joby/webserver-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more cleanup

Browse source
This commit is contained in:
Joby 2024-10-23 17:58:30 -06:00
parent 94f57a5f00
commit 2f32ec7077
3 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
install/01-nginx-default-root.sh
View file

@ -44,7 +44,7 @@ server {
# Check for banned IPs
if (\$is_banned) {
return 403 "Forbidden";
return 403 "IP banned for bad behavior";
}
location / {

21
install/nginx-cloudflare-fail2ban.sh
View file

@ -6,34 +6,35 @@ if [ "$EUID" -ne 0 ]; then
exit 1
fi
# Create maps directory if it doesn't exist
echo "Creating maps directory..."
mkdir -p /etc/nginx/maps
# Create banned IPs file
echo "Creating banned IPs file..."
touch /etc/nginx/conf.d/banned_ips.conf
chown www-data:www-data /etc/nginx/conf.d/banned_ips.conf
touch /etc/nginx/maps/banned_ips.conf
chown www-data:www-data /etc/nginx/maps/banned_ips.conf
# Create NGINX configuration for fail2ban check
echo "Creating NGINX configuration..."
tee /etc/nginx/conf.d/10-fail2ban-check.conf << 'CONFFILE'
map $http_cf_connecting_ip $is_banned {
default 0;
include /etc/nginx/conf.d/banned_ips.conf;
volatile;
include /etc/nginx/maps/banned_ips.conf;
}
CONFFILE
# Create fail2ban action
tee /etc/fail2ban/action.d/nginx-banned-ips.conf << 'ACTIONFILE'
cat > /etc/fail2ban/action.d/nginx-banned-ips.conf << 'ACTIONFILE'
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = grep -q '^<ip> 1;$' /etc/nginx/conf.d/banned_ips.conf || echo '<ip> 1;' >> /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
actionunban = sed -i '/^<ip> 1;$/d' /etc/nginx/conf.d/banned_ips.conf && nginx -s reload
actionban = grep -q '^<ip> 1;$' /etc/nginx/maps/banned_ips.conf || echo '<ip> 1;' >> /etc/nginx/maps/banned_ips.conf && nginx -s reload
actionunban = sed -i '/^<ip> 1;$/d' /etc/nginx/maps/banned_ips.conf && nginx -s reload
ACTIONFILE
# Clean up existing duplicates
sort -u /etc/nginx/conf.d/banned_ips.conf > /etc/nginx/conf.d/banned_ips.conf.tmp && \
mv /etc/nginx/conf.d/banned_ips.conf.tmp /etc/nginx/conf.d/banned_ips.conf
# Test NGINX configuration
echo "Testing NGINX configuration..."
nginx -t

2
site-config.conf
View file

@ -19,7 +19,7 @@ server {
# Check for banned IPs
if ($is_banned) {
return 403 "Forbidden";
return 403 "IP banned for bad behavior";
}
# Apply general rate limit