🐳 一、拉取 OpenResty 镜像
x86 架构
bash
docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty:latestARM 架构
bash
docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latest二、准备目录结构与文件
创建如下目录结构:
bash
/data/lua/
├── conf.d/
│ └── script/
│ └── judge.lua
├── logs/
└── html/
bash
⚙️ 三、准备 Lua 脚本
/data/lua/conf.d/script/judge.lua
lua
local redis = require "resty.redis"
local cjson = require "cjson"
local red = redis:new()
red:set_timeout(1000)
local ok, err = red:connect("172.16.11.10", 6379) # 修改为redis相关
if not ok then
ngx.log(ngx.ERR, "Failed to connect to Redis: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
ok, err = red:auth("87vhqEne05u8")
if not ok then
ngx.log(ngx.ERR, "Failed to authenticate with Redis: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
ok, err = red:select(14)
if not ok then
ngx.log(ngx.ERR, "Failed to select Redis database: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
local token = ngx.var.arg_token
if not token or token == "" then
ngx.header.content_type = "application/json"
ngx.say(cjson.encode({status = "error", message = "token is required"}))
ngx.exit(ngx.HTTP_UNAUTHORIZED)
else
local exist, err = red:get("tk:" .. token)
if not exist or exist == ngx.null then
ngx.log(ngx.WARN, "Token is invalid or does not exist: ", token)
ngx.header.content_type = "application/json"
ngx.say(cjson.encode({status = "error", message = "token is invalid or expired"}))
ngx.exit(ngx.HTTP_UNAUTHORIZED)
else
ngx.log(ngx.INFO, "Token is valid: ", token)
end
end
red:close()🔧 四、准备 Nginx 配置文件
bash
/data/lua/conf.d/default.conf
http {
lua_package_path "/usr/local/openresty/lualib/?.lua;;";
server {
listen 1004;
server_name localhost;
root /usr/local/openresty/nginx/html/zszhjg/zsd/;
location /ctis-zszhjg/ {
set $token "";
if ($arg_token) {
set $token "tk:$arg_token";
}
access_by_lua_file /etc/nginx/conf.d/script/judge.lua;
proxy_pass http://172.16.14.11:7000/ctis-zszhjg/;
proxy_set_header Host $host;
proxy_set_header x-Real-IP $remote_addr;
proxy_set_header x-Forwarded-For $proxy_add_x_forwarded_for;
if ($arg_filename ~ "\(.+)" ) {
add_header Content-Disposition "attachment;filename=$arg_filename";
}
}
}
}🐘 五、准备 Redis Lua 库
bash
cd /data/lua
git clone https://github.com/openresty/lua-resty-redis.git
cp lua-resty-redis/lib/resty/redis.lua /data/lua/conf.d/resty/redis.lua
bash
🚀 六、启动 OpenResty 容器
bash
docker run -d \
--name openresty \
--restart=always \
-v /etc/localtime:/etc/localtime:ro \
-v /data/lua/conf.d:/etc/nginx/conf.d \
-v /data/lua/logs:/usr/local/openresty/nginx/logs \
-v /data/lua/html:/usr/local/openresty/nginx/html \
-v /data/lua/conf.d/resty/redis.lua:/usr/local/openresty/lualib/resty/redis.lua \
registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty:latestARM 架构 OpenResty + Lua-Redis 案例
🐳 一、拉取 OpenResty 镜像
ARM 架构
bash
docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latest📁 二、准备目录结构与文件
创建目录结构:
bash
mkdir -p /data/lua/conf.d/script
mkdir -p /data/lua/logs
mkdir -p /data/lua/html
mkdir -p /data/lua/lualib/resty📥 三、下载 Lua-Redis 库
bash
cd /data/lua
git clone https://github.com/openresty/lua-resty-redis.git
cp lua-resty-redis/lib/resty/redis.lua /data1/lua/lualib/resty/redis.lua⚙️ 四、准备 Lua 脚本
/data/lua/conf.d/script/judge.lua
bash
local redis = require "resty.redis"
local cjson = require "cjson"
-- 创建 Redis 连接对象
local red = redis:new()
-- 设置 Redis 连接信息
red:set_timeout(1000) -- 1秒超时
local ok, err = red:connect("172.16.11.10", 6379)
if not ok then
ngx.log(ngx.ERR, "Failed to connect to Redis: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
-- 设置 Redis 密码
ok, err = red:auth("87vhqEne05u8")
if not ok then
ngx.log(ngx.ERR, "Failed to authenticate with Redis: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
-- 选择 Redis 数据库索引
ok, err = red:select(14)
if not ok then
ngx.log(ngx.ERR, "Failed to select Redis database: ", err)
return ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
-- 从 Nginx 变量中获取 token
local token = ngx.var.arg_token
-- 检查 token 是否存在
if not token or token == "" then
-- 如果没有 token 参数,返回 401 unauthorized
ngx.header.content_type = "application/json"
ngx.say(cjson.encode({status = "error", message = "token is required"}))
ngx.exit(ngx.HTTP_UNAUTHORIZED)
else
-- 检查 token 是否有有效且未过期
local exist, err = red:get("tk:" .. token)
if not exist or exist == ngx.null then
ngx.log(ngx.WARN, "Token is invalid or does not exist: ", token)
ngx.header.content_type = "application/json"
ngx.say(cjson.encode({status = "error", message = "token is invalid or expired"}))
ngx.exit(ngx.HTTP_UNAUTHORIZED)
else
-- Token 是有效的,允许请求通过
ngx.log(ngx.INFO, "Token is valid: ", token)
-- 这里不需要返回内容,继续执行后续的 proxy_pass
end
end
-- 关闭 Redis 连接
red:set_keepalive(10000, 100) -- 使用连接池,提高性能🔧 五、准备 Nginx 配置文件
/data1/lua/conf.d/default.conf
bash
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Lua 模块路径配置
lua_package_path "/usr/local/openresty/lualib/?.lua;;";
lua_package_cpath "/usr/local/openresty/lualib/?.so;;";
sendfile on;
keepalive_timeout 65;
server {
listen 1004;
server_name localhost;
# 静态文件根目录
root /usr/local/openresty/nginx/html;
location /ctis-zszhjg/ {
# 设置 token 变量
set $token "";
if ($arg_token) {
set $token "tk:$arg_token";
}
# Lua 鉴权脚本
access_by_lua_file /etc/nginx/conf.d/script/judge.lua;
# 代理到后端服务
proxy_pass http://192.168.14.89:9000/ctis-zszhjg/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 文件下载头处理
if ($arg_filename ~ "\(.+)" ) {
add_header Content-Disposition "attachment;filename=$arg_filename";
}
}
# 健康检查端点
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
}🚀 六、启动 OpenResty 容器(ARM)
bash
docker run -d \
--name openresty-arm \
--restart=always \
-v /etc/localtime:/etc/localtime:ro \
-v /data/lua/conf.d:/etc/nginx/conf.d \
-v /data/lua/logs:/usr/local/openresty/nginx/logs \
-v /data/lua/html:/usr/local/openresty/nginx/html \
-v /data/lua/lualib:/usr/local/openresty/lualib \
registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty:latestOpenResty Manager:可视化+高性能+安全
配置文件可参考
bash
https://github.com/Safe3/openresty-manager/blob/main/docker/docker-compose.yml创建目录
bash
mkdir -p /data/om_acme /data/om_data /data/om_conf /data/om_logs拉取x86镜像
bash
docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty-manager:latest拉取arm64镜像
bash
docker pull registry.cn-hangzhou.aliyuncs.com/qiluo-images/linux_arm64_openresty-manager:latest运行命令:
bash
docker run -d --name openresty-manager --restart always --network host -v /etc/localtime:/etc/localtime:ro -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/run/docker.sock:/var/run/docker.sock -v /data/om_acme:/opt/om/acme -v /data/om_data:/opt/om/data -v /data/om_conf:/opt/om/nginx/conf -v /data/om_logs:/opt/om/nginx/logs registry.cn-hangzhou.aliyuncs.com/qiluo-images/openresty-manager:latest或者
bash
docker run -d --name openresty-manager --restart always -p 80:80 -p 443:443 -p 9080:9080 -v /etc/localtime:/etc/localtime:ro -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/run/docker.sock:/var/run/docker.sock -v /data/om_acme:/opt/om/acme -v /data/om_data:/opt/om/data -v /data/om_conf:/opt/om/nginx/conf -v /data/om_logs:/opt/om/nginx/logs uusec/openresty-manager:latest1.登录管理:访问 https://ip:9080 ,默认用户名为"admin",默认密码为"#Passw0rd"。(登录之后不要忘记第一时间改密)