Nginx来处理访问控制的方法有多种,实现的效果也有多种,访问IP段,访问内容限制,访问频率限制等。 用Nginx+Lua+Redis来做访问限制主要是考虑到高并发环境下快速访问控制的需求。
系统:centos6.x
ip:192.168.1.3
ip:192.168.1.4
一、安装Lua
cd /data/software/ wget http://luajit.org/download/LuaJIT-2.0.4.tar.gz tar -zxvf LuaJIT-2.0.4.tar.gz cd LuaJIT-2.0.4
[root@centos-03 LuaJIT-2.0.4]# make ... ... BUILDVM jit/vmdef.lua DYNLINK libluajit.so LINK luajit OK Successfully built LuaJIT make[1]: Leaving directory `/home/data/software/LuaJIT-2.0.4/src' ==== Successfully built LuaJIT 2.0.4 ==== [root@centos-03 LuaJIT-2.0.4]# make install ..... ==== Successfully installed LuaJIT 2.0.4 to /usr/local ==== [root@centos-03 LuaJIT-2.0.4]# export LUAJIT_LIB=/usr/local/lib [root@centos-03 LuaJIT-2.0.4]# export LUAJIT_INC=/usr/local/include/luajit-2.0
二、安装Nginx
mkdir -p /data/conf/nginx #####nginx安装目录
mkdir /data/software/nginx_module/ #####nginx模块
cd /data/software/nginx_module/ ngx_devel_kit (https://github.com/simpl/ngx_devel_kit/) lua-nginx-module (https://github.com/openresty/lua-nginx-module/) redis2-nginx-module (https://github.com/openresty/redis2-nginx-module/) set-misc-nginx-module (https://github.com/openresty/set-misc-nginx-module/) echo-nginx-module (https://github.com/openresty/echo-nginx-module/) 将一下文件克隆到服务器中 git clone https://github.com/simpl/ngx_devel_kit.git git clone https://github.com/openresty/lua-nginx-module.git git clone https://github.com/openresty/redis2-nginx-module.git git clone https://github.com/openresty/set-misc-nginx-module.git git clone https://github.com/openresty/echo-nginx-module.git # cd /data/software/ # wget http://nginx.org/download/nginx-1.10.3.tar.gz # tar -zxvf nginx-1.10.3.tar.gz # cd nginx-1.10.3 # ./configure --prefix=/data/conf/nginx --with-debug --with-http_addition_module --with-http_perl_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --add-module=/data/software/nginx_module/ngx_devel_kit --add-module=/data/software/nginx_module/echo-nginx-module --add-module=/data/software/nginx_module/lua-nginx-module --add-module=/data/software/nginx_module/redis2-nginx-module --add-module=/data/software/nginx_module/set-misc-nginx-module 报错:configure: error: perl module ExtUtils::Embed is required 解决:yum -y install perl-devel perl-ExtUtils-Embed 报错:checking for PCRE library ... not found yum install pcre-devel #参考:https://www.chenyudong.com/archives/nginx-install.html # make # make install [root@centos-03 conf]# /data/conf/nginx/sbin/nginx -t 报错: /data/conf/nginx/sbin/nginx: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory 解决: ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2 至此nginx安装完成 由于之前用yum安装过nginx,先停掉 /etc/init.d/nginx stop 三、配置nginx /data/conf/nginx/sbin/nginx 浏览器打开 http://192.168.1.3/ vi /etc/rc.d/init.d/nginx_lua.sh 写入nginx_lua.sh文件 chmod 775 /etc/rc.d/init.d/nginx_lua chkconfig --level 012345 nginx_lua on 可以使用: service nginx_lua start service nginx_lua stop /etc/rc.d/init.d/nginx_lua help vi /data/conf/nginx/conf/nginx.conf location ~* ^/funet8 { default_type 'text/plain'; content_by_lua 'ngx.say("hello, world")'; } location /lua_test { add_header Content-Type: 'text/html;'; #会出现下载页面 content_by_lua 'ngx.say("Hello Lua!")'; } 浏览器打开 http://192.168.1.3/funet8 浏览器打开 http://192.168.1.3/lua_test 安装lua-resty-redis组件 lua-resty-redis是一个Lua Redis API,是openresty的一个组件 下载代码,并将其移动到nginx目录,便于管理 git clone https://github.com/openresty/lua-resty-redis.git mv lua-resty-redis /data/conf/nginx/ 打开nginx配置文件,并引用Lua Redis API vi /data/conf/nginx/conf/nginx.conf http { #其他配置 lua_package_path "/data/conf/nginx/lua-resty-redis/lib/resty/redis.lua"; } lua_code_cache off; access_by_lua_file /data/conf/lua/redis/index.lua; 四、连接Redis 安装Redis:http://www.funet8.com/2941.html 新建一个lua文件,编写如下测试代码 mkdir -p /data/conf/lua/redis/ vi /data/conf/lua/redis/index.lua --引用redis模块 redis = require('resty.redis') --连接Redis redis_init = redis.new() redis_init:set_timeout(1000) redis_init:connect(127.0.0.1, 6379) --如果设置了auth redis_init:auth('123456') --增加数据 resp = redis_init:set('name', 'xiaofan') --查找数据 resp = redis_init:get('name') ngx.say(resp) 测试: [root@centos-03]# redis-cli -h 127.0.0.1 -p 6379 -a 123456 127.0.0.1:6379> get name "xiaofan" 127.0.0.1:6379> 至此nginx+lua+redis安装完成。 下一章讲配置自定义防火墙。
