We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[AntiDDoS] for VestaCP with vDDoS Proxy Protection
[AntiDDoS] for VestaCP with vDDoS Proxy Protection
[AntiDDoS] for VestaCP with vDDoS Proxy Protection
Video: https://www.youtube.com/watch?v=CnYVZB70BF4
STEP 1: Install VestaCP
More documentation:
https://vestacp.com/install/
STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.
More documentation:
https://vddos.voduy.com
STEP 3: Change Apache Default Port
By default VestaCP uses Apache or Nginx running on port 80, 443. Or Nginx proxy Apache too, we can reconfigure these Webservers to listen on another port so that vDDoS can proxy on them.
More documentation:
https://vestacp.com/docs/#how-to-remove ... hel-centos
For example, I switch Apache to port 8080 and 8443:
Save & Rebuild vhost configs:
Re-Check Apache port:
STEP 4: Config vDDoS Proxy Protection
For example, the IP Addr of your server is 1.2.3.4:
Restart vDDoS service after you have configured:
STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.
Set Crontab:
STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.
Crontab vDDoS Auto Switch:
More documentation:
https://github.com/duy13/vDDoS-Auto-Switch
Video: https://www.youtube.com/watch?v=CnYVZB70BF4
STEP 1: Install VestaCP
Code: Select all
curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh
https://vestacp.com/install/
STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.
Code: Select all
wget https://files.voduy.com/vDDoS-Proxy-Protection/latest.sh ; chmod 700 latest.sh ; bash latest.sh
https://vddos.voduy.com
STEP 3: Change Apache Default Port
By default VestaCP uses Apache or Nginx running on port 80, 443. Or Nginx proxy Apache too, we can reconfigure these Webservers to listen on another port so that vDDoS can proxy on them.
More documentation:
https://vestacp.com/docs/#how-to-remove ... hel-centos
For example, I switch Apache to port 8080 and 8443:
Code: Select all
cp /usr/local/vesta/conf/vesta.conf /usr/local/vesta/conf/vesta.conf.bak
nano /usr/local/vesta/conf/vesta.conf
WEB_SYSTEM='httpd'
WEB_RGROUPS='apache'
WEB_PORT='8080'
WEB_SSL_PORT='8443'
WEB_SSL='mod_ssl'
STATS_SYSTEM='webalizer,awstats'
FTP_SYSTEM='vsftpd'
DNS_SYSTEM='named'
MAIL_SYSTEM='exim'
IMAP_SYSTEM='dovecot'
CRON_SYSTEM='crond'
FIREWALL_SYSTEM='iptables'
DISK_QUOTA='yes'
BACKUP_SYSTEM='local'
LANGUAGE='en'
VERSION='0.9.8'
DB_SYSTEM='mysql'
SOFTACULOUS='yes'
Code: Select all
for user in $(v-list-sys-users plain); do v-rebuild-web-domains $user; done
Re-Check Apache port:
Code: Select all
[root@vesta ~]# netstat -lntup|grep httpd
tcp 0 0 1.2.3.4:8443 0.0.0.0:* LISTEN 879/httpd
tcp 0 0 1.2.3.4:8080 0.0.0.0:* LISTEN 879/httpd
STEP 4: Config vDDoS Proxy Protection
For example, the IP Addr of your server is 1.2.3.4:
Code: Select all
nano /vddos/conf.d/website.conf
# Website Listen Backend Cache Security SSL-Prikey SSL-CRTkey
default http://0.0.0.0:80 http://1.2.3.4:8080 no no no no
default https://0.0.0.0:443 https://1.2.3.4:8443 no no /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Code: Select all
/usr/bin/vddos restart
STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.
Code: Select all
nano /vddos/auto-add/setting.conf
# Default Setting for vddos-add command:
SSL auto
DNS_sleep 66
DNS_alias_mode no
Cache no
Security no
HTTP_Listen http://0.0.0.0:80
HTTPS_Listen https://0.0.0.0:443
HTTP_Backend http://1.2.3.4:8080
HTTPS_Backend https://1.2.3.4:8443
Code: Select all
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel vestacp apache' >> /etc/crontab
STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.
Code: Select all
nano /vddos/auto-switch/setting.conf
# This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"
hostname="vDDoS Master" #(Name this server, it will show up in Email notifications)
vddos_master_slave_mode="no" #(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
backend_url_check="no" #(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))
send_notifications="no" #(Turn on "yes" if you want receive notification)
smtp_server="smtps://smtp.gmail.com" #(SMTP Server)
smtp_username="[email protected]" #(Your Mail)
smtp_password="xxxxxxxxxxxxx" #(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
send_notifications_to="[email protected]" #(Your Email Address will receive notification)
maximum_allowable_delay_for_backend=2 #(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
maximum_allowable_delay_for_website=2 #(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)
default_switch_mode_not_attack="no" #(Default Mode vDDoS use when it's not under attacked)
default_switch_mode_under_attack="high" #(Default Mode vDDoS use when it's under attack)
default_waiting_time_to_release="60" #(For example 60 minutes, release time from challenge)
Crontab vDDoS Auto Switch:
Code: Select all
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-switch allsite no && /usr/bin/vddos reload' >> /etc/crontab
echo '* * * * * root /usr/bin/vddos-sensor' >> /etc/crontab
More documentation:
https://github.com/duy13/vDDoS-Auto-Switch
Re: [AntiDDoS] for VestaCP with vDDoS Proxy Protection
Very good tutorial.
In case you have Nginx working as a reverse proxy for Apache, would it be better to replace Nginx with vDDOS?
Because I think it doesn't make sense to have vDDOS, Nginx and Apache integrated or does it?
In case you have Nginx working as a reverse proxy for Apache, would it be better to replace Nginx with vDDOS?
Because I think it doesn't make sense to have vDDOS, Nginx and Apache integrated or does it?