[Catalog] Add dos module

README.md

@@ -79,6 +79,8 @@ In all the steps below substitute your role name for `your_new_role`
       cp -r roles/example/* $your_new_role
       ```
 
+   1. delete the create.yml and destroy.yml files
+
    1. edit `vi roles/$your_new_role/meta/main.yml` and add a description
 
    1. edit `vi roles/$your_new_role/molecule/default/converge.yml`
@@ -87,6 +89,7 @@ In all the steps below substitute your role name for `your_new_role`
 1. Test that your role is now working
    All tests should pass
 
+   If you have not created any tasks you might get an error in the `Wait for instance(s) creation to complete` task
    ```
    cd roles/$your_new_role
    molecule test

group_vars/nginxplus/main.yml

@@ -30,6 +30,7 @@ nginx_modules:
   image_filter: true
   rtmp: true
   xslt: true
+  dos: true
 # the hash table stores server names for fast lookup
 # see PR 3578 on princeton_ansible
 # increase the size first

roles/example/molecule/default/molecule.yml

@@ -10,13 +10,21 @@ lint: |
 platforms:
   - name: instance
     image: "ghcr.io/pulibrary/pul_containers:jammy_multi"
-    command: "sleep infinity"
+    command: "/lib/systemd/systemd"
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    tmpfs:
+      - /tmp
+      - /run
+      - /run/lock
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:
   name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp/ansible
   log: true
 verifier:
   name: ansible

roles/nginxplus/defaults/main.yml

@@ -60,6 +60,12 @@ nginx_license:
   certificate: license/nginx-repo.crt
   key: license/nginx-repo.key
 
+# Location of your NGINX Plus DoS license in your local machine.
+# Default is the files folder within the NGINX Ansible role.
+nginx_dos_license:
+  certificate: license/nginx-repo_dos.crt
+  key: license/nginx-repo_dos.key
+
 # Delete NGINX Plus license after installation for security purposes.
 # Default is true.
 nginx_delete_license: true

roles/nginxplus/files/conf/http/dev/byzantine-tsp_staging.conf

@@ -31,8 +31,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://byzantine-staging;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Proto https;

roles/nginxplus/files/conf/http/dev/catalog_staging.conf

@@ -26,6 +26,10 @@ server {
     server_name catalog-staging.princeton.edu;
 
     location / {
+        # app protect dos protection
+        app_protect_dos_enable on;
+        app_protect_dos_name "catalog_staging";
+        app_protect_dos_monitor uri=catalog-staging.princeton.edu:80/;
         return 301 https://$server_name$request_uri;
     }
 }
@@ -41,7 +45,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
+        # app_protect_enable off;
         limit_req zone=catalog-staging-ratelimit burst=80 nodelay;
 #        # app_protect_security_log_enable on;
         proxy_pass http://catalog-staging;

roles/nginxplus/files/conf/http/dev/cdh_test_htr.conf

@@ -39,8 +39,8 @@ server {
 
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://cdh-test-htr;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Real-IP $remote_addr;

roles/nginxplus/files/conf/http/dev/gitlab_staging.conf

@@ -30,8 +30,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable on;
+        # app_protect_enable off;
+        # app_protect_security_log_enable on;
         proxy_pass https://gitlab-staging;
         proxy_cache gitlabstagingcache;
         proxy_set_header Connection $http_connection;

roles/nginxplus/files/conf/http/dev/grafana_nomad.conf

@@ -33,7 +33,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
+        # app_protect_enable off;
         proxy_pass http://grafana-nomad;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf

@@ -32,16 +32,16 @@ server {
 
 
   location / {
-    app_protect_enable off;
-    app_protect_security_log_enable on;
+    # app_protect_enable off;
+    # app_protect_security_log_enable on;
     proxy_set_header Host $host;
     proxy_pass http://grafana;
   }
 
   # Proxy Grafana Live WebSocket connections.
   location /api/live/ {
-    app_protect_enable off;
-    app_protect_security_log_enable on;
+    # app_protect_enable off;
+    # app_protect_security_log_enable on;
     proxy_pass http://grafana;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;

roles/nginxplus/files/conf/http/dev/nomad.conf

@@ -33,7 +33,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
+        # app_protect_enable off;
         proxy_pass http://nomad;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

roles/nginxplus/files/conf/http/dev/static_staging.conf

@@ -62,8 +62,8 @@ server {
     }
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://static-staging;
         proxy_cache  static-stagingcache;
         proxy_intercept_errors on;
@@ -91,8 +91,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://static-staging;
         proxy_cache  static-stagingcache;
         proxy_intercept_errors on;
@@ -120,8 +120,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://static-staging;
         proxy_cache  static-stagingcache;
 #        health_check interval=10 fails=3 passes=2;
@@ -149,8 +149,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-        app_protect_enable off;
-        app_protect_security_log_enable off;
+        # app_protect_enable off;
+        # app_protect_security_log_enable off;
         proxy_pass http://static-staging;
         proxy_cache  static-stagingcache;
         proxy_intercept_errors on;

roles/nginxplus/files/license/nginx-repo_dos.crt

@@ -0,0 +1,82 @@
+$ANSIBLE_VAULT;1.1;AES256
+38393239316262663561653861633261646464346662336435613965363731373237363138396663
+6661366632656431333335666434373762393634313761640a623564393632306631353138373361
+66346538363733313366613234613230343832383066613737383330646130656562626630376535
+3261363365326564370a643932353933356661636232303830313465663665306461623861316439
+35636136613530336134316335363339336361336661356665663239396564383239396164616266
+33616162373835333764376563656366633830396364386630313662623461386132343162373436
+64313039646337343631356636623233353261306532333963376335646661366565663761343337
+37313164306238323161336361336634326162336136653430323838633133353066346137643739
+33343363353830393231376138626439353631363736323265353535326366663665666464316464
+36316437313661613862626565336634353561643238353832616366633265653761323532373461
+31353930396136373962623233616664653838386166386533656234646162653633303637343736
+35353832383332356265653962353263383632643630626434363632373466346165363265323664
+65663738613763376332626331626438306263653466383164356130313830303661613633376263
+35306232373362303837613738383936343230653362306238356366306664316461373232396433
+63633938363939393862396566653162613432393631643837663062316163383037633832613237
+36333032393861353439383066633532613665373638623133333563333163333034356430316536
+35373938383934633561353961646463643238656233336139613661663136646235376334356536
+39383561343539313363653133656438353631653132333531646564613563336432353265663635
+32636532366631653739663161313463663234643235633830636133333138363233383133333162
+35616165653536396366313233333662303164303734656566333033313734623165616435313366
+32393665646333663862303632336138376234396537653032386331316566653761346230663436
+61643435313833643064303036353263646132653132303137343761353865336233363861323666
+64323538636132313963386330653736316438386431353165373432613531363061636662366231
+34633064633364356662333062656366616361376535656165643430663533386436393432323535
+38353431313032643939636534366361333837396166616566396532393732346539613262303433
+61653666323665393663363635376137646637373637323866303137656236616630323864613630
+64303038346138353466353131636632623433333535383833646632393037333133383763623132
+35313462346462316536336333646563333639383634626535623731323931323035376535663530
+62323565343363633234343364393838353561346136396464643737306235356634613638613565
+34626132353836666137373961323639613931633034303263356332353037363934313132316335
+33343736633561323432316566636133396264343264346137333663613638633531316438343237
+61323239353261656437633762626638653463633038326636386336346530373633363261633262
+37636663353631346535396663353539663630326264313533653630626338303435373832613066
+33333734633132393138386237373938313966346639633033613235353864666238306262333436
+63633065613639366635343462353838623635336566663334393637343337343066363531306135
+36303763306634343564326566386432633331616537376337623062393532616632333336363737
+33653364653438613831333633323333333032636262623364623738643933656663383430353464
+37363538336262306136363465386666613662646465653036643931623234613434346630633537
+31656431383864656537383162326235633436373934313632653661373462303366386237353662
+62633236383035383033633539366135666634656562653532666438636663656665623034323031
+35336164636137306135393639613136646533383234666433303439383861303936653831323864
+39393661666531383165666538623839336430393564633435653230666533663562376436313237
+32323965396464333833376133653261343661323464633765626363616638656264386439636465
+37613934333664396663323038396634313638353634623734623263376661633930663966303839
+61316438396434336333643365646161306263373965313039343062653564343234313638333439
+38303866323234386564613938386534363464656339633365373961626531323432616339623031
+62356261646332393232313434336339336330333636353539343762353366316265653830646664
+31653161326463643237666238353762396366666636613538386162656664373238623935616333
+65376266326539656364303263633730386236363138653039336164633234306661306165643538
+63626466333463316630376361396531353834303761643761303162646464306364336162643765
+62343235343236306331643064326533633935313930306634383339616236353230626130646230
+32363737663931313863633766623366366131323333303666376163623762623966316530633161
+31633834393064656237646135393534346166366533353136656532356666656666633961633532
+61343136643133376434636332313636656166326432333835353839353962303132656532623435
+65383664326639316361383230396563346138323263636134393237653930623736303062633033
+39363431663836376436613435386230666438633739633761336237383137303861666637366563
+33346262383463396465643639393965326262393264386337343537346538633830353132353262
+65383932343130653831653937313463393837393038626265343137363439616462323431343838
+34643263653734323035336336623638636634636439663033363334353238633964333564306534
+38626666623330373434316464303334396633303034663335333266313333363165663237306335
+38346338613262383566356235326638303438383037636631316662333738393331343965393431
+39343662303166623165356166383363363364363835383061656464663861353739336339313661
+38393035393939626235373734376635613035376539353535373738356463316235656265663434
+61663065303935363661383635663262353331333563346237356633366465323532656564623565
+36306533623832333930393937343737366334363433666334316334366137346239386364373131
+64623738346133386432653962666664306332313037316162303263346564313438663964303135
+31383634343732633361383831363832303966356636623835653565393038636631653036376233
+38343331363264326661636438343233376332323966306431303130616239303763303735616135
+33633638303364396132396237343362353566643062336363633265303536373863666335663862
+31333536383432383838326230373430623934376461303862623337393738313665353535623834
+65336632396266643462646432316633393161623236326636323062663962636437393766303633
+37373562333363316165616330646632333166396461656536613866643962313738363366343731
+31666562393363653432313362636464356162626432363961616438373530643938623639376466
+39636536323234303865313136306435383430363465376138386437306331653366373563376132
+36383066333665323538323039643662396432356332616165373630316232376166376437613431
+33386265343738613366343232393638633366336637613632343361326435386332666265616562
+64366365326235643662336639373237376238336464353465313733663366353961376334356138
+33633963616136373562343533303863646434383832363130306434393336383438663964313535
+63343765613666346437613532653832333464373039613534316130646339653737346431653138
+30636161653632646661313039316664623437323030353133336437306561333336613664613166
+64643431666234316338653331376135303936306361636139613662333464376238

roles/nginxplus/files/license/nginx-repo_dos.jwt

@@ -0,0 +1,58 @@
+$ANSIBLE_VAULT;1.1;AES256
+34626231663437306635323963343964623866333038373465366436353831363933656432373764
+3930306532666630366537646366373137343735333961660a356566656637396562353461396466
+34656666613537303964316637386431323931333337383766396333656666326261643931333465
+6337353864333138340a346561653036663562353964373938343561643633623836613138623135
+66363865353939383163663732353234356134323635653164643864396437363730393439356266
+61343134663264656366303133393434643934633462356335346361656263643933623966333839
+33393234336539633461636238356439396536613032646135393263306237383331633766663338
+36356431346136653733356430366639343835663039326337386533373630613530656265326664
+39663136626238663039356336653962633966336138376534366135656431653333653763653632
+35626138346264363864363765383966333932373932313864653134383731613931623361313338
+66316638626631313062646538636231653963356431323466343761346462356232393662346562
+31343437353737623732656565393836333163326638383863643031616433663735353463373734
+63343338656430636563613930326235393665323331393866626632373632646635333662623435
+30306461383730613932306332363435373135656161356438653464633439323436396334303231
+32636537653662383935643264386462663731653531376163646538373739333830366139343730
+37356239386164643762373361336233623964633136343866336566613463663039336165643839
+36383934626265613130376137633331666566633738386631386631643161356537656234396264
+63353330616532316163313362363264386331353539383365343361363765643937346232373930
+31343931333835363632356238366361326264343931336362313331626337393236613161636136
+30633337333966373332346565616435666332396636353931313139663762336136323637613831
+35336130636661313835623633633834633038643835616335303238666439643232633864343830
+62343434353630333932633236633763616333363665393733656261613032636431616566313263
+62353336643537633762656234613438336434313262306239303466396336626539636663653539
+32393463313766643331626630623537666134373037636235626434646564363166316530336261
+36323038393465643432613832336262323461356264636632366137666263353164346239616363
+30316366623866643363323435363963666565396338316339626563363535313066366533636337
+30646666666464636366613430656138306537383464643932656563393238316430346166306437
+31666433333931646533393532633433376365333036373239643435653139336134633832376130
+37663438393438336462323235323135383338613563333364363065326666643639633632383761
+32663637366234613435353261613633623063326432326266663562653832653865323966613931
+64623430333562643737386663343639373732643131336639343332646536663563326466326362
+39646238303033373137316130626139666631336534363163366639333336623432636462346637
+30626164643636376432313237366534316133383461383963353932643732346361353361316564
+66353331653734396366613434633066346233313735303064643631316330363139366639613166
+35626664313533636462366666663566633064343461353430383361666432373265373761623433
+31306539643462663034303037376631653331363963393831666239326435363330356131663939
+63303263343836396330613239393334303235613339333964383130363335393966336639656331
+64333834663132346239313131666239616135363835626435306166393531333035633864626339
+65386462303334373130346638636162353936396263396130663638373239643161663138653563
+32363931396538303961653230373466613464363736313239663566383838366331646266313630
+32326662613439373631663864653566643764316336333836373538643033646463643263663562
+30393462383933316339633736626663333835343938336533623136383664633564346431623533
+64323739636536353833626266383063633932343330323631386334366266633365316466376336
+33393533653036656433633565396133646637353761363930633736393861306635653864393934
+37313537626261626336633861613661643566306333373432643461626433646438383066323535
+37306539656565626263383666656339633561326339633439633965356433343335656236383462
+34326461623438633737633434363634646339643635306237643661633134373966633230326133
+37333238363932306533613163653339376537323736323031356631356434326437313465303066
+62356331663531656235333963386637396361623635323963626134333839383937376533356361
+38663236646339373339663431323264306232613162313734343936666665373465313835346138
+35353438363065333834323431643830363561363337346661656236333639613266303133333930
+30633562343839346234366465336431323366616133316435306262303366643962383731303765
+62633333653133316162393562663835323635376236616639326532366165643966376364303561
+35663735313031303737663665326634623031313866656430613762653664393465373439653962
+34373266303633613564626636313361653761633035323231386136613364363230326161346130
+38376235356362336336636462373834636635643131373161613234363163373730383332336430
+36613961663636393136376564383564323163353236636436353533663630633266