/ Register

Join the community today
Register Now

Beta Branch add jetpack_ip_whitelist_cronsetup function in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Nov 19, 2020.

Tags:
Previous Thread Next Thread
Loading...
  1. Nov 19, 2020 #1
    eva2000

    eva2000 Administrator Staff Member

    45,728
    10,382
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,112
    Local Time:
    12:44 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    add jetpack_ip_whitelist_cronsetup function in 123.09beta01

    - For Wordpress centmin.sh menu option 22 fresh installs switch to totally disabling xmlrpc.php requests instead of rate limiting them and disabling specific functions via Disable XML-RPC wordpress plugin. So with this update, public requests to /xmlrpc.php will get 403 permission denied with the exception of whitelisting Jetpack Wordpress plugin's IP address ranges to continue to have xmlrpc.php access as per IP range outlined at Hosting FAQ
    - Setup a system cronjob to read the latest Jetpack IP ranges published at https://jetpack.com/ips-v4.txt to populate the generated include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf which is added to fresh centmin.sh menu option 22 wordpress installs' xmlrpc.php location context
    - For existing Wordpress installs created via centmin.sh menu option 22, after running cmupdate to update your local Centmin Mod code you can either run centmin.sh once and exit or manually run the new tool at /usr/local/src/centminmod/tools/jetpackips.sh - either method will create the system cronjob (and backup system cronjobs to /etc/centminmod/cronjobs/before_jetpack_ip_whitelist_cronjoblist) and to populate and create the include file at /usr/local/nginx/conf/jetpack_whitelist_ip.conf.
    - If you manually run /usr/local/src/centminmod/tools/jetpackips.sh, it will have instructions on adding include file to your xmlrpc.php location context. Example below:

    Code (Text):
    /usr/local/src/centminmod/tools/jetpackips.sh

populating include file /usr/local/nginx/conf/jetpack_whitelist_ip.conf with:

# jetpack ip whitelist https://jetpack.com/support/hosting-faq/
allow 122.248.245.244/32;
allow 54.217.201.243/32;
allow 54.232.116.4/32;
allow 192.0.80.0/20;
allow 192.0.96.0/20;
allow 192.0.112.0/20;
allow 195.234.108.0/22;
deny all;

update your wordpress site nginx vhost's xml-rpc.php location context with
include file for /usr/local/nginx/conf/jetpack_whitelist_ip.conf

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://jetpack.com/support/hosting-faq/
    include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

if you need to disable deny all, comment out with hash #
in front of include directive & restart nginx

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://jetpack.com/support/hosting-faq/
    #include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

    contents of generated include file /usr/local/nginx/conf/jetpack_whitelist_ip.conf
    Code (Text):
    # jetpack ip whitelist https://jetpack.com/support/hosting-faq/
allow 122.248.245.244/32;
allow 54.217.201.243/32;
allow 54.232.116.4/32;
allow 192.0.80.0/20;
allow 192.0.96.0/20;
allow 192.0.112.0/20;
allow 195.234.108.0/22;
deny all;

    and created system cronjob
    Code (Text):
    crontab -l | grep -w jetpackips
11 */12 * * * /usr/local/src/centminmod/tools/jetpackips.sh >/dev/null 2>&1


    Continue reading...

    123.09beta01 branch
     
Previous Thread Next Thread
Loading...

.