From d3e6ff7fee5e95363e9a5a5160ef787e23786801 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Wed, 6 Jun 2018 22:38:32 +0530 Subject: [PATCH 1/9] Generate config files from mustache --- site-command.php | 2 + src/Site_Command.php | 46 ++++++------ templates/config/.env.mustache | 10 +++ templates/config/nginx/common/locations.conf | 76 ++++++++++++++++++++ templates/config/nginx/common/php.conf | 11 +++ templates/config/nginx/common/redis.conf | 57 +++++++++++++++ templates/config/nginx/common/wpcommon.conf | 35 +++++++++ templates/config/nginx/common/wpsubdir.conf | 10 +++ templates/config/nginx/default.conf.mustache | 37 ++++++++++ templates/config/nginx/php-fpm/php.ini | 7 ++ 10 files changed, 271 insertions(+), 20 deletions(-) create mode 100644 templates/config/.env.mustache create mode 100644 templates/config/nginx/common/locations.conf create mode 100644 templates/config/nginx/common/php.conf create mode 100644 templates/config/nginx/common/redis.conf create mode 100644 templates/config/nginx/common/wpcommon.conf create mode 100644 templates/config/nginx/common/wpsubdir.conf create mode 100644 templates/config/nginx/default.conf.mustache create mode 100644 templates/config/nginx/php-fpm/php.ini diff --git a/site-command.php b/site-command.php index dfac975b..769ead99 100644 --- a/site-command.php +++ b/site-command.php @@ -1,5 +1,7 @@ site_root . '/docker-compose.yml'; $site_conf_env = $this->site_root . '/.env'; $site_nginx_default_conf = $site_conf_dir . '/nginx/default.conf'; - $default_conf = EE_SITE_CONF_ROOT . "/default/config"; + $server_name = ( 'wpsubdom' === $this->site_type ) ? "$this->site_name *.$this->site_name" : $this->site_name; if ( ! $this->create_site_root() ) { EE::error( "Webroot directory for site $this->site_name already exists." ); } + EE::log( "Creating WordPress site $this->site_name..." ); EE::log( 'Copying configuration files...' ); $filter = array(); @@ -305,37 +307,41 @@ private function configure_site() { $filter[] = $this->cache_type; $site_docker = new Site_Docker(); $docker_compose_content = $site_docker->generate_docker_compose_yml( $filter ); + $default_conf_content = $this->generate_default_conf( $this->site_type, $this->cache_type, $server_name ); + $env_content = mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/.env.mustache', [ 'virtual_host' => $this->site_name, 'password' => $this->db_pass ] ); try { - if ( ! ( \EE\Utils\copy_recursive( $default_conf, $site_conf_dir ) + if ( ! ( \EE\Utils\copy_recursive( EE_CONFIG_TEMPLATE_ROOT, $site_conf_dir ) && file_put_contents( $site_docker_yml, $docker_compose_content ) - && rename( "$site_conf_dir/.env.example", $site_conf_env ) ) ) { + && file_put_contents( $site_nginx_default_conf, $default_conf_content ) + && file_put_contents( $site_nginx_default_conf, $default_conf_content ) + && file_put_contents( $site_conf_env, $env_content ) ) ) { throw new Exception( 'Could not copy configuration files.' ); } - if ( 'wpsubdir' !== $this->site_type ) { - $ee_conf = ( 'wpredis' === $this->cache_type ) ? 'wpredis' : 'wp'; - } else { - $ee_conf = ( 'wpredis' === $this->cache_type ) ? 'wpredis-subdir' : 'wpsubdir'; - } - - \EE\Utils\copy_recursive( EE_SITE_CONF_ROOT . "/$ee_conf/config", $site_conf_dir ); - EE::success( 'Configuration files copied.' ); - - // Updating config file. - $server_name = ( 'wpsubdom' === $this->site_type ) ? "$this->site_name *.$this->site_name" : $this->site_name; - EE::log( 'Updating configuration files...' ); - EE::success( 'Configuration files updated.' ); - if ( ! ( file_put_contents( $site_conf_env, str_replace( [ '{V_HOST}', 'password' ], [ $this->site_name, $this->db_pass ], file_get_contents( $site_conf_env ) ) ) - && ( file_put_contents( $site_nginx_default_conf, str_replace( '{V_HOST}', $server_name, file_get_contents( $site_nginx_default_conf ) ) ) ) ) ) { - throw new Exception( 'Could not modify configuration files.' ); - } } catch ( Exception $e ) { $this->catch_clean( $e ); } } + /** + * Function to generate default.conf from mustache templates. + * + * @param string $site_type Type of site (wpsubdom, wpredis etc..) + * @param string $cache_type Type of cache(wpredis or none) + * @param string $server_name Name of server to use in virtual_host + */ + private function generate_default_conf( $site_type, $cache_type, $server_name ) { + $default_conf_data['site_type'] = $site_type; + $default_conf_data['server_name'] = $server_name; + $default_conf_data['wp'] = $site_type === 'wp'; + $default_conf_data['wpredis'] = $site_type === 'wpredis'; + $default_conf_data['wpsubdir'] = $site_type === 'wpsubdir' && $cache_type !== 'wpredis'; + $default_conf_data['wpsubdir-redis'] = $site_type === 'wpsubdir' && $cache_type === 'wpredis'; + + return mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/nginx/default.conf.mustache', $default_conf_data ); + } /** * Function to create site root directory. diff --git a/templates/config/.env.mustache b/templates/config/.env.mustache new file mode 100644 index 00000000..8d56ff36 --- /dev/null +++ b/templates/config/.env.mustache @@ -0,0 +1,10 @@ +MYSQL_ROOT_PASSWORD={{password}} +MYSQL_DATABASE=wordpress +MYSQL_USER=wordpress +MYSQL_PASSWORD={{password}} + +WORDPRESS_DB_HOST=db +VIRTUAL_HOST={{virtual_host}} +VIRTUAL_HOST_EMAIL=example@{{virtual_host}} +USER_ID=1000 +GROUP_ID=1000 diff --git a/templates/config/nginx/common/locations.conf b/templates/config/nginx/common/locations.conf new file mode 100644 index 00000000..a45de4d7 --- /dev/null +++ b/templates/config/nginx/common/locations.conf @@ -0,0 +1,76 @@ +# NGINX CONFIGURATION FOR COMMON LOCATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +# Basic locations files +location = /favicon.ico { + access_log off; + log_not_found off; + expires max; +} + +location = /robots.txt { + # Some WordPress plugin gererate robots.txt file + # Refer #340 issue + + return 200 'User-agent: * +Disallow: /'; + access_log off; + log_not_found off; +} +# Cache static files +location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ { + add_header "Access-Control-Allow-Origin" "*"; + access_log off; + log_not_found off; + expires max; +} +# Security settings for better privacy +# Deny hidden files +location /.well-known { + allow all; +} +location ~ /\. { + deny all; + access_log off; + log_not_found off; +} +# Deny backup extensions & log files +location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ { + deny all; + access_log off; + log_not_found off; +} +# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) +if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { + return 403; +} +# Status pages +location /nginx_status { + stub_status on; + access_log off; + +} +location ~ ^/(status|ping) { + include fastcgi_params; + fastcgi_pass php:9000; + +} +# EasyEngine (ee) utilities +# phpMyAdmin settings +location /pma { + return 301 http://pma.$host; +} +location /phpMyAdmin { + return 301 http://pma.$host; +} +location /phpmyadmin { + return 301 http://pma.$host; +} +# Adminer settings +location /adminer { + return 301 https://$host:22222/db/adminer; +} + +location ~* \.(css|js)$ { + expires 5s; + add_header Cache-Control "public, must-revalidate"; +} diff --git a/templates/config/nginx/common/php.conf b/templates/config/nginx/common/php.conf new file mode 100644 index 00000000..9b38372b --- /dev/null +++ b/templates/config/nginx/common/php.conf @@ -0,0 +1,11 @@ +# PHP NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +location / { + try_files $uri $uri/ /index.php?$args; +} +location ~ \.php$ { + try_files $uri =404; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass php:9000; +} diff --git a/templates/config/nginx/common/redis.conf b/templates/config/nginx/common/redis.conf new file mode 100644 index 00000000..5bf2d2f2 --- /dev/null +++ b/templates/config/nginx/common/redis.conf @@ -0,0 +1,57 @@ +# Redis NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +set $skip_cache 0; +# POST requests and URL with a query string should always go to php +if ($request_method = POST) { + set $skip_cache 1; +} +if ($query_string != "") { + set $skip_cache 1; +} +# Don't cache URL containing the following segments +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $skip_cache 1; +} +# Don't use the cache for logged in users or recent commenter or customer with items in cart +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { + set $skip_cache 1; +} +# Use cached or actual file if they exists, Otherwise pass request to WordPress +location / { + try_files $uri $uri/ /index.php?$args; +} + +location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass ee4_redis:6379; +} +location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass ee4_redis:6379; +} + +location ~ \.php$ { +# add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip_cache; + srcache_store_skip $skip_cache; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php:9000; +} diff --git a/templates/config/nginx/common/wpcommon.conf b/templates/config/nginx/common/wpcommon.conf new file mode 100644 index 00000000..be7795e1 --- /dev/null +++ b/templates/config/nginx/common/wpcommon.conf @@ -0,0 +1,35 @@ +# WordPress COMMON SETTINGS +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +# Limit access to avoid brute force attack +location = /wp-login.php { + limit_req zone=one burst=1 nodelay; + include fastcgi_params; + fastcgi_pass php:9000; +} +# Disable wp-config.txt +location = /wp-config.txt { + deny all; + access_log off; + log_not_found off; +} +# Disallow php in upload folder +location /wp-content/uploads/ { + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } +} +# Yoast sitemap +location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ { + rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent; + rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last; + # Rules for yoast sitemap with wp|wpsubdir|wpsubdomain + rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last; + rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; + # Following lines are options. Needed for WordPress seo addons + rewrite ^/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last; + rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last; + rewrite ^/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last; + rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last; + access_log off; +} diff --git a/templates/config/nginx/common/wpsubdir.conf b/templates/config/nginx/common/wpsubdir.conf new file mode 100644 index 00000000..58229c32 --- /dev/null +++ b/templates/config/nginx/common/wpsubdir.conf @@ -0,0 +1,10 @@ +# WPSUBDIRECTORY NGINX CONFIGURATION +# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) +if (!-e $request_filename) { +# Redirect wp-admin to wp-admin/ +rewrite /wp-admin$ $scheme://$host$uri/ permanent; +# Redirect wp-* files/folders +rewrite ^(/[^/]+)?(/wp-.*) $2 last; +# Redirect other php files +rewrite ^(/[^/]+)?(/.*\.php) $2 last; +} \ No newline at end of file diff --git a/templates/config/nginx/default.conf.mustache b/templates/config/nginx/default.conf.mustache new file mode 100644 index 00000000..2537aaea --- /dev/null +++ b/templates/config/nginx/default.conf.mustache @@ -0,0 +1,37 @@ +server { + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + root /var/www/html; + + server_name {{server_name}}; + + index index.php index.html index.htm; + + {{! If the site type is WordPress}} + {{#wp}} + include common/php.conf; + {{/wp}} + + {{! If the site type is WordPress multisite with subdirectory }} + {{#wpsubdir}} + include common/wpsubdir.conf; + include common/php.conf; + {{/wpsubdir}} + + {{! If the site type is WordPress with redis caching }} + {{#wpredis}} + include common/redis.conf; + {{/wpredis}} + + {{! If the site type is WordPress multisite with subdirectory with redis caching }} + {{#wpredis-subdir}} + include common/redis.conf; + include common/wpsubdir.conf; + {{/wpredis-subdir}} + + include common/wpcommon.conf; + include common/locations.conf; + + client_max_body_size 100m; +} diff --git a/templates/config/nginx/php-fpm/php.ini b/templates/config/nginx/php-fpm/php.ini new file mode 100644 index 00000000..c5964c49 --- /dev/null +++ b/templates/config/nginx/php-fpm/php.ini @@ -0,0 +1,7 @@ +# Custom PHP settings + +upload_max_filesize = 100M +post_max_size = 100M + +[mail function] +sendmail_path = /usr/sbin/sendmail -S mail:1025 From 884542a04346a027f2b3edeba3530411f69c344a Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Thu, 7 Jun 2018 00:02:03 +0530 Subject: [PATCH 2/9] Add mustache tags in env file --- src/Site_Command.php | 19 +++++++++++++++---- templates/config/.env.mustache | 14 +++++++------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/src/Site_Command.php b/src/Site_Command.php index 8addb3e9..6fd59d7b 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -2,8 +2,7 @@ declare( ticks=1 ); -use EE\Utils; -use function \EE\Utils\mustache_render; +// use \EE\Utils; /** * Creates a simple WordPress Website. @@ -295,6 +294,7 @@ private function configure_site() { $site_conf_env = $this->site_root . '/.env'; $site_nginx_default_conf = $site_conf_dir . '/nginx/default.conf'; $server_name = ( 'wpsubdom' === $this->site_type ) ? "$this->site_name *.$this->site_name" : $this->site_name; + $process_user = posix_getpwuid( posix_geteuid() ); if ( ! $this->create_site_root() ) { EE::error( "Webroot directory for site $this->site_name already exists." ); @@ -302,13 +302,24 @@ private function configure_site() { EE::log( "Creating WordPress site $this->site_name..." ); EE::log( 'Copying configuration files...' ); + $filter = array(); $filter[] = $this->site_type; $filter[] = $this->cache_type; $site_docker = new Site_Docker(); $docker_compose_content = $site_docker->generate_docker_compose_yml( $filter ); $default_conf_content = $this->generate_default_conf( $this->site_type, $this->cache_type, $server_name ); - $env_content = mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/.env.mustache', [ 'virtual_host' => $this->site_name, 'password' => $this->db_pass ] ); + $env_data = [ + 'virtual_host' => $this->site_name, + 'root_password' => $this->db_pass, + 'mysql_database' => 'wordpress', + 'mysql_user' => 'wordpress', + 'user_password' => $this->db_pass, + 'wp_db_host' => 'db', + 'user_id' => $process_user['uid'], + 'group_id' => $process_user['gid'], + ]; + $env_content = \EE\Utils\mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/.env.mustache', $env_data ); try { if ( ! ( \EE\Utils\copy_recursive( EE_CONFIG_TEMPLATE_ROOT, $site_conf_dir ) @@ -340,7 +351,7 @@ private function generate_default_conf( $site_type, $cache_type, $server_name ) $default_conf_data['wpsubdir'] = $site_type === 'wpsubdir' && $cache_type !== 'wpredis'; $default_conf_data['wpsubdir-redis'] = $site_type === 'wpsubdir' && $cache_type === 'wpredis'; - return mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/nginx/default.conf.mustache', $default_conf_data ); + return \EE\Utils\mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/nginx/default.conf.mustache', $default_conf_data ); } /** diff --git a/templates/config/.env.mustache b/templates/config/.env.mustache index 8d56ff36..90903765 100644 --- a/templates/config/.env.mustache +++ b/templates/config/.env.mustache @@ -1,10 +1,10 @@ -MYSQL_ROOT_PASSWORD={{password}} -MYSQL_DATABASE=wordpress -MYSQL_USER=wordpress -MYSQL_PASSWORD={{password}} +MYSQL_ROOT_PASSWORD={{root_password}} +MYSQL_DATABASE={{database_name}} +MYSQL_USER={{database_user}} +MYSQL_PASSWORD={{user_password}} -WORDPRESS_DB_HOST=db +WORDPRESS_DB_HOST={{wp_db_host}} VIRTUAL_HOST={{virtual_host}} VIRTUAL_HOST_EMAIL=example@{{virtual_host}} -USER_ID=1000 -GROUP_ID=1000 +USER_ID={{user_id}} +GROUP_ID={{group_id}} From 9914b6b59ea943986525d3560bb86e35e5cf9dd1 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Thu, 7 Jun 2018 00:08:37 +0530 Subject: [PATCH 3/9] Remove commented code --- src/Site_Command.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Site_Command.php b/src/Site_Command.php index 6fd59d7b..137bf7cc 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -2,8 +2,6 @@ declare( ticks=1 ); -// use \EE\Utils; - /** * Creates a simple WordPress Website. * From 28456a3de8f95c998c6b1058ea28d0dff977c91d Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Fri, 8 Jun 2018 01:30:59 +0530 Subject: [PATCH 4/9] Update PR according to feedback --- templates/config/nginx/common/locations.conf | 20 ++------------------ templates/config/nginx/common/redis.conf | 16 ++++++++-------- templates/config/nginx/common/wpcommon.conf | 14 -------------- 3 files changed, 10 insertions(+), 40 deletions(-) diff --git a/templates/config/nginx/common/locations.conf b/templates/config/nginx/common/locations.conf index a45de4d7..6207f319 100644 --- a/templates/config/nginx/common/locations.conf +++ b/templates/config/nginx/common/locations.conf @@ -47,29 +47,13 @@ if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { location /nginx_status { stub_status on; access_log off; - + } location ~ ^/(status|ping) { include fastcgi_params; fastcgi_pass php:9000; - -} -# EasyEngine (ee) utilities -# phpMyAdmin settings -location /pma { - return 301 http://pma.$host; -} -location /phpMyAdmin { - return 301 http://pma.$host; -} -location /phpmyadmin { - return 301 http://pma.$host; -} -# Adminer settings -location /adminer { - return 301 https://$host:22222/db/adminer; -} +} location ~* \.(css|js)$ { expires 5s; add_header Cache-Control "public, must-revalidate"; diff --git a/templates/config/nginx/common/redis.conf b/templates/config/nginx/common/redis.conf index 5bf2d2f2..d38e07a9 100644 --- a/templates/config/nginx/common/redis.conf +++ b/templates/config/nginx/common/redis.conf @@ -1,20 +1,20 @@ # Redis NGINX CONFIGURATION # DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $skip_cache 0; +set $skip 0; # POST requests and URL with a query string should always go to php if ($request_method = POST) { - set $skip_cache 1; + set $skip 1; } if ($query_string != "") { - set $skip_cache 1; + set $skip 1; } # Don't cache URL containing the following segments if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { - set $skip_cache 1; + set $skip 1; } # Don't use the cache for logged in users or recent commenter or customer with items in cart if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; + set $skip 1; } # Use cached or actual file if they exists, Otherwise pass request to WordPress location / { @@ -35,12 +35,12 @@ location /redis-store { } location ~ \.php$ { -# add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; +# add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; set $key "nginx-cache:$scheme$request_method$host$request_uri"; try_files $uri =404; - srcache_fetch_skip $skip_cache; - srcache_store_skip $skip_cache; + srcache_fetch_skip $skip; + srcache_store_skip $skip; srcache_response_cache_control off; diff --git a/templates/config/nginx/common/wpcommon.conf b/templates/config/nginx/common/wpcommon.conf index be7795e1..35034140 100644 --- a/templates/config/nginx/common/wpcommon.conf +++ b/templates/config/nginx/common/wpcommon.conf @@ -19,17 +19,3 @@ location /wp-content/uploads/ { deny all; } } -# Yoast sitemap -location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ { - rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent; - rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last; - # Rules for yoast sitemap with wp|wpsubdir|wpsubdomain - rewrite ^.*/sitemap_index\.xml$ /index.php?sitemap=1 last; - rewrite ^.*/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; - # Following lines are options. Needed for WordPress seo addons - rewrite ^/news_sitemap\.xml$ /index.php?sitemap=wpseo_news last; - rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last; - rewrite ^/geo_sitemap\.xml$ /index.php?sitemap=wpseo_local last; - rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last; - access_log off; -} From 3cddf15f9a5b5608944c72c96dec36a8646766a0 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Fri, 8 Jun 2018 15:09:13 +0530 Subject: [PATCH 5/9] Rename ee4 in config to ee --- templates/config/nginx/common/redis.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/config/nginx/common/redis.conf b/templates/config/nginx/common/redis.conf index d38e07a9..d43cd25b 100644 --- a/templates/config/nginx/common/redis.conf +++ b/templates/config/nginx/common/redis.conf @@ -24,14 +24,14 @@ location / { location /redis-fetch { internal ; set $redis_key $args; - redis_pass ee4_redis:6379; + redis_pass ee_redis:6379; } location /redis-store { internal ; set_unescape_uri $key $arg_key ; redis2_query set $key $echo_request_body; redis2_query expire $key 14400; - redis2_pass ee4_redis:6379; + redis2_pass ee_redis:6379; } location ~ \.php$ { From 435cb10db199656468ca0e8311dfc8b156d942f5 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Fri, 8 Jun 2018 17:40:25 +0530 Subject: [PATCH 6/9] Convert WP config templates to a single block --- src/Site_Command.php | 14 +- templates/config/nginx/common/locations.conf | 60 ------ templates/config/nginx/common/php.conf | 11 - templates/config/nginx/common/redis.conf | 57 ------ templates/config/nginx/common/wpcommon.conf | 21 -- templates/config/nginx/common/wpsubdir.conf | 10 - templates/config/nginx/default.conf.mustache | 200 ++++++++++++++++--- 7 files changed, 181 insertions(+), 192 deletions(-) delete mode 100644 templates/config/nginx/common/locations.conf delete mode 100644 templates/config/nginx/common/php.conf delete mode 100644 templates/config/nginx/common/redis.conf delete mode 100644 templates/config/nginx/common/wpcommon.conf delete mode 100644 templates/config/nginx/common/wpsubdir.conf diff --git a/src/Site_Command.php b/src/Site_Command.php index 137bf7cc..743926d2 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -324,7 +324,8 @@ private function configure_site() { && file_put_contents( $site_docker_yml, $docker_compose_content ) && file_put_contents( $site_nginx_default_conf, $default_conf_content ) && file_put_contents( $site_nginx_default_conf, $default_conf_content ) - && file_put_contents( $site_conf_env, $env_content ) ) ) { + && file_put_contents( $site_conf_env, $env_content ) + && unlink( $site_conf_dir . '/default.conf.mustache' ) ) ) { throw new Exception( 'Could not copy configuration files.' ); } EE::success( 'Configuration files copied.' ); @@ -342,12 +343,11 @@ private function configure_site() { * @param string $server_name Name of server to use in virtual_host */ private function generate_default_conf( $site_type, $cache_type, $server_name ) { - $default_conf_data['site_type'] = $site_type; - $default_conf_data['server_name'] = $server_name; - $default_conf_data['wp'] = $site_type === 'wp'; - $default_conf_data['wpredis'] = $site_type === 'wpredis'; - $default_conf_data['wpsubdir'] = $site_type === 'wpsubdir' && $cache_type !== 'wpredis'; - $default_conf_data['wpsubdir-redis'] = $site_type === 'wpsubdir' && $cache_type === 'wpredis'; + $default_conf_data['site_type'] = $site_type; + $default_conf_data['server_name'] = $server_name; + $default_conf_data['include_php_conf'] = $site_type === 'wp' || ( $site_type === 'wpsubdir' && $cache_type === 'none' ); + $default_conf_data['include_wpsubdir_conf'] = $site_type === 'wpsubdir'; + $default_conf_data['include_redis_conf'] = $cache_type === 'wpredis'; return \EE\Utils\mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/nginx/default.conf.mustache', $default_conf_data ); } diff --git a/templates/config/nginx/common/locations.conf b/templates/config/nginx/common/locations.conf deleted file mode 100644 index 6207f319..00000000 --- a/templates/config/nginx/common/locations.conf +++ /dev/null @@ -1,60 +0,0 @@ -# NGINX CONFIGURATION FOR COMMON LOCATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -# Basic locations files -location = /favicon.ico { - access_log off; - log_not_found off; - expires max; -} - -location = /robots.txt { - # Some WordPress plugin gererate robots.txt file - # Refer #340 issue - - return 200 'User-agent: * -Disallow: /'; - access_log off; - log_not_found off; -} -# Cache static files -location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ { - add_header "Access-Control-Allow-Origin" "*"; - access_log off; - log_not_found off; - expires max; -} -# Security settings for better privacy -# Deny hidden files -location /.well-known { - allow all; -} -location ~ /\. { - deny all; - access_log off; - log_not_found off; -} -# Deny backup extensions & log files -location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ { - deny all; - access_log off; - log_not_found off; -} -# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) -if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { - return 403; -} -# Status pages -location /nginx_status { - stub_status on; - access_log off; - -} -location ~ ^/(status|ping) { - include fastcgi_params; - fastcgi_pass php:9000; - -} -location ~* \.(css|js)$ { - expires 5s; - add_header Cache-Control "public, must-revalidate"; -} diff --git a/templates/config/nginx/common/php.conf b/templates/config/nginx/common/php.conf deleted file mode 100644 index 9b38372b..00000000 --- a/templates/config/nginx/common/php.conf +++ /dev/null @@ -1,11 +0,0 @@ -# PHP NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -location / { - try_files $uri $uri/ /index.php?$args; -} -location ~ \.php$ { - try_files $uri =404; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass php:9000; -} diff --git a/templates/config/nginx/common/redis.conf b/templates/config/nginx/common/redis.conf deleted file mode 100644 index d43cd25b..00000000 --- a/templates/config/nginx/common/redis.conf +++ /dev/null @@ -1,57 +0,0 @@ -# Redis NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -set $skip 0; -# POST requests and URL with a query string should always go to php -if ($request_method = POST) { - set $skip 1; -} -if ($query_string != "") { - set $skip 1; -} -# Don't cache URL containing the following segments -if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { - set $skip 1; -} -# Don't use the cache for logged in users or recent commenter or customer with items in cart -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip 1; -} -# Use cached or actual file if they exists, Otherwise pass request to WordPress -location / { - try_files $uri $uri/ /index.php?$args; -} - -location /redis-fetch { - internal ; - set $redis_key $args; - redis_pass ee_redis:6379; -} -location /redis-store { - internal ; - set_unescape_uri $key $arg_key ; - redis2_query set $key $echo_request_body; - redis2_query expire $key 14400; - redis2_pass ee_redis:6379; -} - -location ~ \.php$ { -# add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; - set $key "nginx-cache:$scheme$request_method$host$request_uri"; - try_files $uri =404; - - srcache_fetch_skip $skip; - srcache_store_skip $skip; - - srcache_response_cache_control off; - - set_escape_uri $escaped_key $key; - - srcache_fetch GET /redis-fetch $key; - srcache_store PUT /redis-store key=$escaped_key; - - more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; - more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; - - include fastcgi_params; - fastcgi_pass php:9000; -} diff --git a/templates/config/nginx/common/wpcommon.conf b/templates/config/nginx/common/wpcommon.conf deleted file mode 100644 index 35034140..00000000 --- a/templates/config/nginx/common/wpcommon.conf +++ /dev/null @@ -1,21 +0,0 @@ -# WordPress COMMON SETTINGS -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -# Limit access to avoid brute force attack -location = /wp-login.php { - limit_req zone=one burst=1 nodelay; - include fastcgi_params; - fastcgi_pass php:9000; -} -# Disable wp-config.txt -location = /wp-config.txt { - deny all; - access_log off; - log_not_found off; -} -# Disallow php in upload folder -location /wp-content/uploads/ { - location ~ \.php$ { - #Prevent Direct Access Of PHP Files From Web Browsers - deny all; - } -} diff --git a/templates/config/nginx/common/wpsubdir.conf b/templates/config/nginx/common/wpsubdir.conf deleted file mode 100644 index 58229c32..00000000 --- a/templates/config/nginx/common/wpsubdir.conf +++ /dev/null @@ -1,10 +0,0 @@ -# WPSUBDIRECTORY NGINX CONFIGURATION -# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee) -if (!-e $request_filename) { -# Redirect wp-admin to wp-admin/ -rewrite /wp-admin$ $scheme://$host$uri/ permanent; -# Redirect wp-* files/folders -rewrite ^(/[^/]+)?(/wp-.*) $2 last; -# Redirect other php files -rewrite ^(/[^/]+)?(/.*\.php) $2 last; -} \ No newline at end of file diff --git a/templates/config/nginx/default.conf.mustache b/templates/config/nginx/default.conf.mustache index 2537aaea..9866f3fb 100644 --- a/templates/config/nginx/default.conf.mustache +++ b/templates/config/nginx/default.conf.mustache @@ -1,37 +1,185 @@ +# Add your custom config in custom.conf +# ALL CHANGES IN THIS FILE WILL BE LOST AFTER EasyEngine Update + server { - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + root /var/www/html; + + server_name {{server_name}}; + + index index.php index.html index.htm; + + {{#include_redis_conf}} + # Redis NGINX CONFIGURATION + set $skip 0; + # POST requests and URL with a query string should always go to php + if ($request_method = POST) { + set $skip 1; + } + if ($query_string != "") { + set $skip 1; + } + # Don't cache URL containing the following segments + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $skip 1; + } + # Don't use the cache for logged in users or recent commenter or customer with items in cart + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { + set $skip 1; + } + # Use cached or actual file if they exists, Otherwise pass request to WordPress + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /redis-fetch { + internal ; + set $redis_key $args; + redis_pass ee_redis:6379; + } + location /redis-store { + internal ; + set_unescape_uri $key $arg_key ; + redis2_query set $key $echo_request_body; + redis2_query expire $key 14400; + redis2_pass ee_redis:6379; + } + + location ~ \.php$ { + # add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; + set $key "nginx-cache:$scheme$request_method$host$request_uri"; + try_files $uri =404; + + srcache_fetch_skip $skip; + srcache_store_skip $skip; + + srcache_response_cache_control off; + + set_escape_uri $escaped_key $key; + + srcache_fetch GET /redis-fetch $key; + srcache_store PUT /redis-store key=$escaped_key; + + more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status'; + more_set_headers 'X-SRCache-Store-Status $srcache_store_status'; + + include fastcgi_params; + fastcgi_pass php:9000; + } + + {{/include_redis_conf}} + + {{#include_wpsubdir_conf}} + # WPSUBDIRECTORY NGINX CONFIGURATION + if (!-e $request_filename) { - root /var/www/html; + # Redirect wp-admin to wp-admin/ + rewrite /wp-admin$ $scheme://$host$uri/ permanent; - server_name {{server_name}}; + # Redirect wp-* files/folders + rewrite ^(/[^/]+)?(/wp-.*) $2 last; - index index.php index.html index.htm; + # Redirect other php files + rewrite ^(/[^/]+)?(/.*\.php) $2 last; + } + {{/include_wpsubdir_conf}} - {{! If the site type is WordPress}} - {{#wp}} - include common/php.conf; - {{/wp}} + {{#include_php_conf}} + # PHP NGINX CONFIGURATION + location / { + try_files $uri $uri/ /index.php?$args; + } + location ~ \.php$ { + try_files $uri =404; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass php:9000; + } + {{/include_php_conf}} - {{! If the site type is WordPress multisite with subdirectory }} - {{#wpsubdir}} - include common/wpsubdir.conf; - include common/php.conf; - {{/wpsubdir}} + {{! wpcommon.conf }} + # WordPress COMMON SETTINGS + # Limit access to avoid brute force attack + location = /wp-login.php { + limit_req zone=one burst=1 nodelay; + include fastcgi_params; + fastcgi_pass php:9000; + } + # Disable wp-config.txt + location = /wp-config.txt { + deny all; + access_log off; + log_not_found off; + } + # Disallow php in upload folder + location /wp-content/uploads/ { + location ~ \.php$ { + #Prevent Direct Access Of PHP Files From Web Browsers + deny all; + } + } + {{! /wpcommon.conf }} - {{! If the site type is WordPress with redis caching }} - {{#wpredis}} - include common/redis.conf; - {{/wpredis}} + {{! locations.conf }} + # NGINX CONFIGURATION FOR COMMON LOCATION + # Basic locations files + location = /favicon.ico { + access_log off; + log_not_found off; + expires max; + } - {{! If the site type is WordPress multisite with subdirectory with redis caching }} - {{#wpredis-subdir}} - include common/redis.conf; - include common/wpsubdir.conf; - {{/wpredis-subdir}} + location = /robots.txt { + # Some WordPress plugin gererate robots.txt file + # Refer #340 issue + return 200 'User-agent: *\nDisallow: /'; + access_log off; + log_not_found off; + } + # Cache static files + location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ { + add_header "Access-Control-Allow-Origin" "*"; + access_log off; + log_not_found off; + expires max; + } + # Security settings for better privacy + # Deny hidden files + location /.well-known { + allow all; + } + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + # Deny backup extensions & log files + location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ { + deny all; + access_log off; + log_not_found off; + } + # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) + if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { + return 403; + } + # Status pages + location /nginx_status { + stub_status on; + access_log off; + } + location ~ ^/(status|ping) { + include fastcgi_params; + fastcgi_pass php:9000; + } + location ~* \.(css|js)$ { + expires 5s; + add_header Cache-Control "public, must-revalidate"; + } - include common/wpcommon.conf; - include common/locations.conf; + {{! /locations.conf }} - client_max_body_size 100m; + client_max_body_size 100m; } From a5404db9c45701bdbaee2c85cdd128e17bf40c54 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Fri, 8 Jun 2018 23:51:26 +0530 Subject: [PATCH 7/9] Corrected changes in phar --- src/Site_Command.php | 2 +- templates/config/{nginx => }/php-fpm/php.ini | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename templates/config/{nginx => }/php-fpm/php.ini (100%) diff --git a/src/Site_Command.php b/src/Site_Command.php index 743926d2..863ef432 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -345,7 +345,7 @@ private function configure_site() { private function generate_default_conf( $site_type, $cache_type, $server_name ) { $default_conf_data['site_type'] = $site_type; $default_conf_data['server_name'] = $server_name; - $default_conf_data['include_php_conf'] = $site_type === 'wp' || ( $site_type === 'wpsubdir' && $cache_type === 'none' ); + $default_conf_data['include_php_conf'] = $cache_type !== 'wpredis'; $default_conf_data['include_wpsubdir_conf'] = $site_type === 'wpsubdir'; $default_conf_data['include_redis_conf'] = $cache_type === 'wpredis'; diff --git a/templates/config/nginx/php-fpm/php.ini b/templates/config/php-fpm/php.ini similarity index 100% rename from templates/config/nginx/php-fpm/php.ini rename to templates/config/php-fpm/php.ini From a218825fbdeae5ea25a012a13fe48c0fd2ef8a84 Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Sat, 9 Jun 2018 00:37:53 +0530 Subject: [PATCH 8/9] Correct config changes --- src/Site_Docker.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Site_Docker.php b/src/Site_Docker.php index 142b8165..18e2ec34 100644 --- a/src/Site_Docker.php +++ b/src/Site_Docker.php @@ -52,9 +52,9 @@ public function generate_docker_compose_yml( array $filters = [] ) { $nginx['image'] = array( 'name' => 'easyengine/nginx' ); $nginx['depends_on'] = array( 'name' => 'php' ); $nginx['restart'] = $restart_default; - $v_host = in_array( 'wpsubdom', $filters ) ? 'VIRTUAL_HOST=${VIRTUAL_HOST},*.${VIRTUAL_HOST}' : 'VIRTUAL_HOST'; + $v_host = in_array( 'wpsubdom', $filters ) ? 'VIRTUAL_HOST=${VIRTUAL_HOST},HostRegexp:{subdomain:.+}.${VIRTUAL_HOST}' : 'VIRTUAL_HOST'; if ( in_array( 'le', $filters ) ) { - $le_v_host = in_array( 'wpsubdom', $filters ) ? 'LETSENCRYPT_HOST=${VIRTUAL_HOST},*.${VIRTUAL_HOST}' : 'LETSENCRYPT_HOST=${VIRTUAL_HOST}'; + $le_v_host = in_array( 'wpsubdom', $filters ) ? 'LETSENCRYPT_HOST=${VIRTUAL_HOST},HostRegexp:{subdomain:.+}.${VIRTUAL_HOST}' : 'LETSENCRYPT_HOST=${VIRTUAL_HOST}'; $nginx['environment'] = array( 'env' => array( array( 'name' => $v_host ), array( 'name' => $le_v_host ), array( 'name' => 'LETSENCRYPT_EMAIL=${VIRTUAL_HOST_EMAIL}' ) ) ); } else { $nginx['environment'] = array( 'env' => array( array( 'name' => $v_host ) ) ); From 0b4c3d4b5603fc42f56c6cd7bddd85091bc9094e Mon Sep 17 00:00:00 2001 From: Kirtan Gajjar Date: Sat, 9 Jun 2018 01:42:28 +0530 Subject: [PATCH 9/9] Convert php.ini to mustache --- src/Site_Command.php | 13 ++++++++----- templates/config/nginx/default.conf.mustache | 4 ++-- .../config/php-fpm/{php.ini => php.ini.mustache} | 0 3 files changed, 10 insertions(+), 7 deletions(-) rename templates/config/php-fpm/{php.ini => php.ini.mustache} (100%) diff --git a/src/Site_Command.php b/src/Site_Command.php index 863ef432..ff1c293e 100644 --- a/src/Site_Command.php +++ b/src/Site_Command.php @@ -291,6 +291,7 @@ private function configure_site() { $site_docker_yml = $this->site_root . '/docker-compose.yml'; $site_conf_env = $this->site_root . '/.env'; $site_nginx_default_conf = $site_conf_dir . '/nginx/default.conf'; + $site_php_ini = $site_conf_dir . '/php-fpm/php.ini'; $server_name = ( 'wpsubdom' === $this->site_type ) ? "$this->site_name *.$this->site_name" : $this->site_name; $process_user = posix_getpwuid( posix_geteuid() ); @@ -318,14 +319,16 @@ private function configure_site() { 'group_id' => $process_user['gid'], ]; $env_content = \EE\Utils\mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/.env.mustache', $env_data ); + $php_ini_content = \EE\Utils\mustache_render( EE_CONFIG_TEMPLATE_ROOT . '/php-fpm/php.ini.mustache', [] ); try { - if ( ! ( \EE\Utils\copy_recursive( EE_CONFIG_TEMPLATE_ROOT, $site_conf_dir ) - && file_put_contents( $site_docker_yml, $docker_compose_content ) - && file_put_contents( $site_nginx_default_conf, $default_conf_content ) - && file_put_contents( $site_nginx_default_conf, $default_conf_content ) + if ( ! ( file_put_contents( $site_docker_yml, $docker_compose_content ) && file_put_contents( $site_conf_env, $env_content ) - && unlink( $site_conf_dir . '/default.conf.mustache' ) ) ) { + && mkdir( $site_conf_dir ) + && mkdir( $site_conf_dir . '/nginx' ) + && file_put_contents( $site_nginx_default_conf, $default_conf_content ) + && mkdir( $site_conf_dir . '/php-fpm' ) + && file_put_contents( $site_php_ini, $php_ini_content ) ) ) { throw new Exception( 'Could not copy configuration files.' ); } EE::success( 'Configuration files copied.' ); diff --git a/templates/config/nginx/default.conf.mustache b/templates/config/nginx/default.conf.mustache index 9866f3fb..ace63cba 100644 --- a/templates/config/nginx/default.conf.mustache +++ b/templates/config/nginx/default.conf.mustache @@ -134,7 +134,7 @@ server { location = /robots.txt { # Some WordPress plugin gererate robots.txt file # Refer #340 issue - return 200 'User-agent: *\nDisallow: /'; + try_files $uri $uri/ /index.php?$args; access_log off; log_not_found off; } @@ -175,7 +175,7 @@ server { fastcgi_pass php:9000; } location ~* \.(css|js)$ { - expires 5s; + expires 1d; add_header Cache-Control "public, must-revalidate"; } diff --git a/templates/config/php-fpm/php.ini b/templates/config/php-fpm/php.ini.mustache similarity index 100% rename from templates/config/php-fpm/php.ini rename to templates/config/php-fpm/php.ini.mustache