search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.82k stars 472 forks source link

[INSTALLATION] (add a descriptive title here) #407

Open OmnesPotens opened 3 years ago

OmnesPotens commented 3 years ago

Relevant issues:

Describe the problem you are experiencing

I am attempting to setup nginx-ultimate-bad-bot-blocker on my nginx container which is based on the nginx:1.17.9 image. As was discussed by the poster of #255 the setup script is not working because there is no vhosts directory for the official nginx image.

It seems that the official nginx image is supposed to be used as if it were a single vhost, so you would spin up multiple containers to handle multiple vhosts, although I can't seem to find documentation on this. Due to this, I am having trouble with the setup script.

Error Messages

root:/usr/local/sbin# ./setup-ngxblocker -z

find: '/etc/nginx/sites-available': No such file or directory
using a file extension for vhost files allows multiple domains to be included with a single directive in nginx.conf:

include /etc/nginx/sites-enabled/*.vhost;

see command line switches below: -e to customise the vhost file extension

no vhost files in: [ /etc/nginx/sites-available/*.vhost ] => exiting.

setup-ngxblocker: SETUP Nginx Bad Bot Blocker configuration in [ /etc/nginx/nginx.conf ] [ /etc/nginx/sites-available/* ]

Usage: setup-ngxblocker [OPTIONS]
        [ -w ] : WWW path                      (default: /var/www)
        [ -e ] : Vhost file extension          (default: .vhost)
        [ -v ] : Vhost directory               (default: /etc/nginx/sites-available)
        [ -b ] : Bot rules directory           (default: /etc/nginx/bots.d)
        [ -c ] : NGINX conf directory          (default: /etc/nginx/conf.d)
        [ -m ] : NGINX main configuration      (default: /etc/nginx/nginx.conf)
        [ -i ] : Change installer path         (default: /usr/local/sbin/install-ngxblocker)
        [ -l ] : Manual whitelist of domain    (default: none)
        [ -n ] : NO whitelist of .names only   (default: Y)
        [ -d ] : NO insert of DDOS rule        (default: Y)
        [ -z ] : NO configuration of vhosts    (default: configure files in /etc/nginx/sites-available)
        [ -x ] : Actually change the files     (default: don't change anything)
        [ -h ] : this help message

Examples:
 setup-ngxblocker -n    (Whitelist all directory names in /var/www as domains: not just dot.name directories)
 setup-ngxblocker -l domain1.com -l domain2.com (Whitelist these manual domain name args)
 setup-ngxblocker -d    (Do not insert DDOS rule: these may clash with existing 'limit_conn addr' rules)
 setup-ngxblocker       (Don't change anything: display results on stdout)
 setup-ngxblocker -x    (Change / update config files)

Copy of nginx.conf

If applicable please paste your nginx.conf file here (paste in between the markers)


Paste nginx.conf here

Copy of vhost / website / host .conf file

N/A

Server (please complete the following information):

nginx version: nginx/1.17.9
built by gcc 8.3.0 (Debian 8.3.0-6)
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.17.9/debian/debuild-base/nginx-1.17.9=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
itoffshore commented 3 years ago

All paths are configurable from the command line

run the helper scripts with --help to view them