Travis CI Testing for Nginx Bad Bot blocker

2025-09-03 11:10:47 +00:00 · 2017-02-08 13:26:59 +02:00 · 2017-02-08 13:26:59 +02:00 · 2cab6b3151
commit 2cab6b3151
parent db2cccd008
8 changed files with 58 additions and 65 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,13 +1,16 @@
 language: php

+env:
+- WEB_PORT_80_TCP_ADDR=localhost
+
 php:
    - 5.4
    - 5.5
    - 5.6
    - 7.0
-    - hhvm
+    #- hhvm

-sudo: false
+#sudo: false

 matrix:
  fast_finish: true
@ -20,14 +23,22 @@ cache:
 addons:
  apt:
    packages:
-      - nginx
      - realpath

 install:
-#  - composer install
+  - sudo add-apt-repository -y ppa:nginx/stable
+  - sudo apt-get update
+  - sudo apt-get install -y --force-yes nginx-extras
  - travis/install-nginx.sh

 script:
+  - sudo nginx -t &> /dev/stdout
  - curl -vsf 'http://localhost:8080/nginx.php' &> /dev/stdout
-  - nginx -t
+  - curl -A "googlebot" http://localhost:8080/nginx.php &> /dev/stdout
+  - curl -A "bingbot" http://localhost:8080/nginx.php &> /dev/stdout
+  - curl -I http://localhost:8080/nginx.php -e http://google.com
+  - STATUSCODE=$(curl -A "80legs" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -A "masscan" http://localhost:8080/nginx.php &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://100dollars-seo.com &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
+  - STATUSCODE=$(curl -I http://localhost:8080/nginx.php -e http://zyzzcentral.ru &> /dev/stderr --write-out "%{http_code}") | if test $STATUSCODE 52; then exit 0; fi
  - cat /tmp/error.log
--- a/composer.json
+++ b/composer.json
@ -1,11 +1,11 @@
 {
-	"name": "vanilla/travis-nginx-test",
-	"description": "A basic test for getting Nginx running on Travis CI's container based infrastructure.",
+	"name": "mitchellkrogza/nginx-ultimate-bad-bot-blocker",
+	"description": "Travis CI Testing for the Nginx Ultimate Bad Bot Blocker",
 	"license": "MIT",
 	"authors": [
 		{
-			"name": "Todd Burry",
-			"email": "todd@vanillaforums.com"
+			"name": "Mitchell Krog",
+			"email": "mitchellkrog@gmail.com"
 		}
 	],
 	"require": {
--- a/travis/blockbots.tpl.conf
+++ b/travis/blockbots.tpl.conf
@ -1,17 +1,11 @@
 #######################################################################

-# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
-
-# Include this in a vhost file within a server {} block using and include statement like below
-
-# server {
-#			#Config stuff here
-#			include /etc/nginx/bots.d/blockbots.conf
-#			include /etc/nginx/bots.d/ddos.conf
-#			#Other config stuff here
-#		 }
-
-#######################################################################
+# Add this to your nginx vhost domain's config file within
+# the location contexts you want to rate limit and/or bot
+# with 444 - just drop the connection completely
+# You can also add it to the very top of your host config file
+# before any of your location contexts and it will apply to the whole site
+# and all its locations.

 # BOTS
 # ****
--- a/travis/ddos.tpl.conf
+++ b/travis/ddos.tpl.conf
@ -1,17 +1,2 @@
-#######################################################################
-
-# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
-
-# Include this in a vhost file within a server {} block using and include statement like below
-
-# server {
-#			#Config stuff here
-#			include /etc/nginx/bots.d/blockbots.conf
-#			include /etc/nginx/bots.d/ddos.conf
-#			#Other config stuff here
-#		 }
-
-#######################################################################
-
 limit_conn addr 200;
 limit_req zone=flood burst=200 nodelay;
--- a/travis/default-site.tpl.conf
+++ b/travis/default-site.tpl.conf
@ -4,12 +4,12 @@ server {

    root {ROOT}/www;

-    access_log {DIR}/tmp/access.log;
-    error_log {DIR}/tmp/error.log;
+    access_log /tmp/access.log;
+    error_log /tmp/error.log;
    
    # Block Bad Bots
-	include {DIR}/nginx/bots.d/blockbots.conf;
-	include {DIR}/nginx/bots.d/ddos.conf;
+    include ddos.conf;
+    include blockbots.conf;

    location ~* "\.php(/|$)" {
        include fastcgi.conf;
@ -20,5 +20,4 @@ server {
        # First attempt to serve request as file, then as directory, then fall back to index.html.
        try_files $uri $uri/ /index.html;
    }
-    
 }
--- a/travis/install-nginx.sh
+++ b/travis/install-nginx.sh
@ -1,4 +1,9 @@
 #!/bin/bash
+# Travis CI Code Adapted and Modified from 3 Sources
+# Thanks go out to: 
+# https://github.com/tburry/travis-nginx-test
+# https://github.com/mitchellkrogza/travis-after-all 
+# https://github.com/mitchellkrogza/lua-nginx-statistics

 set -e
 set -x
@ -25,9 +30,6 @@ function tpl {
 mkdir "$DIR/nginx"
 mkdir "$DIR/nginx/sites-enabled"
 mkdir "$DIR/var"
-mkdir "$DIR/nginx/bots.d"
-mkdir "$DIR/nginx/custom.d"
-#mkdir "$DIR/tmp"

 # Configure the PHP handler.
 if [ "$PHP_VERSION" = 'hhvm' ] || [ "$PHP_VERSION" = 'hhvm-nightly' ]
@ -55,10 +57,10 @@ fi
 # Build the default nginx config files.
 tpl "$DIR/nginx.tpl.conf" "$DIR/nginx/nginx.conf"
 tpl "$DIR/fastcgi.tpl.conf" "$DIR/nginx/fastcgi.conf"
+tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/ddos.conf"
+tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/blockbots.conf"
+tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/globalblacklist.conf"
 tpl "$DIR/default-site.tpl.conf" "$DIR/nginx/sites-enabled/default-site.conf"
-tpl "$DIR/globalblacklist.tpl.conf" "$DIR/nginx/custom.d/globalblacklist.conf"
-tpl "$DIR/blockbots.tpl.conf" "$DIR/nginx/bots.d/blockbots.conf"
-tpl "$DIR/ddos.tpl.conf" "$DIR/nginx/bots.d/ddos.conf"

 # Start nginx.
 nginx -c "$DIR/nginx/nginx.conf"
--- a/travis/nginx.tpl.conf
+++ b/travis/nginx.tpl.conf
@ -1,8 +1,11 @@
 error_log /tmp/error.log;
 pid /tmp/nginx.pid;
 worker_processes 1;
+
 events {
 	worker_connections 1024;
+	multi_accept on;
+    use epoll;
 }

 http {
@ -21,23 +24,22 @@ http {
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
-    # server_tokens off;
-    # server_names_hash_bucket_size 64;
-    # server_name_in_redirect off;
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
+	server_names_hash_bucket_size 64;
+	server_names_hash_max_size 4096;

-	# Our request limiter zone for wp-login attacks - for later use in Travis 
-	#limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
+	# Our request limiter zone for wp-login attacks
+	limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
 	
    # DDos Mitigation
    # ***************
    # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
    # Limiting the Rate of Requests
-    limit_req_zone $ratelimited zone=flood:50m rate=90r/s;
+    limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
    # Limiting the Number of Connections
-    limit_conn_zone $ratelimited zone=addr:50m;
+    limit_conn_zone $binary_remote_addr zone=addr:50m;

+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
    
    ##
    # Logging Settings
@ -54,9 +56,9 @@ http {
    ##
    # Virtual Host Configs
    ##
-    # include {DIR}/nginx/conf.d/*.conf;
+    include {DIR}/nginx/conf.d/*.conf;
    include {DIR}/nginx/sites-enabled/*;
-    include {DIR}/nginx/conf.d/*;
+    include {DIR}/nginx/globalblacklist.conf;

    upstream php {
        server 127.0.0.1:{PORT};
--- a/www/nginx.php
+++ b/www/nginx.php
@ -1,3 +1,3 @@
 <?php

-echo "Nginx is Working\n";
+echo "Welcome to Nginx\n";