diff --git a/.gitignore b/.gitignore index dd1e425..479896b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ .vagrant -Berksfile.lock +.idea Gemfile.lock *~ *# @@ -12,3 +12,5 @@ Gemfile.lock .kitchen bin .kitchen.local.yml + +*.iml diff --git a/Berksfile b/Berksfile index ea7a934..a64495c 100644 --- a/Berksfile +++ b/Berksfile @@ -1,7 +1,15 @@ -source "https://supermarket.getchef.com" +source "https://supermarket.chef.io" metadata +cookbook 'php', '>= 4.5.0' +cookbook 'apache2', '>= 3.2.2', git: 'https://github.com/sous-chefs/apache2.git' +cookbook 'nginx', '= 8.1.6', git: 'https://github.com/sous-chefs/nginx.git', tag: "v8.1.6" + +cookbook 'database', git: 'https://github.com/alejandrod/database.git' +cookbook 'mysql', git: 'https://github.com/alejandrod/mysql.git' +cookbook 'mysql2_chef_gem', '>= 2.1.0', git: 'https://github.com/alejandrod/mysql2_chef_gem.git' + group :integration do cookbook 'apt', '~> 2.6.1' end diff --git a/Berksfile.lock b/Berksfile.lock new file mode 100644 index 0000000..c6b6f51 --- /dev/null +++ b/Berksfile.lock @@ -0,0 +1,74 @@ +DEPENDENCIES + apache2 + git: https://github.com/sous-chefs/apache2.git + revision: 408c54912f0e362ea9d820a8b43580850c403b9e + apt (~> 2.6.1) + database + git: https://github.com/alejandrod/database.git + revision: ef8cd37a0907cc5e830fb541ba07c4e765e3e09b + mysql + git: https://github.com/alejandrod/mysql.git + revision: f46870cc59b9a3f28c7d05ae935fc9f0672a6bbd + mysql2_chef_gem + git: https://github.com/alejandrod/mysql2_chef_gem.git + revision: 4e8feb1263c7e22ec0c8e9129ae850f607c7bb99 + nginx + git: https://github.com/sous-chefs/nginx.git + revision: 09a227085c5fab9f986fe0cfd010452e07c707f8 + tag: v8.1.6 + php (>= 4.5.0) + wordpress + path: . + metadata: true + +GRAPH + apache2 (7.1.1) + apt (2.6.1) + build-essential (8.2.1) + mingw (>= 1.1) + seven_zip (>= 0.0.0) + database (6.2.0) + postgresql (>= 1.0.0) + iis (7.2.0) + windows (>= 4.1.0) + mariadb (3.1.0) + selinux_policy (~> 2.0) + mingw (2.1.0) + seven_zip (>= 0.0.0) + mysql (8.5.3) + mysql2_chef_gem (2.1.0) + build-essential (>= 2.4.0) + mariadb (>= 0.0.0) + mysql (>= 8.2.0) + nginx (8.1.6) + build-essential (>= 5.0) + ohai (>= 4.1.0) + yum-epel (>= 0.0.0) + zypper (>= 0.0.0) + ohai (5.3.0) + openssl (8.5.5) + php (7.0.0) + yum-epel (>= 0.0.0) + php-fpm (0.8.0) + postgresql (7.1.5) + selinux (3.0.0) + selinux_policy (2.3.4) + seven_zip (3.1.2) + windows (>= 0.0.0) + tar (2.2.0) + windows (6.0.1) + wordpress (4.0.2) + apache2 (>= 5.0.0) + build-essential (>= 0.0.0) + database (>= 1.6.0) + iis (>= 0.0.0) + mysql (>= 6.0) + mysql2_chef_gem (>= 1.1.0) + nginx (~> 8.1.6) + openssl (>= 0.0.0) + php (>= 0.0.0) + php-fpm (>= 0.0.0) + selinux (>= 0.0.0) + tar (>= 0.0.0) + yum-epel (3.3.0) + zypper (0.4.0) diff --git a/Gemfile b/Gemfile index 02e31c6..15fb723 100644 --- a/Gemfile +++ b/Gemfile @@ -1,14 +1,14 @@ source 'https://rubygems.org' -gem 'chef', '>= 11.12' -gem 'berkshelf', '~> 3.0' +gem 'chef', '>= 12.12' +gem 'berkshelf' group :test do - gem 'foodcritic', '~> 4.0' - gem 'strainer', '~> 3.1' + gem 'foodcritic' + gem 'strainer' end group :integration do - gem 'test-kitchen', '~> 1.0' - gem 'kitchen-vagrant', '~> 0.15' + gem 'test-kitchen' + gem 'kitchen-vagrant' end diff --git a/README.md b/README.md index 1a99f24..053cadd 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,13 @@ Attributes * `node['wordpress']['php_options']` - Additional PHP settings for the installation. +* `node['wordpress']['ssl_enabled']` - If true, the certificate attributes must be set +* `node['wordpress']['ssl_certificate']` - Path to the certificate +* `node['wordpress']['ssl_certificate_key']` - Path to the certificate key +* `node['wordpress']['ssl_certificate_chain']` - Path to the certificate chain. Only for apache. + +* `node['wordpress']['error_log']` - Path to the error log file. Should be writable by the user that runs apache + Usage ===== diff --git a/attributes/default.rb b/attributes/default.rb index 873753d..dc971b6 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -33,7 +33,7 @@ default['wordpress']['db']['prefix'] = 'wp_' default['wordpress']['db']['host'] = 'localhost' default['wordpress']['db']['port'] = '3306' # Must be a string -default['wordpress']['db']['charset'] = 'utf8' +default['wordpress']['db']['charset'] = 'utf8mb4' default['wordpress']['db']['collate'] = '' case node['platform'] when 'ubuntu' @@ -41,7 +41,8 @@ when '10.04' default['wordpress']['db']['mysql_version'] = '5.1' else - default['wordpress']['db']['mysql_version'] = '5.5' + default['wordpress']['db']['mysql_version'] = '8.0' + default['wordpress']['db']['collate'] = 'utf8mb4_0900_ai_ci' end when 'centos', 'redhat', 'amazon', 'scientific' if node['platform_version'].to_i < 6 @@ -49,10 +50,12 @@ elsif node['platform_version'].to_i < 7 default['wordpress']['db']['mysql_version'] = '5.1' else - default['wordpress']['db']['mysql_version'] = '5.5' + default['wordpress']['db']['mysql_version'] = '8.0' + default['wordpress']['db']['collate'] = 'utf8mb4_0900_ai_ci' end else - default['wordpress']['db']['mysql_version'] = '5.5' + default['wordpress']['db']['mysql_version'] = '8.0' + default['wordpress']['db']['collate'] = 'utf8mb4_0900_ai_ci' end default['wordpress']['allow_multisite'] = false @@ -61,7 +64,9 @@ default['wordpress']['config_perms'] = 0644 default['wordpress']['server_aliases'] = [node['fqdn']] +default['wordpress']['server_path'] = '/' default['wordpress']['server_port'] = '80' +default['wordpress']['ssl_enabled'] = false default['wordpress']['install']['user'] = node['apache']['user'] default['wordpress']['install']['group'] = node['apache']['group'] @@ -92,12 +97,18 @@ if node['platform'] == 'windows' default['wordpress']['parent_dir'] = "#{ENV['SystemDrive']}\\inetpub" default['wordpress']['dir'] = "#{node['wordpress']['parent_dir']}\\wordpress" + default['wordpress']['docroot'] = "#{node['wordpress']['parent_dir']}\\wordpress" default['wordpress']['url'] = "https://wordpress.org/wordpress-#{node['wordpress']['version']}.zip" else default['wordpress']['server_name'] = node['fqdn'] default['wordpress']['parent_dir'] = '/var/www' default['wordpress']['dir'] = "#{node['wordpress']['parent_dir']}/wordpress" + default['wordpress']['docroot'] = "#{node['wordpress']['parent_dir']}/wordpress" default['wordpress']['url'] = "https://wordpress.org/wordpress-#{node['wordpress']['version']}.tar.gz" end default['wordpress']['php_options'] = { 'php_admin_value[upload_max_filesize]' => '50M', 'php_admin_value[post_max_size]' => '55M' } + +default['wordpress']['admin'] = { + htpasswd: "/var/www/admin/.htpasswd" +} diff --git a/metadata.rb b/metadata.rb index febe26f..41c83a3 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ license "Apache 2.0" description "Installs/Configures WordPress" long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "3.0.0" +version "4.1.0" recipe "WordPress", "Installs and configures WordPress LAMP stack on a single system" recipe "WordPress::languages", "Install WordPress translation files" @@ -13,16 +13,16 @@ depends cb end -depends "apache2", ">= 2.0.0" +depends "apache2", ">= 5.0.0" depends "database", ">= 1.6.0" depends "mysql", ">= 6.0" -depends "mysql2_chef_gem", "~> 1.0.1" +depends "mysql2_chef_gem", ">= 1.1.0" depends "build-essential" -depends "iis", ">= 1.6.2" -depends "tar", ">= 0.3.1" -depends "nginx", "~> 2.7.4" -depends "php-fpm", "~> 0.6.10" -depends 'selinux', '~> 0.7' +depends "iis" +depends "tar" +depends "nginx", "~> 8.1.6" +depends "php-fpm" +depends 'selinux' %w{ debian ubuntu windows centos redhat scientific oracle }.each do |os| supports os diff --git a/recipes/apache.rb b/recipes/apache.rb index 88acc03..21b5d96 100644 --- a/recipes/apache.rb +++ b/recipes/apache.rb @@ -21,9 +21,10 @@ # On Windows PHP comes with the MySQL Module and we use IIS on Windows unless platform? "windows" - include_recipe "php::module_mysql" include_recipe "apache2" - include_recipe "apache2::mod_php5" + include_recipe "apache2::mod_php" + + package 'php7.2-mysql' end include_recipe "wordpress::app" @@ -47,7 +48,8 @@ else web_app "wordpress" do template "wordpress.conf.erb" - docroot node['wordpress']['dir'] + docroot node['wordpress']['docroot'] + server_path node['wordpress']['server_path'] server_name node['wordpress']['server_name'] server_aliases node['wordpress']['server_aliases'] server_port node['wordpress']['server_port'] diff --git a/recipes/database.rb b/recipes/database.rb index 3f61d78..f5c4c97 100644 --- a/recipes/database.rb +++ b/recipes/database.rb @@ -20,13 +20,24 @@ # limitations under the License. # +apt_repository 'mysql' do + uri 'http://repo.mysql.com/apt/ubuntu/' + components %w(mysql-8.0 mysql-tools) + key '5072E1F5' + keyserver 'pool.sks-keyservers.net' + not_if { ::File.exist?('/etc/apt/sources.list.d/mysql.list') } +end + mysql_client 'default' do action :create not_if { node['platform_family'] == 'windows' } + version '8.0' end mysql2_chef_gem 'default' do action :install + gem_version '0.5.3' + package_version '8.0' end ::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) diff --git a/recipes/default.rb b/recipes/default.rb index 39636ec..d8b6f44 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -17,4 +17,22 @@ # limitations under the License. # +users = node[:wordpress][:admin][:users] || [] + +if users.any? + directory File.dirname(node[:wordpress][:admin][:htpasswd]) do + owner 'root' + group 'root' + recursive true + mode 0755 + end + + file node[:wordpress][:admin][:htpasswd] do + owner node[:wordpress][:install][:user] + group node[:wordpress][:install][:group] + mode 0644 + content users.join("\n") + end +end + include_recipe "wordpress::apache" diff --git a/recipes/nginx.rb b/recipes/nginx.rb index 7820a2b..a22dfcb 100644 --- a/recipes/nginx.rb +++ b/recipes/nginx.rb @@ -34,7 +34,7 @@ start_servers 5 end -include_recipe "php::module_mysql" +package 'php7.2-mysql' node.set_unless['nginx']['default_site_enabled'] = false include_recipe "nginx" @@ -44,10 +44,10 @@ template "#{node['nginx']['dir']}/sites-enabled/wordpress.conf" do source "nginx.conf.erb" variables( - :docroot => node['wordpress']['dir'], - :server_name => node['wordpress']['server_name'], - :server_aliases => node['wordpress']['server_aliases'], - :server_port => node['wordpress']['server_port'] + :docroot => node['wordpress']['dir'], + :server_name => node['wordpress']['server_name'], + :server_aliases => node['wordpress']['server_aliases'], + :server_port => node['wordpress']['server_port'] ) action :create end diff --git a/templates/default/nginx.conf.erb b/templates/default/nginx.conf.erb index 8b19b5a..e81e97d 100644 --- a/templates/default/nginx.conf.erb +++ b/templates/default/nginx.conf.erb @@ -1,21 +1,47 @@ server { - listen <%= @server_port %>; - server_name <%= @server_name %> <%= @server_aliases.join(" ") %>; + listen <%= @server_port %> <% if port == node['wordpress']['ssl_enabled'] %> ssl<% end %>; + server_name <%= @server_name %> <%= @server_aliases.join(" ") %>; - access_log /var/log/nginx/<%= @server_name %>.access.log; - error_log /var/log/nginx/<%= @server_name %>.error.log; + <% if node['wordpress']['ssl_enabled'] %> + ssl_certificate <%= node['wordpress']['ssl_certificate'] %>; + ssl_certificate_key <%= node['wordpress']['ssl_certificate_key'] %>; + <% end %> - root <%= @docroot %>; - index index.php; + access_log /var/log/nginx/<%= @server_name %>.access.log; + error_log /var/log/nginx/<%= @server_name %>.error.log; - location / { - try_files $uri $uri/ /index.php?$args; - } + root <%= @docroot %>; + index index.php; - location ~ \.php$ { - try_files $uri =404; - include fastcgi_params; - fastcgi_pass 127.0.0.1:9001; - fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name; - } + client_max_body_size 64M; + + <% if (node[:wordpress][:admin][:users] || []).any? %> + location /wp-login.php { + auth_basic "Authorization Required"; + auth_basic_user_file /srv/www/rudeotter.com/.htpasswd; + + try_files $uri $uri/ /index.php?$args; + } + location /wp-admin { + location ~ /wp-admin/admin-ajax.php$ { + try_files $uri $uri/ /index.php?$args; + } + location ~* /wp-admin/.*\.php$ { + auth_basic "Authorization Required"; + auth_basic_user_file /srv/www/rudeotter.com/.htpasswd; + try_files $uri $uri/ /index.php?$args; + } + } + +<% end %> + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9001; + fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name; + } } diff --git a/templates/default/wordpress.conf.erb b/templates/default/wordpress.conf.erb index 2fc691b..b3c3ba0 100644 --- a/templates/default/wordpress.conf.erb +++ b/templates/default/wordpress.conf.erb @@ -1,17 +1,49 @@ -> +<% target_host = (node['wordpress']['ssl_enabled'] and node['ipaddress']) ? node['ipaddress'] : '*' %> +<% if node['wordpress']['ssl_enabled'] %> +:80> + ServerName <%= @params[:server_name] %> + Redirect permanent / https://<%= @params[:server_name] %><%= @params[:server_path] %> + + +<% else %> +<% end %> +:<%= @params[:server_port] %>> ServerName <%= @params[:server_name] %> ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %> DocumentRoot <%= @params[:docroot] %> + SecRequestBodyLimit 67108864 + + <% if node['wordpress']['ssl_enabled'] %> + SSLEngine on + SSLCertificateFile <%= node['wordpress']['ssl_certificate'] %> + SSLCertificateKeyFile <%= node['wordpress']['ssl_certificate_key'] %> + <% if node['wordpress']['ssl_certificate_chain'] %> + SSLCertificateChainFile <%= node['wordpress']['ssl_certificate_chain'] %> + <% end %> + <% end %> + + <% if (node[:wordpress][:admin][:users] || []).any? %> + + AuthName "Admins Only" + AuthUserFile <%= node['wordpress']['admin']['htpasswd'] %> + AuthGroupFile /dev/null + AuthType basic + require valid-user + + + AuthName "Admins Only" + AuthUserFile <%= node['wordpress']['admin']['htpasswd'] %> + AuthGroupFile /dev/null + AuthType basic + require valid-user + + + <% end %> > Options FollowSymLinks AllowOverride FileInfo Options - <% if node['apache']['version'] == '2.4' %> Require all granted - <% else %> - Order allow,deny - Allow from all - <% end %> @@ -24,8 +56,8 @@ CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined RewriteEngine On -<% unless node['apache']['version'] == '2.4' %> - RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log - RewriteLogLevel 0 + +<% if node['wordpress']['ssl_enabled'] %> + SetEnv nokeepalive ssl-unclean-shutdown <% end %> diff --git a/templates/default/wp-config.php.erb b/templates/default/wp-config.php.erb index ef157d9..dcd784e 100644 --- a/templates/default/wp-config.php.erb +++ b/templates/default/wp-config.php.erb @@ -89,6 +89,15 @@ define( 'WP_ALLOW_MULTISITE', true ); define( '<%= key %>', <%= value %> ); <% end %> + +<% if node['wordpress']['error_log'] %> +@ini_set('log_errors', 'On'); +@ini_set('display_errors', 'Off'); /* enable or disable public display of errors (use 'On' or 'Off') */ +@ini_set('error_log', '<%= node['wordpress']['error_log'] %>'); /* path to server-writable log file */ +@ini_set('error_reporting', E_ALL ^ E_NOTICE ); /* the php parser to all errors, excreportept notices. */ +<% end %> + + /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */