#!/bin/bash # Check if script is run as root if [ "$EUID" -ne 0 ]; then echo "Please run as root or with sudo" exit 1 fi # Install requirements echo "Installing required packages..." apt-get install -y nginx-extras # Add load_module directive to nginx.conf if not present echo "Adding load_module directive to nginx.conf if needed..." if ! grep -q "^load_module.*ngx_http_js_module.so" /etc/nginx/nginx.conf; then # Create temporary file sed '/^events {/i load_module modules/ngx_http_js_module.so;' /etc/nginx/nginx.conf > /tmp/nginx.conf.tmp # Check if the modification was successful if nginx -t -c /tmp/nginx.conf.tmp; then mv /tmp/nginx.conf.tmp /etc/nginx/nginx.conf else rm /tmp/nginx.conf.tmp echo "Failed to modify nginx.conf safely. Please add 'load_module modules/ngx_http_js_module.so;' manually." exit 1 fi fi # Create the fail2ban check script echo "Creating fail2ban check script..." tee /usr/local/bin/check_fail2ban.sh << 'SCRIPT' #!/bin/bash IP="$1" # Get list of all active jails JAILS=$(fail2ban-client status | grep "Jail list:" | sed "s/^[^:]*:[ \t]*//" | sed "s/,//g") # Check each jail for the IP for JAIL in $JAILS; do if fail2ban-client status "$JAIL" | grep -q "IP list:\s*.*$IP"; then exit 0 # IP is banned in at least one jail fi done exit 1 # IP is not banned in any jail SCRIPT chmod +x /usr/local/bin/check_fail2ban.sh chown www-data:www-data /usr/local/bin/check_fail2ban.sh # Create the JavaScript module for NGINX echo "Creating NGINX JavaScript module..." mkdir -p /etc/nginx/modules-available/ tee /etc/nginx/modules-available/check_ban.js << 'JSMODULE' function checkBan(r) { var ip = r.variables.http_cf_connecting_ip; var s = require('process').spawnSync('/usr/local/bin/check_fail2ban.sh', [ip]); return s.status === 0 ? '1' : '0'; } export default {checkBan}; JSMODULE # Test NGINX configuration echo "Testing NGINX configuration..." nginx -t # Restart services echo "Restarting services..." systemctl restart fail2ban systemctl restart nginx echo "Installation complete!" echo "Please check /var/log/nginx/error.log for any issues."