Travis CI Testing for Nginx Bad Bot blocker

.travis.yml

@@ -1,13 +1,16 @@
 language: php
 
+env:
+- WEB_PORT_80_TCP_ADDR=localhost
+
 php:
     - 5.4
     - 5.5
     - 5.6
     - 7.0
-    - hhvm
+    #- hhvm
 
-sudo: false
+#sudo: false
 
 matrix:
   fast_finish: true
@@ -20,14 +23,22 @@ cache:
 addons:
   apt:
     packages:
-      - nginx
       - realpath
 
 install:
-#  - composer install
+  - sudo add-apt-repository -y ppa:nginx/stable
+  - sudo apt-get update
+  - sudo apt-get install -y --force-yes nginx-extras
   - travis/install-nginx.sh
 
 script:
+  - sudo nginx -t &> /dev/stdout
   - curl -vsf 'http://localhost:8080/nginx.php' &> /dev/stdout
-  - nginx -t
+  - curl -A "googlebot" http://localhost:8080/nginx.php &> /dev/stdout
+  - curl -A "bingbot" http://localhost:8080/nginx.php &> /dev/stdout
+  - curl -I http://localhost:8080/nginx.php -e http://google.com
+  - STATUSCODE=$(curl -A "80legs" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -A "masscan" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://100dollars-seo.com &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://zyzzcentral.ru &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
   - cat /tmp/error.log

composer.json

@@ -1,11 +1,11 @@
 {
-	"name": "vanilla/travis-nginx-test",
+	"name": "mitchellkrogza/nginx-ultimate-bad-bot-blocker",
-	"description": "A basic test for getting Nginx running on Travis CI's container based infrastructure.",
+	"description": "Travis CI Testing for the Nginx Ultimate Bad Bot Blocker",
 	"license": "MIT",
 	"authors": [
 		{
-			"name": "Todd Burry",
+			"name": "Mitchell Krog",
-			"email": "todd@vanillaforums.com"
+			"email": "mitchellkrog@gmail.com"
 		}
 	],
 	"require": {

travis/blockbots.tpl.conf

@@ -1,17 +1,11 @@
 #######################################################################
 
-# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
+# Add this to your nginx vhost domain's config file within
-
+# the location contexts you want to rate limit and/or bot
-# Include this in a vhost file within a server {} block using and include statement like below
+# with 444 - just drop the connection completely
-
+# You can also add it to the very top of your host config file
-# server {
+# before any of your location contexts and it will apply to the whole site
-#			#Config stuff here
+# and all its locations.
-#			include /etc/nginx/bots.d/blockbots.conf
-#			include /etc/nginx/bots.d/ddos.conf
-#			#Other config stuff here
-#		 }
-
-#######################################################################
 
 # BOTS
 # ****
@@ -42,4 +36,4 @@ if ($validate_client) {
   return 444;
 }
 
-#######################################################################
+#######################################################################

travis/ddos.tpl.conf

@@ -1,17 +1,2 @@
-#######################################################################
-
-# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
-
-# Include this in a vhost file within a server {} block using and include statement like below
-
-# server {
-#			#Config stuff here
-#			include /etc/nginx/bots.d/blockbots.conf
-#			include /etc/nginx/bots.d/ddos.conf
-#			#Other config stuff here
-#		 }
-
-#######################################################################
-
 limit_conn addr 200;
 limit_req zone=flood burst=200 nodelay;

travis/default-site.tpl.conf

@@ -4,13 +4,13 @@ server {
 
     root {ROOT}/www;
 
-    access_log {DIR}/tmp/access.log;
+    access_log /tmp/access.log;
-    error_log {DIR}/tmp/error.log;
+    error_log /tmp/error.log;
+    
+    # Block Bad Bots
+    include ddos.conf;
+    include blockbots.conf;
 
-	# Block Bad Bots
-	include {DIR}/nginx/bots.d/blockbots.conf;
-	include {DIR}/nginx/bots.d/ddos.conf;
-	
     location ~* "\.php(/|$)" {
         include fastcgi.conf;
         fastcgi_pass php;
@@ -20,5 +20,4 @@ server {
         # First attempt to serve request as file, then as directory, then fall back to index.html.
         try_files $uri $uri/ /index.html;
     }
-    
 }

travis/install-nginx.sh

@@ -1,4 +1,9 @@
 #!/bin/bash
+# Travis CI Code Adapted and Modified from 3 Sources
+# Thanks go out to: 
+# https://github.com/tburry/travis-nginx-test
+# https://github.com/mitchellkrogza/travis-after-all 
+# https://github.com/mitchellkrogza/lua-nginx-statistics
 
 set -e
 set -x
@@ -25,9 +30,6 @@ function tpl {
 mkdir "$DIR/nginx"
 mkdir "$DIR/nginx/sites-enabled"
 mkdir "$DIR/var"
-mkdir "$DIR/nginx/bots.d"
-mkdir "$DIR/nginx/custom.d"
-#mkdir "$DIR/tmp"
 
 # Configure the PHP handler.
 if [ "$PHP_VERSION" = 'hhvm' ] || [ "$PHP_VERSION" = 'hhvm-nightly' ]
@@ -55,10 +57,10 @@ fi
 # Build the default nginx config files.
 tpl "$DIR/nginx.tpl.conf" "$DIR/nginx/nginx.conf"
 tpl "$DIR/fastcgi.tpl.conf" "$DIR/nginx/fastcgi.conf"
+tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/ddos.conf"
+tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/blockbots.conf"
+tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/globalblacklist.conf"
 tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf"
-tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/custom.d/globalblacklist.conf"
-tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/bots.d/blockbots.conf"
-tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/bots.d/ddos.conf"
 
 # Start nginx.
 nginx -c "$DIR/nginx/nginx.conf"

travis/nginx.tpl.conf

@@ -1,8 +1,11 @@
 error_log /tmp/error.log;
 pid /tmp/nginx.pid;
 worker_processes 1;
+
 events {
 	worker_connections 1024;
+	multi_accept on;
+    use epoll;
 }
 
 http {
@@ -21,24 +24,23 @@ http {
     tcp_nodelay on;
     keepalive_timeout 65;
     types_hash_max_size 2048;
-    # server_tokens off;
+	server_names_hash_bucket_size 64;
-    # server_names_hash_bucket_size 64;
+	server_names_hash_max_size 4096;
-    # server_name_in_redirect off;
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
 
-	# Our request limiter zone for wp-login attacks - for later use in Travis 
+	# Our request limiter zone for wp-login attacks
-	#limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
+	limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
-    
+	
     # DDos Mitigation
     # ***************
     # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
     # Limiting the Rate of Requests
-    limit_req_zone $ratelimited zone=flood:50m rate=90r/s;
+    limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
     # Limiting the Number of Connections
-    limit_conn_zone $ratelimited zone=addr:50m;
+    limit_conn_zone $binary_remote_addr zone=addr:50m;
-
 
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    
     ##
     # Logging Settings
     ##
@@ -50,13 +52,13 @@ http {
     ##
     gzip on;
     gzip_disable "msie6";
-    
+
     ##
     # Virtual Host Configs
     ##
-    # include {DIR}/nginx/conf.d/*.conf;
+    include {DIR}/nginx/conf.d/*.conf;
     include {DIR}/nginx/sites-enabled/*;
-    include {DIR}/nginx/conf.d/*;
+    include {DIR}/nginx/globalblacklist.conf;
 
     upstream php {
         server 127.0.0.1:{PORT};

www/nginx.php

@@ -1,3 +1,3 @@
 <?php
 
-echo "Nginx is Working\n";
+echo "Welcome to Nginx\n";