Want to subscribe to topics you're interested in?
Become a Member

Beta Branch update centmin.sh menu option 22 wpsecure include file template in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Sep 10, 2020.

  1. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,700
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,625
    Local Time:
    12:50 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    update centmin.sh menu option 22 wpsecure include file template in 123.09beta01

    - Update /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf template with Autoptimize fallback 404 nginx rewrite rule and also add additional security to wp-cloudflare-page-cache plugin to prevent it's debug.log from being publicly web accessible to everyone at /wp-content/wp-cloudflare-super-page-cache/yourdomain.com/debug.log when you install the wp plugin manually.
    - Existing wordpress sites created via centmin.sh menu option 22 now have a newly added tools/wp-cache-enabler-generate.sh tool made for cache enabler cache plugin. But has an wpsecure generator option applicable to generated a new /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf with suffix in name = -generated-XXXXXX timestamped include file which you can use to compare with your existing one and then you can manually decide what to merge and keep yourself in the live /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf include file.
    - Existing users can on 123.09beta01 or newer can run cmupdate command to update locate Centmin Mod code and then run tools/wp-cache-enabler-generate.sh tool's wpsecure option to generate the newer wpsecure include file and it will also do a universal diff compare highlighting the differences between your existing wpsecure include file and your newly generated one with suffix in name.

    To run tools/wp-cache-enabler-generate.sh tool's wpsecure option in SSH session type:

    Code (Text):
    cd /usr/local/src/centminmod/tools
    ./wp-cache-enabler-generate.sh wpsecure yourdomain.com


    You can see an earlier example of this tools output at Beta Branch - update centmin.sh menu option 22 wpsecure include file template in 123.09beta01

    Continue reading...


    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    47,292
    10,700
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,625
    Local Time:
    12:50 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    example output
    Code (Text):
    cmupdate
    cd /usr/local/src/centminmod/tools
    ./wp-cache-enabler-generate.sh wpsecure msdomain.com
    

    example output
    Code (Text):
    ./wp-cache-enabler-generate.sh wpsecure msdomain.com
    ==========================================================================
    Generate Wordpress wpsecure include file:
    /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf-generated-100920-084318
    ==========================================================================
    generating updated Wordpress wpsecure include file at:
    /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf-generated-100920-084318
    generated: /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf-generated-100920-084318
    differences between existing and newly generated wpsecure_msdomain.com.conf file
    /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    versus
    /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf-generated-100920-084318
    --- /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf    2020-09-04 21:38:22.484574312 +0000
    +++ /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf-generated-100920-084318    2020-09-10 08:43:19.556050510 +0000
    @@ -12,6 +12,12 @@
         }
     }
    +location ~* /wp-content/cache/autoptimize/.*\.(js|css)$ {
    +  include /usr/local/nginx/conf/php.conf;
    +  add_header AO-Fallback 1;
    +  try_files $uri $uri/ /wp-content/autoptimize_404_handler.php;
    +}
    +
     # allow AJAX requests in themes and plugins
     location ~ ^/wp-admin/admin-ajax.php$ { allow all; include /usr/local/nginx/conf/php.conf; }
    @@ -38,6 +44,111 @@
       }
     }
    +# Whitelist Exception for seo-by-rank-math
    +location ~ ^/wp-content/plugins/seo-by-rank-math/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for amp
    +location ~ ^/wp-content/plugins/amp/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for async-javascript
    +location ~ ^/wp-content/plugins/async-javascript/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for autoptimize
    +location ~ ^/wp-content/plugins/autoptimize/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for autoptimize-gzip
    +location ~ ^/wp-content/plugins/autoptimize-gzip/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Security for wp-cloudflare-page-cache debug.log which is exposed to public access
    +# /wp-content/wp-cloudflare-super-page-cache/yourdomain.com/debug.log
    +location ~ ^/wp-content/wp-cloudflare-super-page-cache/msdomain.com/(debug.log)$ {
    +  deny all;
    +}
    +
    +# Whitelist Exception for wp-cloudflare-page-cache
    +location ~ ^/wp-content/plugins/wp-cloudflare-page-cache/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for cloudflare
    +location ~ ^/wp-content/plugins/cloudflare/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for post-grid
    +location ~ ^/wp-content/plugins/post-grid/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
    +# Whitelist Exception for breadcrumb-navxt
    +location ~ ^/wp-content/plugins/breadcrumb-navxt/ {
    +  include /usr/local/nginx/conf/php.conf;
    +  include /usr/local/nginx/conf/staticfiles.conf;
    +  # below include file needs to be manually created at that path and to be uncommented
    +  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    +  # allows you to add commonly shared settings to all wp plugin location matches which
    +  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/msdomain.com/wpsecure_msdomain.com.conf
    +  #include /usr/local/nginx/conf/wpincludes/msdomain.com/wpwhitelist_common.conf;
    +}
    +
     location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
       include /usr/local/nginx/conf/php.conf;
       include /usr/local/nginx/conf/staticfiles.conf;
    saved log: /root/centminlogs/wp-cache-enabler-generate-wpsecure-100920-084318.log