From de7a794002b0d6a66e9dc231b550cdfc6f5cba4c Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Sat, 24 Jul 2021 00:18:37 +0200
Subject: Start noting down how to setup nginx

---
 guides/cloud/vps.org | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'guides')

diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
index c5f5f92..b649fa8 100644
--- a/guides/cloud/vps.org
+++ b/guides/cloud/vps.org
@@ -36,3 +36,37 @@ So instead, I'll
   Match User …
   	PasswordAuthentication yes
   #+end_src
+* Web server
+With the following files in =$HOME=:
+#+begin_src conf
+# nginx-botsearch.local
+[Init]
+
+block = \S*(php|wp-|wordpress|jenkins|hudson|sql|boaform)[^,]*
+
+[Definition]
+
+# Change from distro: just remove the leading slash before <block>.
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) <block> \S+\" 404 .+$
+            ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$
+
+# jail.local
+[nginx-http-auth]
+enabled = true
+
+[nginx-botsearch]
+enabled = true
+logpath = /var/log/nginx/access.log
+#+end_src
+
+Do:
+#+begin_src sh
+sudo apt install nginx
+sudo cp ~/nginx-botsearch.local /etc/fail2ban/filter.d/
+sudo cp ~/jail.local /etc/fail2ban/
+sudo systemctl restart fail2ban
+#+end_src
+
+Check how these rules fare against real bot searches with
+~fail2ban-regex /var/log/nginx/access.log
+/etc/fail2ban/filter.d/nginx-botsearch.local~.
-- 
cgit v1.2.3