Wordops

Added

- [STACK] Add Nginx TLS 1.3 0-RTT configuration

Changed

- [STACK] New Nginx package built with OpenSSL_1.1.1d and the latest ngx_brotli module

Fixed

- `wo stack upgrade` when using nginx-ee
- `wo secure --auth`
- `wo secure --sshport` not working with default ssh config
- Issues after APT repositories informations changed
- `www` was added to WordPress site url with subdomains [Issue 178](https://github.com/WordOps/WordOps/issues/178)
- Issuing certificate with acme.sh for sub.sub-domains not working

Added

- [STACK] Nginx server_names_hash_bucket_size automated fix
- [STACK] Nginx configuration rollback in case of failure after `wo stack upgrade --nginx`
- [STACK] Nginx ultimate bad bots blocker with `wo stack install --ngxblocker`
- [STACK] Added support for custom Nginx compiled from source
- [STACK] Rollback configuration with Git in case of failure during service reload/restart
- [SITE] Enable or disable Nginx ultimate bad bots blocker with `wo site update site.tld --ngxblocker/--ngxblocker=off`

Changed

- [CORE] Query acme.sh database directly to check if a certificate exist
- [SITE] `--letsencrypt=renew` is deprecated because not it's not required with acme.sh

Fixed

- [SITE] Issues with root_domain variable with `wo site update`
- [SECURE] Wrong sftp-server path in sshd_config
- [SITE] Git error when using flag `--vhostonly`
- [SITE] Wrong plugin name displayed when installing Cache-Enabler

Added

- [SECURE] Allow new ssh port with UFW when running `wo secure --sshport`
- [STACK] Additional Nginx directives to prevent access to log files or backup from web browser
- [CORE] apt-mirror-updater to select the fastest debian/ubuntu mirror with automatic switching between mirrors if the current mirror is being updated
- [SITE] add `--force` to force Let's Encrypt certificate issuance even if DNS check fail
- [STACK] check if another mta is installed before installing sendmail
- [SECURE] `--allowpassword` to allow password when using `--ssh` with `wo secure`

Changed

- [SECURE] Improved sshd_config template according to Mozilla Infosec guidelines
- [STACK] Always add stack configuration into Git before making changes to make rollback easier
- [STACK] Render php-fpm pools configuration from template
- [STACK] Adminer updated to v4.7.3

Fixed

- [STACK] UFW setup after removing all stacks with `wo stack purge --all`
- [CONFIG] Invalid CORS header
- [STACK] PHP-FPM stack upgrade failure due to pool configuration

Added

- [STACK] UFW now available as a stack with flag `--ufw`
- [SECURE] `wo secure --ssh` to harden ssh security
- [SECURE] `wo secure --sshport` to change ssh port
- [SITE] check domain DNS records before issuing a new certificate without DNS API
- [STACK] Acme challenge with DNS Alias mode `--dnsalias=aliasdomain.tld` [acme.sh wiki](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode)

Changed

- [APP] WordOps dashboard updated to v1.2, shipped as a html file, it can be used without PHP stack
- [STACK] Refactor Let's Encrypt with acme.sh
- [STACK] Log error improved with acme.sh depending on the acme challenge (DNS API or Webroot)
- [INSTALL] Removed UFW setup from install script
- [APP] phpMyAdmin updated to v4.9.1
- [STACK] Commit possible Nginx configuration changes into Git before and after performing tasks (in `wo secure` for example)
- [CORE] Update deprecated handlers and hooks registration

Fixed

- [STACK] `wo stack purge --all` failure if mysql isn't installed
- [INSTALL] Fix EEv3 files cleanup
- [SECURE] Incorrect variable usage in `wo secure --port`
- [INSTALL] Fix backup_ee function in install script

Changed

- [APP] WP-CLI updated to v2.3.0
- [CORE] Improved SSL certificates management from previous letsencrypt or certbot install
- [CORE] Use a separate python file for gitconfig during installation to redirect setup.py output into logs
- [CORE] updated cement to v2.8.2
- [CORE] removed old `--experimental flag`
- [CORE] Improve and simplify install script

Fixed

- htpasswd protection when migrating from EasyEngine v3 [Issue 152](https://github.com/WordOps/WordOps/issues/152)
- acme.sh install when migration from EasyEngine v3 [Issue 153](https://github.com/WordOps/WordOps/issues/153)

Changed

- Improved general logs display
- UFW configuration is only applied during initial installation if UFW is disabled

Fixed

- Redis-server configuration and start
- Nginx upgrade with `wo stack upgrade`