Nginx(编译)+Lua脚本+Redis 实现自动封禁访问频率过高IP

qq_312920112024-11-11 17:42

1.安装lua

1.1安装LuaJIT

bash 复制代码 
yum install readline-devel
mkdir -p lua-file
cd lua-file/
wget https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.0.5.tar.gz
tar -zxvf LuaJIT-2.0.5.tar.gz 
cd LuaJIT-2.0.5
make && make install PREFIX=/usr/local/luajit

1.2配置LuaJIT环境变量

root@localhost lua-file\]# vim /etc/profile #/etc/profile 文件中加入环境变量 ```bash export LUAJIT_LIB=/usr/local/luajit/lib export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0 ``` \[root@localhost lua-file\]# source /etc/profile 1.3 lua安装测试 \[root@localhost lua-file\]# vim hello.lua print('hello world lua'); \[root@localhost lua-file\]# lua hello.lua hello world lua 2.ngx_devel_kit和lua-nginx-module ngx_devel_kit简称NDK,提供函数和宏处理一些基本任务,减轻第三方模块开发的代码量。 lua-nginx-module是nginx的lua模块 ```bash [root@localhost ~]# mkdir -p /usr/local/src/nginx [root@localhost ~]# cd /usr/local/src/nginx/ [root@localhost nginx]# wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz [root@localhost nginx]# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz [root@localhost nginx]# ls v0.10.9rc7.tar.gz v0.3.0.tar.gz [root@localhost nginx]# tar -zxvf v0.10.9rc7.tar.gz [root@localhost nginx]# tar -zxvf v0.3.0.tar.gz ``` 3.查看已安装好的nginx 3.1查看原安装 \[root@localhost nginx\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module 3.2 安装依赖 \[root@localhost nginx\]# yum -y install openssl openssl-devel zlib zlib-devel pcre-devel 3.3 进入nginx解压目录,安装扩展 \[root@localhost \~\]# cd nginx-1.14.2 \[root@localhost nginx-1.14.2\]# 3.3.1.清空之前的编译文件 \[root@localhost nginx-1.14.2\]# make clean 3.3.2 执行 nginx -V 查看之前的编译参数 \[root@localhost nginx-1.14.2\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module 3.3.3 添加扩展执行编译 ```bash [root@localhost nginx-1.14.2]# ls /usr/local/src/nginx/ lua-nginx-module-0.10.9rc7 ngx_devel_kit-0.3.0 v0.10.9rc7.tar.gz v0.3.0.tar.gz [root@localhost nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/ ``` 3.3.4.执行make (不能执行 make install) \[root@localhost nginx-1.14.2\]# make (打开新连接窗口操作)重命名 nginx 旧版本二进制文件,即 sbin 目录下的 nginx(期间 nginx 并不会停止服务) \[root@localhost nginx-1.14.2\]# cd /usr/local/nginx/sbin/ \[root@localhost sbin\]# ls nginx \[root@localhost sbin\]# mv nginx nginx.old \[root@localhost sbin\]# ls nginx.old 拷贝一份新编译的二进制文件到安装目录 \[root@localhost nginx-1.14.2\]# pwd /root/nginx-1.14.2 \[root@localhost nginx-1.14.2\]# cd objs/ \[root@localhost objs\]# cp nginx /usr/local/nginx/sbin/ \[root@localhost objs\]# ls /usr/local/nginx/sbin/ nginx nginx.old 在源码目录执行 make upgrade 开始升级 \[root@localhost nginx-1.14.2\]# make upgrade /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful kill -USR2 \`cat /usr/local/nginx/logs/nginx.pid\` sleep 1 test -f /usr/local/nginx/logs/nginx.pid.oldbin kill -QUIT \`cat /usr/local/nginx/logs/nginx.pid.oldbin\` 如果有这个报错:nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory#解决方案 \[root@localhost nginx-1.14.2\]# vim /etc/ld.so.conf ```bash #新增一条 /usr/local/luajit/lib #保存文件,执行ldconfig ``` \[root@localhost nginx-1.14.2\]# ldconfig ###查看是否安装成功 \[root@localhost nginx-1.14.2\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/ 4 nginx引入lua调试 4.1 nginx.conf引入lua \[root@localhost conf\]# pwd /usr/local/nginx/conf \[root@localhost conf\]# vim nginx.conf ```bash set $test "hello world lua"; location /lua_test { content_by_lua ' ngx.header.content_type="text/plain"; ngx.say(ngx.var.test); '; } ``` ![](https://i-blog.csdnimg.cn/direct/2794205eba1b4c54b94d06f2fd36f637.png) 4.2 重启nginx,执行访问 \[root@localhost nginx\]# /usr/local/nginx/sbin/nginx -s reload 执行访问 ![](https://i-blog.csdnimg.cn/direct/022d37a1c969497d904fc4851635dae8.png) 5.实现lua连接redis redis集群扩展包:https://github.com/onlonely/lua-redis-cluster 对于lua来说,它是一个非常轻量级的脚本语言,而它本身也与php的composer是一样的,是可以添加扩展,只是他们的扩展我们需要自己找对应的模块库 官方组件:https://openresty.org/cn/components.html \[root@localhost 5.1\]# pwd /usr/local/luajit/share/lua/5.1 5.2 下载快速JSON编码/解析 \[root@localhost 5.1\]# git clone https://github.com/openresty/lua-cjson.git 5.3 下载 lua-resty-redis (单机版redis)客户端 \[root@localhost 5.1\]# wget https://codeload.github.com/agentzh/lua-resty-redis/tar.gz/v0.26 tar -zxvf v0.26 cd lua-resty-redis-0.26/lib/resty/ cp redis.lua /usr/local/nginx/conf/lua/ 5.4 lua连接单机版本redis 资料地址:https://github.com/openresty/lua-resty-redis 5.4.1编辑nginx.conf脚本 #引入lua-reds 扩展库(此处可以在lua脚本里面引入,公共的也可以在此引入) #连接单机版本的redis ```bash lua_package_path "/usr/local/nginx/conf/lua/redis.lua;;"; location /lua_redis { default_type 'application/x-javascript;charset=utf-8'; content_by_lua_file /usr/local/nginx/conf/lua/lua_redis.lua; } ``` ![](https://i-blog.csdnimg.cn/direct/0de85431d6d24f16ae4120232911714c.png) 5.4.2 编辑连接redis的lua脚本 \[root@localhost conf\]# vim lua/lua_redis.lua ```bash local redis = require "resty.redis" local red = redis:new() red:set_timeouts(1000, 1000, 1000) -- 1 sec --lua 连接redis local ok,err = red:connect("127.0.0.1", 6379) if not ok then ngx.say("failed to connect: ", err) return end --设置数据 local date=os.date("%Y-%m-%d %H:%M:%S") ok,err = red:set("dog", date.."-数据") if not ok then ngx.say("failed to set dog: ", err) return end --获取设置的值 local res,err=red:get("dog") if not res then ngx.say("failed to get dog",err) return end ngx.say(res) ``` 5.4.3 重启nginx,访问nginx,数据成功写入redis,并读取 \[root@localhost lua\]# /usr/local/nginx/sbin/nginx -s reload #(重启报错,自行查看nginx 的 error.log文件,具体根据自行的错误日志输错文件目录查看) \[root@localhost lua\]# ls /usr/local/nginx/logs/ access.log error.log ![](https://i-blog.csdnimg.cn/direct/c25d85c4d4594f22b6a007972ffe3d8d.png) 准备工作已经完成,现在要实现nginx+Lua+Redis自动封禁并解封IP了,参考前面文章,这里不重复了 [Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客](https://blog.csdn.net/qq_31292011/article/details/143331450?spm=1001.2014.3001.5501 "Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客") ## **知识点:** **如果之前是yum安装的NGINX怎么整?** 1:nginx -V;查看之前yum安装的自带编译参数和版本 ![](https://i-blog.csdnimg.cn/direct/f1d5ced999d64d989c3ae9985de5e8be.png) 2:下载同版本的源码包,进行编译 ![](https://i-blog.csdnimg.cn/direct/270e3ca9dde94091b43ca3313fae4ccd.png) 3:只需要make,不要make install,然后mv objs/nginx /usr/sbin/nginx,这样yum安装的nginx就编译完成lua的模块

相关推荐
trayvontang5 小时前
Nginx之location配置
运维·nginx
代码or搬砖7 小时前
Nginx详讲
运维·nginx·dubbo
Evan芙13 小时前
Nginx 平滑升级
数据库·nginx·ubuntu
Evan芙18 小时前
Nginx 安装教程(附Nginx编译安装脚本)
windows·nginx·postgresql
invicinble19 小时前
nginx的基本认识
运维·nginx
爆肝疯学大模型19 小时前
http转https,免费快速申请证书并实现nginx配置
nginx·http·https
qinyia19 小时前
通过 Wisdom SSH AI 助手部署和配置 Nginx Web 服务器
人工智能·nginx·ssh
嘻哈baby19 小时前
Nginx反向代理与负载均衡实战指南
运维·nginx·负载均衡
二哈喇子!1 天前
openFuyao 容器平台快速入门:Nginx 应用部署全流程实操
运维·nginx·openfuyao
J2虾虾2 天前
上传文件出现“ 413 Request Entity Too Large“错误
nginx
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)05【AutoGLM部署】本地私有化部署AI手机Agent06Open-AutoGLM Windows 安装部署教程07Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser08安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)09Labelme从安装到标注:零基础完整指南10BongoCat - 跨平台键盘猫动画工具