Autodeflect is an automation system for DIY installations of the Deflect anti-DDoS CDN system.
Deflect is a lightweight but heavy-duty anti-DDoS content distribution network that uses low-cost reverse proxies to absorb and mitigate DDoS attacks on webservers. The infrastructure is comprised of many parts, with Apache Traffic Server being a central component used for caching resources and serving them.
Autodeflect is a system for writing out the dynamic components of a Deflect configuration. This comprises:
- awstats configuration entries
- Apache Traffic Server remap files
- Bind-style zone file information (designed to be used with Edgemanage for robust serving of content when servers experience instability or become unavailable).
- Nagios configuration for monitoring origin servers
- Per-site configuration rules for the Banjax mitigation platform - both the old-style libconfig-based file and the current YAML-based configuration.
- Scripted renewal of Let's Encrypt TLS certs
Global configuration of controller-side elements is accomplished via
variables in site.yml. Comments document the majority of this
configuration.
Client configuration (sites protected behind your instance of Deflect)
is accomplished via clients.yml. In the Deflect system this file
is generated via the Deflect
Dashboard. This file can be written by
hand or populated by some automated system. Some Day the Deflect
Dashboard source will be opened, but this is not that day.
Autodeflect does not write out configuration for a Nagios installation, an Awstats setup or an Apache Traffic Server configuration set. Users should supply these configurations themselves (generally the stock configurations are fine, but vast improvements can be obtained by tweaking them). In future static configuration files will be added to this repository.
Requires:
- python-passlib