52 lines
1.0 KiB
Bash
52 lines
1.0 KiB
Bash
|
#!/bin/bash
|
||
|
|
# Setup Fail2ban for Nginx
|
||
|
|
|
||
|
|
set -e
|
||
|
|
|
||
|
|
echo "Setting up Fail2ban..."
|
||
|
|
|
||
|
|
# Install fail2ban if not installed
|
||
|
|
if ! command -v fail2ban-server &> /dev/null; then
|
||
|
|
apt update
|
||
|
|
apt install -y fail2ban
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Create filter for Nginx
|
||
|
|
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||
|
|
DEPLOYMENT_DIR="$( cd "$SCRIPT_DIR/.." && pwd )"
|
||
|
|
|
||
|
|
cat > /etc/fail2ban/filter.d/nginx-limit-req.conf << 'EOF'
|
||
|
|
[Definition]
|
||
|
|
failregex = ^.*limiting requests, excess:.*by zone.*client: <HOST>.*$
|
||
|
|
ignoreregex =
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# Create jail configuration
|
||
|
|
cat > /etc/fail2ban/jail.d/explorer.conf << 'EOF'
|
||
|
|
[nginx-limit-req]
|
||
|
|
enabled = true
|
||
|
|
port = http,https
|
||
|
|
logpath = /var/log/nginx/explorer-error.log
|
||
|
|
maxretry = 10
|
||
|
|
findtime = 600
|
||
|
|
bantime = 3600
|
||
|
|
|
||
|
|
[nginx-botsearch]
|
||
|
|
enabled = true
|
||
|
|
port = http,https
|
||
|
|
logpath = /var/log/nginx/explorer-access.log
|
||
|
|
maxretry = 2
|
||
|
|
findtime = 600
|
||
|
|
bantime = 86400
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# Restart fail2ban
|
||
|
|
systemctl restart fail2ban
|
||
|
|
|
||
|
|
# Check status
|
||
|
|
fail2ban-client status
|
||
|
|
|
||
|
|
echo "Fail2ban configured!"
|
||
|
|
echo "Jails: nginx-limit-req, nginx-botsearch"
|
||
|
|
|