simon987/docker-nginx-js-challenge
1
0
Fork 0
mirror of https://git.seedno.de/seednode/docker-nginx-js-challenge.git synced 2025-04-03 16:23:02 +00:00
Code Issues Projects Releases Wiki Activity

Initial test of simon987/ngx_http_js_challenge_module

Browse Source
This commit is contained in:
seednode 2020-11-14 17:35:42 -05:00
commit e6999e6903
7 changed files with 377 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
Dockerfile Normal file
View File

@ -0,0 +1,88 @@
# multi-stage build for dockerized nginx
# set up nginx build container
FROM alpine:latest AS nginx
RUN apk add gcc g++ git curl make linux-headers tar gzip geoip-dev gd-dev libxslt-dev pcre-dev perl-dev
# download pcre library
WORKDIR /src/pcre
ARG PCRE_VER="8.44"
RUN curl -L -O "https://cfhcable.dl.sourceforge.net/project/pcre/pcre/$PCRE_VER/pcre-$PCRE_VER.tar.gz"
RUN tar xzf "/src/pcre/pcre-$PCRE_VER.tar.gz"
# download fancy-index module
RUN git clone https://github.com/aperezdc/ngx-fancyindex.git /src/ngx-fancyindex
# download ngx_http_hs_challenge module
RUN git clone https://github.com/simon987/ngx_http_js_challenge_module.git /src/ngx-http-js-challenge-module
# download nginx source
WORKDIR /src/nginx
ARG NGINX_VER
RUN curl -L -O "http://nginx.org/download/nginx-$NGINX_VER.tar.gz"
RUN tar xzf "nginx-$NGINX_VER.tar.gz"
# configure and build nginx
WORKDIR /src/nginx/nginx-"$NGINX_VER"
RUN ./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--http-client-body-temp-path=/tmp/nginx/client \
--http-proxy-temp-path=/tmp/nginx/proxy \
--user=www-data \
--group=www-data \
--with-threads \
--with-file-aio \
--with-pcre="/src/pcre/pcre-$PCRE_VER" \
--with-pcre-jit \
--with-http_addition_module \
--add-module=/src/ngx-fancyindex \
--add-dynamic-module=/src/ngx-http-js-challenge-module \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-http_gzip_module \
--without-select_module \
--without-poll_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-cc-opt="-Wl,--gc-sections -static -static-libgcc -O2 -ffunction-sections -fdata-sections -fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security"
ARG CORE_COUNT="1"
RUN make -j"$CORE_COUNT"
RUN make install
# set up the final container
FROM alpine:latest
# copy in default nginx configs
COPY nginx/ /etc/nginx/
# setup nginx folders and files
RUN adduser www-data -D -H
RUN chown -R www-data:www-data /etc/nginx
RUN mkdir -p /tmp/nginx/{client,proxy} && chown -R www-data:www-data /tmp/nginx/
RUN mkdir -p /var/log/nginx && chown -R www-data:www-data /var/log/nginx
RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
RUN touch /run/nginx.pid && chown www-data:www-data /run/nginx.pid
RUN mkdir -p /etc/nginx
# add nginx binary
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
# add ngx-http-js-challenge module
ARG NGINX_VER
COPY --from=nginx /src/nginx/nginx-"$NGINX_VER"/objs/ngx_http_js_challenge_module.so /etc/nginx/modules/ngx_http_js_challenge_module.so
# add test index file
COPY index.html /usr/share/nginx/html/index.html
# add loading file
COPY loading.html /etc/nginx/loading.html
# configure entrypoint
ENTRYPOINT ["/usr/sbin/nginx","-g","daemon off;"]

36
build.sh Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env bash
# build, tag, and push docker images
# exit if a command fails
set -o errexit
# exit if required variables aren't set
set -o nounset
# if no registry is provided, tag image as "local" registry
registry="${REGISTRY:-local}"
# retrieve latest nginx version
nginx_mainline="$(curl -s 'http://nginx.org/download/' | grep -oP 'href="nginx-\K[0-9]+\.[0-9]+\.[0-9]+' | sort -t. -rn -k1,1 -k2,2 -k3,3 | head -1)"
# if no version is specified, use the mainline version
nginx_version="${1:-$nginx_mainline}"
# pass core count into container for build process
core_count="$(nproc)"
# if no arguments are passed, display usage info and exit
if [ "$#" -ne 1 ]; then
echo "No nginx version provided. Falling back to mainline version $nginx_version."
fi
# create docker image
docker build --build-arg NGINX_VER="$nginx_version" \
--build-arg CORE_COUNT="$core_count" \
-t "$registry"/nginx-js-challenge:"$nginx_version" \
-f Dockerfile .
# if a registry is specified, push to it
if [ "$registry" != "local" ]; then
docker push "$registry"/nginx-js-challenge:"$nginx_version"
fi

1
index.html Normal file
View File

@ -0,0 +1 @@
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

112
loading.html Normal file
View File

@ -0,0 +1,112 @@
<style>
.animation div {
border-radius: 50%;
position: absolute;
top: 50%;
left: 75%;
width: 100%;
}
.animation div:nth-of-type(odd) {
background: black;
}
.animation div:nth-of-type(even) {
background: white;
border: 2px solid black;
}
.animation div:nth-of-type(3) {
height: 10px;
width: 10px;
margin-top: -5px;
margin-left: -5px;
-webkit-animation: slide 3s ease-in-out infinite;
animation: slide 3s ease-in-out infinite;
}
.animation div:nth-of-type(2) {
height: 20px;
width: 20px;
margin-top: -12px;
margin-left: -12px;
-webkit-animation: slide 3s -2.7s ease-in-out infinite;
animation: slide 3s -2.7s ease-in-out infinite;
}
.animation div:nth-of-type(1) {
height: 40px;
width: 40px;
margin-top: -20px;
margin-left: -20px;
-webkit-animation: slide 3s -2.4s ease-in-out infinite;
animation: slide 3s -2.4s ease-in-out infinite;
}
@keyframes slide {
0% {
left: 75%
}
50% {
left: 25%;
}
100% {
left: 75%;
}
}
@-webkit-keyframes slide {
0% {
left: 75%
}
50% {
left: 25%;
}
100% {
left: 75%;
}
}
html {
overflow: hidden;
}
a {
color: blue;
}
#c {
top: 20%;
text-align: center;
width: 100%;
position: absolute;
}
#c p {
text-align: center;
width: 100%;
position: absolute;
}
footer {
bottom: 10%;
text-align: center;
width: 100%;
position: absolute;
}
</style>
<div class="wrapper">
<div id="c">
<h1>Checking your browser</h1>
<p>You will be redirected shortly</p>
</div>
<div class="animation">
<div></div>
<div></div>
<div></div>
</div>
</div>
<footer>
DDoS protection with
<a href="https://github.com/simon987/ngx_http_js_challenge_module">ngx_http_js_challenge_module</a>
</footer>

15
nginx/conf.d/default.conf Normal file
View File

@ -0,0 +1,15 @@
server {
listen 80;
server_name localhost;
location / {
js_challenge on;
js_challenge_secret "change me!";
js_challenge_html /etc/nginx/loading.html;
js_challenge_bucket_duration 3600;
js_challenge_title "Verifying your browser...";
root /usr/share/nginx/html;
index index.html index.htm;
}
}

97
nginx/mime.types Normal file
View File

@ -0,0 +1,97 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

28
nginx/nginx.conf Normal file
View File

@ -0,0 +1,28 @@
user www-data;
worker_processes auto;
# load js challenge module
load_module /etc/nginx/modules/ngx_http_js_challenge_module.so;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}