Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :
  • * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
  • * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
  • * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Backing up the WAPT Server

Backing up the WAPT Server on Linux

Attention

This procedure is valid for WAPT 1.5 and above.

  • stop WAPT related services on the server;

systemctl stop nginx
systemctl stop waptserver
systemctl stop wapttasks

  • backup these directories using a backup tool (ex: rsync, WInSCP, etc..);

/var/www/wapt/
/var/www/wapt-host/
/var/www/waptwua/
/opt/wapt/conf/
/opt/wapt/waptserver/ssl/

  • backup the PostgreSQL database using the pg_dumpall utility (adapt filename with your requirements);

sudo -u postgres pg_dumpall > /tmp/backup_wapt_$(date +%Y%m%d).sql

  • restart WAPT related services on the server;

systemctl start wapttasks
systemctl start waptserver
systemctl start nginx

Restoring the WAPT Server on Linux

In case of a complete crash, restart a standard WAPT Server installation on a Linux server.

  • stop WAPT related services on the server;

systemctl stop nginx
systemctl stop waptserver
systemctl stop wapttasks

  • restore the following directories:

/var/www/wapt/
/var/www/wapt-host/
/var/www/waptwua/
/opt/wapt/conf/
/opt/wapt/waptserver/ssl/

  • restore the database (adapt the name of your file). The first command deletes the WAPT database (if it exists). Make sure that your dump file is correct before deleting!

sudo -u postgres psql -c "drop database wapt"
sudo -u postgres psql < /tmp/backup_wapt_20180301.sql

  • apply ownership rights to the restored folders:

chown -R wapt:www-data /var/www/wapt/
chown -R wapt:www-data /var/www/wapt-host/
chown -R wapt:www-data /var/www/waptwua/
chown -R wapt /opt/wapt/conf/
chown -R wapt /opt/wapt/waptserver/ssl/

  • scan package repositories;

wapt-scanpackages /var/www/wapt/

  • restart WAPT related services on the server;

systemctl start wapttasks
systemctl start waptserver
systemctl start nginx

Backing up the WAPT Server on Windows

  • backup the WAPT repository folder C:\wapt\waptserver\repository and C:\wapt\waptserver\conf and C:\wapt\waptserver\nginx\ssl on a remote backup destination;

Backup PostgreSQL Database with pg_dump.exe:

"C:\wapt\waptserver\pgsql-9.6\bin\pg_dumpall.exe" -U postgres -f C:\backup_wapt.sql

  • restart WAPT related services on the server;

Restoring the WAPT Server on Windows

  • restore the following directories C:\wapt\waptserver\repository and C:\wapt\waptserver\conf and C:\wapt\waptserver\nginx\ssl

  • Apply the total right to the folder C:\wapt\waptserver\repository for the “Network Service” group

Restore PostgreSQL Database with pg_restore.exe:

"C:\wapt\waptserver\pgsql-9.6\bin\psql.exe" -f c:\backup_wapt.sql -U postgres