search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.82k stars 472 forks source link

[INSTALLATION] ‘/etc/nginx/sites-available’: No such file or directory #411

Closed buzzsubash closed 3 years ago

buzzsubash commented 3 years ago

Problem

I am using anUbuntu VPS which has two websites and their own subdomains running.

While running ./setup-ngxblocker is failing with error "find: ‘/etc/nginx/sites-available’: No such file or directory using a file extension for vhost files allows multiple domains to be included with a single directive in nginx.conf:"

Error Messages

:/usr/local/sbin# ./setup-ngxblocker find: ‘/etc/nginx/sites-available’: No such file or directory find: ‘/etc/nginx/sites-available’: No such file or directory

Configure every file above as a vhost ? [Y/N] : Y find: ‘/etc/nginx/sites-available’: No such file or directory using a file extension for vhost files allows multiple domains to be included with a single directive in nginx.conf:

include /etc/nginx/sites-enabled/*.vhost;

see command line switches below: -e to customise the vhost file extension

no vhost files in: [ /etc/nginx/sites-available/*.vhost ] => exiting.

setup-ngxblocker: SETUP Nginx Bad Bot Blocker configuration in [ /etc/nginx/nginx.conf ] [ /etc/nginx/sites-available/* ]

Usage: setup-ngxblocker [OPTIONS] [ -w ] : WWW path (default: /var/www) [ -e ] : Vhost file extension (default: .vhost) [ -v ] : Vhost directory (default: /etc/nginx/sites-available) [ -b ] : Bot rules directory (default: /etc/nginx/bots.d) [ -c ] : NGINX conf directory (default: /etc/nginx/conf.d) [ -m ] : NGINX main configuration (default: /etc/nginx/nginx.conf) [ -i ] : Change installer path (default: /usr/local/sbin/install-ngxblocker) [ -l ] : Manual whitelist of domain (default: none) [ -n ] : NO whitelist of .names only (default: Y) [ -d ] : NO insert of DDOS rule (default: Y) [ -z ] : NO configuration of vhosts (default: configure files in /etc/nginx/sites-available) [ -x ] : Actually change the files (default: don't change anything) [ -h ] : this help message

Examples: setup-ngxblocker -n (Whitelist all directory names in /var/www as domains: not just dot.name directories) setup-ngxblocker -l domain1.com -l domain2.com (Whitelist these manual domain name args) setup-ngxblocker -d (Do not insert DDOS rule: these may clash with existing 'limit_conn addr' rules) setup-ngxblocker (Don't change anything: display results on stdout) setup-ngxblocker -x (Change / update config files)

Copy of nginx.conf


/etc/nginx# cat nginx.conf
# Server globals
user                    www-data;
worker_processes        auto;
worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log;
pid                     /var/run/nginx.pid;

# Worker config
events {
        worker_connections  1024;
        use                 epoll;
        multi_accept        on;
}

http {
    # Main settings
    sendfile                        on;
    tcp_nopush                      on;
    tcp_nodelay                     on;
    client_header_timeout           60s;
    client_body_timeout             60s;
    client_header_buffer_size       2k;
    client_body_buffer_size         256k;
    client_max_body_size            256m;
    large_client_header_buffers     4 8k;
    send_timeout                    60s;
    keepalive_timeout               30s;
    reset_timedout_connection       on;
    server_tokens                   off;
    server_name_in_redirect         off;
    server_names_hash_max_size      512;
    server_names_hash_bucket_size   512;

    # Log format
    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                        '"$status" $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  bytes   '$body_bytes_sent';
    #access_log          /var/log/nginx/access.log main;
    access_log off;

    # Mime settings
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Compression
    gzip                on;
    gzip_static         on;
    gzip_vary           on;
    gzip_comp_level     6;
    gzip_min_length     1024;
    gzip_buffers        16 8k;
    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
    gzip_proxied        any;
    gzip_disable        "MSIE [1-6]\.";

    # Proxy settings
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header   Set-Cookie;
    proxy_buffers       32 4k;
    proxy_connect_timeout   30s;
    proxy_send_timeout  90s;
    proxy_read_timeout  90s;

    # Cloudflare https://www.cloudflare.com/ips
    set_real_ip_from   103.21.244.0/22;
    set_real_ip_from   103.22.200.0/22;
    set_real_ip_from   103.31.4.0/22;
    set_real_ip_from   104.16.0.0/12;
    set_real_ip_from   108.162.192.0/18;
    set_real_ip_from   131.0.72.0/22;
    set_real_ip_from   141.101.64.0/18;
    set_real_ip_from   162.158.0.0/15;
    set_real_ip_from   172.64.0.0/13;
    set_real_ip_from   173.245.48.0/20;
    set_real_ip_from   188.114.96.0/20;
    set_real_ip_from   190.93.240.0/20;
    set_real_ip_from   197.234.240.0/22;
    set_real_ip_from   198.41.128.0/17;
    #set_real_ip_from   2400:cb00::/32;
    #set_real_ip_from   2606:4700::/32;
    #set_real_ip_from   2803:f800::/32;
    #set_real_ip_from   2405:b500::/32;
    #set_real_ip_from   2405:8100::/32;
    #set_real_ip_from   2c0f:f248::/32;
    #set_real_ip_from   2a06:98c0::/29;
    real_ip_header     CF-Connecting-IP;

    # SSL PCI Compliance
    ssl_session_cache   shared:SSL:10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

    # Error pages
    error_page          403          /error/403.html;
    error_page          404          /error/404.html;
    error_page          502 503 504  /error/50x.html;

    # Cache settings
    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 1d;

    # Cache bypass
    map $http_cookie $no_cache {
        default 0;
        ~SESS 1;
        ~wordpress_logged_in 1;
    }

    # File cache settings
    open_file_cache          max=10000 inactive=30s;
    open_file_cache_valid    60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;

    # Wildcard include
    include             /etc/nginx/conf.d/*.conf;
}

Copy of vhost / website / host .conf file


/etc/nginx/conf.d# cat x.x.x.x.conf
server {
    listen       x.x.x.x:80 default;
    server_name  _;
    #access_log  /var/log/nginx/x.x.x.x.log main;
    location / {
        proxy_pass  http://x.x.x.x:8080;
   }
}

#x.x.x.x refers to the host IP

Screenshots

If applicable, add screenshots to help explain your problem.

Server


uname -a
Linux hostname.com 4.15.0 #1 SMP Tue Aug 25 11:59:26 MSK 2020 x86_64 x86_64 x86_64 GNU/Linux


/etc/nginx/conf.d# nginx -V
nginx version: nginx/1.17.5
built by gcc 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1) 
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.17.5/debian/debuild-base/nginx-1.17.5=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

2020-12-03_14-45-27

mitchellkrogza commented 3 years ago

@buzzsubash specify your vhost file locations using the -v parameter -v /home/admin/conf/web/

Screen Capture_select-area_20201203100902

buzzsubash commented 3 years ago

That has worked, thank you so much..!