From fee55a28069a70ea270db616e336ac2254d57985 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 16:46:38 +0530 Subject: [PATCH 1/7] Minor fix --- bin/update | 2 +- src/modules/stack/install/ee_mod_setup_nginx.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/update b/bin/update index 56632023..a1bc857e 100644 --- a/bin/update +++ b/bin/update @@ -106,7 +106,7 @@ if [[ $EE_CURRENT_VERSION < $EE_LATEST_VERSION ]]; then || ee_lib_error "Unable to copy NGINX sample files, exit status = " $? # NGINX Setup - sed -i "s/X-Powered-By EasyEngine/X-Powered-By EasyEngine $EE_LATEST_VERSION/" /etc/nginx/nginx.conf + sed -i "s/X-Powered-By.*/X-Powered-By \"EasyEngine $EE_LATEST_VERSION\";/" /etc/nginx/nginx.conf rsync -avz --exclude acl.conf /usr/share/easyengine/nginx/common/* /etc/nginx/common/ &>> $EE_UPDATE_LOG \ || ee_lib_error "Unable to rsync NGINX common files, exit status = " $? diff --git a/src/modules/stack/install/ee_mod_setup_nginx.sh b/src/modules/stack/install/ee_mod_setup_nginx.sh index 24c73d7f..3dc77948 100644 --- a/src/modules/stack/install/ee_mod_setup_nginx.sh +++ b/src/modules/stack/install/ee_mod_setup_nginx.sh @@ -6,7 +6,7 @@ function ee_mod_setup_nginx() ee_lib_echo "Setting up NGINX, please wait..." - grep "EasyEngine" /etc/nginx/nginx.conf &> /dev/null + grep "EasyEngine" /etc/nginx/nginx.conf &>> /dev/null if [ $? -ne 0 ]; then # Adjust nginx worker_processes and worker_rlimit_nofile value @@ -20,7 +20,7 @@ function ee_mod_setup_nginx() # Disable nginx version # Set custom header # SSL Settings - sed -i "s/http {/http {\n\t##\n\t# EasyEngine Settings\n\t##\n\n\tserver_tokens off;\n\treset_timedout_connection on;\n\tadd_header X-Powered-By "EasyEngine $EE_VERSION";\n\tadd_header rt-Fastcgi-Cache \$upstream_cache_status;\n\n\t# Limit Request\n\tlimit_req_status 403;\n\tlimit_req_zone \$binary_remote_addr zone=one:10m rate=1r\/s;\n\n\t# Proxy Settings\n\t# set_real_ip_from\tproxy-server-ip;\n\t# real_ip_header\tX-Forwarded-For;\n\n\tfastcgi_read_timeout 300;\n\tclient_max_body_size 100m;\n\n\t# SSL Settings\n\tssl_session_cache shared:SSL:20m;\n\tssl_session_timeout 10m;\n\tssl_prefer_server_ciphers on;\n\tssl_ciphers HIGH:\!aNULL:\!MD5:\!kEDH;\n\n/" /etc/nginx/nginx.conf + sed -i "s/http {/http {\n\t##\n\t# EasyEngine Settings\n\t##\n\n\tserver_tokens off;\n\treset_timedout_connection on;\n\tadd_header X-Powered-By \"EasyEngine $EE_VERSION\";\n\tadd_header rt-Fastcgi-Cache \$upstream_cache_status;\n\n\t# Limit Request\n\tlimit_req_status 403;\n\tlimit_req_zone \$binary_remote_addr zone=one:10m rate=1r\/s;\n\n\t# Proxy Settings\n\t# set_real_ip_from\tproxy-server-ip;\n\t# real_ip_header\tX-Forwarded-For;\n\n\tfastcgi_read_timeout 300;\n\tclient_max_body_size 100m;\n\n\t# SSL Settings\n\tssl_session_cache shared:SSL:20m;\n\tssl_session_timeout 10m;\n\tssl_prefer_server_ciphers on;\n\tssl_ciphers HIGH:\!aNULL:\!MD5:\!kEDH;\n\n/" /etc/nginx/nginx.conf # Adjust nginx keepalive_timeout sed -i "s/keepalive_timeout.*/keepalive_timeout 30;/" /etc/nginx/nginx.conf From 769e11c9d600e8574f44c9059e04db5ed4e96071 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 17:17:52 +0530 Subject: [PATCH 2/7] Minor fix --- src/modules/stack/install/ee_mod_setup_nginx.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/modules/stack/install/ee_mod_setup_nginx.sh b/src/modules/stack/install/ee_mod_setup_nginx.sh index 3dc77948..48888297 100644 --- a/src/modules/stack/install/ee_mod_setup_nginx.sh +++ b/src/modules/stack/install/ee_mod_setup_nginx.sh @@ -14,7 +14,7 @@ function ee_mod_setup_nginx() sed -i "/worker_processes/a \worker_rlimit_nofile 100000;" /etc/nginx/nginx.conf # Adjust nginx worker_connections and multi_accept - sed -i "s/worker_connections.*/worker_connections 1024;/" /etc/nginx/nginx.conf + sed -i "s/worker_connections.*/worker_connections 4096;/" /etc/nginx/nginx.conf sed -i "s/# multi_accept/multi_accept/" /etc/nginx/nginx.conf # Disable nginx version @@ -30,9 +30,13 @@ function ee_mod_setup_nginx() # Enable Gun-zip sed -i "s/# gzip/gzip/" /etc/nginx/nginx.conf - fi + # Update EasyEngine version + # Launchpad PPA already have above settings + # On Ubuntu above block never executed + sed -i "s/X-Powered-By.*/X-Powered-By \"EasyEngine $EE_LATEST_VERSION\";/" /etc/nginx/nginx.conf + # Create directory if not exist if [ ! -d /etc/nginx/conf.d ]; then mkdir /etc/nginx/conf.d || ee_lib_error "Unable to create /etc/nginx/conf.d, exit status = " $? From a150f0309313bfd6b1965d249960df21b534f606 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 17:21:29 +0530 Subject: [PATCH 3/7] Minor fix --- src/modules/stack/install/ee_mod_setup_nginx.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/stack/install/ee_mod_setup_nginx.sh b/src/modules/stack/install/ee_mod_setup_nginx.sh index 48888297..ba8dbc3b 100644 --- a/src/modules/stack/install/ee_mod_setup_nginx.sh +++ b/src/modules/stack/install/ee_mod_setup_nginx.sh @@ -35,7 +35,7 @@ function ee_mod_setup_nginx() # Update EasyEngine version # Launchpad PPA already have above settings # On Ubuntu above block never executed - sed -i "s/X-Powered-By.*/X-Powered-By \"EasyEngine $EE_LATEST_VERSION\";/" /etc/nginx/nginx.conf + sed -i "s/X-Powered-By.*/X-Powered-By \"EasyEngine $EE_VERSION\";/" /etc/nginx/nginx.conf # Create directory if not exist if [ ! -d /etc/nginx/conf.d ]; then From bcf74b496b396e67a973c2a1974e04fc02ff18d4 Mon Sep 17 00:00:00 2001 From: gau1991 Date: Fri, 11 Jul 2014 17:26:25 +0530 Subject: [PATCH 4/7] Added update in autocompletion --- config/bash_completion.d/ee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/bash_completion.d/ee b/config/bash_completion.d/ee index 6d8bdfff..a31bbe71 100644 --- a/config/bash_completion.d/ee +++ b/config/bash_completion.d/ee @@ -15,7 +15,7 @@ function EE_AUTO() # List of suggested words easyengine|ee) - COMPREPLY=( $(compgen -W '$(echo version help info; command find /usr/local/lib/easyengine/modules/ -maxdepth 1 -type d -printf "%P " 2> /dev/null)' -- $CURRENT) ) + COMPREPLY=( $(compgen -W '$(echo version help info update; command find /usr/local/lib/easyengine/modules/ -maxdepth 1 -type d -printf "%P " 2> /dev/null)' -- $CURRENT) ) return 0 ;; From b9342bee8720e519bf4e26164c9cd9a96c63b3c9 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 18:37:04 +0530 Subject: [PATCH 5/7] fix #178 - ee secure --ip --- bin/easyengine | 3 ++- src/modules/stack/install/ee_mod_setup_nginx.sh | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/easyengine b/bin/easyengine index d09e0064..b772e0f6 100644 --- a/bin/easyengine +++ b/bin/easyengine @@ -571,13 +571,14 @@ elif [ "$EE_FIRST" = "debug" ]; then # EasyEngine secure elif [ "$EE_FIRST" = "secure" ]; then - if [ "$EE_SECOND" = "--auth" ] || [ "$EE_SECOND" = "--port" ]; then + if [ "$EE_SECOND" = "--auth" ] || [ "$EE_SECOND" = "--port" ] || [ "$EE_SECOND" = "--ip" ]; then ee_mod_secure_$(echo $EE_SECOND | sed 's/--//') ee_lib_service nginx reload else ee_lib_echo "ee secure commands:" ee_lib_echo_escape "\t--auth\tUpdate credential of HTTP authentication" ee_lib_echo_escape "\t--port\tChange EasyEngine admin port 22222" + ee_lib_echo_escape "\t--ip\tUpdate whitelist IP address" fi # EasyEngine update diff --git a/src/modules/stack/install/ee_mod_setup_nginx.sh b/src/modules/stack/install/ee_mod_setup_nginx.sh index ba8dbc3b..a439f4ef 100644 --- a/src/modules/stack/install/ee_mod_setup_nginx.sh +++ b/src/modules/stack/install/ee_mod_setup_nginx.sh @@ -90,9 +90,8 @@ function ee_mod_setup_nginx() # White list IP address if [ -n "$EE_IP_ADDRESS" ]; then - for ee_whitelist_ip_address in $(echo $EE_IP_ADDRESS) - do - sed -i "/deny/i $(echo allow $ee_whitelist_ip_address\;)" /etc/nginx/common/acl.conf + for ee_whitelist_ip_address in $(echo $EE_IP_ADDRESS);do + sed -i "/deny/i $(echo allow $ee_whitelist_ip_address\;)" /etc/nginx/common/acl.conf done fi From e4583513bcfec8e0ae9ef95587306080649827ee Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 18:44:47 +0530 Subject: [PATCH 6/7] fix #178 - ee secure --ip --- src/modules/secure/ee_mod_secure_ip.sh | 31 ++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 src/modules/secure/ee_mod_secure_ip.sh diff --git a/src/modules/secure/ee_mod_secure_ip.sh b/src/modules/secure/ee_mod_secure_ip.sh new file mode 100644 index 00000000..e5d835b9 --- /dev/null +++ b/src/modules/secure/ee_mod_secure_ip.sh @@ -0,0 +1,31 @@ +# White list IP address + +function ee_mod_secure_ip() +{ + read -p "Enter the comma separated IP addresses to white list [127.0.0.1]: " ee_ip + + # If enter is pressed, set 127.0.0.1 + if [[ $ee_ip = "" ]]; then + ee_ip=127.0.0.1 + fi + + # Check weather IP address already present or not + for ee_check_ip in $(echo $ee_ip | cut -d'=' -f2 | sed 's/ //g' | tr ',' '\n'); do + grep $ee_check_ip /etc/easyengine/ee.conf &>> /dev/null + if [ $? -ne 0 ]; then + ee_update_ip="$ee_update_ip $ee_check_ip" + fi + done + + # Update ee.conf + $EE_CONFIG_SET stack.ip-address "$($EE_CONFIG_GET stack.ip-address),$(echo $ee_update_ip | tr ' ' ',')" + + # White list IP address + EE_IP_ADDRESS=$($EE_CONFIG_GET stack.ip-address | cut -d'=' -f2 | sed 's/ //g' | tr ',' '\n') + if [ -n "$EE_IP_ADDRESS" ]; then + sed -i "/allow.*/d" /etc/nginx/common/acl.conf + for ee_whitelist_ip_address in $(echo $EE_IP_ADDRESS);do + sed -i "/deny/i $(echo allow $ee_whitelist_ip_address\;)" /etc/nginx/common/acl.conf + done + fi +} From 1d81e1d3ed3a0e478ca7ef4565aea93fba2ea15b Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 11 Jul 2014 18:48:52 +0530 Subject: [PATCH 7/7] Fix readonly variable --- src/lib/ee_lib_variables.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ee_lib_variables.sh b/src/lib/ee_lib_variables.sh index d757e8a9..6729c0de 100644 --- a/src/lib/ee_lib_variables.sh +++ b/src/lib/ee_lib_variables.sh @@ -15,8 +15,8 @@ readonly EE_ERROR_LOG=/var/log/easyengine/error.log readonly EE_LINUX_DISTRO=$(lsb_release -i |awk '{print $3}') readonly EE_CONFIG_GET=$(echo "git config --file /etc/easyengine/ee.conf") readonly EE_CONFIG_SET=$(echo "git config --file /etc/easyengine/ee.conf" --replace-all) -readonly EE_IP_ADDRESS=$($EE_CONFIG_GET stack.ip-address | cut -d'=' -f2 | sed 's/ //g' | tr ',' '\n') readonly EE_APT_GET=$($EE_CONFIG_GET stack.apt-get-assume-yes | grep -i true &> /dev/null && echo apt-get -y || echo apt-get) +EE_IP_ADDRESS=$($EE_CONFIG_GET stack.ip-address | cut -d'=' -f2 | sed 's/ //g' | tr ',' '\n') # Distribution specific variable if [ "$EE_LINUX_DISTRO" == "Ubuntu" ]; then