New WordOps maintenance release available !

https://wordops.net/v3-9-8-2-wordops-maintenance-release/

Changelog

Added

  • Additional cache expection for Easy Digital Downloads PR #120
  • Additional settings to support mobile with WP-Rocket
  • Add the ability to block nginx configuration overwriting by adding an empty file .custom. Example with /etc/nginx/conf.d/webp.conf -> touch /etc/nginx/conf.d/webp.conf.custom
  • If there is a custom file, WordOps will write the configuration in an empty file named fileconf.conf.orig to let users implement possible changes
  • UFW minimal configuration during install. Can be disabled with the flag -w, --wufw or --without-ufw.
    Example :
wget -qO wo wops.cc && sudo bash wo -w

Fixed

  • WordOps internal database creation on servers running with custom setup
4 days later

I think ufw install default should be off

a month later

Just ran a new install and got some errors in relation to this (I setup my own firewall). Forgot to disable UFW. How to undo/remove UFW and whatever was just installed.

And for the record, this UFW thing should 100% be something you have to toggle on to install! It's also actually dangerous if people have changed SSH port.

    Hello mdoooooot,

    About UFW, WordOps install script check:

    • if UFW is already enabled -> cancel ufw config
    • if there is no SSH port detected in /etc/ssh/sshd_config -> cancel ufw config
      Then it allow SSH port (defaut and custom if detected), http, https, 22222 and ntp.

    So, let me know if there are other checks to perform to avoid configuring UFW during install (it can be another firewall config path or executable, or anything else which can cause trouble), and I will add them into the next release.
    This way, you will not have to use an extra flag with WordOps install command, and it will still harden security of servers running without any firewall

        VirtuBox So, let me know if there are other checks to perform to avoid configuring UFW during install (it can be another firewall config path or executable, or anything else which can cause trouble), and I will add them into the next release.
        This way, you will not have to use an extra flag with WordOps install command, and it will still harden security of servers running without any firewall

        Thanks, I run iptables. I don't know how to check for that I don't have expertise

            Hello mdoooooot,
            How to you save iptables rules to apply them on next boot ?

            PS : do you know than UFW is just a wrapper for iptables ?
            It only make iptables rules management easier, and it include special rules for services like DHCP, uPnP etc..

                VirtuBox How to you save iptables rules to apply them on next boot ?

                Add following line to /etc/rc.local:

                /sbin/iptables-restore < /etc/iptables.firewall.rules

                /etc/iptables.firewall.rules is simply a copy of the rules

                  Hosted by VirtuBox