Ansible Deflect configuration automation
Shell C PHP Python Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
contrib
daemon
http
roles
scripts
.gitattributes
.gitignore
LICENSE
README.md
ansible.cfg
clients.yml.example
hosts.yml.example
override.yml.example
site.yml.example
trigger.sh.example

README.md

autodeflect

Autodeflect is an automation system for DIY installations of the Deflect anti-DDoS CDN system.

Deflect is a lightweight but heavy-duty anti-DDoS content distribution network that uses low-cost reverse proxies to absorb and mitigate DDoS attacks on webservers. The infrastructure is comprised of many parts, with Apache Traffic Server being a central component used for caching resources and serving them.

Autodeflect is a system for writing out the dynamic components of a Deflect configuration. This comprises:

  • awstats configuration entries
  • Apache Traffic Server remap files
  • Bind-style zone file information (designed to be used with Edgemanage for robust serving of content when servers experience instability or become unavailable).
  • Nagios configuration for monitoring origin servers
  • Per-site configuration rules for the Banjax mitigation platform - both the old-style libconfig-based file and the current YAML-based configuration.
  • Scripted renewal of Let's Encrypt TLS certs

Configuration

Global configuration of controller-side elements is accomplished via variables in site.yml. Comments document the majority of this configuration.

Client configuration (sites protected behind your instance of Deflect) is accomplished via clients.yml. In the Deflect system this file is generated via the Deflect Dashboard. This file can be written by hand or populated by some automated system. Some Day the Deflect Dashboard source will be opened, but this is not that day.

Limitations

Autodeflect does not write out configuration for a Nagios installation, an Awstats setup or an Apache Traffic Server configuration set. Users should supply these configurations themselves (generally the stock configurations are fine, but vast improvements can be obtained by tweaking them). In future static configuration files will be added to this repository.

Requires:

  • python-passlib