Nginx(编译)+Lua脚本+Redis 实现自动封禁访问频率过高IP

1.安装lua

1.1安装LuaJIT

bash 复制代码

yum install readline-devel
mkdir -p lua-file
cd lua-file/
wget https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.0.5.tar.gz
tar -zxvf LuaJIT-2.0.5.tar.gz 
cd LuaJIT-2.0.5
make && make install PREFIX=/usr/local/luajit

1.2配置LuaJIT环境变量

$root@localhost lua-file$ # vim /etc/profile

#/etc/profile 文件中加入环境变量

bash 复制代码

export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0

$root@localhost lua-file$ # source /etc/profile

1.3 lua安装测试

$root@localhost lua-file$ # vim hello.lua

print('hello world lua');

$root@localhost lua-file$ # lua hello.lua

hello world lua

2.ngx_devel_kit和lua-nginx-module

ngx_devel_kit简称NDK，提供函数和宏处理一些基本任务，减轻第三方模块开发的代码量。

lua-nginx-module是nginx的lua模块

bash 复制代码

[root@localhost ~]# mkdir -p /usr/local/src/nginx
[root@localhost ~]# cd /usr/local/src/nginx/
[root@localhost nginx]# wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
[root@localhost nginx]# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
[root@localhost nginx]# ls
v0.10.9rc7.tar.gz  v0.3.0.tar.gz
[root@localhost nginx]# tar -zxvf v0.10.9rc7.tar.gz 
[root@localhost nginx]# tar -zxvf v0.3.0.tar.gz

3.查看已安装好的nginx

3.1查看原安装

$root@localhost nginx$ # /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module

3.2 安装依赖

$root@localhost nginx$ # yum -y install openssl openssl-devel zlib zlib-devel pcre-devel

3.3 进入nginx解压目录,安装扩展

$root@localhost \~$ # cd nginx-1.14.2

$root@localhost nginx-1.14.2$ #

3.3.1.清空之前的编译文件

$root@localhost nginx-1.14.2$ # make clean

3.3.2 执行 nginx -V 查看之前的编译参数

$root@localhost nginx-1.14.2$ # /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module

3.3.3 添加扩展执行编译

bash 复制代码

[root@localhost nginx-1.14.2]# ls /usr/local/src/nginx/
lua-nginx-module-0.10.9rc7  ngx_devel_kit-0.3.0  v0.10.9rc7.tar.gz  v0.3.0.tar.gz
[root@localhost nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/

3.3.4.执行make (不能执行 make install)

$root@localhost nginx-1.14.2$ # make

(打开新连接窗口操作）重命名 nginx 旧版本二进制文件，即 sbin 目录下的 nginx（期间 nginx 并不会停止服务）

$root@localhost nginx-1.14.2$ # cd /usr/local/nginx/sbin/

$root@localhost sbin$ # ls

nginx

$root@localhost sbin$ # mv nginx nginx.old

$root@localhost sbin$ # ls

nginx.old

拷贝一份新编译的二进制文件到安装目录

$root@localhost nginx-1.14.2$ # pwd

/root/nginx-1.14.2

$root@localhost nginx-1.14.2$ # cd objs/

$root@localhost objs$ # cp nginx /usr/local/nginx/sbin/

$root@localhost objs$ # ls /usr/local/nginx/sbin/

nginx nginx.old

在源码目录执行 make upgrade 开始升级

$root@localhost nginx-1.14.2$ # make upgrade

/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`

sleep 1

test -f /usr/local/nginx/logs/nginx.pid.oldbin

kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`

如果有这个报错：nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory#解决方案

$root@localhost nginx-1.14.2$ # vim /etc/ld.so.conf

bash 复制代码

#新增一条
 /usr/local/luajit/lib

#保存文件，执行ldconfig

$root@localhost nginx-1.14.2$ # ldconfig

###查看是否安装成功

$root@localhost nginx-1.14.2$ # /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/

4 nginx引入lua调试

4.1 nginx.conf引入lua

$root@localhost conf$ # pwd

/usr/local/nginx/conf

$root@localhost conf$ # vim nginx.conf

bash 复制代码

set $test "hello world lua";
        location /lua_test {
                content_by_lua '
                        ngx.header.content_type="text/plain";
                        ngx.say(ngx.var.test);
                ';
        }

4.2 重启nginx,执行访问

$root@localhost nginx$ # /usr/local/nginx/sbin/nginx -s reload

执行访问

5.实现lua连接redis

redis集群扩展包：https://github.com/onlonely/lua-redis-cluster

对于lua来说，它是一个非常轻量级的脚本语言，而它本身也与php的composer是一样的，是可以添加扩展，只是他们的扩展我们需要自己找对应的模块库

官方组件：https://openresty.org/cn/components.html

$root@localhost 5.1$ # pwd

/usr/local/luajit/share/lua/5.1

5.2 下载快速JSON编码/解析

$root@localhost 5.1$ # git clone https://github.com/openresty/lua-cjson.git

5.3 下载 lua-resty-redis （单机版redis）客户端

$root@localhost 5.1$ # wget https://codeload.github.com/agentzh/lua-resty-redis/tar.gz/v0.26

tar -zxvf v0.26

cd lua-resty-redis-0.26/lib/resty/

cp redis.lua /usr/local/nginx/conf/lua/

5.4 lua连接单机版本redis

资料地址：https://github.com/openresty/lua-resty-redis

5.4.1编辑nginx.conf脚本

#引入lua-reds 扩展库（此处可以在lua脚本里面引入，公共的也可以在此引入）

#连接单机版本的redis

bash 复制代码

lua_package_path "/usr/local/nginx/conf/lua/redis.lua;;";

location /lua_redis {
             default_type 'application/x-javascript;charset=utf-8';
              content_by_lua_file /usr/local/nginx/conf/lua/lua_redis.lua;
   }

5.4.2 编辑连接redis的lua脚本

$root@localhost conf$ # vim lua/lua_redis.lua

bash 复制代码

local redis = require "resty.redis"
local red = redis:new()

red:set_timeouts(1000, 1000, 1000) -- 1 sec

--lua 连接redis
local ok,err = red:connect("127.0.0.1", 6379)

if not ok then
       ngx.say("failed to connect: ", err)
       return
end


--设置数据
local date=os.date("%Y-%m-%d %H:%M:%S")
ok,err = red:set("dog", date.."-数据")
if not ok then
       ngx.say("failed to set dog: ", err)
       return
end


--获取设置的值
local res,err=red:get("dog")
if not res then
	ngx.say("failed to get dog",err)
	return
end

ngx.say(res)

5.4.3 重启nginx,访问nginx，数据成功写入redis,并读取

$root@localhost lua$ # /usr/local/nginx/sbin/nginx -s reload

#(重启报错，自行查看nginx 的 error.log文件，具体根据自行的错误日志输错文件目录查看)

$root@localhost lua$ # ls /usr/local/nginx/logs/

access.log error.log

准备工作已经完成，现在要实现nginx+Lua+Redis自动封禁并解封IP了,参考前面文章，这里不重复了

Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客

知识点：

如果之前是yum安装的NGINX怎么整？

1：nginx -V；查看之前yum安装的自带编译参数和版本

2：下载同版本的源码包，进行编译

3：只需要make，不要make install，然后mv objs/nginx /usr/sbin/nginx，这样yum安装的nginx就编译完成lua的模块