Trying Travis CI Config for Testing

2025-09-02 18:50:13 +00:00 · 2017-02-07 17:09:02 +02:00 · 2017-02-07 17:09:02 +02:00 · 1329e16964
commit 1329e16964
parent 7946acf381
11 changed files with 5388 additions and 7 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,8 +1,33 @@
-language: python
-cache:
- directories:
-  - nginx-cache
-rvm:
- 2.1
-script: ./test-nginx-config.sh
+language: php
+
+php:
+    - 5.4
+    - 5.5
+    - 5.6
+    - 7.0
+    - hhvm
+
 sudo: false
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - php: hhvm
+
+cache:
+  - apt
+
+addons:
+  apt:
+    packages:
+      - nginx
+      - realpath
+
+install:
+#  - composer install
+  - travis/install-nginx.sh
+
+script:
+  - curl -vsf 'http://localhost:8080/nginx.php' &> /dev/stdout
+  - nginx -t
+  - cat /tmp/error.log
--- a/travis/blockbots.tpl.conf
+++ b/travis/blockbots.tpl.conf
@ -0,0 +1,45 @@
+#######################################################################
+
+# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
+
+# Include this in a vhost file within a server {} block using and include statement like below
+
+# server {
+#			#Config stuff here
+#			include /etc/nginx/bots.d/blockbots.conf
+#			include /etc/nginx/bots.d/ddos.conf
+#			#Other config stuff here
+#		 }
+
+#######################################################################
+
+# BOTS
+# ****
+#limit_conn bot1_connlimit 100;
+limit_conn bot2_connlimit 10;
+#limit_req  zone=bot1_reqlimitip burst=50;
+limit_req  zone=bot2_reqlimitip burst=10;
+if ($bad_bot = '3') {
+  return 444;
+  }
+
+# BAD REFER WORDS
+# ***************
+if ($bad_words) {
+  return 444;
+}
+
+
+# REFERERS
+# ********
+if ($bad_referer) {
+  return 444;
+}
+
+# IP BLOCKS
+# *********
+if ($validate_client) {
+  return 444;
+}
+
+#######################################################################
--- a/travis/ddos.tpl.conf
+++ b/travis/ddos.tpl.conf
@ -0,0 +1,17 @@
+#######################################################################
+
+# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
+
+# Include this in a vhost file within a server {} block using and include statement like below
+
+# server {
+#			#Config stuff here
+#			include /etc/nginx/bots.d/blockbots.conf
+#			include /etc/nginx/bots.d/ddos.conf
+#			#Other config stuff here
+#		 }
+
+#######################################################################
+
+limit_conn addr 200;
+limit_req zone=flood burst=200 nodelay;
--- a/travis/default-site.tpl.conf
+++ b/travis/default-site.tpl.conf
@ -0,0 +1,24 @@
+server {
+    listen 8080 default_server;
+    listen [::]:8080 default_server ipv6only=on;
+
+    root {ROOT}/www;
+
+    access_log /tmp/access.log;
+    error_log /tmp/error.log;
+
+	# Block Bad Bots
+	include /etc/nginx/bots.d/blockbots.conf;
+	include /etc/nginx/bots.d/ddos.conf;
+	
+    location ~* "\.php(/|$)" {
+        include fastcgi.conf;
+        fastcgi_pass php;
+    }
+
+    location / {
+        # First attempt to serve request as file, then as directory, then fall back to index.html.
+        try_files $uri $uri/ /index.html;
+    }
+    
+}
--- a/travis/fastcgi.tpl.conf
+++ b/travis/fastcgi.tpl.conf
@ -0,0 +1,39 @@
+fastcgi_param  QUERY_STRING         $query_string;
+fastcgi_param  REQUEST_METHOD       $request_method;
+fastcgi_param  CONTENT_TYPE         $content_type;
+fastcgi_param  CONTENT_LENGTH       $content_length;
+
+fastcgi_param  SCRIPT_NAME          $fastcgi_script_name;
+fastcgi_param  REQUEST_URI          $request_uri;
+fastcgi_param  DOCUMENT_URI         $document_uri;
+fastcgi_param  DOCUMENT_ROOT        $document_root;
+fastcgi_param  SERVER_PROTOCOL      $server_protocol;
+fastcgi_param  HTTPS                $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE    CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE      nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR          $remote_addr;
+fastcgi_param  REMOTE_PORT          $remote_port;
+fastcgi_param  SERVER_ADDR          $server_addr;
+fastcgi_param  SERVER_PORT          $server_port;
+fastcgi_param  SERVER_NAME          $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS      200;
+
+fastcgi_split_path_info             ^(.+\.php)(.*)$;
+fastcgi_param  PATH_INFO            $fastcgi_path_info;
+#fastcgi_index  index.php;
+fastcgi_param  SCRIPT_FILENAME      $document_root$fastcgi_script_name;
+
+# fastcgi_intercept_errors            on;
+fastcgi_ignore_client_abort         off;
+fastcgi_connect_timeout             60;
+fastcgi_send_timeout                1800;
+fastcgi_read_timeout                1800;
+fastcgi_buffer_size                 128k;
+fastcgi_buffers                     4 256k;
+fastcgi_busy_buffers_size           256k;
+fastcgi_temp_file_write_size        256k;
+fastcgi_keep_conn                   on;
--- a/travis/globalblacklist.tpl.conf
+++ b/travis/globalblacklist.tpl.conf
--- a/travis/hhvm.tpl.ini
+++ b/travis/hhvm.tpl.ini
@ -0,0 +1,12 @@
+;hhvm
+hhvm.server.user = {USER}
+hhvm.server.type = fastcgi
+;hhvm.server.file_socket = {SERVER}
+hhvm.server.port = {PORT}
+hhvm.log.use_log_file = true
+hhvm.log.file = /tmp/error.log
+hhvm.log.level = Warning
+hhvm.log.always_log_unhandled_exceptions = true
+hhvm.log.runtime_error_reporting_level = 8191
+hhvm.mysql.typed_results = false
+hhvm.eval.jit = false
--- a/travis/install-nginx.sh
+++ b/travis/install-nginx.sh
@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -e
+set -x
+
+DIR=$(realpath $(dirname "$0"))
+USER=$(whoami)
+PHP_VERSION=$(phpenv version-name)
+ROOT=$(realpath "$DIR/..")
+PORT=9000
+SERVER="/tmp/php.sock"
+
+function tpl {
+    sed \
+        -e "s|{DIR}|$DIR|g" \
+        -e "s|{USER}|$USER|g" \
+        -e "s|{PHP_VERSION}|$PHP_VERSION|g" \
+        -e "s|{ROOT}|$ROOT|g" \
+        -e "s|{PORT}|$PORT|g" \
+        -e "s|{SERVER}|$SERVER|g" \
+        < $1 > $2
+}
+
+# Make some working directories.
+mkdir "$DIR/nginx"
+mkdir "$DIR/nginx/sites-enabled"
+mkdir "$DIR/var"
+mkdir "$DIR/nginx/bots.d"
+mkdir "$DIR/nginx/conf.d"
+
+# Configure the PHP handler.
+if [ "$PHP_VERSION" = 'hhvm' ] || [ "$PHP_VERSION" = 'hhvm-nightly' ]
+then
+    HHVM_CONF="$DIR/nginx/hhvm.ini"
+
+    tpl "$DIR/hhvm.tpl.ini" "$HHVM_CONF"
+
+    cat "$HHVM_CONF"
+
+    hhvm \
+        --mode=daemon \
+        --config="$HHVM_CONF"
+else
+    PHP_FPM_BIN="$HOME/.phpenv/versions/$PHP_VERSION/sbin/php-fpm"
+    PHP_FPM_CONF="$DIR/nginx/php-fpm.conf"
+
+    # Build the php-fpm.conf.
+    tpl "$DIR/php-fpm.tpl.conf" "$PHP_FPM_CONF"
+
+    # Start php-fpm
+    "$PHP_FPM_BIN" --fpm-config "$PHP_FPM_CONF"
+fi
+
+# Build the default nginx config files.
+tpl "$DIR/nginx.tpl.conf" "$DIR/nginx/nginx.conf"
+tpl "$DIR/fastcgi.tpl.conf" "$DIR/nginx/fastcgi.conf"
+tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf"
+tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/conf.d/globalblacklist.conf"
+tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/bots.d/blockbots.conf"
+tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/bots.d/ddos.conf"
+
+# Start nginx.
+nginx -c "$DIR/nginx/nginx.conf"
--- a/travis/nginx.tpl.conf
+++ b/travis/nginx.tpl.conf
@ -0,0 +1,74 @@
+error_log /tmp/error.log;
+pid /tmp/nginx.pid;
+worker_processes 1;
+
+events {
+	worker_connections 1024;
+	multi_accept on;
+    use epoll;
+}
+
+http {
+    # Set an array of temp and cache file options that will otherwise default to restricted locations accessible only to root.
+    client_body_temp_path /tmp/client_body;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    proxy_temp_path /tmp/proxy_temp;
+    scgi_temp_path /tmp/scgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+
+    ##
+    # Basic Settings
+    ##
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 90s;
+	keepalive_requests 1000;
+	server_tokens off;
+	client_body_buffer_size 32k;
+	client_header_buffer_size    1k;
+	client_max_body_size 50M;
+	types_hash_max_size 2048;
+	server_names_hash_bucket_size 64;
+	server_names_hash_max_size 4096;
+	large_client_header_buffers 4 16k;
+
+	# Our request limiter zone for wp-login attacks - for later use in Travis 
+	#limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
+    
+    # DDos Mitigation
+    # ***************
+    # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
+    # Limiting the Rate of Requests
+    limit_req_zone $ratelimited zone=flood:50m rate=90r/s;
+    # Limiting the Number of Connections
+    limit_conn_zone $ratelimited zone=addr:50m;
+
+
+    # server_name_in_redirect off;
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # Logging Settings
+    ##
+    access_log /tmp/access.log;
+    error_log /tmp/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+    gzip on;
+    gzip_disable "msie6";
+
+    ##
+    # Virtual Host Configs
+    ##
+    # include {DIR}/nginx/conf.d/*.conf;
+    include {DIR}/nginx/sites-enabled/*;
+    include {DIR}/nginx/conf.d/*;
+
+    upstream php {
+        server 127.0.0.1:{PORT};
+    }
+}
--- a/travis/php-fpm.tpl.conf
+++ b/travis/php-fpm.tpl.conf
@ -0,0 +1,9 @@
+[global]
+
+[travis]
+user = {USER}
+listen = {PORT}
+listen.mode = 0666
+pm = static
+pm.max_children = 5
+php_admin_value[memory_limit] = 32M
--- a/www/nginx.php
+++ b/www/nginx.php
@ -0,0 +1,3 @@
+<?php
+
+echo "Nginx is Working\n";