介绍:vDDoS Protection is Nginx bundled with module HTTP/2; GeoIP; Limit Req, Testcookie; reCaptcha processor… Working like CloudFlare, but vDDoS is software help you build your own System Firewall.
安装
- Github
- 官网
vDDos proxy必须安装在WEB程序以前,例如(cPanel, VestaCP, LAMP, LEMP…)等应用的安装需要在vDDos proxy安装完成之后。
vDDos proxy暂只支持CentOS Server 5/6/7 x86_64 和CloudLinux Server 5/6/7 x86_64 。且 Warning: Since version 1.13.10, vDDoS only supports CentOS Server 7
安装依赖:
yum -y install epel-release
yum -y install curl wget gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed gcc automake autoconf apr-util-devel gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed
yum -y update
reboot
运行以下命令Install Latest Version (System CentOS 7 x86_64 & vDDoS Latest Version):
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh
安装Old Version:
vddosversion="1.13.10"
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-$vddosversion-centos7 -o
/usr/bin/vddos
chmod 700 /usr/bin/vddos
/usr/bin/vddos help
/usr/bin/vddos setup
至此,安装完毕
使用
保护某一个网站
# vi /vddos/conf.d/website.conf
# Website Listen Backend Cache Security SSL-Prikey SSL-CRTkey
default http://0.0.0.0:80 http://127.0.0.1:8080 no 200 no no
your-domain.com http://0.0.0.0:80 http://127.0.0.1:8080 no 200 no no
default https://0.0.0.0:443 https://127.0.0.1:8443 no 307 /ssl/key.pri /ssl/crt.crt
your-domain.com https://0.0.0.0:443 https://127.0.0.1:8443 no 307 /ssl/key.pri /ssl/crt.crt参数解释
your-domain.com为你想要保护的域名listen为本地监听IP端口backend为后端IP端口(可以当作为使用CDN或者反代源网站)cache是否进行缓存。
security是保护强度 可选no, 307, 200, click, 5s, high, captcha。
强度阶梯:no < 307 < 200 < click < 5s < high < captcha。
5s类似于Cloudflare的五秒盾。
captcha为启用谷歌人机验证码后面会详细说。
SSL-Prikey为SSL密匙。
SSL-CRTket为SSL证书。
5S盾
5s盾的默认文件储存于
/vddos/html/5s.html
如有需要,可自行设置。
captcha谷歌验证码
因为国内无法使用谷歌验证码
下面贴出LET上给出的使用方法,请自行测试
# vi /vddos/conf.d/recaptcha-sitekey.conf
# Website reCaptcha-sitekey (View KEY in https://www.google.com/recaptcha/admin#list)
your-domain.com 6Lcr6QkUAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
# vi /vddos/conf.d/recaptcha-secretkey.conf
DEBUG=False
RE_SECRETS = { 'your-domain.com': '6Lcr6QkUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'your-domain.org': '6LcKngoUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx' }
[1]: https://github.com/duy13/vDDoS-Protection
[2]: https://vddos.voduy.com/所需的KEY需要在https://www.google.com/recaptcha/admin#list申请,一个域名对应了一个key。
禁止某个国家的IP访问
修改文件/vddos/conf.d/blacklist-countrycode.conf
#vi /vddos/conf.d/blacklist-countrycode.conf
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
US yes;
CN no;#自带禁止中国
}
deny 1.1.1.1;添加白名单
修改文件/vddos/conf.d/whitelist-botsearch.conf
# vi /vddos/conf.d/whitelist-botsearch.conf
#Alexa Bot IP Addresses
204.236.235.245; 75.101.186.145;
...添加白名单之后,启用的如5s盾 验证码将不会对白名单IP访客生效。
设置IP直接访问源站
修改文件/vddos/conf.d/cdn-ip.conf
# vi /vddos/conf.d/cdn-ip.conf
# Cloudflare
set_real_ip_from 103.21.244.0/22;
...联系方式:
文章链接:https://wxiou.cn/index.php/archives/41/
除特别注明外,文章均为Literature原创,转载时请注明本文出处及文章链接
