|
17 | 17 | # along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18 | 18 |
|
19 | 19 | # SCRIPT DESCRIPTION:
|
20 |
| -##################### |
21 |
| -# This script is written for "FastCGI Cache Purge and Preload for Nginx" Wordpress Plugin. |
| 20 | +# ------------------- |
| 21 | +# This script is written for "FastCGI Cache Purge and Preload for Nginx" |
| 22 | +# Wordpress Plugin. |
22 | 23 | # URL: https://wordpress.org/plugins/fastcgi-cache-purge-and-preload-nginx/
|
23 |
| -# This script attempts to automatically match and grant (via setfacl) permissions for PHP-FPM-USER (as known, process owner or website-user) along with their associated Nginx Cache Paths. |
24 |
| -# If it cannot automatically match the PHP-FPM-USER along with their associated Nginx Cache Path, it offers an easy manual setup option with the 'manual-configs.nginx' file. |
25 |
| -# Mainly, in case your current web server setup involves two distinct users, WEBSERVER-USER (nginx or www-data) and PHP-FPM-USER, |
26 |
| -# the solution proposed by this script involves combining Linux server side tools 'inotifywait' with 'setfacl' to automatically grant write permissions to the PHP-FPM-USER |
27 |
| -# for the corresponding Nginx Cache Paths (listening cache events), which are matched either automatically or via a manual configuration file. |
28 |
| -# This approach is an alternative to external Nginx modules like Cache Purge module for purge operations. |
29 |
| -# This script create npp-wordpress sytemd service to manage grant permission for purge and preload actions. |
30 |
| - |
31 |
| -# After completing the setup (whether automatic or manual), you can manage the automatically created |
32 |
| -# 'npp-wordpress' systemd service on the WP admin dashboard NPP plugin settings page. |
33 |
| -# This allows you to start and stop inotifywait/setfacl operations (via systemd) for Nginx Cache Path directly |
34 |
| -# from the front-end for associated PHP-FPM-USER |
| 24 | +# This script attempts to automatically match and grant (via setfacl) |
| 25 | +# permissions for PHP-FPM-USER (as known, process owner or website-user) |
| 26 | +# along with their associated Nginx Cache Paths. |
| 27 | +# If it cannot automatically match the PHP-FPM-USER along with their |
| 28 | +# associated Nginx Cache Path, it offers an easy manual setup option |
| 29 | +# with the 'manual-configs.nginx' file. |
| 30 | +# Mainly, in case your current web server setup involves two distinct |
| 31 | +# users, WEBSERVER-USER (nginx or www-data) and PHP-FPM-USER, the solution |
| 32 | +# proposed by this script involves combining Linux server side tools |
| 33 | +# 'inotifywait' with 'setfacl' to automatically grant write permissions |
| 34 | +# to the PHP-FPM-USER for the corresponding Nginx Cache Paths (listening |
| 35 | +# cache events), which are matched either automatically or via a manual |
| 36 | +# configuration file. |
| 37 | +# This approach is an alternative to external Nginx modules like Cache |
| 38 | +# Purge module for purge operations. |
| 39 | +# This script creates an npp-wordpress systemd service to manage grant |
| 40 | +# permission for purge and preload actions. |
| 41 | + |
| 42 | +# After completing the setup (whether automatic or manual), you can manage |
| 43 | +# the automatically created 'npp-wordpress' systemd service on the WP admin |
| 44 | +# dashboard NPP plugin settings page. |
| 45 | +# This allows you to start and stop inotifywait/setfacl operations (via |
| 46 | +# systemd) for Nginx Cache Path directly from the front-end for associated |
| 47 | +# PHP-FPM-USER. |
35 | 48 |
|
36 | 49 | # Manual setup instructions
|
37 | 50 | manual_setup() {
|
@@ -237,13 +250,22 @@ find_create_includedir() {
|
237 | 250 | return 0
|
238 | 251 | }
|
239 | 252 |
|
240 |
| -# Automate the process of granting specific sudo permissions to the PHP-FPM process owners on a system. |
241 |
| -# These permissions specifically authorize PHP-FPM process owners to execute systemctl commands (start, stop, status) for NPP plugin main systemd service 'npp-wordpress'. |
242 |
| -# By granting these permissions, the goal is to allow the 'npp-wordpress' systemd service to be controlled directly from the WordPress admin dashboard, enhancing operational flexibility and automation. |
243 |
| -# This automation enhances security by limiting sudo access to only specific systemd service management tasks. |
244 |
| -# After successful integration NPP users will be able to manage (start, stop, status) the 'npp-wordpress' systemd service on WP admin dashboard NPP plugin settings page. |
245 |
| -# This implementation not restrictly necessarry for functional cache purge & preload actions and not breaks default setup process, |
246 |
| -# but it is nice to have this ability that control main plugin systemd service 'npp-wordpress' on WP admin dashboard. |
| 253 | +# Automate the process of granting specific sudo permissions to the PHP-FPM |
| 254 | +# process owners on a system. These permissions specifically authorize |
| 255 | +# PHP-FPM process owners to execute systemctl commands (start, stop, status) |
| 256 | +# for NPP plugin main systemd service 'npp-wordpress'. |
| 257 | +# By granting these permissions, the goal is to allow the 'npp-wordpress' |
| 258 | +# systemd service to be controlled directly from the WordPress admin |
| 259 | +# dashboard, enhancing operational flexibility and automation. |
| 260 | +# This automation enhances security by limiting sudo access to only |
| 261 | +# specific systemd service management tasks. |
| 262 | +# After successful integration, NPP users will be able to manage (start, |
| 263 | +# stop, status) the 'npp-wordpress' systemd service on WP admin dashboard |
| 264 | +# NPP plugin settings page. |
| 265 | +# This implementation is not strictly necessary for functional cache |
| 266 | +# purge & preload actions and does not break the default setup process, |
| 267 | +# but it is nice to have this ability to control the main plugin systemd |
| 268 | +# service 'npp-wordpress' on WP admin dashboard. |
247 | 269 | grant_sudo_perm_systemctl_for_php_process_owner() {
|
248 | 270 | # Try to get/create the includedir first
|
249 | 271 | if find_create_includedir; then
|
|
0 commit comments