Nginx(编译)+Lua脚本+Redis 实现自动封禁访问频率过高IP

1.安装lua

1.1安装LuaJIT

bash 复制代码

yum install readline-devel
mkdir -p lua-file
cd lua-file/
wget https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.0.5.tar.gz
tar -zxvf LuaJIT-2.0.5.tar.gz 
cd LuaJIT-2.0.5
make && make install PREFIX=/usr/local/luajit

1.2配置LuaJIT环境变量

root@localhost lua-file\]# vim /etc/profile #/etc/profile 文件中加入环境变量 ```bash export LUAJIT_LIB=/usr/local/luajit/lib export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0 ``` \[root@localhost lua-file\]# source /etc/profile 1.3 lua安装测试 \[root@localhost lua-file\]# vim hello.lua print('hello world lua'); \[root@localhost lua-file\]# lua hello.lua hello world lua 2.ngx_devel_kit和lua-nginx-module ngx_devel_kit简称NDK，提供函数和宏处理一些基本任务，减轻第三方模块开发的代码量。 lua-nginx-module是nginx的lua模块 ```bash [root@localhost ~]# mkdir -p /usr/local/src/nginx [root@localhost ~]# cd /usr/local/src/nginx/ [root@localhost nginx]# wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz [root@localhost nginx]# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz [root@localhost nginx]# ls v0.10.9rc7.tar.gz v0.3.0.tar.gz [root@localhost nginx]# tar -zxvf v0.10.9rc7.tar.gz [root@localhost nginx]# tar -zxvf v0.3.0.tar.gz ``` 3.查看已安装好的nginx 3.1查看原安装 \[root@localhost nginx\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module 3.2 安装依赖 \[root@localhost nginx\]# yum -y install openssl openssl-devel zlib zlib-devel pcre-devel 3.3 进入nginx解压目录,安装扩展 \[root@localhost \~\]# cd nginx-1.14.2 \[root@localhost nginx-1.14.2\]# 3.3.1.清空之前的编译文件 \[root@localhost nginx-1.14.2\]# make clean 3.3.2 执行 nginx -V 查看之前的编译参数 \[root@localhost nginx-1.14.2\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module 3.3.3 添加扩展执行编译 ```bash [root@localhost nginx-1.14.2]# ls /usr/local/src/nginx/ lua-nginx-module-0.10.9rc7 ngx_devel_kit-0.3.0 v0.10.9rc7.tar.gz v0.3.0.tar.gz [root@localhost nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/ ``` 3.3.4.执行make (不能执行 make install) \[root@localhost nginx-1.14.2\]# make (打开新连接窗口操作）重命名 nginx 旧版本二进制文件，即 sbin 目录下的 nginx（期间 nginx 并不会停止服务） \[root@localhost nginx-1.14.2\]# cd /usr/local/nginx/sbin/ \[root@localhost sbin\]# ls nginx \[root@localhost sbin\]# mv nginx nginx.old \[root@localhost sbin\]# ls nginx.old 拷贝一份新编译的二进制文件到安装目录 \[root@localhost nginx-1.14.2\]# pwd /root/nginx-1.14.2 \[root@localhost nginx-1.14.2\]# cd objs/ \[root@localhost objs\]# cp nginx /usr/local/nginx/sbin/ \[root@localhost objs\]# ls /usr/local/nginx/sbin/ nginx nginx.old 在源码目录执行 make upgrade 开始升级 \[root@localhost nginx-1.14.2\]# make upgrade /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful kill -USR2 \`cat /usr/local/nginx/logs/nginx.pid\` sleep 1 test -f /usr/local/nginx/logs/nginx.pid.oldbin kill -QUIT \`cat /usr/local/nginx/logs/nginx.pid.oldbin\` 如果有这个报错：nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory#解决方案 \[root@localhost nginx-1.14.2\]# vim /etc/ld.so.conf ```bash #新增一条 /usr/local/luajit/lib #保存文件，执行ldconfig ``` \[root@localhost nginx-1.14.2\]# ldconfig ###查看是否安装成功 \[root@localhost nginx-1.14.2\]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/ 4 nginx引入lua调试 4.1 nginx.conf引入lua \[root@localhost conf\]# pwd /usr/local/nginx/conf \[root@localhost conf\]# vim nginx.conf ```bash set $test "hello world lua"; location /lua_test { content_by_lua ' ngx.header.content_type="text/plain"; ngx.say(ngx.var.test); '; } ``` ![](https://i-blog.csdnimg.cn/direct/2794205eba1b4c54b94d06f2fd36f637.png) 4.2 重启nginx,执行访问 \[root@localhost nginx\]# /usr/local/nginx/sbin/nginx -s reload 执行访问 ![](https://i-blog.csdnimg.cn/direct/022d37a1c969497d904fc4851635dae8.png) 5.实现lua连接redis redis集群扩展包：https://github.com/onlonely/lua-redis-cluster 对于lua来说，它是一个非常轻量级的脚本语言，而它本身也与php的composer是一样的，是可以添加扩展，只是他们的扩展我们需要自己找对应的模块库 官方组件：https://openresty.org/cn/components.html \[root@localhost 5.1\]# pwd /usr/local/luajit/share/lua/5.1 5.2 下载快速JSON编码/解析 \[root@localhost 5.1\]# git clone https://github.com/openresty/lua-cjson.git 5.3 下载 lua-resty-redis （单机版redis）客户端 \[root@localhost 5.1\]# wget https://codeload.github.com/agentzh/lua-resty-redis/tar.gz/v0.26 tar -zxvf v0.26 cd lua-resty-redis-0.26/lib/resty/ cp redis.lua /usr/local/nginx/conf/lua/ 5.4 lua连接单机版本redis 资料地址：https://github.com/openresty/lua-resty-redis 5.4.1编辑nginx.conf脚本 #引入lua-reds 扩展库（此处可以在lua脚本里面引入，公共的也可以在此引入） #连接单机版本的redis ```bash lua_package_path "/usr/local/nginx/conf/lua/redis.lua;;"; location /lua_redis { default_type 'application/x-javascript;charset=utf-8'; content_by_lua_file /usr/local/nginx/conf/lua/lua_redis.lua; } ``` ![](https://i-blog.csdnimg.cn/direct/0de85431d6d24f16ae4120232911714c.png) 5.4.2 编辑连接redis的lua脚本 \[root@localhost conf\]# vim lua/lua_redis.lua ```bash local redis = require "resty.redis" local red = redis:new() red:set_timeouts(1000, 1000, 1000) -- 1 sec --lua 连接redis local ok,err = red:connect("127.0.0.1", 6379) if not ok then ngx.say("failed to connect: ", err) return end --设置数据 local date=os.date("%Y-%m-%d %H:%M:%S") ok,err = red:set("dog", date.."-数据") if not ok then ngx.say("failed to set dog: ", err) return end --获取设置的值 local res,err=red:get("dog") if not res then ngx.say("failed to get dog",err) return end ngx.say(res) ``` 5.4.3 重启nginx,访问nginx，数据成功写入redis,并读取 \[root@localhost lua\]# /usr/local/nginx/sbin/nginx -s reload #(重启报错，自行查看nginx 的 error.log文件，具体根据自行的错误日志输错文件目录查看) \[root@localhost lua\]# ls /usr/local/nginx/logs/ access.log error.log ![](https://i-blog.csdnimg.cn/direct/c25d85c4d4594f22b6a007972ffe3d8d.png) 准备工作已经完成，现在要实现nginx+Lua+Redis自动封禁并解封IP了,参考前面文章，这里不重复了 [Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客](https://blog.csdn.net/qq_31292011/article/details/143331450?spm=1001.2014.3001.5501 "Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客") ## **知识点：** **如果之前是yum安装的NGINX怎么整？** 1：nginx -V；查看之前yum安装的自带编译参数和版本 ![](https://i-blog.csdnimg.cn/direct/f1d5ced999d64d989c3ae9985de5e8be.png) 2：下载同版本的源码包，进行编译 ![](https://i-blog.csdnimg.cn/direct/270e3ca9dde94091b43ca3313fae4ccd.png) 3：只需要make，不要make install，然后mv objs/nginx /usr/sbin/nginx，这样yum安装的nginx就编译完成lua的模块