Nginx(编译)+Lua脚本+Redis 实现自动封禁访问频率过高IP

1.安装lua

1.1安装LuaJIT

bash 复制代码
yum install readline-devel
mkdir -p lua-file
cd lua-file/
wget https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.0.5.tar.gz
tar -zxvf LuaJIT-2.0.5.tar.gz 
cd LuaJIT-2.0.5
make && make install PREFIX=/usr/local/luajit

1.2配置LuaJIT环境变量

root@localhost lua-file# vim /etc/profile

#/etc/profile 文件中加入环境变量

bash 复制代码
export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0

root@localhost lua-file# source /etc/profile

1.3 lua安装测试

root@localhost lua-file# vim hello.lua

print('hello world lua');

root@localhost lua-file# lua hello.lua

hello world lua

2.ngx_devel_kit和lua-nginx-module

ngx_devel_kit简称NDK,提供函数和宏处理一些基本任务,减轻第三方模块开发的代码量。

lua-nginx-module是nginx的lua模块

bash 复制代码
[root@localhost ~]# mkdir -p /usr/local/src/nginx
[root@localhost ~]# cd /usr/local/src/nginx/
[root@localhost nginx]# wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz
[root@localhost nginx]# wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz
[root@localhost nginx]# ls
v0.10.9rc7.tar.gz  v0.3.0.tar.gz
[root@localhost nginx]# tar -zxvf v0.10.9rc7.tar.gz 
[root@localhost nginx]# tar -zxvf v0.3.0.tar.gz 

3.查看已安装好的nginx

3.1查看原安装

root@localhost nginx# /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module

3.2 安装依赖

root@localhost nginx# yum -y install openssl openssl-devel zlib zlib-devel pcre-devel

3.3 进入nginx解压目录,安装扩展

root@localhost \~# cd nginx-1.14.2

root@localhost nginx-1.14.2#

3.3.1.清空之前的编译文件

root@localhost nginx-1.14.2# make clean

3.3.2 执行 nginx -V 查看之前的编译参数

root@localhost nginx-1.14.2# /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module

3.3.3 添加扩展执行编译

bash 复制代码
[root@localhost nginx-1.14.2]# ls /usr/local/src/nginx/
lua-nginx-module-0.10.9rc7  ngx_devel_kit-0.3.0  v0.10.9rc7.tar.gz  v0.3.0.tar.gz
[root@localhost nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/

3.3.4.执行make (不能执行 make install)

root@localhost nginx-1.14.2# make

(打开新连接窗口操作)重命名 nginx 旧版本二进制文件,即 sbin 目录下的 nginx(期间 nginx 并不会停止服务)

root@localhost nginx-1.14.2# cd /usr/local/nginx/sbin/

root@localhost sbin# ls

nginx

root@localhost sbin# mv nginx nginx.old

root@localhost sbin# ls

nginx.old

拷贝一份新编译的二进制文件到安装目录

root@localhost nginx-1.14.2# pwd

/root/nginx-1.14.2

root@localhost nginx-1.14.2# cd objs/

root@localhost objs# cp nginx /usr/local/nginx/sbin/

root@localhost objs# ls /usr/local/nginx/sbin/

nginx nginx.old

在源码目录执行 make upgrade 开始升级

root@localhost nginx-1.14.2# make upgrade

/usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`

sleep 1

test -f /usr/local/nginx/logs/nginx.pid.oldbin

kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`

如果有这个报错:nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory#解决方案

root@localhost nginx-1.14.2# vim /etc/ld.so.conf

bash 复制代码
#新增一条
 /usr/local/luajit/lib

#保存文件,执行ldconfig

root@localhost nginx-1.14.2# ldconfig

###查看是否安装成功

root@localhost nginx-1.14.2# /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.14.2

built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)

built with OpenSSL 1.0.2k-fips 26 Jan 2017

TLS SNI support enabled

configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --add-module=/usr/local/src/nginx/lua-nginx-module-0.10.9rc7/ --add-module=/usr/local/src/nginx/ngx_devel_kit-0.3.0/

4 nginx引入lua调试

4.1 nginx.conf引入lua

root@localhost conf# pwd

/usr/local/nginx/conf

root@localhost conf# vim nginx.conf

bash 复制代码
set $test "hello world lua";
        location /lua_test {
                content_by_lua '
                        ngx.header.content_type="text/plain";
                        ngx.say(ngx.var.test);
                ';
        }

4.2 重启nginx,执行访问

root@localhost nginx# /usr/local/nginx/sbin/nginx -s reload

执行访问

5.实现lua连接redis

redis集群扩展包:https://github.com/onlonely/lua-redis-cluster

对于lua来说,它是一个非常轻量级的脚本语言,而它本身也与php的composer是一样的,是可以添加扩展,只是他们的扩展我们需要自己找对应的模块库

官方组件:https://openresty.org/cn/components.html

root@localhost 5.1# pwd

/usr/local/luajit/share/lua/5.1

5.2 下载快速JSON编码/解析

root@localhost 5.1# git clone https://github.com/openresty/lua-cjson.git

5.3 下载 lua-resty-redis (单机版redis)客户端

root@localhost 5.1# wget https://codeload.github.com/agentzh/lua-resty-redis/tar.gz/v0.26

tar -zxvf v0.26

cd lua-resty-redis-0.26/lib/resty/

cp redis.lua /usr/local/nginx/conf/lua/

5.4 lua连接单机版本redis

资料地址:https://github.com/openresty/lua-resty-redis

5.4.1编辑nginx.conf脚本

#引入lua-reds 扩展库(此处可以在lua脚本里面引入,公共的也可以在此引入)

#连接单机版本的redis

bash 复制代码
lua_package_path "/usr/local/nginx/conf/lua/redis.lua;;";

location /lua_redis {
             default_type 'application/x-javascript;charset=utf-8';
              content_by_lua_file /usr/local/nginx/conf/lua/lua_redis.lua;
   }

5.4.2 编辑连接redis的lua脚本

root@localhost conf# vim lua/lua_redis.lua

bash 复制代码
local redis = require "resty.redis"
local red = redis:new()

red:set_timeouts(1000, 1000, 1000) -- 1 sec

--lua 连接redis
local ok,err = red:connect("127.0.0.1", 6379)

if not ok then
       ngx.say("failed to connect: ", err)
       return
end


--设置数据
local date=os.date("%Y-%m-%d %H:%M:%S")
ok,err = red:set("dog", date.."-数据")
if not ok then
       ngx.say("failed to set dog: ", err)
       return
end


--获取设置的值
local res,err=red:get("dog")
if not res then
	ngx.say("failed to get dog",err)
	return
end

ngx.say(res)

5.4.3 重启nginx,访问nginx,数据成功写入redis,并读取

root@localhost lua# /usr/local/nginx/sbin/nginx -s reload

#(重启报错,自行查看nginx 的 error.log文件,具体根据自行的错误日志输错文件目录查看)

root@localhost lua# ls /usr/local/nginx/logs/

access.log error.log

准备工作已经完成,现在要实现nginx+Lua+Redis自动封禁并解封IP了,参考前面文章,这里不重复了

Nginx+Lua脚本+Redis 实现自动封禁访问频率过高IP-CSDN博客

知识点:

如果之前是yum安装的NGINX怎么整?

1:nginx -V;查看之前yum安装的自带编译参数和版本

2:下载同版本的源码包,进行编译

3:只需要make,不要make install,然后mv objs/nginx /usr/sbin/nginx,这样yum安装的nginx就编译完成lua的模块

相关推荐
Avan_菜菜10 天前
FRP 内网穿透完整实战:从 HTTP 映射到 HTTPS 自签代理
运维·nginx·https
ping某14 天前
为什么 Nginx 明明监听了 80,转发后端时却用了 4xxxx 端口?
后端·nginx
難釋懷16 天前
Nginx反向代理中的容错机制
运维·nginx
bloglin9999916 天前
Nginx高危漏洞CVE-2021-23017及配置样例
运维·nginx
进阶的小名16 天前
Spring Boot SSE + Nginx 配置:解决 EventSource 不实时返回、连接超时、流式响应被缓冲问题
spring boot·后端·nginx
難釋懷16 天前
Nginx获取客户端真实IP
服务器·前端·nginx
qq_谁赞成_谁反对16 天前
甲方IT的成长之路--nginx实战--2604
服务器·数据库·nginx
图灵追慕者16 天前
Nginx安裝以及配置顯示本地服務器文件夾
运维·nginx
rabbit_pro16 天前
Nginx配置维护模式
运维·nginx
楠目17 天前
Nginx 解析漏洞利用总结
nginx·网络安全