) ) {
return new WP_Error( 'fs', __( '"Cache Zone Path" is not a directory.', 'nginx-cache' ) );
}
$list = $wp_filesystem->dirlist( $path, true, true );
if ( is_array( $list ) && ! $this->validate_dirlist( $list ) ) {
return new WP_Error( 'fs', __( '"Cache Zone Path" does not appear to be a Nginx cache zone directory.', 'nginx-cache' ) );
}
if ( ! $wp_filesystem->is_writable( $path ) ) {
return new WP_Error( 'fs', __( '"Cache Zone Path" is not writable.', 'nginx-cache' ) );
}
return true;
}
return new WP_Error( 'fs', __( 'Filesystem API could not be initialized.', 'nginx-cache' ) );
}
private function validate_dirlist( $list ) {
foreach ( $list as $item ) {
// abort if file is not a MD5 hash
if ( $item[ 'type' ] === 'f' && ( strlen( $item[ 'name' ] ) !== 32 || ! ctype_xdigit( $item[ 'name' ] ) ) ) {
return false;
}
// validate subdirectories recursively
if ( $item[ 'type' ] === 'd' && ! $this->validate_dirlist( $item[ 'files' ] ) ) {
return false;
}
}
return true;
}
public function purge_zone_once() {
static $completed = false;
if ( ! $completed ) {
$this->purge_zone();
$completed = true;
}
}
private function purge_zone() {
global $wp_filesystem;
if ( ! $this->should_purge() ) {
return false;
}
// $path = get_option( 'nginx_cache_path' );
// $path_error = $this->is_valid_path();
// abort if cache zone path is not valid
// if ( is_wp_error( $path_error ) ) {
// return $path_error;
// }
// delete cache directory (recursively)
// $wp_filesystem->rmdir( $path, true );
// recreate empty cache directory
// $wp_filesystem->mkdir( $path );
system('sudo /bin/rm -r /var/run/nginx-cache/APP_NAME/*');
do_action( 'nginx_cache_zone_purged', $path );
return true;
}
private function should_purge() {
$post_type = get_post_type();
if ( ! $post_type ) {
return true;
}
if ( ! in_array( $post_type, (array) apply_filters( 'nginx_cache_excluded_post_types', array() ) ) ) {
return true;
}
return false;
}
private function initialize_filesystem() {
$path = get_option( 'nginx_cache_path' );
// if the cache directory doesn't exist, try to create it
if ( ! file_exists( $path ) ) {
mkdir( $path );
}
// load WordPress file API?
if ( ! function_exists( 'request_filesystem_credentials' ) ) {
require_once ABSPATH . 'wp-admin/includes/file.php';
}
ob_start();
$credentials = request_filesystem_credentials( '', '', false, $path, null, true );
ob_end_clean();
if ( $credentials === false ) {
return false;
}
if ( ! WP_Filesystem( $credentials, $path, true ) ) {
return false;
}
return true;
}
}
new NginxCache;

66
conf/nginx-cache-custom/readme.txt
View File

@ -0,0 +1,66 @@
=== Nginx Cache ===
Contributors: tillkruess
Donate link: https://github.com/sponsors/tillkruss
Tags: nginx, nginx cache, cache, caching, purge, purge cache, flush, flush cache, server, performance, optimize, speed, load, fastcgi, fastcgi purge, proxy, proxy purge, reverse proxy
Requires at least: 3.1
Tested up to: 5.6
Stable tag: 1.0.5
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.html
Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
== Description ==
Purge the [Nginx](http://nginx.org) cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.
Requirements:
* The [Filesystem API](http://codex.wordpress.org/Filesystem_API) needs to function without asking for credentials.
* Nginx and PHP need to run under the same user, or PHP's user needs write access to Nginx's cache path.
== Installation ==
For detailed installation instructions, please read the [standard installation procedure for WordPress plugins](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins).
1. Install and activate plugin.
2. Enter "Cache Zone Path" under _Tools -> Nginx_.
3. Done.
== Screenshots ==
1. Plugin settings page.
== Changelog ==
= 1.0.5 =
* Added `nginx_cache_zone_purged` action
= 1.0.4 =
* Improved translatable strings
* Fixed auto-purge bug
* Fixed bug when validating directory
= 1.0.3 =
* Create cache directory if it doesn't exists
* Re-create cache directory after cache purge
* Allow post types to be excluded from triggering a cache purge
= 1.0.2 =
* Fixed 4.6 issue with file-system credentials
= 1.0.1 =
* Improved testing of file-system credentials
= 1.0 =
* Initial release

312
conf/nginx-cache.conf
View File

@ -0,0 +1,312 @@
#--MULTISITE--if (!-e $request_filename) {
#--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
#--MULTISITE--}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
location @empty_gif {
empty_gif;
}
add_header X-fastcgi-cache $upstream_cache_status;
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
index index.php;
if (!-e $request_filename)
{
rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
}
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 1G;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache __NAME__;
fastcgi_cache_valid 60m;
}
##### CACHE CONFIGURATION #####
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~ /purge(/.*) {
fastcgi_cache_purge __NAME__ "$scheme$request_method$host$1";
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ /\. { deny all; access_log off; log_not_found off; }
##### SECURITY CONFIGURATION #####
location = /wp-login.php {
limit_req zone=one burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache __NAME__;
fastcgi_cache_valid 60m;
}
# Prevent DoS attacks on wp-cron
location = /wp-cron.php {
limit_req zone=two burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache __NAME__;
fastcgi_cache_valid 60m;
}
# Prevent DoS attacks with xmlrpc.php
location = /xmlrpc.php {
limit_req zone=two burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache __NAME__;
fastcgi_cache_valid 60m;
}
# Disable wp-config.txt
location = /wp-config.txt {
deny all;
access_log off;
log_not_found off;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# webp rewrite rules for jpg and png images
# try to load alternative image.png.webp before image.png
location /wp-content/uploads {
location ~ \.(png|jpe?g)$ {
add_header Vary "Accept-Encoding";
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
try_files $uri$webp_suffix $uri =404;
}
location ~* \.(php|gz|log|zip|tar|rar|xz)$ {
#Prevent Direct Access Of PHP Files & Backups from Web Browsers
deny all;
}
}
# webp rewrite rules for EWWW testing image
location /wp-content/plugins/ewww-image-optimizer/images {
location ~ \.(png|jpe?g)$ {
add_header Vary "Accept-Encoding";
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
try_files $uri$webp_suffix $uri =404;
}
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# enable gzip on static assets - php files are forbidden
location /wp-content/cache {
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# mitigate DoS attack CVE with WordPress script concatenation
# add the following line to wp-config.php
# define( 'CONCATENATE_SCRIPTS', false );
location ~ \/wp-admin\/load-(scripts|styles).php {
deny all;
}
# Protect Easy Digital Download files from being accessed directly.
location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ {
rewrite / permanent;
}
##### ADDITIONAL LOCATIONS #####
# Basic locations files
location = /favicon.ico {
try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
access_log off;
log_not_found off;
expires max;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires 30d;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
deny all;
}
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
allow all;
auth_basic off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
}
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
deny all;
}
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
}
# block base64_encoded content
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
# block javascript eval()
location ~* "(eval\()" {
deny all;
}
# Additional security settings
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "([a-z0-9]{2000})" {
deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

268
conf/nginx-standard.conf
View File

@ -0,0 +1,268 @@
#--MULTISITE--if (!-e $request_filename) {
#--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
#--MULTISITE--}
# fallback for robots.txt with default wordpress rules
location @robots {
return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
}
location @empty_gif {
empty_gif;
}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
index index.php;
if (!-e $request_filename)
{
rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
}
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 1G;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ /\. { deny all; access_log off; log_not_found off; }
##### SECURITY CONFIGURATION #####
location = /wp-login.php {
limit_req zone=one burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
}
# Prevent DoS attacks on wp-cron
location = /wp-cron.php {
limit_req zone=two burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
}
# Prevent DoS attacks with xmlrpc.php
location = /xmlrpc.php {
limit_req zone=two burst=1 nodelay;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
try_files $uri =404;
}
# Disable wp-config.txt
location = /wp-config.txt {
deny all;
access_log off;
log_not_found off;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args @robots;
access_log off;
log_not_found off;
}
# webp rewrite rules for jpg and png images
# try to load alternative image.png.webp before image.png
location /wp-content/uploads {
location ~ \.(png|jpe?g)$ {
add_header Vary "Accept-Encoding";
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
try_files $uri$webp_suffix $uri =404;
}
location ~* \.(php|gz|log|zip|tar|rar|xz)$ {
#Prevent Direct Access Of PHP Files & Backups from Web Browsers
deny all;
}
}
# webp rewrite rules for EWWW testing image
location /wp-content/plugins/ewww-image-optimizer/images {
location ~ \.(png|jpe?g)$ {
add_header Vary "Accept-Encoding";
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
try_files $uri$webp_suffix $uri =404;
}
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# enable gzip on static assets - php files are forbidden
location /wp-content/cache {
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?|.html)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
access_log off;
log_not_found off;
expires 30d;
}
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# mitigate DoS attack CVE with WordPress script concatenation
# add the following line to wp-config.php
# define( 'CONCATENATE_SCRIPTS', false );
location ~ \/wp-admin\/load-(scripts|styles).php {
deny all;
}
# Protect Easy Digital Download files from being accessed directly.
location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ {
rewrite / permanent;
}
##### ADDITIONAL LOCATIONS #####
# Basic locations files
location = /favicon.ico {
try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
access_log off;
log_not_found off;
expires max;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
more_set_headers 'Access-Control-Allow-Origin : *';
more_set_headers "Cache-Control : public, no-transform";
access_log off;
log_not_found off;
expires 30d;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
deny all;
}
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
allow all;
auth_basic off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
}
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
deny all;
}
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
deny all;
}
# block base64_encoded content
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
# block javascript eval()
location ~* "(eval\()" {
deny all;
}
# Additional security settings
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* "([a-z0-9]{2000})" {
deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

37
conf/nginx.conf
View File

@ -1,37 +0,0 @@
#--MULTISITE--if (!-e $request_filename) {
#--MULTISITE--rewrite /wp-admin$ $scheme://$host$uri/ permanent;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/wp-.*) __PATH__$2 last;
#--MULTISITE--rewrite ^__PATH__(/[^/]+)?(/.*\.php)$ __PATH__$2 last;
#--MULTISITE--}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
index index.php;
if (!-e $request_filename)
{
rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
}
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 30m;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

19
manifest.json
View File

@ -36,7 +36,7 @@
"fr": "Choisissez un domaine pour WordPress"
},
"example": "domain.org",
"default": "site.yntest.weblibre.ca"
"default": "s8.yntest.weblibre.ca"
},
{
"name": "domain_dev",
@ -119,13 +119,13 @@
"optional": true
},
{
"name": "switch",
"name": "cache",
"type": "boolean",
"ask": {
"en": "Do not enter anything",
"fr": "Ne rien entrer ici"
"en": "Enable cache for main website?",
"fr": "Activer la cache pour le site principal?"
},
"default": false
"default": true
},
{
"name": "phpversion",
@ -136,6 +136,15 @@
},
"choices": ["7.0" , "7.1", "7.2", "7.3", "7.4"],
"default": "7.3"
},
{
"name": "switch",
"type": "boolean",
"ask": {
"en": "Do not enter anything",
"fr": "Ne rien entrer ici"
},
"default": true
}
]
}

60
scripts/install
View File

@ -29,6 +29,7 @@ language=$YNH_APP_ARG_LANGUAGE
multisite=$YNH_APP_ARG_MULTISITE
is_public=$YNH_APP_ARG_IS_PUBLIC
repo=$YNH_APP_ARG_REPO
cache=$YNH_APP_ARG_CACHE
switch=$YNH_APP_ARG_SWITCH
app=$YNH_APP_INSTANCE_NAME
@ -71,6 +72,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=multisite --value=$multisite
ynh_app_setting_set --app=$app --key=repo --value=$repo
ynh_app_setting_set --app=$app --key=cache --value=$cache
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1
@ -110,21 +112,48 @@ then
ynh_setup_source --dest_dir="$final_path"
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
# Create a dedicated system user
ynh_system_user_create --username=$app
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=3
# Create a dedicated NGINX config
ynh_add_nginx_config
if [ ! -f /etc/nginx/conf.d/fastcgi.conf ];
then
cp ../conf/fastcgi.conf /etc/nginx/conf.d/fastcgi.conf
fi
if [ $cache -eq 1 ]
then
#=================================================
# CREATE DEDICATED USER
# Add fastcgi_cache settings
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
# Create a dedicated system user
ynh_system_user_create --username=$app
mkdir -p /var/run/nginx-cache/$app
chmod 750 /var/run/nginx-cache/$app
chgrp $app /var/run/nginx-cache/$app
echo "fastcgi_cache_path /var/run/nginx-cache/$app levels=1:2 keys_zone=$app:50m inactive=6h max_size=256M;" > /tmp/newfile
cat /etc/nginx/conf.d/$domain.conf >> /tmp/newfile
cp /tmp/newfile /etc/nginx/conf.d/$domain.conf
rm /tmp/newfile
cp ../conf/nginx-cache.conf ../conf/nginx.conf
else
cp ../conf/nginx-standard.conf ../conf/nginx.conf
fi
systemctl reload nginx
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# PHP-FPM CONFIGURATION
@ -208,6 +237,15 @@ $wpcli_alias plugin install http-authentication
$wpcli_alias plugin install companion-auto-update
$wpcli_alias plugin install wp-fail2ban-redux
if [ $cache -eq 1 ]
then
cp -r ../conf/nginx-cache-custom $final_path/wp-content/plugins/nginx-cache-custom
ynh_replace_string --match_string="APP_NAME" --replace_string="$app" --target_file=/$final_path/wp-content/plugins/nginx-cache-custom/nginx-cache.php
echo "$app ALL=(root) NOPASSWD: /bin/rm -r /var/run/nginx-cache/$app/*" >> /etc/sudoers
fi
#=================================================
# SET LANGUAGE
#=================================================
@ -261,6 +299,12 @@ $wpcli_alias plugin activate authldap $plugin_network
$wpcli_alias plugin activate companion-auto-update $plugin_network
$wpcli_alias plugin activate wp-fail2ban-redux $plugin_network
if [ $cache -eq 1 ]
then
$wpcli_alias plugin activate nginx-cache-custom $plugin_network
fi
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
@ -349,7 +393,7 @@ ynh_script_progression --message="Installation of $app completed" --last
if [ $switch -eq 1 ]
then
yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_dev&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&switch=0"
yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_dev&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&cache=0&switch=0"
yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_staging&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&switch=0"
yunohost app install -f /home/gcossette/wordpress_ynh -a "domain=$domain_staging&domain_dev=s8-dev.yntest.weblibre.ca&domain_staging=s8-staging.yntest.weblibre.ca&path=/&admin=gcossette&language=en_US&multisite=false&is_public=true&repo=&cache=0&switch=0"
fi

91
scripts/remove
View File

@ -15,21 +15,13 @@ source /usr/share/yunohost/helpers
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
app_dev=$app-dev
app_staging=$app-staging
app_initial=$app
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain_dev=$(ynh_app_setting_get --app=$app --key=domain_dev)
db_name_dev=$(ynh_app_setting_get --app=$app --key=db_name_dev)
final_path_dev=$(ynh_app_setting_get --app=$app --key=final_path_dev)
domain_staging=$(ynh_app_setting_get --app=$app --key=domain_staging)
db_name_staging=$(ynh_app_setting_get --app=$app --key=db_name_staging)
final_path_staging=$(ynh_app_setting_get --app=$app --key=final_path_staging)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
cache=$(ynh_app_setting_get --app=$app --key=cache)
#=================================================
# STANDARD REMOVE
@ -41,12 +33,6 @@ ynh_script_progression --message="Removing the MySQL database..." --weight=2
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_name_dev --db_name=$db_name_dev
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_name_staging --db_name=$db_name_staging
#=================================================
# REMOVE APP MAIN DIR
#=================================================
@ -55,30 +41,20 @@ ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
# Remove the app directory securely
ynh_secure_remove --file="$final_path_dev"
# Remove the app directory securely
ynh_secure_remove --file="$final_path_staging"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
app=$app_dev
# Remove the dedicated NGINX config
ynh_remove_nginx_config
if [ $cache -eq 1 ]
then
sed -i "/fastcgi_cache_path/d" /etc/nginx/conf.d/$domain.conf
rm -r /var/run/nginx-cache/$app
fi
app=$app_staging
# Remove the dedicated NGINX config
ynh_remove_nginx_config
app=$app_initial
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
@ -87,15 +63,11 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
app=$app_dev
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
app=$app_staging
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
# REMOVE PLUGIN CONFIGURATION
#=================================================
app=$app_initial
sed -i "/$app ALL=(root)/d" /etc/sudoers
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
@ -105,23 +77,11 @@ ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
app=$app_dev
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
app=$app_staging
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
app=$app_initial
#=================================================
# REMOVE THE CRON
#=================================================
ynh_secure_remove /etc/cron.d/$app
ynh_secure_remove /etc/cron.d/$app_dev
ynh_secure_remove /etc/cron.d/$app_staging
#=================================================
# GENERIC FINALISATION
@ -133,14 +93,29 @@ ynh_script_progression --message="Removing the dedicated system user..." --weigh
# Delete dedicated system user
ynh_system_user_delete --username=$app
# Delete dedicated system user
ynh_system_user_delete --username=$app_dev
# Delete dedicated system user
ynh_system_user_delete --username=$app_staging
#=================================================
# END OF SCRIPT
#=================================================
app_dev=$(yunohost app map -r | grep -A2 $domain_dev | grep id: | sed "s/.*id: //")
if [ ! -z "$app_dev" ]; then
if [ -d /var/www/$app_dev ]; then
yunohost app remove $app_dev
fi
fi
app_staging=$(yunohost app map -r | grep -A2 $domain_staging | grep id: | sed "s/.*id: //")
if [ ! -z "$app_staging" ]; then
if [ -d /var/www/$app_staging ]; then
yunohost app remove $app_staging
fi
fi
# TODO
rm /etc/nginx/conf.d/fastcgi.conf
systemctl reload nginx
#if [[ ! $(ls -A /etc/nginx/conf.d/fastcgi.conf-*) ]]; then
#rm /etc/nginx/conf.d/fastcgi.conf
#fi
ynh_script_progression --message="Removal of $app completed" --last
Write Preview
Loading…
Cancel
Save