Date: Tue, 18 Feb 2020 15:11:23 +0000 (UTC) From: Alexander Leidinger <netchild@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r526458 - in head/www: . nginx-ultimate-bad-bot-blocker nginx-ultimate-bad-bot-blocker/files Message-ID: <202002181511.01IFBNMQ047139@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: netchild Date: Tue Feb 18 15:11:23 2020 New Revision: 526458 URL: https://svnweb.freebsd.org/changeset/ports/526458 Log: The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer, adware, malware, ransomware, clickjacking, click directing, SEO companies bad IPs, Wordpress theme detectors and fake Googlebots. It includes an anti DDoS system and nginx rate limiting. WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/ Added: head/www/nginx-ultimate-bad-bot-blocker/ head/www/nginx-ultimate-bad-bot-blocker/Makefile (contents, props changed) head/www/nginx-ultimate-bad-bot-blocker/distinfo (contents, props changed) head/www/nginx-ultimate-bad-bot-blocker/files/ head/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker (contents, props changed) head/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker (contents, props changed) head/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in (contents, props changed) head/www/nginx-ultimate-bad-bot-blocker/pkg-descr (contents, props changed) Modified: head/www/Makefile Modified: head/www/Makefile ============================================================================== --- head/www/Makefile Tue Feb 18 13:33:13 2020 (r526457) +++ head/www/Makefile Tue Feb 18 15:11:23 2020 (r526458) @@ -447,6 +447,7 @@ SUBDIR += nginx-lite SUBDIR += nginx-naxsi SUBDIR += nginx-prometheus-exporter + SUBDIR += nginx-ultimate-bad-bot-blocker SUBDIR += nginx-vts-exporter SUBDIR += nibbleblog SUBDIR += nift Added: head/www/nginx-ultimate-bad-bot-blocker/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/Makefile Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,41 @@ +# $FreeBSD$ + +PORTNAME= nginx-ultimate-bad-bot-blocker +DISTVERSION= 4.2020.02.1988 +DISTFILES= V${PORTVERSION}${EXTRACT_SUFX} +PORTREVISION= 0 +CATEGORIES= www security +MASTER_SITES= https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/archive/ + +MAINTAINER= netchild@FreeBSD.org +COMMENT= Nginx bad bot and other things blocker + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE.md + +RUN_DEPENDS= gsed:textproc/gsed + +USE_GITHUB= nodefault + +GH_ACCOUNT= mitchellkrogza +GH_PROJECT= ${PORTNAME} + +NO_ARCH= yes +NO_BUILD= yes + +SUB_FILES= pkg-message +PLIST_FILES= sbin/install-ngxblocker \ + sbin/setup-ngxblocker \ + sbin/update-ngxblocker + +post-patch: + ${REINPLACE_CMD} -e 's:/usr/local:${PREFIX}:g' \ + -e 's:/etc/nginx:${LOCALBASE}/etc/nginx:g' \ + -e 's:nginx/sites-available:nginx/sites:g' \ + -e 's:/var/www:${LOCALBASE}/www:g' \ + -e 's:VHOST_EXT="vhost":VHOST_EXT="conf":' ${WRKSRC}/*-ngxblocker + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/*-ngxblocker ${STAGEDIR}${PREFIX}/sbin/ + +.include <bsd.port.mk> Added: head/www/nginx-ultimate-bad-bot-blocker/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/distinfo Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,3 @@ +TIMESTAMP = 1582031978 +SHA256 (V4.2020.02.1988.tar.gz) = 9bf264f6192bf8a0d9f78f1c54bc2e3b9314ea1bf80bbb33b460514b0173b47b +SIZE (V4.2020.02.1988.tar.gz) = 3785603 Added: head/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/files/patch-install-ngxblocker Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,30 @@ +--- install-ngxblocker ++++ install-ngxblocker +@@ -36,6 +36,7 @@ CONF_DIR=/etc/nginx/conf.d + BOTS_DIR=/etc/nginx/bots.d + SCRIPT_DIR=/usr/local/sbin + REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master ++SKIP_SCRIPTS=true + + ####### end user configuration ########################## + OS=$(uname -s) +@@ -341,11 +342,15 @@ main() { + check_config $CONF_DIR $BOTS_DIR $SCRIPT_DIR + download_files conf.d $CONF_DIR $CONF_FILES + download_files bots.d $BOTS_DIR $BOT_FILES +- download_files / $SCRIPT_DIR $SCRIPT_FILES ++ if [ "$SKIP_SCRIPTS" = "false" ]; then ++ download_files / $SCRIPT_DIR $SCRIPT_FILES + +- # ensures scripts are executable +- if [ "$DRY_RUN" = "N" ]; then +- set_mode 700 $SCRIPT_DIR $SCRIPT_FILES ++ # ensures scripts are executable ++ if [ "$DRY_RUN" = "N" ]; then ++ set_mode 700 $SCRIPT_DIR $SCRIPT_FILES ++ fi ++ else ++ printf "\n** FreeBSD specific ** | not updating scripts, please use the package management for this.\n\n" + fi + } + Added: head/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/files/patch-update-ngxblocker Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,79 @@ +--- update-ngxblocker ++++ update-ngxblocker +@@ -148,6 +148,8 @@ update_paths() { + # updates hard coded bots.d path in globalblacklist.conf + local blacklist=$1 include_paths= dir= x= + ++ case ${OS} in ++ Linux) + if ! grep "$BOTS_DIR" $blacklist 1>/dev/null; then + if [ -d $BOTS_DIR ]; then + printf "${BOLDGREEN}Updating bots.d path${RESET}: ${BOLDWHITE}$BOTS_DIR => $blacklist${RESET}\n" +@@ -163,6 +165,12 @@ update_paths() { + update_paths $blacklist + fi + fi ++ ;; ++ *BSD) ++ printf "${BOLDGREEN}Updating bots.d path${RESET}\n" ++ /usr/bin/sed -i -e 's:include .*nginx/:include :g' ${BOTS_DIR}/* ${CONF_DIR}/* ++ ;; ++ esac + } + + sanitize_path() { +@@ -319,11 +327,39 @@ get_options() { + INSTALL_INC="$INSTALLER -b $BOTS_DIR -c $CONF_DIR -x" + } + ++nginx_check_status() { ++ local pidof_path=$(find_binary pidof) ++ ++ case ${OS} in ++ Linux) ++ $pidof_path nginx 1>/dev/null ++ return $? ++ ;; ++ FreeBSD) ++ /usr/sbin/service nginx status | /usr/bin/grep -q running ++ return $? ++ ;; ++ esac ++} ++ ++nginx_reload() { ++ local nginx_path=$(find_binary nginx) ++ ++ case ${OS} in ++ Linux) ++ $nginx_path -s reload 2>&1 >/dev/null ++ return $? ++ ;; ++ FreeBSD) ++ /usr/sbin/service nginx reload >/dev/null 2>&1 ++ return $? ++ ;; ++ esac ++} ++ + main() { + local REPO=https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master + local file=globalblacklist.conf remote_dir=conf.d url= output= update= status= tmp= retval= +- local nginx_path=$(find_binary nginx) +- local pidof_path=$(find_binary pidof) + + # require root + if [ "$(id -u)" != "0" ]; then +@@ -370,9 +406,10 @@ main() { + if [ $retval = 0 ]; then + + # use full paths to workaround crontabs without $PATH configured +- if $pidof_path nginx 1>/dev/null; then ++ nginx_check_status ++ if [ $? -eq 0 ]; then + +- $nginx_path -s reload 2>&1 >/dev/null ++ nginx_reload + + if [ $? = 0 ]; then + status="${BOLDGREEN}[OK]${RESET}" Added: head/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/files/pkg-message.in Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,38 @@ +[ +{ + message: <<EOT +This ports installs only the scripts, the data/config files are to be installed +by the + %%PREFIX%%/sbin/install-ngxblocker + %%PREFIX%%/sbin/update-ngxblocker +scripts (they change too frequently). + +While reading + https://github.com/netchild/nginx-ultimate-bad-bot-blocker/blob/freebsdport/AUTO-CONFIGURATION.md +for setup instructions keep in mind that the port of the scripts is using FreeBSD +locations of things, like + %%LOCALBASE%%/etc/nginx/ +and + service nginx reload +(this includes the test-config functionality on reload). + +FreeBSD does not define a standard location and naming convention for sites/vhosts, +this port uses + %%LOCALBASE%%/etc/nginx/sites/*.conf +by default. The scripts allow to override this via command line flags. + +Example crontab entry for /etc/cron.d/nginx-bad-bot-blocker: +---snip--- +# +SHELL=/bin/sh +PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:%%PREFIX%%/sbin + +# See crontab(5) for field format. +53 10 * * * root %%PREFIX%%/sbin/update-ngxblocker -q +---snip--- +See + %%PREFIX%%/sbin/update-ngxblocker -h +for mail-sending options. +EOT +} +] Added: head/www/nginx-ultimate-bad-bot-blocker/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/nginx-ultimate-bad-bot-blocker/pkg-descr Tue Feb 18 15:11:23 2020 (r526458) @@ -0,0 +1,6 @@ +The "Ultimate Nginx Bad Bot" blocker, handles also user-agent, spam referrer, +adware, malware, ransomware, clickjacking, click directing, SEO companies +bad IPs, Wordpress theme detectors and fake Googlebots. It includes an +anti DDoS system and nginx rate limiting. + +WWW: https://github.com/mitchellkrogza/nginx-ultimate-bad-blocker/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002181511.01IFBNMQ047139>