[AntiDDoS] for CyberPanel with vDDoS Proxy Protection

Video: https://www.youtube.com/watch?v=6Bt9RPSSjn4

STEP 1: Install CyberPanel

sh <(curl https://cyberpanel.net/install.sh || wget -O - https://cyberpanel.net/install.sh)

More documentation:
https://community.cyberpanel.net/docs?category=9&topic=82

STEP 2: Install vDDoS Proxy Protection

vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

wget https://files.voduy.com/vDDoS-Proxy-Protection/latest.sh ; chmod 700 latest.sh ; bash latest.sh

More documentation:
https://vddos.voduy.com

STEP 3: Change OpenLiteSpeed Default Port

By default CyberPanel uses OpenLiteSpeed running on port 80, 443. We can reconfigure these Webservers to listen on another port so that vDDoS can proxy on them.

cp /usr/local/lsws/conf/httpd_config.conf /usr/local/lsws/conf/httpd_config.conf.vddosbak
nano /usr/local/lsws/conf/httpd_config.conf

Find:

listener Default {
  address                 *:80
  secure                  0
  map                     cyberpanel.net cyberpanel.net
}

Edit:

listener Default {
  address                 *:8080
  secure                  0
  map                     cyberpanel.net cyberpanel.net
}

Find:

listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
  certFile                /usr/local/lsws/admin/conf/webadmin.crt
  map                     cyberpanel.net cyberpanel.net
}

Edit:

listener SSL {
  address                 *:8443
  secure                  1
  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
  certFile                /usr/local/lsws/admin/conf/webadmin.crt
  map                     cyberpanel.net cyberpanel.net
}

Save & Restart OpenLiteSpeed:

service lsws restart

Re-Check OpenLiteSpeed port:

[root@vDDoS-CyberPanel ~]# netstat -lntup|grep openlitespeed
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      11507/openlitespeed
tcp        0      0 0.0.0.0:8080          0.0.0.0:*               LISTEN      11507/openlitespeed
tcp        0      0 0.0.0.0:8443          0.0.0.0:*               LISTEN      11507/openlitespeed

STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

Restart vDDoS service after you have configured:

/usr/bin/vddos restart

STEP 5: Config vDDoS Auto Add

vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host… and automatically add them into the website.conf file.

nano /vddos/auto-add/setting.conf

# Default Setting for vddos-add command:

SSL				auto
DNS_sleep 		66
DNS_alias_mode	no
Cache			no
Security		no
HTTP_Listen		http://0.0.0.0:80
HTTPS_Listen	https://0.0.0.0:443
HTTP_Backend	http://1.2.3.4:8080
HTTPS_Backend	https://1.2.3.4:8443

Set Crontab:

echo '*/15 * * * * root /usr/bin/vddos-autoadd panel cyberpanel openlitespeed' >> /etc/crontab

STEP 6: Config vDDoS Auto Switch

vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

nano /vddos/auto-switch/setting.conf

# This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"

hostname="vDDoS Master"							#(Name this server, it will show up in Email notifications)

vddos_master_slave_mode="no"					#(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
backend_url_check="no"			#(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))

send_notifications="no"						#(Turn on "yes" if you want receive notification)
smtp_server="smtps://smtp.gmail.com"		#(SMTP Server)
smtp_username="[email protected]"				#(Your Mail)
smtp_password="xxxxxxxxxxxxx" 				#(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
send_notifications_to="[email protected]"		#(Your Email Address will receive notification)


maximum_allowable_delay_for_backend=2 			#(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
maximum_allowable_delay_for_website=2 			#(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)

default_switch_mode_not_attack="no"				#(Default Mode vDDoS use when it's not under attacked)
default_switch_mode_under_attack="high"			#(Default Mode vDDoS use when it's under attack)
default_waiting_time_to_release="60"			#(For example 60 minutes, release time from challenge)

Crontab vDDoS Auto Switch:

echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-switch allsite no && /usr/bin/vddos reload' >> /etc/crontab
echo '* * * * * root /usr/bin/vddos-sensor' >> /etc/crontab

More documentation:
https://github.com/duy13/vDDoS-Auto-Switch

3 Likes

Thanks man! I will try it!

Dear, can I use and install vDDoS for my LiteSpeed WebServer Enterprise (and CyberPanel Enterprise)?

At the first glance, the functionality looks just fantastic! But I’m afraid to break something on my server with sites.

Even though openlitespeed and litespeed are identical in configuration (they only differ in reading htaccess), you should still install it for testing first, not use it officially if:

  1. you have never used vddos for antiddos before
  2. you have never installed vddos + openlitespeed before

You can still try creating another server, install vddos and proxy it to the cyberpanel server

@duy13 thank you! now CloudLinux versions 8 and 9 is Actual! Will be updated?

You can still try creating another server, install vddos and proxy it to the cyberpanel server

Do I understand correctly that in this case I need a server №1 installed by LSWS + Cyberpanel, on which my sites will be posted, and server №2 on pure AlmaLinux, for example, on which only vDDoS will be installed?