#!/bin/sh # Shell Script for Auto Updating the Nginx Bad Bot Blocker # Copyright: https://github.com/mitchellkrogza # Project Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker # Update script & Alpine Linux package by Stuart Cardall: https://github.com/itoffshore # MAKE SURE you have all the following files in /etc/nginx/bots.d/ folder # *********************************************************************** # whitelist-ips.conf # whitelist-domains.conf # blacklist-user-agents.conf # bad-referrer-words.conf # custom-bad-referrers.conf # blacklist-ips.conf # A major change to using include files was introduced in # https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/commit/7e3ab02172dafdd524de5dd450a9732328622779 # ************************************************************************** # Nginx will fail a reload with [EMERG] without the presence of these files. # PLEASE READ UPDATED CONFIGURATION INSTRUCTIONS BEFORE USING THIS # Save this file as /usr/sbin/update-ngxblocker # cd /usr/sbin # sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/update-ngxblocker -O update-ngxblocker # Make it Executable chmod 700 /usr/sbin/update-ngxblocker # RUN THE UPDATE # Here our script runs, pulls the latest update, reloads nginx and emails you a notification EMAIL="me@myemail.com" SEND_EMAIL="Y" CONF_DIR=/etc/nginx/conf.d ##### end user configuration ############################################################## usage() { local script=$(basename $0) cat </dev/null) if [ -n "$svc" ]; then echo $svc exit 0 fi done } wget_opts() { local opts= # Busybox wget gives less verbose output by default if [ -n "$(wget --help 2>/dev/null | grep "\-nv")" ]; then opts="-nv" fi echo $opts } get_options() { local options=$(getopt -o c:r:e:nh --long \ bots:,conf:,repo:,email:,no-email,help,exec -- "$@" 2>/dev/null) if [ $? -ne 0 ]; then usage exit 1 fi eval set -- "$options" while :; do case "$1" in -h | --help) usage && exit 1;; -c | --conf) CONF_DIR=$2; shift 2;; -r | --repo) REPO=$2; shift 2;; -e | --email) EMAIL=$2; shift 2;; -n | --no-email) SEND_EMAIL=N; shift 2;; *) break;; esac done } main() { local email_report=$(mktemp) file=globalblacklist.conf local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master local remote_dir=conf.d url= output= # default to service (centos does not have 'which' by default) local service=${service_cmd:-"service"} # require root if [ "$(id -u)" != "0" ]; then echo "This script must be run as root" 1>&2 exit 1 fi # parse command line get_options $@ url=$REPO/$remote_dir/$file output=$CONF_DIR/$file # download update mkdir -p $CONF_DIR wget $url $(wget_opts) -O $output 2>&1 | tee $email_report # re-read configuration if ! grep "Not Found" $email_report; then $service nginx reload | tee -a $email_report else printf "\nDownload failed: not reloading nginx config\n" | tee -a $email_report fi # email report case "$SEND_EMAIL" in y*|Y*) printf "\nEmailing report to: $EMAIL\n"; cat $email_report | mail -s "Nginx Bad Bot Blocker Updated" $EMAIL;; esac rm -f $email_report } main $@ exit $? # Add this as a cron to run daily / weekly as you like # Here's a sample CRON entry to update every day at 10pm # 00 22 * * * /usr/sbin/update-ngxblocker