diff --git a/.travis.yml b/.travis.yml index 8e2c36b62..a08399b60 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,13 +1,16 @@ language: php +env: +- WEB_PORT_80_TCP_ADDR=localhost + php: - 5.4 - 5.5 - 5.6 - 7.0 - - hhvm + #- hhvm -sudo: false +#sudo: false matrix: fast_finish: true @@ -20,14 +23,22 @@ cache: addons: apt: packages: - - nginx - realpath install: -# - composer install + - sudo add-apt-repository -y ppa:nginx/stable + - sudo apt-get update + - sudo apt-get install -y --force-yes nginx-extras - travis/install-nginx.sh script: + - sudo nginx -t &> /dev/stdout - curl -vsf 'http://localhost:8080/nginx.php' &> /dev/stdout - - nginx -t + - curl -A "googlebot" http://localhost:8080/nginx.php &> /dev/stdout + - curl -A "bingbot" http://localhost:8080/nginx.php &> /dev/stdout + - curl -I http://localhost:8080/nginx.php -e http://google.com + - STATUSCODE=$(curl -A "80legs" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi + - STATUSCODE=$(curl -A "masscan" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi + - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://100dollars-seo.com &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi + - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://zyzzcentral.ru &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi - cat /tmp/error.log \ No newline at end of file diff --git a/composer.json b/composer.json index e45c6ee22..6a6a6d20c 100644 --- a/composer.json +++ b/composer.json @@ -1,11 +1,11 @@ { - "name": "vanilla/travis-nginx-test", - "description": "A basic test for getting Nginx running on Travis CI's container based infrastructure.", + "name": "mitchellkrogza/nginx-ultimate-bad-bot-blocker", + "description": "Travis CI Testing for the Nginx Ultimate Bad Bot Blocker", "license": "MIT", "authors": [ { - "name": "Todd Burry", - "email": "todd@vanillaforums.com" + "name": "Mitchell Krog", + "email": "mitchellkrog@gmail.com" } ], "require": { diff --git a/travis/blockbots.tpl.conf b/travis/blockbots.tpl.conf index d09b05c73..f2c00fc87 100644 --- a/travis/blockbots.tpl.conf +++ b/travis/blockbots.tpl.conf @@ -1,17 +1,11 @@ ####################################################################### -# Author: Mitchell Krog - https://github.com/mitchellkrogza/ - -# Include this in a vhost file within a server {} block using and include statement like below - -# server { -# #Config stuff here -# include /etc/nginx/bots.d/blockbots.conf -# include /etc/nginx/bots.d/ddos.conf -# #Other config stuff here -# } - -####################################################################### +# Add this to your nginx vhost domain's config file within +# the location contexts you want to rate limit and/or bot +# with 444 - just drop the connection completely +# You can also add it to the very top of your host config file +# before any of your location contexts and it will apply to the whole site +# and all its locations. # BOTS # **** @@ -42,4 +36,4 @@ if ($validate_client) { return 444; } -####################################################################### \ No newline at end of file +####################################################################### diff --git a/travis/ddos.tpl.conf b/travis/ddos.tpl.conf index d8e057ae4..ea8296153 100644 --- a/travis/ddos.tpl.conf +++ b/travis/ddos.tpl.conf @@ -1,17 +1,2 @@ -####################################################################### - -# Author: Mitchell Krog - https://github.com/mitchellkrogza/ - -# Include this in a vhost file within a server {} block using and include statement like below - -# server { -# #Config stuff here -# include /etc/nginx/bots.d/blockbots.conf -# include /etc/nginx/bots.d/ddos.conf -# #Other config stuff here -# } - -####################################################################### - limit_conn addr 200; limit_req zone=flood burst=200 nodelay; \ No newline at end of file diff --git a/travis/default-site.tpl.conf b/travis/default-site.tpl.conf index bbae2ef39..01ceb44c6 100644 --- a/travis/default-site.tpl.conf +++ b/travis/default-site.tpl.conf @@ -4,13 +4,13 @@ server { root {ROOT}/www; - access_log {DIR}/tmp/access.log; - error_log {DIR}/tmp/error.log; + access_log /tmp/access.log; + error_log /tmp/error.log; + + # Block Bad Bots + include ddos.conf; + include blockbots.conf; - # Block Bad Bots - include {DIR}/nginx/bots.d/blockbots.conf; - include {DIR}/nginx/bots.d/ddos.conf; - location ~* "\.php(/|$)" { include fastcgi.conf; fastcgi_pass php; @@ -20,5 +20,4 @@ server { # First attempt to serve request as file, then as directory, then fall back to index.html. try_files $uri $uri/ /index.html; } - } diff --git a/travis/install-nginx.sh b/travis/install-nginx.sh index c99181fc2..ea289e6bd 100755 --- a/travis/install-nginx.sh +++ b/travis/install-nginx.sh @@ -1,4 +1,9 @@ #!/bin/bash +# Travis CI Code Adapted and Modified from 3 Sources +# Thanks go out to: +# https://github.com/tburry/travis-nginx-test +# https://github.com/mitchellkrogza/travis-after-all +# https://github.com/mitchellkrogza/lua-nginx-statistics set -e set -x @@ -25,9 +30,6 @@ function tpl { mkdir "$DIR/nginx" mkdir "$DIR/nginx/sites-enabled" mkdir "$DIR/var" -mkdir "$DIR/nginx/bots.d" -mkdir "$DIR/nginx/custom.d" -#mkdir "$DIR/tmp" # Configure the PHP handler. if [ "$PHP_VERSION" = 'hhvm' ] || [ "$PHP_VERSION" = 'hhvm-nightly' ] @@ -55,10 +57,10 @@ fi # Build the default nginx config files. tpl "$DIR/nginx.tpl.conf" "$DIR/nginx/nginx.conf" tpl "$DIR/fastcgi.tpl.conf" "$DIR/nginx/fastcgi.conf" +tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/ddos.conf" +tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/blockbots.conf" +tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/globalblacklist.conf" tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf" -tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/custom.d/globalblacklist.conf" -tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/bots.d/blockbots.conf" -tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/bots.d/ddos.conf" # Start nginx. nginx -c "$DIR/nginx/nginx.conf" \ No newline at end of file diff --git a/travis/nginx.tpl.conf b/travis/nginx.tpl.conf index 926503de9..010e8b5c3 100644 --- a/travis/nginx.tpl.conf +++ b/travis/nginx.tpl.conf @@ -1,8 +1,11 @@ error_log /tmp/error.log; pid /tmp/nginx.pid; worker_processes 1; + events { worker_connections 1024; + multi_accept on; + use epoll; } http { @@ -21,24 +24,23 @@ http { tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; - # server_tokens off; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - include /etc/nginx/mime.types; - default_type application/octet-stream; + server_names_hash_bucket_size 64; + server_names_hash_max_size 4096; - # Our request limiter zone for wp-login attacks - for later use in Travis - #limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s; - + # Our request limiter zone for wp-login attacks + limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s; + # DDos Mitigation # *************** # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/ # Limiting the Rate of Requests - limit_req_zone $ratelimited zone=flood:50m rate=90r/s; + limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s; # Limiting the Number of Connections - limit_conn_zone $ratelimited zone=addr:50m; - + limit_conn_zone $binary_remote_addr zone=addr:50m; + include /etc/nginx/mime.types; + default_type application/octet-stream; + ## # Logging Settings ## @@ -50,13 +52,13 @@ http { ## gzip on; gzip_disable "msie6"; - + ## # Virtual Host Configs ## - # include {DIR}/nginx/conf.d/*.conf; + include {DIR}/nginx/conf.d/*.conf; include {DIR}/nginx/sites-enabled/*; - include {DIR}/nginx/conf.d/*; + include {DIR}/nginx/globalblacklist.conf; upstream php { server 127.0.0.1:{PORT}; diff --git a/www/nginx.php b/www/nginx.php index 9c3777f6d..b70d21d89 100644 --- a/www/nginx.php +++ b/www/nginx.php @@ -1,3 +1,3 @@