[AntiDDoS] for FastPanel with vDDoS Proxy Protection

[Vo Duy dot Com]

STEP 1: Install Fastpanel (CentOS 7)


yum makecache; yum install wget
wget http://repo.fastpanel.direct/install_fastpanel.sh -O - | bash -

More documentation:
https://fastpanel.direct/wiki/en/how-to-install-fastpanel


STEP 2: Install vDDoS Proxy Protection

vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

wget https://files.voduy.com/vDDoS-Proxy-Protection/latest.sh ; chmod 700 latest.sh ; bash latest.sh

More documentation:
https://vddos.voduy.com




STEP 3: Change Nginx Default Port

By default Fastpanel uses Nginx running on port 80, 443 (and Apache port 81). We can reconfigure Nginx Webserver to listen on another port so that vDDoS can proxy on them.

Change Nginx Default Port:

cp -a /usr/local/fastpanel2 /usr/local/fastpanel2.vddos.bak
cp -a /etc/nginx /etc/nginx.vddos.bak


Change port for HTTP:

s=':80' ; r=':88'
sed -i "s#$s#$r#g" /etc/nginx/fastpanel2-available/*/*.conf
sed -i "s#$s#$r#g" /etc/nginx/conf.d/parking.conf
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/services/parking.tpl
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/panel_virtualhost/proxy_virtualhost.conf.tpl
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/virtualhost/configuration/*.tpl



Change port for HTTPS:

s=':443' ; r=':999'
sed -i "s#$s#$r#g" /etc/nginx/fastpanel2-available/*/*.conf
sed -i "s#$s#$r#g" /etc/nginx/conf.d/parking.conf
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/services/parking.tpl
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/panel_virtualhost/proxy_virtualhost.conf.tpl
sed -i "s#$s#$r#g" /usr/local/fastpanel2/templates/virtualhost/configuration/*.tpl






Restart Nginx:

service nginx restart

Re-Check Nginx port:

[root@Fastpanel ~]# netstat -lntup|grep nginx
tcp        0      0 1.2.3.4:88             0.0.0.0:*               LISTEN      28536/nginx: master
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      1008/nginx: master
tcp        0      0 0.0.0.0:7777            0.0.0.0:*               LISTEN      1008/nginx: master
tcp        0      0 1.2.3.4:999            0.0.0.0:*               LISTEN      28536/nginx: master

[root@Fastpanel ~]# netstat -lntup|grep httpd
tcp        0      0 127.0.0.1:81            0.0.0.0:*               LISTEN      9




STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:88    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:999   no    no      /vddos/ssl/Fastpanel.com.pri /vddos/ssl/Fastpanel.com.crt

Restart vDDoS service after you have configured:

/usr/bin/vddos restart

NOTE:
If you use Apache you can use vDDOS proxy directly to Apache instead of Nginx

nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:81    no    no      no           no
default         https://0.0.0.0:443  http://1.2.3.4:81   no    no      /vddos/ssl/Fastpanel.com.pri /vddos/ssl/Fastpanel.com.crt



STEP 5: Config vDDoS Auto Add

vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

nano /vddos/auto-add/setting.conf

# Default Setting for vddos-add command:

SSL                auto
DNS_sleep         66
DNS_alias_mode    no
Cache            no
Security        no
HTTP_Listen        http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:88
HTTPS_Backend    https://1.2.3.4:999

Set Crontab:

echo '*/15 * * * * root /usr/bin/vddos-autoadd webserver nginx' >> /etc/crontab




STEP 6: Config vDDoS Auto Switch

vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

nano /vddos/auto-switch/setting.conf

# This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"

hostname="vDDoS Master"                            #(Name this server, it will show up in Email notifications)

vddos_master_slave_mode="no"                    #(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
backend_url_check="no"            #(Put the URL of the backend. Ex: https://1.1.1.1:443/ (make sure Backend status response is "200"))

send_notifications="no"                        #(Turn on "yes" if you want receive notification)
smtp_server="smtps://smtp.gmail.com"        #(SMTP Server)
smtp_username="x...@gmail.com"                #(Your Mail)
smtp_password="xxxxxxxxxxxxx"                 #(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
send_notifications_to="xx...@gmail.com"        #(Your Email Address will receive notification)


maximum_allowable_delay_for_backend=2             #(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
maximum_allowable_delay_for_website=2             #(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)

default_switch_mode_not_attack="no"                #(Default Mode vDDoS use when it's not under attacked)
default_switch_mode_under_attack="high"            #(Default Mode vDDoS use when it's under attack)
default_waiting_time_to_release="60"            #(For example 60 minutes, release time from challenge)


Crontab vDDoS Auto Switch:

echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-switch allsite no && /usr/bin/vddos reload' >> /etc/crontab
echo '* * * * * root /usr/bin/vddos-sensor' >> /etc/crontab


More documentation:
https://github.com/duy13/vDDoS-Auto-Switch

[Vo Duy dot Com]

Ex your server IP Addr is 1.2.3.4:

nano /etc/nginx/conf.d/cloudflare.conf

....
....
set_real_ip_from 127.0.0.1;
set_real_ip_from 1.2.3.4;


Restart Nginx:

service nginx reload