mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
4.08k stars 484 forks source link

[INSTALLATION] (NGINX reverse proxy - editing setup-ngxblocker with different vhost path) #459

Open lunaraurora opened 2 years ago

lunaraurora commented 2 years ago

Hello Mitchell, i have switched from Apache2.4 (where i had apache ultimate bad bot blocker installed and working) to nginx/apache reverse proxy. Since i installed nginx reverse proxy from the tool integrated in my whm console, nginx have a bit different configuration - example: there's no vhost file - instead there's a file inside the directory /etc/nginx/conf.d/users/user.conf which works practically as vhost. Now, what i've done was just to replace in your file setup-ngxblocker the sentences VHOST_EXT and VHOST_DIR with the correct extension (from vhost to conf) and the path of the user.conf file:

VHOST_EXT="conf" VHOST_DIR=/etc/nginx/conf.d/users

the installation was successful, i found such sentences

include /etc/nginx/bots.d/ddos.conf; include /etc/nginx/bots.d/blockbots.conf;

in the file /etc/nginx/conf.d/users/user.conf and nginx-ultimate-bad-bot-blocker works as expected.

Now, i have few questions: first of all could you confirm if i did well, or i made some mistakes in such configuration? Also, the old apache ultimate bad bot blocker is still running, i have not touched it; should i remove it? In case how should i uninstall it? And last thing, i found that sometimes, maybe because of updates or other operations on nginx, the file /etc/nginx/conf.d/users/user.conf lose the include blockbots.conf/ddos.conf statement.. how can i make it permanent in such file?

Advanced thanks for your response

best regards, Jeff

itoffshore commented 2 years ago

In your case it should be sufficient to set:

VHOST_EXT="conf" VHOST_DIR=/etc/nginx/conf.d/users

as setup-ngxblocker searches for all files / symlinks with VHOST_EXT in VHOST_DIR

If you have something in your web environment changing user.conf & you are root you can change the attributes & make the file immutable:

chattr +i /etc/nginx/conf.d/users/user.conf

this will prevent the file being changed or deleted (even by root) - until you chattr -i the file to clear the attribute.

lunaraurora commented 2 years ago

Great, thanks for your useful suggestion

lunaraurora commented 2 years ago

Should i stop apache ultimate bad bot blocker which is also running?

itoffshore commented 2 years ago

if the paths to the configuration for nginx are different under engintron v2 you could temporarily disable the cron job that runs update-ngxblocker & change the paths in update-ngxblocker:

CONF_DIR=/new/path/to/nginx/conf.d
BOTS_DIR=/new/path/to/nginx/bots.d